drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in a2ps
Name: |
Überschreiben von Dateien in a2ps
|
|
ID: |
MDKSA-2005:097 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva 10.1, Mandriva Corporate 3.0, Mandriva Corporate Server 2.1, Mandriva 10.2 |
|
Datum: |
Mi, 8. Juni 2005, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1377 |
|
Applikationen: |
a2ps |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory _______________________________________________________________________
Package name: a2ps Advisory ID: MDKSA-2005:097 Date: June 7th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________
Problem Description:
The fixps and psmandup scripts, part of the a2ps package, are vulnerable to symlink attacks which could allow a local attacker to overwrite arbitrary files. The updated packages have been patched to correct the problem. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1377 ______________________________________________________________________
Updated Packages: Mandrakelinux 10.1: 938d5b703cbeb762efd5619880208497 10.1/RPMS/a2ps-4.13b-5.2.101mdk.i586.rpm e0e7a61ec86b0af969cbe60008e6830f 10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.i586.rpm fce5b28393e1c8da6e0ea1ebdb1a2de6 10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.i586.rpm 05f8fdc46bded4e920c709a781c98550 10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64: fc1fd3817e4f41ea41758a3ac53e86cd x86_64/10.1/RPMS/a2ps-4.13b-5.2.101mdk.x86_64.rpm 84541cd7d841c64ceccb89f2a413d450 x86_64/10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.x86_64.rpm acf595ef3b6f3d2a79204feec3e34208 x86_64/10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.x86_64.rpm 05f8fdc46bded4e920c709a781c98550 x86_64/10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm
Mandrakelinux 10.2: 47722386507aa7fb8c4ddbbbbcc4a20c 10.2/RPMS/a2ps-4.13b-6.1.102mdk.i586.rpm 190e48d0b4143ac0ad911482e0b0151f 10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.i586.rpm 4d3d6cbd4ad35999c9bff1f61f890778 10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.i586.rpm 52a665ac72fec5e99b3e1412e6470063 10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64: 37135cc64ba189c769851ba678532576 x86_64/10.2/RPMS/a2ps-4.13b-6.1.102mdk.x86_64.rpm 6f4cbd5624aac20e99703072131538c7 x86_64/10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.x86_64.rpm 4314538dcbb211c28f32abc64d9e3de8 x86_64/10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.x86_64.rpm 52a665ac72fec5e99b3e1412e6470063 x86_64/10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm
Corporate Server 2.1: 65a7ea65f589533d0aca00a6a37760ff corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.i586.rpm 45c465fc3e2165e6681cccda909fb91f corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.i586.rpm 273f20da1e895043ee719b964b7d2b55 corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.i586.rpm 58e6bdd04f757728aa63089f8b4249ac corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm
Corporate Server 2.1/X86_64: d5cc8c0304f537acd89c575c7124a6c0 x86_64/corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.x86_64.rpm ee85486832fbdf9873c3acfa8b73bafe x86_64/corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.x86_64.rpm 84c3ca054e874346bc55daeb5fea0f9f x86_64/corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.x86_64.rpm 58e6bdd04f757728aa63089f8b4249ac x86_64/corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm
Corporate 3.0: 859d494306ae1dca81186e2fe99b9a96 corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.i586.rpm 9bd2c39d7495f18412fcd0a1412f1169 corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.i586.rpm 68be9c1420f80da9047bf2c7f41e861c corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.i586.rpm daba71e7aa523a71040a54e841bf9300 corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm
Corporate 3.0/X86_64: 3d2e4b184d3ff5f19d5ce48762b25c41 x86_64/corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.x86_64.rpm 7edb5fa8542f0a8216e2670a668aaf04 x86_64/corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.x86_64.rpm aebaa6e7473f6fa84bd973df34ef3b96 x86_64/corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.x86_64.rpm daba71e7aa523a71040a54e841bf9300 x86_64/corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm _______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCpgvJmqjQ0CJFipgRAheSAJ9orZvyngdNmOlbIwh4uRPqQi8tMACgmJxw EiHp0Bt4ppEs0n/AGblpMuc= =t8PQ -----END PGP SIGNATURE-----
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
|
|
|
|