<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:006 - Updated hylafax packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           hylafax
 Advisory ID:            MDKSA-2005:006
 Date:                   January 12th, 2005

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 Patrice Fournier discovered a vulnerability in the authorization
 sub-system of hylafax.  A local or remote user guessing the contents
 of the hosts.hfaxd database could gain unauthorized access to the
 fax system.
 
 The updated packages are provided to prevent this issue.  Note that
 the packages included with Corporate Server 2.1 do not require this
 fix.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1182
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 ee579763c8d03a6700ed952b9ccec832  10.0/RPMS/hylafax-4.1.8-2.1.100mdk.i586.rpm
 342f2d7f890f2b31ef689eb0a308dee4  
10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.i586.rpm
 998f0ad4665e364c607fae0d87bf6e63  
10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.i586.rpm
 5113375fd58490f64f6b5c0293780a79  
10.0/RPMS/libhylafax4.1.1-4.1.8-2.1.100mdk.i586.rpm
 996a95af88ca9ab77371448957b7271f  
10.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.1.100mdk.i586.rpm
 3530b9962aa58309aa59c1fd355d23ac  10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8b37c55f1eaadd9c4a0645c43b4ad25c  
amd64/10.0/RPMS/hylafax-4.1.8-2.1.100mdk.amd64.rpm
 cb3290ee2bf666ed51e427e59829459d  
amd64/10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.amd64.rpm
 05451b45a4036f314933d15b755ea8d7  
amd64/10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.amd64.rpm
 35310391ebce8f0a4085ed6b7d2ccd04  
amd64/10.0/RPMS/lib64hylafax4.1.1-4.1.8-2.1.100mdk.amd64.rpm
 d1b71635033b9e72c86057a0f156c544  
amd64/10.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.1.100mdk.amd64.rpm
 3530b9962aa58309aa59c1fd355d23ac  
amd64/10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 2cbc9e6bd58daf7d2d15f6091416ca23  10.1/RPMS/hylafax-4.2.0-1.1.101mdk.i586.rpm
 80cf2d108124ebab09f2d92ffd3e2391  
10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.i586.rpm
 b4e98805f61130b91b5cc98ba886af89  
10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.i586.rpm
 5afec8caa3b77932c27d032e21a0eeed  
10.1/RPMS/libhylafax4.2.0-4.2.0-1.1.101mdk.i586.rpm
 e5aafca41da67cacdef699983d81f3f0  
10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.1.101mdk.i586.rpm
 1fae0a459f3dce423c904ab262921cba  10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 ccfce91efcd9e16651a6bb2995a2cc78  
x86_64/10.1/RPMS/hylafax-4.2.0-1.1.101mdk.x86_64.rpm
 6fd803abc59ec7d04f289d3aca50bd25  
x86_64/10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.x86_64.rpm
 b7ee9463f3bdf38fa1c1f5271d1d4022  
x86_64/10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.x86_64.rpm
 394b51eaef66c424ce9d448dd4ab237e  
x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.1.101mdk.x86_64.rpm
 75fbf7eb72ba172e204612580e58b2f1  
x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.1.101mdk.x86_64.rpm
 1fae0a459f3dce423c904ab262921cba  
x86_64/10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB5hXxmqjQ0CJFipgRAsKAAJ9BQXhAKBLMQ9rBpe+OfRpNGonKKgCg2NaN
kQcWe5+upOq+jtr7PT1q6NM=
=eiBI
-----END PGP SIGNATURE-----