SGI XFSDump Quotas File Symbolic Link Vulnerability

SGI XFSDump Quotas File Symbolic Link Vulnerability

Solution:
Debian has released a security advisory (DSA 283-1) containing fixes which address this issue.

Mandrake has released a security advisory (MDKSA-2003:047) which contains fixes for this issue. Users are advised to upgrade as soon as possible.

SGI has released advisory 20030404-01-P, and made fixes available to address this issue:

xfsdump xfsdump 2.0

Mandrake xfsdump-2.0.0-2.1mdk.i586.rpm
Mandrake Linux 8.2
http://www.mandrakesecure.net/en/ftp.php

Mandrake xfsdump-2.0.0-2.1mdk.ppc.rpm
Mandrake Linux 8.2/PPC
http://www.mandrakesecure.net/en/ftp.php

xfsdump xfsdump 2.0.1

Debian xfsdump_2.0.1-2_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _alpha.deb

Debian xfsdump_2.0.1-2_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _arm.deb

Debian xfsdump_2.0.1-2_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _hppa.deb

Debian xfsdump_2.0.1-2_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _i386.deb

Debian xfsdump_2.0.1-2_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _ia64.deb

Debian xfsdump_2.0.1-2_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _m68k.deb

Debian xfsdump_2.0.1-2_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _mips.deb

Debian xfsdump_2.0.1-2_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _mipsel.deb

Debian xfsdump_2.0.1-2_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _powerpc.deb

Debian xfsdump_2.0.1-2_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _s390.deb

Debian xfsdump_2.0.1-2_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2 _sparc.deb

xfsdump xfsdump 2.0.3

Mandrake xfsdump-2.0.3-1.1mdk.i586.rpm
Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake xfsdump-2.0.3-1.1mdk.i586.rpm
Mandrake Linux 9.0
http://www.mandrakesecure.net/en/ftp.php

xfsdump xfsdump 2.0.5

Mandrake libdm0-2.0.5-1.2mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libdm0-2.0.5-1.2mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake libdm0-devel-2.0.5-1.2mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake libdm0-devel-2.0.5-1.2mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mandrake xfsdump-2.0.3-1.1mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake xfsdump-2.0.3-1.1mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

SGI IRIX 6.5 .19f

SGI patch5060.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.16/patch5060.t ar

SGI IRIX 6.5 .19m

SGI patch5059.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.16/patch5059.t ar

SGI IRIX 6.5.16 f

SGI patch5060.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.16/patch5060.t ar

SGI IRIX 6.5.16 m

SGI patch5059.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.16/patch5059.t ar

SGI IRIX 6.5.17 m

SGI patch5059.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.16/patch5059.t ar

SGI IRIX 6.5.17 f

SGI patch5060.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.16/patch5060.t ar

SGI IRIX 6.5.18 m

SGI patch5059.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.16/patch5059.t ar

SGI IRIX 6.5.18 f

SGI patch5060.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.16/patch5060.t ar