MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability
Posted on: 10/06/2005 11:32 PM

The Mandriva Security Team published a new security update: MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: texinfo
Advisory ID: MDKSA-2005:175
Date: October 6th, 2005

Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Frank Lichtenheld has discovered that texindex insecurely creates
temporary files with predictable filenames. This is exploitable if
a local attacker were to create symbolic links in the temporary files
directory, pointing to a valid file on the filesystem. When texindex
is executed, the file would be overwitten with the rights of the user
running texindex.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameƊN-2005-3011
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.1:
76e53b496b39c7b28f0267a90ba586a8 10.1/RPMS/info-4.7-2.1.101mdk.i586.rpm
10cd78726493bda942913b5584bcf0ea 10.1/RPMS/info-install-4.7-2.1.101mdk.i586.rpm
25b0fff505495b5b4b80ffcf113ecb15 10.1/RPMS/texinfo-4.7-2.1.101mdk.i586.rpm
e47fb813ed54544bd93b6897031b6d2d 10.1/SRPMS/texinfo-4.7-2.1.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
5f47ff5b3e06addb1924f92b8ade046f x86_64/10.1/RPMS/info-4.7-2.1.101mdk.x86_64.rpm
66cb5ffb24e9e263cfe2af552b5f2ac1 x86_64/10.1/RPMS/info-install-4.7-2.1.101mdk.x86_64.rpm
bda2aa2a304be57fa28f2879b85fc9c0 x86_64/10.1/RPMS/texinfo-4.7-2.1.101mdk.x86_64.rpm
e47fb813ed54544bd93b6897031b6d2d x86_64/10.1/SRPMS/texinfo-4.7-2.1.101mdk.src.rpm

Mandrivalinux 10.2:
da38f9033ba2495d786bbb95bcee6c9f 10.2/RPMS/info-4.8-1.1.102mdk.i586.rpm
e1dbdf1b7c0ad41fde7bab6cab92be6f 10.2/RPMS/info-install-4.8-1.1.102mdk.i586.rpm
2b0c6e496d0adfa9b8c486c048c5cd65 10.2/RPMS/texinfo-4.8-1.1.102mdk.i586.rpm
e018dbb4a415940d5c5062c4cdd01a1f 10.2/SRPMS/texinfo-4.8-1.1.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
9baa45ce2070d15f35062c41a574bf4f x86_64/10.2/RPMS/info-4.8-1.1.102mdk.x86_64.rpm
821d86aeae3923411e2667ea8cca3723 x86_64/10.2/RPMS/info-install-4.8-1.1.102mdk.x86_64.rpm
54c74f133bcf8cf6791cc97ef9c2e2f2 x86_64/10.2/RPMS/texinfo-4.8-1.1.102mdk.x86_64.rpm
e018dbb4a415940d5c5062c4cdd01a1f x86_64/10.2/SRPMS/texinfo-4.8-1.1.102mdk.src.rpm

Mandrivalinux 2006.0:
8b6d88e8dc11347d15daaecea9614350 2006.0/RPMS/info-4.8-1.1.20060mdk.i586.rpm
db1fb3ef2f3810ad044f7ceb0e7f28ba 2006.0/RPMS/info-install-4.8-1.1.20060mdk.i586.rpm
71bd982b51dd4ce475bff38b13e602ee 2006.0/RPMS/texinfo-4.8-1.1.20060mdk.i586.rpm
727c5b4c31890156019eeaa67693d169 2006.0/SRPMS/texinfo-4.8-1.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
1ebc92ec90e633ed7bd2c23df56db8e6 x86_64/2006.0/RPMS/info-4.8-1.1.20060mdk.x86_64.rpm
52a3c172223d5c4fac673719232df4b5 x86_64/2006.0/RPMS/info-install-4.8-1.1.20060mdk.x86_64.rpm
ad9da3a4cfa7e804c2880a94622bbe66 x86_64/2006.0/RPMS/texinfo-4.8-1.1.20060mdk.x86_64.rpm
727c5b4c31890156019eeaa67693d169 x86_64/2006.0/SRPMS/texinfo-4.8-1.1.20060mdk.src.rpm

Corporate Server 2.1:
af212fb87728fcb48c736f5f30f0a906 corporate/2.1/RPMS/info-4.2-5.1.C21mdk.i586.rpm
256c91dbdf2650f5323c9294916eb25c corporate/2.1/RPMS/info-install-4.2-5.1.C21mdk.i586.rpm
37f29e7fc13e78f1de4213591a028723 corporate/2.1/RPMS/texinfo-4.2-5.1.C21mdk.i586.rpm
8c4df474276402f88497af71c8e6586a corporate/2.1/SRPMS/texinfo-4.2-5.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
32d0a4f0f9e9d14bfb34368f5d5e429e x86_64/corporate/2.1/RPMS/info-4.2-5.1.C21mdk.x86_64.rpm
8df053321dd699e94bfed39387df0541 x86_64/corporate/2.1/RPMS/info-install-4.2-5.1.C21mdk.x86_64.rpm
44a60c312004ed7490a802521559ddae x86_64/corporate/2.1/RPMS/texinfo-4.2-5.1.C21mdk.x86_64.rpm
8c4df474276402f88497af71c8e6586a x86_64/corporate/2.1/SRPMS/texinfo-4.2-5.1.C21mdk.src.rpm

Corporate 3.0:
9556168c04d13c9a6a3f6e7015a398de corporate/3.0/RPMS/info-4.6-1.1.C30mdk.i586.rpm
ed35b999cc4037b9ad7f838eb641a837 corporate/3.0/RPMS/info-install-4.6-1.1.C30mdk.i586.rpm
7f26434349820297ee62871c754c61d4 corporate/3.0/RPMS/texinfo-4.6-1.1.C30mdk.i586.rpm
83cb27358b6e352de4f1173407175823 corporate/3.0/SRPMS/texinfo-4.6-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
217fc652b60c5aac4e9c17ea69f5ab33 x86_64/corporate/3.0/RPMS/info-4.6-1.1.C30mdk.x86_64.rpm
7c3eee4af8b915337903ed6f8e8cedaf x86_64/corporate/3.0/RPMS/info-install-4.6-1.1.C30mdk.x86_64.rpm
11af71727eee1214d330d34ff9dbfe54 x86_64/corporate/3.0/RPMS/texinfo-4.6-1.1.C30mdk.x86_64.rpm
83cb27358b6e352de4f1173407175823 x86_64/corporate/3.0/SRPMS/texinfo-4.6-1.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDReZ8mqjQ0CJFipgRAoymAKDLn6IhPLD9vE+NqmNAAuin7vxb0ACgkEAi
KXYDLCSKSV2dxCpZ/Rq1BqM=
=axcM
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2005175__updated_texinfo_packages_fix__temporary_file_vulnerability.html)