Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Mandrake Linux Advisories: ypserv, xpdf

Jun 27, 2003, 18:55 (0 Talkback[s])

Mandrake Linux Security Update Advisory


Package name: ypserv
Advisory ID: MDKSA-2003:072
Date: June 27th, 2003
Affected versions: 8.2, 9.0, Corporate Server 2.1

Problem Description:

A vulnerability was found in versions of ypserv prior to version 2.7. If a malicious client were to query ypserv via TCP and subsequently ignore the server's response, ypserv will block attempting to send the reply. The result is that ypserv will fail to respond to other client requests. ypserv 2.7 and above have been altered to fork a child for each client request, which prevents any one request from causing the server to block.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0251 http://www.linux-nis.org/nis/ypserv/ChangeLog


Updated Packages:

Corporate Server 2.1:
be3c830d0e8d0064cf90cb09004c5a85 corporate/2.1/RPMS/ypserv-2.8-1.1mdk.i586.rpm f552ee4c593c22ce072697525e3f4bc8 corporate/2.1/SRPMS/ypserv-2.8-1.1mdk.src.rpm

Mandrake Linux 8.2:
052f5c4709db478e7cfb3116a11c1a7d 8.2/RPMS/ypserv-2.8-1.1mdk.i586.rpm
f552ee4c593c22ce072697525e3f4bc8 8.2/SRPMS/ypserv-2.8-1.1mdk.src.rpm

Mandrake Linux 8.2/PPC:
7e64df237654d9c2c2641c4bd4c9b697 ppc/8.2/RPMS/ypserv-2.8-1.1mdk.ppc.rpm
f552ee4c593c22ce072697525e3f4bc8 ppc/8.2/SRPMS/ypserv-2.8-1.1mdk.src.rpm

Mandrake Lin
ux 9.0:
be3c830d0e8d0064cf90cb09004c5a85 9.0/RPMS/ypserv-2.8-1.1mdk.i586.rpm
f552ee4c593c22ce072697525e3f4bc8 9.0/SRPMS/ypserv-2.8-1.1mdk.src.rpm


Bug IDs fixed (see https://qa.mandrakesoft.com for more information):


To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

rpm --checksig <filename>

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

<security linux-mandrake.com>


Mandrake Linux Security Update Advisory


Package name: xpdf
Advisory ID: MDKSA-2003:071
Date: June 27th, 2003
Affected versions: 9.0, 9.1, Corporate Server 2.1

Problem Description:

Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0434


Updated Packages:

Corporate Server 2.1:
722121c3cef917ee6b8ce51f3754200c corporate/2.1/RPMS/xpdf-1.01-4.2mdk.i586.rpm
e80ab78011d0f8f79cb3f03bc092ec4b corporate/2.1/SRPMS/xpdf-1.01-4.2mdk.src.rpm

Mandrake Linux 9.0:
722121c3cef917ee6b8ce51f3754200c 9.0/RPMS/xpdf-1.01-4.2mdk.i586.rpm
e80ab78011d0f8f79cb3f03bc092ec4b 9.0/SRPMS/xpdf-1.01-4.2mdk.src.rpm

Mandrake Linux 9.1:
c83e631cfa8b43fed2e9553b305eea23 9.1/RPMS/xpdf-2.01-2.1mdk.i586.rpm
f3c1d8c4de62fde4522403ef347fb0f2 9.1/SRPMS/xpdf-2.01-2.1mdk.src.rpm

Mandrake Linux 9.1/PPC:
bc5f7bbe9fa58f336bb54ad9b0b17bc9 ppc/9.1/RPMS/xpdf-2.01-2.1mdk.ppc.rpm
f3c1d8c4de62fde4522403ef347fb0f2 ppc/9.1/SRPMS/xpdf-2.01-2.1mdk.src.rpm


Bug IDs fixed (see https://qa.mandrakesoft.com for more information):


To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

rpm --checksig <filename>

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

<security linux-mandrake.com>