Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Six MandrakeLinux Security Advisories: 1. MDKSA-2005:032 - cpio 2. MDKSA-2005:032-1 - cpio 3. MDKSA-2005:033 - enscript 4. MDKSA-2005:034 - squid 5. MDKSA-2005:035 - python 6. MDKSA-2005:036 - MySQL

February 2005

Six MandrakeLinux Security Advisories: 1. MDKSA-2005:032 - cpio 2. MDKSA-2005:032-1 - cpio 3. MDKSA-2005:033 - enscript 4. MDKSA-2005:034 - squid 5. MDKSA-2005:035 - python 6. MDKSA-2005:036 - MySQL

ID: 00134
Ref: 117/2005
Date: 14 February 2005:15:32:34
Version: 1
Title: Six MandrakeLinux Security Advisories: 1. MDKSA-2005:032 - cpio 2. MDKSA-2005:032-1 - cpio 3. MDKSA-2005:033 - enscript 4. MDKSA-2005:034 - squid 5. MDKSA-2005:035 - python 6. MDKSA-2005:036 - MySQL
Abstract:
Vendors affected: Mandrake
Operating systems affected: Mandrake
Applications affected: Mandrake
Title
=====

Six MandrakeLinux Security Advisories:

1. MDKSA-2005:032 - cpio

2. MDKSA-2005:032-1 - cpio

3. MDKSA-2005:033 - enscript

4. MDKSA-2005:034 - squid

5. MDKSA-2005:035 - python

6. MDKSA-2005:036 - MySQL

Detail
======

1. A vulnerability in cpio was discovered where cpio would create world- writeable
files when used in -o/--create mode and giving an output file (with -O).
This would allow any user to modify the created cpio archive. The updated
packages have been patched so that cpio now respects the current umask setting
of the user.

2. A vulnerability in cpio was discovered where cpio would create world-
writeable files when used in -o/--create mode and giving an output file
(with -O). This would allow any user to modify the created cpio archive.
The updated packages have been patched so that cpio now respects the
current umask setting of the user.

3. A vulnerability in the enscript program's handling of the epsf command
used to insert inline EPS file into a document was found. An attacker
could create a carefully crafted ASCII file which would make used of
the epsf pipe command in such a way that it could execute arbitrary
commands if the file was opened with enscript (CAN-2004-1184).

4. More vulnerabilities were discovered in the squid server:
The LDAP handling of search filters was inadequate which could be
abused to allow logins using severial variants of a single login name,
possibly bypassing explicit access controls (CAN-2005-0173).
Minor problems in the HTTP header parsing code that could be used for
cache poisoning (CAN-2005-0174 and CAN-2005-0175).
A buffer overflow in the WCCP handling code allowed remote attackers
o cause a Denial of Service and could potentially allow for the
execution of arbitrary code by using a long WCCP packet.

5. A flaw in the python language was found by the development team. The
SimpleXMLRPCServer library module could permit remote attackers
unintended access to internals of the registered object or it's
module, or possibly even other modules. This only affects python
XML-RPC servers that use the register_instance() method to register
an object without a _dispatch() method. Servers that only use the
register_function() method are not affected.

6. A temporary file vulnerability in the mysqlaccess script in MySQL was
discovered by Javier Fernandez-Sanguino Pena. This flaw could allow
an unprivileged user to let root overwrite arbitrary files via a
symlink attack. It could also be used to view the contents of a
temporary file which could contain sensitive information.





1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: cpio
Advisory ID: MDKSA-2005:032
Date: February 10th, 2005

Affected versions: 10.0, 10.1, 9.2, Corporate 3.0,
Corporate Server 2.1

Problem Description:

A vulnerability in cpio was discovered where cpio would create world- writeable
files when used in -o/--create mode and giving an output file (with -O).
This would allow any user to modify the created cpio archive. The updated
packages have been patched so that cpio now respects the current umask setting
of the user.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
d57c7da9aeb61ac87d7d7fb6bdef4d22 10.0/RPMS/cpio-2.5-4.1.100mdk.i586.rpm
ddb4e640cdd6b4b51f773b186cdefe9c 10.0/SRPMS/cpio-2.5-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
e747606a775c27a647a2260e1b3b9b7c amd64/10.0/RPMS/cpio-2.5-4.1.100mdk.amd64.rpm
ddb4e640cdd6b4b51f773b186cdefe9c amd64/10.0/SRPMS/cpio-2.5-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
f861823b9c86ab3b676773c0a9167d82 10.1/RPMS/cpio-2.5-4.1.101mdk.i586.rpm
a222263ac25744908a43599920ef94d8 10.1/SRPMS/cpio-2.5-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
024cc31f46723f5e0dc36f30deded9d6 x86_64/10.1/RPMS/cpio-2.5-4.1.101mdk.x86_64.rpm
a222263ac25744908a43599920ef94d8 x86_64/10.1/SRPMS/cpio-2.5-4.1.101mdk.src.rpm

Corporate Server 2.1:
ffd629c3f731da92a47b2928bb75284f corporate/2.1/RPMS/cpio-2.5-4.1.C21mdk.i586.rpm
f14c2506f6be97b9bf6f5611677a92af corporate/2.1/SRPMS/cpio-2.5-4.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
6b8a131de0dfc58532e2db1b1d8182ef x86_64/corporate/2.1/RPMS/cpio-2.5-4.1.C21mdk.x86_64.rpm
f14c2506f6be97b9bf6f5611677a92af x86_64/corporate/2.1/SRPMS/cpio-2.5-4.1.C21mdk.src.rpm

Corporate 3.0:
39962bf94864f9cf46ef2d262300a578 corporate/3.0/RPMS/cpio-2.5-4.1.C30mdk.i586.rpm
e96898c7bb40865035e30807d697504a corporate/3.0/SRPMS/cpio-2.5-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
515b55c66e0bcf791bf1412a145a22d6 x86_64/corporate/3.0/RPMS/cpio-2.5-4.1.C30mdk.x86_64.rpm
e96898c7bb40865035e30807d697504a x86_64/corporate/3.0/SRPMS/cpio-2.5-4.1.C30mdk.src.rpm

Mandrakelinux 9.2:
c1556a3b2c0e71395d3142c407f7818a 9.2/RPMS/cpio-2.5-4.1.92mdk.i586.rpm
7f6ff46548e0a49568dcdafcd731166e 9.2/SRPMS/cpio-2.5-4.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
11bdf70272c80c81e723b75f58745033 amd64/9.2/RPMS/cpio-2.5-4.1.92mdk.amd64.rpm
7f6ff46548e0a49568dcdafcd731166e amd64/9.2/SRPMS/cpio-2.5-4.1.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5
checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG
public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCC/FomqjQ0CJFipgRArgXAKDj5uoQ3aChQVck9IPNe+1QdE++ZgCgwkRS
TWUgQviHjfFSeKjw0ZAGltY=
=WeBq
- -----END PGP SIGNATURE-----


2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: cpio
Advisory ID: MDKSA-2005:032-1
Date: February 11th, 2005
Original Advisory Date: February 10th, 2005
Affected versions: 10.1
______________________________________________________________________

Problem Description:

A vulnerability in cpio was discovered where cpio would create world-
writeable files when used in -o/--create mode and giving an output file
(with -O). This would allow any user to modify the created cpio archive.
The updated packages have been patched so that cpio now respects the
current umask setting of the user.

Update:

The updated cpio packages for 10.1, while they would install with urpmi
on the commandline, would not install via rpmdrake. The updated packages
correct that.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
a298815e1095a9d67216de7a03b165fd 10.1/RPMS/cpio-2.5-4.2.101mdk.i586.rpm
803ce098932b51a8c6e67d240b8de436 10.1/SRPMS/cpio-2.5-4.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
294436bfdb9d38edf1e8435ab2875a6a x86_64/10.1/RPMS/cpio-2.5-4.2.101mdk.x86_64.rpm
803ce098932b51a8c6e67d240b8de436 x86_64/10.1/SRPMS/cpio-2.5-4.2.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5
checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG
public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCDS95mqjQ0CJFipgRAo3YAKDR6KnN6CA/XYAR7uKKsl6bRfxHdgCgverf
FNX6uFXk0OkK1VZ6HPNoSvM=
=GpPV
- -----END PGP SIGNATURE-----


3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: enscript
Advisory ID: MDKSA-2005:033
Date: February 10th, 2005

Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1

Problem Description:

A vulnerability in the enscript program's handling of the epsf command
used to insert inline EPS file into a document was found. An attacker
could create a carefully crafted ASCII file which would make used of
the epsf pipe command in such a way that it could execute arbitrary
commands if the file was opened with enscript (CAN-2004-1184).

Additionally, flaws were found in enscript that could be abused by
executing enscript with carefully crafted command-line arguments. These
flaws only have a security impact if enscript is executed by other
programs and passed untrusted data from remote users
(CAN-2004-1185 and CAN-2004-1186).

The updated packages have been patched to prevent these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1186
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
f3eb5a56cf8e961908e9014306fd096a 10.0/RPMS/enscript-1.6.4-1.1.100mdk.i586.rpm
1ca9b9369578bc27057366a9c0757671 10.0/SRPMS/enscript-1.6.4-1.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
f316e4e8b11dde6155ddca1517fa8954 amd64/10.0/RPMS/enscript-1.6.4-1.1.100mdk.amd64.rpm
1ca9b9369578bc27057366a9c0757671 amd64/10.0/SRPMS/enscript-1.6.4-1.1.100mdk.src.rpm

Mandrakelinux 10.1:
2454e55d7ac2edad3c5513a60fb6dbe0 10.1/RPMS/enscript-1.6.4-1.1.101mdk.i586.rpm
47a3782c9ed270eb92d418fac3f9b390 10.1/SRPMS/enscript-1.6.4-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
9416aa90cf93d61755c815f9c38bac05 x86_64/10.1/RPMS/enscript-1.6.4-1.1.101mdk.x86_64.rpm
47a3782c9ed270eb92d418fac3f9b390 x86_64/10.1/SRPMS/enscript-1.6.4-1.1.101mdk.src.rpm

Corporate Server 2.1:
e14356e6a6bac0eb66a52bad164853b1 corporate/2.1/RPMS/enscript-1.6.3-1.1.C21mdk.i586.rpm
155cc925d6139bbd27272c2e7aab677f corporate/2.1/SRPMS/enscript-1.6.3-1.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
633c80cff58745b0a1e907103267aed5 x86_64/corporate/2.1/RPMS/enscript-1.6.3-1.1.C21mdk.x86_64.rpm
155cc925d6139bbd27272c2e7aab677f x86_64/corporate/2.1/SRPMS/enscript-1.6.3-1.1.C21mdk.src.rpm

Corporate 3.0:
083cf4b5704f105f0aad21b82d3a2414 corporate/3.0/RPMS/enscript-1.6.4-1.1.C30mdk.i586.rpm
4ec9da427f7db5e0d2e4cac21e07e2c3 corporate/3.0/SRPMS/enscript-1.6.4-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
2c6023e776b04c8ca7745e70ca8fe464 x86_64/corporate/3.0/RPMS/enscript-1.6.4-1.1.C30mdk.x86_64.rpm
4ec9da427f7db5e0d2e4cac21e07e2c3 x86_64/corporate/3.0/SRPMS/enscript-1.6.4-1.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5
checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG
public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCC/NtmqjQ0CJFipgRAtK/AJ0ShimVSx/3HfVspAP9N4wWDwuU8QCeNSZc
bJdqaUwRutSqPTRr+0PZYWk=
=JkCO
- -----END PGP SIGNATURE-----


4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: squid
Advisory ID: MDKSA-2005:034
Date: February 10th, 2005

Affected versions: 10.0, 10.1, 9.2, Corporate 3.0,
Corporate Server 2.1

Problem Description:

More vulnerabilities were discovered in the squid server:

The LDAP handling of search filters was inadequate which could be
abused to allow logins using severial variants of a single login name,
possibly bypassing explicit access controls (CAN-2005-0173).

Minor problems in the HTTP header parsing code that could be used for
cache poisoning (CAN-2005-0174 and CAN-2005-0175).

A buffer overflow in the WCCP handling code allowed remote attackers
o cause a Denial of Service and could potentially allow for the
execution of arbitrary code by using a long WCCP packet.

The updated packages have been patched to prevent these problems.
References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0175
http://www.squid-cache.org/Advisories/SQUID-2005_3.txt
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
656b659ee9ba2c1a08e24d1187a2c29f 10.0/RPMS/squid-2.5.STABLE4-2.4.100mdk.i586.rpm
d856951204f2d02932e7bb413bb31bfa 10.0/SRPMS/squid-2.5.STABLE4-2.4.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
432ea3eabd02f1f3b18919b23a3f19fe amd64/10.0/RPMS/squid-2.5.STABLE4-2.4.100mdk.amd64.rpm
d856951204f2d02932e7bb413bb31bfa amd64/10.0/SRPMS/squid-2.5.STABLE4-2.4.100mdk.src.rpm

Mandrakelinux 10.1:
a5bf0588457cd842d2326f647ebcbc25 10.1/RPMS/squid-2.5.STABLE6-2.3.101mdk.i586.rpm
b726f35ab93d4a12576a7923e374e5bf 10.1/SRPMS/squid-2.5.STABLE6-2.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
96e84ddeb61f432b7358344da7608f25 x86_64/10.1/RPMS/squid-2.5.STABLE6-2.3.101mdk.x86_64.rpm
b726f35ab93d4a12576a7923e374e5bf x86_64/10.1/SRPMS/squid-2.5.STABLE6-2.3.101mdk.src.rpm

Corporate Server 2.1:
50c44984c30f4c8e0db630da66411c70 corporate/2.1/RPMS/squid-2.4.STABLE7-2.4.C21mdk.i586.rpm
d706be0b04a5ac2e5b28b5b151181bda corporate/2.1/SRPMS/squid-2.4.STABLE7-2.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
4cd111cf43876cc401eccfc49b48148c x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.4.C21mdk.x86_64.rpm
d706be0b04a5ac2e5b28b5b151181bda x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.4.C21mdk.src.rpm

Corporate 3.0:
be661ea6526f37cf0efdb097319a2a46 corporate/3.0/RPMS/squid-2.5.STABLE4-2.4.C30mdk.i586.rpm
8fd70e360e772d30e8668000a6954a1d corporate/3.0/SRPMS/squid-2.5.STABLE4-2.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
13a4a4ac0b02deb4366482e3f2317b22 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE4-2.4.C30mdk.x86_64.rpm
8fd70e360e772d30e8668000a6954a1d x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE4-2.4.C30mdk.src.rpm

Mandrakelinux 9.2:
c421d3df715cefb0a97995269f16e931 9.2/RPMS/squid-2.5.STABLE3-3.6.92mdk.i586.rpm
1fd8fdf79dbd6f647d00bea37be5400b 9.2/SRPMS/squid-2.5.STABLE3-3.6.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
21d4c2e94050161a6192e63304852ec7 amd64/9.2/RPMS/squid-2.5.STABLE3-3.6.92mdk.amd64.rpm
1fd8fdf79dbd6f647d00bea37be5400b amd64/9.2/SRPMS/squid-2.5.STABLE3-3.6.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5
checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG
public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCC/SamqjQ0CJFipgRAhPvAKCDJG8AXX5DhPnTfg2YhLRt0f0QiwCeLPZ8
7fQZTNd/RqzupNESMbqf0YM=
=4Cgu
- -----END PGP SIGNATURE-----


5.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: python
Advisory ID: MDKSA-2005:035
Date: February 10th, 2005

Affected versions: 10.0, 10.1, 9.2, Corporate 3.0,
Corporate Server 2.1

Problem Description:

A flaw in the python language was found by the development team. The
SimpleXMLRPCServer library module could permit remote attackers
unintended access to internals of the registered object or it's
module, or possibly even other modules. This only affects python
XML-RPC servers that use the register_instance() method to register
an object without a _dispatch() method. Servers that only use the
register_function() method are not affected.

The updated packages have been patched to prevent these problems.
References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089
http://www.python.org/security/PSF-2005-001/
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
8beb720d0eae578c43ca467f9a1af0f0 10.0/RPMS/libpython2.3-2.3.3-2.1.100mdk.i586.rpm
ef66feb9f7b7c165064fc9c7835cdb11 10.0/RPMS/libpython2.3-devel-2.3.3-2.1.100mdk.i586.rpm
87538481a96b416bacaf24ba8e3f1cd2 10.0/RPMS/python-2.3.3-2.1.100mdk.i586.rpm
8d1970207ff9e2476aafb904bc2358b8 10.0/RPMS/python-base-2.3.3-2.1.100mdk.i586.rpm
f00152d2ac6dbee6c49d804bcb1d4dcd 10.0/RPMS/python-docs-2.3.3-2.1.100mdk.i586.rpm
01b64afd5de30bd99df9e73da2f97ef9 10.0/RPMS/tkinter-2.3.3-2.1.100mdk.i586.rpm
d360151e4588581e7d47c273e8a28abe 10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
9fdbab4d563592fe73e221d46d0088d8 amd64/10.0/RPMS/lib64python2.3-2.3.3-2.1.100mdk.amd64.rpm
0140b944f6f09185236c1e1026eb4edd amd64/10.0/RPMS/lib64python2.3-devel-2.3.3-2.1.100mdk.amd64.rpm
0214045b468514f641c912aed17184ff amd64/10.0/RPMS/python-2.3.3-2.1.100mdk.amd64.rpm
ed2373ac815649687a0775fe675a23f2 amd64/10.0/RPMS/python-base-2.3.3-2.1.100mdk.amd64.rpm
8078413cf31c8e248f41b2a1435cd172 amd64/10.0/RPMS/python-docs-2.3.3-2.1.100mdk.amd64.rpm
d60fc339f824778e9cdc4c4ad71e90de amd64/10.0/RPMS/tkinter-2.3.3-2.1.100mdk.amd64.rpm
d360151e4588581e7d47c273e8a28abe amd64/10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
f2b6b56ef68da39ece17679c19974f5a 10.1/RPMS/libpython2.3-2.3.4-6.1.101mdk.i586.rpm
5b5dfa7242a64c974cb9924258db0b7c 10.1/RPMS/libpython2.3-devel-2.3.4-6.1.101mdk.i586.rpm
fd96e90717ac3f12ca2547cd131ab647 10.1/RPMS/python-2.3.4-6.1.101mdk.i586.rpm
d1be4187307bcec359fce591a42cb735 10.1/RPMS/python-base-2.3.4-6.1.101mdk.i586.rpm
44317eba795d6080caa84dc5110e6b93 10.1/RPMS/python-docs-2.3.4-6.1.101mdk.i586.rpm
28997aa409843358d58fac301705d577 10.1/RPMS/tkinter-2.3.4-6.1.101mdk.i586.rpm
c5f72acab1469acca0c82d147a5f9d53 10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
e01470376f25024cdba630bf0f262601 x86_64/10.1/RPMS/lib64python2.3-2.3.4-6.1.101mdk.x86_64.rpm
373bc691f9863209895a70d3fd6b3a0e x86_64/10.1/RPMS/lib64python2.3-devel-2.3.4-6.1.101mdk.x86_64.rpm
2f60f873c8ff1e4b263f31245dd552ec x86_64/10.1/RPMS/python-2.3.4-6.1.101mdk.x86_64.rpm
cba9bd7fedc1d0baa19e50d537630758 x86_64/10.1/RPMS/python-base-2.3.4-6.1.101mdk.x86_64.rpm
e075976730591898d3384407d2881a1b x86_64/10.1/RPMS/python-docs-2.3.4-6.1.101mdk.x86_64.rpm
5107f719c5019d6fb106e9b7994609ca x86_64/10.1/RPMS/tkinter-2.3.4-6.1.101mdk.x86_64.rpm
c5f72acab1469acca0c82d147a5f9d53 x86_64/10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm

Corporate Server 2.1:
4d5f7f0b4afe43618dd0bc498ff8d3e0 corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.i586.rpm
f8867fc6df620f53119e5615d2fa22f9 corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.i586.rpm
bf6059fdb24ea5d3dbe8dce8d072e455 corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.i586.rpm
da122b29af94b70fefd7925fc4609905 corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.i586.rpm
ae65a5f9311fc6bdb4cc3da19e3e6cb2 corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.i586.rpm
1c3cf551abd546c49db7564e7a066494 corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.i586.rpm
57971ed8b6aa2b2aa0ae008d6f98cdee corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d0942542d1e4830db22e0328f92c75ee x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.x86_64.rpm
1da495831b1b25fe84fc30473b216669 x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.x86_64.rpm
a174a8cd8d0c63fa468816163cd97706 x86_64/corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.x86_64.rpm
8f8dcf92d7f0bebdb9866a2e92726344 x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.x86_64.rpm
24fe305bc5de288af4b760f3e26dba5d x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.x86_64.rpm
a636d96a37886c29bc85bc1e0ddb9442 x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.x86_64.rpm
57971ed8b6aa2b2aa0ae008d6f98cdee x86_64/corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm

Corporate 3.0:
2aaeb1239ffaa4cad46f0d9c4265032b corporate/3.0/RPMS/libpython2.3-2.3.3-2.1.C30mdk.i586.rpm
6822876c43310eccf3a5a56c43a1c63a corporate/3.0/RPMS/libpython2.3-devel-2.3.3-2.1.C30mdk.i586.rpm
1e4e4af576af783b4cfea4c57f709ce4 corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.i586.rpm
2afaede9d73bd6eb6e05e0c21fb51582 corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.i586.rpm
8631fc6d9d7703a4505254072e53ec23 corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.i586.rpm
3e521c99c2f3fecb08d0725e34124c31 corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.i586.rpm
ab6ecb0920b653d919a1457b975885c0 corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
2f4267d5c0daafa12985b1eb684982e6 x86_64/corporate/3.0/RPMS/lib64python2.3-2.3.3-2.1.C30mdk.x86_64.rpm
8b27c37138ea5f059fa5fb77b8139191 x86_64/corporate/3.0/RPMS/lib64python2.3-devel-2.3.3-2.1.C30mdk.x86_64.rpm
99b2278e72154e47e9daf66eeabf1277 x86_64/corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.x86_64.rpm
83e1a95c63a61187a6aa4b53cb30cbfa x86_64/corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.x86_64.rpm
770042e98bdbeb6549c45f7c1a20de03 x86_64/corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.x86_64.rpm
5ab7162344890c5a86ce2993ae61e546 x86_64/corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.x86_64.rpm
ab6ecb0920b653d919a1457b975885c0 x86_64/corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm

Mandrakelinux 9.2:
a892b22a7e1f89c019e1670d7cdd60f0 9.2/RPMS/libpython2.3-2.3-3.1.92mdk.i586.rpm
05871f84d666ea3ba9dcbfe1981b44ae 9.2/RPMS/libpython2.3-devel-2.3-3.1.92mdk.i586.rpm
e1c0e145784a9c28dbc8d4e0ce8f564f 9.2/RPMS/python-2.3-3.1.92mdk.i586.rpm
ecaececfba4689432bf40232ad82de34 9.2/RPMS/python-base-2.3-3.1.92mdk.i586.rpm
95c699992a960020a837c119ac349d75 9.2/RPMS/python-docs-2.3-3.1.92mdk.i586.rpm
b643ebf76e8283d533600179d9b64806 9.2/RPMS/tkinter-2.3-3.1.92mdk.i586.rpm
8b7b22bd98ee80fa30889f1de4500431 9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
f4b9e7152e31dc1c199cbb137a1a1cf0 amd64/9.2/RPMS/lib64python2.3-2.3-3.1.92mdk.amd64.rpm
5da8eeff579d07a3a39730f962ac0360 amd64/9.2/RPMS/lib64python2.3-devel-2.3-3.1.92mdk.amd64.rpm
7d24517e15c9ef41a6cf5796982d4c93 amd64/9.2/RPMS/python-2.3-3.1.92mdk.amd64.rpm
dda09aea00c4688fef2baa171c64b94a amd64/9.2/RPMS/python-base-2.3-3.1.92mdk.amd64.rpm
7ecf9b85490cde267f81370dc41d918a amd64/9.2/RPMS/python-docs-2.3-3.1.92mdk.amd64.rpm
76ae48434564bc7522cbdf006d09ed27 amd64/9.2/RPMS/tkinter-2.3-3.1.92mdk.amd64.rpm
8b7b22bd98ee80fa30889f1de4500431 amd64/9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5
checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG
public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCC/ZjmqjQ0CJFipgRAi95AJ4vpZrIjCr0ELcviVbHKq8Dkbt+jACgofT6
U2txH8XfADhe9WOXh1OFc1o=
=Xsxz
- -----END PGP SIGNATURE-----


6.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
Package name: MySQL
Advisory ID: MDKSA-2005:036
Date: February 10th, 2005

Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1

Problem Description:

A temporary file vulnerability in the mysqlaccess script in MySQL was
discovered by Javier Fernandez-Sanguino Pena. This flaw could allow
an unprivileged user to let root overwrite arbitrary files via a
symlink attack. It could also be used to view the contents of a
temporary file which could contain sensitive information.

The updated packages have been patched to prevent these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
50574ec1c70d78d0b4f7da1bd7d7d380 10.0/RPMS/libmysql12-4.0.18-1.3.100mdk.i586.rpm
25710d5c4844ca1d123944ac0861bc0f 10.0/RPMS/libmysql12-devel-4.0.18-1.3.100mdk.i586.rpm
8c056d72fa1d02c231ed321bfa0108af 10.0/RPMS/libqt3-mysql-3.2.3-19.6.100mdk.i586.rpm
94dcd13a633ef96a31b0f7da452afed1 10.0/RPMS/MySQL-4.0.18-1.3.100mdk.i586.rpm
8df8f4a9d6cdce677d630ac134081898 10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.i586.rpm
bbe03440aa22bdf38204607f290915f8 10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.i586.rpm
64015efdb83f79c9a1fbedce63ea1f78 10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.i586.rpm
5481c9bbc5daf2632c36f6dc7d2521c0 10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.i586.rpm
2f8f209e44f7fbe18395e6e815e8cc5b 10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
38bc4a1e8a79ec174569dfdfa98f022d amd64/10.0/RPMS/lib64mysql12-4.0.18-1.3.100mdk.amd64.rpm
6c3eea8562548a88e80d98c40af4bc68 amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.3.100mdk.amd64.rpm
48feba0f77d5ead04e2226f50595494d amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
7bcddb4ae89e5f1934f272a4c4910dbe amd64/10.0/RPMS/MySQL-4.0.18-1.3.100mdk.amd64.rpm
c503b7cefabdfa0c49b658037190c6c5 amd64/10.0/RPMS/MySQL-Max-4.0.18-1.3.100mdk.amd64.rpm
3815a6a61e37a70e63c3794c6d4ab807 amd64/10.0/RPMS/MySQL-bench-4.0.18-1.3.100mdk.amd64.rpm
aaebba0d883e9abbb2bfa58b19b1a57e amd64/10.0/RPMS/MySQL-client-4.0.18-1.3.100mdk.amd64.rpm
353006ae3541483c666416679841c1f6 amd64/10.0/RPMS/MySQL-common-4.0.18-1.3.100mdk.amd64.rpm
2f8f209e44f7fbe18395e6e815e8cc5b amd64/10.0/SRPMS/MySQL-4.0.18-1.3.100mdk.src.rpm

Mandrakelinux 10.1:
bd3a35f3ba7440aa79f3940f20422b19 10.1/RPMS/libmysql12-4.0.20-3.2.101mdk.i586.rpm
c3fd2f49a144ec27d8bad808a89cbb31 10.1/RPMS/libmysql12-devel-4.0.20-3.2.101mdk.i586.rpm
3e2967952b1ddaa05561bf17b88fe24d 10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
f6b68d795599ec5a51b2c3c5cf3ada86 10.1/RPMS/MySQL-4.0.20-3.2.101mdk.i586.rpm
514e962fbfb48e2d6e18baf8c6ad86b8 10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.i586.rpm
71624f3454fa8892b123104e1e9e7260 10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.i586.rpm
06fde75abed6b50838161eb95e375135 10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.i586.rpm
fd3f8ed0bea7dee2e20fdf09a26c8715 10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.i586.rpm
195735730d0535bef4dbe1fbb5c5cec7 10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
841beab56f637c1148348685b39daf6f x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.2.101mdk.x86_64.rpm
7aa4b9a407252d5a333cd25b2f11d39d x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.2.101mdk.x86_64.rpm
ec4bb6dd0693f48a5960d30d48496839 x86_64/10.1/RPMS/lib64qt3-mysql-3.3.3-27.1.101mdk.x86_64.rpm
3e2967952b1ddaa05561bf17b88fe24d x86_64/10.1/RPMS/libqt3-mysql-3.3.3-27.1.101mdk.i586.rpm
4683c29eac58dfea8c5d2d0aa7afc5e7 x86_64/10.1/RPMS/MySQL-4.0.20-3.2.101mdk.x86_64.rpm
31a8ca40e7da9f3b311bff981c3f5614 x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.2.101mdk.x86_64.rpm
2783b732a61d2eb87422daf0f18913b7 x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.2.101mdk.x86_64.rpm
f034044d8fda605eeba6db49da02c4c4 x86_64/10.1/RPMS/MySQL-client-4.0.20-3.2.101mdk.x86_64.rpm
ef4ce84d6cc648cf3e3cc938bafa8918 x86_64/10.1/RPMS/MySQL-common-4.0.20-3.2.101mdk.x86_64.rpm
195735730d0535bef4dbe1fbb5c5cec7 x86_64/10.1/SRPMS/MySQL-4.0.20-3.2.101mdk.src.rpm

Corporate Server 2.1:
f4cd6b3d833a0a5d190b7d5defd6f18a corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.i586.rpm
1e2afd78697dfe26bfc9f5327f2f3108 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.i586.rpm
a6f2168c5faffff7872ba6a5c4bc2dd2 corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.i586.rpm
7f41d3536345a283812301a9b1416616 corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.i586.rpm
c8632bb5f0f31862aa764efe8aedab19 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.i586.rpm
81c7febbb3be7b9c2c6f8eba26f6b040 corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.i586.rpm
fbb22ec4f0087ea2df640f2e99786334 corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d1c474ac0d94e181d9955f33843ea1e5 x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.7.C21mdk.x86_64.rpm
6180ac0c3820243fc97191fc0e388618 x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.7.C21mdk.x86_64.rpm
94629c4d41e9e5b041fd87a10f4626c6 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.7.C21mdk.x86_64.rpm
7c6e305fbbd13bda3ca09175931452b0 x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.7.C21mdk.x86_64.rpm
4a5697b1822bae029b07e2f1d1907086 x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.7.C21mdk.x86_64.rpm
66c8261cd44333d3457331fe65acb8d5 x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.7.C21mdk.x86_64.rpm
fbb22ec4f0087ea2df640f2e99786334 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.7.C21mdk.src.rpm

Corporate 3.0:
2f0f9a15805949a8b1c4f707b495065a corporate/3.0/RPMS/libmysql12-4.0.18-1.3.C30mdk.i586.rpm
96e08808e0abdb36562d9d1326f024fa corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.3.C30mdk.i586.rpm
e64e068fc62211319dbaa20574ec32cf corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.i586.rpm
18737baa96e918b9319b0f624e8279db corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.i586.rpm
e002a2b1053995d8e18a43f1472154d6 corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.i586.rpm
e6ac405500f65b0ab00ea7238218cea7 corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.i586.rpm
35b216ccea7ac198c0e855e89789b0b9 corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.i586.rpm
7fc62e5799ef5dd03aa2cf973dec3220 corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
ec3dd6d37697ef1832afd5abc07ef072 x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.3.C30mdk.x86_64.rpm
486940c54412a6a06ea2985fdd805cc3 x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.3.C30mdk.x86_64.rpm
48feba0f77d5ead04e2226f50595494d x86_64/corporate/3.0/RPMS/lib64qt3-mysql-3.2.3-19.6.100mdk.amd64.rpm
3ca0207824ba315b9856e363831e8238 x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.3.C30mdk.x86_64.rpm
64446e7f63df7df74426a47cf2de6625 x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.3.C30mdk.x86_64.rpm
390c3074eac1aac97b249979fa467741 x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.3.C30mdk.x86_64.rpm
f9b9bb7f21cdd8d53cbad39f37385143 x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.3.C30mdk.x86_64.rpm
870eac0d47223dcf88ee24072e84dfc3 x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.3.C30mdk.x86_64.rpm
7fc62e5799ef5dd03aa2cf973dec3220 x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5
checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG
public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCC/iLmqjQ0CJFipgRAmmVAKCB2tuw8rbCEFKObSVI1zY4d6jY3gCdGCc7
MA8YkCnnBQD3DM3lOTBKTJg=
=OZs0
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |