RHSA-2003:241: Updated ddskk packages fix temporary file vulnerability
Description
Updated ddskk packages which fix a temporary file security issue are now available.
Daredevil SKK is a simple Kana to Kanji conversion program, an input method of Japanese for Emacs and XEmacs. ddskk does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and skk. The Common Vulnerabilities and Exposures project (cve.mitre.org) has allocated the name CAN-2003-0539 to this issue. All users of ddskk should upgrade to these erratum packages containing a backported security patch that corrects this issue.
Solution(s)
- redhat-upgrade-ddskk
- redhat-upgrade-ddskk-xemacs
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center