Bug#708293: libhawtjni-runtime-java: /tmp race condition with arbitrary code execution (CVE-2013-2035)
Florian Weimer
fw at deneb.enyo.de
Tue May 14 20:14:21 UTC 2013
Package: libhawtjni-runtime-java
Version: 1.0~+git0c502e20c4-3
Tags: security
Severity: important
A /tmp race condition which can be abused by local users to execute
arbitrary code with the privileges of a process using hawtjni has been
fixed:
<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035>
<https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5>
I'm not sure how widely hawtjni is used. This might be a candidate
for a DSA. Please prepare an update for stable/wheezy, and we can
then decide whether to fix this through stable-proposed-updates or the
security archive.
More information about the pkg-java-maintainers
mailing list