Home > Security > Advisories


Mandriva Advisories

Package name Mesa
Date March 13th, 2001
Advisory ID MDKSA-2001:029
Affected versions 7.2
Synopsis Updated Mesa packages fix temporary file vulnerability

Problem Description

Ben Collins identified a temporary file race in the Utah-glx component
of the Mesa package which affects Linux-Mandrake 7.2. The
/tmp/glxmemory file is created by Utah-glx and because it is not
created securely could be used in a symlink attack which allows files
to be overwritten the next time the X server is started.

Updated Packages

Mandrakelinux 7.2

 d75f85f30af6c8fb57938b76323067ce  7.2/RPMS/Mesa-3.3-14.1mdk.i586.rpm
1a8bddaf0f26c5d1caa5c3af44d1c108  7.2/RPMS/Mesa-common-3.3-14.1mdk.i586.rpm
ffd886a66f866faaf9ae0b7402644cde  7.2/RPMS/Mesa-common-devel-3.3-14.1mdk.i586.rpm
c9f32276cd54d8772c31afba619bf856  7.2/RPMS/Mesa-demos-3.3-14.1mdk.i586.rpm
593a5bb2a4d51460727f3affb0a78fdd  7.2/SRPMS/Mesa-3.3-14.1mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.