Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Mandrake Linux Advisories: cvs, screen

Dec 09, 2003, 16:52 (0 Talkback[s])

Mandrake Linux Security Update Advisory

Package name: cvs
Advisory ID: MDKSA-2003:112
Date: December 8th, 2003
Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1

Problem Description:

A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository.

Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions.

References:

http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1

Updated Packages:

Corporate Server 2.1:
3df2e61371a43ace630867b785bdd2c8 corporate/2.1/RPMS/cvs-1.11.10-0.1.C21mdk.i586.rpm
60da7875867b5162d6289124e20f56f3 corporate/2.1/SRPMS/cvs-1.11.10-0.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
2a052c43d454d6b5839c45106ebd78c6 x86_64/corporate/2.1/RPMS/cvs-1.11.10-0.1.C21mdk.x86_64.rpm
60da7875867b5162d6289124e20f56f3 x86_64/corporate/2.1/SRPMS/cvs-1.11.10-0.1.C21mdk.src.rpm

Mandrake Linux 9.0:
5806c1f58d1a4b50071c4e8eabf8ca70 9.0/RPMS/cvs-1.11.10-0.1.90mdk.i586.rpm 34d0619fb9a4b33bc267077ec53c4325 9.0/SRPMS/cvs-1.11.10-0.1.90mdk.src.rpm

Mandrake Linux 9.1:
09a0e4a98785f7c280721f8da9464d56 9.1/RPMS/cvs-1.11.10-0.1.91mdk.i586.rpm
bdc1ec67c325d52513e363a65d4966f4 9.1/SRPMS/cvs-1.11.10-0.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
a98001e93bb247876fb43da2b605bec6 ppc/9.1/RPMS/cvs-1.11.10-0.1.91mdk.ppc.rpm
bdc1ec67c325d52513e363a65d4966f4 ppc/9.1/SRPMS/cvs-1.11.10-0.1.91mdk.src.rpm

Mandrake Linux 9.2:
449dd893fe2f4be99720e6429291bcd9 9.2/RPMS/cvs-1.11.10-0.1.92mdk.i586.rpm
65182f4e05d59d8fc849e638b938cf25 9.2/SRPMS/cvs-1.11.10-0.1.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Mandrake Linux Security Update Advisory

Package name: screen
Advisory ID: MDKSA-2003:113
Date: December 8th, 2003
Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2

Problem Description:

A vulnerability was discovered and fixed in screen by Timo Sirainen who found an exploitable buffer overflow that allowed privilege escalation. This vulnerability also has the potential to allow attackers to gain control of another user's screen session. The ability to exploit is not trivial and requires approximately 2GB of data to be transferred in order to do so.

Updated packages are available that fix the vulnerability.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0972
http://marc.theaimsgroup.com/?l=bugtraq&m=106995837813873&w=2

Updated Packages:

Corporate Server 2.1:
757d420f6d823e26a487eff794490bbe corporate/2.1/RPMS/screen-3.9.11-4.1.C21mdk.i586.rpm
54336329e042b03ebca3c00ca0a1f0c3 corporate/2.1/SRPMS/screen-3.9.11-4.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
bf60dabe82228d7f879c1fa232df2e20 x86_64/corporate/2.1/RPMS/screen-3.9.11-4.1.C21mdk.x86_64.rpm
54336329e042b03ebca3c00ca0a1f0c3 x86_64/corporate/2.1/SRPMS/screen-3.9.11-4.1.C21mdk.src.rpm

Mandrake Linux 9.0:
2ed29228596116d87146cb2f1eb75ad3 9.0/RPMS/screen-3.9.11-4.1.90mdk.i586.rpm
db59e945ca7dabc7d81df3388566feb9 9.0/SRPMS/screen-3.9.11-4.1.90mdk.src.rpm

Mandrake Linux 9.1:
4d1ce0bb5f0b8335b9f3da4520280fdb 9.1/RPMS/screen-3.9.13-2.1.91mdk.i586.rpm
025da8fcc964f065afb0c51d2716d472 9.1/SRPMS/screen-3.9.13-2.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
b8570b8b63461c8f444dcdbe2c4f6e99 ppc/9.1/RPMS/screen-3.9.13-2.1.91mdk.ppc.rpm
025da8fcc964f065afb0c51d2716d472 ppc/9.1/SRPMS/screen-3.9.13-2.1.91mdk.src.rpm

Mandrake Linux 9.2:
656ca2f3bf4796052972997c214d7909 9.2/RPMS/screen-3.9.15-2.1.92mdk.i586.rpm
4d078d5d3b28c417a51e3a8bfe622f45 9.2/SRPMS/screen-3.9.15-2.1.92mdk.src.rpm

Multi Network Firewall 8.2:
c4b0b5a690692dac14eaeb8590fe2d8f mnf8.2/RPMS/screen-3.9.11-4.1.M82mdk.i586.rpm
9a363746316958e58a843f4d838b0cf0 mnf8.2/SRPMS/screen-3.9.11-4.1.M82mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>