August, 16th 2000 SECURITY UPDATE: Zope

Problem: A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request process. Please upgrade to:

fe4e1f82ed6167585ed6c6afb68e8cee 7.1/RPMS/Zope-2.1.6-2mdk.i586.rpm
7a429bb87e331e3e49a1d356c13c89e5 7.1/RPMS/Zope-components-2.1.6-2mdk.i586.rpm
abfc5fa12c632e5aed25685187f6013f 7.1/RPMS/Zope-core-2.1.6-2mdk.i586.rpm
ebfc5919455ad30bd600dd927215de9d 7.1/RPMS/Zope-pcgi-2.1.6-2mdk.i586.rpm
0177a677584d246982b0b5a78e46156e 7.1/RPMS/Zope-services-2.1.6-2mdk.i586.rpm
0583790773b5b8da6cecf014e302f77f 7.1/RPMS/Zope-zpublisher-2.1.6-2mdk.i586.rpm
2634f0fc9acf486d0943261ba08e8331 7.1/RPMS/Zope-zserver-2.1.6-2mdk.i586.rpm
215234484e1fde0a5f2f85d70e4048b0 7.1/RPMS/Zope-ztemplates-2.1.6-2mdk.i586.rpm
4a8505637b762d1f03623924e386a908 7.1/SRPMS/Zope-2.1.6-2mdk.src.rpm

August, 12th 2000 SECURITY UPDATE: MandrakeUpdate

Problem: There is a possible race condition in MandrakeUpdate that has the potential for users to tamper with RPMs downloaded by MandrakeUpdate prior to them being installed. This is due to files being stored in the /tmp directory. This is a very low security-risk as most servers that provide user logins shouldn't be using MandrakeUpdate. These updated versions provide a fix for the problem by using /root/tmp instead of /tmp. Please upgrade to:

06be2f821dddae85207e2a3832fb32fc 7.1/RPMS/MandrakeUpdate-7.1-9mdk.i586.rpm
a15a682c20f484d5054b70b9c226861f 7.1/RPMS/grpmi-7.1-9mdk.i586.rpm
2cd78d22707aebeda6932daf40ff6c37 7.1/SRPMS/MandrakeUpdate-7.1-9mdk.src.rpm

August, 8th 2000 SECURITY UPDATE: perl

Problem: There is a vulnerability that exists when using setuidperl together with the mailx program. In some cases, setuidperl will warn root that something has going on. The setuidperl program uses /bin/mail to send the message, as root, with the environment preserved. An undocumented feature of /bin/mail consists of it interpretting the ~! sequence even if it is not running on the terminal, and the message also contains the script name, taken from argv[1]. With all of this combined, it is possible to execute a command using ~! passed in the script name to create a suid shell. The instance of setuidperl sending such a message can only be reached if you try to fool perl into forcing the execution of one file instead of another. This vulnerability may not be limited to just the mailx program, which is why an upgrade for perl is provided as opposed to an upgrade for mailx. Please upgrade to:

39a43d7f8449a692e11fa384343dc939 7.1/RPMS/perl-5.600-5mdk.i586.rpm
025428ebc98430c138979f9cd3f1bdb8 7.1/RPMS/perl-base-5.600-5mdk.i586.rpm
332ef51a58f9946b5c834fd1acc681bd 7.1/SRPMS/perl-5.600-5mdk.src.rpm

August, 1st 2000 SECURITY UPDATE: pam

Problem: There is a problem with the pam_console module that incorrectly identifies remote X logins for displays other than :0 (for example, :1, :2, etc.) as being local displays, thus giving control of the console to the remote user. Because the remote user has control of the console they are able to issue commands to reboot the remote system after providing their password. Please note that this vulnerability is only exploitable if the system is running a graphical login manager like gdm, kdm, or xdm and if XDMCP is enabled and remote access is granted. Please upgrade to:

75c7e5a003efc4ab1f6907249a96adf3 7.1/RPMS/pam-0.72-7mdk.i586.rpm
1a1a1dd397675fedd998c0e726ff97ea 7.1/RPMS/pam-devel-0.72-7mdk.i586.rpm
b50f0af977548ccaf61b05c9d09354e4 7.1/RPMS/pam-doc-0.72-7mdk.i586.rpm
8487df775c4b3f775c10b2c636b87710 7.1/SRPMS/pam-0.72-7mdk.src.rpm

August, 1st 2000 SECURITY UPDATE: kon2

Problem: There is a vulnerable suid program called fld. This program accepts option input from a text file and it is possible to input arbitrary code into the stack, thus spawning a root shell. Please upgrade to:

7c0a253209e2d760e6b99110e82ea73e 7.1/RPMS/kon2-0.3.8-15mdk.i586.rpm
040fb17eabb96cf5920d6a623bf8b809 7.1/SRPMS/kon2-0.3.8-15mdk.src.rpm

August, 1st 2000 quota

Problem: A conflict existed between the quota package and the nfs-utils package for Linux-Mandrake 7.1 as both provided the rpc.quotad program as well as the man page. This update corrects this problem. Please upgrade to:

d2480d8292fafc886f3527fe84352136 7.1/RPMS/quota-1.70-3mdk.i586.rpm
934d0aed187648c4967ec7378ea7af1e 7.1/SRPMS/quota-1.70-3mdk.src.rpm

July, 31st 2000 SECURITY UPDATE: netscape

Problem: Previous versions of Netscape, from version 3.0 to 4.73 contain a serious overflow flaw due to improper input verification in Netscape's JPEG processing code. The way Netscape processed JPEG comments trusted the length parameter for comment fields. By manipulating this value, it was possible to cause Netscape to read in an excessive amount of data which would then overwrite memory. Data with a malicious design could allow a remote site to execute arbitrary code as the user of Netscape on the client system. It is highly recommended that everyone using Netscape upgrade to this latest version that fixes the flaw. Please upgrade to:

365ff8c6b19ea8f1ca189e6886f9fba8 7.1/RPMS/netscape-castellano-4.74-1mdk.noarch.rpm
3c83d493cbada78ba6348e6581bcf523 7.1/RPMS/netscape-catalan-4.74-1mdk.noarch.rpm
9791a6e655b3f8a76a112c6c13c53534 7.1/RPMS/netscape-common-4.74-3mdk.i586.rpm
f34cc1d76f649556b51f2fafbfc2936f 7.1/RPMS/netscape-communicator-4.74-3mdk.i586.rpm
eedd08421fa0e6496dcb1ea575bf627c 7.1/RPMS/netscape-euskara-4.74-1mdk.noarch.rpm
573eaa96ade623548dbc6f4d87a2df98 7.1/RPMS/netscape-francais-4.74-2mdk.noarch.rpm
4f71f99e91182679b4c26a571e85bbbb 7.1/RPMS/netscape-navigator-4.74-3mdk.i586.rpm
c43957d0f00722111abfb90ac2028c97 7.1/RPMS/netscape-walon-4.74-1mdk.noarch.rpm
832fa8524513f2be4f688983e1483d71 7.1/SRPMS/netscape-4.74-3mdk.src.rpm
29d92c1962b636d0436311b76f980eeb 7.1/SRPMS/netscape-castellano-4.74-1mdk.src.rpm
fd2d46d05243044e4e318f08c163bfba 7.1/SRPMS/netscape-catalan-4.74-1mdk.src.rpm
4ab96db6b7bb17a1f89cdd09ada4a5a6 7.1/SRPMS/netscape-euskara-4.74-1mdk.src.rpm
701f6c3aa7b4b6cd800322b624f040e2 7.1/SRPMS/netscape-francais-4.74-2mdk.src.rpm
4e715744e0e66b487def62a4e750923d 7.1/SRPMS/netscape-walon-4.74-1mdk.src.rpm

July, 28th 2000 SECURITY UPDATE: Zope

Problem: Previous versions of Zope have a serious security flaw in one of the base classes in the DocumentTemplate package that is inadequately protected. This flaw allows the contents of DHTML Documents or DHTML Methods to be changed remotely or through DHTML code without forcing proper user authorization. Please upgrade to:

ad28fb2fb4f0105639a641a7acc98821 7.1/RPMS/Zope-2.1.6-1mdk.i586.rpm
e2b8fd281a2e93cbf5221bcfd3aff65b 7.1/RPMS/Zope-components-2.1.6-1mdk.i586.rpm
ea50788d6f88abc99bfabb190f2ab3ce 7.1/RPMS/Zope-core-2.1.6-1mdk.i586.rpm
95b993149c1c97fe7c9e9d53e4923f31 7.1/RPMS/Zope-pcgi-2.1.6-1mdk.i586.rpm
e74684a03fc61784bfdaec2887e82064 7.1/RPMS/Zope-services-2.1.6-1mdk.i586.rpm
1cae17ae5ffe776a073255ce4cec9661 7.1/RPMS/Zope-zpublisher-2.1.6-1mdk.i586.rpm
7fa38fbf43c8b08a26c4694a0a93857a 7.1/RPMS/Zope-zserver-2.1.6-1mdk.i586.rpm
983471606b95bd60c9d8a5e00e53d90b 7.1/RPMS/Zope-ztemplates-2.1.6-1mdk.i586.rpm
33b2e53429e3b6f588b9fdfb1ab5dc95 7.1/SRPMS/Zope-2.1.6-1mdk.src.rpm

July, 27th 2000 SECURITY UPDATE: gpm

Problem: Many security flaws existed in the gpm package, which is used to control the mouse in a terminal outside of X Windows. As well, a denial of service attack via /dev/gpmctl is possible. All security issues with the gpm package have been addressed with this update. Please upgrade to:

630d939d8159f79a8eae5f9823591064 7.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
43ca39afe363d915f474041b84725a35 7.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 7.1/SRPMS/gpm-1.19.2-4mdk.src.rpm

July, 22nd 2000 SECURITY UPDATE: inn

Problem: A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made as well. Please upgrade to:

1ca85a595222542fc6a5932c58828d3e 7.1/RPMS/inews-2.2.3-1mdk.i586.rpm
f3d4471afbb49bca81cb30c301e111f7 7.1/RPMS/inn-2.2.3-1mdk.i586.rpm
d386b423d391343c9a627eb69773d657 7.1/RPMS/inn-devel-2.2.3-1mdk.i586.rpm
0295f03b4b45b26ddc05f06e81603fba 7.1/SRPMS/inn-2.2.3-1mdk.src.rpm

July, 21st 2000 SECURITY UPDATE: dhcp

Problem: All versions of the ISC DHCP client program, dhclient, are vulnerable to a root attack by a corrupt DHCP server. This version fixes the vulnerability. Please upgrade to:

2053f46717fa0e87b77de6e98b92e39e 7.1/RPMS/dhcp-3.0b1pl17-2mdk.i586.rpm
b1282db6e3d2e9ca3aa91e473e9e08ce 7.1/RPMS/dhcp-client-3.0b1pl17-2mdk.i586.rpm
ce1f1a728d709d29f7699a584f4165ff 7.1/RPMS/dhcp-relay-3.0b1pl17-2mdk.i586.rpm
4183dde09bea7ef859d1c076852371ef 7.1/SRPMS/dhcp-3.0b1pl17-2mdk.src.rpm

July, 18th 2000 SECURITY UPDATE: nfs-utils

Problem: A bug recently discovered in the nfs-utils package can theoretically be used for gaining remote root access. While there are currently no known exploits for this bug, we recommend upgrading to the latest version which fixes the bug. Please upgrade to:

b66dbb042b73ea3d9d435c014a282f33 7.1/RPMS/nfs-utils-0.1.9.1-3mdk.i586.rpm
ccde88bed0710b397a15b9f64f9adea1 7.1/RPMS/nfs-utils-clients-0.1.9.1-3mdk.i586.rpm
17a25a1ab9ef6d4c3b97e2ac101c3ebf 7.1/SRPMS/nfs-utils-0.1.9.1-3mdk.src.rpm

July, 18th 2000 SECURITY UPDATE: usermode

Problem: A bug existed in the usermode package that permitted users to reboot or halt the system without having root access. This update removes those files associated with allowing users access to reboot, shutdown, halt, or poweroff the system. Please upgrade to:

3ca98a6e5d73cf1e5e75fcce9d862d01 7.1/RPMS/usermode-1.22-2mdk.i586.rpm
448261293ab337fdf2740228a0534ccc 7.1/SRPMS/usermode-1.22-2mdk.src.rpm

July, 14th 2000 SECURITY UPDATE: cvsweb

Problem: Cvsweb contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell. In addition, anyone with write access to a cvs repository that is viewable with cvsweb can get access to whatever user the cvsweb cgi script runs as (typically nobody or www-data, etc.). This update closes all of these possibly exploited pipe-opens. Please upgrade to:

2a435a7edf358f59a93eb5534efcd273 7.1/RPMS/cvsweb-1.80-3mdk.noarch.rpm
24b7d490f63e154c88909c9b214793e0 7.1/SRPMS/cvsweb-1.80-3mdk.src.rpm

July, 11th 2000 SECURITY UPDATE: dump

Problem: There was the potential for a buffer overflow in the restore program. This new version fixes this possible vulnerability. Please upgrade to:

1c14f72e09d69fcd4645ea2bd80c4ab3 7.1/RPMS/dump-0.4b18-1mdk.i586.rpm
6d419e7e52dda174f7250b1b59c6b614 7.1/RPMS/rmt-0.4b18-1mdk.i586.rpm
4ff0d0a768b603f22a40745da303e365 7.1/SRPMS/dump-0.4b18-1mdk.src.rpm

July, 11th 2000 isdn4k-utils

Problem: The version of isdn4k-utils that shipped with Linux-Mandrake 7.1 did not work at all. Please upgrade to:

c3df36eea18a0b05d4a05fcd6b138b32 7.1/RPMS/isdn4k-utils-3.1b7-6mdk.i586.rpm
acaf78c5731ce5ac8177519e4aab6bf9 7.1/SRPMS/isdn4k-utils-3.1b7-6mdk.src.rpm

July, 7th 2000 SECURITY UPDATE: BitchX

Problem: A denial of service vulnerability exists in BitchX. Improper handling of incoming invitation messages can crash the client. Any user on IRC can send the client an invitation message that causes BitchX to segfault. Please upgrade to:

f6297ab3e697cfa24762565a26ff6544 7.1/RPMS/BitchX-75p3-12mdk.i586.rpm
d4876a7dc0b40226b8abbd80e01988a6 7.1/SRPMS/BitchX-75p3-12mdk.src.rpm

July, 7th 2000 SECURITY UPDATE: inn

Problem: A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. Please upgrade to:

c9218a4698fefd7f6e24757c7f6d140b 7.1/RPMS/inews-2.2.2-6mdk.i586.rpm
8a642083edcada45518966496a6fc5d4 7.1/RPMS/inn-2.2.2-6mdk.i586.rpm
bde6519c5192f706d83db0a3aa78fb94 7.1/RPMS/inn-devel-2.2.2-6mdk.i586.rpm
fc3ec63010930e50aed0cea3bb316023 7.1/SRPMS/inn-2.2.2-6mdk.src.rpm

July, 7th 2000 SECURITY UPDATE: man

Internet Security Systems (ISS) X-Force has identified a vulnerability in the makewhatis Bourne shell script that ships with many Linux distributions. It is found in versions 1.5e and higher of man, and handles temporary files insecurely. Local users may gain a variety of privileges depending on the complexity of the exploit. The mode of any file on the system can be changed to 0700. Any file on the system may be created or overwritten as root. Local users may also be able to read any system file by forcing a copy of it into the whatis database. Please upgrade to:

fbc1b9e04d75f267650f291d99f467f1 7.1/RPMS/man-1.5g-15mdk.i586.rpm
52d021732aa09d517eeff8b60d427a69 7.1/SRPMS/man-1.5g-15mdk.src.rpm

July, 2nd 2000 SECURITY UPDATE: wu-ftpd

Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because of user input going directly into a format string for a *printf function, it is possible to overwrite important data, such as a return address, on the stack. When this is accomplished, the function can jump into shellcode pointed to by the overwritten eip and execute arbitrary commands as root. While exploited in a manner similar to a buffer overflow, it is actually an input validation problem. Anonymous ftp is exploitable making it even more serious as attacks can come anonymously from anywhere on the internet. Please upgrade to:

2b83dcb120012f1009e707398b5f4dc4 7.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm
bb37dbaf5f9fc3953c2869592df608c9 7.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm

July, 2nd 2000 SECURITY UPDATE: dhcp

The OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server). If this vulnerability is exploited, root access can be gained on the host running dhcp client remotely. The problem is that input is not checked and, as a result, it is possible to execute commands remotely when the network config files are being written on the dhcp client. Please upgrade to:

57ef403c1a6f5734b1ac63dcde854ae8 7.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm
d8d3a7bfb145c7c2f5cfdd2127333c67 7.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm
9469c360585a2dc69eccf6fbaf3e9099 7.1/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm

June, 26 2000 initscripts

An typo in the script /etc/profile.d/inputrc.csh print error messages when using csh as shell. If you use csh upgrade to this version.

63d1615688ab55af2a83fd66fb71a069 7.1/RPMS/initscripts-4.97-35mdk.i586.rpm
20f1ec418aa37c47fbe7181919b47d62 7.1/SRPMS/initscripts-4.97-35mdk.src.rpm

June, 24 2000 SECURITY UPDATE: kernel

POSIX "Capabilities" have recently been implemented in the Linux kernel. These "Capabilities" are an additional form of privilege control to enable more specific control over what privileged processes can do. Capabilities are implemented as three (fairly large) bitfields, which each bit representing a specific action a privileged process can perform. By setting specific bits, the actions of priviliged processes can be controlled -- access can be granted for various functions only to the specific parts of a program that require them. It is a security measure.

Important: If you use ReiserFS, please don't forget to do as following after the upgrade:

If you used MandrakeUpdate or rpm -Uvh to upgrade, reinstall kernel 2.2.15 from native Mandrake 7.1

Type: cd /lib/modules/2.2.15-4mdk

Type: /sbin/depmod -a

Type: mkinitrd -f --ifneeded /boot/initrd-2.2.16-9mdk 2.2.16-9mdk

You can now remove the older 2.2.15. Type: rpm -e kernel-2.2.15

Type: ln -sf /boot/initrd-2.2.16-9mdk /boot/initrd.img

Type: ln -sf /boot/System.map-2.2.16-9mdk /boot/System.map

Type: ln -sf /boot/vmlinuz-2.2.16-9mdk /boot/vmlinuz

In /etc/lilo.conf add: initrd=/boot/initrd-2.2.16-9mdk

Type: lilo -v

Upgrade to:

c5331676f063807160ff44e221cbd81d 7.1/RPMS/kernel-2.2.16-9mdk.i586.rpm
94b6ea108fd5436c7271ef5fc117553d 7.1/RPMS/kernel-doc-2.2.16-9mdk.i586.rpm
b4e61a18465a1d452ef7768e3eb5bdc8 7.1/RPMS/kernel-fb-2.2.16-9mdk.i586.rpm
69e05cea2853440c9914d71e6cea167f 7.1/RPMS/kernel-headers-2.2.16-9mdk.i586.rpm
5c1463354cb8327d515cb0ba9453ffdc 7.1/RPMS/kernel-linus-2.2.16-2mdk.i586.rpm
8735b139e0fc71f56d9a78d5f41a38da 7.1/RPMS/kernel-pcmcia-cs-2.2.16-9mdk.i586.rpm
3fa45cb921549de64677fea83d0d47bc 7.1/RPMS/kernel-secure-2.2.16-9mdk.i586.rpm
3aac015c1dd82951a3c4d5c8f694d2bb 7.1/RPMS/kernel-smp-2.2.16-9mdk.i586.rpm
3dc16da65156c7cda785fe0a80e8e546 7.1/RPMS/kernel-source-2.2.16-9mdk.i586.rpm
fb0aba2b890edb6a238b090760abdef2 7.1/RPMS/kernel-utils-2.2.16-9mdk.i586.rpm
20346b180246a4695145684f07a7a979 7.1/SRPMS/kernel-2.2.16-9mdk.src.rpm
c158098babcbdc5a5235ded8adf5dc09 7.1/RPMS/reiserfs-utils-2.2.16_3.5.19-9mdk.i586.rpm
a22bd276a9f77ac16b87494b7880b3c3 7.1/RPMS/alsa-2.2.16_0.5.7-9mdk.i586.rpm

June, 23 2000 qt

The qt package has some problems to display european accents, upgrade to this package if you have some problems with your qt applications to wrote your accents.

61f2b56efe93ee962d40b8395f92a0c9 7.1/RPMS/qt-1.44-23mdk.i586.rpm
9d63573de4ae46281b052b323f22062c 7.1/SRPMS/qt-1.44-23mdk.src.rpm

June, 23 2000 SECURITY UPDATE: xlockmore

Xlock is an X11 utility used to lock X-Window displays until the password of the user running X is entered correctly. Of course, in order to perform the password-check xlock must be setuid root and have access to the shadowed passwd file. In the xlockmore distributions versions prior to 4.16.1, a buffer overflow vulnerability was present in xlock that permitted a user to view parts of the shadowed passwd file. This is achieved by overwriting (with an oversized -mode argument) a global variable storing a pointer to a string printed in the "usage" output. The pointer would be overwritten with an address pointing to the shadowed passwd data. With the long argument, xlock would find and an error in the command syntax and exit, printing the usage information (along with the shadowed passwd text). Please upgrade to:

120ecc3f1ae12fd550c642fa47439a5f 7.1/RPMS/xlockmore-4.16.1-1mdk.i586.rpm
d0a6a3bf840b4d3ea347892f8df1896e 7.1/SRPMS/xlockmore-4.16.1-1mdk.src.rpm

June, 23 2000 SECURITY UPDATE: bind

By default bind is launched as user and group root. This setting can give the possibility to easily exploit vulnerabities in bind. Thanks to Nicolas MONNET for his contribution. Please upgrade to:

b253136e73207abfc0255c14652f0c09 7.1/RPMS/bind-8.2.2P5-6mdk.i586.rpm
cdc532e1a2cf81ba5c5abc3cde75936a 7.1/RPMS/bind-devel-8.2.2P5-6mdk.i586.rpm
57ac2ece97a037198b45464396e9b7e0 7.1/RPMS/bind-utils-8.2.2P5-6mdk.i586.rpm
eeffc6a7d2c7813931a2bbcb8da05a79 7.1/SRPMS/bind-8.2.2P5-6mdk.src.rpm

June, 23 2000 SECURITY UPDATE: cdrecord

The linux cdrecord binary is vulnerable to a locally exploitable buffer overflow attack. When installed on a Linux-Mandrake distribution, it is by default setgid "cdburner" (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time. This vulnerability can be exploited to execute arbitrary commands with the gid "cdburner". Please upgrade to:

be1da959bdbc0762fc148d6a1a29d73b 7.1/RPMS/cdrecord-1.8.1-4mdk.i586.rpm
624aebaf07615e3f18471d3ff9af4ede 7.1/SRPMS/cdrecord-1.8.1-4mdk.src.rpm

June, 23 2000 SECURITY UPDATE: kdesu

A vulnerability in kdesud will allow any user to exploit a buffer overflow. This user then can have a root group access on the machine, by exploiting a bug in the kdesud program. Please upgrade to:

f7e7e16155961422e4d7952639ab6035 7.1/RPMS/kdesu-0.98-14mdk.i586.rpm
2fe16773e5f04707e43c839e35cd8077 7.1/SRPMS/kdesu-0.98-14mdk.src.rpm

June, 23 2000 SECURITY UPDATE: dump

Dump may cause security problem due to a buffer overflow. This package removes the set gid root on the dump exec file. Please upgrade to:

1184cd0e63f1ffa0503d58875335dc39 7.1/RPMS/dump-0.4b16-3mdk.i586.rpm
d81a1894d511ce4f7a86d9e4a104b259 7.1/SRPMS/dump-0.4b16-3mdk.src.rpm

June, 23 2000 SECURITY UPDATE: xemacs

From the Caldera advisory : under some circumstances, users are able to snoop on other users' keystrokes. This is a serious problems if you use modules that require e.g. input of passwords, such as MailCrypt. Please upgrade to:

074d4bd556b2f2cfa29ccd5a18cbe7ef 7.1/RPMS/xemacs-21.1.9-8mdk.i586.rpm
4783690dc25b2601f564c3c4f6e94b33 7.1/RPMS/xemacs-el-21.1.9-8mdk.i586.rpm
52017318776e510dc8e573677cb08381 7.1/RPMS/xemacs-extras-21.1.9-8mdk.i586.rpm
ea8765c92a0c07a93f4d1af5e15791f0 7.1/RPMS/xemacs-info-21.1.9-8mdk.i586.rpm
fa9632a7ecd6dd79affc274aac8e4614 7.1/RPMS/xemacs-mule-21.1.9-8mdk.i586.rpm
604f7a3bb4ffe81b44cfc8edcc6bfe05 7.1/SRPMS/xemacs-21.1.9-8mdk.src.rpm

June, 23 2000 SECURITY UPDATE: fdutils

A vulnerability in fdmount will allow any user to exploit a buffer overflow. This user, when he is in the floppy group, can have a root access on the machine. Please upgrade to:

8cc3da61720d177cdbc75cac9192e427 7.1/RPMS/fdutils-5.3-11mdk.i586.rpm
63fc61599cd180a6b0e4ec9bfebc08d0 7.1/SRPMS/fdutils-5.3-11mdk.src.rpm

August, 12th 2000 SECURITY UPDATE: MandrakeUpdate

Problem: There is a possible race condition in MandrakeUpdate that has the potential for users to tamper with RPMs downloaded by MandrakeUpdate prior to them being installed. This is due to files being stored in the /tmp directory. This is a very low security-risk as most servers that provide user logins shouldn't be using MandrakeUpdate. These updated versions provide a fix for the problem by using /root/tmp instead of /tmp. Please upgrade to:

7a98b1aae4c89bb6685d5684aa5389bd 6.1/RPMS/MandrakeUpdate-6.1-4mdk.i586.rpm
bbd2772b962965231dde2cebc16697ad 6.1/RPMS/grpmi-0.9-4mdk.i586.rpm
6058a51ae41c4f8ab4827ecd298d15af 6.1/SRPMS/MandrakeUpdate-6.1-4mdk.src.rpm

August, 8th 2000 SECURITY UPDATE: perl

Problem: There is a vulnerability that exists when using setuidperl together with the mailx program. In some cases, setuidperl will warn root that something has going on. The setuidperl program uses /bin/mail to send the message, as root, with the environment preserved. An undocumented feature of /bin/mail consists of it interpretting the ~! sequence even if it is not running on the terminal, and the message also contains the script name, taken from argv[1]. With all of this combined, it is possible to execute a command using ~! passed in the script name to create a suid shell. The instance of setuidperl sending such a message can only be reached if you try to fool perl into forcing the execution of one file instead of another. This vulnerability may not be limited to just the mailx program, which is why an upgrade for perl is provided as opposed to an upgrade for mailx. Please upgrade to:

cfdba31ce88d7a72f00ae2f27d4596db 6.1/RPMS/perl-5.00503-5mdk.i586.rpm
3c0d7424d519fc616ce6c902dbbbf760 6.1/SRPMS/perl-5.00503-5mdk.src.rpm

August, 1st 2000 SECURITY UPDATE: pam

Problem: There is a problem with the pam_console module that incorrectly identifies remote X logins for displays other than :0 (for example, :1, :2, etc.) as being local displays, thus giving control of the console to the remote user. Because the remote user has control of the console they are able to issue commands to reboot the remote system after providing their password. Please note that this vulnerability is only exploitable if the system is running a graphical login manager like gdm, kdm, or xdm and if XDMCP is enabled and remote access is granted. Please upgrade to:

a1c1dc3bbd914cb784d967ab0c4b3872 6.1/RPMS/pam-0.72-7mdk.i586.rpm
45c768c2039bb0ee29a271fe9a5b70f1 6.1/RPMS/pam-devel-0.72-7mdk.i586.rpm
9088d87ed13c41dda17dd79f0b1d024c 6.1/RPMS/pam-doc-0.72-7mdk.i586.rpm
8487df775c4b3f775c10b2c636b87710 6.1/SRPMS/pam-0.72-7mdk.src.rpm

July, 31st 2000 SECURITY UPDATE: netscape

Problem: Previous versions of Netscape, from version 3.0 to 4.73 contain a serious overflow flaw due to improper input verification in Netscape's JPEG processing code. The way Netscape processed JPEG comments trusted the length parameter for comment fields. By manipulating this value, it was possible to cause Netscape to read in an excessive amount of data which would then overwrite memory. Data with a malicious design could allow a remote site to execute arbitrary code as the user of Netscape on the client system. It is highly recommended that everyone using Netscape upgrade to this latest version that fixes the flaw. Please upgrade to:

c036cb52e1498df0a0535fe7c72ebeac 6.1/RPMS/netscape-common-4.74-2mdk.i586.rpm
c15f7a002d8c1c131f3d8642f60bed97 6.1/RPMS/netscape-communicator-4.74-2mdk.i586.rpm
8cbd47dd868d9e2be8d234f118cee542 6.1/RPMS/netscape-navigator-4.74-2mdk.i586.rpm
ed04b0a2e33b011891661890f0fc5aa9 6.1/SRPMS/netscape-4.74-2mdk.src.rpm

July, 27th 2000 SECURITY UPDATE: gpm

Problem: Many security flaws existed in the gpm package, which is used to control the mouse in a terminal outside of X Windows. As well, a denial of service attack via /dev/gpmctl is possible. All security issues with the gpm package have been addressed with this update. Please upgrade to:

1af817e7dda71d8e4bfa42c70c516d8f 6.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
b5a6fd08bedb1c1e40711359bf16b44a 6.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.1/SRPMS/gpm-1.19.2-4mdk.src.rpm

July, 22nd 2000 SECURITY UPDATE: inn

Problem: A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made as well. Please upgrade to:

200cc96d3c6c5e1b646b1c68462bc82a 6.1/RPMS/inews-2.2.3-1mdk.i586.rpm
eecd59ad60b9f395034d7e15ca0606f7 6.1/RPMS/inn-2.2.3-1mdk.i586.rpm
911699abe06c7c46d6f7329ac63a633a 6.1/RPMS/inn-devel-2.2.3-1mdk.i586.rpm
0295f03b4b45b26ddc05f06e81603fba 6.1/SRPMS/inn-2.2.3-1mdk.src.rpm

July, 11th 2000 SECURITY UPDATE: dump

Problem: There was the potential for a buffer overflow in the restore program. This new version fixes this possible vulnerability. Please upgrade to:

5a6587e3320eefb639ff4dad95e291be 6.1/RPMS/dump-0.4b18-1mdk.i586.rpm
582e35490586bcf04f1d35dcb04b6b23 6.1/RPMS/rmt-0.4b18-1mdk.i586.rpm
4ff0d0a768b603f22a40745da303e365 6.1/SRPMS/dump-0.4b18-1mdk.src.rpm

July, 7th 2000 SECURITY UPDATE: BitchX

Problem: A denial of service vulnerability exists in BitchX. Improper handling of incoming invitation messages can crash the client. Any user on IRC can send the client an invitation message that causes BitchX to segfault. Please upgrade to:

5e34661e39b67283600ba138694730c5 6.1/RPMS/BitchX-75p3-12mdk.i586.rpm
d4876a7dc0b40226b8abbd80e01988a6 6.1/SRPMS/BitchX-75p3-12mdk.src.rpm

July, 7th 2000 SECURITY UPDATE: inn

Problem: A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. Please upgrade to:

0c7d289d3335126504e23ebcb2ac8df9 6.1/RPMS/inews-2.2-13mdk.i586.rpm
e89291adbbccd244bef4ef7a0f699276 6.1/RPMS/inn-2.2-13mdk.i586.rpm
1a1f6e554928761887eb99f468e3d82a 6.1/RPMS/inn-devel-2.2-13mdk.i586.rpm
06f33642731ec3f24cb67038bfb67e9e 6.1/SRPMS/inn-2.2-13mdk.src.rpm

July, 7th 2000 SECURITY UPDATE: man

Internet Security Systems (ISS) X-Force has identified a vulnerability in the makewhatis Bourne shell script that ships with many Linux distributions. It is found in versions 1.5e and higher of man, and handles temporary files insecurely. Local users may gain a variety of privileges depending on the complexity of the exploit. The mode of any file on the system can be changed to 0700. Any file on the system may be created or overwritten as root. Local users may also be able to read any system file by forcing a copy of it into the whatis database. Please upgrade to:

2b01457036a6813fa616adbca97fcb36 6.1/RPMS/man-1.5g-15mdk.i586.rpm
52d021732aa09d517eeff8b60d427a69 6.1/SRPMS/man-1.5g-15mdk.src.rpm

July, 2nd 2000 SECURITY UPDATE: wu-ftpd

Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because of user input going directly into a format string for a *printf function, it is possible to overwrite important data, such as a return address, on the stack. When this is accomplished, the function can jump into shellcode pointed to by the overwritten eip and execute arbitrary commands as root. While exploited in a manner similar to a buffer overflow, it is actually an input validation problem. Anonymous ftp is exploitable making it even more serious as attacks can come anonymously from anywhere on the internet. Please upgrade to:

89467e25e432271892aea433b613b4f7 6.1/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm
bb37dbaf5f9fc3953c2869592df608c9 6.1/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm

July, 2nd 2000 SECURITY UPDATE: dhcp

The OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server). If this vulnerability is exploited, root access can be gained on the host running dhcp client remotely. The problem is that input is not checked and, as a result, it is possible to execute commands remotely when the network config files are being written on the dhcp client. Please upgrade to:

32915a170c38fe45032e75421dfd4178 6.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm
389c7f48a36ec81528e2f9cdaefc0521 6.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm
9469c360585a2dc69eccf6fbaf3e9099 6.1/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm

June, 4 2000 SECURITY UPDATE: xlockmore

Xlock is an X11 utility used to lock X-Window displays until the password of the user running X is entered correctly. Of course, in order to perform the password-check xlock must be setuid root and have access to the shadowed passwd file. In the xlockmore distributions versions prior to 4.16.1, a buffer overflow vulnerability was present in xlock that permitted a user to view parts of the shadowed passwd file. This is achieved by overwriting (with an oversized -mode argument) a global variable storing a pointer to a string printed in the "usage" output. The pointer would be overwritten with an address pointing to the shadowed passwd data. With the long argument, xlock would find and an error in the command syntax and exit, printing the usage information (along with the shadowed passwd text). Please upgrade to:

614600a41689677da12287b950c2708a 6.1/RPMS/xlockmore-4.16.1-1mdk.i586.rpm
d0a6a3bf840b4d3ea347892f8df1896e 6.1/SRPMS/xlockmore-4.16.1-1mdk.src.rpm

June, 4 2000 SECURITY UPDATE: bind

By default bind is launched as user and group root. This setting can give the possibility to easily exploit vulnerabities in bind. Thanks to Nicolas MONNET for his contribution. Please upgrade to:

185c51a554cd1c2fedf42f002ba8f01f 6.1/RPMS/bind-8.2.2P5-6mdk.i586.rpm
39757dd3b1157685a486fc2c7afe2855 6.1/RPMS/bind-devel-8.2.2P5-6mdk.i586.rpm
507e45161ec6f9cbfb17dcf06d0831f0 6.1/RPMS/bind-utils-8.2.2P5-6mdk.i586.rpm
eeffc6a7d2c7813931a2bbcb8da05a79 6.1/SRPMS/bind-8.2.2P5-6mdk.src.rpm

June, 3 2000 SECURITY UPDATE: cdrecord

The linux cdrecord binary is vulnerable to a locally exploitable buffer overflow attack. When installed on a Linux-Mandrake distribution, it is by default setgid "cdburner" (which is a group, gid: 80, that is created for the application). The overflow condition is the result of no bounds checking on the 'dev=' argument passed to cdburner at execution time. This vulnerability can be exploited to execute arbitrary commands with the gid "cdburner". Please upgrade to:

66d5d79f81864f1bb3a84e9b9d460cd5 6.1/RPMS/cdrecord-1.8.1-4mdk.i586.rpm
f177e0268016d5f376bddf710d737316 6.1/RPMS/cdrecord-cdda2wav-1.8.1-4mdk.i586.rpm
c7ae464b496389fce5191f9a72085de5 6.1/RPMS/cdrecord-devel-1.8.1-4mdk.i586.rpm
7f3b0ad71c10f5c80e01092ff4e11306 6.1/RPMS/mkisofs-1.12.1-4mdk.i586.rpm
624aebaf07615e3f18471d3ff9af4ede 6.1/SRPMS/cdrecord-1.8.1-4mdk.src.rpm

April, 13 2000 SECURITY UPDATE: gpm-root

A security bug was found in gpm-root; the bug can be exploited to provide local users with root access. Please upgrade to:

b9935537b2b7fa56de2ae464fbeb4b6e gpm-1.19.1-3mdk.i586.rpm
70daf482944c2c946645e149d968a648 gpm-1.19.1-3mdk.src.rpm

March, 21 2000 SECURITY UPDATE: usermode

A security bug was found in userhelper; the bug can be exploited to provide local users with root access. Version 1.17 fixes this problem. Please upgrade to:

3fb32f2dd06b0f044711afff285a778b usermode-1.17-1mdk.i586.rpm
0435b9552c67bfd31e9cf04a4599ebd6 usermode-1.17-1mdk.src.rpm

March, 20 2000 SECURITY UPDATE: nmh

The nmh package contains a security bug in MIME headers parsing which can be exploited to trick mhshow into executing arbitrary shell code. Please upgrade to:

dc8da8edb4c04dfaa9a7cbe30172d2c7 nmh-1.03-1mdk.i586.rpm
b5190bc06739bfd37838b767f61f4448 nmh-1.03-1mdk.src.rpm

November 29, 1999 lpr

This version fixes a bug that prevented lpr to work correctly in a few cases.

Please upgrade to:

a1fb3a76ee7cd891ea6c39de7bdaba72 lpr-0.46-1mdk.i586.rpm
bca36e98a78226e88ba7c5e4d72d8e81 lpr-0.46-1mdk.src.rpm

November 15, 1999 SECURITY UPDATE: bind

If you are using Linux-Mandrake as a name server, you should upgrade to this package. It fixes numerous annoying bugs, ranging from execution of arbitrary code to remote crashing. For more information, see CERT advisory CA-99-14.

65c7cef1cb8d43cea869a5f42257ece7 bind-8.2.2P5-1mdk.i586.rpm
f8b7b939a967cb0495a11a22e9b7075c bind-8.2.2P5-1mdk.src.rpm

November 8, 1999 initscripts

This update fixes a bug in ifup-aliases. IP aliasing should now work for those of you who use it.

8ff5a92cd872001f912536f9e0a7fbf8 initscripts-4.23-35mdk.i586.rpm
2d7786531b2a66613ce42d492ac34504 initscripts-4.23-35mdk.src.rpm

November 5, 1999 SECURITY UPDATE: kvirc

This package cures the "!nick ../../../etc/shadow" bug. Understand, it doesn't allow anymore users to get files you wouldn't like them to get.

Remember, though, that you shouldn't IRC as root in any case.

74940e9a668929d33bc8aec05c98178f kvirc-0.9.1-1mdk.i586.rpm
a1f6e33407d5a034e3c939fab025e33a kvirc-0.9.1-1mdk.src.rpm

October 29, 1999 kernel

This is 2.2.13 final. RAID is now supported on this kernel.

27db8f6709b4c8744bae082a749cf79e kernel-2.2.13-22mdk.i586.rpm
5edb7200d67a7deaa58cf8d66eba6ca8 kernel-2.2.13-22mdk.src.rpm
942782496a12aa5b8d1615ca841d0d5a kernel-doc-2.2.13-22mdk.i586.rpm
cdb8e6d494221d0bfde5150d29a7969f kernel-fb-2.2.13-22mdk.i586.rpm
67fe8a11e64ab3721292ac582ca83dce kernel-headers-2.2.13-22mdk.i586.rpm
dd1770635a622e5010e1959f461ab4c9 kernel-ibcs-2.2.13-22mdk.i586.rpm
2a2f3001e798473f10537033b4ea2bb4 kernel-pcmcia-cs-2.2.13-22mdk.i586.rpm
35b0450d35d42ba77b5066f1d90f9825 kernel-smp-2.2.13-22mdk.i586.rpm
ecdc2001887bccb5ba1543f9f4f41bad kernel-source-2.2.13-22mdk.i586.rpm

October 29, 1999 netscape

This is version 4.70 of Netscape. It fixes the timezone bug: Netscape 4.61 believed that everyone was located at GMT...

89b66260957d688c4a15df60f452d641 netscape-4.70-1mdk.src.rpm
28f2c1d7e36a0fc15f9feefe990255d1 netscape-common-4.70-1mdk.i586.rpm
303fea955b7b9d808319c0fa4170032f netscape-communicator-4.70-1mdk.i586.rpm
edb5188980e17cae385bd177c1a9246d netscape-navigator-4.70-1mdk.i586.rpm

October 29, 1999 SECURITY UPDATE: am-utils

There is a potential buffer overflow / remote exploit in the am-utils package. Please upgrade to :

919d46ca0a7a93cf5ac6bd72030876ee am-utils-6.0.1s11-1mdk.i586.rpm
fa81483da16ce5b83f72ab9dd4edaaa1 am-utils-6.0.1s11-1mdk.src.rpm

October 29, 1999 SECURITY UPDATE: ypserv

This package fixes several problems:

- A bug allowed for all admins on a NIS domain to inject password tables into the NIS server.

- A user on a NIS domain could change the login shell and GECOS information (real name, etc.) of other users.

- There was a potential buffer overflow in the MD5 hash generation.

82dfa8f405bbc56ab7baa656fdd8b8d7 ypserv-1.3.9-1mdk.i586.rpm
1f1f2a2f5c5ed7d84a460e446a892a4f ypserv-1.3.9-1mdk.src.rpm

October 22, 1999 SECURITY UPDATE: wu-ftpd

This update cures two problems:

- two potential buffer overflows, which could make the server execute arbitrary code if exploited

- a memory usage condition problem, where a user could make the server consume huge amounts of memory, eventually rendering the system unusable.

Problem mentioned by CERT advisort CA-99.13.

Please upgrade to:

b8e916297a78253fa29ce99d96d147ce wu-ftpd-2.6.0-1mdk.i586.rpm (binary)
d647bd1b73149fbc7975c747f1863d35 wu-ftpd-2.6.0-1mdk.src.rpm (source)

October 21, 1999 SECURITY UPDATE: screen

By default, screen did not use Unix98 ptys (/dev/pts/*), which resulted in its controlling terminal being world-writable. This is a security bug, which this package cures. Credits go to Red Hat.

Moreover, /etc/profile.d/screen.sh has been rewritten so that it's now totally sh-compatible, ie it will also work with other sh-compatible shells (zsh, ash to name two of them).

Please upgrade to:

49922e0afd94dbe488f18455829b1da7 screen-3.9.4-3mdk.i586.rpm (binary)
3893af09f61aad3b3bbeb50e91f7fd7a screen-3.9.4-3mdk.src.rpm (source)

October 18, 1999 SECURITY UPDATE: lpr

A security hole has been found in the version of lpr shipped with Mandrake 6.1 that could allow users to print files for which they don't have read permissions.

Please upgrade to:

2078ba99d21f81bcd328a478424a51a8 lpr-0.43-1mdk.i586.rpm (binary)
fab2deed508d22659e359c6fb6c861f9 lpr-0.43-1mdk.src.rpm (source)

October 2nd, 1999 MandrakeUpdate

This update is for internationalization purposes: modified English text in the sources, descriptons in other languages than English will now display correctly. Upgrade to:

fe63cf56d6c2da5219dd1dd66a99833c MandrakeUpdate-6.1-3mdk.i586.rpm
116b2632f2d790516b8d598c5edf533e MandrakeUpdate-6.1-3mdk.src.rpm

October 2nd, 1999 xpdf

This package fixes the numerous bug reports of xpdf hanging the machine when viewing some special PDF files. Upgrade to:

1611e439d7855e7ca2a10c2f720c8256 xpdf-0.90-2mdk.i586.rpm
78b44f853d976a6553b197a9db4ea3f2 xpdf-0.90-2mdk.src.rpm

October 2nd, 1999 gnuplot

If you use GNUplot, you will need this upgrade: it fixes the problem of corrupted Postcript output generation. Upgrade to:

fe582b20fc6fc53bf4085c696b314370 gnuplot-3.7.0.1-3mdk.i586.rpm
646f323896450a0080659c4cd16c449c gnuplot-3.7.0.1-3mdk.src.rpm

October 2nd, 1999 mount

This update fixes the problem with mounting FAT filesystems: mount should not ask you to specify the filesystem type anymore. Upgrade to:

02eedc11731deea3214403d8cc714528 mount-2.9w-3mdk.i586.rpm
4cd42a259b6ac397dd647203ff924413 util-linux-2.9w-3mdk.src.rpm

For most recent updates, we give the md5 sum. It lets you check the integrity of the downloaded package by running the md5sum command on the package.

August, 12th 2000 SECURITY UPDATE: MandrakeUpdate

Problem: There is a possible race condition in MandrakeUpdate that has the potential for users to tamper with RPMs downloaded by MandrakeUpdate prior to them being installed. This is due to files being stored in the /tmp directory. This is a very low security-risk as most servers that provide user logins shouldn't be using MandrakeUpdate. These updated versions provide a fix for the problem by using /root/tmp instead of /tmp. Please upgrade to:

ab5f320ff86ad0fa83e43d037683223f 6.0/RPMS/MandrakeUpdate-6.0-6mdk.i586.rpm
74dd6d4fc6992095610bdf7f87ce4fb0 6.0/RPMS/grpmi-0.9-6mdk.i586.rpm
4cbb0acfe62dc80f0a092e3103c74473 6.0/SRPMS/MandrakeUpdate-6.0-6mdk.src.rpm

August, 8th 2000 SECURITY UPDATE: perl

Problem: There is a vulnerability that exists when using setuidperl together with the mailx program. In some cases, setuidperl will warn root that something has going on. The setuidperl program uses /bin/mail to send the message, as root, with the environment preserved. An undocumented feature of /bin/mail consists of it interpretting the ~! sequence even if it is not running on the terminal, and the message also contains the script name, taken from argv[1]. With all of this combined, it is possible to execute a command using ~! passed in the script name to create a suid shell. The instance of setuidperl sending such a message can only be reached if you try to fool perl into forcing the execution of one file instead of another. This vulnerability may not be limited to just the mailx program, which is why an upgrade for perl is provided as opposed to an upgrade for mailx. Please upgrade to:

1c42a4a20c7c042f78ae846cc9bfdc81 6.0/RPMS/perl-5.00503-5mdk.i586.rpm
3c0d7424d519fc616ce6c902dbbbf760 6.0/SRPMS/perl-5.00503-5mdk.src.rpm

August, 1st 2000 SECURITY UPDATE: pam

Problem: There is a problem with the pam_console module that incorrectly identifies remote X logins for displays other than :0 (for example, :1, :2, etc.) as being local displays, thus giving control of the console to the remote user. Because the remote user has control of the console they are able to issue commands to reboot the remote system after providing their password. Please note that this vulnerability is only exploitable if the system is running a graphical login manager like gdm, kdm, or xdm and if XDMCP is enabled and remote access is granted. Please upgrade to:

9f3e95d37e6867e6d4af5ccb722fda5f 6.0/RPMS/pam-0.72-7mdk.i586.rpm
25f54cd5a2c596fc987241cc10a42fe8 6.0/RPMS/pam-devel-0.72-7mdk.i586.rpm
9654560a8d90e3f73311bafb74d8ca2a 6.0/RPMS/pam-doc-0.72-7mdk.i586.rpm
8487df775c4b3f775c10b2c636b87710 6.0/SRPMS/pam-0.72-7mdk.src.rpm

July, 31st 2000 SECURITY UPDATE: netscape

Problem: Previous versions of Netscape, from version 3.0 to 4.73 contain a serious overflow flaw due to improper input verification in Netscape's JPEG processing code. The way Netscape processed JPEG comments trusted the length parameter for comment fields. By manipulating this value, it was possible to cause Netscape to read in an excessive amount of data which would then overwrite memory. Data with a malicious design could allow a remote site to execute arbitrary code as the user of Netscape on the client system. It is highly recommended that everyone using Netscape upgrade to this latest version that fixes the flaw. Please upgrade to:

c036cb52e1498df0a0535fe7c72ebeac 6.0/RPMS/netscape-common-4.74-2mdk.i586.rpm
c15f7a002d8c1c131f3d8642f60bed97 6.0/RPMS/netscape-communicator-4.74-2mdk.i586.rpm
8cbd47dd868d9e2be8d234f118cee542 6.0/RPMS/netscape-navigator-4.74-2mdk.i586.rpm
ed04b0a2e33b011891661890f0fc5aa9 6.0/SRPMS/netscape-4.74-2mdk.src.rpm

July, 27th 2000 SECURITY UPDATE: gpm

Problem: Many security flaws existed in the gpm package, which is used to control the mouse in a terminal outside of X Windows. As well, a denial of service attack via /dev/gpmctl is possible. All security issues with the gpm package have been addressed with this update. Please upgrade to:

8c7088606cf9b840969fa7937186fab5 6.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
30c50ead5ce218d33e4f37fd6e20dc0b 6.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.0/SRPMS/gpm-1.19.2-4mdk.src.rpm

July, 22nd 2000 SECURITY UPDATE: inn

Problem: A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made as well. Please upgrade to:

eb1a1f9a42623ed0de6d94376aa02937 6.0/RPMS/inews-2.2.3-1mdk.i586.rpm
6d76b7615e559b66795dba28791145ba 6.0/RPMS/inn-2.2.3-1mdk.i586.rpm
57338dfdb19813de897c1ebbc7199646 6.0/RPMS/inn-devel-2.2.3-1mdk.i586.rpm
0295f03b4b45b26ddc05f06e81603fba 6.0/SRPMS/inn-2.2.3-1mdk.src.rpm

July, 11th 2000 SECURITY UPDATE: dump

Problem: There was the potential for a buffer overflow in the restore program. This new version fixes this possible vulnerability. Please upgrade to:

828d750c80c021c6253cac0191486fb1 6.0/RPMS/dump-0.4b18-1mdk.i586.rpm
3e6355619c5ee93ac3505efdb35831fe 6.0/RPMS/rmt-0.4b18-1mdk.i586.rpm
4ff0d0a768b603f22a40745da303e365 6.0/SRPMS/dump-0.4b18-1mdk.src.rpm

July, 7th 2000 SECURITY UPDATE: inn

Problem: A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. Please upgrade to:

8d76f507f7111048dbb65e4b4418015d 6.0/RPMS/inews-2.2-13mdk.i586.rpm
2f55fd16b4a6423b1e7c6dc919a9940f 6.0/RPMS/inn-2.2-13mdk.i586.rpm
85709c0479537e4fabdf7f159723ec0e 6.0/RPMS/inn-devel-2.2-13mdk.i586.rpm
06f33642731ec3f24cb67038bfb67e9e 6.0/SRPMS/inn-2.2-13mdk.src.rpm

July, 7th 2000 SECURITY UPDATE: man

Internet Security Systems (ISS) X-Force has identified a vulnerability in the makewhatis Bourne shell script that ships with many Linux distributions. It is found in versions 1.5e and higher of man, and handles temporary files insecurely. Local users may gain a variety of privileges depending on the complexity of the exploit. The mode of any file on the system can be changed to 0700. Any file on the system may be created or overwritten as root. Local users may also be able to read any system file by forcing a copy of it into the whatis database. Please upgrade to:

f4f87cab84a716a2ccb8c74b3325c0c9 6.0/RPMS/man-1.5g-15mdk.i586.rpm
52d021732aa09d517eeff8b60d427a69 6.0/SRPMS/man-1.5g-15mdk.src.rpm

July, 2nd 2000 SECURITY UPDATE: wu-ftpd

Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because of user input going directly into a format string for a *printf function, it is possible to overwrite important data, such as a return address, on the stack. When this is accomplished, the function can jump into shellcode pointed to by the overwritten eip and execute arbitrary commands as root. While exploited in a manner similar to a buffer overflow, it is actually an input validation problem. Anonymous ftp is exploitable making it even more serious as attacks can come anonymously from anywhere on the internet. Please upgrade to:

b4340d1007f5128d5d80502007c11a17 6.0/RPMS/wu-ftpd-2.6.0-7mdk.i586.rpm
bb37dbaf5f9fc3953c2869592df608c9 6.0/SRPMS/wu-ftpd-2.6.0-7mdk.src.rpm

July, 2nd 2000 SECURITY UPDATE: dhcp

The OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server). If this vulnerability is exploited, root access can be gained on the host running dhcp client remotely. The problem is that input is not checked and, as a result, it is possible to execute commands remotely when the network config files are being written on the dhcp client. Please upgrade to:

9621fbe7b5fbf14063c4806bf2c1e141 6.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm
0ee7eac80fad4382014c9b2f9181b7d8 6.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm
9469c360585a2dc69eccf6fbaf3e9099 6.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm

April, 13 2000 SECURITY UPDATE: gpm-root

A security bug was found in gpm-root; the bug can be exploited to provide local users with root access. Please upgrade to:

84573040f5d23e11e62e921bb9db04df gpm-1.19.1-3mdk.i586.rpm
613df6a46c236b6ac02acc56815362ac gpm-1.19.1-3mdk.src.rpm

March, 21 2000 SECURITY UPDATE: usermode

A security bug was found in userhelper; the bug can be exploited to provide local users with root access. Version 1.17 fixes this problem. Please upgrade to:

40af947672b497936fa21fc4498c5a77 usermode-1.17-1mdk.i586.rpm
3f8d4cca1c941957124334ff6ec3c9f6 usermode-1.17-1mdk.src.rpm

March, 20 2000 SECURITY UPDATE: nmh

The nmh package contains a security bug in MIME headers parsing which can be exploited to trick mhshow into executing arbitrary shell code. Please upgrade to:

809fd59b163f6e3b0bdc87b8478dc4df nmh-1.03-1mdk.i586.rpm
b5190bc06739bfd37838b767f61f4448 nmh-1.03-1mdk.src.rpm

September, 28 1999 SECURITY UPDATE: gnomehack

An exploit (buffer overflow attack) has been found in this package. Please upgrade to :

b5171745e7db67bfeb63bdbb4b0874c5 gnomehack-1.0.1-7mdk.i586.rpm
552088a2b2224733ce4385576b6b9c83 gnomehack-1.0.1-7mdk.src.rpm

September, 03 1999 SECURITY UPDATE: am-utils

There is a potential buffer overflow / remote exploit in the am-utils package. Please upgrade to :

f153130e30b21dd17b5d67e6abe13809 am-utils-6.0.1s11-1mdk.i586.rpm
7cf7b619b58c7f7e060812712532dbbc am-utils-6.0.1s11-1mdk.src.rpm

September, 02 1999 SECURITY UPDATE: vixie-cron

There is a possible exploit in MAILTO -C command and buffer overflow vulnerability. Upgrade to:

d41d8cd98f00b204e9800998ecf8427e vixie-cron-3.0.1-38mdk.i586.rpm
f39e68d26be775971ac20faac2690607 vixie-cron-3.0.1-38mdk.src.rpm

August, 25 1999 SECURITY UPDATE: BeroFTPD

the BeroFTPD deamon as distributed in the BeroFTPD package from Mandrake 6.0 has a security problem. Upgrade to:

8a57ca15bd7010eb59e15ca236fa62ae BeroFTPD-1.3.4-2mdk.i586.rpm
501e1842d6d60d3e6a13bbf3b57b1d14 BeroFTPD-1.3.4-2mdk.src.rpm

August, 25 1999 SECURITY UPDATE: lynx

lynx as distributed in the lynx package from Mandrake 6.0 has a security problem. Upgrade to:

a092b77d8a7ad735475bd8432e450545 lynx-2.8.3dev.6-3mdk.i586.rpm
a7c2ee688950450210149dc8ad36c970 lynx-2.8.3dev.6-3mdk.src.rpm

August, 25 1999 SECURITY UPDATE: wu-ftpd

the wu-ftpd deamon as distributed in the wu-ftpd package from Mandrake 6.0 has a security problem. Upgrade to:

5815bc15ccd634af168f969cf1478baa wu-ftpd-2.5.0-2mdk.i586.rpm
3e3128b71b94195989fb76f98510a02f wu-ftpd-2.5.0-2mdk.src.rpm

August, 17 1999 SECURITY UPDATE: isdn4utils

xmonisdn as distributed in the isndutils package from Mandrake 6.0 has a security problem. Upgrade to:

4109ff6f46614bfba6eb5b41651eea56 isdn4k-utils-3.0-4mdk.i586.rpm
90a263b047adbb52b937546c5571c780 isdn4k-utils-3.0-4mdk.src.rpm

July, 27 1999 SECURITY UPDATE: Apache (Squid-related problem)

Squid was installing an HTML administration cgi in /cgi-bin, giving world access. It is moved in /protected-cgi-bin/, restricting access only to localhost.

Upgrade to:

aa9efede7a46d7283678aca76469fe88 apache-1.3.6-28mdk.i586.rpm
d1801c972d30363d4227f9dab024e208 squid-2.2.STABLE4-2mdk.i586.rpm
d071c9f6bcaefd7e2b15c0a6a58116d0 apache-1.3.6-28mdk.src.rpm
257f93c080150cff71c10b22120190e9 apache-devel-1.3.6-28mdk.i586.rpm
3ea35a4d5e915f4be20217bd07d2703a squid-2.2.STABLE4-2mdk.src.rpm

July, 27 1999 Initscripts

IP aliases were not working correctly because ifup-aliases was looking for a previous version of libncurses.

Upgrade to:

3813c9839c202f4858226225ae635791 initscripts-4.16-31mdk.i586.rpm
304048ccf7d379cef3d94271131ad426 initscripts-4.16-31mdk.src.rpm

July, 27 1999 Xconfigurator

The french-canadian keyboard in X was incorrectly configured as an azerty keyboard. Upgrade to:

6bc7286956dd31bf3cea899fd20c4df6 Xconfigurator-4.2.3-4mdk.i586.rpm
4a0861e6ae5eaf6551a43f1adfc3fc01 Xconfigurator-4.2.3-4mdk.src.rpm

July, 26 1999 KPPP (Internet dialer) problem

Upgrade to kdenetwork-1.1.1final-7mdk.i586.rpm

July, 23 1999 SECURITY UPDATE: samba

Several security holes have been discovered in the latest release of Samba. Please upgrade to samba-2.0.5a-1mdk.i586.rpm

July, 19 1999 PPP problem

The "ifdown" script was not working. Upgrade to ppp-2.3.8-1mdk.i586.rpm

July, 5 1999 bug in printtool package

Unhappily, some users may experience some problems with printtol (missing printers). Please upgrade to: printtool-3.40-6mdk.noarch.rpm

June, 25 1999 SECURITY UPDATE: screensavers from kdebase

Upgrade to kdebase-1.1.1final-11mdk.i586.rpm

June, 25 1999 SECURITY UPDATE: net-tools

Upgrade to our new net-tools package which fixes potentional bufer overruns. This package also contains a patch for ESP and GRE protocols recognition in VPN masquerade. Upgrade to net-tools-1.52-6mdk.i586.rpm

Netscape Communicator

Netscape Communicator 4.6 appears to be very unstable for many users. Please upgrade to 4.61stable if your experience such instability problems.
Command line for upgrading:

rpm -Uvh --force --nodeps netscape-common-4.61stable-1mdk.i586.rpm
rpm -Uvh netscape-communicator-4.61stable-1mdk.i586.rpm

SECURITY UPDATE: kernel 2.2.9

2.2.x kernel are all affected by a networking security bug. Please do not use your machine in a network environment until you update with our new kernel.
Command line for upgrading:

rpm -ivh kernel-2.2.9-27mdk.i586.rpm

Important note: please don't forget to modify /etc/lilo.conf after upgrading, and re-run /sbin/lilo.
Scsi users: please regenerate the initrd image with the command "mkinitrd /boot/initrd-2.2.9-27mdk.img 2.2.9-27mdk"

umount problem at shutdown time

Some users can experience a "busy partition" message at shutdown time.
Solution: upgrade to initscripts-4.16-30mdk.i586.rpm and to kernel-2.2.9-27mdk.i586.rpm. An updated initscripts package is also available:

rpm -Uvh initscripts-4.16-30mdk.i586.rpm
rpm -ivh kernel-2.2.9-27mdk.i586.rpm

Note: if you run in level 5, don't forget to set it again in /etc/inittab [just replace id:3:initdefault: by id:5:initdefault:] after initscripts upgrading!

sox problems

Some users can experience some problems with sox.
Please test: sox-12.15-7mdk.i586.rpm

lilo

Some problems have been found when using LILO on SMP (multi-processors) machines. Please upgrade to: lilo-0.21-6mdk.i586.rpm

utemper

If you use this package, please upgrade to utempter-0.5-3mdk.i586.rpm, which should solve the hanging processes problem.

libIDL programs compilation problems

Please upgrade to:

ORBit-0.4.3-3mdk.i586.rpm
ORBit-devel-0.4.3-3mdk.i586.rpm

esound problems

Please upgrade to:

audiofile-0.1.7-4mdk.i586.rpm
audiofile-devel-0.1.7-4mdk.i586.rpm
esound-0.2.12-4mdk.i586.rpm
esound-devel-0.2.12-4mdk.i586.rpm

gperf not working

Please upgrade to: gperf-2.7-8mdk.i586.rpm

problems with installation disks

We have put new boot images (boot.img, boot-ol.img, boot-ne.img, boot-ee.img, bootnet.img, pcmcia.img) in updates/6.0/images/.

gnopad+ problems

Please upgrade to: gnotepad+-1.1.3-3mdk.i586.rpm

corrupted tetex-afm package

Unhappily, some CD contain a corrupted tetex-afm package. If you can't use LaTeX (or cannot print/print preview in KLyX) please install: tetex-afm-0.9-9mdk.i586.rpm from updates/.