---

Mandrake Linux Advisories: xfsdump, eog

______________________________________________________________________
                Mandrake Linux Security Update Advisory
______________________________________________________________________
Package name:           xfsdump
Advisory ID:            MDKSA-2003:047
Date:                   April 16th, 2003
Affected versions:      8.2, 9.0, 9.1, Corporate Server 2.1
______________________________________________________________________
Problem Description:
 A vulnerability was discovered in xfsdump by Ethan Benson related to
 filesystem quotas on the XFS filesystem.  When xfsdump runs xfsdq to
 save the quota information into a file at the root of the filesystem
 being dumped, the file is created in an unsafe manner.
 
 A new option to xfsdq was added when fixing this vulnerability:
 '-f path'.  This specifies an output file to use instead of the
 default output stream.  If the file exists already, xfsdq will
 abort and if the file doesn't already exist, it will be created
 with more appropriate access permissions.
______________________________________________________________________
References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0173
______________________________________________________________________
Updated Packages:
  
 Corporate Server 2.1:
 b97c19f2073ca9a620f2f8820aba28f6  corporate/2.1/RPMS/xfsdump-2.0.3-1.1mdk.i586.rpm
 da0d22ec03d3d6f7b35f2e36c8b1f0e2  corporate/2.1/SRPMS/xfsdump-2.0.3-1.1mdk.src.rpm
 Mandrake Linux 8.2:
 73e9c500cd5bbec4f145727725c5c789  8.2/RPMS/xfsdump-2.0.0-2.1mdk.i586.rpm
 5ee2db1da3118a3c70c9f7174ca0e552  8.2/SRPMS/xfsdump-2.0.0-2.1mdk.src.rpm
 Mandrake Linux 8.2/PPC:
 499c9f059274ecad092fdcff10dab1db  ppc/8.2/RPMS/xfsdump-2.0.0-2.1mdk.ppc.rpm
 5ee2db1da3118a3c70c9f7174ca0e552  ppc/8.2/SRPMS/xfsdump-2.0.0-2.1mdk.src.rpm
 Mandrake Linux 9.0:
 b97c19f2073ca9a620f2f8820aba28f6  9.0/RPMS/xfsdump-2.0.3-1.1mdk.i586.rpm
 da0d22ec03d3d6f7b35f2e36c8b1f0e2  9.0/SRPMS/xfsdump-2.0.3-1.1mdk.src.rpm
 Mandrake Linux 9.1:
 f125c26a70fff7b65be5ba7ebefbc8fb  9.1/RPMS/libdm0-2.0.5-1.2mdk.i586.rpm
 752075a8a8489ee1961fb107ea9e2b25  9.1/RPMS/libdm0-devel-2.0.5-1.2mdk.i586.rpm
 6a0820484e07e3f002758d76e59ace68  9.1/RPMS/xfsdump-2.0.3-1.1mdk.i586.rpm
 b2e1d875fc760138b77cb15716724a49  9.1/SRPMS/dmapi-2.0.5-1.2mdk.src.rpm
 da0d22ec03d3d6f7b35f2e36c8b1f0e2  9.1/SRPMS/xfsdump-2.0.3-1.1mdk.src.rpm
 Mandrake Linux 9.1/PPC:
 dd663695c076b47cd234bfa5a82d6b6e  ppc/9.1/RPMS/libdm0-2.0.5-1.2mdk.ppc.rpm
 d660f273f56ddfacae43471f466d42d8  ppc/9.1/RPMS/libdm0-devel-2.0.5-1.2mdk.ppc.rpm
 f8f7274e7d7c8e8ad6717edcd28a6898  ppc/9.1/RPMS/xfsdump-2.0.3-1.1mdk.ppc.rpm
 b2e1d875fc760138b77cb15716724a49  ppc/9.1/SRPMS/dmapi-2.0.5-1.2mdk.src.rpm
 da0d22ec03d3d6f7b35f2e36c8b1f0e2  ppc/9.1/SRPMS/xfsdump-2.0.3-1.1mdk.src.rpm
______________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
______________________________________________________________________
To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:
  http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig <filename>
All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:
  https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
  http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:
  http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
  security_linux-mandrake.com
Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
______________________________________________________________________
                Mandrake Linux Security Update Advisory
______________________________________________________________________
Package name:           eog
Advisory ID:            MDKSA-2003:048
Date:                   April 16th, 2003
Affected versions:      9.0, 9.1, Corporate Server 2.1
______________________________________________________________________
Problem Description:
 A vulnerability was discovered in the Eye of GNOME (EOG) program,
 version 2.2.0 and earlier, that is used for displaying graphics.  A
 carefully crafted filename passed to eog could lead to the execution
 of arbitrary code as the user executing eog.
______________________________________________________________________
References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0165
______________________________________________________________________
Updated Packages:
  
 Corporate Server 2.1:
 c2b6f3e1b6dc4676795d82fbb5d03270  corporate/2.1/RPMS/eog-1.0.2-1.1mdk.i586.rpm
 3929458c9f13ccd8d102316b5180364f  corporate/2.1/SRPMS/eog-1.0.2-1.1mdk.src.rpm
 Mandrake Linux 9.0:
 c2b6f3e1b6dc4676795d82fbb5d03270  9.0/RPMS/eog-1.0.2-1.1mdk.i586.rpm
 3929458c9f13ccd8d102316b5180364f  9.0/SRPMS/eog-1.0.2-1.1mdk.src.rpm
 Mandrake Linux 9.1:
 4e46d00b4bc623843e626890983dcb7d  9.1/RPMS/eog-2.2.0-1.1mdk.i586.rpm
 b2c35125798f3bfef1b43bb9e34e3869  9.1/SRPMS/eog-2.2.0-1.1mdk.src.rpm
 Mandrake Linux 9.1/PPC:
 0e88dac227e691a431192c7005d78fc4  ppc/9.1/RPMS/eog-2.2.0-1.1mdk.ppc.rpm
 b2c35125798f3bfef1b43bb9e34e3869  ppc/9.1/SRPMS/eog-2.2.0-1.1mdk.src.rpm
______________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
______________________________________________________________________
To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:
  http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig <filename>
All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:
  https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
  http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:
  http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
  security_linux-mandrake.com
Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis