[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DflF3-0008T3-D2@mercury.mandriva.com>
Date: Tue Jun 7 22:04:15 2005
From: security at mandriva.com (Mandriva Security Team)
Subject: MDKSA-2005:097 - Updated a2ps packages fix
temporary file vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: a2ps
Advisory ID: MDKSA-2005:097
Date: June 7th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
The fixps and psmandup scripts, part of the a2ps package, are
vulnerable to symlink attacks which could allow a local attacker to
overwrite arbitrary files. The updated packages have been patched to
correct the problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1377
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
938d5b703cbeb762efd5619880208497 10.1/RPMS/a2ps-4.13b-5.2.101mdk.i586.rpm
e0e7a61ec86b0af969cbe60008e6830f 10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.i586.rpm
fce5b28393e1c8da6e0ea1ebdb1a2de6 10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.i586.rpm
05f8fdc46bded4e920c709a781c98550 10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
fc1fd3817e4f41ea41758a3ac53e86cd x86_64/10.1/RPMS/a2ps-4.13b-5.2.101mdk.x86_64.rpm
84541cd7d841c64ceccb89f2a413d450 x86_64/10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.x86_64.rpm
acf595ef3b6f3d2a79204feec3e34208 x86_64/10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.x86_64.rpm
05f8fdc46bded4e920c709a781c98550 x86_64/10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm
Mandrakelinux 10.2:
47722386507aa7fb8c4ddbbbbcc4a20c 10.2/RPMS/a2ps-4.13b-6.1.102mdk.i586.rpm
190e48d0b4143ac0ad911482e0b0151f 10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.i586.rpm
4d3d6cbd4ad35999c9bff1f61f890778 10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.i586.rpm
52a665ac72fec5e99b3e1412e6470063 10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
37135cc64ba189c769851ba678532576 x86_64/10.2/RPMS/a2ps-4.13b-6.1.102mdk.x86_64.rpm
6f4cbd5624aac20e99703072131538c7 x86_64/10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.x86_64.rpm
4314538dcbb211c28f32abc64d9e3de8 x86_64/10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.x86_64.rpm
52a665ac72fec5e99b3e1412e6470063 x86_64/10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm
Corporate Server 2.1:
65a7ea65f589533d0aca00a6a37760ff corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.i586.rpm
45c465fc3e2165e6681cccda909fb91f corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.i586.rpm
273f20da1e895043ee719b964b7d2b55 corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.i586.rpm
58e6bdd04f757728aa63089f8b4249ac corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d5cc8c0304f537acd89c575c7124a6c0 x86_64/corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.x86_64.rpm
ee85486832fbdf9873c3acfa8b73bafe x86_64/corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.x86_64.rpm
84c3ca054e874346bc55daeb5fea0f9f x86_64/corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.x86_64.rpm
58e6bdd04f757728aa63089f8b4249ac x86_64/corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm
Corporate 3.0:
859d494306ae1dca81186e2fe99b9a96 corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.i586.rpm
9bd2c39d7495f18412fcd0a1412f1169 corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.i586.rpm
68be9c1420f80da9047bf2c7f41e861c corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.i586.rpm
daba71e7aa523a71040a54e841bf9300 corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
3d2e4b184d3ff5f19d5ce48762b25c41 x86_64/corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.x86_64.rpm
7edb5fa8542f0a8216e2670a668aaf04 x86_64/corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.x86_64.rpm
aebaa6e7473f6fa84bd973df34ef3b96 x86_64/corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.x86_64.rpm
daba71e7aa523a71040a54e841bf9300 x86_64/corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCpgvJmqjQ0CJFipgRAheSAJ9orZvyngdNmOlbIwh4uRPqQi8tMACgmJxw
EiHp0Bt4ppEs0n/AGblpMuc=
=t8PQ
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists