[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1ORARs-0003m2-Nn@titan.mandriva.com>
Date: Tue, 22 Jun 2010 22:52:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:122 ] fastjar
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:122
http://www.mandriva.com/security/
_______________________________________________________________________
Package : fastjar
Date : June 22, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in fastjar:
Directory traversal vulnerability in the extract_jar function
in jartool.c in FastJar 0.98 allows remote attackers to create
or overwrite arbitrary files via a .. (dot dot) in a non-initial
pathname component in a filename within a .jar archive, a related
issue to CVE-2005-1080. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2006-3619 (CVE-2010-0831).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
29cfbaec7e6255eb665bc78192b65bd4 2008.0/i586/fastjar-0.95-1.1mdv2008.0.i586.rpm
14db3823db1af8e68f5f5691ca360a4f 2008.0/SRPMS/fastjar-0.95-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
6d30855f5164f15ada36fb6560d5e98d 2008.0/x86_64/fastjar-0.95-1.1mdv2008.0.x86_64.rpm
14db3823db1af8e68f5f5691ca360a4f 2008.0/SRPMS/fastjar-0.95-1.1mdv2008.0.src.rpm
Mandriva Linux 2009.0:
f77fefb84163a9c08ed43444464ca745 2009.0/i586/fastjar-0.95-3.1mdv2009.0.i586.rpm
cb1a7db7aa0df9f9cf4fec3c2a2e76f8 2009.0/SRPMS/fastjar-0.95-3.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
a7ec5bded41e309a47f11e58b7ce4294 2009.0/x86_64/fastjar-0.95-3.1mdv2009.0.x86_64.rpm
cb1a7db7aa0df9f9cf4fec3c2a2e76f8 2009.0/SRPMS/fastjar-0.95-3.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
c2df3e75f81444460e5bef18bc537a0d 2009.1/i586/fastjar-0.97-1.1mdv2009.1.i586.rpm
ea0e50c4339801ef26b3731d381c43a8 2009.1/SRPMS/fastjar-0.97-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
acbc81b4f44458db7b3d4e4936f2243d 2009.1/x86_64/fastjar-0.97-1.1mdv2009.1.x86_64.rpm
ea0e50c4339801ef26b3731d381c43a8 2009.1/SRPMS/fastjar-0.97-1.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
235889aecb0c352a7fa79a78db132635 2010.0/i586/fastjar-0.98-1.1mdv2010.0.i586.rpm
0319890b30ed72964f5061e8c668f868 2010.0/SRPMS/fastjar-0.98-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
8d57e00fa9a90d9f99a80fda6ca93be0 2010.0/x86_64/fastjar-0.98-1.1mdv2010.0.x86_64.rpm
0319890b30ed72964f5061e8c668f868 2010.0/SRPMS/fastjar-0.98-1.1mdv2010.0.src.rpm
Corporate 4.0:
8ae0be32bc0c26d6a5b4b44b28a8be24 corporate/4.0/i586/gcc-4.0.1-5.4.20060mlcs4.i586.rpm
79f01b28da32b36221815ecb9c6b0800 corporate/4.0/i586/gcc-c++-4.0.1-5.4.20060mlcs4.i586.rpm
5d500cfca2c534a9c3dae5285b090921 corporate/4.0/i586/gcc-colorgcc-4.0.1-5.4.20060mlcs4.i586.rpm
8a3db9618eee24158e715753ab85c87c corporate/4.0/i586/gcc-cpp-4.0.1-5.4.20060mlcs4.i586.rpm
e38e095b4a82f6f34185404dd4e24f9d corporate/4.0/i586/gcc-doc-4.0.1-5.4.20060mlcs4.i586.rpm
e29739a30fcf203f690809d4d5a1b7dc corporate/4.0/i586/gcc-doc-pdf-4.0.1-5.4.20060mlcs4.i586.rpm
a52b298e755784e350671213c048e347 corporate/4.0/i586/gcc-gfortran-4.0.1-5.4.20060mlcs4.i586.rpm
739f22bac9eff8ff1ce925a35913ec4d corporate/4.0/i586/gcc-gnat-4.0.1-5.4.20060mlcs4.i586.rpm
5c6d85c2596ebe896599282d1246ac51 corporate/4.0/i586/gcc-java-4.0.1-5.4.20060mlcs4.i586.rpm
c58741df491cbe7ec865aa8abfb223b8 corporate/4.0/i586/gcc-objc-4.0.1-5.4.20060mlcs4.i586.rpm
b3b6f955e048d4c4484cb8abca5b024f corporate/4.0/i586/gcj-tools-4.0.1-5.4.20060mlcs4.i586.rpm
7481fccd210e1b05ee680d3b82b1958f corporate/4.0/i586/libffi4-devel-4.0.1-5.4.20060mlcs4.i586.rpm
6812a0c08289f467d9d7f87689193f50 corporate/4.0/i586/libgcc1-4.0.1-5.4.20060mlcs4.i586.rpm
71ec24cb023ea717a873caca52094de7 corporate/4.0/i586/libgcj6-4.0.1-5.4.20060mlcs4.i586.rpm
cba3e17bf4a6bb4db07e81530e61bbfe corporate/4.0/i586/libgcj6-base-4.0.1-5.4.20060mlcs4.i586.rpm
5d2ea3afb4f9ddb67702ccbf3eaf1dc8 corporate/4.0/i586/libgcj6-devel-4.0.1-5.4.20060mlcs4.i586.rpm
90a2ddd64e638cebc99353e9ed1b9007 corporate/4.0/i586/libgcj6-src-4.0.1-5.4.20060mlcs4.i586.rpm
e560796ba713a55d72ef46d50dc064a0 corporate/4.0/i586/libgcj6-static-devel-4.0.1-5.4.20060mlcs4.i586.rpm
fcf35776137fe8b4f2bdd6105a887823 corporate/4.0/i586/libgfortran0-4.0.1-5.4.20060mlcs4.i586.rpm
ab1cd67788ae4b69544a101f36f5a706 corporate/4.0/i586/libgnat1-4.0.1-5.4.20060mlcs4.i586.rpm
fecffb2b88e2695a3b88d8f804f020bb corporate/4.0/i586/libmudflap0-4.0.1-5.4.20060mlcs4.i586.rpm
40307f8fa9f4e4ba74fd713279ebf76f corporate/4.0/i586/libmudflap0-devel-4.0.1-5.4.20060mlcs4.i586.rpm
c834d7ea558059c7c89e0b7d4aac2079 corporate/4.0/i586/libobjc1-4.0.1-5.4.20060mlcs4.i586.rpm
c5120c50910e9008f2ae6723b5928caa corporate/4.0/i586/libstdc++6-4.0.1-5.4.20060mlcs4.i586.rpm
1ca5368024a7bc2a84ab3ed7cd90553a corporate/4.0/i586/libstdc++6-devel-4.0.1-5.4.20060mlcs4.i586.rpm
31bc41b0d17d3065f9987efcafb69dd6 corporate/4.0/i586/libstdc++6-static-devel-4.0.1-5.4.20060mlcs4.i586.rpm
f418034fdacecb6bc1b7726e56a447dc corporate/4.0/SRPMS/gcc-4.0.1-5.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
63bfefa0e490a6aa08967adc3a06f925 corporate/4.0/x86_64/gcc-4.0.1-5.4.20060mlcs4.x86_64.rpm
49eb12c3c36742dc0cb559b5c750b190 corporate/4.0/x86_64/gcc-c++-4.0.1-5.4.20060mlcs4.x86_64.rpm
c6e9330378e6f1ec70a9354518c7db16 corporate/4.0/x86_64/gcc-colorgcc-4.0.1-5.4.20060mlcs4.x86_64.rpm
2f8c1cee7fc98bf8f10d543e4c415708 corporate/4.0/x86_64/gcc-cpp-4.0.1-5.4.20060mlcs4.x86_64.rpm
613fad43e7bb87461dd5bc68f8862038 corporate/4.0/x86_64/gcc-doc-4.0.1-5.4.20060mlcs4.x86_64.rpm
0bab884d8bdb58c5b3be5496dab428f6 corporate/4.0/x86_64/gcc-doc-pdf-4.0.1-5.4.20060mlcs4.x86_64.rpm
b69bfa9652946c2707475582c7406d18 corporate/4.0/x86_64/gcc-gfortran-4.0.1-5.4.20060mlcs4.x86_64.rpm
3f6774d2585a2349661c6fb31c84ab41 corporate/4.0/x86_64/gcc-gnat-4.0.1-5.4.20060mlcs4.x86_64.rpm
045915b26d3bb9add72f3dd1205418ca corporate/4.0/x86_64/gcc-java-4.0.1-5.4.20060mlcs4.x86_64.rpm
b3ca49d5474b61c30b8f5b6a9cbd3840 corporate/4.0/x86_64/gcc-objc-4.0.1-5.4.20060mlcs4.x86_64.rpm
6514bab1ccc69984b0320c301b39fb50 corporate/4.0/x86_64/gcj-tools-4.0.1-5.4.20060mlcs4.x86_64.rpm
3abd67ccf72a2bb6b288a6d633f1abf8 corporate/4.0/x86_64/lib64gcj6-4.0.1-5.4.20060mlcs4.x86_64.rpm
6f7387060f5450d9a4123471b46ee85c corporate/4.0/x86_64/lib64gcj6-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm
291e1108c8649f3358f1a2e4fcc2951e corporate/4.0/x86_64/lib64gcj6-static-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm
99c3f5dd17599103b36192949d8bef4d corporate/4.0/x86_64/libffi4-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm
ee4e4b0d50d243eafb8ca330efb3fa76 corporate/4.0/x86_64/libgcc1-4.0.1-5.4.20060mlcs4.x86_64.rpm
ed3fab0bb728e81ef2f05712fed3170a corporate/4.0/x86_64/libgcj6-base-4.0.1-5.4.20060mlcs4.x86_64.rpm
334fbf494c48521e2d1e6fd25dc04060 corporate/4.0/x86_64/libgcj6-src-4.0.1-5.4.20060mlcs4.x86_64.rpm
5465686d44c49a4fdb66f12d86463b71 corporate/4.0/x86_64/libgfortran0-4.0.1-5.4.20060mlcs4.x86_64.rpm
f5a6f8f05eeba6756d0d95392ff2df1b corporate/4.0/x86_64/libgnat1-4.0.1-5.4.20060mlcs4.x86_64.rpm
f463eb6f69b9a8476339d12d955d3999 corporate/4.0/x86_64/libmudflap0-4.0.1-5.4.20060mlcs4.x86_64.rpm
571a27d904dc147513037de3d9750e5d corporate/4.0/x86_64/libmudflap0-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm
5d79033dd3213df96acdbc780d8ff749 corporate/4.0/x86_64/libobjc1-4.0.1-5.4.20060mlcs4.x86_64.rpm
e3fc96bc5b4eb9eeae2abb434dc9cf32 corporate/4.0/x86_64/libstdc++6-4.0.1-5.4.20060mlcs4.x86_64.rpm
895909a6655f11d782c14a1c482a2851 corporate/4.0/x86_64/libstdc++6-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm
3148e7eb8d655ec4740d6bc3f2cef9b6 corporate/4.0/x86_64/libstdc++6-static-devel-4.0.1-5.4.20060mlcs4.x86_64.rpm
f418034fdacecb6bc1b7726e56a447dc corporate/4.0/SRPMS/gcc-4.0.1-5.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMIPEwmqjQ0CJFipgRAuDjAKDSEoJK/Kmrg4O/B0EB8NPInQA7ogCaA7Pi
J/4rKW1+L0KT1gLT2im/2lU=
=56uq
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists