lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Mqogu-0007sR-Jg@titan.mandriva.com>
Date: Thu, 24 Sep 2009 15:49:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:245 ] glib2.0


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:245
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : glib2.0
 Date    : September 24, 2009
 Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in glib2.0:
 
 The g_file_copy function in glib 2.0 sets the permissions of a
 target file to the permissions of a symbolic link (777), which
 allows user-assisted local users to modify files of other users,
 as demonstrated by using Nautilus to modify the permissions of the
 user home directory (CVE-2009-3289).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3289
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 ae1c20e8d9112331477f1431f47158e2  2008.1/i586/glib2.0-common-2.16.2-1.2mdv2008.1.i586.rpm
 fd14fb35d8a7b26ee2cae61e21136c06  2008.1/i586/glib-gettextize-2.16.2-1.2mdv2008.1.i586.rpm
 84b497096a9a71555d3fd8d1f712c879  2008.1/i586/libgio2.0_0-2.16.2-1.2mdv2008.1.i586.rpm
 de7c95da4c50e889da9c78941e3970ee  2008.1/i586/libglib2.0_0-2.16.2-1.2mdv2008.1.i586.rpm
 2361590b32522048bcc190ea009eb419  2008.1/i586/libglib2.0-devel-2.16.2-1.2mdv2008.1.i586.rpm 
 d184482ba568dccf84035c5b93755c49  2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 907f731ab0bfbd5b4ddea8b52a401be3  2008.1/x86_64/glib2.0-common-2.16.2-1.2mdv2008.1.x86_64.rpm
 c974d23646c611b4e0414da1236540ec  2008.1/x86_64/glib-gettextize-2.16.2-1.2mdv2008.1.x86_64.rpm
 0192faa9b22c4a8e720683dd355b6711  2008.1/x86_64/lib64gio2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm
 a3ef3597c55b264cddfab163248ad8a9  2008.1/x86_64/lib64glib2.0_0-2.16.2-1.2mdv2008.1.x86_64.rpm
 892df1175f288fa14100aad9d6bce63d  2008.1/x86_64/lib64glib2.0-devel-2.16.2-1.2mdv2008.1.x86_64.rpm 
 d184482ba568dccf84035c5b93755c49  2008.1/SRPMS/glib2.0-2.16.2-1.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 2133c89664c7d752644230af6f28d397  2009.0/i586/glib2.0-common-2.18.1-1.2mdv2009.0.i586.rpm
 58ef4dd4f636f35314f633a8249328c4  2009.0/i586/glib-gettextize-2.18.1-1.2mdv2009.0.i586.rpm
 194d89e8844e1dc2e80bcb27a05bfcaa  2009.0/i586/libgio2.0_0-2.18.1-1.2mdv2009.0.i586.rpm
 c5f6d66e26ffa64cb35418c2daf5d090  2009.0/i586/libglib2.0_0-2.18.1-1.2mdv2009.0.i586.rpm
 bfd7c4003ef1ad91c137eefd55f35047  2009.0/i586/libglib2.0-devel-2.18.1-1.2mdv2009.0.i586.rpm 
 37955dd7418fb7822cbdb7098cf2ea39  2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 2f1a001b5e54002a72b16cfd8fad3822  2009.0/x86_64/glib2.0-common-2.18.1-1.2mdv2009.0.x86_64.rpm
 042458c3417c73c3ba76b6a93de5988d  2009.0/x86_64/glib-gettextize-2.18.1-1.2mdv2009.0.x86_64.rpm
 529cd61cc5d548a6e19465fdaa1ce65f  2009.0/x86_64/lib64gio2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm
 acbcba01934b850ae7aa699821fb5e65  2009.0/x86_64/lib64glib2.0_0-2.18.1-1.2mdv2009.0.x86_64.rpm
 f72882f0dba8a21683ca131b64dd084e  2009.0/x86_64/lib64glib2.0-devel-2.18.1-1.2mdv2009.0.x86_64.rpm 
 37955dd7418fb7822cbdb7098cf2ea39  2009.0/SRPMS/glib2.0-2.18.1-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 62fcdba32560bae021c1aaee8f893135  2009.1/i586/glib2.0-common-2.20.1-1.1mdv2009.1.i586.rpm
 ef882c5f43b25c925cefcd4d0a003871  2009.1/i586/glib-gettextize-2.20.1-1.1mdv2009.1.i586.rpm
 979d21c7ca8eef8bc81ab2588e899d0c  2009.1/i586/libgio2.0_0-2.20.1-1.1mdv2009.1.i586.rpm
 67cd61d9d06b4a19c3c4d5377dfadf01  2009.1/i586/libglib2.0_0-2.20.1-1.1mdv2009.1.i586.rpm
 96c2b24ac048e13cf93c61c73ac9bbcf  2009.1/i586/libglib2.0-devel-2.20.1-1.1mdv2009.1.i586.rpm 
 8f909b3e5122784881a84ea94cf0443d  2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 637690f302da59aa5a13470898281056  2009.1/x86_64/glib2.0-common-2.20.1-1.1mdv2009.1.x86_64.rpm
 ed01dca71724f9a299964f6edf59c86b  2009.1/x86_64/glib-gettextize-2.20.1-1.1mdv2009.1.x86_64.rpm
 2a3ddb7c73e78abd6bd15fd7c829d971  2009.1/x86_64/lib64gio2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm
 a44e47d08bdca6e674914df2262f6c77  2009.1/x86_64/lib64glib2.0_0-2.20.1-1.1mdv2009.1.x86_64.rpm
 7ad51363e921eed94a0a1710a3cabdcd  2009.1/x86_64/lib64glib2.0-devel-2.20.1-1.1mdv2009.1.x86_64.rpm 
 8f909b3e5122784881a84ea94cf0443d  2009.1/SRPMS/glib2.0-2.20.1-1.1mdv2009.1.src.rpm

 Mandriva Enterprise Server 5:
 01450569f510200a6a18e0b11a5360e2  mes5/i586/glib2.0-common-2.18.1-1.2mdvmes5.i586.rpm
 f72db45f7da3fbfde0e42ee38fa131ea  mes5/i586/glib-gettextize-2.18.1-1.2mdvmes5.i586.rpm
 93e7fd1becd3a58b7accd21b4fe47691  mes5/i586/libgio2.0_0-2.18.1-1.2mdvmes5.i586.rpm
 fe0b723bb741cd748b3763300e06525f  mes5/i586/libglib2.0_0-2.18.1-1.2mdvmes5.i586.rpm
 1918d153e32f3817079cfd55eabbc45d  mes5/i586/libglib2.0-devel-2.18.1-1.2mdvmes5.i586.rpm 
 429eb4dc41a60f541dc25d3a58b5a16a  mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 ff56e85b39fbc52791cbbaccda8da9ad  mes5/x86_64/glib2.0-common-2.18.1-1.2mdvmes5.x86_64.rpm
 3b4dbdd21a6b278b58d18f4653139913  mes5/x86_64/glib-gettextize-2.18.1-1.2mdvmes5.x86_64.rpm
 406d2832060188af668adee3e20d361a  mes5/x86_64/lib64gio2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm
 824900021d2e4cff1075f8810a398aa5  mes5/x86_64/lib64glib2.0_0-2.18.1-1.2mdvmes5.x86_64.rpm
 ce39c721b0d676865af49afd8acf2154  mes5/x86_64/lib64glib2.0-devel-2.18.1-1.2mdvmes5.x86_64.rpm 
 429eb4dc41a60f541dc25d3a58b5a16a  mes5/SRPMS/glib2.0-2.18.1-1.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKu0thmqjQ0CJFipgRAsTcAKCZ1SX8iSD9PaX0xiD1dBHb9BU2BgCg2VZS
a+AVv7uHtHqlcEuzMoRta0A=
=DG/m
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ