USN-243-1: tuxpaint vulnerability
16 January 2006
tuxpaint vulnerability
Releases
Details
Javier Fernández-Sanguino Peña discovered that the tuxpaint-import.sh
script created a temporary file in an insecure way. This could allow a
symlink attack to create or overwrite arbitrary files with the
privileges of the user running tuxpaint.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.10
-
tuxpaint
-
In general, a standard system update will make all the necessary changes.