lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1TMgEW-0007OB-RB@titan.mandriva.com>
Date: Fri, 12 Oct 2012 16:29:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:166 ] bacula

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:166
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bacula
 Date    : October 12, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in bacula:
 
 The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11
 does not properly enforce ACL rules, which allows remote authenticated
 users to obtain resource dump information via unspecified vectors
 (CVE-2012-4430).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4430
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 19c2e396c057a462eed645763f6dd214  mes5/i586/bacula-common-3.0.3-0.2mdvmes5.2.i586.rpm
 2ed8f24e1dd0631c0f66459c803d77d6  mes5/i586/bacula-console-3.0.3-0.2mdvmes5.2.i586.rpm
 125e86f5f3ab21c7187e7250a6a398d4  mes5/i586/bacula-console-gnome-3.0.3-0.2mdvmes5.2.i586.rpm
 02ecfe2faed93c639198d92bdb9136c1  mes5/i586/bacula-console-wx-3.0.3-0.2mdvmes5.2.i586.rpm
 3ece4e74eecdc68f248328b0cd44df91  mes5/i586/bacula-dir-common-3.0.3-0.2mdvmes5.2.i586.rpm
 12eac5efa71756f40c9b87a2196c971d  mes5/i586/bacula-dir-mysql-3.0.3-0.2mdvmes5.2.i586.rpm
 518f88db266dffdc6b28655c59b9cd12  mes5/i586/bacula-dir-pgsql-3.0.3-0.2mdvmes5.2.i586.rpm
 8cc7f89f0b8c9733664e6ae41ef940a4  mes5/i586/bacula-dir-sqlite-3.0.3-0.2mdvmes5.2.i586.rpm
 aa6982dc6d72b8ecebf0e5a2e5b12d93  mes5/i586/bacula-dir-sqlite3-3.0.3-0.2mdvmes5.2.i586.rpm
 fa909ff617fc0985bef861cbcd82ce96  mes5/i586/bacula-fd-3.0.3-0.2mdvmes5.2.i586.rpm
 96557d5790a25b37a6e2e5fb8058b04b  mes5/i586/bacula-gui-bimagemgr-3.0.3-0.2mdvmes5.2.i586.rpm
 ccd13a62c0835c0cc418cda38ba565e6  mes5/i586/bacula-gui-bweb-3.0.3-0.2mdvmes5.2.i586.rpm
 9dcaf0949cb92e3e5137255810699296  mes5/i586/bacula-gui-web-3.0.3-0.2mdvmes5.2.i586.rpm
 5695b3150b11f84223a5152bb30aba64  mes5/i586/bacula-sd-3.0.3-0.2mdvmes5.2.i586.rpm 
 2df32a57b05c2e1290d84786f9ef31c7  mes5/SRPMS/bacula-3.0.3-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b271737aee3770bcd7cef6f1d97875e9  mes5/x86_64/bacula-common-3.0.3-0.2mdvmes5.2.x86_64.rpm
 623c71cdb2c38b1b6f06d6d6a321b6c5  mes5/x86_64/bacula-console-3.0.3-0.2mdvmes5.2.x86_64.rpm
 795c5261d9b92e6868a57da5c554b464  mes5/x86_64/bacula-console-gnome-3.0.3-0.2mdvmes5.2.x86_64.rpm
 8562e98eef26fa0fe1d4eb94cd21dcb0  mes5/x86_64/bacula-console-wx-3.0.3-0.2mdvmes5.2.x86_64.rpm
 2044cbdb6d62d872c79727a67951f218  mes5/x86_64/bacula-dir-common-3.0.3-0.2mdvmes5.2.x86_64.rpm
 c28eec43673f0967e0b17f1baf8b7c42  mes5/x86_64/bacula-dir-mysql-3.0.3-0.2mdvmes5.2.x86_64.rpm
 817f3d6a0697b9c97189592f18f92983  mes5/x86_64/bacula-dir-pgsql-3.0.3-0.2mdvmes5.2.x86_64.rpm
 6d7413099343399fde6d99b3a7df8dd9  mes5/x86_64/bacula-dir-sqlite-3.0.3-0.2mdvmes5.2.x86_64.rpm
 e96a8577bea4e733d9e6f88914684173  mes5/x86_64/bacula-dir-sqlite3-3.0.3-0.2mdvmes5.2.x86_64.rpm
 ac3a716e0e1ce3ee931854e34aeead9d  mes5/x86_64/bacula-fd-3.0.3-0.2mdvmes5.2.x86_64.rpm
 4cb81dd656d54b66f6e62d3dd3454e01  mes5/x86_64/bacula-gui-bimagemgr-3.0.3-0.2mdvmes5.2.x86_64.rpm
 cf2c22981a45797cab0e84afa0d003c8  mes5/x86_64/bacula-gui-bweb-3.0.3-0.2mdvmes5.2.x86_64.rpm
 072cc023f4e40755f27dcb6fdea3985d  mes5/x86_64/bacula-gui-web-3.0.3-0.2mdvmes5.2.x86_64.rpm
 dd975ce1741046ab3e91465920c19e79  mes5/x86_64/bacula-sd-3.0.3-0.2mdvmes5.2.x86_64.rpm 
 2df32a57b05c2e1290d84786f9ef31c7  mes5/SRPMS/bacula-3.0.3-0.2mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQd/16mqjQ0CJFipgRAlCOAJ48TB2FJWQOaj3BwljB3jfYKxys8gCdHZ8z
ORU1yhmQ4yGX9M+HGq57Hj8=
=wCu3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ