-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:154 http://www.mandriva.com/security/ _______________________________________________________________________ Package : lesstif Date : August 28, 2006 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program. The updated packages have been rebuilt with the --enable-production configure switch in order to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4124 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 5a2095ef8f223e31d66537eb8f4208e7 2006.0/RPMS/lesstif-0.93.94-4.2.20060mdk.i586.rpm 9f25125b71b97ed2a3e55933170a8c5e 2006.0/RPMS/lesstif-clients-0.93.94-4.2.20060mdk.i586.rpm dc5645d0866df7c724d6ccd2a6b4551f 2006.0/RPMS/lesstif-devel-0.93.94-4.2.20060mdk.i586.rpm b8b7e00f812b9a401c2e788eb8b2f25e 2006.0/RPMS/lesstif-mwm-0.93.94-4.2.20060mdk.i586.rpm d2ff104b736c1353ab938605a2933409 2006.0/RPMS/liblesstif1-0.93.94-4.2.20060mdk.i586.rpm d8a34a5cf582b928b04a045023855583 2006.0/RPMS/liblesstif2-0.93.94-4.2.20060mdk.i586.rpm c6d1ccdedfc29596ad3c16d3673ab02e 2006.0/SRPMS/lesstif-0.93.94-4.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 0200601fca4f4b46b90ac6ee753a494d x86_64/2006.0/RPMS/lesstif-0.93.94-4.2.20060mdk.x86_64.rpm 9d6303a17d8d96755a4d24632dbfa97b x86_64/2006.0/RPMS/lesstif-clients-0.93.94-4.2.20060mdk.x86_64.rpm 360f72d386d714c965f777aa2271734b x86_64/2006.0/RPMS/lesstif-devel-0.93.94-4.2.20060mdk.x86_64.rpm 0b24f9b55fa69494dbcb06e24be2300b x86_64/2006.0/RPMS/lesstif-mwm-0.93.94-4.2.20060mdk.x86_64.rpm 747cfa1520babbfbbbdbca0efb7fab5e x86_64/2006.0/RPMS/lib64lesstif1-0.93.94-4.2.20060mdk.x86_64.rpm c816c37d83b85770e1001667ee539d70 x86_64/2006.0/RPMS/lib64lesstif2-0.93.94-4.2.20060mdk.x86_64.rpm d2ff104b736c1353ab938605a2933409 x86_64/2006.0/RPMS/liblesstif1-0.93.94-4.2.20060mdk.i586.rpm d8a34a5cf582b928b04a045023855583 x86_64/2006.0/RPMS/liblesstif2-0.93.94-4.2.20060mdk.i586.rpm c6d1ccdedfc29596ad3c16d3673ab02e x86_64/2006.0/SRPMS/lesstif-0.93.94-4.2.20060mdk.src.rpm Corporate 3.0: c7cee6a1237c5c06768232890e5c9b75 corporate/3.0/RPMS/lesstif-0.93.94-1.1.C30mdk.i586.rpm c49db462160fff3aa6dc9c0690cb7c86 corporate/3.0/RPMS/lesstif-clients-0.93.94-1.1.C30mdk.i586.rpm bac4c3dc97d33fec236e5f92801c64ca corporate/3.0/RPMS/lesstif-devel-0.93.94-1.1.C30mdk.i586.rpm 3f4cbdbbdfd5d1e83d8236ce37c81f9c corporate/3.0/RPMS/lesstif-mwm-0.93.94-1.1.C30mdk.i586.rpm c5cfffe6870b88fc12220c2b9a45138b corporate/3.0/SRPMS/lesstif-0.93.94-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: eadc97c5094cd92c57d97cbde382fb5f x86_64/corporate/3.0/RPMS/lesstif-0.93.94-1.1.C30mdk.x86_64.rpm 852cb3b36147975aa1a53b371c1b6a86 x86_64/corporate/3.0/RPMS/lesstif-clients-0.93.94-1.1.C30mdk.x86_64.rpm 947c9bcb69de35c3eea430f877452d10 x86_64/corporate/3.0/RPMS/lesstif-devel-0.93.94-1.1.C30mdk.x86_64.rpm 754bc9a74f9b50ddf93e056979f7381e x86_64/corporate/3.0/RPMS/lesstif-mwm-0.93.94-1.1.C30mdk.x86_64.rpm c5cfffe6870b88fc12220c2b9a45138b x86_64/corporate/3.0/SRPMS/lesstif-0.93.94-1.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE84w6mqjQ0CJFipgRArGJAKC4DsiaR+vEoEvJwjVryC8i0VR5vACeIMb7 zMuaXHkPVtRD3ae3/dctbsY= =6Uev -----END PGP SIGNATURE-----
