lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NPQ1F-0000nS-Gj@titan.mandriva.com>
Date: Tue, 29 Dec 2009 01:33:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:345 ] acl


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:345
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : acl
 Date    : December 28, 2009
 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in acl:
 
 The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when
 running in recursive (-R) mode, follow symbolic links even when the
 --physical (aka -P) or -L option is specified, which might allow
 local users to modify the ACL for arbitrary files or directories via
 a symlink attack (CVE-2009-4411).
 
 This update provides a fix for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 85085eb1f2e217ac6db6819f36e590db  2009.0/i586/acl-2.2.47-4.2mdv2009.0.i586.rpm
 d6850e7ee04d6e5d6c1e006148807f9a  2009.0/i586/libacl1-2.2.47-4.2mdv2009.0.i586.rpm
 35ecb78e1345620c6640cbac8aca7cd0  2009.0/i586/libacl-devel-2.2.47-4.2mdv2009.0.i586.rpm 
 2f3de3fef6add27f07d7536603daf96f  2009.0/SRPMS/acl-2.2.47-4.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 44d4d3cffbdf3088681ba8eac294f405  2009.0/x86_64/acl-2.2.47-4.2mdv2009.0.x86_64.rpm
 8b0918e159b2da664a762dab891bd322  2009.0/x86_64/lib64acl1-2.2.47-4.2mdv2009.0.x86_64.rpm
 b984bbb26adc1f73d7ee010e351a5f6d  2009.0/x86_64/lib64acl-devel-2.2.47-4.2mdv2009.0.x86_64.rpm 
 2f3de3fef6add27f07d7536603daf96f  2009.0/SRPMS/acl-2.2.47-4.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 c3a02ac328bc96547b9157f68977c173  2009.1/i586/acl-2.2.47-5.1mdv2009.1.i586.rpm
 674911bdf647ee4d30149bd32e417bb7  2009.1/i586/libacl1-2.2.47-5.1mdv2009.1.i586.rpm
 62a1f6e00abd0da7174771b8d012a85b  2009.1/i586/libacl-devel-2.2.47-5.1mdv2009.1.i586.rpm 
 f05c4e59f1772c729fafaac0294d57bc  2009.1/SRPMS/acl-2.2.47-5.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 d7c7d4ad8c86b129097ab77d47b02d9e  2009.1/x86_64/acl-2.2.47-5.1mdv2009.1.x86_64.rpm
 849241d3c01fe1854e5553af5bb22b4c  2009.1/x86_64/lib64acl1-2.2.47-5.1mdv2009.1.x86_64.rpm
 0ca12919b3f2110c4be3c260fcfa8321  2009.1/x86_64/lib64acl-devel-2.2.47-5.1mdv2009.1.x86_64.rpm 
 f05c4e59f1772c729fafaac0294d57bc  2009.1/SRPMS/acl-2.2.47-5.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 c47933ef2dc3d89ebe614471b8ecb861  2010.0/i586/acl-2.2.48-1.1mdv2010.0.i586.rpm
 45f7cc7ce0afcce08a0b0e02c2d76973  2010.0/i586/libacl1-2.2.48-1.1mdv2010.0.i586.rpm
 d533e59fb185f5674944387aede52d4b  2010.0/i586/libacl-devel-2.2.48-1.1mdv2010.0.i586.rpm 
 f17057a31d8f7f6f441dbc7ead634776  2010.0/SRPMS/acl-2.2.48-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 71744500b8e325e09062acd221cad582  2010.0/x86_64/acl-2.2.48-1.1mdv2010.0.x86_64.rpm
 bf7c769383b9cc736aa565261be57a33  2010.0/x86_64/lib64acl1-2.2.48-1.1mdv2010.0.x86_64.rpm
 7f8a8db6720f0c8f18b0e5b22269929a  2010.0/x86_64/lib64acl-devel-2.2.48-1.1mdv2010.0.x86_64.rpm 
 f17057a31d8f7f6f441dbc7ead634776  2010.0/SRPMS/acl-2.2.48-1.1mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 78ed39a64acd0186365f86d484c01edd  mes5/i586/acl-2.2.47-4.2mdvmes5.i586.rpm
 5c6079223bbd9797175934347c3fc3bb  mes5/i586/libacl1-2.2.47-4.2mdvmes5.i586.rpm
 a67beea2c129051e33bfa2ef2342c9ac  mes5/i586/libacl-devel-2.2.47-4.2mdvmes5.i586.rpm 
 bbda0bedef0d52edb98a93ad62f256c2  mes5/SRPMS/acl-2.2.47-4.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 802538312a3c3ef0cf70411feaaf9f38  mes5/x86_64/acl-2.2.47-4.2mdvmes5.x86_64.rpm
 5f48b77cb6c0fd2e4ae442b6e10f923e  mes5/x86_64/lib64acl1-2.2.47-4.2mdvmes5.x86_64.rpm
 5042eb91ee69f76c34e4c340890e2e32  mes5/x86_64/lib64acl-devel-2.2.47-4.2mdvmes5.x86_64.rpm 
 bbda0bedef0d52edb98a93ad62f256c2  mes5/SRPMS/acl-2.2.47-4.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLOSDdmqjQ0CJFipgRAvXNAKDip6+gvkNWkz6Fj1ed6cvEBGZRdgCfROOL
a3Es+T2rqHu6X3xp7bcEIig=
=SaC5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ