[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVvwi-0003Zp-Tp@titan.mandriva.com>
Date: Wed, 29 Jul 2009 01:19:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:170 ] initscripts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:170
http://www.mandriva.com/security/
_______________________________________________________________________
Package : initscripts
Date : July 28, 2009
Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Security team has identified and fixed a vulnerability in
initscripts which could lead to partial wireless password disclosure
for WPA/WPA2 passwords of certain length which contained spaces.
This update fixes the vulnerability.
_______________________________________________________________________
References:
https://qa.mandriva.com/52149
https://qa.mandriva.com/51606
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
c2f82185b6a1b451e8d0a469224d8c5a 2008.1/i586/initscripts-8.63-9.4mdv2008.1.i586.rpm
64f2ca707c0e6635cababcd7263d4abb 2008.1/SRPMS/initscripts-8.63-9.4mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
fb044db8aee555c5e165e4c3ca608433 2008.1/x86_64/initscripts-8.63-9.4mdv2008.1.x86_64.rpm
64f2ca707c0e6635cababcd7263d4abb 2008.1/SRPMS/initscripts-8.63-9.4mdv2008.1.src.rpm
Mandriva Linux 2009.0:
547725f36363ffcfcc8c0389f2aeb298 2009.0/i586/debugmode-8.81-10.2mdv2009.0.i586.rpm
4779e320e3a1a345d926106de5135552 2009.0/i586/initscripts-8.81-10.2mdv2009.0.i586.rpm
5a0edc132358a4a0e1627edc64a2b734 2009.0/SRPMS/initscripts-8.81-10.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
73c516af3830e70547cc15d69d2fbcd2 2009.0/x86_64/debugmode-8.81-10.2mdv2009.0.x86_64.rpm
7ecbe026d44e11ebfab474ea6941edd1 2009.0/x86_64/initscripts-8.81-10.2mdv2009.0.x86_64.rpm
5a0edc132358a4a0e1627edc64a2b734 2009.0/SRPMS/initscripts-8.81-10.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
6a202f378cfdd5bca9bf3fefcd28f884 2009.1/i586/debugmode-8.88-23.2mdv2009.1.i586.rpm
e21426bd4d5b4f2b8aa4b29b445ec0f3 2009.1/i586/initscripts-8.88-23.2mdv2009.1.i586.rpm
8e00b02e0fea6bb32370ab25f6add0dd 2009.1/SRPMS/initscripts-8.88-23.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
14a7c9ca90043ec2989f3f9dd01f5ed7 2009.1/x86_64/debugmode-8.88-23.2mdv2009.1.x86_64.rpm
1f9acc735be39aa8bc937087c39808bd 2009.1/x86_64/initscripts-8.88-23.2mdv2009.1.x86_64.rpm
8e00b02e0fea6bb32370ab25f6add0dd 2009.1/SRPMS/initscripts-8.88-23.2mdv2009.1.src.rpm
Mandriva Enterprise Server 5:
bd9082dc2f1bf9f4ec7d376f946b1ccd mes5/i586/debugmode-8.81-10.2mdvmes5.i586.rpm
23bdff614d8f7cc132f3dcbba2c7df45 mes5/i586/initscripts-8.81-10.2mdvmes5.i586.rpm
7458437fd85bd4fd0f7e9e67e1289883 mes5/SRPMS/initscripts-8.81-10.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
95d8a219c11a9d357360e9ad6906ad41 mes5/x86_64/debugmode-8.81-10.2mdvmes5.x86_64.rpm
155bc9d037dbdaca8286b179ac03664b mes5/x86_64/initscripts-8.81-10.2mdvmes5.x86_64.rpm
7458437fd85bd4fd0f7e9e67e1289883 mes5/SRPMS/initscripts-8.81-10.2mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKb1pYmqjQ0CJFipgRAhT3AKDuxg88YO9tgrdu/NfViMinrNLlbgCfUciW
FZYSM6wOroGiquvGehX8TW8=
=7/zd
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists