Ben Collins identified a temporary file race in the Utah-glx component
of the Mesa package which affects Linux-Mandrake 7.2. The
/tmp/glxmemory file is created by Utah-glx and because it is not
created securely could be used in a symlink attack which allows files
to be overwritten the next time the X server is started.
d75f85f30af6c8fb57938b76323067ce 7.2/RPMS/Mesa-3.3-14.1mdk.i586.rpm 1a8bddaf0f26c5d1caa5c3af44d1c108 7.2/RPMS/Mesa-common-3.3-14.1mdk.i586.rpm ffd886a66f866faaf9ae0b7402644cde 7.2/RPMS/Mesa-common-devel-3.3-14.1mdk.i586.rpm c9f32276cd54d8772c31afba619bf856 7.2/RPMS/Mesa-demos-3.3-14.1mdk.i586.rpm 593a5bb2a4d51460727f3affb0a78fdd 7.2/SRPMS/Mesa-3.3-14.1mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.