aaa_base: SuSE Linux base package
----------------------------------------------------------------------
File: aaa_base-2004.10.12-2.i586.rpm
Patchrpm: aaa_base-2004.10.12-2.i586.patch.rpm
Version: 2004.10.12-2
Size: 285 kB
Patchsize: 181 kB
Date: Thu 21 Oct 2004 0:54:44 CEST
Source: aaa_base-2004.10.12-2.src.rpm
Security: Yes
----------------------------------------------------------------------
Description: This updates fixes several /tmp file removal race problems in aaa_base:

- The suse.de-clean-vi was not race free and could be used by a local
  attacker to remove any file on the system.

- The safe-rm script used for safe /tmp file removal could be tricked
  by a local attacker with a symlink attack to remove any file in the
  filesystem due to a very narrow race in bash directory handling.

- The initial tmp file cleaning script could be tricked by a local attacker
  to delete any file on the system with the agent substring "agent" in its
  name.

Thanks to Stefan Nordhausen for reporting this problems to us!