Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

After 16 Years, Pidgin 3 Takes Its First Steps

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Good Advice

Straight frwd run archinstall 3.0.0 crashes in pipewiire section

Hyprland 0.45.0 has just been released for Arch Linux based

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Mandrake security alert: Updated utempter packages fix several vulnerabilities

Posted by dave on Apr 19, 2004 12:42 PM EDT
Mailing list; By Mandrake Linux Security Team <security@linux-mandrake.com>

Mail this story
Print this story

Steve Grubb discovered two potential issues in the utempter program.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           utempter
 Advisory ID:            MDKSA-2004:031
 Date:                   April 19th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Steve Grubb discovered two potential issues in the utempter program:
 
 1) If the path to the device contained /../ or /./ or //, the                 
 program was not exiting as it should. It would be possible to use something 
 like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked 
 to another important file, programs that have root privileges that do no 
 further validation can then overwrite whatever the symlink pointed to.
                                                                                
 2) Several calls to strncpy without a manual termination of the string.
 This would most likely crash utempter.
 
 The updated packages are patched to correct these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 e5458d8e68dd55b2dcface9f2ead71cd  10.0/RPMS/libutempter0-0.5.2-12.1.100mdk.i586.rpm
 366d48de884799751c7110f84d835cc0  10.0/RPMS/libutempter0-devel-0.5.2-12.1.100mdk.i586.rpm
 6eabf21bdf9d7eba1a86fac4589e5714  10.0/RPMS/utempter-0.5.2-12.1.100mdk.i586.rpm
 52a5e2fa807981cba7156213684bb9ce  10.0/SRPMS/utempter-0.5.2-12.1.100mdk.src.rpm

 Corporate Server 2.1:
 c16478b61d52db976f712b5817bbf167  corporate/2.1/RPMS/libutempter0-0.5.2-11.1.C21mdk.i586.rpm
 7f74bd805709457dfb71a3bdc91f2577  corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.1.C21mdk.i586.rpm
 eb25144f12a1d93d7d9634964a1d7bbd  corporate/2.1/RPMS/utempter-0.5.2-11.1.C21mdk.i586.rpm
 ef9fe684449e0faaf59be81ed63df284  corporate/2.1/SRPMS/utempter-0.5.2-11.1.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 284d5f6f9bded143a8d26c8062eb9e70  x86_64/corporate/2.1/RPMS/libutempter0-0.5.2-11.1.C21mdk.x86_64.rpm
 62ada7f5235b513c978dc8eea2184b8b  x86_64/corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.1.C21mdk.x86_64.rpm
 8755f9214bb5412a204b24e6cce68ab5  x86_64/corporate/2.1/RPMS/utempter-0.5.2-11.1.C21mdk.x86_64.rpm
 ef9fe684449e0faaf59be81ed63df284  x86_64/corporate/2.1/SRPMS/utempter-0.5.2-11.1.C21mdk.src.rpm

 Mandrakelinux 9.1:
 ff42f22d509bf90dc87c29acf970548b  9.1/RPMS/libutempter0-0.5.2-10.1.91mdk.i586.rpm
 7f100656a81b88e2ddc0f1a3ffd6cc1d  9.1/RPMS/libutempter0-devel-0.5.2-10.1.91mdk.i586.rpm
 ae56735580eaff60027404a27843b28f  9.1/RPMS/utempter-0.5.2-10.1.91mdk.i586.rpm
 1f308d636a246978a66f79802467e09b  9.1/SRPMS/utempter-0.5.2-10.1.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 1c72b8d5bf1e88e267fdd818094f1d52  ppc/9.1/RPMS/libutempter0-0.5.2-10.1.91mdk.ppc.rpm
 45e56e24d73c0744460908206164bad6  ppc/9.1/RPMS/libutempter0-devel-0.5.2-10.1.91mdk.ppc.rpm
 218199c662a394416a5b37ce95fe69fe  ppc/9.1/RPMS/utempter-0.5.2-10.1.91mdk.ppc.rpm
 1f308d636a246978a66f79802467e09b  ppc/9.1/SRPMS/utempter-0.5.2-10.1.91mdk.src.rpm

 Mandrakelinux 9.2:
 90522a1350a48e3527ac5d62e9f42d02  9.2/RPMS/libutempter0-0.5.2-12.1.92mdk.i586.rpm
 93cc7f6b06e932fb669cf4f6e76d219f  9.2/RPMS/libutempter0-devel-0.5.2-12.1.92mdk.i586.rpm
 9295f7ce85188523ef2ddf02e2137d4b  9.2/RPMS/utempter-0.5.2-12.1.92mdk.i586.rpm
 6bcb323d7d50949a1b4f8bae5bd84fd6  9.2/SRPMS/utempter-0.5.2-12.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 92b815911cfc95b1fe982b1e6d34fbe9  amd64/9.2/RPMS/lib64utempter0-0.5.2-12.1.92mdk.amd64.rpm
 7e5c27d4817e8bd1cb661baf4fa2098d  amd64/9.2/RPMS/lib64utempter0-devel-0.5.2-12.1.92mdk.amd64.rpm
 d83101f51887fa4576ba70bd44dc96d4  amd64/9.2/RPMS/utempter-0.5.2-12.1.92mdk.amd64.rpm
 6bcb323d7d50949a1b4f8bae5bd84fd6  amd64/9.2/SRPMS/utempter-0.5.2-12.1.92mdk.src.rpm

 Multi Network Firewall 8.2:
 4a73fd406115139f44a96595d7a7d636  mnf8.2/RPMS/libutempter0-0.5.2-5.1.M82mdk.i586.rpm
 4ec3be7ee3b1afc20cee08edd699d88c  mnf8.2/RPMS/libutempter0-devel-0.5.2-5.1.M82mdk.i586.rpm
 6f88c9436293c120c90877f12d8426a9  mnf8.2/RPMS/utempter-0.5.2-5.1.M82mdk.i586.rpm
 273359b6f93965a0995a6c11cf3a1d77  mnf8.2/SRPMS/utempter-0.5.2-5.1.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAhB+AmqjQ0CJFipgRAph7AKDlya68fexJ14qf1DchzBMhGBA+0gCgsOEM
aRlgv9npCuiEhF7aWN+PaJg=
=5mCk
-----END PGP SIGNATURE-----

[PARSEASHTML]

Nav

» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software