Home > Security > Advisories

Advisories

Mandriva Advisories

Package name vixie-cron
Date May 10th, 2001
Advisory ID MDKSA-2001:050
Affected versions 7.1, 7.2, 8.0, CS1.0
Synopsis Updated vixie-cron packages fix local root vulnerability

Problem Description

A recent security fix to cron introduced a new problem with giving up
privileges before invoking the editor. A malicious local user could
exploit this to gain root acces.

Updated Packages

Mandrakelinux 7.1

 53b4beefcd4582e0dfe885c82f1221e9  7.1/RPMS/vixie-cron-3.0.1-46.4mdk.i586.rpm
51e96cbcfc44216eb099f514b2a01eff  7.1/SRPMS/vixie-cron-3.0.1-46.4mdk.src.rpm

Mandrakelinux 7.2

 ad448a558a7466c08ac90a7c8de15e5d  7.2/RPMS/vixie-cron-3.0.1-46.3mdk.i586.rpm
2454ea0ed26c3b1dfb1335c522fe8c40  7.2/SRPMS/vixie-cron-3.0.1-46.3mdk.src.rpm

Mandrakelinux 8.0

 c464b6c019defb09c8749800f3ecef79  8.0/RPMS/vixie-cron-3.0.1-51.1mdk.i586.rpm
f5fb6b648d1d87578c9cd7e44ec909ea  8.0/SRPMS/vixie-cron-3.0.1-51.1mdk.src.rpm

Corporate Server 1.0.1

 53b4beefcd4582e0dfe885c82f1221e9  1.0.1/RPMS/vixie-cron-3.0.1-46.4mdk.i586.rpm
51e96cbcfc44216eb099f514b2a01eff  1.0.1/SRPMS/vixie-cron-3.0.1-46.4mdk.src.rpm

References

http://www.securityfocus.com/frames/?content=/vdb/bottom.html?vid=2687

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.