-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:051 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gettext Date : February 28, 2006 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: The Trustix developers discovered temporary file vulnerabilities in the autopoint and gettextize scripts, part of GNU gettext. These scripts insecurely created temporary files which could allow a malicious user to overwrite another user's files via a symlink attack. The updated packages have been patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0966 _______________________________________________________________________ Updated Packages: Corporate 3.0: 3e90a65b63c6cef50ea2362b97d601af corporate/3.0/RPMS/gettext-0.13.1-1.3.C30mdk.i586.rpm 88645a36cc137b6d15baff31df84bb5f corporate/3.0/RPMS/gettext-base-0.13.1-1.3.C30mdk.i586.rpm 122cf7a4d0173cd80c3c6a388b76ec5a corporate/3.0/RPMS/gettext-devel-0.13.1-1.3.C30mdk.i586.rpm d9e9d121c5833e80c9bbd642af24fb40 corporate/3.0/RPMS/gettext-java-0.13.1-1.3.C30mdk.i586.rpm 7aa6d70debb3c1814333fca662e23cac corporate/3.0/RPMS/libgettextmisc-0.13.1-1.3.C30mdk.i586.rpm cfe279f682d65f910505e069b911d7c7 corporate/3.0/RPMS/libintl2-0.13.1-1.3.C30mdk.i586.rpm fc15df73311804bf0fd371fa9682c0c5 corporate/3.0/SRPMS/gettext-0.13.1-1.3.C30mdk.src.rpm Corporate 3.0/X86_64: c3648f970e7794014773ddedd68eaf91 x86_64/corporate/3.0/RPMS/gettext-0.13.1-1.3.C30mdk.x86_64.rpm d876576394822262df7e2351775c1aaa x86_64/corporate/3.0/RPMS/gettext-base-0.13.1-1.3.C30mdk.x86_64.rpm af77cf6ee5a7d238ec122fbc4af7d353 x86_64/corporate/3.0/RPMS/gettext-devel-0.13.1-1.3.C30mdk.x86_64.rpm 1173d049f6621cd8ff8d0396d24eb097 x86_64/corporate/3.0/RPMS/gettext-java-0.13.1-1.3.C30mdk.x86_64.rpm f757f8a584bfc7ebd99d13a92415241b x86_64/corporate/3.0/RPMS/lib64gettextmisc-0.13.1-1.3.C30mdk.x86_64.rpm ecb7b9c26a607287c10f12bc70d5ffa9 x86_64/corporate/3.0/RPMS/lib64intl2-0.13.1-1.3.C30mdk.x86_64.rpm fc15df73311804bf0fd371fa9682c0c5 x86_64/corporate/3.0/SRPMS/gettext-0.13.1-1.3.C30mdk.src.rpm Multi Network Firewall 2.0: bf7a130a64632e27c4c0e35bcce1838d mnf/2.0/RPMS/gettext-0.13.1-1.3.M20mdk.i586.rpm 26b569b31b5786eb3dc90c466ad42951 mnf/2.0/RPMS/gettext-base-0.13.1-1.3.M20mdk.i586.rpm 513319968508b7d6c22135aed2a4ebcf mnf/2.0/RPMS/gettext-devel-0.13.1-1.3.M20mdk.i586.rpm 8ebc491dd574ec6e9624776b39adb08e mnf/2.0/RPMS/gettext-java-0.13.1-1.3.M20mdk.i586.rpm d7efcc35298ade62c0d21b75cec11d35 mnf/2.0/RPMS/libgettextmisc-0.13.1-1.3.M20mdk.i586.rpm d0993ab7f263642207f1ae95f4861525 mnf/2.0/RPMS/libintl2-0.13.1-1.3.M20mdk.i586.rpm 76fec48911a57db5edad551ae40cb3d1 mnf/2.0/SRPMS/gettext-0.13.1-1.3.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFEBKdDmqjQ0CJFipgRAhZHAJ9pXeM/Z7BFLAZ1zymn5CDFGiDNjQCgyy01 o5an648yuWxgj8BfvaEBjws= =aKl0 -----END PGP SIGNATURE-----
