About Ubuntu

=========================================================== Ubuntu Security Notice USN-194-1 October 06, 2005 texinfo vulnerability CAN-2005-3011 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: texinfo The problem can be corrected by upgrading the affected package to version 4.6-1ubuntu1.1 (for Ubuntu 4.10), or 4.7-2.2ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Frank Lichtenheld discovered that the "texindex" program created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running texindex.