drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in texinfo
Name: |
Unsichere Verwendung temporärer Dateien in texinfo |
|
ID: |
MDKSA-2005:175 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva 10.1, Mandriva Corporate 3.0, Mandriva Corporate Server 2.1, Mandriva 10.2, Mandriva 2006.0 |
|
Datum: |
Fr, 7. Oktober 2005, 05:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011 |
|
Applikationen: |
GNU texinfo |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1128655358-811-199
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory _______________________________________________________________________
Package name: texinfo Advisory ID: MDKSA-2005:175 Date: October 6th, 2005
Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________
Problem Description:
Frank Lichtenheld has discovered that texindex insecurely creates temporary files with predictable filenames. This is exploitable if a local attacker were to create symbolic links in the temporary files directory, pointing to a valid file on the filesystem. When texindex is executed, the file would be overwitten with the rights of the user running texindex. The updated packages have been patched to correct this issue. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011 ______________________________________________________________________
Updated Packages: Mandrivalinux 10.1: 76e53b496b39c7b28f0267a90ba586a8 10.1/RPMS/info-4.7-2.1.101mdk.i586.rpm 10cd78726493bda942913b5584bcf0ea 10.1/RPMS/info-install-4.7-2.1.101mdk.i586.rpm 25b0fff505495b5b4b80ffcf113ecb15 10.1/RPMS/texinfo-4.7-2.1.101mdk.i586.rpm e47fb813ed54544bd93b6897031b6d2d 10.1/SRPMS/texinfo-4.7-2.1.101mdk.src.rpm
Mandrivalinux 10.1/X86_64: 5f47ff5b3e06addb1924f92b8ade046f x86_64/10.1/RPMS/info-4.7-2.1.101mdk.x86_64.rpm 66cb5ffb24e9e263cfe2af552b5f2ac1 x86_64/10.1/RPMS/info-install-4.7-2.1.101mdk.x86_64.rpm bda2aa2a304be57fa28f2879b85fc9c0 x86_64/10.1/RPMS/texinfo-4.7-2.1.101mdk.x86_64.rpm e47fb813ed54544bd93b6897031b6d2d x86_64/10.1/SRPMS/texinfo-4.7-2.1.101mdk.src.rpm
Mandrivalinux 10.2: da38f9033ba2495d786bbb95bcee6c9f 10.2/RPMS/info-4.8-1.1.102mdk.i586.rpm e1dbdf1b7c0ad41fde7bab6cab92be6f 10.2/RPMS/info-install-4.8-1.1.102mdk.i586.rpm 2b0c6e496d0adfa9b8c486c048c5cd65 10.2/RPMS/texinfo-4.8-1.1.102mdk.i586.rpm e018dbb4a415940d5c5062c4cdd01a1f 10.2/SRPMS/texinfo-4.8-1.1.102mdk.src.rpm
Mandrivalinux 10.2/X86_64: 9baa45ce2070d15f35062c41a574bf4f x86_64/10.2/RPMS/info-4.8-1.1.102mdk.x86_64.rpm 821d86aeae3923411e2667ea8cca3723 x86_64/10.2/RPMS/info-install-4.8-1.1.102mdk.x86_64.rpm 54c74f133bcf8cf6791cc97ef9c2e2f2 x86_64/10.2/RPMS/texinfo-4.8-1.1.102mdk.x86_64.rpm e018dbb4a415940d5c5062c4cdd01a1f x86_64/10.2/SRPMS/texinfo-4.8-1.1.102mdk.src.rpm
Mandrivalinux 2006.0: 8b6d88e8dc11347d15daaecea9614350 2006.0/RPMS/info-4.8-1.1.20060mdk.i586.rpm db1fb3ef2f3810ad044f7ceb0e7f28ba 2006.0/RPMS/info-install-4.8-1.1.20060mdk.i586.rpm 71bd982b51dd4ce475bff38b13e602ee 2006.0/RPMS/texinfo-4.8-1.1.20060mdk.i586.rpm 727c5b4c31890156019eeaa67693d169 2006.0/SRPMS/texinfo-4.8-1.1.20060mdk.src.rpm
Mandrivalinux 2006.0/X86_64: 1ebc92ec90e633ed7bd2c23df56db8e6 x86_64/2006.0/RPMS/info-4.8-1.1.20060mdk.x86_64.rpm 52a3c172223d5c4fac673719232df4b5 x86_64/2006.0/RPMS/info-install-4.8-1.1.20060mdk.x86_64.rpm ad9da3a4cfa7e804c2880a94622bbe66 x86_64/2006.0/RPMS/texinfo-4.8-1.1.20060mdk.x86_64.rpm 727c5b4c31890156019eeaa67693d169 x86_64/2006.0/SRPMS/texinfo-4.8-1.1.20060mdk.src.rpm
Corporate Server 2.1: af212fb87728fcb48c736f5f30f0a906 corporate/2.1/RPMS/info-4.2-5.1.C21mdk.i586.rpm 256c91dbdf2650f5323c9294916eb25c corporate/2.1/RPMS/info-install-4.2-5.1.C21mdk.i586.rpm 37f29e7fc13e78f1de4213591a028723 corporate/2.1/RPMS/texinfo-4.2-5.1.C21mdk.i586.rpm 8c4df474276402f88497af71c8e6586a corporate/2.1/SRPMS/texinfo-4.2-5.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64: 32d0a4f0f9e9d14bfb34368f5d5e429e x86_64/corporate/2.1/RPMS/info-4.2-5.1.C21mdk.x86_64.rpm 8df053321dd699e94bfed39387df0541 x86_64/corporate/2.1/RPMS/info-install-4.2-5.1.C21mdk.x86_64.rpm 44a60c312004ed7490a802521559ddae x86_64/corporate/2.1/RPMS/texinfo-4.2-5.1.C21mdk.x86_64.rpm 8c4df474276402f88497af71c8e6586a x86_64/corporate/2.1/SRPMS/texinfo-4.2-5.1.C21mdk.src.rpm
Corporate 3.0: 9556168c04d13c9a6a3f6e7015a398de corporate/3.0/RPMS/info-4.6-1.1.C30mdk.i586.rpm ed35b999cc4037b9ad7f838eb641a837 corporate/3.0/RPMS/info-install-4.6-1.1.C30mdk.i586.rpm 7f26434349820297ee62871c754c61d4 corporate/3.0/RPMS/texinfo-4.6-1.1.C30mdk.i586.rpm 83cb27358b6e352de4f1173407175823 corporate/3.0/SRPMS/texinfo-4.6-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64: 217fc652b60c5aac4e9c17ea69f5ab33 x86_64/corporate/3.0/RPMS/info-4.6-1.1.C30mdk.x86_64.rpm 7c3eee4af8b915337903ed6f8e8cedaf x86_64/corporate/3.0/RPMS/info-install-4.6-1.1.C30mdk.x86_64.rpm 11af71727eee1214d330d34ff9dbfe54 x86_64/corporate/3.0/RPMS/texinfo-4.6-1.1.C30mdk.x86_64.rpm 83cb27358b6e352de4f1173407175823 x86_64/corporate/3.0/SRPMS/texinfo-4.6-1.1.C30mdk.src.rpm _______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDReZ8mqjQ0CJFipgRAoymAKDLn6IhPLD9vE+NqmNAAuin7vxb0ACgkEAi KXYDLCSKSV2dxCpZ/Rq1BqM= =axcM -----END PGP SIGNATURE-----
------------=_1128655358-811-199 Content-Type: text/plain; name="message.footer" Content-Disposition: inline; filename="message.footer" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1128655358-811-199--
|
|
|
|