lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JZtDl-0003Lj-IB@artemis.annvix.ca>
Date: Thu, 13 Mar 2008 13:36:09 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:066 ] - Updated gcc packages fix
 directory traversal vulnerability in fastjar


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:066
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gcc
 Date    : March 13, 2008
 Affected: 2007.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Jurgen Weigert found a directory traversal vulnerability in fastjar
 versions prior to 0.93.  This vulnerability allows user-assisted
 attackers to overwrite arbitrary files via a .jar file containing
 filename with ../ sequences.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 58c6cf8d35ddfc777fbd48d2417d3bf6  2007.0/i586/gcc-4.1.1-3.1mdv2007.0.i586.rpm
 6d9975dc6f9fc193ee36cfe175646522  2007.0/i586/gcc-c++-4.1.1-3.1mdv2007.0.i586.rpm
 92e7130f0779f2b5d242599c72e21a93  2007.0/i586/gcc-colorgcc-4.1.1-3.1mdv2007.0.i586.rpm
 bc1f9e4d70a6eca97195e7e426d94eb7  2007.0/i586/gcc-cpp-4.1.1-3.1mdv2007.0.i586.rpm
 6a5d27006f95561eca088efa3ac8a43c  2007.0/i586/gcc-doc-4.1.1-3.1mdv2007.0.i586.rpm
 a6c61ac7709a9fd1dd1e4a871ea99043  2007.0/i586/gcc-doc-pdf-4.1.1-3.1mdv2007.0.i586.rpm
 69312eed7668db205af979c3df66a318  2007.0/i586/gcc-gfortran-4.1.1-3.1mdv2007.0.i586.rpm
 240b78599ebd782ada402dd8ac07cb4e  2007.0/i586/gcc-gnat-4.1.1-3.1mdv2007.0.i586.rpm
 8c08be739f5bc62d48f6888adfce5371  2007.0/i586/gcc-java-4.1.1-3.1mdv2007.0.i586.rpm
 0dcfb85325bcf952ce33677b75270da2  2007.0/i586/gcc-objc++-4.1.1-3.1mdv2007.0.i586.rpm
 dbedcd1fd07ab61450e68b0eda6be51a  2007.0/i586/gcc-objc-4.1.1-3.1mdv2007.0.i586.rpm
 324c0689a68357d62c234cc5dadd38fb  2007.0/i586/gcj-tools-4.1.1-3.1mdv2007.0.i586.rpm
 48ba63b8112c0959d9084efa472afa93  2007.0/i586/libffi4-devel-4.1.1-3.1mdv2007.0.i586.rpm
 73889bab4e0d796bdc071d626967d418  2007.0/i586/libgcc1-4.1.1-3.1mdv2007.0.i586.rpm
 dd051e85774c000f0df1bed25acadd8d  2007.0/i586/libgcj7-4.1.1-3.1mdv2007.0.i586.rpm
 2b64429673e3d7885c543869eed39405  2007.0/i586/libgcj7-base-4.1.1-3.1mdv2007.0.i586.rpm
 6dafdb898c7062c867957f1ef88cca09  2007.0/i586/libgcj7-devel-4.1.1-3.1mdv2007.0.i586.rpm
 405a024b5f35c6d5c4e5287e3d26b5e8  2007.0/i586/libgcj7-src-4.1.1-3.1mdv2007.0.i586.rpm
 7cdf5c5b02558d05b905111013f93034  2007.0/i586/libgcj7-static-devel-4.1.1-3.1mdv2007.0.i586.rpm
 782c84424be93b36c234726794115cb1  2007.0/i586/libgfortran1-4.1.1-3.1mdv2007.0.i586.rpm
 ebc2f4a242f6acdc0e31ff9c21c1aa49  2007.0/i586/libgnat1-4.1.1-3.1mdv2007.0.i586.rpm
 f3c06182f6d16414c0fa5df6ccde3a82  2007.0/i586/libmudflap0-4.1.1-3.1mdv2007.0.i586.rpm
 8ece89f2404ebf1fe97b634400892184  2007.0/i586/libmudflap0-devel-4.1.1-3.1mdv2007.0.i586.rpm
 5f960e7ff38589a750b5cbc5a5c6faee  2007.0/i586/libobjc1-4.1.1-3.1mdv2007.0.i586.rpm
 5474e6e7cc1c4be77ac5b5727e33f201  2007.0/i586/libstdc++6-4.1.1-3.1mdv2007.0.i586.rpm
 95abfd3cf0626c9f577c692d657fbe0c  2007.0/i586/libstdc++6-devel-4.1.1-3.1mdv2007.0.i586.rpm
 5b3cf2d98f4fa41287ea01b2d2322049  2007.0/i586/libstdc++6-static-devel-4.1.1-3.1mdv2007.0.i586.rpm 
 1967b73c1d60f91830d851b9fecb3d64  2007.0/SRPMS/gcc-4.1.1-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 b33ecc48e1cf4d309c7b0f876cb37885  2007.0/x86_64/gcc-4.1.1-3.1mdv2007.0.x86_64.rpm
 d1ea79d8d432bf5b35c9fa9dbf417d0d  2007.0/x86_64/gcc-c++-4.1.1-3.1mdv2007.0.x86_64.rpm
 6a398f2eef7cdaf45f9ac3aaeb95c4a9  2007.0/x86_64/gcc-colorgcc-4.1.1-3.1mdv2007.0.x86_64.rpm
 84431e6af6d9da3d507b02560aea568e  2007.0/x86_64/gcc-cpp-4.1.1-3.1mdv2007.0.x86_64.rpm
 6bf42856478b49d87ed3e6752934b27c  2007.0/x86_64/gcc-doc-4.1.1-3.1mdv2007.0.x86_64.rpm
 de12ae62fcd46bf0df204c3422081efd  2007.0/x86_64/gcc-doc-pdf-4.1.1-3.1mdv2007.0.x86_64.rpm
 fd633b5c4abb1e754228b2bc5fbf8d75  2007.0/x86_64/gcc-gfortran-4.1.1-3.1mdv2007.0.x86_64.rpm
 1b4464e3ba008428d4cc5ce41ae368e6  2007.0/x86_64/gcc-gnat-4.1.1-3.1mdv2007.0.x86_64.rpm
 d4ac67158a0885fcf731d974450d4b21  2007.0/x86_64/gcc-java-4.1.1-3.1mdv2007.0.x86_64.rpm
 fc9ae07d8c9ef022dc06f1431b1cadc7  2007.0/x86_64/gcc-objc++-4.1.1-3.1mdv2007.0.x86_64.rpm
 af539cfedcf8223ddf4e98e86b492eb5  2007.0/x86_64/gcc-objc-4.1.1-3.1mdv2007.0.x86_64.rpm
 78d4d268e34a928466087f8a8906d2e1  2007.0/x86_64/gcj-tools-4.1.1-3.1mdv2007.0.x86_64.rpm
 13c4aafdea212b2a9071d2cb1648cf8a  2007.0/x86_64/lib64gcj7-4.1.1-3.1mdv2007.0.x86_64.rpm
 18ea5d2ac44c333d985492a4b934fd73  2007.0/x86_64/lib64gcj7-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
 d3f803e71c7bfc82e17336017d76097b  2007.0/x86_64/lib64gcj7-static-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
 14d84d366443c1e8353b254b835c57c1  2007.0/x86_64/libffi4-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
 4a4d4796287df8ffc0700ff25a3bb72c  2007.0/x86_64/libgcc1-4.1.1-3.1mdv2007.0.x86_64.rpm
 16a22a4759afe854c1bb70c02ab640a0  2007.0/x86_64/libgcj7-base-4.1.1-3.1mdv2007.0.x86_64.rpm
 4673d109b440a106a4c28e4f7c14c38c  2007.0/x86_64/libgcj7-src-4.1.1-3.1mdv2007.0.x86_64.rpm
 931acf8beefcfc94fa74bdb9a2fb6741  2007.0/x86_64/libgfortran1-4.1.1-3.1mdv2007.0.x86_64.rpm
 cd831140795f935e7aeb836a01b1d9d4  2007.0/x86_64/libgnat1-4.1.1-3.1mdv2007.0.x86_64.rpm
 aa0461fcd5a1ca7d9b35388625c1d2df  2007.0/x86_64/libmudflap0-4.1.1-3.1mdv2007.0.x86_64.rpm
 eaaa60ca6d94ccbaa2605e81f33fb8d0  2007.0/x86_64/libmudflap0-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
 1f45d52012522d91b36897dd8a081220  2007.0/x86_64/libobjc1-4.1.1-3.1mdv2007.0.x86_64.rpm
 a96b744f79ae638f855af803a27ddc9b  2007.0/x86_64/libstdc++6-4.1.1-3.1mdv2007.0.x86_64.rpm
 31c25bb155dc6e0e3da4ff34778fcd4b  2007.0/x86_64/libstdc++6-devel-4.1.1-3.1mdv2007.0.x86_64.rpm
 70d8b145f369afee787299716a787bc1  2007.0/x86_64/libstdc++6-static-devel-4.1.1-3.1mdv2007.0.x86_64.rpm 
 1967b73c1d60f91830d851b9fecb3d64  2007.0/SRPMS/gcc-4.1.1-3.1mdv2007.0.src.rpm

 Corporate 4.0:
 71fe14c83875a4dc47c0cff7b724903c  corporate/4.0/i586/gcc-4.0.1-5.2.20060mlcs4.i586.rpm
 0e9519ed056b8090ed351f2688a4bfed  corporate/4.0/i586/gcc-c++-4.0.1-5.2.20060mlcs4.i586.rpm
 d7cc7289325e764602a51543e5338583  corporate/4.0/i586/gcc-colorgcc-4.0.1-5.2.20060mlcs4.i586.rpm
 7fca44d524aa4e550dd98d82c65b114a  corporate/4.0/i586/gcc-cpp-4.0.1-5.2.20060mlcs4.i586.rpm
 7b6e17bd92c14863028590ffabb716c1  corporate/4.0/i586/gcc-doc-4.0.1-5.2.20060mlcs4.i586.rpm
 ef55be272ef64be54aec809f1ae6b7f2  corporate/4.0/i586/gcc-doc-pdf-4.0.1-5.2.20060mlcs4.i586.rpm
 46c5b85a7959b05f9f1d159d1da58528  corporate/4.0/i586/gcc-gfortran-4.0.1-5.2.20060mlcs4.i586.rpm
 c14ed855a8b67af9ef68c365f44d806f  corporate/4.0/i586/gcc-gnat-4.0.1-5.2.20060mlcs4.i586.rpm
 9be3558e816bf24bc549d637e94003bc  corporate/4.0/i586/gcc-java-4.0.1-5.2.20060mlcs4.i586.rpm
 e3a707eb235ff691308c3d88f8ebdc95  corporate/4.0/i586/gcc-objc-4.0.1-5.2.20060mlcs4.i586.rpm
 bd925c67c82169d4d14e933d9bb51074  corporate/4.0/i586/gcj-tools-4.0.1-5.2.20060mlcs4.i586.rpm
 6c42630dac5c406a2b02e5188f051ab9  corporate/4.0/i586/libffi4-devel-4.0.1-5.2.20060mlcs4.i586.rpm
 388fd47f55f55b6e642aa2ad996626a9  corporate/4.0/i586/libgcc1-4.0.1-5.2.20060mlcs4.i586.rpm
 23b7b3a094d84ae0ded9803acedb7a59  corporate/4.0/i586/libgcj6-4.0.1-5.2.20060mlcs4.i586.rpm
 281d10f22b04117eb983a1bd54881128  corporate/4.0/i586/libgcj6-base-4.0.1-5.2.20060mlcs4.i586.rpm
 f1663ffc44ed998f8a7e9a6d648795a0  corporate/4.0/i586/libgcj6-devel-4.0.1-5.2.20060mlcs4.i586.rpm
 07ff0be2e7d88897fb0cf6b97d0dbe1c  corporate/4.0/i586/libgcj6-src-4.0.1-5.2.20060mlcs4.i586.rpm
 0ca126ed9d1e2ef3f199c9ab2e8cb66a  corporate/4.0/i586/libgcj6-static-devel-4.0.1-5.2.20060mlcs4.i586.rpm
 82c771e1d525f0bf8a3c4e5f226f456b  corporate/4.0/i586/libgfortran0-4.0.1-5.2.20060mlcs4.i586.rpm
 c66178d1f72f5993f69eb50567ce34f5  corporate/4.0/i586/libgnat1-4.0.1-5.2.20060mlcs4.i586.rpm
 7701b482660d7ee13ae0879068207b9e  corporate/4.0/i586/libmudflap0-4.0.1-5.2.20060mlcs4.i586.rpm
 943442893496b16560ac38c004ff1a51  corporate/4.0/i586/libmudflap0-devel-4.0.1-5.2.20060mlcs4.i586.rpm
 d0b8edd9a7688171f0d3584b3afd5ecf  corporate/4.0/i586/libobjc1-4.0.1-5.2.20060mlcs4.i586.rpm
 bc513aa9905ff0f78c7a94454ee492df  corporate/4.0/i586/libstdc++6-4.0.1-5.2.20060mlcs4.i586.rpm
 ff3e445982935432521fe42e9f4c88dd  corporate/4.0/i586/libstdc++6-devel-4.0.1-5.2.20060mlcs4.i586.rpm
 09fb1cf89b0ae935b7494c60e0914137  corporate/4.0/i586/libstdc++6-static-devel-4.0.1-5.2.20060mlcs4.i586.rpm 
 1b33e2b8e2852d026776b276172e6bfa  corporate/4.0/SRPMS/gcc-4.0.1-5.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 4db08f55d3d963addd483c6a34c40182  corporate/4.0/x86_64/gcc-4.0.1-5.2.20060mlcs4.x86_64.rpm
 efd4934552b3539c06582a15c06b139c  corporate/4.0/x86_64/gcc-c++-4.0.1-5.2.20060mlcs4.x86_64.rpm
 c5eb41439de7b70e78a15629e165867f  corporate/4.0/x86_64/gcc-colorgcc-4.0.1-5.2.20060mlcs4.x86_64.rpm
 d1f3493e4f09ba9cac7fd125d073ab48  corporate/4.0/x86_64/gcc-cpp-4.0.1-5.2.20060mlcs4.x86_64.rpm
 ece4a75e9a6f642afff1fb4ff7061247  corporate/4.0/x86_64/gcc-doc-4.0.1-5.2.20060mlcs4.x86_64.rpm
 7594df0c227438cc62d35196c7815c9c  corporate/4.0/x86_64/gcc-doc-pdf-4.0.1-5.2.20060mlcs4.x86_64.rpm
 d3ffd3763c9cb4bede714063ae2c3f03  corporate/4.0/x86_64/gcc-gfortran-4.0.1-5.2.20060mlcs4.x86_64.rpm
 e0e2d0047863ffa88bc9bc8acdc5d7c6  corporate/4.0/x86_64/gcc-gnat-4.0.1-5.2.20060mlcs4.x86_64.rpm
 79e0477bb74c9376fbcd8bb6e9c8330e  corporate/4.0/x86_64/gcc-java-4.0.1-5.2.20060mlcs4.x86_64.rpm
 8456d360cd1744450f13cca4085be21f  corporate/4.0/x86_64/gcc-objc-4.0.1-5.2.20060mlcs4.x86_64.rpm
 9d7655fe63bb6dfcc0f9d768cdce5395  corporate/4.0/x86_64/gcj-tools-4.0.1-5.2.20060mlcs4.x86_64.rpm
 9323d8523489de6fe00a34e6b0b94e29  corporate/4.0/x86_64/lib64gcj6-4.0.1-5.2.20060mlcs4.x86_64.rpm
 86bab684589205eb0a3b237399c29e80  corporate/4.0/x86_64/lib64gcj6-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
 ac0e7a18370246960f83fc5c860ea4b4  corporate/4.0/x86_64/lib64gcj6-static-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
 744c75d49c44c3647c09188c338df5f1  corporate/4.0/x86_64/libffi4-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
 df6e510189df5f4b49ca40349bbf55ef  corporate/4.0/x86_64/libgcc1-4.0.1-5.2.20060mlcs4.x86_64.rpm
 c33b5639cc1f38107f6c13724f464672  corporate/4.0/x86_64/libgcj6-base-4.0.1-5.2.20060mlcs4.x86_64.rpm
 f36d921b37874666bc0e6109c4e820cf  corporate/4.0/x86_64/libgcj6-src-4.0.1-5.2.20060mlcs4.x86_64.rpm
 6d4c0a11afda451dcdfec80f285126ac  corporate/4.0/x86_64/libgfortran0-4.0.1-5.2.20060mlcs4.x86_64.rpm
 4c8905133bb18fb2df81d06216267209  corporate/4.0/x86_64/libgnat1-4.0.1-5.2.20060mlcs4.x86_64.rpm
 1d9de06119c34e1571dbbd4f3f14bd14  corporate/4.0/x86_64/libmudflap0-4.0.1-5.2.20060mlcs4.x86_64.rpm
 6488bacb53aae4b6803b4aa7056a227c  corporate/4.0/x86_64/libmudflap0-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
 2b4365ae25522057e9fca17377ede3f0  corporate/4.0/x86_64/libobjc1-4.0.1-5.2.20060mlcs4.x86_64.rpm
 80915b32a9fbdcec66c0e9e36173b45b  corporate/4.0/x86_64/libstdc++6-4.0.1-5.2.20060mlcs4.x86_64.rpm
 06c7634e08f1b26e0d30e0e30d1fd0db  corporate/4.0/x86_64/libstdc++6-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm
 c1f978c047ebdfe53253680b8ac84263  corporate/4.0/x86_64/libstdc++6-static-devel-4.0.1-5.2.20060mlcs4.x86_64.rpm 
 1b33e2b8e2852d026776b276172e6bfa  corporate/4.0/SRPMS/gcc-4.0.1-5.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFH2VcfmqjQ0CJFipgRAnwoAKCK0mASV39WEk7wuaHWU7fa3adbxgCff4an
98S+ARNZpv79RTBSIwmgMw8=
=J2jz
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ