---

Home Infrastructure

Linux-Mandrake Security Update Advisory: Package name: man

By

Date: Fri, 7 Jul 2000 09:41:01 -0600
From: Vincent Danen vdanen@MANDRAKESOFT.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [Security Announce] man update

Linux-Mandrake Security Update Advisory.

Date: July 7th, 2000

Package name: man

Affected versions: 6.0, 6.1, 7.0, 7.1

Problem: Internet Security Systems (ISS) X-Force has identified
a vulnerability in the makewhatis Bourne shell script that ships
with many Linux distributions. It is found in versions 1.5e and
higher of man, and handles temporary files insecurely. Local users
may gain a variety of privileges depending on the complexity of the
exploit. The mode of any file on the system can be changed to 0700.
Any file on the system may be created or overwritten as root. Local
users may also be able to read any system file by forcing a copy of
it into the whatis database.

Please upgrade to:

md5sum: f4f87cab84a716a2ccb8c74b3325c0c9
6.0/RPMS/man-1.5g-15mdk.i586.rpm
md5sum: 52d021732aa09d517eeff8b60d427a69
6.0/SRPMS/man-1.5g-15mdk.src.rpm
md5sum: 2b01457036a6813fa616adbca97fcb36
6.1/RPMS/man-1.5g-15mdk.i586.rpm
md5sum: 52d021732aa09d517eeff8b60d427a69
6.1/SRPMS/man-1.5g-15mdk.src.rpm
md5sum: ea883685faa409148f9b55c442a0438c
7.0/RPMS/man-1.5g-15mdk.i586.rpm
md5sum: 52d021732aa09d517eeff8b60d427a69
7.0/SRPMS/man-1.5g-15mdk.src.rpm
md5sum: fbc1b9e04d75f267650f291d99f467f1
7.1/RPMS/man-1.5g-15mdk.i586.rpm
md5sum: 52d021732aa09d517eeff8b60d427a69
7.1/SRPMS/man-1.5g-15mdk.src.rpm

To upgrade automatically, use « MandrakeUpdate ». If
you want to upgrade manually, download the updated package from one
of our FTP server mirrors and uprade with “rpm -Uvh package_name”.
All mirrors are listed on http://www.mandrake.com/en/ftp.php3.
Updated packages are available in the “updates/” directory.

For example, if you are looking for an updated RPM package for
Mandrake 7.1, look for it in: updates/7.1/RPMS/

Notes:

  • We give the md5 sum for each package. It lets you check the
    integrity of the downloaded package by running the md5sum command
    on the package (“md5sum package.rpm”).
  • You generally do not need to download the source package with a
    .src.rpm suffix
  • All the updated packages are listed on the website on http://www.linux-mandrake.com/en/fupdates.php3
  • To subscribe/unsubscribe from the “security-announce” list and
    subscribe/unsubscribe from the “security-discuss” list see:
    http://www.linux-mandrake.com/en/flists.php3#security

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.