[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 183/04 - Four Mandrake Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 183/04 dated 23.04.04  Time: 10:10  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four Mandrake Security Advisories:

1. MDKSA-2004:032 - Updated libneon packages fix temporary file insecurities.

2. MDKSA-2004:033 - Updated xine-ui packages fix temporary file insecurities.

3. MDKSA-2004:034 - Updated MySQL packages fix temporary file insecurities.

4. MDKSA-2004:035 - Updated samba packages fix privilege escalation vulnerability.


Detail
====== 

1. A number of various format string vulnerabilities were discovered in  the error output
handling of Neon, the HTTP and WebDAV client library,  by Thomas Wana.  These problems 
affect all versions of Neon from 0.19.0  up to and including 0.24.4.

2. Shaun Colley discovered a temporary file vulnerability in the  xine-check script 
packaged in xine-ui.  This problem could allow  local attackers to overwrite arbitrary 
files with the privileges  of the user invoking the script.

3. Shaun Colley discovered that two scripts distributed with MySQL, the  'mysqld_multi'
and 'mysqlbug' scripts, did not create temporary files  in a secure fashion.  An 
attacker could create symbolic links in /tmp  that could allow for overwriting of files
with the privileges of the  user running the scripts.

4. A vulnerability was discovered in samba where a local user could use  the smbmnt utility, 
which is shipped suid root, to mount a file share  from a remote server which would contain
a setuid program under the  control of the user.  By executing this setuid program, the local
user  could elevate their privileges on the local system.




1.               Mandrakelinux Security Update Advisory 
 _______________________________________________________________________

 Package name:           libneon
 Advisory ID:            MDKSA-2004:032
 Date:                   April 19th, 2004

 Affected versions:	 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 A number of various format string vulnerabilities were discovered in  the error output handling of Neon, the HTTP and WebDAV client library,  by Thomas Wana.  These problems affect all versions of Neon from 0.19.0  up to and including 0.24.4.
 
 All users are encouraged to upgrade.  All client software using this  library is affected.  _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5016f52573f0dbac1ac0b6ddf0ba4808  10.0/RPMS/libneon0.24-0.24.5-0.1.100mdk.i586.rpm
 6b60b330eedc14d35b908575ce41bd66  10.0/RPMS/libneon0.24-devel-0.24.5-0.1.100mdk.i586.rpm
 55323bb21b265acd84e305f1d965eecc  10.0/RPMS/libneon0.24-static-devel-0.24.5-0.1.100mdk.i586.rpm
 a2f6b036d1324c66a8c4f4cf7ea63c60  10.0/SRPMS/libneon-0.24.5-0.1.100mdk.src.rpm

 Mandrakelinux 9.2:
 27cfdb8b6d01ff35b66e0fc2869c3684  9.2/RPMS/libneon0.24-0.24.5-0.1.92mdk.i586.rpm
 4966905b742a48ca8217eeaaff61351f  9.2/RPMS/libneon0.24-devel-0.24.5-0.1.92mdk.i586.rpm
 f262d63f9a86605c63fa8aadfe486631  9.2/RPMS/libneon0.24-static-devel-0.24.5-0.1.92mdk.i586.rpm
 d4ea9089a6fe7b09f6effe42027135e9  9.2/SRPMS/libneon-0.24.5-0.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 6ce668f23e819a8b4fc646f0f2e5357d  amd64/9.2/RPMS/lib64neon0.24-0.24.5-0.1.92mdk.amd64.rpm
 97185368e90d2faff99c1e5655535a42  amd64/9.2/RPMS/lib64neon0.24-devel-0.24.5-0.1.92mdk.amd64.rpm
 20dec52552e5d6f903b374dd4b87d939  amd64/9.2/RPMS/lib64neon0.24-static-devel-0.24.5-0.1.92mdk.amd64.rpm
 d4ea9089a6fe7b09f6effe42027135e9  amd64/9.2/SRPMS/libneon-0.24.5-0.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain  the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to  update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that  anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)






2. 
 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
  _______________________________________________________________________

 Package name:           xine-ui
 Advisory ID:            MDKSA-2004:033
 Date:                   April 19th, 2004

 Affected versions:	 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 Shaun Colley discovered a temporary file vulnerability in the  xine-check script packaged in xine-ui.  This problem could allow  local attackers to overwrite arbitrary files with the privileges  of the user invoking the script.
 
 The updated packages change the location of where temporary files are  written to prevent this attack.  _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0372
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 1714c3fa35832f5ada17d213af09b3b4  10.0/RPMS/xine-ui-0.9.23-3.1.100mdk.i586.rpm
 f3e7f13333911081911e1e3e56467086  10.0/RPMS/xine-ui-aa-0.9.23-3.1.100mdk.i586.rpm
 d99946b43d7e310293fbee034ae49088  10.0/RPMS/xine-ui-fb-0.9.23-3.1.100mdk.i586.rpm
 7d0e0c86903ae3ec637e530aff618aaa  10.0/SRPMS/xine-ui-0.9.23-3.1.100mdk.src.rpm

 Mandrakelinux 9.2:
 fd89a4277193fb04b9064e707f483c85  9.2/RPMS/xine-ui-0.9.22-5.1.92mdk.i586.rpm
 908daf85477337315204d02247aa0bd8  9.2/RPMS/xine-ui-aa-0.9.22-5.1.92mdk.i586.rpm
 26a9e7de5ef8789b379e4a5b5f649324  9.2/RPMS/xine-ui-fb-0.9.22-5.1.92mdk.i586.rpm
 8abda9bffeebda43ae4ff1ce93370713  9.2/SRPMS/xine-ui-0.9.22-5.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 f6fe57ad2fa8d3920f6b53035e7e21fd  amd64/9.2/RPMS/xine-ui-0.9.22-5.1.92mdk.amd64.rpm
 5e1271856904b37335d7a3452e68d89a  amd64/9.2/RPMS/xine-ui-aa-0.9.22-5.1.92mdk.amd64.rpm
 8350075744c766b7c732b3678573e1f9  amd64/9.2/RPMS/xine-ui-fb-0.9.22-5.1.92mdk.amd64.rpm
 8abda9bffeebda43ae4ff1ce93370713  amd64/9.2/SRPMS/xine-ui-0.9.22-5.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain  the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to  update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that  anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)





3._______________________________________________________________

                 Mandrakelinux Security Update Advisory 
 _______________________________________________________________________

 Package name:           MySQL
 Advisory ID:            MDKSA-2004:034
 Date:                   April 19th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Shaun Colley discovered that two scripts distributed with MySQL, the  'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files  in a secure fashion.  An attacker could create symbolic links in /tmp  that could allow for overwriting of files with the privileges of the  user running the scripts.
 
 The scripts have been patched in the updated packages to prevent this  behaviour.  _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 d1a9cc7377fb76d8efb792f78890ca67  10.0/RPMS/libmysql12-4.0.18-1.1.100mdk.i586.rpm
 ad512544a05b95fac5ccdcdb770adbf6  10.0/RPMS/libmysql12-devel-4.0.18-1.1.100mdk.i586.rpm
 df1bb8fab4d5cee5b0965afbe7eeff1d  10.0/RPMS/MySQL-4.0.18-1.1.100mdk.i586.rpm
 94e8d5d4313de5dcbffa65de1271b68f  10.0/RPMS/MySQL-Max-4.0.18-1.1.100mdk.i586.rpm
 cfc0586f2d3627efa53310d50486eafb  10.0/RPMS/MySQL-bench-4.0.18-1.1.100mdk.i586.rpm
 bb91503c579f0e43d844fb9d82933052  10.0/RPMS/MySQL-client-4.0.18-1.1.100mdk.i586.rpm
 c74ab4f5627f00e5f580c7cfd1a50f83  10.0/RPMS/MySQL-common-4.0.18-1.1.100mdk.i586.rpm
 7d2a9a655e15b264611d8dd61a41cc68  10.0/SRPMS/MySQL-4.0.18-1.1.100mdk.src.rpm

 Corporate Server 2.1:
 196c8c4ff065846e81a5e734de3fa67c  corporate/2.1/RPMS/libmysql10-3.23.56-1.5.C21mdk.i586.rpm
 cab34d2f0bfdb10e9280cd3712fe1b64  corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.5.C21mdk.i586.rpm
 1e3d0af27128254f244e2c5d510a3587  corporate/2.1/RPMS/MySQL-3.23.56-1.5.C21mdk.i586.rpm
 a364703328b06ed0ab86685b0d868dd3  corporate/2.1/RPMS/MySQL-Max-3.23.56-1.5.C21mdk.i586.rpm
 21a1663fc333cd7dfc8a848cd4902f52  corporate/2.1/RPMS/MySQL-bench-3.23.56-1.5.C21mdk.i586.rpm
 6345aa681b10768ceba5173eb5b06009  corporate/2.1/RPMS/MySQL-client-3.23.56-1.5.C21mdk.i586.rpm
 64f44e65bc1a7946490ac8f8a39b5878  corporate/2.1/SRPMS/MySQL-3.23.56-1.5.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 d644c0e26335e44b1723c867fcb93e1d  x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.5.C21mdk.x86_64.rpm
 ba290ee12906423085bb64442938082c  x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.5.C21mdk.x86_64.rpm
 8a46947c51f3e6f871a7b66ec8d78170  x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.5.C21mdk.x86_64.rpm
 ff382d6baa61f6e15b007529190e88b4  x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.5.C21mdk.x86_64.rpm
 271cbb0850f12b123d9388841d123dc0  x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.5.C21mdk.x86_64.rpm
 e1ade4431cfb0db410bf668661e9cab4  x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.5.C21mdk.x86_64.rpm
 64f44e65bc1a7946490ac8f8a39b5878  x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.5.C21mdk.src.rpm

 Mandrakelinux 9.1:
 84b5e29c73ca4c6a9312cea861844cee  9.1/RPMS/libmysql12-4.0.11a-5.2.91mdk.i586.rpm
 da8a3eeef553a51314b2dbd2d838de28  9.1/RPMS/libmysql12-devel-4.0.11a-5.2.91mdk.i586.rpm
 c778e675dd5e89bf777dbdc7056e46a5  9.1/RPMS/MySQL-4.0.11a-5.2.91mdk.i586.rpm
 5a7742f1ee210b160e8b9b11988c41f6  9.1/RPMS/MySQL-Max-4.0.11a-5.2.91mdk.i586.rpm
 3ab9d2ecbbaa73a6e3dabcacb7ce7eb2  9.1/RPMS/MySQL-bench-4.0.11a-5.2.91mdk.i586.rpm
 53132555ed6d6ec59a0634b1da46da4e  9.1/RPMS/MySQL-client-4.0.11a-5.2.91mdk.i586.rpm
 743eb098d8ca52f237273556e034132d  9.1/RPMS/MySQL-common-4.0.11a-5.2.91mdk.i586.rpm
 da5d057b05fd09f04a81d377c4a89cae  9.1/SRPMS/MySQL-4.0.11a-5.2.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 8505e7a05978f637d0786ab352312878  ppc/9.1/RPMS/libmysql12-4.0.11a-5.2.91mdk.ppc.rpm
 7496a584ade59c7e389335328db20853  ppc/9.1/RPMS/libmysql12-devel-4.0.11a-5.2.91mdk.ppc.rpm
 943fc9895d394ca4ff3f5f21f4b46a85  ppc/9.1/RPMS/MySQL-4.0.11a-5.2.91mdk.ppc.rpm
 df459fce0474aed6d0ba9e2b34fea3a5  ppc/9.1/RPMS/MySQL-Max-4.0.11a-5.2.91mdk.ppc.rpm
 e1901d38eb68203218b47fbfa08c1806  ppc/9.1/RPMS/MySQL-bench-4.0.11a-5.2.91mdk.ppc.rpm
 a14e0d0c74c182c9ce6fcaf879c18539  ppc/9.1/RPMS/MySQL-client-4.0.11a-5.2.91mdk.ppc.rpm
 2c52ddb4e7918698e8a4e278d4f2aca3  ppc/9.1/RPMS/MySQL-common-4.0.11a-5.2.91mdk.ppc.rpm
 da5d057b05fd09f04a81d377c4a89cae  ppc/9.1/SRPMS/MySQL-4.0.11a-5.2.91mdk.src.rpm

 Mandrakelinux 9.2:
 96dfe33caef2b9435ad021f1a806a7d6  9.2/RPMS/libmysql12-4.0.15-1.1.92mdk.i586.rpm
 61df7fe813aa3ee63810f6609a630f12  9.2/RPMS/libmysql12-devel-4.0.15-1.1.92mdk.i586.rpm
 9c24bd6c3ebb4f1be6730c702d64f146  9.2/RPMS/MySQL-4.0.15-1.1.92mdk.i586.rpm
 8acf113f397ffedf131b185fbebada9a  9.2/RPMS/MySQL-Max-4.0.15-1.1.92mdk.i586.rpm
 29be93a8eee6cd517043068f1abd3100  9.2/RPMS/MySQL-bench-4.0.15-1.1.92mdk.i586.rpm
 40c98038ec3188bcd13b12737394ea21  9.2/RPMS/MySQL-client-4.0.15-1.1.92mdk.i586.rpm
 bbf926f51acd0555e31d972f92cad773  9.2/RPMS/MySQL-common-4.0.15-1.1.92mdk.i586.rpm
 a2266d0dce39d9e58f4daac6ce1dd3c0  9.2/SRPMS/MySQL-4.0.15-1.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 bc27661060d3658e672bf8263a80974a  amd64/9.2/RPMS/MySQL-4.0.15-1.1.92mdk.amd64.rpm
 b4c71af172961e6c598bceaf72173607  amd64/9.2/RPMS/MySQL-Max-4.0.15-1.1.92mdk.amd64.rpm
 c0a53126cc219f54f9ee6d433ab7a0df  amd64/9.2/RPMS/MySQL-bench-4.0.15-1.1.92mdk.amd64.rpm
 df28d41acd37b15ded63ecc26b84610f  amd64/9.2/RPMS/MySQL-client-4.0.15-1.1.92mdk.amd64.rpm
 fe3e598e35fd1f3e1c22c3ec231d9164  amd64/9.2/RPMS/MySQL-common-4.0.15-1.1.92mdk.amd64.rpm
 a2266d0dce39d9e58f4daac6ce1dd3c0  amd64/9.2/SRPMS/MySQL-4.0.15-1.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain  the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to  update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that  anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)




4. 
 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory 
 _______________________________________________________________________

 Package name:           samba
 Advisory ID:            MDKSA-2004:035
 Date:                   April 19th, 2004

 Affected versions:	 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2 
 ______________________________________________________________________

 Problem Description:

 A vulnerability was discovered in samba where a local user could use  the smbmnt utility, which is shipped suid root, to mount a file share  from a remote server which would contain a setuid program under the  control of the user.  By executing this setuid program, the local user  could elevate their privileges on the local system.
 
 The updated packages are patched to prevent this problem.  The version  of samba shipped with Mandrakelinux 10.0 does not have this problem.  _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 d21438ffa636ecd25e7750b8bdd5703d  corporate/2.1/RPMS/nss_wins-2.2.7a-10.1.C21mdk.i586.rpm
 b8f666773e8d1e050853f1a50a3c02f9  corporate/2.1/RPMS/samba-client-2.2.7a-10.1.C21mdk.i586.rpm
 d81e4fcfe67c7c84045727698e6b1d7f  corporate/2.1/RPMS/samba-common-2.2.7a-10.1.C21mdk.i586.rpm
 bd0a006adb5e91add323e43e963eb5e6  corporate/2.1/RPMS/samba-server-2.2.7a-10.1.C21mdk.i586.rpm
 f680dc58a4ffc59ef4720114f75b7b39  corporate/2.1/RPMS/samba-swat-2.2.7a-10.1.C21mdk.i586.rpm
 ab10c41c4df2297d3aa7e3c1aa916523  corporate/2.1/RPMS/samba-winbind-2.2.7a-10.1.C21mdk.i586.rpm
 ecec6cb6375d7ae188513869b41f3312  corporate/2.1/SRPMS/samba-2.2.7a-10.1.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 edff5ed0ea6253815e771cb73b119c5b  x86_64/corporate/2.1/RPMS/nss_wins-2.2.7a-10.1.C21mdk.x86_64.rpm
 74931855e85a943b2e4b443027e9b6be  x86_64/corporate/2.1/RPMS/samba-client-2.2.7a-10.1.C21mdk.x86_64.rpm
 96985856b520226670bb1c9cdce4b059  x86_64/corporate/2.1/RPMS/samba-common-2.2.7a-10.1.C21mdk.x86_64.rpm
 814ffc9eba0c291d72c6b94228391a03  x86_64/corporate/2.1/RPMS/samba-server-2.2.7a-10.1.C21mdk.x86_64.rpm
 1fb1b66424f24456c42a4ff29dd6df3f  x86_64/corporate/2.1/RPMS/samba-swat-2.2.7a-10.1.C21mdk.x86_64.rpm
 f51e1b8b2c741c8c80ee7ca2842b6cda  x86_64/corporate/2.1/RPMS/samba-winbind-2.2.7a-10.1.C21mdk.x86_64.rpm
 ecec6cb6375d7ae188513869b41f3312  x86_64/corporate/2.1/SRPMS/samba-2.2.7a-10.1.C21mdk.src.rpm

 Mandrakelinux 9.1:
 0b0f7e967526e258dda77919b816581e  9.1/RPMS/nss_wins-2.2.7a-9.3.91mdk.i586.rpm
 347990aa57a8049f9b818b73b7dfc999  9.1/RPMS/samba-client-2.2.7a-9.3.91mdk.i586.rpm
 f837a08ba563afb0b90d8f317650d53a  9.1/RPMS/samba-common-2.2.7a-9.3.91mdk.i586.rpm
 267059808808f229c4c46489b42a51aa  9.1/RPMS/samba-server-2.2.7a-9.3.91mdk.i586.rpm
 f126aede0bc3c567a7a08c0283c646b7  9.1/RPMS/samba-swat-2.2.7a-9.3.91mdk.i586.rpm
 7e7073b64c1ea830a7e67141c2126426  9.1/RPMS/samba-winbind-2.2.7a-9.3.91mdk.i586.rpm
 37b0189625ab31d636e115b6a5e2c8ba  9.1/SRPMS/samba-2.2.7a-9.3.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 5685d1c563a650a939626363ec886cd9  ppc/9.1/RPMS/nss_wins-2.2.7a-9.3.91mdk.ppc.rpm
 2d6a20a9dcb1a77d7492d1f18ddd6e5f  ppc/9.1/RPMS/samba-client-2.2.7a-9.3.91mdk.ppc.rpm
 a43dc136b3e783dcec9ad3fc9b085141  ppc/9.1/RPMS/samba-common-2.2.7a-9.3.91mdk.ppc.rpm
 023bae957f6f623c866ac948999858d7  ppc/9.1/RPMS/samba-server-2.2.7a-9.3.91mdk.ppc.rpm
 e7e7b68ade642ee38fa24d8e83f1c0c6  ppc/9.1/RPMS/samba-swat-2.2.7a-9.3.91mdk.ppc.rpm
 0d095ca23f539abcb8350ebbf44ac2ac  ppc/9.1/RPMS/samba-winbind-2.2.7a-9.3.91mdk.ppc.rpm
 37b0189625ab31d636e115b6a5e2c8ba  ppc/9.1/SRPMS/samba-2.2.7a-9.3.91mdk.src.rpm

 Mandrakelinux 9.2:
 4cdbe5d2f84adcede114765ca2137b69  9.2/RPMS/libsmbclient0-2.2.8a-13.1.92mdk.i586.rpm
 4c35c1afcffb305312dcdf8965472ccf  9.2/RPMS/libsmbclient0-devel-2.2.8a-13.1.92mdk.i586.rpm
 f8b498bce62ab12529f5edff4fb7c674  9.2/RPMS/libsmbclient0-static-devel-2.2.8a-13.1.92mdk.i586.rpm
 95253c8785f2c30484e395086d4267b7  9.2/RPMS/nss_wins-2.2.8a-13.1.92mdk.i586.rpm
 c5026f96ee77eca5a6dd3c42002e1a56  9.2/RPMS/samba-client-2.2.8a-13.1.92mdk.i586.rpm
 4f6e9e99b8bd126a0acd8df1fc589fe0  9.2/RPMS/samba-common-2.2.8a-13.1.92mdk.i586.rpm
 299a19bb90f3ac367d9bd2e625760b9e  9.2/RPMS/samba-debug-2.2.8a-13.1.92mdk.i586.rpm
 4ccc678b92cb829426d8f3622f87a9a2  9.2/RPMS/samba-server-2.2.8a-13.1.92mdk.i586.rpm
 675508dd0bd35458c5ae213d62176d49  9.2/RPMS/samba-swat-2.2.8a-13.1.92mdk.i586.rpm
 45311b1de6295589382acbb274c2948c  9.2/RPMS/samba-winbind-2.2.8a-13.1.92mdk.i586.rpm
 34b58acde75a4cd4842972d76faa4e42  9.2/SRPMS/samba-2.2.8a-13.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 34b58acde75a4cd4842972d76faa4e42  amd64/9.2/SRPMS/samba-2.2.8a-13.1.92mdk.src.rpm

 Multi Network Firewall 8.2:
 99885d9835b1283f4992aa9ebc4c7589  mnf8.2/RPMS/samba-client-2.2.7a-9.3.M82mdk.i586.rpm
 4dd0757ebe8c8db713a00206c37c647a  mnf8.2/RPMS/samba-common-2.2.7a-9.3.M82mdk.i586.rpm
 26e6c150b49f6c3e88599554213ae40d  mnf8.2/SRPMS/samba-2.2.7a-9.3.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain  the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to  update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that  anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandrake for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQIjcfIpao72zK539AQHF2wP/RuK/oEp8fOvoPd71xczMi6XUCN1uGyiw
ArjFikaPo77W8+i9TcqPh8AY8Q7yyFWg7mF7Tpx0f89nCWfwUg+Rjosvjf4RQFLq
Oq8lB+gEf6HY0Y70HtTpcE5BWdZCdXWOuqatNf2MYxHfutz5I53AzyerpwN04F+Q
Wse+uKc6Ln8=
=F5hL
-----END PGP SIGNATURE-----