Login
Newsletter
Werbung
Sicherheit: Unsichere Verwendung temporärer Dateien in graphviz
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in graphviz
ID: MDKSA-2005:188
Distribution: Mandriva
Plattformen: Mandriva 10.2, Mandriva 2006.0
Datum: Fr, 21. Oktober 2005, 08:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2965
Applikationen: Graphviz

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1129877638-31950-23

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           graphviz
 Advisory ID:            MDKSA-2005:188
 Date:                   October 20th, 2005

 Affected versions:	 10.2, 2006.0
 ______________________________________________________________________

 Problem Description:

 Javier Fernández-Sanguino Peña discovered insecure temporary file 
 creation in graphviz, a rich set of graph drawing tools, that can be 
 exploited to overwrite arbitrary files by a local attacker.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2965
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.2:
 9d0b8399200df96484fd7468a008b76b  10.2/RPMS/graphviz-2.2-3.1.102mdk.i586.rpm
 619146bf760e72b75edfc4574fdc4e46 
 10.2/RPMS/libgraphviz7-2.2-3.1.102mdk.i586.rpm
 a7be06004d84c8cd9c12e5116ebd4b7c 
 10.2/RPMS/libgraphviz7-devel-2.2-3.1.102mdk.i586.rpm
 b84a713fefe4b4a9034fb83d0ce7317d 
 10.2/RPMS/libgraphviztcl7-2.2-3.1.102mdk.i586.rpm
 68b886a29dc2d462f9f244bbac5579db 
 10.2/RPMS/libgraphviztcl7-devel-2.2-3.1.102mdk.i586.rpm
 aeb17f5e10328aab9ad91bf0b8cad36e  10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 b9a03ec322f71cdf568cbf34921b2788 
 x86_64/10.2/RPMS/graphviz-2.2-3.1.102mdk.x86_64.rpm
 247106d295206c27fefd346c055552cd 
 x86_64/10.2/RPMS/lib64graphviz7-2.2-3.1.102mdk.x86_64.rpm
 2c804f5c76a2644f3446c81acdac7aac 
 x86_64/10.2/RPMS/lib64graphviz7-devel-2.2-3.1.102mdk.x86_64.rpm
 9d9e27f634afaed1a66d581d578898e9 
 x86_64/10.2/RPMS/lib64graphviztcl7-2.2-3.1.102mdk.x86_64.rpm
 a5eab811ca6f0dd579932e441452a130 
 x86_64/10.2/RPMS/lib64graphviztcl7-devel-2.2-3.1.102mdk.x86_64.rpm
 aeb17f5e10328aab9ad91bf0b8cad36e 
 x86_64/10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

 Mandrivalinux 2006.0:
 caebfdb43cbd357c8abc549160613983 
 2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.i586.rpm
 bf374b0bc329f4dc68b34b9fe3b5fd3e 
 2006.0/RPMS/libgraphviz7-2.2.1-3.1.20060mdk.i586.rpm
 d7284cdc65c9f5339d14be05ae1b2136 
 2006.0/RPMS/libgraphviz7-devel-2.2.1-3.1.20060mdk.i586.rpm
 926fa5fdcd6e919205ef50433ecf39a0 
 2006.0/RPMS/libgraphviztcl7-2.2.1-3.1.20060mdk.i586.rpm
 1bd24268a3d2735b47c2492bb21f63bc 
 2006.0/RPMS/libgraphviztcl7-devel-2.2.1-3.1.20060mdk.i586.rpm
 526f759a2f2ebbbbc29207c0b8e579ed 
 2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 5a015d5e8932b6fa63a5b13eaf285d60 
 x86_64/2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.x86_64.rpm
 3a8a76af72aaa2350f71250e9a3d8bb0 
 x86_64/2006.0/RPMS/lib64graphviz7-2.2.1-3.1.20060mdk.x86_64.rpm
 73cae708e93dbdd454f8c944f3242f19 
 x86_64/2006.0/RPMS/lib64graphviz7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
 7f59d48923080c9f81af0041c2d5a8a4 
 x86_64/2006.0/RPMS/lib64graphviztcl7-2.2.1-3.1.20060mdk.x86_64.rpm
 7e582a89f65b33bf55a28200cef0d51e 
 x86_64/2006.0/RPMS/lib64graphviztcl7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
 526f759a2f2ebbbbc29207c0b8e579ed 
 x86_64/2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFDWIjKmqjQ0CJFipgRAjCgAKDQM6cllVNyPXlVxTD7mgBbkW3giQCY75xo
697WJt3QgPdKwmfLQnIaew==
=mwcy
-----END PGP SIGNATURE-----

------------=_1129877638-31950-23
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1129877638-31950-23--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung