[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JZtDl-0003Lj-IB@artemis.annvix.ca>
Date: Thu, 13 Mar 2008 13:36:09 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:066 ] - Updated gcc packages fix
directory traversal vulnerability in fastjar
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:066
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gcc
Date : March 13, 2008
Affected: 2007.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Jurgen Weigert found a directory traversal vulnerability in fastjar
versions prior to 0.93. This vulnerability allows user-assisted
attackers to overwrite arbitrary files via a .jar file containing
filename with ../ sequences.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
58c6cf8d35ddfc777fbd48d2417d3bf6 2007.0/i586/gcc-4.1.1-3.1mdv2007.0.i586.rpm
6d9975dc6f9fc193ee36cfe175646522 2007.0/i586/gcc-c++-4.1.1-3.1mdv2007.0.i586.rpm
92e7130f0779f2b5d242599c72e21a93 2007.0/i586/gcc-colorgcc-4.1.1-3.1mdv2007.0.i586.rpm
bc1f9e4d70a6eca97195e7e426d94eb7 2007.0/i586/gcc-cpp-4.1.1-3.1mdv2007.0.i586.rpm
6a5d27006f95561eca088efa3ac8a43c 2007.0/i586/gcc-doc-4.1.1-3.1mdv2007.0.i586.rpm
a6c61ac7709a9fd1dd1e4a871ea99043 2007.0/i586/gcc-doc-pdf-4.1.1-3.1mdv2007.0.i586.rpm
69312eed7668db205af979c3df66a318 2007.0/i586/gcc-gfortran-4.1.1-3.1mdv2007.0.i586.rpm
240b78599ebd782ada402dd8ac07cb4e 2007.0/i586/gcc-gnat-4.1.1-3.1mdv2007.0.i586.rpm
8c08be739f5bc62d48f6888adfce5371 2007.0/i586/gcc-java-4.1.1-3.1mdv2007.0.i586.rpm
0dcfb85325bcf952ce33677b75270da2 2007.0/i586/gcc-objc++-4.1.1-3.1mdv2007.0.i586.rpm
dbedcd1fd07ab61450e68b0eda6be51a 2007.0/i586/gcc-objc-4.1.1-3.1mdv2007.0.i586.rpm
324c0689a68357d62c234cc5dadd38fb 2007.0/i586/gcj-tools-4.1.1-3.1mdv2007.0.i586.rpm
48ba63b8112c0959d9084efa472afa93 2007.0/i586/libffi4-devel-4.1.1-3.1mdv2007.0.i586.rpm
73889bab4e0d796bdc071d626967d418 2007.0/i586/libgcc1-4.1.1-3.1mdv2007.0.i586.rpm
dd051e85774c000f0df1bed25acadd8d 2007.0/i586/libgcj7-4.1.1-3.1mdv2007.0.i586.rpm
2b64429673e3d7885c543869eed39405 2007.0/i586/libgcj7-base-4.1.1-3.1mdv2007.0.i586.rpm
6dafdb898c7062c867957f1ef88cca09 2007.0/i586/libgcj7-devel-4.1.1-3.1mdv2007.0.i586.rpm
405a024b5f35c6d5c4e5287e3d26b5e8 2007.0/i586/libgcj7-src-4.1.1-3.1mdv2007.0.i586.rpm
7cdf5c5b02558d05b905111013f93034 2007.0/i586/libgcj7-static-devel-4.1.1-3.1mdv2007.0.i586.rpm
782c84424be93b36c234726794115cb1 2007.0/i586/libgfortran1-4.1.1-3.1mdv2007.0.i586.rpm
ebc2f4a242f6acdc0e31ff9c21c1aa49 2007.0/i586/libgnat1-4.1.1-3.1mdv2007.0.i586.rpm
f3c06182f6d16414c0fa5df6ccde3a82 2007.0/i586/libmudflap0-4.1.1-3.1mdv2007.0.i586.rpm
8ece89f2404ebf1fe97b634400892184 2007.0/i586/libmudflap0-devel-4.1.1-3.1mdv2007.0.i586.rpm
5f960e7ff38589a750b5cbc5a5c6faee 2007.0/i586/libobjc1-4.1.1-3.1mdv2007.0.i586.rpm
5474e6e7cc1c4be77ac5b5727e33f201 2007.0/i586/libstdc++6-4.1.1-3.1mdv2007.0.i586.rpm
95abfd3cf0626c9f577c692d657fbe0c 2007.0/i586/libstdc++6-devel-4.1.1-3.1mdv2007.0.i586.rpm
5b3cf2d98f4fa41287ea01b2d2322049 2007.0/i586/libstdc++6-static-devel-4.1.1-3.1mdv2007.0.i586.rpm
1967b73c1d60f91830d851b9fecb3d64 2007.0/SRPMS/gcc-4.1.1-3.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
b33ecc48e1cf4d309c7b0f876cb37885 2007.0/x86_64/gcc-4.1.1-3.1mdv2007.0.x86_64.rpm
d1ea79d8d432bf5b35c9fa9dbf417d0d 2007.0/x86_64/gcc-c++-4.1.1-3.1mdv2007.0.x86_64.rpm
6a398f2eef7cdaf45f9ac3aaeb95c4a9 2007.0/x86_64/gcc-colorgcc-4.1.1-3.1mdv2007.0.x86_64.rpm
84431e6af6d9da3d507b02560aea568e 2007.0/x86_64/gcc-cpp-4.1.1-3.1mdv2007.0.x86_64.rpm
6bf42856478b49d87ed3e6752934b27c 2007.0/x86_64/gcc-doc-4.1.1-3.1mdv2007.0.x86_64.rpm
de12ae62fcd46bf0df204c3422081efd 2007.0/x86_64/gcc-doc-pdf-4.1.1-3.1mdv2007.0.x86_64.rpm
fd633b5c4abb1e754228b2bc5fbf8d75 2007.0/x86_64/gcc-gfortran-4.1.1-3.1mdv2007.0.x86_64.rpm
1b4464e3ba008428d4cc5ce41ae368e6 2007.0/x86_64/gcc-gnat-4.1.1-3.1mdv2007.0.x86_64.rpm
d4ac67158a0885fcf731d974450d4b21 2007.0/x86_64/gcc-java-4.1.1-3.1mdv2007.0.x86_64.rpm
fc9ae07d8c9ef022dc06f1431b1cadc7 2007.0/x86_64/gcc-objc++-4.1.1-3.1mdv2007.0.x86_64.rpm
af539cfedcf8223ddf4e98e86b492eb5 2007.0/x86_64/gcc-objc-4.1.1-3.1mdv2007.0.x86_64.rpm
78d4d268e34a928466087f8a8906d2e1 2007.0/x86_64/gcj-tools-4.1.1-3.1mdv2007.0.x86_64.rpm
13c4aafdea212b2a9071d2cb1648cf8a 2007.0/x86_64/lib64gcj7-4.1.1-3.1mdv2007.0.x86_64.rpm
18ea5d2ac44c333d985492a4b934fd73 2007.0/x86_64/lib64gcj7-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
d3f803e71c7bfc82e17336017d76097b 2007.0/x86_64/lib64gcj7-static-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
14d84d366443c1e8353b254b835c57c1 2007.0/x86_64/libffi4-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
4a4d4796287df8ffc0700ff25a3bb72c 2007.0/x86_64/libgcc1-4.1.1-3.1mdv2007.0.x86_64.rpm
16a22a4759afe854c1bb70c02ab640a0 2007.0/x86_64/libgcj7-base-4.1.1-3.1mdv2007.0.x86_64.rpm
4673d109b440a106a4c28e4f7c14c38c 2007.0/x86_64/libgcj7-src-4.1.1-3.1mdv2007.0.x86_64.rpm
931acf8beefcfc94fa74bdb9a2fb6741 2007.0/x86_64/libgfortran1-4.1.1-3.1mdv2007.0.x86_64.rpm
cd831140795f935e7aeb836a01b1d9d4 2007.0/x86_64/libgnat1-4.1.1-3.1mdv2007.0.x86_64.rpm
aa0461fcd5a1ca7d9b35388625c1d2df 2007.0/x86_64/libmudflap0-4.1.1-3.1mdv2007.0.x86_64.rpm
eaaa60ca6d94ccbaa2605e81f33fb8d0 2007.0/x86_64/libmudflap0-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
1f45d52012522d91b36897dd8a081220 2007.0/x86_64/libobjc1-4.1.1-3.1mdv2007.0.x86_64.rpm
a96b744f79ae638f855af803a27ddc9b 2007.0/x86_64/libstdc++6-4.1.1-3.1mdv2007.0.x86_64.rpm
31c25bb155dc6e0e3da4ff34778fcd4b 2007.0/x86_64/libstdc++6-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
70d8b145f369afee787299716a787bc1 2007.0/x86_64/libstdc++6-static-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
1967b73c1d60f91830d851b9fecb3d64 2007.0/SRPMS/gcc-4.1.1-3.1mdv2007.0.src.rpm
Corporate 4.0:
71fe14c83875a4dc47c0cff7b724903c corporate/4.0/i586/gcc-4.0.1-5.2.20060mlcs4.i586.rpm
0e9519ed056b8090ed351f2688a4bfed corporate/4.0/i586/gcc-c++-4.0.1-5.2.20060mlcs4.i586.rpm
d7cc7289325e764602a51543e5338583 corporate/4.0/i586/gcc-colorgcc-4.0.1-5.2.20060mlcs4.i586.rpm
7fca44d524aa4e550dd98d82c65b114a corporate/4.0/i586/gcc-cpp-4.0.1-5.2.20060mlcs4.i586.rpm
7b6e17bd92c14863028590ffabb716c1 corporate/4.0/i586/gcc-doc-4.0.1-5.2.20060mlcs4.i586.rpm
ef55be272ef64be54aec809f1ae6b7f2 corporate/4.0/i586/gcc-doc-pdf-4.0.1-5.2.20060mlcs4.i586.rpm
46c5b85a7959b05f9f1d159d1da58528 corporate/4.0/i586/gcc-gfortran-4.0.1-5.2.20060mlcs4.i586.rpm
c14ed855a8b67af9ef68c365f44d806f corporate/4.0/i586/gcc-gnat-4.0.1-5.2.20060mlcs4.i586.rpm
9be3558e816bf24bc549d637e94003bc corporate/4.0/i586/gcc-java-4.0.1-5.2.20060mlcs4.i586.rpm
e3a707eb235ff691308c3d88f8ebdc95 corporate/4.0/i586/gcc-objc-4.0.1-5.2.20060mlcs4.i586.rpm
bd925c67c82169d4d14e933d9bb51074 corporate/4.0/i586/gcj-tools-4.0.1-5.2.20060mlcs4.i586.rpm
6c42630dac5c406a2b02e5188f051ab9 corporate/4.0/i586/libffi4-devel-4.0.1-5.2.20060mlcs4.i586.rpm
388fd47f55f55b6e642aa2ad996626a9 corporate/4.0/i586/libgcc1-4.0.1-5.2.20060mlcs4.i586.rpm
23b7b3a094d84ae0ded9803acedb7a59 corporate/4.0/i586/libgcj6-4.0.1-5.2.20060mlcs4.i586.rpm
281d10f22b04117eb983a1bd54881128 corporate/4.0/i586/libgcj6-base-4.0.1-5.2.20060mlcs4.i586.rpm
f1663ffc44ed998f8a7e9a6d648795a0 corporate/4.0/i586/libgcj6-devel-4.0.1-5.2.20060mlcs4.i586.rpm
07ff0be2e7d88897fb0cf6b97d0dbe1c corporate/4.0/i586/libgcj6-src-4.0.1-5.2.20060mlcs4.i586.rpm
0ca126ed9d1e2ef3f199c9ab2e8cb66a corporate/4.0/i586/libgcj6-static-devel-4.0.1-5.2.20060mlcs4.i586.rpm
82c771e1d525f0bf8a3c4e5f226f456b corporate/4.0/i586/libgfortran0-4.0.1-5.2.20060mlcs4.i586.rpm
c66178d1f72f5993f69eb50567ce34f5 corporate/4.0/i586/libgnat1-4.0.1-5.2.20060mlcs4.i586.rpm
7701b482660d7ee13ae0879068207b9e corporate/4.0/i586/libmudflap0-4.0.1-5.2.20060mlcs4.i586.rpm
943442893496b16560ac38c004ff1a51 corporate/4.0/i586/libmudflap0-devel-4.0.1-5.2.20060mlcs4.i586.rpm
d0b8edd9a7688171f0d3584b3afd5ecf corporate/4.0/i586/libobjc1-4.0.1-5.2.20060mlcs4.i586.rpm
bc513aa9905ff0f78c7a94454ee492df corporate/4.0/i586/libstdc++6-4.0.1-5.2.20060mlcs4.i586.rpm
ff3e445982935432521fe42e9f4c88dd corporate/4.0/i586/libstdc++6-devel-4.0.1-5.2.20060mlcs4.i586.rpm
09fb1cf89b0ae935b7494c60e0914137 corporate/4.0/i586/libstdc++6-static-devel-4.0.1-5.2.20060mlcs4.i586.rpm
1b33e2b8e2852d026776b276172e6bfa corporate/4.0/SRPMS/gcc-4.0.1-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
4db08f55d3d963addd483c6a34c40182 corporate/4.0/x86_64/gcc-4.0.1-5.2.20060mlcs4.x86_64.rpm
efd4934552b3539c06582a15c06b139c corporate/4.0/x86_64/gcc-c++-4.0.1-5.2.20060mlcs4.x86_64.rpm
c5eb41439de7b70e78a15629e165867f corporate/4.0/x86_64/gcc-colorgcc-4.0.1-5.2.20060mlcs4.x86_64.rpm
d1f3493e4f09ba9cac7fd125d073ab48 corporate/4.0/x86_64/gcc-cpp-4.0.1-5.2.20060mlcs4.x86_64.rpm
ece4a75e9a6f642afff1fb4ff7061247 corporate/4.0/x86_64/gcc-doc-4.0.1-5.2.20060mlcs4.x86_64.rpm
7594df0c227438cc62d35196c7815c9c corporate/4.0/x86_64/gcc-doc-pdf-4.0.1-5.2.20060mlcs4.x86_64.rpm
d3ffd3763c9cb4bede714063ae2c3f03 corporate/4.0/x86_64/gcc-gfortran-4.0.1-5.2.20060mlcs4.x86_64.rpm
e0e2d0047863ffa88bc9bc8acdc5d7c6 corporate/4.0/x86_64/gcc-gnat-4.0.1-5.2.20060mlcs4.x86_64.rpm
79e0477bb74c9376fbcd8bb6e9c8330e corporate/4.0/x86_64/gcc-java-4.0.1-5.2.20060mlcs4.x86_64.rpm
8456d360cd1744450f13cca4085be21f corporate/4.0/x86_64/gcc-objc-4.0.1-5.2.20060mlcs4.x86_64.rpm
9d7655fe63bb6dfcc0f9d768cdce5395 corporate/4.0/x86_64/gcj-tools-4.0.1-5.2.20060mlcs4.x86_64.rpm
9323d8523489de6fe00a34e6b0b94e29 corporate/4.0/x86_64/lib64gcj6-4.0.1-5.2.20060mlcs4.x86_64.rpm
86bab684589205eb0a3b237399c29e80 corporate/4.0/x86_64/lib64gcj6-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
ac0e7a18370246960f83fc5c860ea4b4 corporate/4.0/x86_64/lib64gcj6-static-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
744c75d49c44c3647c09188c338df5f1 corporate/4.0/x86_64/libffi4-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
df6e510189df5f4b49ca40349bbf55ef corporate/4.0/x86_64/libgcc1-4.0.1-5.2.20060mlcs4.x86_64.rpm
c33b5639cc1f38107f6c13724f464672 corporate/4.0/x86_64/libgcj6-base-4.0.1-5.2.20060mlcs4.x86_64.rpm
f36d921b37874666bc0e6109c4e820cf corporate/4.0/x86_64/libgcj6-src-4.0.1-5.2.20060mlcs4.x86_64.rpm
6d4c0a11afda451dcdfec80f285126ac corporate/4.0/x86_64/libgfortran0-4.0.1-5.2.20060mlcs4.x86_64.rpm
4c8905133bb18fb2df81d06216267209 corporate/4.0/x86_64/libgnat1-4.0.1-5.2.20060mlcs4.x86_64.rpm
1d9de06119c34e1571dbbd4f3f14bd14 corporate/4.0/x86_64/libmudflap0-4.0.1-5.2.20060mlcs4.x86_64.rpm
6488bacb53aae4b6803b4aa7056a227c corporate/4.0/x86_64/libmudflap0-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
2b4365ae25522057e9fca17377ede3f0 corporate/4.0/x86_64/libobjc1-4.0.1-5.2.20060mlcs4.x86_64.rpm
80915b32a9fbdcec66c0e9e36173b45b corporate/4.0/x86_64/libstdc++6-4.0.1-5.2.20060mlcs4.x86_64.rpm
06c7634e08f1b26e0d30e0e30d1fd0db corporate/4.0/x86_64/libstdc++6-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
c1f978c047ebdfe53253680b8ac84263 corporate/4.0/x86_64/libstdc++6-static-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
1b33e2b8e2852d026776b276172e6bfa corporate/4.0/SRPMS/gcc-4.0.1-5.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFH2VcfmqjQ0CJFipgRAnwoAKCK0mASV39WEk7wuaHWU7fa3adbxgCff4an
98S+ARNZpv79RTBSIwmgMw8=
=J2jz
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists