[ MDKSA-2006:051 ] - Updated gettext packages fix temporary file vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:051
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gettext
Date : February 28, 2006
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
The Trustix developers discovered temporary file vulnerabilities in the
autopoint and gettextize scripts, part of GNU gettext. These scripts
insecurely created temporary files which could allow a malicious user
to overwrite another user's files via a symlink attack.
The updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0966
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
3e90a65b63c6cef50ea2362b97d601af
corporate/3.0/RPMS/gettext-0.13.1-1.3.C30mdk.i586.rpm
88645a36cc137b6d15baff31df84bb5f
corporate/3.0/RPMS/gettext-base-0.13.1-1.3.C30mdk.i586.rpm
122cf7a4d0173cd80c3c6a388b76ec5a
corporate/3.0/RPMS/gettext-devel-0.13.1-1.3.C30mdk.i586.rpm
d9e9d121c5833e80c9bbd642af24fb40
corporate/3.0/RPMS/gettext-java-0.13.1-1.3.C30mdk.i586.rpm
7aa6d70debb3c1814333fca662e23cac
corporate/3.0/RPMS/libgettextmisc-0.13.1-1.3.C30mdk.i586.rpm
cfe279f682d65f910505e069b911d7c7
corporate/3.0/RPMS/libintl2-0.13.1-1.3.C30mdk.i586.rpm
fc15df73311804bf0fd371fa9682c0c5
corporate/3.0/SRPMS/gettext-0.13.1-1.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
c3648f970e7794014773ddedd68eaf91
x86_64/corporate/3.0/RPMS/gettext-0.13.1-1.3.C30mdk.x86_64.rpm
d876576394822262df7e2351775c1aaa
x86_64/corporate/3.0/RPMS/gettext-base-0.13.1-1.3.C30mdk.x86_64.rpm
af77cf6ee5a7d238ec122fbc4af7d353
x86_64/corporate/3.0/RPMS/gettext-devel-0.13.1-1.3.C30mdk.x86_64.rpm
1173d049f6621cd8ff8d0396d24eb097
x86_64/corporate/3.0/RPMS/gettext-java-0.13.1-1.3.C30mdk.x86_64.rpm
f757f8a584bfc7ebd99d13a92415241b
x86_64/corporate/3.0/RPMS/lib64gettextmisc-0.13.1-1.3.C30mdk.x86_64.rpm
ecb7b9c26a607287c10f12bc70d5ffa9
x86_64/corporate/3.0/RPMS/lib64intl2-0.13.1-1.3.C30mdk.x86_64.rpm
fc15df73311804bf0fd371fa9682c0c5
x86_64/corporate/3.0/SRPMS/gettext-0.13.1-1.3.C30mdk.src.rpm
Multi Network Firewall 2.0:
bf7a130a64632e27c4c0e35bcce1838d
mnf/2.0/RPMS/gettext-0.13.1-1.3.M20mdk.i586.rpm
26b569b31b5786eb3dc90c466ad42951
mnf/2.0/RPMS/gettext-base-0.13.1-1.3.M20mdk.i586.rpm
513319968508b7d6c22135aed2a4ebcf
mnf/2.0/RPMS/gettext-devel-0.13.1-1.3.M20mdk.i586.rpm
8ebc491dd574ec6e9624776b39adb08e
mnf/2.0/RPMS/gettext-java-0.13.1-1.3.M20mdk.i586.rpm
d7efcc35298ade62c0d21b75cec11d35
mnf/2.0/RPMS/libgettextmisc-0.13.1-1.3.M20mdk.i586.rpm
d0993ab7f263642207f1ae95f4861525
mnf/2.0/RPMS/libintl2-0.13.1-1.3.M20mdk.i586.rpm
76fec48911a57db5edad551ae40cb3d1
mnf/2.0/SRPMS/gettext-0.13.1-1.3.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFEBKdDmqjQ0CJFipgRAhZHAJ9pXeM/Z7BFLAZ1zymn5CDFGiDNjQCgyy01
o5an648yuWxgj8BfvaEBjws=
=aKl0
-----END PGP SIGNATURE-----