---

Mandrake Linux Advisories: devfsd, drakxtools, openldap


______________________________________________________________________
                     Mandrake Linux Update Advisory
______________________________________________________________________
Package name:           devfsd
Advisory ID:            MDKA-2003:007
Date:                   May 1st, 2003
Affected versions:      9.1
______________________________________________________________________
Problem Description:
 A problem in devfsd as released with Mandrake Linux 9.1 allowed users
 to mount filesystems from rd raid disks, but prevented them from
 regenerating the LILO mbr.  Devfsd provides compatibility links on
 the devfs filesystem for new device names, and for /dev/rd/* devices,
 it provided partition links and whole disk links.  The latter were
 broken, but not the former.  Because of this, mounting would work
 because the filesystem links were correct, but running lilo would fail
 because the disk links were broken.
 
 This new devfsd corrects the problem, however users will have to
 manually remove the broken links otherwise devfsd will "remember"
 the old, broken links.  To do this, execute, as root:
 
   rm -rf /lib/dev-state/rd
 
 This update also fixes /dev/hd not appearing for root on the first
 login, and also a minilogd/initlog deadlock that sometimes appears
 during the bootstrap.  The /dev/log entry is created by the log
 daemon, but devfsd may restore it on bootup making minilogd believe
 that the log daemon is up and running when in fact it is not.
 
 Updated initscripts packages also help with the minilogd/initlog
 deadlock issue.
______________________________________________________________________
References:
______________________________________________________________________
Updated Packages:
  
 Mandrake Linux 9.1:
 10aca835637aed13732625dd82270221  9.1/RPMS/devfsd-1.3.25-27.1mdk.i586.rpm
 f5f446311413d3fca308514c5a1ad5f8  9.1/RPMS/initscripts-7.06-12.1mdk.i586.rpm
 f227d69f2493200d12ccee3d0738dae9  9.1/SRPMS/devfsd-1.3.25-27.1mdk.src.rpm
 90f61964ae72b08870cb1bc530d87522  9.1/SRPMS/initscripts-7.06-12.1mdk.src.rpm
 Mandrake Linux 9.1/PPC:
 4da9a69fcf7cd4540e39dcf8eb0703d5  ppc/9.1/RPMS/devfsd-1.3.25-27.1mdk.ppc.rpm
 b21ee7f5f5b033563178e371176c8797  ppc/9.1/RPMS/initscripts-7.06-12.1mdk.ppc.rpm
 f227d69f2493200d12ccee3d0738dae9  ppc/9.1/SRPMS/devfsd-1.3.25-27.1mdk.src.rpm
 90f61964ae72b08870cb1bc530d87522  ppc/9.1/SRPMS/initscripts-7.06-12.1mdk.src.rpm
______________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
______________________________________________________________________
To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:
  http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig <filename>
All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:
  https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
  http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:
  http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
  security_linux-mandrake.com
Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
______________________________________________________________________
                     Mandrake Linux Update Advisory
______________________________________________________________________
Package name:           drakxtools
Advisory ID:            MDKA-2003:008
Date:                   May 1st, 2003
Affected versions:      9.1
______________________________________________________________________
Problem Description:
 More bugs have been found in the drakxtools package for Mandrake Linux
 9.1.  With the release of the ldetect update (MDKA-2003:004), harddrake
 needed to be rebuilt due to the changes.
 
 As well, if one cancelled the installation of required packages for
 display managers, drakxtools now returns to the display manager menu.
 
 The DrakSec logic during the installation of Mandrake Linux is to hide
 the very low and paranoid security levels to prevent a user from making
 his system completely insecure or unuseable, however this same logic is
 not required for the installed system.  Now DrakSec makes these levels
 available, post-install.
______________________________________________________________________
References:
______________________________________________________________________
Updated Packages:
  
 Mandrake Linux 9.1:
 48df6096f427529922d6e5e78c53ee31  9.1/RPMS/drakxtools-9.1-31.2mdk.i586.rpm
 518e5c312950b0b720f40da5af8d3396  9.1/RPMS/drakxtools-http-9.1-31.2mdk.i586.rpm
 7bf51eca0822f47a39f6c6812f790e17  9.1/RPMS/drakxtools-newt-9.1-31.2mdk.i586.rpm
 1f15c5f0e249f052ead034108a7917a1  9.1/RPMS/harddrake-9.1-31.2mdk.i586.rpm
 66606b62f07647531e40af32b7a513aa  9.1/RPMS/harddrake-ui-9.1-31.2mdk.i586.rpm
 867325d6536d7c071410de73475efcdd  9.1/SRPMS/drakxtools-9.1-31.2mdk.src.rpm
 Mandrake Linux 9.1/PPC:
 2b088789baf5b74e8603060583956fa7  ppc/9.1/RPMS/drakxtools-9.1-31.2mdk.ppc.rpm
 bd2a1e5e54c2917179d7044d16285dbd  ppc/9.1/RPMS/drakxtools-http-9.1-31.2mdk.ppc.rpm
 91441b305235adb4fd30a231eee4e067  ppc/9.1/RPMS/drakxtools-newt-9.1-31.2mdk.ppc.rpm
 aa19517c5a79bc7ea61e5fb2c7c7ea8f  ppc/9.1/RPMS/harddrake-9.1-31.2mdk.ppc.rpm
 2204cfe217e47843c52c52d30a5580a5  ppc/9.1/RPMS/harddrake-ui-9.1-31.2mdk.ppc.rpm
 867325d6536d7c071410de73475efcdd  ppc/9.1/SRPMS/drakxtools-9.1-31.2mdk.src.rpm
______________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
  
  3701 -
______________________________________________________________________
To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:
  http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig <filename>
All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:
  https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
  http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:
  http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
  security_linux-mandrake.com
Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
______________________________________________________________________
                     Mandrake Linux Update Advisory
______________________________________________________________________
Package name:           openldap
Advisory ID:            MDKA-2003:009
Date:                   May 1st, 2003
Affected versions:      8.2, 9.0, 9.1, Corporate Server 2.1,
                        Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
 The OpenLDAP packages in Mandrake Linux 9.1 did not properly
 migrate data from previous versions.  This update provides a fix
 that corrects this issue.
 
 The updated packages also correct a problem that has been persistent
 in Mandrake Linux for some time.  Previously, attempting to use
 OpenLDAP for authentication would result in strange system behaviour
 because OpenLDAP was using a MD5 hash internally that was incompatible
 with the system crypt(3) MD5 hash.  This would result in authentication
 working with nss_ldap, but not with pam_ldap.  If one used ldappasswd
 to change a password, authentication would work with pam_ldap but not
 nss_ldap.  The OpenLDAP packages have been updated to use the crypt(3)
 MD5 hash at all times.
 
 As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1,
 sshd would segfault when attempting to login as an LDAP user.  The
 new pam_ldap and nss_ldap packages correct this problem.
 
 WARNING: Users who are currently using pam_ldap with OpenLDAP, and who
 have used ldappasswd to change user passwords may have the MD5 hash
 that is not compatible with crypt(3) used to store the userPassword.
 If this is the case, updating to these packages may require you to, as
 root, change the password for each user with a now incompatible 
 password.
______________________________________________________________________
References:
______________________________________________________________________
Updated Packages:
  
 Corporate Server 2.1:
 228062e8f7c51897b28eaeb64f05eb6a  corporate/2.1/RPMS/libldap2-2.0.25-7.2mdk.i586.rpm
 d38b4c1cb2232ef5e00673ccaacbc0ef  corporate/2.1/RPMS/libldap2-devel-2.0.25-7.2mdk.i586.rpm
 959b4cee440aa432f4609fe2a6e94833  corporate/2.1/RPMS/libldap2-devel-static-2.0.25-7.2mdk.i586.rpm
 2a4debaa1a3bc1c1b7e758331c36e1c2  corporate/2.1/RPMS/openldap-2.0.25-7.2mdk.i586.rpm
 4e4bf480f21493f5fa62e1a8d520cbf0  corporate/2.1/RPMS/openldap-back_dnssrv-2.0.25-7.2mdk.i586.rpm
 78d24da1251dc2560c4aec810866c17f  corporate/2.1/RPMS/openldap-back_ldap-2.0.25-7.2mdk.i586.rpm
 d392d2b1350967efa98c02a1a3b232ce  corporate/2.1/RPMS/openldap-back_passwd-2.0.25-7.2mdk.i586.rpm
 5e747e02a1105d3816155348a387f222  corporate/2.1/RPMS/openldap-back_sql-2.0.25-7.2mdk.i586.rpm
 8d55caae1ce7aa03b9c1df62deec5a9d  corporate/2.1/RPMS/openldap-clients-2.0.25-7.2mdk.i586.rpm
 5d845d76ee6bbd3a0516b7263be299d4  corporate/2.1/RPMS/openldap-guide-2.0.25-7.2mdk.i586.rpm
 20cccb296beb5b57286e2f52f04388f3  corporate/2.1/RPMS/openldap-migration-2.0.25-7.2mdk.i586.rpm
 a8c118bb205d7ddf54bb5b424f50fdae  corporate/2.1/RPMS/openldap-servers-2.0.25-7.2mdk.i586.rpm
 00adf85f89898912f3f892bd740808c3  corporate/2.1/SRPMS/openldap-2.0.25-7.2mdk.src.rpm
 Mandrake Linux 8.2:
 81152a500eba55ac00a6bbade73e8eed  8.2/RPMS/libldap2-2.0.21-4.2mdk.i586.rpm
 3d5f6b84cb1fc5c968f1446b5fac03c2  8.2/RPMS/libldap2-devel-2.0.21-4.2mdk.i586.rpm
 699e296d6e096e2577f54c20e2b40a0a  8.2/RPMS/libldap2-devel-static-2.0.21-4.2mdk.i586.rpm
 b89bfacb5aec5cbe21be0b100c8ae4db  8.2/RPMS/openldap-2.0.21-4.2mdk.i586.rpm
 bb2c2e5abdc55cedc9039d8093c4abc8  8.2/RPMS/openldap-back_dnssrv-2.0.21-4.2mdk.i586.rpm
 6e62517341700b30ba7cd22ab9e441ce  8.2/RPMS/openldap-back_ldap-2.0.21-4.2mdk.i586.rpm
 8d99170673fd6091132c40e57a9d4d2e  8.2/RPMS/openldap-back_passwd-2.0.21-4.2mdk.i586.rpm
 437e79c044f9ca9100115e07688a6c8a  8.2/RPMS/openldap-back_sql-2.0.21-4.2mdk.i586.rpm
 c13459596a37f2db4f88a1768beb19ac  8.2/RPMS/openldap-clients-2.0.21-4.2mdk.i586.rpm
 d50672996002d3934cf3d9a646f12cf0  8.2/RPMS/openldap-guide-2.0.21-4.2mdk.i586.rpm
 84bafab30b6fce090855b8f1f4d38dd9  8.2/RPMS/openldap-migration-2.0.21-4.2mdk.i586.rpm
 dc09fbe20346172136b8db79aae92723  8.2/RPMS/openldap-servers-2.0.21-4.2mdk.i586.rpm
 b36e43857a114a79c46312d19b1f78b0  8.2/SRPMS/openldap-2.0.21-4.2mdk.src.rpm
 Mandrake Linux 8.2/PPC:
 8d1f3829ff437eb7dc578e04b3121fa7  ppc/8.2/RPMS/libldap2-2.0.21-4.2mdk.ppc.rpm
 b47b3498f787ece9a6794d000cdbc334  ppc/8.2/RPMS/libldap2-devel-2.0.21-4.2mdk.ppc.rpm
 30046c2c0293dfe6b29da0c1348b08e6  ppc/8.2/RPMS/libldap2-devel-static-2.0.21-4.2mdk.ppc.rpm
 5a39af47c4e8305b942a7b8645157b13  ppc/8.2/RPMS/openldap-2.0.21-4.2mdk.ppc.rpm
 75c7e21bf9955677f21e87103c8b23f9  ppc/8.2/RPMS/openldap-back_dnssrv-2.0.21-4.2mdk.ppc.rpm
 2caf422c849325fa6225980a131b314b  ppc/8.2/RPMS/openldap-back_ldap-2.0.21-4.2mdk.ppc.rpm
 85d53c254e8f2bf292b2eb6f5e2658a4  ppc/8.2/RPMS/openldap-back_passwd-2.0.21-4.2mdk.ppc.rpm
 063ff5de0735751e1ce28304eba9d787  ppc/8.2/RPMS/openldap-back_sql-2.0.21-4.2mdk.ppc.rpm
 2f3394214ac49796ab55ab18924213b9  ppc/8.2/RPMS/openldap-clients-2.0.21-4.2mdk.ppc.rpm
 b72e626a45ee45e483521ec4eecd568d  ppc/8.2/RPMS/openldap-guide-2.0.21-4.2mdk.ppc.rpm
 5c6965074fb258f70c449ed3efb780cd  ppc/8.2/RPMS/openldap-migration-2.0.21-4.2mdk.ppc.rpm
 addad7f22155332a1b4bc11e0af70bcb  ppc/8.2/RPMS/openldap-servers-2.0.21-4.2mdk.ppc.rpm
 b36e43857a114a79c46312d19b1f78b0  ppc/8.2/SRPMS/openldap-2.0.21-4.2mdk.src.rpm
 Mandrake Linux 9.0:
 228062e8f7c51897b28eaeb64f05eb6a  9.0/RPMS/libldap2-2.0.25-7.2mdk.i586.rpm
 d38b4c1cb2232ef5e00673ccaacbc0ef  9.0/RPMS/libldap2-devel-2.0.25-7.2mdk.i586.rpm
 959b4cee440aa432f4609fe2a6e94833  9.0/RPMS/libldap2-devel-static-2.0.25-7.2mdk.i586.rpm
 2a4debaa1a3bc1c1b7e758331c36e1c2  9.0/RPMS/openldap-2.0.25-7.2mdk.i586.rpm
 4e4bf480f21493f5fa62e1a8d520cbf0  9.0/RPMS/openldap-back_dnssrv-2.0.25-7.2mdk.i586.rpm
 78d24da1251dc2560c4aec810866c17f  9.0/RPMS/openldap-back_ldap-2.0.25-7.2mdk.i586.rpm
 d392d2b1350967efa98c02a1a3b232ce  9.0/RPMS/openldap-back_passwd-2.0.25-7.2mdk.i586.rpm
 5e747e02a1105d3816155348a387f222  9.0/RPMS/openldap-back_sql-2.0.25-7.2mdk.i586.rpm
 8d55caae1ce7aa03b9c1df62deec5a9d  9.0/RPMS/openldap-clients-2.0.25-7.2mdk.i586.rpm
 5d845d76ee6bbd3a0516b7263be299d4  9.0/RPMS/openldap-guide-2.0.25-7.2mdk.i586.rpm
 20cccb296beb5b57286e2f52f04388f3  9.0/RPMS/openldap-migration-2.0.25-7.2mdk.i586.rpm
 a8c118bb205d7ddf54bb5b424f50fdae  9.0/RPMS/openldap-servers-2.0.25-7.2mdk.i586.rpm
 00adf85f89898912f3f892bd740808c3  9.0/SRPMS/openldap-2.0.25-7.2mdk.src.rpm
 Mandrake Linux 9.1:
 881f08c3c26a7007cf53df5f3493e0c2  9.1/RPMS/libldap2-2.0.27-5.3mdk.i586.rpm
 8778e8c43c57c217eac05ae52457634c  9.1/RPMS/libldap2-devel-2.0.27-5.3mdk.i586.rpm
 38ed2b492286e3b9931907d5447c10d4  9.1/RPMS/libldap2-devel-static-2.0.27-5.3mdk.i586.rpm
 a503690c93eeaafdeb85c74459031e78  9.1/RPMS/nss_ldap-204-1.1mdk.i586.rpm
 9ddbdc978bc53cc4f47329066340c997  9.1/RPMS/openldap-2.0.27-5.3mdk.i586.rpm
 e93d209e416d98921fba0d194efd351d  9.1/RPMS/openldap-back_dnssrv-2.0.27-5.3mdk.i586.rpm
 37a9e9f02ed5b7d2d77b20523d18f15b  9.1/RPMS/openldap-back_ldap-2.0.27-5.3mdk.i586.rpm
 fbcf0db8fd69f74934175e310f2cda81  9.1/RPMS/openldap-back_passwd-2.0.27-5.3mdk.i586.rpm
 7ce7fa324d32730f483919456763120a  9.1/RPMS/openldap-back_sql-2.0.27-5.3mdk.i586.rpm
 42e1621795dd0275dfce2cd3a2b26210  9.1/RPMS/openldap-clients-2.0.27-5.3mdk.i586.rpm
 5f5b67698144010868de879f1953577b  9.1/RPMS/openldap-guide-2.0.27-5.3mdk.i586.rpm
 f134c9ddad9682206413a87877f6681e  9.1/RPMS/openldap-migration-2.0.27-5.3mdk.i586.rpm
 f594ce9f9a2e14d52ad582f30b26cb38  9.1/RPMS/openldap-servers-2.0.27-5.3mdk.i586.rpm
 215808a6f3f2039a7b66996c098682db  9.1/RPMS/pam_ldap-161-1.1mdk.i586.rpm
 d721a84c3f699bd52156a40825113386  9.1/SRPMS/nss_ldap-204-1.1mdk.src.rpm
 f25a960ab5dacf247dcb09974db6dba6  9.1/SRPMS/openldap-2.0.27-5.3mdk.src.rpm
 Mandrake Linux 9.1/PPC:
 fdf3b03329e6ef324203bc26f445f29f  ppc/9.1/RPMS/libldap2-2.0.27-5.3mdk.ppc.rpm
 672b0827760098e441d4cc1a473e88bd  ppc/9.1/RPMS/libldap2-devel-2.0.27-5.3mdk.ppc.rpm
 0cbe6bbc86b40666d778fe4806d10d75  ppc/9.1/RPMS/libldap2-devel-static-2.0.27-5.3mdk.ppc.rpm
 4bd40abc6bfd515c20a86cd14690ec03  ppc/9.1/RPMS/nss_ldap-204-1.1mdk.ppc.rpm
 b01f7a882e3671e00998a9ace2266a21  ppc/9.1/RPMS/openldap-2.0.27-5.3mdk.ppc.rpm
 803a4f82739f14fcc0ba8cac6535c81a  ppc/9.1/RPMS/openldap-back_dnssrv-2.0.27-5.3mdk.ppc.rpm
 82901bfc19b5d5b72ec122451df14ad9  ppc/9.1/RPMS/openldap-back_ldap-2.0.27-5.3mdk.ppc.rpm
 fffac70593b316b52fb7bd5c06e751cf  ppc/9.1/RPMS/openldap-back_passwd-2.0.27-5.3mdk.ppc.rpm
 eb1682c1cdbb1299f35bd94905d66f1f  ppc/9.1/RPMS/openldap-back_sql-2.0.27-5.3mdk.ppc.rpm
 a4da26feb72ab155fc97c650233d9d25  ppc/9.1/RPMS/openldap-clients-2.0.27-5.3mdk.ppc.rpm
 d4681c4aae54b2f5334734f5f9a58cf4  ppc/9.1/RPMS/openldap-guide-2.0.27-5.3mdk.ppc.rpm
 95df74cec38deea5eeb7f5a275b24099  ppc/9.1/RPMS/openldap-migration-2.0.27-5.3mdk.ppc.rpm
 55edbff6830379c4364dda37892e5ffc  ppc/9.1/RPMS/openldap-servers-2.0.27-5.3mdk.ppc.rpm
 600f30573d85b798545c5592c19c62c2  ppc/9.1/RPMS/pam_ldap-161-1.1mdk.ppc.rpm
 d721a84c3f699bd52156a40825113386  ppc/9.1/SRPMS/nss_ldap-204-1.1mdk.src.rpm
 f25a960ab5dacf247dcb09974db6dba6  ppc/9.1/SRPMS/openldap-2.0.27-5.3mdk.src.rpm
 Multi Network Firewall 8.2:
 81152a500eba55ac00a6bbade73e8eed  mnf8.2/RPMS/libldap2-2.0.21-4.2mdk.i586.rpm
 b36e43857a114a79c46312d19b1f78b0  mnf8.2/SRPMS/openldap-2.0.21-4.2mdk.src.rpm
______________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
______________________________________________________________________
To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:
  http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig <filename>
All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:
  https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
  http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:
  http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
  security_linux-mandrake.com
Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis