Synopsis: Low: ccs security update
Issue date: 2011-02-16
CVE Names: CVE-2008-6552
An insecure temporary file use flaw was found in ccs_tool. A local
attacker could use this flaw to conduct a symbolic link attack, allowing
them to overwrite (with the output of ccs_tool) an arbitrary file
writable by the victim running ccs_tool. (CVE-2008-6552)
SL 4.x
SRPMS:
ccs-1.0.13-2.src.rpm
i386:
ccs-1.0.13-2.i686.rpm
ccs-devel-1.0.13-2.i686.rpm
x86_64:
ccs-1.0.13-2.x86_64.rpm
ccs-devel-1.0.13-2.x86_64.rpm
-Connie Sieh
-Troy Dawson