Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Mandrakelinux Advisories: mailman, kolab-server

May 28, 2004, 00:14 (0 Talkback[s])

Mandrakelinux Security Update Advisory


Package name: mailman
Advisory ID: MDKSA-2004:051
Date: May 26th, 2004
Affected versions: 10.0, 9.2


Problem Description:

Mailman versions >= 2.1 have an issue where 3rd parties can retrieve member passwords from the server. The updated packages have a patch backported from 2.1.5 to correct the issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412


Updated Packages:

Mandrakelinux 10.0:
821d8d83fecdba5067096d112fae2d56 10.0/RPMS/mailman-2.1.4-2.1.100mdk.i586.rpm
982a417f19324d496524c5ed2c970cb8 10.0/SRPMS/mailman-2.1.4-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
9113b0197b00ebc71c617876bf5cb070 amd64/10.0/RPMS/mailman-2.1.4-2.1.100mdk.amd64.rpm
982a417f19324d496524c5ed2c970cb8 amd64/10.0/SRPMS/mailman-2.1.4-2.1.100mdk.src.rpm

Mandrakelinux 9.2:
173edae7feeebe6830154148ff7edc9a 9.2/RPMS/mailman-2.1.2-9.4.92mdk.i586.rpm
05b5f64a88d3aac6c52dae2360659845 9.2/SRPMS/mailman-2.1.2-9.4.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
75f104ecd6bc2152c69e19bfddf38d13 amd64/9.2/RPMS/mailman-2.1.2-9.4.92mdk.amd64.rpm
05b5f64a88d3aac6c52dae2360659845 amd64/9.2/SRPMS/mailman-2.1.2-9.4.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com


Mandrakelinux Security Update Advisory


Package name: kolab-server
Advisory ID: MDKSA-2004:052
Date: May 26th, 2004
Affected versions: 10.0


Problem Description:

Luca Villani reported the disclosure of critical configuration information within Kolab, the KDE Groupware server. The affected versions store OpenLDAP passwords in plain text. The heart of Kolab is an engine written in Perl that rewrites configuration for certain applications based on templates. The build() function in the engine left slapd.conf world-readable exhibiting the OpenLDAP root password.


References:

http://www.kolab.org/pipermail/kolab-users/2004-April/000215.html


Updated Packages:

Mandrakelinux 10.0:
cc7b01619905b25dbbd3ae6c51ed05fd 10.0/RPMS/kolab-server-1.0-0.23.100mdk.i586.rpm
085c3f72bad177369279ce71e47a90c8 10.0/SRPMS/kolab-server-1.0-0.23.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
7e3bce42c30cc11a6bc71ac39296a197 amd64/10.0/RPMS/kolab-server-1.0-0.23.100mdk.amd64.rpm
085c3f72bad177369279ce71e47a90c8 amd64/10.0/SRPMS/kolab-server-1.0-0.23.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>