[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 790/06 - Three Mandriva Linux Advisories:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------------------
UNIRAS (UK Government CERT) Briefing - 790/06 Dated 30.11.06 Time 13:15
UNIRAS is part of NISCC (the UK National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------------
UNIRAS material is available from the NISCC website at www.niscc.gov.uk
- ---------------------------------------------------------------------------------------
Title
=====
Three Mandriva Linux Advisories:
1. MDKSA-2006:219 - Updated tar packages fix vulnerability
2. MDKA-2006:055 - Updated rpmdrake packages address several issues
3. MDKA-2006:056 - Updated drakxtools packages address several issues
Detail
======
1. GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar
file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in
extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
2. Several bugs were fixed in rpmdrake: - various people saw crashes due to invalid UTF-8 strings (#26099) - edit-urpm-sources.pl
didn't start if urpmi.cfg did not exist (#27336) - MandrivaUpdate got several fixes:
o it was impossible to select an update where there was only one group
(#26135) o all updates are preselected by default (#25271) o all security, bugfix & normal updates were not displayed in "all
updates"
mode (#27268) o default is now "all updates" rather than "security updates"
3. Several bugs were fixed in drakxtools:
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:219
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tar
Date : November 28, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file
that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in
extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
The updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
162f61a8fd27d2056e0412ca2db835ec 2006.0/i586/tar-1.15.1-5.2.20060mdk.i586.rpm
ff8a8b9a0438f72f01fc81ee7d36f303 2006.0/SRPMS/tar-1.15.1-5.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
811ff45e7001afef069d024c496eaaf4 2006.0/x86_64/tar-1.15.1-5.2.20060mdk.x86_64.rpm
ff8a8b9a0438f72f01fc81ee7d36f303 2006.0/SRPMS/tar-1.15.1-5.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
2f2b45550cb57234a437143e78a92ce1 2007.0/i586/tar-1.15.91-1.1mdv2007.0.i586.rpm
7adbb2a696af7e9fbc87702c21555c9e 2007.0/SRPMS/tar-1.15.91-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
ad0aa3bb29ff3cad8842dc0b72054761 2007.0/x86_64/tar-1.15.91-1.1mdv2007.0.x86_64.rpm
7adbb2a696af7e9fbc87702c21555c9e 2007.0/SRPMS/tar-1.15.91-1.1mdv2007.0.src.rpm
Corporate 3.0:
4f64d5d13fc887e2698b59f908d144fd corporate/3.0/i586/tar-1.13.25-11.1.C30mdk.i586.rpm
6f470c1fd005021c072627f4ed720f0b corporate/3.0/SRPMS/tar-1.13.25-11.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
e7ddc900476c0c202abdcedd28cc7893 corporate/3.0/x86_64/tar-1.13.25-11.1.C30mdk.x86_64.rpm
6f470c1fd005021c072627f4ed720f0b corporate/3.0/SRPMS/tar-1.13.25-11.1.C30mdk.src.rpm
Corporate 4.0:
23aaf07731b8a40a67fbd1a0d1f282ad corporate/4.0/i586/tar-1.15.1-5.2.20060mlcs4.i586.rpm
feab531719ee55b58cdb14183d84cfc6 corporate/4.0/SRPMS/tar-1.15.1-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
633ca84b42d52bce291a58c348b1a823 corporate/4.0/x86_64/tar-1.15.1-5.2.20060mlcs4.x86_64.rpm
feab531719ee55b58cdb14183d84cfc6 corporate/4.0/SRPMS/tar-1.15.1-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
3f07efd5980e45ce55f05364f0e1f4bd mnf/2.0/i586/tar-1.13.25-11.1.M20mdk.i586.rpm
0b6cd4ea429d91884e9c2fffbd8d0dbc mnf/2.0/SRPMS/tar-1.13.25-11.1.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFbKMGmqjQ0CJFipgRAmGKAJ9EHoE4gY/eBi8m6Lo/SUnPWSsyZgCg202D
nWZjV7Ob4WVLrfvrkJp2QBI=
=/ryN
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Advisory MDKA-2006:055
http://www.mandriva.com/security/
_______________________________________________________________________
Package : rpmdrake
Date : November 29, 2006
Affected: 2007.0
_______________________________________________________________________
Problem Description:
Several bugs were fixed in rpmdrake: - various people saw crashes due to invalid UTF-8 strings (#26099) - edit-urpm-sources.pl
didn't start if urpmi.cfg did not exist (#27336) - MandrivaUpdate got several fixes:
o it was impossible to select an update where there was only one group
(#26135) o all updates are preselected by default (#25271) o all security, bugfix & normal updates were not displayed in "all
updates"
mode (#27268) o default is now "all updates" rather than "security updates"
_______________________________________________________________________
References:
http://qa.mandriva.com/show_bug.cgi?id=27372
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
807509e587008fde45f09e0e40580bb1 2007.0/i586/park-rpmdrake-3.19-1.1mdv2007.0.i586.rpm
ec432d4e75ed6b30c6c30c573925a680 2007.0/i586/rpmdrake-3.19-1.1mdv2007.0.i586.rpm
aeaaa3b7e8713864a115e86c780ace5a 2007.0/SRPMS/rpmdrake-3.19-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
4c7724ec148009169c01544cf39471e8 2007.0/x86_64/park-rpmdrake-3.19-1.1mdv2007.0.x86_64.rpm
c65a2252856aac1cac429659034a9688 2007.0/x86_64/rpmdrake-3.19-1.1mdv2007.0.x86_64.rpm
aeaaa3b7e8713864a115e86c780ace5a 2007.0/SRPMS/rpmdrake-3.19-1.1mdv2007.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFbh2dmqjQ0CJFipgRApqNAJ4z087k+2bhuq38Lv+52CKNSvs0zQCdH5nw
ShNnUpN/obgzJT7vZE9xqw4=
=eE++
- -----END PGP SIGNATURE-----
3.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Advisory MDKA-2006:056
http://www.mandriva.com/security/
_______________________________________________________________________
Package : drakxtools
Date : November 29, 2006
Affected: 2007.0
_______________________________________________________________________
Problem Description:
Several bugs were fixed in drakxtools:
- it was not possible to start rpmdrake from the menu (#26383) - it was not possible to set up updates media and then distro media
(or the
reverse) in edit-urpm-sources - drakauth: o add encrypted home and pam_mount support o hide password when calling "net join" or
"net ads join" (pixel) - drakbackup: o fix archiver detection/config file replace (stew, #26705, #27180) o do not backup the
backups (Adamw) -
drakboot: support Xen with lilo using mbootpack - drakfirewall: really disable services (#27295) - drakvpn: o add pkcs11 token
support for openvpn o ask password/PIN if needed - drakconnect/drakroam: o detect wireless interfaces with unknown driver, e.g.
rt61 o do not check for
ipw3945 kernel module packages o do not wrongly tell that acx100-firmware can be found in Club or commercial editions (#26475) o
use iwpriv commands to configure WPA on rt2570 and rt61 chipsets o update madwifi URL which was old - finish-install: add encrypted
home and pam_mount support - printerdrake: due to changes in the format of HPLIP's device description XML files, scanner
functionality was not recognized any more (#26567).
_______________________________________________________________________
References:
http://qa.mandriva.com/show_bug.cgi?id=27373
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
0fb7e2cc80d6bd24979e505d47821d7d 2007.0/i586/drakx-finish-install-10.4.81-2.2mdv2007.0.i586.rpm
65bf955f1e51fa132e3c0b843104971b 2007.0/i586/drakxtools-10.4.81-2.2mdv2007.0.i586.rpm
49d1e9d0e3624296a62301e7ff29bef8 2007.0/i586/drakxtools-backend-10.4.81-2.2mdv2007.0.i586.rpm
999c8957740ce83f19931ce74b5ce16d 2007.0/i586/drakxtools-http-10.4.81-2.2mdv2007.0.i586.rpm
6743add9f6a0f8ff0d7637963f5c52a9 2007.0/i586/drakxtools-newt-10.4.81-2.2mdv2007.0.i586.rpm
34cb2145f374fa9070687328b7db0e81 2007.0/i586/harddrake-10.4.81-2.2mdv2007.0.i586.rpm
f18197293d0457f987cc176fa2c15a53 2007.0/i586/harddrake-ui-10.4.81-2.2mdv2007.0.i586.rpm
c1a39660eab5a60044ccf31a0381b2a3 2007.0/SRPMS/drakxtools-10.4.81-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
9bf9f299e93fec92d91584cdc9ec85a5 2007.0/x86_64/drakx-finish-install-10.4.81-2.2mdv2007.0.x86_64.rpm
082b8d5d332d4d4337239315251404f9 2007.0/x86_64/drakxtools-10.4.81-2.2mdv2007.0.x86_64.rpm
7aa9a10de0b7096ae3f39ae3aadb5eb0 2007.0/x86_64/drakxtools-backend-10.4.81-2.2mdv2007.0.x86_64.rpm
23e1604dcebc0e02f48c9922ba47c4d3 2007.0/x86_64/drakxtools-http-10.4.81-2.2mdv2007.0.x86_64.rpm
88ac5e838cd093204fda0f28675c249e 2007.0/x86_64/drakxtools-newt-10.4.81-2.2mdv2007.0.x86_64.rpm
186f9b2fe3cc142508bcf61be7a577e3 2007.0/x86_64/harddrake-10.4.81-2.2mdv2007.0.x86_64.rpm
55fe51353f8ebbd8068a4e146c1ca0a5 2007.0/x86_64/harddrake-ui-10.4.81-2.2mdv2007.0.x86_64.rpm
c1a39660eab5a60044ccf31a0381b2a3 2007.0/SRPMS/drakxtools-10.4.81-2.2mdv2007.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFbiEdmqjQ0CJFipgRAulZAJ9s5qyiE+CjRI4QL0vC4tFaGOMDRgCggTEU
SCz4fxmW4gKsv7UjMwQM6AQ=
=Etjc
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------------------------
NISCC values your feedback.
1. Which of the following most reflects the value of the briefing to you?
(Place an 'X' next to your choice)
Very useful:__ Useful:__ Not useful:__
2. If you did not find it useful, why not?
3. Any other comments? How could we improve our briefings?
Thank you for your contribution.
- ---------------------------------------------------------------------------------------
For additional information or assistance, please contact our help desk by telephone.
You may send Not Protectively Marked information via e-mail to uniras@xxxxxxxxxxxxx
Office hours:
Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749
On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts
- ---------------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information contained
in this briefing.
- ---------------------------------------------------------------------------------------
This notice contains information released by the original author. Some of the information may have changed since it was released. If
the vulnerability affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you
receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not
constitute or imply its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors expressed
within this notice shall not be used for advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions contained within this briefing notice. In
particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information
contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident
Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents,
and to promote information sharing amongst its members and the community at large.
- ---------------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRW7ZFml7oeQsXfKvEQKGAACglcxlWPkbzocAJpH8NjFuXJijixUAn0iY
+0KqHzWi73rhhedxJ+1EPAyU
=iJRo
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________