Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in wml
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in wml
ID: MDVSA-2008:076
Distribution: Mandriva
Plattformen: Mandriva 2007.1, Mandriva 2008.0
Datum: Mi, 26. März 2008, 21:56
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0666
Applikationen: Website META Language

Originalnachricht

This is a multi-part message in MIME format...

------------=_1206564985-11275-1762


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:076
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wml
Date : March 26, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________

Problem Description:

Two vulnerabilities were found in the Website META Language (WML)
package that allowed local users to overwrite arbitrary files via
symlink attacks.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0666
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
5236531d6397a276dbbdc13b118605db 2007.1/i586/wml-2.0.11-1.1mdv2007.1.i586.rpm

aa1c8ddcebacd87ab711f45b29297aff 2007.1/SRPMS/wml-2.0.11-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
b6cca9238f4c53141f18fa72302fe8fe
2007.1/x86_64/wml-2.0.11-1.1mdv2007.1.x86_64.rpm
aa1c8ddcebacd87ab711f45b29297aff 2007.1/SRPMS/wml-2.0.11-1.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
e25d594701c56bd51c8e648ebeac206b 2008.0/i586/wml-2.0.11-1.1mdv2008.0.i586.rpm

c34710838783e2d725ecf5fc99d24091 2008.0/SRPMS/wml-2.0.11-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
1e57a84169d7168bae4aff8bdc38f02e
2008.0/x86_64/wml-2.0.11-1.1mdv2008.0.x86_64.rpm
c34710838783e2d725ecf5fc99d24091 2008.0/SRPMS/wml-2.0.11-1.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFH6o0gmqjQ0CJFipgRArgjAJ4p41jCe2Y3Vk5VxS9wNoUXOs/LJgCffqoh
8TVcY+m67QHbXdSHB1nlh2Q=
=yda2
-----END PGP SIGNATURE-----


------------=_1206564985-11275-1762
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1206564985-11275-1762--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung