<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:057 - Updated tripwire packages fix format string vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           tripwire
 Advisory ID:            MDKSA-2004:057
 Date:                   June 7th, 2004

 Affected versions:      10.0, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Paul Herman discovered a format string vulnerability in tripwire that
 could allow a local user to execute arbitrary code with the rights of
 the user running tripwire (typically root).  This vulnerability only
 exists when tripwire is generating an email report.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0536
  http://www.securityfocus.com/archive/1/365036
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 f7218d2fbde501fff2d418e7817679e6  
10.0/RPMS/tripwire-2.3.1.2-7.1.100mdk.i586.rpm
 4476fcbb452e7af2a7171e303f75f0f4  
10.0/SRPMS/tripwire-2.3.1.2-7.1.100mdk.src.rpm

 Corporate Server 2.1:
 69367ac3b8afe929b0542f1921606ea1  
corporate/2.1/RPMS/tripwire-2.3.1.2-7.1.C21mdk.i586.rpm
 85b56f3e3587ed3ff69ffd98708e9d39  
corporate/2.1/SRPMS/tripwire-2.3.1.2-7.1.C21mdk.src.rpm

 Mandrakelinux 9.2:
 b8fa611b9f5c5b65bc8bfc30e880e6e5  9.2/RPMS/tripwire-2.3.1.2-7.1.92mdk.i586.rpm
 ae1cd49c93ad98e770ddd82fb9a55356  9.2/SRPMS/tripwire-2.3.1.2-7.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAxRMlmqjQ0CJFipgRAjfIAJ4ikNoIKkSdPdwJyt7bJT0Ma3JbYQCdFiU5
O5Z+DqqCC/vE9U15eACPMJ4=
=dvYs
-----END PGP SIGNATURE-----