CVE-2012-2120 in Ubuntu

CVE-2012-2120

Priority

Negligible

Description

latex2man in texlive-extra-utils 2011.20120322, and possibly other versions
or packages, when used with the H or T option, allows local users to
overwrite arbitrary files via a symlink attack on a temporary file.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2120
http://www.openwall.com/lists/oss-security/2012/04/19

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668779

Notes

jdstrand> Ubuntu 10.10 have symlink protections in place

Package

Source: texlive-bin (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):	ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):	needed
Ubuntu 12.10 (Quantal Quetzal):	needed
Ubuntu 13.04 (Raring Ringtail):	needed
Ubuntu 13.10 (Saucy Salamander):	needed

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2013-05-22 14:14:51 UTC (commit 6866)