Date: Mon, 21 Feb 2011 20:48:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:034 ] banshee

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:034
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : banshee
 Date    : February 21, 2011
 Affected: 2009.0, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in banshee:
 
 The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and
 earlier place a zero-length directory name in the LD_LIBRARY_PATH,
 which allows local users to gain privileges via a Trojan horse shared
 library in the current working directory (CVE-2010-3998).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3998
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 3bb68f7fec533d24982491f89b2f35c7  2009.0/i586/banshee-1.2.1-6.2mdv2009.0.i586.rpm
 77777585c8ff33baf49c9a4c9edd1168  2009.0/i586/banshee-doc-1.2.1-6.2mdv2009.0.i586.rpm
 8f7032b1da92e39d419acc1fc93cd6f2  2009.0/i586/banshee-ipod-1.2.1-6.2mdv2009.0.i586.rpm
 da5fc07698b086e7e5773397256aeab7  2009.0/i586/banshee-mtp-1.2.1-6.2mdv2009.0.i586.rpm 
 48427574d8e66a51aa4eaa824e7aadd3  2009.0/SRPMS/banshee-1.2.1-6.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 c43f1984d3e2051f497568ce21cba63d  2009.0/x86_64/banshee-1.2.1-6.2mdv2009.0.x86_64.rpm
 568846c7af0470bdfb17ff3cffa441b5  2009.0/x86_64/banshee-doc-1.2.1-6.2mdv2009.0.x86_64.rpm
 1852da041a455daf2b9b1fd2efee11a1  2009.0/x86_64/banshee-ipod-1.2.1-6.2mdv2009.0.x86_64.rpm
 7a75e047fb376aba4885777e762320aa  2009.0/x86_64/banshee-mtp-1.2.1-6.2mdv2009.0.x86_64.rpm 
 48427574d8e66a51aa4eaa824e7aadd3  2009.0/SRPMS/banshee-1.2.1-6.2mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 606e221f10ec4761a41f7daac57c8aa5  2010.0/i586/banshee-1.5.1-2.1mdv2010.0.i586.rpm
 e171339a09067d149a4e03217dbc5709  2010.0/i586/banshee-doc-1.5.1-2.1mdv2010.0.i586.rpm
 6d3298694dfbcb4b153c8e3dad050b93  2010.0/i586/banshee-ipod-1.5.1-2.1mdv2010.0.i586.rpm
 97699494f1888ac878938e1942ebdc66  2010.0/i586/banshee-karma-1.5.1-2.1mdv2010.0.i586.rpm
 ff88670743e47fb360223164ada17214  2010.0/i586/banshee-mtp-1.5.1-2.1mdv2010.0.i586.rpm 
 adca19cb11040e0a98a9cc0485222675  2010.0/SRPMS/banshee-1.5.1-2.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 5f8df9b4f469be08a57eb39fc177a4d3  2010.0/x86_64/banshee-1.5.1-2.1mdv2010.0.x86_64.rpm
 f55e78967d9830882825c7b42f3d0bce  2010.0/x86_64/banshee-doc-1.5.1-2.1mdv2010.0.x86_64.rpm
 ea500cc72334cfbbe171d4b038df1853  2010.0/x86_64/banshee-ipod-1.5.1-2.1mdv2010.0.x86_64.rpm
 b2ad6dbc64fb33db88854e2f079f33e4  2010.0/x86_64/banshee-karma-1.5.1-2.1mdv2010.0.x86_64.rpm
 b1924cdf119d333b4813c51a9519a037  2010.0/x86_64/banshee-mtp-1.5.1-2.1mdv2010.0.x86_64.rpm 
 adca19cb11040e0a98a9cc0485222675  2010.0/SRPMS/banshee-1.5.1-2.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 ec99b15d4bde9910cc154ad6d425086a  2010.1/i586/banshee-1.6.0-6.1mdv2010.2.i586.rpm
 8caa8fe94aeea27f72e332caae1a01a8  2010.1/i586/banshee-doc-1.6.0-6.1mdv2010.2.i586.rpm
 31ed6800bb2d6db4aac70cb6b59e31ee  2010.1/i586/banshee-ipod-1.6.0-6.1mdv2010.2.i586.rpm
 75696680b42f44e68c7201cb0ee7736a  2010.1/i586/banshee-karma-1.6.0-6.1mdv2010.2.i586.rpm
 ae27cd9821d238b2c6750aeefadf9c55  2010.1/i586/banshee-mtp-1.6.0-6.1mdv2010.2.i586.rpm 
 1d6e23d304ced2c7ad93841f8ec35a3a  2010.1/SRPMS/banshee-1.6.0-6.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 d79b1abfc29c8fd31b54ba46ea5d45dc  2010.1/x86_64/banshee-1.6.0-6.1mdv2010.2.x86_64.rpm
 ad785eb694eb870a279079b19a832662  2010.1/x86_64/banshee-doc-1.6.0-6.1mdv2010.2.x86_64.rpm
 7495bd4cfe1db1e2cbc1e9aaf0892bad  2010.1/x86_64/banshee-ipod-1.6.0-6.1mdv2010.2.x86_64.rpm
 71b24b5fa44ca81d1658fcf1e84b020c  2010.1/x86_64/banshee-karma-1.6.0-6.1mdv2010.2.x86_64.rpm
 384f0ced2db50f1a1325fe805e314950  2010.1/x86_64/banshee-mtp-1.6.0-6.1mdv2010.2.x86_64.rpm 
 1d6e23d304ced2c7ad93841f8ec35a3a  2010.1/SRPMS/banshee-1.6.0-6.1mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNYpKnmqjQ0CJFipgRAqKCAKCYfMLV4sasJ/Iv282sESGeonkFyQCeLO2r
Os02aXkQmhMZhsMtMBXM1Q4=
=2ImD
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists