Advisories
Mandriva Advisories
|
 |
| Problem Description |
The cdrdao package contains two vulnerabilities; the first allows local
users to read arbitrary files via the show-data command and the second
allows local users to overwrite arbitrary files via a symlink attack on
the ~/.cdrdao configuration file. This can also lead to elevated
privileges (a root shell) due to cdrdao being installed suid root.
The provided packages have been patched to correct these issues.
| Updated Packages |
Mandrakelinux 10.0
1b7ae1dad185d083ed25987ccce21ad0 10.0/RPMS/cdrdao-1.1.8-2.2.100mdk.i586.rpm 87a92365c35931b3023188da4089c482 10.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.100mdk.i586.rpm 0fd4754121b926a84fae47bf1e4c6133 10.0/SRPMS/cdrdao-1.1.8-2.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
cea5f48ae2bcc67e161da98e41b55134 amd64/10.0/RPMS/cdrdao-1.1.8-2.2.100mdk.amd64.rpm c8b85327b50ebb68e3fab34476b1b3cb amd64/10.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.100mdk.amd64.rpm 0fd4754121b926a84fae47bf1e4c6133 amd64/10.0/SRPMS/cdrdao-1.1.8-2.2.100mdk.src.rpm
Mandrakelinux 10.1
61ab4f7af380c2b46acac4dcfa1f893a 10.1/RPMS/cdrdao-1.1.9-6.1.101mdk.i586.rpm 9c8463a1c170c1b189e0dd9a68be07d9 10.1/RPMS/cdrdao-gcdmaster-1.1.9-6.1.101mdk.i586.rpm 050a81b90551f9ef454904e55a160a9d 10.1/SRPMS/cdrdao-1.1.9-6.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
a2424f9595ddcb10aca667a35523ae20 x86_64/10.1/RPMS/cdrdao-1.1.9-6.1.101mdk.x86_64.rpm ce08ea93c55311d7585dcf72d62add3a x86_64/10.1/RPMS/cdrdao-gcdmaster-1.1.9-6.1.101mdk.x86_64.rpm 050a81b90551f9ef454904e55a160a9d x86_64/10.1/SRPMS/cdrdao-1.1.9-6.1.101mdk.src.rpm
Corporate Server 3.0
406191468856946e82d195204855a05f corporate/3.0/RPMS/cdrdao-1.1.8-2.2.C30mdk.i586.rpm 768b911c0d220197ad43f351b91e1c9c corporate/3.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.C30mdk.i586.rpm 70d8a7e69f725875da71507ebc7c2447 corporate/3.0/SRPMS/cdrdao-1.1.8-2.2.C30mdk.src.rpm
Corporate Server 3.0/X86_64
e97c0cd16db006ebc56e7b339c4eccc9 x86_64/corporate/3.0/RPMS/cdrdao-1.1.8-2.2.C30mdk.x86_64.rpm e1f6f75a51182be5155dc204abbbf188 x86_64/corporate/3.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.C30mdk.x86_64.rpm 70d8a7e69f725875da71507ebc7c2447 x86_64/corporate/3.0/SRPMS/cdrdao-1.1.8-2.2.C30mdk.src.rpm
Mandriva Linux LE2005
b073077b108528d1ceed5681acf46f8c 10.2/RPMS/cdrdao-1.1.9-7.1.102mdk.i586.rpm 0077a3948564abc01ab2dc935268b443 10.2/RPMS/cdrdao-gcdmaster-1.1.9-7.1.102mdk.i586.rpm cb1265c4a12964fa5fbf42a7fb2361df 10.2/SRPMS/cdrdao-1.1.9-7.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
0f3eeec0e097087dd4b15dc89ccea21f x86_64/10.2/RPMS/cdrdao-1.1.9-7.1.102mdk.x86_64.rpm c573c4ff16b3b0c9bf68467d5cfc347b x86_64/10.2/RPMS/cdrdao-gcdmaster-1.1.9-7.1.102mdk.x86_64.rpm cb1265c4a12964fa5fbf42a7fb2361df x86_64/10.2/SRPMS/cdrdao-1.1.9-7.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0138
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.