lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040928064140.20684.qmail@updates.mandrakesoft.com>
Date: 28 Sep 2004 06:41:40 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:011-1 - Updated NetPBM packages fix a number of temporary file bugs.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           netpbm
 Advisory ID:            MDKSA-2004:011-1
 Date:                   September 27th, 2004
 Original Advisory Date: February 11th, 2004
 Affected versions:	 10.0, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A number of temporary file bugs have been found in versions of NetPBM.
 These could allow a local user the ability to overwrite or create 
 files as a different user who happens to run one of the the vulnerable 
 utilities.
  
Update:

 The patch applied made some calls to the mktemp utility with an
 incorrect parameter which prevented mktemp from creating temporary
 files in some scripts.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 937ca333666cb5758fa86990fb4145d5  10.0/RPMS/libnetpbm9-9.24-8.1.100mdk.i586.rpm
 c48c94c4b6006788c8e97d03f0a2c315  10.0/RPMS/libnetpbm9-devel-9.24-8.1.100mdk.i586.rpm
 01f917f9b4fd32f252641b87d25f455f  10.0/RPMS/libnetpbm9-static-devel-9.24-8.1.100mdk.i586.rpm
 7d59875f1017a7cdc8f67be4c91a5c9b  10.0/RPMS/netpbm-9.24-8.1.100mdk.i586.rpm
 2448d2f88564908846d222cee8613901  10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 3f52a5ec20f70d2d3707dca32a0367af  amd64/10.0/RPMS/lib64netpbm9-9.24-8.1.100mdk.amd64.rpm
 cac2d45fc30a3c6b0198ee0e39814602  amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.1.100mdk.amd64.rpm
 f467ef407bfe3aac0c7da250b1c7b44f  amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.1.100mdk.amd64.rpm
 429293f713cf017a4307f0fbbd6f55e7  amd64/10.0/RPMS/netpbm-9.24-8.1.100mdk.amd64.rpm
 2448d2f88564908846d222cee8613901  amd64/10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm

 Corporate Server 2.1:
 88e8553960764a60c060673a8d61753d  corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.i586.rpm
 edf38be60b8aeb5d354b8a046c85026d  corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.i586.rpm
 9409a93ec5e8f87de5220304e3b0cc5d  corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.i586.rpm
 cd00f1dfc00f9c5dbf504d4170398cd6  corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.i586.rpm
 20ec2e6d37a313d2fc7ecb8a572984de  corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 79e0e7aa77fd1badffef87c7302c9603  x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.x86_64.rpm
 25f00ef0a339d778fca62d94a9e01912  x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.x86_64.rpm
 2f9d8c68325d46eb0bca42793b22764f  x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.x86_64.rpm
 5fe14cbf7c5de9324f62731e52da11fa  x86_64/corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.x86_64.rpm
 20ec2e6d37a313d2fc7ecb8a572984de  x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm

 Mandrakelinux 9.2:
 d0f1cce584ebd07a271a5d0293b89c39  9.2/RPMS/libnetpbm9-9.24-7.2.92mdk.i586.rpm
 14896f0ced9d2fc43fb28861ca90c3a8  9.2/RPMS/libnetpbm9-devel-9.24-7.2.92mdk.i586.rpm
 9cdec874ed8d385e71fcee4d34fac4e3  9.2/RPMS/libnetpbm9-static-devel-9.24-7.2.92mdk.i586.rpm
 5e4cdad5770f15c402d78d98cd7da4c7  9.2/RPMS/netpbm-9.24-7.2.92mdk.i586.rpm
 65bba0bffa3946b1979eb768fbd00da5  9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 4e2fd5df02fbfef8e5ec484be5d22622  amd64/9.2/RPMS/lib64netpbm9-9.24-7.2.92mdk.amd64.rpm
 7d4123a267de978bf4322a8f6f2ecef9  amd64/9.2/RPMS/lib64netpbm9-devel-9.24-7.2.92mdk.amd64.rpm
 af40bee2668388feb78ae030ad37d4a1  amd64/9.2/RPMS/lib64netpbm9-static-devel-9.24-7.2.92mdk.amd64.rpm
 fb0a1ecc6d9794c07189e4eda5e75e03  amd64/9.2/RPMS/netpbm-9.24-7.2.92mdk.amd64.rpm
 65bba0bffa3946b1979eb768fbd00da5  amd64/9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm

 Multi Network Firewall 8.2:
 40d8884fc4d63ba064e5325d6e01352e  mnf8.2/RPMS/libnetpbm9-9.20-2.3.M82mdk.i586.rpm
 2006197d0c75b9a9e371a4068396043d  mnf8.2/RPMS/netpbm-9.20-2.3.M82mdk.i586.rpm
 0ea855945e99fd3f625b32a1393d8712  mnf8.2/SRPMS/netpbm-9.20-2.3.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBWQekmqjQ0CJFipgRAgqFAJ9M7fvAIcSch5wUoIobxEBWGS+QwQCfcSRX
T4CjCEeueloLNIP6kj3Tzks=
=yJz/
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ