Security
Security
A vulnerability in UUDeview may allow local attackers to conduct symlink attacks.
| Package | app-text/uudeview on all architectures |
|---|---|
| Affected versions | < 0.5.20-r1 |
| Unaffected versions | >= 0.5.20-r1 |
| Package | news-nntp/nzbget on all architectures |
|---|---|
| Affected versions | < 0.4.0 |
| Unaffected versions | >= 0.4.0 |
UUdeview is encoder and decoder supporting various binary formats. NZBGet is a command-line based binary newsgrabber supporting .nzb files.
UUdeview makes insecure usage of the tempnam() function when creating temporary files. NZBGet includes a copy of the vulnerable code.
A local attacker could exploit this vulnerability to overwrite arbitrary files on the system.
There is no known workaround at this time.
All UUDview users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/uudeview-0.5.20-r1"
All NZBget users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=news-nntp/nzbget-0.4.0"