CVE-2010-2056

Description

GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Affected products

• gnu / gv3.6.9
• gnu / gv3.5.8 – 3.5.8
• gnu / gv3.6.0 – 3.6.0
• gnu / gv3.6.1 – 3.6.1
• gnu / gv3.6.2 – 3.6.2
• gnu / gv3.6.3 – 3.6.3
• gnu / gv3.6.4 – 3.6.4
• gnu / gv3.6.5 – 3.6.5
• gnu / gv3.6.6 – 3.6.6
• gnu / gv3.6.7 – 3.6.7
• gnu / gv3.6.8 – 3.6.8

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/40532
• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=599621
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1757
• MISChttp://savannah.gnu.org/forum/forum.php?forum_id=6368
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/40475
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html
• MISChttp://www.osvdb.org/66249