Date: 28 Sep 2004 06:41:40 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:011-1 - Updated NetPBM packages fix a number of temporary file bugs.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: netpbm
Advisory ID: MDKSA-2004:011-1
Date: September 27th, 2004
Original Advisory Date: February 11th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A number of temporary file bugs have been found in versions of NetPBM.
These could allow a local user the ability to overwrite or create
files as a different user who happens to run one of the the vulnerable
utilities.
Update:
The patch applied made some calls to the mktemp utility with an
incorrect parameter which prevented mktemp from creating temporary
files in some scripts.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
937ca333666cb5758fa86990fb4145d5 10.0/RPMS/libnetpbm9-9.24-8.1.100mdk.i586.rpm
c48c94c4b6006788c8e97d03f0a2c315 10.0/RPMS/libnetpbm9-devel-9.24-8.1.100mdk.i586.rpm
01f917f9b4fd32f252641b87d25f455f 10.0/RPMS/libnetpbm9-static-devel-9.24-8.1.100mdk.i586.rpm
7d59875f1017a7cdc8f67be4c91a5c9b 10.0/RPMS/netpbm-9.24-8.1.100mdk.i586.rpm
2448d2f88564908846d222cee8613901 10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
3f52a5ec20f70d2d3707dca32a0367af amd64/10.0/RPMS/lib64netpbm9-9.24-8.1.100mdk.amd64.rpm
cac2d45fc30a3c6b0198ee0e39814602 amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.1.100mdk.amd64.rpm
f467ef407bfe3aac0c7da250b1c7b44f amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.1.100mdk.amd64.rpm
429293f713cf017a4307f0fbbd6f55e7 amd64/10.0/RPMS/netpbm-9.24-8.1.100mdk.amd64.rpm
2448d2f88564908846d222cee8613901 amd64/10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm
Corporate Server 2.1:
88e8553960764a60c060673a8d61753d corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.i586.rpm
edf38be60b8aeb5d354b8a046c85026d corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.i586.rpm
9409a93ec5e8f87de5220304e3b0cc5d corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.i586.rpm
cd00f1dfc00f9c5dbf504d4170398cd6 corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.i586.rpm
20ec2e6d37a313d2fc7ecb8a572984de corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
79e0e7aa77fd1badffef87c7302c9603 x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.x86_64.rpm
25f00ef0a339d778fca62d94a9e01912 x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.x86_64.rpm
2f9d8c68325d46eb0bca42793b22764f x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.x86_64.rpm
5fe14cbf7c5de9324f62731e52da11fa x86_64/corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.x86_64.rpm
20ec2e6d37a313d2fc7ecb8a572984de x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm
Mandrakelinux 9.2:
d0f1cce584ebd07a271a5d0293b89c39 9.2/RPMS/libnetpbm9-9.24-7.2.92mdk.i586.rpm
14896f0ced9d2fc43fb28861ca90c3a8 9.2/RPMS/libnetpbm9-devel-9.24-7.2.92mdk.i586.rpm
9cdec874ed8d385e71fcee4d34fac4e3 9.2/RPMS/libnetpbm9-static-devel-9.24-7.2.92mdk.i586.rpm
5e4cdad5770f15c402d78d98cd7da4c7 9.2/RPMS/netpbm-9.24-7.2.92mdk.i586.rpm
65bba0bffa3946b1979eb768fbd00da5 9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
4e2fd5df02fbfef8e5ec484be5d22622 amd64/9.2/RPMS/lib64netpbm9-9.24-7.2.92mdk.amd64.rpm
7d4123a267de978bf4322a8f6f2ecef9 amd64/9.2/RPMS/lib64netpbm9-devel-9.24-7.2.92mdk.amd64.rpm
af40bee2668388feb78ae030ad37d4a1 amd64/9.2/RPMS/lib64netpbm9-static-devel-9.24-7.2.92mdk.amd64.rpm
fb0a1ecc6d9794c07189e4eda5e75e03 amd64/9.2/RPMS/netpbm-9.24-7.2.92mdk.amd64.rpm
65bba0bffa3946b1979eb768fbd00da5 amd64/9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm
Multi Network Firewall 8.2:
40d8884fc4d63ba064e5325d6e01352e mnf8.2/RPMS/libnetpbm9-9.20-2.3.M82mdk.i586.rpm
2006197d0c75b9a9e371a4068396043d mnf8.2/RPMS/netpbm-9.20-2.3.M82mdk.i586.rpm
0ea855945e99fd3f625b32a1393d8712 mnf8.2/SRPMS/netpbm-9.20-2.3.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBWQekmqjQ0CJFipgRAgqFAJ9M7fvAIcSch5wUoIobxEBWGS+QwQCfcSRX
T4CjCEeueloLNIP6kj3Tzks=
=yJz/
-----END PGP SIGNATURE-----