Multiple Vendor mgetty Symbolic Link Traversal Vulnerability

Solution:
Users of mgetty should upgrade to versions 1.1.22 to eliminate this vulnerability

Mandrake Linux:
The following patches are available for Mandrake Linux.
Linux-Mandrake 6.0:
a27f4bbce80bdc1e613eec900b581a44 6.0/RPMS/mgetty-1.1.22-2mdk.i586.rpm
485fd02bcacf5eace99276dd2ce7f554 6.0/RPMS/mgetty-contrib-1.1.22-2mdk.i586.rpm
b407ad2c8a5fdc3fca31204667a63a04 6.0/RPMS/mgetty-sendfax-1.1.22-2mdk.i586.rpm
839b2c1f09694e81b40b9e244f68b80b 6.0/RPMS/mgetty-viewfax-1.1.22-2mdk.i586.rpm
5ed6b9290249a74aa9e308296cb02783 6.0/RPMS/mgetty-voice-1.1.22-2mdk.i586.rpm
d1deb85b2deb0be64d48bf8138e06ae3 6.0/SRPMS/mgetty-1.1.22-2mdk.src.rpm

Linux-Mandrake 6.1:
10583e14f13a43cb96abbbba7394b590 6.1/RPMS/mgetty-1.1.22-2mdk.i586.rpm
a51aa6db2867b7a1c27e0a0a6601f57a 6.1/RPMS/mgetty-contrib-1.1.22-2mdk.i586.rpm
deac3868dfe80f917d3951add26ec6bb 6.1/RPMS/mgetty-sendfax-1.1.22-2mdk.i586.rpm
c24fc09f0621c083f526fcc554a9edac 6.1/RPMS/mgetty-viewfax-1.1.22-2mdk.i586.rpm
23bfc2f265564fc25c3316aa7d4df7d3 6.1/RPMS/mgetty-voice-1.1.22-2mdk.i586.rpm
d1deb85b2deb0be64d48bf8138e06ae3 6.1/SRPMS/mgetty-1.1.22-2mdk.src.rpm

Linux-Mandrake 7.0:
557a3d5d9e26c2d82e4f2f1384df9784 7.0/RPMS/mgetty-1.1.22-2mdk.i586.rpm
25b2bd75ba4c06b94ba3db25d4929354 7.0/RPMS/mgetty-contrib-1.1.22-2mdk.i586.rpm
5feb56b3a1e068afcef11c8fc4c74443 7.0/RPMS/mgetty-sendfax-1.1.22-2mdk.i586.rpm
78db1386e7ce356d5d5a1e05078cc6e3 7.0/RPMS/mgetty-viewfax-1.1.22-2mdk.i586.rpm
b4c845e5ca1c2de9d5db00e546ea0c2e 7.0/RPMS/mgetty-voice-1.1.22-2mdk.i586.rpm
d1deb85b2deb0be64d48bf8138e06ae3 7.0/SRPMS/mgetty-1.1.22-2mdk.src.rpm

Linux-Mandrake 7.1:
76b71d096e4102f8b17de8ff07353200 7.1/RPMS/mgetty-1.1.22-2mdk.i586.rpm
c90db3acf3c5161040510954905a2ab1 7.1/RPMS/mgetty-contrib-1.1.22-2mdk.i586.rpm
1e9af836c99a48f45278f2f45be4c148 7.1/RPMS/mgetty-sendfax-1.1.22-2mdk.i586.rpm
06169b07f2b3d091e011b68a2e9ca20f 7.1/RPMS/mgetty-viewfax-1.1.22-2mdk.i586.rpm
454aa7d8171a9645b4a77fee6d44a97a 7.1/RPMS/mgetty-voice-1.1.22-2mdk.i586.rpm
d1deb85b2deb0be64d48bf8138e06ae3 7.1/SRPMS/mgetty-1.1.22-2mdk.src.rpm
________________________________________________________________________

To upgrade automatically, use « MandrakeUpdate ».

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and uprade with "rpm -Uvh package_name".

You can download the updates directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates

Or try one of the other mirrors listed at:

http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/". Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update, so if you want an immediate upgrade, please use one of the two
above-listed mirrors.


Gert Doering mgetty 1.1.19

Gert Doering mgetty 1.1.20

Gert Doering mgetty 1.1.21


 

Privacy Statement
Copyright 2010, SecurityFocus