Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Focus On: Vista
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
BugTraq
Back to list
|
Post reply
[ MDVSA-2008:076 ] - Updated wml packages fix symlink vulnerabilities
Mar 26 2008 08:53PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:076
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wml
Date : March 26, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
Two vulnerabilities were found in the Website META Language (WML)
package that allowed local users to overwrite arbitrary files via
symlink attacks.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0666
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
5236531d6397a276dbbdc13b118605db 2007.1/i586/wml-2.0.11-1.1mdv2007.1.i586.rpm
aa1c8ddcebacd87ab711f45b29297aff 2007.1/SRPMS/wml-2.0.11-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
b6cca9238f4c53141f18fa72302fe8fe 2007.1/x86_64/wml-2.0.11-1.1mdv2007.1.x86_64.rpm
aa1c8ddcebacd87ab711f45b29297aff 2007.1/SRPMS/wml-2.0.11-1.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
e25d594701c56bd51c8e648ebeac206b 2008.0/i586/wml-2.0.11-1.1mdv2008.0.i586.rpm
c34710838783e2d725ecf5fc99d24091 2008.0/SRPMS/wml-2.0.11-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
1e57a84169d7168bae4aff8bdc38f02e 2008.0/x86_64/wml-2.0.11-1.1mdv2008.0.x86_64.rpm
c34710838783e2d725ecf5fc99d24091 2008.0/SRPMS/wml-2.0.11-1.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFH6o0gmqjQ0CJFipgRArgjAJ4p41jCe2Y3Vk5VxS9wNoUXOs/LJgCffqoh
8TVcY+m67QHbXdSHB1nlh2Q=
=yda2
-----END PGP SIGNATURE-----
[ reply ]
Privacy Statement
Copyright 2007, SecurityFocus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:076
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wml
Date : March 26, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
Two vulnerabilities were found in the Website META Language (WML)
package that allowed local users to overwrite arbitrary files via
symlink attacks.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0666
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
5236531d6397a276dbbdc13b118605db 2007.1/i586/wml-2.0.11-1.1mdv2007.1.i586.rpm
aa1c8ddcebacd87ab711f45b29297aff 2007.1/SRPMS/wml-2.0.11-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
b6cca9238f4c53141f18fa72302fe8fe 2007.1/x86_64/wml-2.0.11-1.1mdv2007.1.x86_64.rpm
aa1c8ddcebacd87ab711f45b29297aff 2007.1/SRPMS/wml-2.0.11-1.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
e25d594701c56bd51c8e648ebeac206b 2008.0/i586/wml-2.0.11-1.1mdv2008.0.i586.rpm
c34710838783e2d725ecf5fc99d24091 2008.0/SRPMS/wml-2.0.11-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
1e57a84169d7168bae4aff8bdc38f02e 2008.0/x86_64/wml-2.0.11-1.1mdv2008.0.x86_64.rpm
c34710838783e2d725ecf5fc99d24091 2008.0/SRPMS/wml-2.0.11-1.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFH6o0gmqjQ0CJFipgRArgjAJ4p41jCe2Y3Vk5VxS9wNoUXOs/LJgCffqoh
8TVcY+m67QHbXdSHB1nlh2Q=
=yda2
-----END PGP SIGNATURE-----
[ reply ]