OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Security Announce] MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability.

From: Mandriva Security Team (securitymandriva.com)
Date: Fri Oct 21 2005 - 01:20:58 CDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name: graphviz
 Advisory ID: MDKSA-2005:188
 Date: October 20th, 2005

 Affected versions: 10.2, 2006.0
 ______________________________________________________________________

 Problem Description:

 Javier Fernández-Sanguino Peña discovered insecure temporary file
 creation in graphviz, a rich set of graph drawing tools, that can be
 exploited to overwrite arbitrary files by a local attacker.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2965
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.2:
 9d0b8399200df96484fd7468a008b76b 10.2/RPMS/graphviz-2.2-3.1.102mdk.i586.rpm
 619146bf760e72b75edfc4574fdc4e46 10.2/RPMS/libgraphviz7-2.2-3.1.102mdk.i586.rpm
 a7be06004d84c8cd9c12e5116ebd4b7c 10.2/RPMS/libgraphviz7-devel-2.2-3.1.102mdk.i586.rpm
 b84a713fefe4b4a9034fb83d0ce7317d 10.2/RPMS/libgraphviztcl7-2.2-3.1.102mdk.i586.rpm
 68b886a29dc2d462f9f244bbac5579db 10.2/RPMS/libgraphviztcl7-devel-2.2-3.1.102mdk.i586.rpm
 aeb17f5e10328aab9ad91bf0b8cad36e 10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 b9a03ec322f71cdf568cbf34921b2788 x86_64/10.2/RPMS/graphviz-2.2-3.1.102mdk.x86_64.rpm
 247106d295206c27fefd346c055552cd x86_64/10.2/RPMS/lib64graphviz7-2.2-3.1.102mdk.x86_64.rpm
 2c804f5c76a2644f3446c81acdac7aac x86_64/10.2/RPMS/lib64graphviz7-devel-2.2-3.1.102mdk.x86_64.rpm
 9d9e27f634afaed1a66d581d578898e9 x86_64/10.2/RPMS/lib64graphviztcl7-2.2-3.1.102mdk.x86_64.rpm
 a5eab811ca6f0dd579932e441452a130 x86_64/10.2/RPMS/lib64graphviztcl7-devel-2.2-3.1.102mdk.x86_64.rpm
 aeb17f5e10328aab9ad91bf0b8cad36e x86_64/10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

 Mandrivalinux 2006.0:
 caebfdb43cbd357c8abc549160613983 2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.i586.rpm
 bf374b0bc329f4dc68b34b9fe3b5fd3e 2006.0/RPMS/libgraphviz7-2.2.1-3.1.20060mdk.i586.rpm
 d7284cdc65c9f5339d14be05ae1b2136 2006.0/RPMS/libgraphviz7-devel-2.2.1-3.1.20060mdk.i586.rpm
 926fa5fdcd6e919205ef50433ecf39a0 2006.0/RPMS/libgraphviztcl7-2.2.1-3.1.20060mdk.i586.rpm
 1bd24268a3d2735b47c2492bb21f63bc 2006.0/RPMS/libgraphviztcl7-devel-2.2.1-3.1.20060mdk.i586.rpm
 526f759a2f2ebbbbc29207c0b8e579ed 2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 5a015d5e8932b6fa63a5b13eaf285d60 x86_64/2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.x86_64.rpm
 3a8a76af72aaa2350f71250e9a3d8bb0 x86_64/2006.0/RPMS/lib64graphviz7-2.2.1-3.1.20060mdk.x86_64.rpm
 73cae708e93dbdd454f8c944f3242f19 x86_64/2006.0/RPMS/lib64graphviz7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
 7f59d48923080c9f81af0041c2d5a8a4 x86_64/2006.0/RPMS/lib64graphviztcl7-2.2.1-3.1.20060mdk.x86_64.rpm
 7e582a89f65b33bf55a28200cef0d51e x86_64/2006.0/RPMS/lib64graphviztcl7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
 526f759a2f2ebbbbc29207c0b8e579ed x86_64/2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi. The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFDWIjKmqjQ0CJFipgRAjCgAKDQM6cllVNyPXlVxTD7mgBbkW3giQCY75xo
697WJt3QgPdKwmfLQnIaew==
=mwcy
-----END PGP SIGNATURE-----

------------=_1129877638-31950-23
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympamandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1129877638-31950-23--