BugTraq
[ MDVSA-2012:166 ] bacula Oct 12 2012 02:29PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:166
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bacula
Date : October 12, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in bacula:

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11
does not properly enforce ACL rules, which allows remote authenticated
users to obtain resource dump information via unspecified vectors
(CVE-2012-4430).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4430
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
19c2e396c057a462eed645763f6dd214 mes5/i586/bacula-common-3.0.3-0.2mdvmes5.2.i586.rpm
2ed8f24e1dd0631c0f66459c803d77d6 mes5/i586/bacula-console-3.0.3-0.2mdvmes5.2.i586.rpm
125e86f5f3ab21c7187e7250a6a398d4 mes5/i586/bacula-console-gnome-3.0.3-0.2mdvmes5.2.i586.rpm
02ecfe2faed93c639198d92bdb9136c1 mes5/i586/bacula-console-wx-3.0.3-0.2mdvmes5.2.i586.rpm
3ece4e74eecdc68f248328b0cd44df91 mes5/i586/bacula-dir-common-3.0.3-0.2mdvmes5.2.i586.rpm
12eac5efa71756f40c9b87a2196c971d mes5/i586/bacula-dir-mysql-3.0.3-0.2mdvmes5.2.i586.rpm
518f88db266dffdc6b28655c59b9cd12 mes5/i586/bacula-dir-pgsql-3.0.3-0.2mdvmes5.2.i586.rpm
8cc7f89f0b8c9733664e6ae41ef940a4 mes5/i586/bacula-dir-sqlite-3.0.3-0.2mdvmes5.2.i586.rpm
aa6982dc6d72b8ecebf0e5a2e5b12d93 mes5/i586/bacula-dir-sqlite3-3.0.3-0.2mdvmes5.2.i586.rpm
fa909ff617fc0985bef861cbcd82ce96 mes5/i586/bacula-fd-3.0.3-0.2mdvmes5.2.i586.rpm
96557d5790a25b37a6e2e5fb8058b04b mes5/i586/bacula-gui-bimagemgr-3.0.3-0.2mdvmes5.2.i586.rpm
ccd13a62c0835c0cc418cda38ba565e6 mes5/i586/bacula-gui-bweb-3.0.3-0.2mdvmes5.2.i586.rpm
9dcaf0949cb92e3e5137255810699296 mes5/i586/bacula-gui-web-3.0.3-0.2mdvmes5.2.i586.rpm
5695b3150b11f84223a5152bb30aba64 mes5/i586/bacula-sd-3.0.3-0.2mdvmes5.2.i586.rpm
2df32a57b05c2e1290d84786f9ef31c7 mes5/SRPMS/bacula-3.0.3-0.2mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
b271737aee3770bcd7cef6f1d97875e9 mes5/x86_64/bacula-common-3.0.3-0.2mdvmes5.2.x86_64.rpm
623c71cdb2c38b1b6f06d6d6a321b6c5 mes5/x86_64/bacula-console-3.0.3-0.2mdvmes5.2.x86_64.rpm
795c5261d9b92e6868a57da5c554b464 mes5/x86_64/bacula-console-gnome-3.0.3-0.2mdvmes5.2.x86_64.rpm
8562e98eef26fa0fe1d4eb94cd21dcb0 mes5/x86_64/bacula-console-wx-3.0.3-0.2mdvmes5.2.x86_64.rpm
2044cbdb6d62d872c79727a67951f218 mes5/x86_64/bacula-dir-common-3.0.3-0.2mdvmes5.2.x86_64.rpm
c28eec43673f0967e0b17f1baf8b7c42 mes5/x86_64/bacula-dir-mysql-3.0.3-0.2mdvmes5.2.x86_64.rpm
817f3d6a0697b9c97189592f18f92983 mes5/x86_64/bacula-dir-pgsql-3.0.3-0.2mdvmes5.2.x86_64.rpm
6d7413099343399fde6d99b3a7df8dd9 mes5/x86_64/bacula-dir-sqlite-3.0.3-0.2mdvmes5.2.x86_64.rpm
e96a8577bea4e733d9e6f88914684173 mes5/x86_64/bacula-dir-sqlite3-3.0.3-0.2mdvmes5.2.x86_64.rpm
ac3a716e0e1ce3ee931854e34aeead9d mes5/x86_64/bacula-fd-3.0.3-0.2mdvmes5.2.x86_64.rpm
4cb81dd656d54b66f6e62d3dd3454e01 mes5/x86_64/bacula-gui-bimagemgr-3.0.3-0.2mdvmes5.2.x86_64.rpm
cf2c22981a45797cab0e84afa0d003c8 mes5/x86_64/bacula-gui-bweb-3.0.3-0.2mdvmes5.2.x86_64.rpm
072cc023f4e40755f27dcb6fdea3985d mes5/x86_64/bacula-gui-web-3.0.3-0.2mdvmes5.2.x86_64.rpm
dd975ce1741046ab3e91465920c19e79 mes5/x86_64/bacula-sd-3.0.3-0.2mdvmes5.2.x86_64.rpm
2df32a57b05c2e1290d84786f9ef31c7 mes5/SRPMS/bacula-3.0.3-0.2mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQd/16mqjQ0CJFipgRAlCOAJ48TB2FJWQOaj3BwljB3jfYKxys8gCdHZ8z
ORU1yhmQ4yGX9M+HGq57Hj8=
=wCu3
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus