CVE-2024-55566

NameCVE-2024-55566
DescriptionColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailable to other users.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
colpack (PTS)jessie1.0.9-3vulnerable
stretch1.0.10-1vulnerable
buster1.0.10-4vulnerable
bullseye1.0.10-5vulnerable
bookworm1.0.10-7vulnerable
sid, trixie1.0.10-8vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
colpacksource(unstable)(unfixed)unimportant

Notes

https://bugzilla.suse.com/show_bug.cgi?id=1225617
Negligible security impact with fs.protected_symlinks=1 being the standard in Debian

Search for package or bug name: Reporting problems