Date: Fri, 7 Jul 2000 09:41:01 -0600
From: Vincent Danen vdanen@MANDRAKESOFT.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [Security Announce] man update
Linux-Mandrake Security Update Advisory.
Date: July 7th, 2000
Package name: man
Affected versions: 6.0, 6.1, 7.0, 7.1
Problem: Internet Security Systems (ISS) X-Force has identified
a vulnerability in the makewhatis Bourne shell script that ships
with many Linux distributions. It is found in versions 1.5e and
higher of man, and handles temporary files insecurely. Local users
may gain a variety of privileges depending on the complexity of the
exploit. The mode of any file on the system can be changed to 0700.
Any file on the system may be created or overwritten as root. Local
users may also be able to read any system file by forcing a copy of
it into the whatis database.
Please upgrade to:
md5sum: f4f87cab84a716a2ccb8c74b3325c0c9
6.0/RPMS/man-1.5g-15mdk.i586.rpm
md5sum: 52d021732aa09d517eeff8b60d427a69
6.0/SRPMS/man-1.5g-15mdk.src.rpm
md5sum: 2b01457036a6813fa616adbca97fcb36
6.1/RPMS/man-1.5g-15mdk.i586.rpm
md5sum: 52d021732aa09d517eeff8b60d427a69
6.1/SRPMS/man-1.5g-15mdk.src.rpm
md5sum: ea883685faa409148f9b55c442a0438c
7.0/RPMS/man-1.5g-15mdk.i586.rpm
md5sum: 52d021732aa09d517eeff8b60d427a69
7.0/SRPMS/man-1.5g-15mdk.src.rpm
md5sum: fbc1b9e04d75f267650f291d99f467f1
7.1/RPMS/man-1.5g-15mdk.i586.rpm
md5sum: 52d021732aa09d517eeff8b60d427a69
7.1/SRPMS/man-1.5g-15mdk.src.rpm
To upgrade automatically, use « MandrakeUpdate ». If
you want to upgrade manually, download the updated package from one
of our FTP server mirrors and uprade with “rpm -Uvh package_name”.
All mirrors are listed on http://www.mandrake.com/en/ftp.php3.
Updated packages are available in the “updates/” directory.
For example, if you are looking for an updated RPM package for
Mandrake 7.1, look for it in: updates/7.1/RPMS/
Notes:
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.