[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NYolt-0002Fo-FC@titan.mandriva.com>
Date: Sat, 23 Jan 2010 23:48:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:024 ] coreutils
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:024
http://www.mandriva.com/security/
_______________________________________________________________________
Package : coreutils
Date : January 23, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability were discovered and corrected in coreutils:
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through
8.1 allows local users to gain privileges via a symlink attack on a
file in a directory tree under /tmp (CVE-2009-4135).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4135
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
bbc5a0b5bfae7d1da7b497b40082dcc6 2008.0/i586/coreutils-6.9-5.1mdv2008.0.i586.rpm
4b41bae490d2c668412e6ab78676074e 2008.0/i586/coreutils-doc-6.9-5.1mdv2008.0.i586.rpm
ceec0934e3ebe1816d55667c507008c6 2008.0/SRPMS/coreutils-6.9-5.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
5105b28b38878f141247d8b408467c4d 2008.0/x86_64/coreutils-6.9-5.1mdv2008.0.x86_64.rpm
c9ddaa4146fceabf6224e4bbc7b5b214 2008.0/x86_64/coreutils-doc-6.9-5.1mdv2008.0.x86_64.rpm
ceec0934e3ebe1816d55667c507008c6 2008.0/SRPMS/coreutils-6.9-5.1mdv2008.0.src.rpm
Mandriva Linux 2009.0:
8c41d3f3f45657996085945a05a3ee1d 2009.0/i586/coreutils-6.12-2.5mdv2009.0.i586.rpm
1f01c000f74cca3d8ea80c80a5e77a77 2009.0/i586/coreutils-doc-6.12-2.5mdv2009.0.i586.rpm
c0bfeba1f8803e84b0f19eda2dbcfc70 2009.0/SRPMS/coreutils-6.12-2.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
8d3fa8cf346205047b200e75e71a0f3b 2009.0/x86_64/coreutils-6.12-2.5mdv2009.0.x86_64.rpm
65f4ba201e1073044a5683ab5528f591 2009.0/x86_64/coreutils-doc-6.12-2.5mdv2009.0.x86_64.rpm
c0bfeba1f8803e84b0f19eda2dbcfc70 2009.0/SRPMS/coreutils-6.12-2.5mdv2009.0.src.rpm
Mandriva Linux 2009.1:
677a2e51fc24b865f50a9d246c3c47b6 2009.1/i586/coreutils-7.1-2.1mdv2009.1.i586.rpm
6ef52ebd79e343dd900c949efb2a72c1 2009.1/i586/coreutils-doc-7.1-2.1mdv2009.1.i586.rpm
ea99205731c07360b5ba655ee3bbc3de 2009.1/SRPMS/coreutils-7.1-2.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
8d76e1e624c9c741569bb8e063cca8ab 2009.1/x86_64/coreutils-7.1-2.1mdv2009.1.x86_64.rpm
83a9d3e31bce5e465b84a730a6ff1fab 2009.1/x86_64/coreutils-doc-7.1-2.1mdv2009.1.x86_64.rpm
ea99205731c07360b5ba655ee3bbc3de 2009.1/SRPMS/coreutils-7.1-2.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
a5595b72c83ada96d02a77ab8f899f44 2010.0/i586/coreutils-7.5-2.1mdv2010.0.i586.rpm
cd3dd55d6071824c2ea70633ab222979 2010.0/i586/coreutils-doc-7.5-2.1mdv2010.0.i586.rpm
ff13b7700b3c2133968e8910ea09911f 2010.0/SRPMS/coreutils-7.5-2.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
1b6e4154b358a5876ed80af38e8e978a 2010.0/x86_64/coreutils-7.5-2.1mdv2010.0.x86_64.rpm
9608a2886c7ef707b1df4183b894b3b4 2010.0/x86_64/coreutils-doc-7.5-2.1mdv2010.0.x86_64.rpm
ff13b7700b3c2133968e8910ea09911f 2010.0/SRPMS/coreutils-7.5-2.1mdv2010.0.src.rpm
Corporate 4.0:
09f9564f73c38994f7b7b86d817285f8 corporate/4.0/i586/coreutils-5.2.1-8.1.20060mlcs4.i586.rpm
7e5005893e4a2727e53fceb19db6ff8c corporate/4.0/i586/coreutils-doc-5.2.1-8.1.20060mlcs4.i586.rpm
0d9aad80fdd05f2eeffa7678b71f4aac corporate/4.0/SRPMS/coreutils-5.2.1-8.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
403f7d811c4c9b8822f0ab3f7cff683d corporate/4.0/x86_64/coreutils-5.2.1-8.1.20060mlcs4.x86_64.rpm
224927bf18cb5418b47d846b104bb34b corporate/4.0/x86_64/coreutils-doc-5.2.1-8.1.20060mlcs4.x86_64.rpm
0d9aad80fdd05f2eeffa7678b71f4aac corporate/4.0/SRPMS/coreutils-5.2.1-8.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
f877e344eb0908e073c3a854d12cadec mes5/i586/coreutils-6.12-2.5mdvmes5.i586.rpm
d0cede58c64e7ff6d78dfef11276cec2 mes5/i586/coreutils-doc-6.12-2.5mdvmes5.i586.rpm
f219918d16c0498311dcccc1a486b282 mes5/SRPMS/coreutils-6.12-2.5mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
6286996ffa27c4606fe018ee4a686b76 mes5/x86_64/coreutils-6.12-2.5mdvmes5.x86_64.rpm
697ae5dbe6e1bf0b47bf84c0c0fa1c21 mes5/x86_64/coreutils-doc-6.12-2.5mdvmes5.x86_64.rpm
f219918d16c0498311dcccc1a486b282 mes5/SRPMS/coreutils-6.12-2.5mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLW00hmqjQ0CJFipgRAu+bAJ9kS1wAIZdkXX/xB+FHsOtsT5pjCQCgwEgZ
FMFfLQUZs/exqLplc3bpiw0=
=HBft
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists