mystified Posted October 5, 2004 Report Share Posted October 5, 2004 Mandrakesoft Security Advisories Package name netpbm Date September 27th, 2004 Advisory ID MDKSA-2004:011-1 Affected versions 9.2, 10.0, MNF8.2, CS2.1 Synopsis Updated NetPBM packages fix a number of temporary file bugs. Problem Description A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. Update: The patch applied made some calls to the mktemp utility with an incorrect parameter which prevented mktemp from creating temporary files in some scripts. Updated Packages Mandrakelinux 9.2 d0f1cce584ebd07a271a5d0293b89c39 9.2/RPMS/libnetpbm9-9.24-7.2.92mdk.i586.rpm 14896f0ced9d2fc43fb28861ca90c3a8 9.2/RPMS/libnetpbm9-devel-9.24-7.2.92mdk.i586.rpm 9cdec874ed8d385e71fcee4d34fac4e3 9.2/RPMS/libnetpbm9-static-devel-9.24-7.2.92mdk.i586.rpm 5e4cdad5770f15c402d78d98cd7da4c7 9.2/RPMS/netpbm-9.24-7.2.92mdk.i586.rpm 65bba0bffa3946b1979eb768fbd00da5 9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm Mandrakelinux 9.2/AMD64 4e2fd5df02fbfef8e5ec484be5d22622 amd64/9.2/RPMS/lib64netpbm9-9.24-7.2.92mdk.amd64.rpm 7d4123a267de978bf4322a8f6f2ecef9 amd64/9.2/RPMS/lib64netpbm9-devel-9.24-7.2.92mdk.amd64.rpm af40bee2668388feb78ae030ad37d4a1 amd64/9.2/RPMS/lib64netpbm9-static-devel-9.24-7.2.92mdk.amd64.rpm fb0a1ecc6d9794c07189e4eda5e75e03 amd64/9.2/RPMS/netpbm-9.24-7.2.92mdk.amd64.rpm 65bba0bffa3946b1979eb768fbd00da5 amd64/9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm Mandrakelinux 10.0 937ca333666cb5758fa86990fb4145d5 10.0/RPMS/libnetpbm9-9.24-8.1.100mdk.i586.rpm c48c94c4b6006788c8e97d03f0a2c315 10.0/RPMS/libnetpbm9-devel-9.24-8.1.100mdk.i586.rpm 01f917f9b4fd32f252641b87d25f455f 10.0/RPMS/libnetpbm9-static-devel-9.24-8.1.100mdk.i586.rpm 7d59875f1017a7cdc8f67be4c91a5c9b 10.0/RPMS/netpbm-9.24-8.1.100mdk.i586.rpm 2448d2f88564908846d222cee8613901 10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 3f52a5ec20f70d2d3707dca32a0367af amd64/10.0/RPMS/lib64netpbm9-9.24-8.1.100mdk.amd64.rpm cac2d45fc30a3c6b0198ee0e39814602 amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.1.100mdk.amd64.rpm f467ef407bfe3aac0c7da250b1c7b44f amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.1.100mdk.amd64.rpm 429293f713cf017a4307f0fbbd6f55e7 amd64/10.0/RPMS/netpbm-9.24-8.1.100mdk.amd64.rpm 2448d2f88564908846d222cee8613901 amd64/10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm Multi Network Firewall 8.2 40d8884fc4d63ba064e5325d6e01352e mnf8.2/RPMS/libnetpbm9-9.20-2.3.M82mdk.i586.rpm 2006197d0c75b9a9e371a4068396043d mnf8.2/RPMS/netpbm-9.20-2.3.M82mdk.i586.rpm 0ea855945e99fd3f625b32a1393d8712 mnf8.2/SRPMS/netpbm-9.20-2.3.M82mdk.src.rpm Corporate Server 2.1 88e8553960764a60c060673a8d61753d corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.i586.rpm edf38be60b8aeb5d354b8a046c85026d corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.i586.rpm 9409a93ec5e8f87de5220304e3b0cc5d corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.i586.rpm cd00f1dfc00f9c5dbf504d4170398cd6 corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.i586.rpm 20ec2e6d37a313d2fc7ecb8a572984de corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm Corporate Server 2.1/X86_64 79e0e7aa77fd1badffef87c7302c9603 x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.x86_64.rpm 25f00ef0a339d778fca62d94a9e01912 x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.x86_64.rpm 2f9d8c68325d46eb0bca42793b22764f x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.x86_64.rpm 5fe14cbf7c5de9324f62731e52da11fa x86_64/corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.x86_64.rpm 20ec2e6d37a313d2fc7ecb8a572984de x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924 Upgrade To upgrade automatically, use MandrakeUpdate. Verification Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig package.rpm You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM. If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you. Link to comment Share on other sites More sharing options...
Recommended Posts