About Ubuntu

=========================================================== Ubuntu Security Notice USN-254-1 February 21, 2006 noweb vulnerability CVE-2005-3342 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: nowebm The problem can be corrected by upgrading the affected package to version 2.10c-3ubuntu1.1 (for Ubuntu 4.10), 2.10c-3.1ubuntu5.04.1 (for Ubuntu 5.04), or 2.10c-3.1ubuntu5.10.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Javier Fernández-Sanguino Peña discovered that noweb scripts created temporary files in an insecure way. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running noweb.