2.1 - RHSA-2005:598

Problem Description:

An updated sysreport package that fixes an insecure temporary file flaw is now available.

This update has been rated as having low security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - noarch Red Hat Linux Advanced Workstation 2.1 - noarch Red Hat Enterprise Linux ES version 2.1 - noarch Red Hat Enterprise Linux WS version 2.1 - noarch Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 4 - noarch

3. Problem description:

Sysreport is a utility that gathers information about a system's hardware and configuration. The information can then be used for diagnostic purposes and debugging.

Bill Stearns discovered a bug in the way sysreport creates temporary files. It is possible that a local attacker could obtain sensitive information about the system when sysreport is run. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2104 to this issue.

Users of sysreport should update to this erratum package, which contains a patch that resolves this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

162978 - CAN-2005-2104 sysreport insecure temporary directory usage