Search:

June 2005

Two Mandriva Linux Security Update Advisories: 1. MDKSA-2005:099 - gaim 2. MDKSA-2005:100 - rsh

ID: 00493
Ref: 454/2005
Date: 15 June 2005:14:56:16
Version: 1

Title: Two Mandriva Linux Security Update Advisories: 1. MDKSA-2005:099 - gaim 2. MDKSA-2005:100 - rsh
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

Title
=====

Two Mandriva Linux Security Update Advisories:

1. MDKSA-2005:099 - gaim

2. MDKSA-2005:100 - rsh

Detail
======

1. More vulnerabilities have been discovered in the gaim IM client. The
first is a remote crash with the Yahoo! protocol (CAN-2005-1269) and
the second is a remote DoS in the MSN protocol (CAN-2005-1934).
These problems have been corrected in gaim 1.3.1 which is provided with
this update.

2. A vulnerability in the rcp protocol was discovered that allows a server
to instruct a client to write arbitrary files outside of the current
directory, which could potentially be a security concern if a user used
rcp to copy files from a malicious server.
The updated packages have been patched to correct this problem

1.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gaim
Advisory ID: MDKSA-2005:099
Date: June 14th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

More vulnerabilities have been discovered in the gaim IM client. The
first is a remote crash with the Yahoo! protocol (CAN-2005-1269) and
the second is a remote DoS in the MSN protocol (CAN-2005-1934).

These problems have been corrected in gaim 1.3.1 which is provided with
this update.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1934
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
6e4fcf0213cb1239d68dd516527e8243 10.1/RPMS/gaim-1.3.1-0.1.101mdk.i586.rpm
267ef252ba9947e9b64bde9dddebe21e 10.1/RPMS/gaim-devel-1.3.1-0.1.101mdk.i586.rpm
31e933f06152ce1c6fa9057f1ead1364 10.1/RPMS/gaim-gevolution-1.3.1-0.1.101mdk.i586.rpm
e49e26277de52b0a2e4abbf3bceb2742 10.1/RPMS/gaim-perl-1.3.1-0.1.101mdk.i586.rpm
9c8065be22410ada3a470d95a844d881 10.1/RPMS/gaim-tcl-1.3.1-0.1.101mdk.i586.rpm
9aa758d669e32efdd1f0584f77f9f55d 10.1/RPMS/libgaim-remote0-1.3.1-0.1.101mdk.i586.rpm
66f4c7bcee4faf74c2ba012cd7ba289f 10.1/RPMS/libgaim-remote0-devel-1.3.1-0.1.101mdk.i586.rpm
7fc91e876195bb1257ff5b428e306fdf 10.1/SRPMS/gaim-1.3.1-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
9876d97be01fe46772f8f80ce28f5ccf x86_64/10.1/RPMS/gaim-1.3.1-0.1.101mdk.x86_64.rpm
49750a6aa86e6e09dc16f2317f7e0062 x86_64/10.1/RPMS/gaim-devel-1.3.1-0.1.101mdk.x86_64.rpm
3ba1aaa598b1a90d2d7dfea3bd744d9e x86_64/10.1/RPMS/gaim-gevolution-1.3.1-0.1.101mdk.x86_64.rpm
cb7ef50532ea094e4cf0ebe707931740 x86_64/10.1/RPMS/gaim-perl-1.3.1-0.1.101mdk.x86_64.rpm
2110f664d1c4e4c3dfcf84c3696b60d3 x86_64/10.1/RPMS/gaim-tcl-1.3.1-0.1.101mdk.x86_64.rpm
178bd8ac319f10604b8327790743526f x86_64/10.1/RPMS/lib64gaim-remote0-1.3.1-0.1.101mdk.x86_64.rpm
db568bc151eb0b6211344c7608dd6099 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.101mdk.x86_64.rpm
7fc91e876195bb1257ff5b428e306fdf x86_64/10.1/SRPMS/gaim-1.3.1-0.1.101mdk.src.rpm

Mandrakelinux 10.2:
72bed53f4a863d4bb3e7515d7a30adef 10.2/RPMS/gaim-1.3.1-0.1.102mdk.i586.rpm
9a5ee47f3921ea57a6d3385c60379186 10.2/RPMS/gaim-devel-1.3.1-0.1.102mdk.i586.rpm
66ba156f6e65011761ddfca073e6dc94 10.2/RPMS/gaim-gevolution-1.3.1-0.1.102mdk.i586.rpm
1426070274bafd55bdc3eadea2ebfa3a 10.2/RPMS/gaim-perl-1.3.1-0.1.102mdk.i586.rpm
3b77402203fa59aa449b046a7c58749d 10.2/RPMS/gaim-silc-1.3.1-0.1.102mdk.i586.rpm
1115565b2f2ba8505c9012ef472b35b8 10.2/RPMS/gaim-tcl-1.3.1-0.1.102mdk.i586.rpm
af6689ae3b55c35dbd2823b2a7474016 10.2/RPMS/libgaim-remote0-1.3.1-0.1.102mdk.i586.rpm
5d9bb26bca7d190dfa4f138621a85edf 10.2/RPMS/libgaim-remote0-devel-1.3.1-0.1.102mdk.i586.rpm
9f397d2a338771fdf24f9d37ce55fd85 10.2/SRPMS/gaim-1.3.1-0.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
4189d6699c1a05c97b170e81d549f8ea x86_64/10.2/RPMS/gaim-1.3.1-0.1.102mdk.x86_64.rpm
0a235252f3509b3c3dc15d71482f39b0 x86_64/10.2/RPMS/gaim-devel-1.3.1-0.1.102mdk.x86_64.rpm
4ed3e16d23379d1a87474d4712671357 x86_64/10.2/RPMS/gaim-gevolution-1.3.1-0.1.102mdk.x86_64.rpm
0d604302e4abd887e5bf4b46d4ab19d1 x86_64/10.2/RPMS/gaim-perl-1.3.1-0.1.102mdk.x86_64.rpm
d115b6f98c2c93658810ed35aa54e108 x86_64/10.2/RPMS/gaim-silc-1.3.1-0.1.102mdk.x86_64.rpm
88ad11a13f42cc093728061437c7de86 x86_64/10.2/RPMS/gaim-tcl-1.3.1-0.1.102mdk.x86_64.rpm
21e357632a07cc8e8fbcf280384d3642 x86_64/10.2/RPMS/lib64gaim-remote0-1.3.1-0.1.102mdk.x86_64.rpm
f0971fdfda8337897dfbfb9e0ee04fdb x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.102mdk.x86_64.rpm
9f397d2a338771fdf24f9d37ce55fd85 x86_64/10.2/SRPMS/gaim-1.3.1-0.1.102mdk.src.rpm

Corporate 3.0:
ad4c433c3a75e8b4b24eb0a66caca44f corporate/3.0/RPMS/gaim-1.3.1-0.1.C30mdk.i586.rpm
8e279142cc357b43a8c58a3c73ac9b5e corporate/3.0/RPMS/gaim-devel-1.3.1-0.1.C30mdk.i586.rpm
661dea400ea206801c3a4434154405b7 corporate/3.0/RPMS/gaim-perl-1.3.1-0.1.C30mdk.i586.rpm
93090aa5d4a50e578824af9f3a5d4995 corporate/3.0/RPMS/gaim-tcl-1.3.1-0.1.C30mdk.i586.rpm
9fff14e865ab7667b6a03c7bb406f32b corporate/3.0/RPMS/libgaim-remote0-1.3.1-0.1.C30mdk.i586.rpm
067375646e00fb20ab7a2c9b2e48a951 corporate/3.0/RPMS/libgaim-remote0-devel-1.3.1-0.1.C30mdk.i586.rpm
92a5283dc08a218a563df01b1c6dbe4a corporate/3.0/SRPMS/gaim-1.3.1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
bf58aaf15a384a62ccdeeac89316e0b9 x86_64/corporate/3.0/RPMS/gaim-1.3.1-0.1.C30mdk.x86_64.rpm
6539c1d78d9c17c05d33c44036adc1fe x86_64/corporate/3.0/RPMS/gaim-devel-1.3.1-0.1.C30mdk.x86_64.rpm
fa92889caa8ce98b40598f0a5e8d12e9 x86_64/corporate/3.0/RPMS/gaim-perl-1.3.1-0.1.C30mdk.x86_64.rpm
0114367256677963d91e09bffe9bed2f x86_64/corporate/3.0/RPMS/gaim-tcl-1.3.1-0.1.C30mdk.x86_64.rpm
8d66f38ed47ae7e5dc093c2086f414de x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.3.1-0.1.C30mdk.x86_64.rpm
fd52dd04761c70fc9a34bd080f60fa9f x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.C30mdk.x86_64.rpm
92a5283dc08a218a563df01b1c6dbe4a x86_64/corporate/3.0/SRPMS/gaim-1.3.1-0.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCr0nemqjQ0CJFipgRAuVGAKCotXpx0966FGW3GHor6Iv7fEKJSgCdE6Az
YTx/D/FFc0AqwJwS8uW8bdk=
=D05A
- -----END PGP SIGNATURE-----

2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: rsh
Advisory ID: MDKSA-2005:100
Date: June 14th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A vulnerability in the rcp protocol was discovered that allows a server
to instruct a client to write arbitrary files outside of the current
directory, which could potentially be a security concern if a user used
rcp to copy files from a malicious server.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
5e6f513e437cc9a5a619f323509ca58a 10.0/RPMS/rsh-0.17-13.1.100mdk.i586.rpm
aec49c478c37577b6fd795bd9bb4ba67 10.0/RPMS/rsh-server-0.17-13.1.100mdk.i586.rpm
259dcd458b33d1de12d172e876366165 10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
fd2d00b91971f0b137696c0ca256b94a amd64/10.0/RPMS/rsh-0.17-13.1.100mdk.amd64.rpm
81fffa62d628599cee1f7b590ae4c38e amd64/10.0/RPMS/rsh-server-0.17-13.1.100mdk.amd64.rpm
259dcd458b33d1de12d172e876366165 amd64/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

Mandrakelinux 10.1:
de740985b0e213128f8639e3af831b5e 10.1/RPMS/rsh-0.17-13.1.101mdk.i586.rpm
ff6873ae461a9a12e6a2aeee30a80aa0 10.1/RPMS/rsh-server-0.17-13.1.101mdk.i586.rpm
2a5d801cdedfa0b0b588d340b79c9473 10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
716ae1dc777924d462d9c502238bda9e x86_64/10.1/RPMS/rsh-0.17-13.1.101mdk.x86_64.rpm
23ea2409d82a32918e5e132d8e1fff90 x86_64/10.1/RPMS/rsh-server-0.17-13.1.101mdk.x86_64.rpm
2a5d801cdedfa0b0b588d340b79c9473 x86_64/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

Mandrakelinux 10.2:
381a2b0e1418a14b618030f27ac445ea 10.2/RPMS/rsh-0.17-13.1.102mdk.i586.rpm
d750e7ffcf28e7530e19a294ca9d6bc7 10.2/RPMS/rsh-server-0.17-13.1.102mdk.i586.rpm
1b576319abe603cfaa12d8ee3e314b0d 10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
7d9fd388f7fefa1e454b9d938befcfdc x86_64/10.2/RPMS/rsh-0.17-13.1.102mdk.x86_64.rpm
decb83a56d54b9d6310f4e1f2aefe555 x86_64/10.2/RPMS/rsh-server-0.17-13.1.102mdk.x86_64.rpm
1b576319abe603cfaa12d8ee3e314b0d x86_64/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

Corporate Server 2.1:
a63459af04b29923eff1606742eb9ce4 corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.i586.rpm
b655300455ec6bd0fb8c782cfbcbe281 corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.i586.rpm
c828642735f509a405e4582b9f6f3a29 corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
14219e4f9ada6336f7b26a86881942e2 x86_64/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.x86_64.rpm
c32ccf5751017c29817fdd485c489f4b x86_64/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.x86_64.rpm
c828642735f509a405e4582b9f6f3a29 x86_64/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

Corporate 3.0:
b20aa1eb70c7bfc006c0c946601c9596 corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.i586.rpm
7ae577ac25ff29385f99516abd79baaf corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.i586.rpm
c6fac5847bb6c80b8c92a22750d1c438 corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
37a7576122ea4001257e11d034100c28 x86_64/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.x86_64.rpm
f7e9c14163f5a56b29fc2b17ae172bfb x86_64/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.x86_64.rpm
c6fac5847bb6c80b8c92a22750d1c438 x86_64/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCr0rEmqjQ0CJFipgRAstZAJ9nc3Feivcc7Sf8IK5iKJPb2B8WNgCgsBFc
D0N2xFQ36ZmCMiw2OQZqCvE=
=4e3/
- -----END PGP SIGNATURE-----