jpilot erzeugt Verzeichnis mit unsicheren Permissions
ID: | MDKSA-2000:081 |
Distribution: | Mandrake |
Plattformen: | Mandrake 7.2 |
Datum: | Sa, 16. Dezember 2000, 12:00 |
Referenzen: | Keine Angabe |
Applikationen: | J-Pilot |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Linux-Mandrake Security Update Advisory ________________________________________________________________________ Package name: jpilot Date: December 15th, 2000 Advisory ID: MDKSA-2000:081 Affected versions: 7.2 ________________________________________________________________________ Problem Description: The jpilot program automatically creates a directory called .jpilot/ in the user's home directory with 777 (world read/write/execute) permissions. This directory is used to store all backups, configuration and synchronized Palm Pilot information. ________________________________________________________________________ Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig package.rpm You can get the GPG public key of the Linux-Mandrake Security Team at http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you. Linux-Mandrake 7.2: b18bdac08b3fa7055ff1d25d5bb3ddfb 7.2/RPMS/jpilot-0.98.1-7.1mdk.i586.rpm e52bf9543f756969e8fab8520e8156e8 7.2/RPMS/jpilot-plugin-devel-0.98.1-7.1mdk.i586.rpm 072404194e6a31fc8991fb8a98cf16d8 7.2/SRPMS/jpilot-0.98.1-7.1mdk.src.rpm ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Fvh *.rpm". You can download the updates directly from one of the mirror sites listed at: http://www.linux-mandrake.com/en/ftp.php3. Updated packages are available in the "updates/[ver]/RPMS/" directory. For example, if you are looking for an updated RPM package for Linux-Mandrake 7.2, look for it in "updates/7.2/RPMS/". Updated source RPMs are available as well, but you generally do not need to download them. Please be aware that sometimes it takes the mirrors a few hours to update. You can view other security advisories for Linux-Mandrake at: http://www.linux-mandrake.com/en/security/ If you want to report vulnerabilities, please contact security@linux-mandrake.com ________________________________________________________________________ Linux-Mandrake has two security-related mailing list services that anyone can subscribe to: security-announce@linux-mandrake.com Linux-Mandrake's security announcements mailing list. Only announcements are sent to this list and it is read-only. security-discuss@linux-mandrake.com Linux-Mandrake's security discussion mailing list. This list is open to anyone to discuss Linux-Mandrake security specifically and Linux security in general. To subscribe to either list, send a message to sympa@linux-mandrake.com with "subscribe [listname]" in the body of the message. To remove yourself from either list, send a message to sympa@linux-mandrake.com with "unsubscribe [listname]" in the body of the message. To get more information on either list, send a message to sympa@linux-mandrake.com with "info [listname]" in the body of the message. Optionally, you can use the web interface to subscribe to or unsubscribe from either list: http://www.linux-mandrake.com/en/flists.php3#security ________________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team |