From security@linux-mandrake.com Tue Dec 14 22:53:02 2004 From: Mandrake Linux Security Team To: full-disclosure@lists.netsys.com Date: 14 Dec 2004 00:15:54 -0000 Subject: [Full-Disclosure] MDKSA-2004:148 - Updated iproute2 packages fix temporary file vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: iproute2 Advisory ID: MDKSA-2004:148 Date: December 13th, 2004 Affected versions: 10.0, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________ Problem Description: Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. The updated packages have been patched to prevent this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 290adad6e69300fa2781331090b9710f 10.0/RPMS/iproute2-2.4.7-11.1.100mdk.i586.rpm 44b2961ae2973264493bd34dbabd298f 10.0/SRPMS/iproute2-2.4.7-11.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 0f077f6057ded8de93567b9f4381bb36 amd64/10.0/RPMS/iproute2-2.4.7-11.1.100mdk.amd64.rpm 44b2961ae2973264493bd34dbabd298f amd64/10.0/SRPMS/iproute2-2.4.7-11.1.100mdk.src.rpm Corporate Server 2.1: 40151a76e2858db11fa0222da80b07e7 corporate/2.1/RPMS/iproute2-2.4.7-4.2.C21mdk.i586.rpm 675c40d02db789e13254a2dabd246887 corporate/2.1/SRPMS/iproute2-2.4.7-4.2.C21mdk.src.rpm Corporate Server 2.1/x86_64: 2c12ed5a57a03d3fc5817dbb82db9101 x86_64/corporate/2.1/RPMS/iproute2-2.4.7-4.2.C21mdk.x86_64.rpm 675c40d02db789e13254a2dabd246887 x86_64/corporate/2.1/SRPMS/iproute2-2.4.7-4.2.C21mdk.src.rpm Mandrakelinux 9.2: bd787588ff4f13c7f01d1ff72468a58d 9.2/RPMS/iproute2-2.4.7-11.1.92mdk.i586.rpm 8a514462f7df3790a83f3459529b570b 9.2/SRPMS/iproute2-2.4.7-11.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64: 8eabf21a5800311960c1a0c624095dea amd64/9.2/RPMS/iproute2-2.4.7-11.1.92mdk.amd64.rpm 8a514462f7df3790a83f3459529b570b amd64/9.2/SRPMS/iproute2-2.4.7-11.1.92mdk.src.rpm Multi Network Firewall 8.2: 9db0dd8abc802c56b6d080267419c605 mnf8.2/RPMS/iproute2-2.2.4-13.1.M82mdk.i586.rpm 028f2565993c862fe24c862d536cec71 mnf8.2/SRPMS/iproute2-2.2.4-13.1.M82mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBvjC6mqjQ0CJFipgRAkXMAJ4zJhh8cBOUuP+csEloZyGxvVtCUgCg5Zxl HNzHDq4AkhSqcuXFuzX1MOo= =/iAg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html