Login
Newsletter
Werbung
Sicherheit: Unsichere Verwendung temporärer Dateien in gettext
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in gettext
ID: MDKSA-2006:051
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0
Datum: Mi, 1. März 2006, 00:41
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0966
Applikationen: gettext

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1141170095-13280-48


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:051
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gettext
 Date    : February 28, 2006
 Affected: Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The Trustix developers discovered temporary file vulnerabilities in the
 autopoint and gettextize scripts, part of GNU gettext.  These scripts
 insecurely created temporary files which could allow a malicious user
 to overwrite another user's files via a symlink attack.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0966
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 3e90a65b63c6cef50ea2362b97d601af 
 corporate/3.0/RPMS/gettext-0.13.1-1.3.C30mdk.i586.rpm
 88645a36cc137b6d15baff31df84bb5f 
 corporate/3.0/RPMS/gettext-base-0.13.1-1.3.C30mdk.i586.rpm
 122cf7a4d0173cd80c3c6a388b76ec5a 
 corporate/3.0/RPMS/gettext-devel-0.13.1-1.3.C30mdk.i586.rpm
 d9e9d121c5833e80c9bbd642af24fb40 
 corporate/3.0/RPMS/gettext-java-0.13.1-1.3.C30mdk.i586.rpm
 7aa6d70debb3c1814333fca662e23cac 
 corporate/3.0/RPMS/libgettextmisc-0.13.1-1.3.C30mdk.i586.rpm
 cfe279f682d65f910505e069b911d7c7 
 corporate/3.0/RPMS/libintl2-0.13.1-1.3.C30mdk.i586.rpm
 fc15df73311804bf0fd371fa9682c0c5 
 corporate/3.0/SRPMS/gettext-0.13.1-1.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c3648f970e7794014773ddedd68eaf91 
 x86_64/corporate/3.0/RPMS/gettext-0.13.1-1.3.C30mdk.x86_64.rpm
 d876576394822262df7e2351775c1aaa 
 x86_64/corporate/3.0/RPMS/gettext-base-0.13.1-1.3.C30mdk.x86_64.rpm
 af77cf6ee5a7d238ec122fbc4af7d353 
 x86_64/corporate/3.0/RPMS/gettext-devel-0.13.1-1.3.C30mdk.x86_64.rpm
 1173d049f6621cd8ff8d0396d24eb097 
 x86_64/corporate/3.0/RPMS/gettext-java-0.13.1-1.3.C30mdk.x86_64.rpm
 f757f8a584bfc7ebd99d13a92415241b 
 x86_64/corporate/3.0/RPMS/lib64gettextmisc-0.13.1-1.3.C30mdk.x86_64.rpm
 ecb7b9c26a607287c10f12bc70d5ffa9 
 x86_64/corporate/3.0/RPMS/lib64intl2-0.13.1-1.3.C30mdk.x86_64.rpm
 fc15df73311804bf0fd371fa9682c0c5 
 x86_64/corporate/3.0/SRPMS/gettext-0.13.1-1.3.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 bf7a130a64632e27c4c0e35bcce1838d 
 mnf/2.0/RPMS/gettext-0.13.1-1.3.M20mdk.i586.rpm
 26b569b31b5786eb3dc90c466ad42951 
 mnf/2.0/RPMS/gettext-base-0.13.1-1.3.M20mdk.i586.rpm
 513319968508b7d6c22135aed2a4ebcf 
 mnf/2.0/RPMS/gettext-devel-0.13.1-1.3.M20mdk.i586.rpm
 8ebc491dd574ec6e9624776b39adb08e 
 mnf/2.0/RPMS/gettext-java-0.13.1-1.3.M20mdk.i586.rpm
 d7efcc35298ade62c0d21b75cec11d35 
 mnf/2.0/RPMS/libgettextmisc-0.13.1-1.3.M20mdk.i586.rpm
 d0993ab7f263642207f1ae95f4861525 
 mnf/2.0/RPMS/libintl2-0.13.1-1.3.M20mdk.i586.rpm
 76fec48911a57db5edad551ae40cb3d1 
 mnf/2.0/SRPMS/gettext-0.13.1-1.3.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFEBKdDmqjQ0CJFipgRAhZHAJ9pXeM/Z7BFLAZ1zymn5CDFGiDNjQCgyy01
o5an648yuWxgj8BfvaEBjws=
=aKl0
-----END PGP SIGNATURE-----


------------=_1141170095-13280-48
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1141170095-13280-48--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung