Full Disclosure mailing list archives

MDKSA-2005:097 - Updated a2ps packages fix temporary file vulnerabilities

From: Mandriva Security Team <security () mandriva com>
Date: Tue, 07 Jun 2005 15:04:09 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           a2ps
 Advisory ID:            MDKSA-2005:097
 Date:                   June 7th, 2005

 Affected versions:      10.1, 10.2, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 The fixps and psmandup scripts, part of the a2ps package, are
 vulnerable to symlink attacks which could allow a local attacker to
 overwrite arbitrary files.  The updated packages have been patched to
 correct the problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1377
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 938d5b703cbeb762efd5619880208497  10.1/RPMS/a2ps-4.13b-5.2.101mdk.i586.rpm
 e0e7a61ec86b0af969cbe60008e6830f  10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.i586.rpm
 fce5b28393e1c8da6e0ea1ebdb1a2de6  10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.i586.rpm
 05f8fdc46bded4e920c709a781c98550  10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 fc1fd3817e4f41ea41758a3ac53e86cd  x86_64/10.1/RPMS/a2ps-4.13b-5.2.101mdk.x86_64.rpm
 84541cd7d841c64ceccb89f2a413d450  x86_64/10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.x86_64.rpm
 acf595ef3b6f3d2a79204feec3e34208  x86_64/10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.x86_64.rpm
 05f8fdc46bded4e920c709a781c98550  x86_64/10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 47722386507aa7fb8c4ddbbbbcc4a20c  10.2/RPMS/a2ps-4.13b-6.1.102mdk.i586.rpm
 190e48d0b4143ac0ad911482e0b0151f  10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.i586.rpm
 4d3d6cbd4ad35999c9bff1f61f890778  10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.i586.rpm
 52a665ac72fec5e99b3e1412e6470063  10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 37135cc64ba189c769851ba678532576  x86_64/10.2/RPMS/a2ps-4.13b-6.1.102mdk.x86_64.rpm
 6f4cbd5624aac20e99703072131538c7  x86_64/10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.x86_64.rpm
 4314538dcbb211c28f32abc64d9e3de8  x86_64/10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.x86_64.rpm
 52a665ac72fec5e99b3e1412e6470063  x86_64/10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm

 Corporate Server 2.1:
 65a7ea65f589533d0aca00a6a37760ff  corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.i586.rpm
 45c465fc3e2165e6681cccda909fb91f  corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.i586.rpm
 273f20da1e895043ee719b964b7d2b55  corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.i586.rpm
 58e6bdd04f757728aa63089f8b4249ac  corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d5cc8c0304f537acd89c575c7124a6c0  x86_64/corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.x86_64.rpm
 ee85486832fbdf9873c3acfa8b73bafe  x86_64/corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.x86_64.rpm
 84c3ca054e874346bc55daeb5fea0f9f  x86_64/corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.x86_64.rpm
 58e6bdd04f757728aa63089f8b4249ac  x86_64/corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm

 Corporate 3.0:
 859d494306ae1dca81186e2fe99b9a96  corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.i586.rpm
 9bd2c39d7495f18412fcd0a1412f1169  corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.i586.rpm
 68be9c1420f80da9047bf2c7f41e861c  corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.i586.rpm
 daba71e7aa523a71040a54e841bf9300  corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3d2e4b184d3ff5f19d5ce48762b25c41  x86_64/corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.x86_64.rpm
 7edb5fa8542f0a8216e2670a668aaf04  x86_64/corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.x86_64.rpm
 aebaa6e7473f6fa84bd973df34ef3b96  x86_64/corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.x86_64.rpm
 daba71e7aa523a71040a54e841bf9300  x86_64/corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCpgvJmqjQ0CJFipgRAheSAJ9orZvyngdNmOlbIwh4uRPqQi8tMACgmJxw
EiHp0Bt4ppEs0n/AGblpMuc=
=t8PQ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:

MDKSA-2005:097 - Updated a2ps packages fix temporary file vulnerabilities Mandriva Security Team (Jun 07)