CVE-2014-1638
Publication date 28 January 2014
Last updated 24 July 2024
Ubuntu priority
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
Status
Package | Ubuntu Release | Status |
---|---|---|
localepurge | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |