[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 183/04 - Four Mandrake Security Advisories
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 183/04 dated 23.04.04 Time: 10:10
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Four Mandrake Security Advisories:
1. MDKSA-2004:032 - Updated libneon packages fix temporary file insecurities.
2. MDKSA-2004:033 - Updated xine-ui packages fix temporary file insecurities.
3. MDKSA-2004:034 - Updated MySQL packages fix temporary file insecurities.
4. MDKSA-2004:035 - Updated samba packages fix privilege escalation vulnerability.
Detail
======
1. A number of various format string vulnerabilities were discovered in the error output
handling of Neon, the HTTP and WebDAV client library, by Thomas Wana. These problems
affect all versions of Neon from 0.19.0 up to and including 0.24.4.
2. Shaun Colley discovered a temporary file vulnerability in the xine-check script
packaged in xine-ui. This problem could allow local attackers to overwrite arbitrary
files with the privileges of the user invoking the script.
3. Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi'
and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An
attacker could create symbolic links in /tmp that could allow for overwriting of files
with the privileges of the user running the scripts.
4. A vulnerability was discovered in samba where a local user could use the smbmnt utility,
which is shipped suid root, to mount a file share from a remote server which would contain
a setuid program under the control of the user. By executing this setuid program, the local
user could elevate their privileges on the local system.
1. Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: libneon
Advisory ID: MDKSA-2004:032
Date: April 19th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A number of various format string vulnerabilities were discovered in the error output handling of Neon, the HTTP and WebDAV client library, by Thomas Wana. These problems affect all versions of Neon from 0.19.0 up to and including 0.24.4.
All users are encouraged to upgrade. All client software using this library is affected. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
5016f52573f0dbac1ac0b6ddf0ba4808 10.0/RPMS/libneon0.24-0.24.5-0.1.100mdk.i586.rpm
6b60b330eedc14d35b908575ce41bd66 10.0/RPMS/libneon0.24-devel-0.24.5-0.1.100mdk.i586.rpm
55323bb21b265acd84e305f1d965eecc 10.0/RPMS/libneon0.24-static-devel-0.24.5-0.1.100mdk.i586.rpm
a2f6b036d1324c66a8c4f4cf7ea63c60 10.0/SRPMS/libneon-0.24.5-0.1.100mdk.src.rpm
Mandrakelinux 9.2:
27cfdb8b6d01ff35b66e0fc2869c3684 9.2/RPMS/libneon0.24-0.24.5-0.1.92mdk.i586.rpm
4966905b742a48ca8217eeaaff61351f 9.2/RPMS/libneon0.24-devel-0.24.5-0.1.92mdk.i586.rpm
f262d63f9a86605c63fa8aadfe486631 9.2/RPMS/libneon0.24-static-devel-0.24.5-0.1.92mdk.i586.rpm
d4ea9089a6fe7b09f6effe42027135e9 9.2/SRPMS/libneon-0.24.5-0.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
6ce668f23e819a8b4fc646f0f2e5357d amd64/9.2/RPMS/lib64neon0.24-0.24.5-0.1.92mdk.amd64.rpm
97185368e90d2faff99c1e5655535a42 amd64/9.2/RPMS/lib64neon0.24-devel-0.24.5-0.1.92mdk.amd64.rpm
20dec52552e5d6f903b374dd4b87d939 amd64/9.2/RPMS/lib64neon0.24-static-devel-0.24.5-0.1.92mdk.amd64.rpm
d4ea9089a6fe7b09f6effe42027135e9 amd64/9.2/SRPMS/libneon-0.24.5-0.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
2.
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: xine-ui
Advisory ID: MDKSA-2004:033
Date: April 19th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
Shaun Colley discovered a temporary file vulnerability in the xine-check script packaged in xine-ui. This problem could allow local attackers to overwrite arbitrary files with the privileges of the user invoking the script.
The updated packages change the location of where temporary files are written to prevent this attack. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0372
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
1714c3fa35832f5ada17d213af09b3b4 10.0/RPMS/xine-ui-0.9.23-3.1.100mdk.i586.rpm
f3e7f13333911081911e1e3e56467086 10.0/RPMS/xine-ui-aa-0.9.23-3.1.100mdk.i586.rpm
d99946b43d7e310293fbee034ae49088 10.0/RPMS/xine-ui-fb-0.9.23-3.1.100mdk.i586.rpm
7d0e0c86903ae3ec637e530aff618aaa 10.0/SRPMS/xine-ui-0.9.23-3.1.100mdk.src.rpm
Mandrakelinux 9.2:
fd89a4277193fb04b9064e707f483c85 9.2/RPMS/xine-ui-0.9.22-5.1.92mdk.i586.rpm
908daf85477337315204d02247aa0bd8 9.2/RPMS/xine-ui-aa-0.9.22-5.1.92mdk.i586.rpm
26a9e7de5ef8789b379e4a5b5f649324 9.2/RPMS/xine-ui-fb-0.9.22-5.1.92mdk.i586.rpm
8abda9bffeebda43ae4ff1ce93370713 9.2/SRPMS/xine-ui-0.9.22-5.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
f6fe57ad2fa8d3920f6b53035e7e21fd amd64/9.2/RPMS/xine-ui-0.9.22-5.1.92mdk.amd64.rpm
5e1271856904b37335d7a3452e68d89a amd64/9.2/RPMS/xine-ui-aa-0.9.22-5.1.92mdk.amd64.rpm
8350075744c766b7c732b3678573e1f9 amd64/9.2/RPMS/xine-ui-fb-0.9.22-5.1.92mdk.amd64.rpm
8abda9bffeebda43ae4ff1ce93370713 amd64/9.2/SRPMS/xine-ui-0.9.22-5.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
3._______________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2004:034
Date: April 19th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the scripts.
The scripts have been patched in the updated packages to prevent this behaviour. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
d1a9cc7377fb76d8efb792f78890ca67 10.0/RPMS/libmysql12-4.0.18-1.1.100mdk.i586.rpm
ad512544a05b95fac5ccdcdb770adbf6 10.0/RPMS/libmysql12-devel-4.0.18-1.1.100mdk.i586.rpm
df1bb8fab4d5cee5b0965afbe7eeff1d 10.0/RPMS/MySQL-4.0.18-1.1.100mdk.i586.rpm
94e8d5d4313de5dcbffa65de1271b68f 10.0/RPMS/MySQL-Max-4.0.18-1.1.100mdk.i586.rpm
cfc0586f2d3627efa53310d50486eafb 10.0/RPMS/MySQL-bench-4.0.18-1.1.100mdk.i586.rpm
bb91503c579f0e43d844fb9d82933052 10.0/RPMS/MySQL-client-4.0.18-1.1.100mdk.i586.rpm
c74ab4f5627f00e5f580c7cfd1a50f83 10.0/RPMS/MySQL-common-4.0.18-1.1.100mdk.i586.rpm
7d2a9a655e15b264611d8dd61a41cc68 10.0/SRPMS/MySQL-4.0.18-1.1.100mdk.src.rpm
Corporate Server 2.1:
196c8c4ff065846e81a5e734de3fa67c corporate/2.1/RPMS/libmysql10-3.23.56-1.5.C21mdk.i586.rpm
cab34d2f0bfdb10e9280cd3712fe1b64 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.5.C21mdk.i586.rpm
1e3d0af27128254f244e2c5d510a3587 corporate/2.1/RPMS/MySQL-3.23.56-1.5.C21mdk.i586.rpm
a364703328b06ed0ab86685b0d868dd3 corporate/2.1/RPMS/MySQL-Max-3.23.56-1.5.C21mdk.i586.rpm
21a1663fc333cd7dfc8a848cd4902f52 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.5.C21mdk.i586.rpm
6345aa681b10768ceba5173eb5b06009 corporate/2.1/RPMS/MySQL-client-3.23.56-1.5.C21mdk.i586.rpm
64f44e65bc1a7946490ac8f8a39b5878 corporate/2.1/SRPMS/MySQL-3.23.56-1.5.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
d644c0e26335e44b1723c867fcb93e1d x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.5.C21mdk.x86_64.rpm
ba290ee12906423085bb64442938082c x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.5.C21mdk.x86_64.rpm
8a46947c51f3e6f871a7b66ec8d78170 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.5.C21mdk.x86_64.rpm
ff382d6baa61f6e15b007529190e88b4 x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.5.C21mdk.x86_64.rpm
271cbb0850f12b123d9388841d123dc0 x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.5.C21mdk.x86_64.rpm
e1ade4431cfb0db410bf668661e9cab4 x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.5.C21mdk.x86_64.rpm
64f44e65bc1a7946490ac8f8a39b5878 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.5.C21mdk.src.rpm
Mandrakelinux 9.1:
84b5e29c73ca4c6a9312cea861844cee 9.1/RPMS/libmysql12-4.0.11a-5.2.91mdk.i586.rpm
da8a3eeef553a51314b2dbd2d838de28 9.1/RPMS/libmysql12-devel-4.0.11a-5.2.91mdk.i586.rpm
c778e675dd5e89bf777dbdc7056e46a5 9.1/RPMS/MySQL-4.0.11a-5.2.91mdk.i586.rpm
5a7742f1ee210b160e8b9b11988c41f6 9.1/RPMS/MySQL-Max-4.0.11a-5.2.91mdk.i586.rpm
3ab9d2ecbbaa73a6e3dabcacb7ce7eb2 9.1/RPMS/MySQL-bench-4.0.11a-5.2.91mdk.i586.rpm
53132555ed6d6ec59a0634b1da46da4e 9.1/RPMS/MySQL-client-4.0.11a-5.2.91mdk.i586.rpm
743eb098d8ca52f237273556e034132d 9.1/RPMS/MySQL-common-4.0.11a-5.2.91mdk.i586.rpm
da5d057b05fd09f04a81d377c4a89cae 9.1/SRPMS/MySQL-4.0.11a-5.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
8505e7a05978f637d0786ab352312878 ppc/9.1/RPMS/libmysql12-4.0.11a-5.2.91mdk.ppc.rpm
7496a584ade59c7e389335328db20853 ppc/9.1/RPMS/libmysql12-devel-4.0.11a-5.2.91mdk.ppc.rpm
943fc9895d394ca4ff3f5f21f4b46a85 ppc/9.1/RPMS/MySQL-4.0.11a-5.2.91mdk.ppc.rpm
df459fce0474aed6d0ba9e2b34fea3a5 ppc/9.1/RPMS/MySQL-Max-4.0.11a-5.2.91mdk.ppc.rpm
e1901d38eb68203218b47fbfa08c1806 ppc/9.1/RPMS/MySQL-bench-4.0.11a-5.2.91mdk.ppc.rpm
a14e0d0c74c182c9ce6fcaf879c18539 ppc/9.1/RPMS/MySQL-client-4.0.11a-5.2.91mdk.ppc.rpm
2c52ddb4e7918698e8a4e278d4f2aca3 ppc/9.1/RPMS/MySQL-common-4.0.11a-5.2.91mdk.ppc.rpm
da5d057b05fd09f04a81d377c4a89cae ppc/9.1/SRPMS/MySQL-4.0.11a-5.2.91mdk.src.rpm
Mandrakelinux 9.2:
96dfe33caef2b9435ad021f1a806a7d6 9.2/RPMS/libmysql12-4.0.15-1.1.92mdk.i586.rpm
61df7fe813aa3ee63810f6609a630f12 9.2/RPMS/libmysql12-devel-4.0.15-1.1.92mdk.i586.rpm
9c24bd6c3ebb4f1be6730c702d64f146 9.2/RPMS/MySQL-4.0.15-1.1.92mdk.i586.rpm
8acf113f397ffedf131b185fbebada9a 9.2/RPMS/MySQL-Max-4.0.15-1.1.92mdk.i586.rpm
29be93a8eee6cd517043068f1abd3100 9.2/RPMS/MySQL-bench-4.0.15-1.1.92mdk.i586.rpm
40c98038ec3188bcd13b12737394ea21 9.2/RPMS/MySQL-client-4.0.15-1.1.92mdk.i586.rpm
bbf926f51acd0555e31d972f92cad773 9.2/RPMS/MySQL-common-4.0.15-1.1.92mdk.i586.rpm
a2266d0dce39d9e58f4daac6ce1dd3c0 9.2/SRPMS/MySQL-4.0.15-1.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
bc27661060d3658e672bf8263a80974a amd64/9.2/RPMS/MySQL-4.0.15-1.1.92mdk.amd64.rpm
b4c71af172961e6c598bceaf72173607 amd64/9.2/RPMS/MySQL-Max-4.0.15-1.1.92mdk.amd64.rpm
c0a53126cc219f54f9ee6d433ab7a0df amd64/9.2/RPMS/MySQL-bench-4.0.15-1.1.92mdk.amd64.rpm
df28d41acd37b15ded63ecc26b84610f amd64/9.2/RPMS/MySQL-client-4.0.15-1.1.92mdk.amd64.rpm
fe3e598e35fd1f3e1c22c3ec231d9164 amd64/9.2/RPMS/MySQL-common-4.0.15-1.1.92mdk.amd64.rpm
a2266d0dce39d9e58f4daac6ce1dd3c0 amd64/9.2/SRPMS/MySQL-4.0.15-1.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
4.
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:035
Date: April 19th, 2004
Affected versions: 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was discovered in samba where a local user could use the smbmnt utility, which is shipped suid root, to mount a file share from a remote server which would contain a setuid program under the control of the user. By executing this setuid program, the local user could elevate their privileges on the local system.
The updated packages are patched to prevent this problem. The version of samba shipped with Mandrakelinux 10.0 does not have this problem. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186
______________________________________________________________________
Updated Packages:
Corporate Server 2.1:
d21438ffa636ecd25e7750b8bdd5703d corporate/2.1/RPMS/nss_wins-2.2.7a-10.1.C21mdk.i586.rpm
b8f666773e8d1e050853f1a50a3c02f9 corporate/2.1/RPMS/samba-client-2.2.7a-10.1.C21mdk.i586.rpm
d81e4fcfe67c7c84045727698e6b1d7f corporate/2.1/RPMS/samba-common-2.2.7a-10.1.C21mdk.i586.rpm
bd0a006adb5e91add323e43e963eb5e6 corporate/2.1/RPMS/samba-server-2.2.7a-10.1.C21mdk.i586.rpm
f680dc58a4ffc59ef4720114f75b7b39 corporate/2.1/RPMS/samba-swat-2.2.7a-10.1.C21mdk.i586.rpm
ab10c41c4df2297d3aa7e3c1aa916523 corporate/2.1/RPMS/samba-winbind-2.2.7a-10.1.C21mdk.i586.rpm
ecec6cb6375d7ae188513869b41f3312 corporate/2.1/SRPMS/samba-2.2.7a-10.1.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
edff5ed0ea6253815e771cb73b119c5b x86_64/corporate/2.1/RPMS/nss_wins-2.2.7a-10.1.C21mdk.x86_64.rpm
74931855e85a943b2e4b443027e9b6be x86_64/corporate/2.1/RPMS/samba-client-2.2.7a-10.1.C21mdk.x86_64.rpm
96985856b520226670bb1c9cdce4b059 x86_64/corporate/2.1/RPMS/samba-common-2.2.7a-10.1.C21mdk.x86_64.rpm
814ffc9eba0c291d72c6b94228391a03 x86_64/corporate/2.1/RPMS/samba-server-2.2.7a-10.1.C21mdk.x86_64.rpm
1fb1b66424f24456c42a4ff29dd6df3f x86_64/corporate/2.1/RPMS/samba-swat-2.2.7a-10.1.C21mdk.x86_64.rpm
f51e1b8b2c741c8c80ee7ca2842b6cda x86_64/corporate/2.1/RPMS/samba-winbind-2.2.7a-10.1.C21mdk.x86_64.rpm
ecec6cb6375d7ae188513869b41f3312 x86_64/corporate/2.1/SRPMS/samba-2.2.7a-10.1.C21mdk.src.rpm
Mandrakelinux 9.1:
0b0f7e967526e258dda77919b816581e 9.1/RPMS/nss_wins-2.2.7a-9.3.91mdk.i586.rpm
347990aa57a8049f9b818b73b7dfc999 9.1/RPMS/samba-client-2.2.7a-9.3.91mdk.i586.rpm
f837a08ba563afb0b90d8f317650d53a 9.1/RPMS/samba-common-2.2.7a-9.3.91mdk.i586.rpm
267059808808f229c4c46489b42a51aa 9.1/RPMS/samba-server-2.2.7a-9.3.91mdk.i586.rpm
f126aede0bc3c567a7a08c0283c646b7 9.1/RPMS/samba-swat-2.2.7a-9.3.91mdk.i586.rpm
7e7073b64c1ea830a7e67141c2126426 9.1/RPMS/samba-winbind-2.2.7a-9.3.91mdk.i586.rpm
37b0189625ab31d636e115b6a5e2c8ba 9.1/SRPMS/samba-2.2.7a-9.3.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
5685d1c563a650a939626363ec886cd9 ppc/9.1/RPMS/nss_wins-2.2.7a-9.3.91mdk.ppc.rpm
2d6a20a9dcb1a77d7492d1f18ddd6e5f ppc/9.1/RPMS/samba-client-2.2.7a-9.3.91mdk.ppc.rpm
a43dc136b3e783dcec9ad3fc9b085141 ppc/9.1/RPMS/samba-common-2.2.7a-9.3.91mdk.ppc.rpm
023bae957f6f623c866ac948999858d7 ppc/9.1/RPMS/samba-server-2.2.7a-9.3.91mdk.ppc.rpm
e7e7b68ade642ee38fa24d8e83f1c0c6 ppc/9.1/RPMS/samba-swat-2.2.7a-9.3.91mdk.ppc.rpm
0d095ca23f539abcb8350ebbf44ac2ac ppc/9.1/RPMS/samba-winbind-2.2.7a-9.3.91mdk.ppc.rpm
37b0189625ab31d636e115b6a5e2c8ba ppc/9.1/SRPMS/samba-2.2.7a-9.3.91mdk.src.rpm
Mandrakelinux 9.2:
4cdbe5d2f84adcede114765ca2137b69 9.2/RPMS/libsmbclient0-2.2.8a-13.1.92mdk.i586.rpm
4c35c1afcffb305312dcdf8965472ccf 9.2/RPMS/libsmbclient0-devel-2.2.8a-13.1.92mdk.i586.rpm
f8b498bce62ab12529f5edff4fb7c674 9.2/RPMS/libsmbclient0-static-devel-2.2.8a-13.1.92mdk.i586.rpm
95253c8785f2c30484e395086d4267b7 9.2/RPMS/nss_wins-2.2.8a-13.1.92mdk.i586.rpm
c5026f96ee77eca5a6dd3c42002e1a56 9.2/RPMS/samba-client-2.2.8a-13.1.92mdk.i586.rpm
4f6e9e99b8bd126a0acd8df1fc589fe0 9.2/RPMS/samba-common-2.2.8a-13.1.92mdk.i586.rpm
299a19bb90f3ac367d9bd2e625760b9e 9.2/RPMS/samba-debug-2.2.8a-13.1.92mdk.i586.rpm
4ccc678b92cb829426d8f3622f87a9a2 9.2/RPMS/samba-server-2.2.8a-13.1.92mdk.i586.rpm
675508dd0bd35458c5ae213d62176d49 9.2/RPMS/samba-swat-2.2.8a-13.1.92mdk.i586.rpm
45311b1de6295589382acbb274c2948c 9.2/RPMS/samba-winbind-2.2.8a-13.1.92mdk.i586.rpm
34b58acde75a4cd4842972d76faa4e42 9.2/SRPMS/samba-2.2.8a-13.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
34b58acde75a4cd4842972d76faa4e42 amd64/9.2/SRPMS/samba-2.2.8a-13.1.92mdk.src.rpm
Multi Network Firewall 8.2:
99885d9835b1283f4992aa9ebc4c7589 mnf8.2/RPMS/samba-client-2.2.7a-9.3.M82mdk.i586.rpm
4dd0757ebe8c8db713a00206c37c647a mnf8.2/RPMS/samba-common-2.2.7a-9.3.M82mdk.i586.rpm
26e6c150b49f6c3e88599554213ae40d mnf8.2/SRPMS/samba-2.2.7a-9.3.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to update.
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesecure.net/en/advisories/
Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandrake for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQCVAwUBQIjcfIpao72zK539AQHF2wP/RuK/oEp8fOvoPd71xczMi6XUCN1uGyiw
ArjFikaPo77W8+i9TcqPh8AY8Q7yyFWg7mF7Tpx0f89nCWfwUg+Rjosvjf4RQFLq
Oq8lB+gEf6HY0Y70HtTpcE5BWdZCdXWOuqatNf2MYxHfutz5I53AzyerpwN04F+Q
Wse+uKc6Ln8=
=F5hL
-----END PGP SIGNATURE-----