______________________________________________________________________ Mandrake Linux Update Advisory ______________________________________________________________________ Package name: drakconf Advisory ID: MDKA-2002:012 Date: October 10th, 2002 Affected versions: 9.0 ______________________________________________________________________ Problem Description: Errors were discovered in the Mandrake Control Center that prevents users using the nl_NL, sl, and zh_CN locales from starting the program. The error generated would be "cannot call set_active on undefined values" on line 423. This has been corrected in these new packages. ______________________________________________________________________ Updated Packages: Mandrake Linux 9.0: 375e58db17b6a684819c9e89c64860ef 9.0/RPMS/drakconf-9.0-6.1mdk.i586.rpm ab1a00bac53ccdecbfb198c0058510fa 9.0/SRPMS/drakconf-9.0-6.1mdk.src.rpm ______________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ______________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig <filename> You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security@linux-mandrake.com ______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security@linux-mandrake.com> ______________________________________________________________________ Mandrake Linux Security Update Advisory ______________________________________________________________________ Package name: tar Advisory ID: MDKSA-2002:066 Date: October 10th, 2002 Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 1.0.1, Single Network Firewall 7.2 ______________________________________________________________________ Problem Description: A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename. ______________________________________________________________________ References: http://online.securityfocus.com/archive/1/196445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0399 ______________________________________________________________________ Updated Packages: Linux-Mandrake 7.1: e38601b4cf24280c95110c2bb1295860 7.1/RPMS/tar-1.13.25-6.2mdk.i586.rpm 5adf700af4dbd0c483e2957a2006bbbe 7.1/SRPMS/tar-1.13.25-6.2mdk.src.rpm Linux-Mandrake 7.2: e38601b4cf24280c95110c2bb1295860 7.2/RPMS/tar-1.13.25-6.2mdk.i586.rpm 5adf700af4dbd0c483e2957a2006bbbe 7.2/SRPMS/tar-1.13.25-6.2mdk.src.rpm Mandrake Linux 8.0: af16a2a8baa2102e329a9544e5493ab6 8.0/RPMS/tar-1.13.25-6.2mdk.i586.rpm 5adf700af4dbd0c483e2957a2006bbbe 8.0/SRPMS/tar-1.13.25-6.2mdk.src.rpm Mandrake Linux 8.0/ppc: 538e014cf4eb5e88899627a4a7a481df ppc/8.0/RPMS/tar-1.13.25-6.2mdk.ppc.rpm 5adf700af4dbd0c483e2957a2006bbbe ppc/8.0/SRPMS/tar-1.13.25-6.2mdk.src.rpm Mandrake Linux 8.1: 271575323590cc758886bd0381d873c1 8.1/RPMS/tar-1.13.25-6.2mdk.i586.rpm 5adf700af4dbd0c483e2957a2006bbbe 8.1/SRPMS/tar-1.13.25-6.2mdk.src.rpm Mandrake Linux 8.1/ia64: e2e780f9f79e5584c53bcb0697a17e1b ia64/8.1/RPMS/tar-1.13.25-6.2mdk.ia64.rpm 5adf700af4dbd0c483e2957a2006bbbe ia64/8.1/SRPMS/tar-1.13.25-6.2mdk.src.rpm Mandrake Linux 8.2: b75828f0b5158a86477a044cc79b4de8 8.2/RPMS/tar-1.13.25-6.2mdk.i586.rpm 5adf700af4dbd0c483e2957a2006bbbe 8.2/SRPMS/tar-1.13.25-6.2mdk.src.rpm Mandrake Linux 8.2/ppc: c37e2b421019e126ac3a63ca7aa42cd6 ppc/8.2/RPMS/tar-1.13.25-6.2mdk.ppc.rpm 5adf700af4dbd0c483e2957a2006bbbe ppc/8.2/SRPMS/tar-1.13.25-6.2mdk.src.rpm Mandrake Linux 9.0: 6486eaafa407b7ee1938b0aa77fecb57 9.0/RPMS/tar-1.13.25-6.2mdk.i586.rpm 5adf700af4dbd0c483e2957a2006bbbe 9.0/SRPMS/tar-1.13.25-6.2mdk.src.rpm Corporate Server 1.0.1: e38601b4cf24280c95110c2bb1295860 1.0.1/RPMS/tar-1.13.25-6.2mdk.i586.rpm 5adf700af4dbd0c483e2957a2006bbbe 1.0.1/SRPMS/tar-1.13.25-6.2mdk.src.rpm Single Network Firewall 7.2: e38601b4cf24280c95110c2bb1295860 snf7.2/RPMS/tar-1.13.25-6.2mdk.i586.rpm 5adf700af4dbd0c483e2957a2006bbbe snf7.2/SRPMS/tar-1.13.25-6.2mdk.src.rpm ______________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ______________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig <filename> All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security@linux-mandrake.com ______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security@linux-mandrake.com> ______________________________________________________________________ Mandrake Linux Security Update Advisory ______________________________________________________________________ Package name: unzip Advisory ID: MDKSA-2002:065 Date: October 10th, 2002 Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 ______________________________________________________________________ Problem Description: A directory traversal vulnerability was discovered in unzip version 5.42 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename, as well as prefixing filenames in the archive with "/" (slash). ______________________________________________________________________ References: http://online.securityfocus.com/archive/1/196445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1269 ______________________________________________________________________ Updated Packages: Linux-Mandrake 7.1: ab909f58fa8b6cac86bfc95813035579 7.1/RPMS/unzip-5.50-2.1mdk.i586.rpm af61004cadf81c51aee95ceaa0f66d17 7.1/SRPMS/unzip-5.50-2.1mdk.src.rpm Linux-Mandrake 7.2: ab909f58fa8b6cac86bfc95813035579 7.2/RPMS/unzip-5.50-2.1mdk.i586.rpm af61004cadf81c51aee95ceaa0f66d17 7.2/SRPMS/unzip-5.50-2.1mdk.src.rpm Mandrake Linux 8.0: d70fef1d9a8c1ff7eccff62e283d1992 8.0/RPMS/unzip-5.50-2.1mdk.i586.rpm af61004cadf81c51aee95ceaa0f66d17 8.0/SRPMS/unzip-5.50-2.1mdk.src.rpm Mandrake Linux 8.0/ppc: 5e8d9366e92efd764e8f08f394b0fe60 ppc/8.0/RPMS/unzip-5.50-2.1mdk.ppc.rpm af61004cadf81c51aee95ceaa0f66d17 ppc/8.0/SRPMS/unzip-5.50-2.1mdk.src.rpm Mandrake Linux 8.1: 9c684644594628a09247ada42a566185 8.1/RPMS/unzip-5.50-2.1mdk.i586.rpm af61004cadf81c51aee95ceaa0f66d17 8.1/SRPMS/unzip-5.50-2.1mdk.src.rpm Mandrake Linux 8.1/ia64: 5effdffc706442ddd5ef933b139805bc ia64/8.1/RPMS/unzip-5.50-2.1mdk.ia64.rpm af61004cadf81c51aee95ceaa0f66d17 ia64/8.1/SRPMS/unzip-5.50-2.1mdk.src.rpm Mandrake Linux 8.2: 33bf02cef205d3b4d4e66c49618a67cf 8.2/RPMS/unzip-5.50-2.1mdk.i586.rpm af61004cadf81c51aee95ceaa0f66d17 8.2/SRPMS/unzip-5.50-2.1mdk.src.rpm Mandrake Linux 8.2/ppc: 0f1c77bf8ab5ef1399eb906c98e2b269 ppc/8.2/RPMS/unzip-5.50-2.1mdk.ppc.rpm af61004cadf81c51aee95ceaa0f66d17 ppc/8.2/SRPMS/unzip-5.50-2.1mdk.src.rpm Corporate Server 1.0.1: ab909f58fa8b6cac86bfc95813035579 1.0.1/RPMS/unzip-5.50-2.1mdk.i586.rpm af61004cadf81c51aee95ceaa0f66d17 1.0.1/SRPMS/unzip-5.50-2.1mdk.src.rpm Single Network Firewall 7.2: ab909f58fa8b6cac86bfc95813035579 snf7.2/RPMS/unzip-5.50-2.1mdk.i586.rpm af61004cadf81c51aee95ceaa0f66d17 snf7.2/SRPMS/unzip-5.50-2.1mdk.src.rpm ______________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ______________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig <filename> All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security@linux-mandrake.com ______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security@linux-mandrake.com>
Mandrake Linux Advisories: drakconf, tar, unzip
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis