Advisories
Mandriva Advisories
|
 |
| Problem Description |
A vulnerability in the rcp protocol was discovered that allows a server
to instruct a client to write arbitrary files outside of the current
directory, which could potentially be a security concern if a user used
rcp to copy files from a malicious server.
The updated packages have been patched to correct this problem.
| Updated Packages |
Mandrakelinux 10.0
5e6f513e437cc9a5a619f323509ca58a 10.0/RPMS/rsh-0.17-13.1.100mdk.i586.rpm aec49c478c37577b6fd795bd9bb4ba67 10.0/RPMS/rsh-server-0.17-13.1.100mdk.i586.rpm 259dcd458b33d1de12d172e876366165 10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
fd2d00b91971f0b137696c0ca256b94a amd64/10.0/RPMS/rsh-0.17-13.1.100mdk.amd64.rpm 81fffa62d628599cee1f7b590ae4c38e amd64/10.0/RPMS/rsh-server-0.17-13.1.100mdk.amd64.rpm 259dcd458b33d1de12d172e876366165 amd64/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm
Mandrakelinux 10.1
de740985b0e213128f8639e3af831b5e 10.1/RPMS/rsh-0.17-13.1.101mdk.i586.rpm ff6873ae461a9a12e6a2aeee30a80aa0 10.1/RPMS/rsh-server-0.17-13.1.101mdk.i586.rpm 2a5d801cdedfa0b0b588d340b79c9473 10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
716ae1dc777924d462d9c502238bda9e x86_64/10.1/RPMS/rsh-0.17-13.1.101mdk.x86_64.rpm 23ea2409d82a32918e5e132d8e1fff90 x86_64/10.1/RPMS/rsh-server-0.17-13.1.101mdk.x86_64.rpm 2a5d801cdedfa0b0b588d340b79c9473 x86_64/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm
Corporate Server 2.1
a63459af04b29923eff1606742eb9ce4 corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.i586.rpm b655300455ec6bd0fb8c782cfbcbe281 corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.i586.rpm c828642735f509a405e4582b9f6f3a29 corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64
14219e4f9ada6336f7b26a86881942e2 x86_64/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.x86_64.rpm c32ccf5751017c29817fdd485c489f4b x86_64/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.x86_64.rpm c828642735f509a405e4582b9f6f3a29 x86_64/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm
Corporate Server 3.0
b20aa1eb70c7bfc006c0c946601c9596 corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.i586.rpm 7ae577ac25ff29385f99516abd79baaf corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.i586.rpm c6fac5847bb6c80b8c92a22750d1c438 corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
37a7576122ea4001257e11d034100c28 x86_64/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.x86_64.rpm f7e9c14163f5a56b29fc2b17ae172bfb x86_64/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.x86_64.rpm c6fac5847bb6c80b8c92a22750d1c438 x86_64/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm
Mandriva Linux LE2005
381a2b0e1418a14b618030f27ac445ea 10.2/RPMS/rsh-0.17-13.1.102mdk.i586.rpm d750e7ffcf28e7530e19a294ca9d6bc7 10.2/RPMS/rsh-server-0.17-13.1.102mdk.i586.rpm 1b576319abe603cfaa12d8ee3e314b0d 10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
7d9fd388f7fefa1e454b9d938befcfdc x86_64/10.2/RPMS/rsh-0.17-13.1.102mdk.x86_64.rpm decb83a56d54b9d6310f4e1f2aefe555 x86_64/10.2/RPMS/rsh-server-0.17-13.1.102mdk.x86_64.rpm 1b576319abe603cfaa12d8ee3e314b0d x86_64/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.