Jump to content

Updated NetPBM Packages fix file bugs

mystified

By mystified
in Mandriva Security Advisories

 Share

Recommended Posts

mystified Platinum

mystified

Posted
Posted

Mandrakesoft Security Advisories

 

Package name netpbm

Date September 27th, 2004

Advisory ID MDKSA-2004:011-1

Affected versions 9.2, 10.0, MNF8.2, CS2.1

Synopsis Updated NetPBM packages fix a number of temporary file bugs.

 

 

Problem Description

 

A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities.

 

Update:

 

The patch applied made some calls to the mktemp utility with an incorrect parameter which prevented mktemp from creating temporary files in some scripts.

 

 

Updated Packages

 

 

Mandrakelinux 9.2

 

d0f1cce584ebd07a271a5d0293b89c39 9.2/RPMS/libnetpbm9-9.24-7.2.92mdk.i586.rpm

14896f0ced9d2fc43fb28861ca90c3a8 9.2/RPMS/libnetpbm9-devel-9.24-7.2.92mdk.i586.rpm

9cdec874ed8d385e71fcee4d34fac4e3 9.2/RPMS/libnetpbm9-static-devel-9.24-7.2.92mdk.i586.rpm

5e4cdad5770f15c402d78d98cd7da4c7 9.2/RPMS/netpbm-9.24-7.2.92mdk.i586.rpm

65bba0bffa3946b1979eb768fbd00da5 9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

4e2fd5df02fbfef8e5ec484be5d22622 amd64/9.2/RPMS/lib64netpbm9-9.24-7.2.92mdk.amd64.rpm

7d4123a267de978bf4322a8f6f2ecef9 amd64/9.2/RPMS/lib64netpbm9-devel-9.24-7.2.92mdk.amd64.rpm

af40bee2668388feb78ae030ad37d4a1 amd64/9.2/RPMS/lib64netpbm9-static-devel-9.24-7.2.92mdk.amd64.rpm

fb0a1ecc6d9794c07189e4eda5e75e03 amd64/9.2/RPMS/netpbm-9.24-7.2.92mdk.amd64.rpm

65bba0bffa3946b1979eb768fbd00da5 amd64/9.2/SRPMS/netpbm-9.24-7.2.92mdk.src.rpm

 

Mandrakelinux 10.0

 

937ca333666cb5758fa86990fb4145d5 10.0/RPMS/libnetpbm9-9.24-8.1.100mdk.i586.rpm

c48c94c4b6006788c8e97d03f0a2c315 10.0/RPMS/libnetpbm9-devel-9.24-8.1.100mdk.i586.rpm

01f917f9b4fd32f252641b87d25f455f 10.0/RPMS/libnetpbm9-static-devel-9.24-8.1.100mdk.i586.rpm

7d59875f1017a7cdc8f67be4c91a5c9b 10.0/RPMS/netpbm-9.24-8.1.100mdk.i586.rpm

2448d2f88564908846d222cee8613901 10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

3f52a5ec20f70d2d3707dca32a0367af amd64/10.0/RPMS/lib64netpbm9-9.24-8.1.100mdk.amd64.rpm

cac2d45fc30a3c6b0198ee0e39814602 amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.1.100mdk.amd64.rpm

f467ef407bfe3aac0c7da250b1c7b44f amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.1.100mdk.amd64.rpm

429293f713cf017a4307f0fbbd6f55e7 amd64/10.0/RPMS/netpbm-9.24-8.1.100mdk.amd64.rpm

2448d2f88564908846d222cee8613901 amd64/10.0/SRPMS/netpbm-9.24-8.1.100mdk.src.rpm

 

Multi Network Firewall 8.2

 

40d8884fc4d63ba064e5325d6e01352e mnf8.2/RPMS/libnetpbm9-9.20-2.3.M82mdk.i586.rpm

2006197d0c75b9a9e371a4068396043d mnf8.2/RPMS/netpbm-9.20-2.3.M82mdk.i586.rpm

0ea855945e99fd3f625b32a1393d8712 mnf8.2/SRPMS/netpbm-9.20-2.3.M82mdk.src.rpm

 

Corporate Server 2.1

 

88e8553960764a60c060673a8d61753d corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.i586.rpm

edf38be60b8aeb5d354b8a046c85026d corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.i586.rpm

9409a93ec5e8f87de5220304e3b0cc5d corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.i586.rpm

cd00f1dfc00f9c5dbf504d4170398cd6 corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.i586.rpm

20ec2e6d37a313d2fc7ecb8a572984de corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm

 

Corporate Server 2.1/X86_64

 

79e0e7aa77fd1badffef87c7302c9603 x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.3.C21mdk.x86_64.rpm

25f00ef0a339d778fca62d94a9e01912 x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.3.C21mdk.x86_64.rpm

2f9d8c68325d46eb0bca42793b22764f x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.3.C21mdk.x86_64.rpm

5fe14cbf7c5de9324f62731e52da11fa x86_64/corporate/2.1/RPMS/netpbm-9.24-4.3.C21mdk.x86_64.rpm

20ec2e6d37a313d2fc7ecb8a572984de x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.3.C21mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...