Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, October 29, 2006

Oct 30, 2006, 05:30 (0 Talkback[s])

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200610-13

http://security.gentoo.org/


Severity: Normal
Title: Cheese Tracker: Buffer Overflow
Date: October 26, 2006
Bugs: #142391
ID: 200610-13


Synopsis

Cheese Tracker contains a buffer overflow allowing the remote execution of arbitrary code.

Background

Cheese Tracker is a Qt-based portable Impulse Tracker clone, a music tracker for the CT, IT, XM and S3M file formats.

Affected packages


     Package                    /  Vulnerable  /            Unaffected

  1  media-sound/cheesetracker     < 0.9.9-r1              >= 0.9.9-r1

Description

Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the
loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp.

Impact

An attacker could execute arbitrary code with the rights of the user running Cheese Tracker by enticing a user to load a crafted file with large amount of extra data.

Workaround

There is no known workaround at this time.

Resolution

All Cheese Tracker users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-sound/cheesetracker-0.9.9-r1"

References

[ 1 ] CVE-2006-3814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3814

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-13.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:188
http://www.mandriva.com/security/


Package : mono
Date : October 27, 2006
Affected: 2007.0


Problem Description:

Sebastian Krahmer of the SUSE security team found that the System.CodeDom.Compiler/ classes in mono used temporary files in an insecure way that could allow a symbolic link attack to overwrite arbitrary files with the privileges of the user running a program that made use of those classes.

Updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5072


Updated Packages:

Mandriva Linux 2007.0:
5c1d837109090a4c1495c4924f8fc925 2007.0/i586/jay-1.1.17.1-5.1mdv2007.0.i586.rpm
a486412b052a429ec5bd9ceaae114db4 2007.0/i586/libmono0-1.1.17.1-5.1mdv2007.0.i586.rpm
32768af3b25f2bb1776f9426775397e8 2007.0/i586/libmono0-devel-1.1.17.1-5.1mdv2007.0.i586.rpm
8b37c8f8df6f91ec2973008a816151ad 2007.0/i586/libmono-runtime-1.1.17.1-5.1mdv2007.0.i586.rpm
61cc4835ec672e4bd7f5af5a0c83061b 2007.0/i586/mono-1.1.17.1-5.1mdv2007.0.i586.rpm
9fbaac2bc86415d18065981d016e5368 2007.0/i586/mono-data-sqlite-1.1.17.1-5.1mdv2007.0.i586.rpm
b846f560465eb406bb8b9f7c441113a6 2007.0/i586/mono-doc-1.1.17.1-5.1mdv2007.0.i586.rpm
5bc45f12bb8976dd35175f89ab069b9e 2007.0/SRPMS/mono-1.1.17.1-5.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
0d563100452ae01ec8adf2b0f8051180 2007.0/x86_64/jay-1.1.17.1-5.1mdv2007.0.x86_64.rpm
f824b9c7a96c75957a4160c757ada097 2007.0/x86_64/lib64mono0-1.1.17.1-5.1mdv2007.0.x86_64.rpm
23ae0bb392d84c601828abf1f8e2c730 2007.0/x86_64/lib64mono0-devel-1.1.17.1-5.1mdv2007.0.x86_64.rpm
bee2f1bdf1ada1531e55d7e784fe97d2 2007.0/x86_64/libmono-runtime-1.1.17.1-5.1mdv2007.0.x86_64.rpm
c56e24acd959aa86d1849c8567d7a92e 2007.0/x86_64/mono-1.1.17.1-5.1mdv2007.0.x86_64.rpm
c09e6a39f294b2cf8847b7203d378c4f 2007.0/x86_64/mono-data-sqlite-1.1.17.1-5.1mdv2007.0.x86_64.rpm
609cf64204d1198f67253be5077f3a85 2007.0/x86_64/mono-doc-1.1.17.1-5.1mdv2007.0.x86_64.rpm
5bc45f12bb8976dd35175f89ab069b9e 2007.0/SRPMS/mono-1.1.17.1-5.1mdv2007.0.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


Mandriva Linux Security Advisory MDKSA-2006:189
http://www.mandriva.com/security/


Package : xsupplicant
Date : October 27, 2006
Affected: 2006.0, 2007.0


Problem Description:

Yannick Van Osselaer discovered a stack overflow in Xsupplicant, which could potentially be exploited by a remote, authenticated user to gain root priviledges. Additional code cleanups to fix potential memory leaks are also included.

Updated packages have been patched to correct this issue.


Updated Packages:

Mandriva Linux 2006.0:
d35f3cee0c66c5778acd39a64e46704a 2006.0/i586/xsupplicant-1.0.1-3.1.20060mdk.i586.rpm
3df3a3e96b0be68eda96dcffd557a014 2006.0/i586/xsupplicant-doc-1.0.1-3.1.20060mdk.i586.rpm
3685820c2527d4608a2fc1722eba6b63 2006.0/SRPMS/xsupplicant-1.0.1-3.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
d2e450ac1c2f4dac7968a08a8cb2f2c4 2006.0/x86_64/xsupplicant-1.0.1-3.1.20060mdk.x86_64.rpm
6027f2b00d4d2c966bcacbdd38a6895b 2006.0/x86_64/xsupplicant-doc-1.0.1-3.1.20060mdk.x86_64.rpm
3685820c2527d4608a2fc1722eba6b63 2006.0/SRPMS/xsupplicant-1.0.1-3.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
b122033612442db1eaf3795e74947a25 2007.0/i586/xsupplicant-1.2.6-1.1mdv2007.0.i586.rpm
5919e8bb474dea74a5b0e80746d3821c 2007.0/i586/xsupplicant-devel-1.2.6-1.1mdv2007.0.i586.rpm
2e890e6b58ab87e6104bbd2cbcfac297 2007.0/i586/xsupplicant-doc-1.2.6-1.1mdv2007.0.i586.rpm
b126177e58162c5bbeddda641d874423 2007.0/SRPMS/xsupplicant-1.2.6-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
46878703a426d4d5770c1572c397f54c 2007.0/x86_64/xsupplicant-1.2.6-1.1mdv2007.0.x86_64.rpm
bdc5f953605ab0404eb1075e0cb42ac6 2007.0/x86_64/xsupplicant-devel-1.2.6-1.1mdv2007.0.x86_64.rpm
3023ec5a0ee41f083c6372add22e8444 2007.0/x86_64/xsupplicant-doc-1.2.6-1.1mdv2007.0.x86_64.rpm
b126177e58162c5bbeddda641d874423 2007.0/SRPMS/xsupplicant-1.2.6-1.1mdv2007.0.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


Mandriva Linux Security Advisory MDKSA-2006:190
http://www.mandriva.com/security/


Package : mutt
Date : October 27, 2006
Affected: 2006.0, 2007.0, Corporate 3.0


Problem Description:

A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. (CVE-2006-5297)

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. (CVE-2006-5298)

Updated packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5298


Updated Packages:

Mandriva Linux 2006.0:
261e9e3555851ba4cc334f3bb06267d7 2006.0/i586/mutt-1.5.9i-9.2.20060mdk.i586.rpm
b313483f29ba39476e78cea797408eac 2006.0/i586/mutt-utf8-1.5.9i-9.2.20060mdk.i586.rpm
47d904f3fc3a0fa6bdaf85bf5fb94672 2006.0/SRPMS/mutt-1.5.9i-9.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
122a0f95939a3d4595e1d319bf009bfb 2006.0/x86_64/mutt-1.5.9i-9.2.20060mdk.x86_64.rpm
e51bb69c94c99c4e8c449d4ca0380468 2006.0/x86_64/mutt-utf8-1.5.9i-9.2.20060mdk.x86_64.rpm
47d904f3fc3a0fa6bdaf85bf5fb94672 2006.0/SRPMS/mutt-1.5.9i-9.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
be6f583809fb4508ddc48022aba020fe 2007.0/i586/mutt-1.5.11-5.1mdv2007.0.i586.rpm
d85e2389a6d1ff9823506355821cd276 2007.0/i586/mutt-utf8-1.5.11-5.1mdv2007.0.i586.rpm
b7254bd46750dcb9a5e5aac131bb9a2a 2007.0/SRPMS/mutt-1.5.11-5.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
affd060afcfedfedc233cf83b4df3f38 2007.0/x86_64/mutt-1.5.11-5.1mdv2007.0.x86_64.rpm
5c13b34493cbb85dff800bfc2fabfd8a 2007.0/x86_64/mutt-utf8-1.5.11-5.1mdv2007.0.x86_64.rpm
b7254bd46750dcb9a5e5aac131bb9a2a 2007.0/SRPMS/mutt-1.5.11-5.1mdv2007.0.src.rpm

Corporate 3.0:
2a9c81d26ccc33ea0044052e35ba88ec corporate/3.0/i586/mutt-1.5.5.1i-2.2.C30mdk.i586.rpm
3777210099ca87e13417169d286e558c corporate/3.0/i586/mutt-utf8-1.5.5.1i-2.2.C30mdk.i586.rpm
f3653a6b8156847e3d860638f70c12a6 corporate/3.0/SRPMS/mutt-1.5.5.1i-2.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
231d08a551dd833ce142ebcddd56778d corporate/3.0/x86_64/mutt-1.5.5.1i-2.2.C30mdk.x86_64.rpm
7a6a1046541dce5468360c0fdee6564e corporate/3.0/x86_64/mutt-utf8-1.5.5.1i-2.2.C30mdk.x86_64.rpm
f3653a6b8156847e3d860638f70c12a6 corporate/3.0/SRPMS/mutt-1.5.5.1i-2.2.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


Mandriva Linux Security Advisory MDKSA-2006:191
http://www.mandriva.com/security/


Package : screen
Date : October 27, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.

Updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573


Updated Packages:

Mandriva Linux 2006.0:
9e8eaea4477898e374bb25347282cfd1 2006.0/i586/screen-4.0.2-6.1.20060mdk.i586.rpm
eca09b0f931ca48e48ce41608a188e01 2006.0/SRPMS/screen-4.0.2-6.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c00635f995a854a72e8c372c8464d960 2006.0/x86_64/screen-4.0.2-6.1.20060mdk.x86_64.rpm
eca09b0f931ca48e48ce41608a188e01 2006.0/SRPMS/screen-4.0.2-6.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
945203a197c7e5517be01ee32e5eebcc 2007.0/i586/screen-4.0.2-9.1mdv2007.0.i586.rpm
4e8453bfc592055a3b62b1be19a564f9 2007.0/SRPMS/screen-4.0.2-9.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
e9ca78a213aa19bcc48546e06715e4be 2007.0/x86_64/screen-4.0.2-9.1mdv2007.0.x86_64.rpm
4e8453bfc592055a3b62b1be19a564f9 2007.0/SRPMS/screen-4.0.2-9.1mdv2007.0.src.rpm

Corporate 3.0:
7e82b9ca9f4cb7d36c3effff9f9a6c9b corporate/3.0/i586/screen-4.0.2-1.1.C30mdk.i586.rpm
8f03ad99709f5346b995492a749e4bfc corporate/3.0/SRPMS/screen-4.0.2-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
848ef4b41455884c8af2faaf8b3e415a corporate/3.0/x86_64/screen-4.0.2-1.1.C30mdk.x86_64.rpm
8f03ad99709f5346b995492a749e4bfc corporate/3.0/SRPMS/screen-4.0.2-1.1.C30mdk.src.rpm

Corporate 4.0:
b8291d07e76adc2dd872fc1456f63340 corporate/4.0/i586/screen-4.0.2-6.1.20060mlcs4.i586.rpm
a63794f38d2898c38f23b0d124baf649 corporate/4.0/SRPMS/screen-4.0.2-6.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
8597118cdb7fa7c052e8d190469d99cc corporate/4.0/x86_64/screen-4.0.2-6.1.20060mlcs4.x86_64.rpm
a63794f38d2898c38f23b0d124baf649 corporate/4.0/SRPMS/screen-4.0.2-6.1.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


Mandriva Linux Security Advisory MDKSA-2006:192
http://www.mandriva.com/security/


Package : ruby
Date : October 27, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption.

Updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467


Updated Packages:

Mandriva Linux 2006.0:
f0272f52ef6c1997871a8e6ec02e1bd7 2006.0/i586/ruby-1.8.2-7.4.20060mdk.i586.rpm
b7726c3839fdd0acc10108de90d188c3 2006.0/i586/ruby-devel-1.8.2-7.4.20060mdk.i586.rpm
d6eef115bcdc8eb7c35df35e7fc1ca66 2006.0/i586/ruby-doc-1.8.2-7.4.20060mdk.i586.rpm
8fc499b4fea37a0c3ff31bb2047d639b 2006.0/i586/ruby-tk-1.8.2-7.4.20060mdk.i586.rpm
3a57108ef04cb1efab8640dcb0029fb1 2006.0/SRPMS/ruby-1.8.2-7.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
cf8394aec203b6cb6bf0de061644887f 2006.0/x86_64/ruby-1.8.2-7.4.20060mdk.x86_64.rpm
285d54c1972ecd72f79a14608f3fa455 2006.0/x86_64/ruby-devel-1.8.2-7.4.20060mdk.x86_64.rpm
45f0e3385960d938e9cb13dd0752963e 2006.0/x86_64/ruby-doc-1.8.2-7.4.20060mdk.x86_64.rpm
685b25cd67aa74286cc96bb69eedae33 2006.0/x86_64/ruby-tk-1.8.2-7.4.20060mdk.x86_64.rpm
3a57108ef04cb1efab8640dcb0029fb1 2006.0/SRPMS/ruby-1.8.2-7.4.20060mdk.src.rpm

Mandriva Linux 2007.0:
f4c71e44767723c560f68611fd5ed40f 2007.0/i586/ruby-1.8.5-2.1mdv2007.0.i586.rpm
9774e776877853e9d8dac21a31ab916c 2007.0/i586/ruby-devel-1.8.5-2.1mdv2007.0.i586.rpm
445edc4e125317acbe21042ba4d81d65 2007.0/i586/ruby-doc-1.8.5-2.1mdv2007.0.i586.rpm
538123be42ba8395c10fbd3252605e50 2007.0/i586/ruby-tk-1.8.5-2.1mdv2007.0.i586.rpm
31e25bf195003a42cd27ff380c350be9 2007.0/SRPMS/ruby-1.8.5-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
b1377e678c818d27fa4f9894da35adb2 2007.0/x86_64/ruby-1.8.5-2.1mdv2007.0.x86_64.rpm
ef84cbd877282a57b86108acf87e1859 2007.0/x86_64/ruby-devel-1.8.5-2.1mdv2007.0.x86_64.rpm
828ade30bc1505a455f291efc110078c 2007.0/x86_64/ruby-doc-1.8.5-2.1mdv2007.0.x86_64.rpm
e5ac4f7397157fc126ae76af869b35e4 2007.0/x86_64/ruby-tk-1.8.5-2.1mdv2007.0.x86_64.rpm
31e25bf195003a42cd27ff380c350be9 2007.0/SRPMS/ruby-1.8.5-2.1mdv2007.0.src.rpm

Corporate 3.0:
062a53f26ee73b0e570dec87401bd37e corporate/3.0/i586/ruby-1.8.1-1.7.C30mdk.i586.rpm
abb7bbb216dd65e14756c3549053b404 corporate/3.0/i586/ruby-devel-1.8.1-1.7.C30mdk.i586.rpm
87ece8cd4f0ef4309fe8cca98423467a corporate/3.0/i586/ruby-doc-1.8.1-1.7.C30mdk.i586.rpm
cfca4b4b06d907d0fae324194a944add corporate/3.0/i586/ruby-tk-1.8.1-1.7.C30mdk.i586.rpm
75afbf41268564d47f5fc9df31f95ab6 corporate/3.0/SRPMS/ruby-1.8.1-1.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
5e80b3f821ccbbceaf650469c3a28c2c corporate/3.0/x86_64/ruby-1.8.1-1.7.C30mdk.x86_64.rpm
25b68104a5074ae948125ad78dbaaf1a corporate/3.0/x86_64/ruby-devel-1.8.1-1.7.C30mdk.x86_64.rpm
9e4938f74c6ea5a7198c281dbbecdf0a corporate/3.0/x86_64/ruby-doc-1.8.1-1.7.C30mdk.x86_64.rpm
4f1315fd9c95e5241e3978890a730bbe corporate/3.0/x86_64/ruby-tk-1.8.1-1.7.C30mdk.x86_64.rpm
75afbf41268564d47f5fc9df31f95ab6 corporate/3.0/SRPMS/ruby-1.8.1-1.7.C30mdk.src.rpm

Corporate 4.0:
ba740fba1e7362102a1ce5e19392bbca corporate/4.0/i586/ruby-1.8.2-7.4.20060mlcs4.i586.rpm
5e73abcddf887587d1e845be09f95c3e corporate/4.0/i586/ruby-devel-1.8.2-7.4.20060mlcs4.i586.rpm
f08a296b52bc64dfe626ca88718c0a8e corporate/4.0/i586/ruby-doc-1.8.2-7.4.20060mlcs4.i586.rpm
7faf87d0e62775fe46a3b9f05f677fb4 corporate/4.0/i586/ruby-tk-1.8.2-7.4.20060mlcs4.i586.rpm
2a7981a830a7a9384b5ed2a3272d9aaa corporate/4.0/SRPMS/ruby-1.8.2-7.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
05ecad036963dc16c0e5cd0bfb04efed corporate/4.0/x86_64/ruby-1.8.2-7.4.20060mlcs4.x86_64.rpm
71dd68f19989395dab35168a1338f25b corporate/4.0/x86_64/ruby-devel-1.8.2-7.4.20060mlcs4.x86_64.rpm
7199919374de62c24cb15cf879a88dbe corporate/4.0/x86_64/ruby-doc-1.8.2-7.4.20060mlcs4.x86_64.rpm
35f6c32ce1c9d93f36f60dae3a1f41d5 corporate/4.0/x86_64/ruby-tk-1.8.2-7.4.20060mlcs4.x86_64.rpm
2a7981a830a7a9384b5ed2a3272d9aaa corporate/4.0/SRPMS/ruby-1.8.2-7.4.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team