Senior Linux Administrator - Red Hat (IL) Next Step Systems US-IL-Chicago Post A Job | Post A Resume

Mandrakelinux Security Update Advisory

Package name: mpg123
Advisory ID: MDKSA-2004:100
Date: September 22nd, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1

Problem Description:

A vulnerability in mpg123 was discovered by Davide Del Vecchio where certain malicious mpg3/2 files would cause mpg123 to fail header checks, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123 (CAN-2004-0805).

As well, an older vulnerability in mpg123, where a response from a remote HTTP server could overflow a buffer allocated on the heap, is also fixed in these packages. This vulnerability could also potentially permit the execution of arbitray code with the privileges of the user running mpg123 (CAN-2003-0865).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0805

Updated Packages:

Mandrakelinux 10.0:
0b5270c11943064f9c0f7374f63cdc4c 10.0/RPMS/mpg123-0.59r-21.1.100mdk.i586.rpm
8661f67e88ebc2821d4c5e212236465d 10.0/SRPMS/mpg123-0.59r-21.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
f6e601b01a3c8b24279b3465e784829a amd64/10.0/RPMS/mpg123-0.59r-21.1.100mdk.amd64.rpm
8661f67e88ebc2821d4c5e212236465d amd64/10.0/SRPMS/mpg123-0.59r-21.1.100mdk.src.rpm

Corporate Server 2.1:
714d75b86c7a99c40f522cc45f69d136 corporate/2.1/RPMS/mpg123-0.59r-21.1.C21mdk.i586.rpm
cba666174f4117e7776c9baa04f8983a corporate/2.1/SRPMS/mpg123-0.59r-21.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
f7279fee83461fa06a9bbcc904b0ead2 x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.1.C21mdk.x86_64.rpm
cba666174f4117e7776c9baa04f8983a x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.1.C21mdk.src.rpm

Mandrakelinux 9.2:
afe98cf7c89affb136b7048b3f387583 9.2/RPMS/mpg123-0.59r-21.1.92mdk.i586.rpm
21a4273e29d60f0e79a5092b7713301b 9.2/SRPMS/mpg123-0.59r-21.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
590153b9ca949f851903d6010ced9ae8 amd64/9.2/RPMS/mpg123-0.59r-21.1.92mdk.amd64.rpm
21a4273e29d60f0e79a5092b7713301b amd64/9.2/SRPMS/mpg123-0.59r-21.1.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: webmin
Advisory ID: MDKSA-2004:101
Date: September 22nd, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1

Problem Description:

A vulnerability in webmin was discovered by Ludwig Nussel. A temporary directory was used in webmin, however it did not check for the previous owner of the directory. This could allow an attacker to create the directory and place dangerous symbolic links inside.

The updated packages are patched to prevent this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0559

Updated Packages:

Mandrakelinux 10.0:
4c78f3cf3d36b80fed1234e72226a69f 10.0/RPMS/webmin-1.121-4.2.100mdk.noarch.rpm
2327bc0de2f830f3116a63223e320faa 10.0/SRPMS/webmin-1.121-4.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
e8cb98e29077720f776eda0fd7cd4eef amd64/10.0/RPMS/webmin-1.121-4.2.100mdk.noarch.rpm
2327bc0de2f830f3116a63223e320faa amd64/10.0/SRPMS/webmin-1.121-4.2.100mdk.src.rpm

Corporate Server 2.1:
f02b795d532f968ff4649e9b8f356446 corporate/2.1/RPMS/webmin-0.990-6.4.C21mdk.noarch.rpm
8debafbca3a6c24bb29613dca0b5975e corporate/2.1/SRPMS/webmin-0.990-6.4.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
d044477e1a34708c3784230505adb112 x86_64/corporate/2.1/RPMS/webmin-0.990-6.4.C21mdk.noarch.rpm
8debafbca3a6c24bb29613dca0b5975e x86_64/corporate/2.1/SRPMS/webmin-0.990-6.4.C21mdk.src.rpm

Mandrakelinux 9.2:
e6229d8643b40a26f078df9a77586550 9.2/RPMS/webmin-1.100-3.2.92mdk.noarch.rpm
14f946037d3fae42cc4a9c12f60efa42 9.2/SRPMS/webmin-1.100-3.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
dd0de653be6ed73d6bd7a987fc67381c amd64/9.2/RPMS/webmin-1.100-3.2.92mdk.noarch.rpm
14f946037d3fae42cc4a9c12f60efa42 amd64/9.2/SRPMS/webmin-1.100-3.2.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: ImageMagick
Advisory ID: MDKSA-2004:102
Date: September 22nd, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1

Problem Description:

Several buffer overflow vulnerabilities in ImageMagick were discovered by Marcus Meissner from SUSE. These vulnerabilities would allow an attacker to create a malicious image or video file in AVI, BMP, or DIB formats which could crash the reading process. It may be possible to create malicious images that could also allow for the execution of arbitray code with the privileges of the invoking user or process.

The updated packages provided are patched to correct these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0827

Updated Packages:

Mandrakelinux 10.0:
e0d33be5141bfa0b6d013e22204419dd 10.0/RPMS/ImageMagick-5.5.7.15-6.1.100mdk.i586.rpm
826f4b832385039c1835dfd546e51e5d 10.0/RPMS/ImageMagick-doc-5.5.7.15-6.1.100mdk.i586.rpm
9499f47a8af648b0f96c620590d8e2f8 10.0/RPMS/libMagick5.5.7-5.5.7.15-6.1.100mdk.i586.rpm
3e4a3b0039d0d5f78064f0ba4c8c5388 10.0/RPMS/libMagick5.5.7-devel-5.5.7.15-6.1.100mdk.i586.rpm
b741e8cecbbd13bd15a54a396e59b914 10.0/RPMS/perl-Magick-5.5.7.15-6.1.100mdk.i586.rpm
0d11ea3ef8787c2b04f5b65ed3ccdbde 10.0/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
58ca93e0ef1c1e1d749a3047e292ee3c amd64/10.0/RPMS/ImageMagick-5.5.7.15-6.1.100mdk.amd64.rpm
8b60b43ba1fa7283799960c24804d3f9 amd64/10.0/RPMS/ImageMagick-doc-5.5.7.15-6.1.100mdk.amd64.rpm
464bd971bfd44076dfe29e59875b2bb4 amd64/10.0/RPMS/lib64Magick5.5.7-5.5.7.15-6.1.100mdk.amd64.rpm
17dd5dad3d9d5de56f88cdae6aadb14c amd64/10.0/RPMS/lib64Magick5.5.7-devel-5.5.7.15-6.1.100mdk.amd64.rpm
9d68bca88077c35abc41ec456b4a9526 amd64/10.0/RPMS/perl-Magick-5.5.7.15-6.1.100mdk.amd64.rpm
0d11ea3ef8787c2b04f5b65ed3ccdbde amd64/10.0/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm

Corporate Server 2.1:
6d439c325ad66f229149a0a4cb34d9d3 corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.1.C21mdk.i586.rpm
05f2891d63884af9bbab27b857a97cd9 corporate/2.1/RPMS/libMagick5-5.4.8.3-2.1.C21mdk.i586.rpm
e7ed78117793fb6694c472405937d737 corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.1.C21mdk.i586.rpm
45b737c64a896eebddaf83691b995479 corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.1.C21mdk.i586.rpm
6b931bb88f72a454a38f5ac45d6474c3 corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
8bf02e24638562da3db142666e60182c x86_64/corporate/2.1/RPMS/ImageMagick-5.4.8.3-2.1.C21mdk.x86_64.rpm
052c5e5f275cb21ce37bd7d6334d12d1 x86_64/corporate/2.1/RPMS/libMagick5-5.4.8.3-2.1.C21mdk.x86_64.rpm
984fdf326480ee7470c5f98b24baf07e x86_64/corporate/2.1/RPMS/libMagick5-devel-5.4.8.3-2.1.C21mdk.x86_64.rpm
8c16b6f7a2098b1aa03b74b2ea184922 x86_64/corporate/2.1/RPMS/perl-Magick-5.4.8.3-2.1.C21mdk.x86_64.rpm
6b931bb88f72a454a38f5ac45d6474c3 x86_64/corporate/2.1/SRPMS/ImageMagick-5.4.8.3-2.1.C21mdk.src.rpm

Mandrakelinux 9.2:
abbbed347fae9483f334737d1b9a1bbd 9.2/RPMS/ImageMagick-5.5.7.10-7.1.92mdk.i586.rpm
0de435dfd5a8ed03dc553bd5250a917d 9.2/RPMS/libMagick5.5.7-5.5.7.10-7.1.92mdk.i586.rpm
080f77b2b43fbfaad76ec90031e4f267 9.2/RPMS/libMagick5.5.7-devel-5.5.7.10-7.1.92mdk.i586.rpm
ffe89c240ee427f7059ea00a106bcb2b 9.2/RPMS/perl-Magick-5.5.7.10-7.1.92mdk.i586.rpm
0d11ea3ef8787c2b04f5b65ed3ccdbde 9.2/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm

Mandrakelinux 9.2/AMD64:
d0f05cf8b87697c22e4a745cfd7b619d amd64/9.2/RPMS/ImageMagick-5.5.7.10-7.1.92mdk.amd64.rpm
5fd03959e72c269e8c3bb946f808b08d amd64/9.2/RPMS/lib64Magick5.5.7-5.5.7.10-7.1.92mdk.amd64.rpm
1e579e8b745e89336d354602165511f5 amd64/9.2/RPMS/lib64Magick5.5.7-devel-5.5.7.10-7.1.92mdk.amd64.rpm
0d51cb15a1ea7ba74981a40722477118 amd64/9.2/RPMS/perl-Magick-5.5.7.10-7.1.92mdk.amd64.rpm
0d11ea3ef8787c2b04f5b65ed3ccdbde amd64/9.2/SRPMS/ImageMagick-5.5.7.15-6.1.100mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>