Mandrake Linux Security Advisory : sgml-tools (MDKSA-2001:030-1)
Low Nessus Plugin ID 61904
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionInsecure handling of temporary file permissions can lead to other users on a multi-user system being able to read the documents being converted. This is due to sgml-tools creating temporary files without any special permissions. The updated packages create a secure temporary directory first, which is readable only by the owner, and then create the temporary files in that secure directory.
The packages for Linux-Mandrake 7.1 and Corporate Server 1.0.1 had a dependency on the wrong version of sgml-common which made it impossible to upgrade the software. New packages have been released that fix this problem.
SolutionUpdate the affected sgml-tools package.