<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:154
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : lesstif
 Date    : August 28, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 The libXm library in LessTif 0.95.0 and earlier allows local users to gain 
 privileges via the DEBUG_FILE environment variable, which is used to create 
 world-writable files when libXm is run from a setuid program.
 
 The updated packages have been rebuilt with the --enable-production
 configure switch in order to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4124
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 5a2095ef8f223e31d66537eb8f4208e7  
2006.0/RPMS/lesstif-0.93.94-4.2.20060mdk.i586.rpm
 9f25125b71b97ed2a3e55933170a8c5e  
2006.0/RPMS/lesstif-clients-0.93.94-4.2.20060mdk.i586.rpm
 dc5645d0866df7c724d6ccd2a6b4551f  
2006.0/RPMS/lesstif-devel-0.93.94-4.2.20060mdk.i586.rpm
 b8b7e00f812b9a401c2e788eb8b2f25e  
2006.0/RPMS/lesstif-mwm-0.93.94-4.2.20060mdk.i586.rpm
 d2ff104b736c1353ab938605a2933409  
2006.0/RPMS/liblesstif1-0.93.94-4.2.20060mdk.i586.rpm
 d8a34a5cf582b928b04a045023855583  
2006.0/RPMS/liblesstif2-0.93.94-4.2.20060mdk.i586.rpm
 c6d1ccdedfc29596ad3c16d3673ab02e  
2006.0/SRPMS/lesstif-0.93.94-4.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 0200601fca4f4b46b90ac6ee753a494d  
x86_64/2006.0/RPMS/lesstif-0.93.94-4.2.20060mdk.x86_64.rpm
 9d6303a17d8d96755a4d24632dbfa97b  
x86_64/2006.0/RPMS/lesstif-clients-0.93.94-4.2.20060mdk.x86_64.rpm
 360f72d386d714c965f777aa2271734b  
x86_64/2006.0/RPMS/lesstif-devel-0.93.94-4.2.20060mdk.x86_64.rpm
 0b24f9b55fa69494dbcb06e24be2300b  
x86_64/2006.0/RPMS/lesstif-mwm-0.93.94-4.2.20060mdk.x86_64.rpm
 747cfa1520babbfbbbdbca0efb7fab5e  
x86_64/2006.0/RPMS/lib64lesstif1-0.93.94-4.2.20060mdk.x86_64.rpm
 c816c37d83b85770e1001667ee539d70  
x86_64/2006.0/RPMS/lib64lesstif2-0.93.94-4.2.20060mdk.x86_64.rpm
 d2ff104b736c1353ab938605a2933409  
x86_64/2006.0/RPMS/liblesstif1-0.93.94-4.2.20060mdk.i586.rpm
 d8a34a5cf582b928b04a045023855583  
x86_64/2006.0/RPMS/liblesstif2-0.93.94-4.2.20060mdk.i586.rpm
 c6d1ccdedfc29596ad3c16d3673ab02e  
x86_64/2006.0/SRPMS/lesstif-0.93.94-4.2.20060mdk.src.rpm

 Corporate 3.0:
 c7cee6a1237c5c06768232890e5c9b75  
corporate/3.0/RPMS/lesstif-0.93.94-1.1.C30mdk.i586.rpm
 c49db462160fff3aa6dc9c0690cb7c86  
corporate/3.0/RPMS/lesstif-clients-0.93.94-1.1.C30mdk.i586.rpm
 bac4c3dc97d33fec236e5f92801c64ca  
corporate/3.0/RPMS/lesstif-devel-0.93.94-1.1.C30mdk.i586.rpm
 3f4cbdbbdfd5d1e83d8236ce37c81f9c  
corporate/3.0/RPMS/lesstif-mwm-0.93.94-1.1.C30mdk.i586.rpm
 c5cfffe6870b88fc12220c2b9a45138b  
corporate/3.0/SRPMS/lesstif-0.93.94-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 eadc97c5094cd92c57d97cbde382fb5f  
x86_64/corporate/3.0/RPMS/lesstif-0.93.94-1.1.C30mdk.x86_64.rpm
 852cb3b36147975aa1a53b371c1b6a86  
x86_64/corporate/3.0/RPMS/lesstif-clients-0.93.94-1.1.C30mdk.x86_64.rpm
 947c9bcb69de35c3eea430f877452d10  
x86_64/corporate/3.0/RPMS/lesstif-devel-0.93.94-1.1.C30mdk.x86_64.rpm
 754bc9a74f9b50ddf93e056979f7381e  
x86_64/corporate/3.0/RPMS/lesstif-mwm-0.93.94-1.1.C30mdk.x86_64.rpm
 c5cfffe6870b88fc12220c2b9a45138b  
x86_64/corporate/3.0/SRPMS/lesstif-0.93.94-1.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE84w6mqjQ0CJFipgRArGJAKC4DsiaR+vEoEvJwjVryC8i0VR5vACeIMb7
zMuaXHkPVtRD3ae3/dctbsY=
=6Uev
-----END PGP SIGNATURE-----