USN-104-1: unshar vulnerability
4 April 2005
unshar vulnerability
Releases
Details
Joey Hess discovered that "unshar" created temporary files in an
insecure manner. This could allow a symbolic link attack to create or
overwrite arbitrary files with the privileges of the user invoking the
program.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
sharutils
-
In general, a standard system update will make all the necessary changes.