Advisories

Mandriva Advisories

Package name	mm
Date	July 29th, 2002
Advisory ID	MDKSA-2002:045
Affected versions	7.1, 7.2, 8.0, 8.1, 8.2, CS1.0
Synopsis	Updated mm packages fix temporary file vulnerability

Problem Description

Marcus Meissner and Sebastian Krahmer discovered a temporary file
vulnerability in the mm library which is used by the Apache webserver.
This vulnerability can be exploited to obtain root privilege if shell
access to the apache user (typically apache or nobody) is already
obtained.

Updated Packages

Mandrakelinux 7.1

 62b13ff78b3833e50f72abccb2429fac  7.1/RPMS/mm-1.1.3-8.5mdk.i586.rpm
8a0d4a174eebc6085d086942b3778bbb  7.1/RPMS/mm-devel-1.1.3-8.5mdk.i586.rpm
26309a4bc3f1a0e0a44bec5539304526  7.1/SRPMS/mm-1.1.3-8.5mdk.src.rpm

Mandrakelinux 7.2

 fc94498dbf2e752641dd99f0d610d636  7.2/RPMS/mm-1.1.3-8.5mdk.i586.rpm
34d20dc3f5a54c86c0729071a840db28  7.2/RPMS/mm-devel-1.1.3-8.5mdk.i586.rpm
26309a4bc3f1a0e0a44bec5539304526  7.2/SRPMS/mm-1.1.3-8.5mdk.src.rpm

Mandrakelinux 8.0

 acb064422020b12d9f6b1e1a575ef682  8.0/RPMS/mm-1.1.3-8.4mdk.i586.rpm
041a16d9bcef8cf1571bbc61a4acaca0  8.0/RPMS/mm-devel-1.1.3-8.4mdk.i586.rpm
9167f497263cf73c5a6c89cab6ea72fe  8.0/SRPMS/mm-1.1.3-8.4mdk.src.rpm

Mandrakelinux 8.0/PPC

 5886c3bb2356fc34590bf8e40de34b4e  ppc/8.0/RPMS/mm-1.1.3-8.4mdk.ppc.rpm
340806021b61740ea003cdaf97ee0ec5  ppc/8.0/RPMS/mm-devel-1.1.3-8.4mdk.ppc.rpm
9167f497263cf73c5a6c89cab6ea72fe  ppc/8.0/SRPMS/mm-1.1.3-8.4mdk.src.rpm

Mandrakelinux 8.1

 ff01e9f0f97c41d8ec4a4796f2bf6e8c  8.1/RPMS/libmm1-1.1.3-9.1mdk.i586.rpm
93b5d15efec1a935a94c2a620c615fe6  8.1/RPMS/libmm1-devel-1.1.3-9.1mdk.i586.rpm
ae9d7b0124599bef5da0cfce5db25900  8.1/SRPMS/mm-1.1.3-9.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 e024e443258b106f03215bede515af4f  ia64/8.1/RPMS/libmm1-1.1.3-9.1mdk.ia64.rpm
b304449e2d81cc2532c9171cbcca16e0  ia64/8.1/RPMS/libmm1-devel-1.1.3-9.1mdk.ia64.rpm
ae9d7b0124599bef5da0cfce5db25900  ia64/8.1/SRPMS/mm-1.1.3-9.1mdk.src.rpm

Mandrakelinux 8.2

 7f8d2cf57c58991969cf0b8212032224  8.2/RPMS/libmm1-1.1.3-9.1mdk.i586.rpm
1d188e9c3fae7df3b2cc61da7f4a6e97  8.2/RPMS/libmm1-devel-1.1.3-9.1mdk.i586.rpm
ae9d7b0124599bef5da0cfce5db25900  8.2/SRPMS/mm-1.1.3-9.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 2432489462da328723bff7880f3db2b1  ppc/8.2/RPMS/libmm1-1.1.3-9.1mdk.ppc.rpm
45794ba6cf77dcd62b374a724df5bc62  ppc/8.2/RPMS/libmm1-devel-1.1.3-9.1mdk.ppc.rpm
ae9d7b0124599bef5da0cfce5db25900  ppc/8.2/SRPMS/mm-1.1.3-9.1mdk.src.rpm

Corporate Server 1.0.1

 62b13ff78b3833e50f72abccb2429fac  1.0.1/RPMS/mm-1.1.3-8.5mdk.i586.rpm
8a0d4a174eebc6085d086942b3778bbb  1.0.1/RPMS/mm-devel-1.1.3-8.5mdk.i586.rpm
26309a4bc3f1a0e0a44bec5539304526  1.0.1/SRPMS/mm-1.1.3-8.5mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer