===================================================================== CERT-Renater Note d'Information No. 2005/VULN357 _____________________________________________________________________ DATE : 08/06/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running a2ps. ====================================================================== _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: a2ps Advisory ID: MDKSA-2005:097 Date: June 7th, 2005 Affected versions: 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: The fixps and psmandup scripts, part of the a2ps package, are vulnerable to symlink attacks which could allow a local attacker to overwrite arbitrary files. The updated packages have been patched to correct the problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1377 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: 938d5b703cbeb762efd5619880208497 10.1/RPMS/a2ps-4.13b-5.2.101mdk.i586.rpm e0e7a61ec86b0af969cbe60008e6830f 10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.i586.rpm fce5b28393e1c8da6e0ea1ebdb1a2de6 10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.i586.rpm 05f8fdc46bded4e920c709a781c98550 10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm Mandrakelinux 10.1/X86_64: fc1fd3817e4f41ea41758a3ac53e86cd x86_64/10.1/RPMS/a2ps-4.13b-5.2.101mdk.x86_64.rpm 84541cd7d841c64ceccb89f2a413d450 x86_64/10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.x86_64.rpm acf595ef3b6f3d2a79204feec3e34208 x86_64/10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.x86_64.rpm 05f8fdc46bded4e920c709a781c98550 x86_64/10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm Mandrakelinux 10.2: 47722386507aa7fb8c4ddbbbbcc4a20c 10.2/RPMS/a2ps-4.13b-6.1.102mdk.i586.rpm 190e48d0b4143ac0ad911482e0b0151f 10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.i586.rpm 4d3d6cbd4ad35999c9bff1f61f890778 10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.i586.rpm 52a665ac72fec5e99b3e1412e6470063 10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 37135cc64ba189c769851ba678532576 x86_64/10.2/RPMS/a2ps-4.13b-6.1.102mdk.x86_64.rpm 6f4cbd5624aac20e99703072131538c7 x86_64/10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.x86_64.rpm 4314538dcbb211c28f32abc64d9e3de8 x86_64/10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.x86_64.rpm 52a665ac72fec5e99b3e1412e6470063 x86_64/10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm Corporate Server 2.1: 65a7ea65f589533d0aca00a6a37760ff corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.i586.rpm 45c465fc3e2165e6681cccda909fb91f corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.i586.rpm 273f20da1e895043ee719b964b7d2b55 corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.i586.rpm 58e6bdd04f757728aa63089f8b4249ac corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm Corporate Server 2.1/X86_64: d5cc8c0304f537acd89c575c7124a6c0 x86_64/corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.x86_64.rpm ee85486832fbdf9873c3acfa8b73bafe x86_64/corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.x86_64.rpm 84c3ca054e874346bc55daeb5fea0f9f x86_64/corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.x86_64.rpm 58e6bdd04f757728aa63089f8b4249ac x86_64/corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm Corporate 3.0: 859d494306ae1dca81186e2fe99b9a96 corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.i586.rpm 9bd2c39d7495f18412fcd0a1412f1169 corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.i586.rpm 68be9c1420f80da9047bf2c7f41e861c corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.i586.rpm daba71e7aa523a71040a54e841bf9300 corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm Corporate 3.0/X86_64: 3d2e4b184d3ff5f19d5ce48762b25c41 x86_64/corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.x86_64.rpm 7edb5fa8542f0a8216e2670a668aaf04 x86_64/corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.x86_64.rpm aebaa6e7473f6fa84bd973df34ef3b96 x86_64/corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.x86_64.rpm daba71e7aa523a71040a54e841bf9300 x86_64/corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================