Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory                         MDVSA-2010:024
http://www.mandriva.com/security/
_______________________________________________________________________

Package : coreutils
Date    : January 23, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability were discovered and corrected in coreutils:

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through
8.1 allows local users to gain privileges via a symlink attack on a
file in a directory tree under /tmp (CVE-2009-4135).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4135
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
bbc5a0b5bfae7d1da7b497b40082dcc6  2008.0/i586/coreutils-6.9-5.1mdv2008.0.i586.rpm
4b41bae490d2c668412e6ab78676074e  2008.0/i586/coreutils-doc-6.9-5.1mdv2008.0.i586.rpm
ceec0934e3ebe1816d55667c507008c6  2008.0/SRPMS/coreutils-6.9-5.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
5105b28b38878f141247d8b408467c4d  2008.0/x86_64/coreutils-6.9-5.1mdv2008.0.x86_64.rpm
c9ddaa4146fceabf6224e4bbc7b5b214  2008.0/x86_64/coreutils-doc-6.9-5.1mdv2008.0.x86_64.rpm
ceec0934e3ebe1816d55667c507008c6  2008.0/SRPMS/coreutils-6.9-5.1mdv2008.0.src.rpm

Mandriva Linux 2009.0:
8c41d3f3f45657996085945a05a3ee1d  2009.0/i586/coreutils-6.12-2.5mdv2009.0.i586.rpm
1f01c000f74cca3d8ea80c80a5e77a77  2009.0/i586/coreutils-doc-6.12-2.5mdv2009.0.i586.rpm
c0bfeba1f8803e84b0f19eda2dbcfc70  2009.0/SRPMS/coreutils-6.12-2.5mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
8d3fa8cf346205047b200e75e71a0f3b  2009.0/x86_64/coreutils-6.12-2.5mdv2009.0.x86_64.rpm
65f4ba201e1073044a5683ab5528f591  2009.0/x86_64/coreutils-doc-6.12-2.5mdv2009.0.x86_64.rpm
c0bfeba1f8803e84b0f19eda2dbcfc70  2009.0/SRPMS/coreutils-6.12-2.5mdv2009.0.src.rpm

Mandriva Linux 2009.1:
677a2e51fc24b865f50a9d246c3c47b6  2009.1/i586/coreutils-7.1-2.1mdv2009.1.i586.rpm
6ef52ebd79e343dd900c949efb2a72c1  2009.1/i586/coreutils-doc-7.1-2.1mdv2009.1.i586.rpm
ea99205731c07360b5ba655ee3bbc3de  2009.1/SRPMS/coreutils-7.1-2.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
8d76e1e624c9c741569bb8e063cca8ab  2009.1/x86_64/coreutils-7.1-2.1mdv2009.1.x86_64.rpm
83a9d3e31bce5e465b84a730a6ff1fab  2009.1/x86_64/coreutils-doc-7.1-2.1mdv2009.1.x86_64.rpm
ea99205731c07360b5ba655ee3bbc3de  2009.1/SRPMS/coreutils-7.1-2.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
a5595b72c83ada96d02a77ab8f899f44  2010.0/i586/coreutils-7.5-2.1mdv2010.0.i586.rpm
cd3dd55d6071824c2ea70633ab222979  2010.0/i586/coreutils-doc-7.5-2.1mdv2010.0.i586.rpm
ff13b7700b3c2133968e8910ea09911f  2010.0/SRPMS/coreutils-7.5-2.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
1b6e4154b358a5876ed80af38e8e978a  2010.0/x86_64/coreutils-7.5-2.1mdv2010.0.x86_64.rpm
9608a2886c7ef707b1df4183b894b3b4  2010.0/x86_64/coreutils-doc-7.5-2.1mdv2010.0.x86_64.rpm
ff13b7700b3c2133968e8910ea09911f  2010.0/SRPMS/coreutils-7.5-2.1mdv2010.0.src.rpm

Corporate 4.0:
09f9564f73c38994f7b7b86d817285f8  corporate/4.0/i586/coreutils-5.2.1-8.1.20060mlcs4.i586.rpm
7e5005893e4a2727e53fceb19db6ff8c  corporate/4.0/i586/coreutils-doc-5.2.1-8.1.20060mlcs4.i586.rpm
0d9aad80fdd05f2eeffa7678b71f4aac  corporate/4.0/SRPMS/coreutils-5.2.1-8.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
403f7d811c4c9b8822f0ab3f7cff683d  corporate/4.0/x86_64/coreutils-5.2.1-8.1.20060mlcs4.x86_64.rpm
224927bf18cb5418b47d846b104bb34b  corporate/4.0/x86_64/coreutils-doc-5.2.1-8.1.20060mlcs4.x86_64.rpm
0d9aad80fdd05f2eeffa7678b71f4aac  corporate/4.0/SRPMS/coreutils-5.2.1-8.1.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
f877e344eb0908e073c3a854d12cadec  mes5/i586/coreutils-6.12-2.5mdvmes5.i586.rpm
d0cede58c64e7ff6d78dfef11276cec2  mes5/i586/coreutils-doc-6.12-2.5mdvmes5.i586.rpm
f219918d16c0498311dcccc1a486b282  mes5/SRPMS/coreutils-6.12-2.5mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
6286996ffa27c4606fe018ee4a686b76  mes5/x86_64/coreutils-6.12-2.5mdvmes5.x86_64.rpm
697ae5dbe6e1bf0b47bf84c0c0fa1c21  mes5/x86_64/coreutils-doc-6.12-2.5mdvmes5.x86_64.rpm
f219918d16c0498311dcccc1a486b282  mes5/SRPMS/coreutils-6.12-2.5mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.  You can obtain the
GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLW00hmqjQ0CJFipgRAu+bAJ9kS1wAIZdkXX/xB+FHsOtsT5pjCQCgwEgZ
FMFfLQUZs/exqLplc3bpiw0=
=HBft
-----END PGP SIGNATURE-----