dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Mandrake Linux Security Advisories: OpenDX, totem, SnortSnarf, fileutils/coreutils

Nov 13, 2003, 01:55 (0 Talkback[s])

Mandrake Linux Update Advisory


Package name: OpenDX
Advisory ID: MDKA-2003:024
Date: November 12th, 2003
Affected versions: 9.2

Problem Description:

A bug in OpenDX was fixed that prevented dx from starting properly due to an improper path for the dxexec executable.


Updated Packages:

Mandrake Linux 9.2:
2ae36a3d57b60eb20f6e94773bcb44a3 9.2/RPMS/OpenDX-4.3.0-3.1.92mdk.i586.rpm
019731703d9fe99cdf18155e250c8fbb 9.2/RPMS/OpenDX-devel-4.3.0-3.1.92mdk.i586.rpm
9c226ef369a5c0f3c34d42851428f183 9.2/SRPMS/OpenDX-4.3.0-3.1.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Mandrake Linux Update Advisory


Package name: totem
Advisory ID: MDKA-2003:025
Date: November 12th, 2003
Affected versions: 9.2

Problem Description:

A bug was found in totem that would cause it to crash when attempting to retrieve CDDB information when playing an audio CD and the network blocks CDDB access. This problem has been fixed with these updated packages.


Updated Packages:

Mandrake Linux 9.2:
87fa7a1a2ae8f89fa33c1d295ff44fe6 9.2/RPMS/totem-0.99.4-4.1.92mdk.i586.rpm
01df09905892a7fa6f95241467150547 9.2/SRPMS/totem-0.99.4-4.1.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Mandrake Linux Update Advisory


Package name: SnortSnarf
Advisory ID: MDKA-2003:026
Date: November 12th, 2003
Affected versions: 9.2

Problem Description:

Problems with the dependencies of the SnortSnarf package prevented it from being installable. This update fixes those dependency issues so that you can now install the package.


Updated Packages:

Mandrake Linux 9.2:
451eaa7affe7406029ac972453867f5a 9.2/RPMS/SnortSnarf-020516.1-3.1.92mdk.noarch.rpm
fe9efd7f9f435edf800cb4ed48b98573 9.2/SRPMS/SnortSnarf-020516.1-3.1.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>

Mandrake Linux Security Update Advisory


Package name: fileutils/coreutils
Advisory ID: MDKSA-2003:106
Date: November 12th, 2003
Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2

Problem Description:

A memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux).

Likewise, a non-exploitable integer overflow problem was discovered in ls, which can be used to crash ls by specifying certain command-line arguments. This can also be triggered via remotely accessible services such as wu-ftpd.

The provided packages include a patched ls to fix these problems.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854


Updated Packages:

Corporate Server 2.1:
be970695fbd846472dd40b008f0b5274 corporate/2.1/RPMS/fileutils-4.1.11-6.1.C21mdk.i586.rpm
755655b2a0d372db45ef572c94c50cea corporate/2.1/SRPMS/fileutils-4.1.11-6.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
5f0423cafb85f403e452bcbb07b97939 x86_64/corporate/2.1/RPMS/fileutils-4.1.11-6.1.C21mdk.x86_64.rpm
755655b2a0d372db45ef572c94c50cea x86_64/corporate/2.1/SRPMS/fileutils-4.1.11-6.1.C21mdk.src.rpm

Mandrake Linux 9.0:
4430a81aede9dd918a9a96e1a4af0b1b 9.0/RPMS/fileutils-4.1.11-6.1.90mdk.i586.rpm
a736eb75b14966d35195b6d5196c1be3 9.0/SRPMS/fileutils-4.1.11-6.1.90mdk.src.rpm

Mandrake Linux 9.1:
05770c5811e1004eb6f66b3bf4d1b7f2 9.1/RPMS/coreutils-4.5.7-1.1.91mdk.i586.rpm
36465c666100e890d721d44e4fc858a1 9.1/RPMS/coreutils-doc-4.5.7-1.1.91mdk.i586.rpm
da9f5e3a516440e5e0cebc013025b625 9.1/SRPMS/coreutils-4.5.7-1.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
d47798f3066dff738cd24497b2c10981 ppc/9.1/RPMS/coreutils-4.5.7-1.1.91mdk.ppc.rpm
b363a38d0c1b3497bdc275b52704e51b ppc/9.1/RPMS/coreutils-doc-4.5.7-1.1.91mdk.ppc.rpm
da9f5e3a516440e5e0cebc013025b625 ppc/9.1/SRPMS/coreutils-4.5.7-1.1.91mdk.src.rpm

Mandrake Linux 9.2:
587ee8916dd706159b5493efab81d42c 9.2/RPMS/coreutils-5.0-6.1.92mdk.i586.rpm
43d4d0f6a4d23ccd46185463dd9b81f8 9.2/RPMS/coreutils-doc-5.0-6.1.92mdk.i586.rpm
29080c00ef5c478f4d544de55d60c486 9.2/SRPMS/coreutils-5.0-6.1.92mdk.src.rpm

Multi Network Firewall 8.2:
b117277bbd61ad6d9a87d3c8fc675811 mnf8.2/RPMS/fileutils-4.1.5-4.2.M82mdk.i586.rpm
ba3dea1c45822fa314e0c23be2474ee9 mnf8.2/SRPMS/fileutils-4.1.5-4.2.M82mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>