Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > December 2005 > Mandriva Linux Advisory: MDKA-2005:060 - msec

December 2005

Mandriva Linux Advisory: MDKA-2005:060 - msec

ID: 01136
Ref: 1068/2005
Date: 23 December 2005:10:06:13
Version: 1
Title: Mandriva Linux Advisory: MDKA-2005:060 - msec
Abstract: Bugs in the msec package have been corrected: msec wasn't properly parsing the output on security checks to check ownership of files, reporting files as unowned when they were in fact properly owned by a valid user.
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
Title
=====

Mandriva Linux Advisory: MDKA-2005:060 - msec

Detail
======

Bugs in the msec package have been corrected:
msec wasn't properly parsing the output on security checks to check
ownership of files, reporting files as unowned when they were in fact
properly owned by a valid user.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Advisory MDKA-2005:060
http://www.mandriva.com/security/
_______________________________________________________________________

Package : msec
Date : December 22, 2005
Affected: 2006.0
_______________________________________________________________________

Problem Description:

Bugs in the msec package have been corrected:

msec wasn't properly parsing the output on security checks to check
ownership of files, reporting files as unowned when they were in fact
properly owned by a valid user.

The /var/lib/msec/security.conf was no longer being generated which
prevented msec from running.

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://qa.mandriva.com/show_bug.cgi?id=17921
http://qa.mandriva.com/show_bug.cgi?id=19206
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
8fc0967852ccc70768b44b229a361058 2006.0/RPMS/msec-0.49.1-0.1.20060mdk.i586.rpm
32c5acd1b851b5a6f38130c0eb79bd65 2006.0/SRPMS/msec-0.49.1-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
052a91af0cf6ce20482dbcaf034458eb x86_64/2006.0/RPMS/msec-0.49.1-0.1.20060mdk.x86_64.rpm
32c5acd1b851b5a6f38130c0eb79bd65 x86_64/2006.0/SRPMS/msec-0.49.1-0.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDqvaimqjQ0CJFipgRAqL4AKCK8aSG1ID1cW1xQpU9IMAnszo5dQCfSkh7
aVenOtjBtXuEMdrDk1Sr29E=
=dszn
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |