---

Home Security

Mandrake Linux Advisories: netpbm, mutt

By

Mandrake Linux Security Update Advisory

Package name: netpbm
Advisory ID: MDKSA-2004:011
Date: February 11th, 2004
Affected versions: 9.1, 9.2, Corporate Server 2.1, Multi Network
Firewall 8.2

Problem Description:

A number of temporary file bugs have been found in versions of
NetPBM. These could allow a local user the ability to overwrite or
create files as a different user who happens to run one of the the
vulnerable utilities.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924

Updated Packages:

Corporate Server 2.1:
34eb48eb742f0684dfeaf92888740db5
corporate/2.1/RPMS/libnetpbm9-9.24-4.2.C21mdk.i586.rpm
937c4e72cff9807e6e64ff764ca1e6b7
corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.2.C21mdk.i586.rpm
72a71491f8de3938d82c30cd2e5f89b9
corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.2.C21mdk.i586.rpm

60c42a5024bfb8f564fc6463a020c221
corporate/2.1/RPMS/netpbm-9.24-4.2.C21mdk.i586.rpm
1d0ce93e3a3680742447b38f89deabdf
corporate/2.1/SRPMS/netpbm-9.24-4.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
18869dfa17de36320ef83c00a0ca61be
x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.2.C21mdk.x86_64.rpm
9889bdb8dc84e898bb8795d4a396e74b
x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.2.C21mdk.x86_64.rpm

40d10777e898e2de5eb30775702adc16
x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.2.C21mdk.x86_64.rpm

d451109017ac3507fd92fce77b60b585
x86_64/corporate/2.1/RPMS/netpbm-9.24-4.2.C21mdk.x86_64.rpm
1d0ce93e3a3680742447b38f89deabdf
x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.2.C21mdk.src.rpm

Mandrake Linux 9.1:
f837a0dea951eb028a85a5683c3de0c0
9.1/RPMS/libnetpbm9-9.24-4.2.91mdk.i586.rpm
7de35b5c626cb1e2949ea7bfa3bdccb9
9.1/RPMS/libnetpbm9-devel-9.24-4.2.91mdk.i586.rpm
914abc6b7509878acf163ce9881999d5
9.1/RPMS/libnetpbm9-static-devel-9.24-4.2.91mdk.i586.rpm
70b2bcfe5d0ad486bc0f91220bc3393b
9.1/RPMS/netpbm-9.24-4.2.91mdk.i586.rpm
fdd1f95c927ecb0c049e05b6e52ca0cd
9.1/SRPMS/netpbm-9.24-4.2.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
37b6fe958e3278497c40e99e848a44ba
ppc/9.1/RPMS/libnetpbm9-9.24-4.2.91mdk.ppc.rpm
ea91e8008658705e4e76e4cdf319f17e
ppc/9.1/RPMS/libnetpbm9-devel-9.24-4.2.91mdk.ppc.rpm
208e9948d3b3ac045544daa00f32483b
ppc/9.1/RPMS/libnetpbm9-static-devel-9.24-4.2.91mdk.ppc.rpm
ae7232e7a46bbf0eb5f31b27602f784e
ppc/9.1/RPMS/netpbm-9.24-4.2.91mdk.ppc.rpm
fdd1f95c927ecb0c049e05b6e52ca0cd
ppc/9.1/SRPMS/netpbm-9.24-4.2.91mdk.src.rpm

Mandrake Linux 9.2:
2d5772229d613f3dc247dc92242f7487
9.2/RPMS/libnetpbm9-9.24-7.1.92mdk.i586.rpm
d06621b18a407ff48831a6091de359e7
9.2/RPMS/libnetpbm9-devel-9.24-7.1.92mdk.i586.rpm
4b755ab1924827e6cac7382cf15a9d1c
9.2/RPMS/libnetpbm9-static-devel-9.24-7.1.92mdk.i586.rpm
216d785b45beca16177ef523c759ab28
9.2/RPMS/netpbm-9.24-7.1.92mdk.i586.rpm
44c1063c1d8084d223b47ee5f01eceb3
9.2/SRPMS/netpbm-9.24-7.1.92mdk.src.rpm

Mandrake Linux 9.2/AMD64:
694cae15de25c101e341dbd02cb29b20
amd64/9.2/RPMS/lib64netpbm9-9.24-7.1.92mdk.amd64.rpm
1a5a08522bc516b57c45589f2f986d1e
amd64/9.2/RPMS/lib64netpbm9-devel-9.24-7.1.92mdk.amd64.rpm
13c2561b968e908174b8ca76f9a77027
amd64/9.2/RPMS/lib64netpbm9-static-devel-9.24-7.1.92mdk.amd64.rpm

8cc4d411ecbf5913a6422347a89cadb3
amd64/9.2/RPMS/netpbm-9.24-7.1.92mdk.amd64.rpm
44c1063c1d8084d223b47ee5f01eceb3
amd64/9.2/SRPMS/netpbm-9.24-7.1.92mdk.src.rpm

Multi Network Firewall 8.2:
dc24dca1b23e84798a39b075b70fc9aa
mnf8.2/RPMS/libnetpbm9-9.20-2.2.M82mdk.i586.rpm
765cf6211e64a313e26307bbb4f439fe
mnf8.2/RPMS/netpbm-9.20-2.2.M82mdk.i586.rpm
274c92774d8117e5a01525b5ef9ef412
mnf8.2/SRPMS/netpbm-9.20-2.2.M82mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can
obtain the GPG public key of the Mandrake Linux Security Team by
executing:

gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98

Please be aware that sometimes it takes the mirrors a few hours
to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Mandrake Linux Security Update Advisory

Package name: mutt
Advisory ID: MDKSA-2004:010
Date: February 11th, 2004
Affected versions: 9.1, 9.2, Corporate Server 2.1

Problem Description:

A bug in mutt was reported by Neils Heinen that could allow a
remote attacker to send a carefully crafted mail message that can
cause mutt to segfault and possibly execute arbitrary code as the
user running mutt.

The updated packages have been patched to correct the
problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078

Updated Packages:

Corporate Server 2.1:
9bc44748af1cb08ab42af19ae66b2bd3
corporate/2.1/RPMS/mutt-1.4.1i-1.2.C21mdk.i586.rpm
4988bcd3dfada99b7aba26f65662c0c0
corporate/2.1/SRPMS/mutt-1.4.1i-1.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
9ad9b5c92a2af1e7a9ecb4f4dbadfd3f
x86_64/corporate/2.1/RPMS/mutt-1.4.1i-1.2.C21mdk.x86_64.rpm
4988bcd3dfada99b7aba26f65662c0c0
x86_64/corporate/2.1/SRPMS/mutt-1.4.1i-1.2.C21mdk.src.rpm

Mandrake Linux 9.1:
bd20ea8a4ed852602e269e1ec637e822
9.1/RPMS/mutt-1.4.1i-1.2.91mdk.i586.rpm
4bfe4f092a63e96ada255bfc6e5a4c0e
9.1/SRPMS/mutt-1.4.1i-1.2.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
ab9886dbc9a906669c2827bf1b0f51e7
ppc/9.1/RPMS/mutt-1.4.1i-1.2.91mdk.ppc.rpm
4bfe4f092a63e96ada255bfc6e5a4c0e
ppc/9.1/SRPMS/mutt-1.4.1i-1.2.91mdk.src.rpm

Mandrake Linux 9.2:
6e3c3843611f49a20894f1cb0c64c760
9.2/RPMS/mutt-1.4.1i-3.1.92mdk.i586.rpm
7a38e74fb7e1b11f1add65ac8f5a1e2a
9.2/SRPMS/mutt-1.4.1i-3.1.92mdk.src.rpm

Mandrake Linux 9.2/AMD64:
a3aa8bcdd20b8fb56c366818a10f3a9d
amd64/9.2/RPMS/mutt-1.4.1i-3.1.92mdk.amd64.rpm
7a38e74fb7e1b11f1add65ac8f5a1e2a
amd64/9.2/SRPMS/mutt-1.4.1i-3.1.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can
obtain the GPG public key of the Mandrake Linux Security Team by
executing:

gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98

Please be aware that sometimes it takes the mirrors a few hours
to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security
linux-mandrake.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.