Bugtraq mailing list archives
[ GLSA 200611-21 ] Kile: Incorrect backup file permission
From: Sune Kloppenborg Jeppesen <jaervosz () gentoo org>
Date: Mon, 27 Nov 2006 08:51:17 +0100
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Kile: Incorrect backup file permission Date: November 27, 2006 Bugs: #155613 ID: 200611-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Kile uses default permissions for backup files, potentially leading to information disclosure. Background ========== Kile is a TeX/LaTeX editor for KDE. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/kile < 1.9.2-r1 >= 1.9.2-r1 Description =========== Kile fails to set the same permissions on backup files as on the original file. This is similar to CVE-2005-1920. Impact ====== A kile user may inadvertently grant access to sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Kile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/kile-1.9.2-r1" References ========== [ 1 ] CVE-2005-1920 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200611-21.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
_bin
Description:
Current thread:
- [ GLSA 200611-21 ] Kile: Incorrect backup file permission Sune Kloppenborg Jeppesen (Nov 27)