Advisories
Mandriva Advisories
|
 |
| Problem Description |
The ispell program uses mktemp() to open temporary files. This makes
it vulnerable to symlink attacks. The program now has a patch from
OpenBSD applied that uses mkstemp() instead, and switches gets() to
fgets() for dealing with user input.
| Updated Packages |
Mandrakelinux 7.1
7e0259681eecfea26914f2177aed1622 7.1/RPMS/ispell-3.1.20-10.1mdk.i586.rpm 0c4404521d7490e5c30651d25bf47a96 7.1/RPMS/ispell-de-3.1.20-10.1mdk.i586.rpm 27d507aabb0a76fba7d46359d5490e9e 7.1/RPMS/ispell-en-3.1.20-10.1mdk.i586.rpm 2ecc2af3a167bef1f49180fa8a1cac60 7.1/SRPMS/ispell-3.1.20-10.1mdk.src.rpm
Mandrakelinux 7.2
3e234ec53b20accf87784622b43aa5df 7.2/RPMS/ispell-3.1.20-13.1mdk.i586.rpm 3f3fe8ec98b34a78c0488c9eefd1f434 7.2/RPMS/ispell-en-3.1.20-13.1mdk.i586.rpm 27131000e3ece80247ecd4d4ac7768c5 7.2/SRPMS/ispell-3.1.20-13.1mdk.src.rpm
Mandrakelinux 8.0
dea62fd582831557c0c5bb860e1fdaee 8.0/RPMS/ispell-3.1.20-15.1mdk.i586.rpm 145b269dd5d9b678732f370e99f5b92f 8.0/RPMS/ispell-en-3.1.20-15.1mdk.i586.rpm a6bf8ad149902347b5a7703474e02def 8.0/SRPMS/ispell-3.1.20-15.1mdk.src.rpm
Corporate Server 1.0.1
7e0259681eecfea26914f2177aed1622 1.0.1/RPMS/ispell-3.1.20-10.1mdk.i586.rpm 0c4404521d7490e5c30651d25bf47a96 1.0.1/RPMS/ispell-de-3.1.20-10.1mdk.i586.rpm 27d507aabb0a76fba7d46359d5490e9e 1.0.1/RPMS/ispell-en-3.1.20-10.1mdk.i586.rpm 2ecc2af3a167bef1f49180fa8a1cac60 1.0.1/SRPMS/ispell-3.1.20-10.1mdk.src.rpm
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.