Advisories

Mandriva Advisories

Package name	librpcsecgss
Date	September 12th, 2007
Advisory ID	MDKSA-2007:181
Affected versions	2007.0, CS4.0, 2007.1
Synopsis	Updated librpcsecgss packages fix vulnerabilities

Problem Description

A stack buffer overflow vulnerability was discovered in the RPCSEC_GSS
RPC library by Tenable Network Security that could potentially allow
for the execution of arbitrary code.

Updated packages have been patched to prevent these issues.

Updated Packages

Mandriva Linux 2007

 adee4ad65f8a754f8ccc6b4c8045859a  2007.0/i586/librpcsecgss2-0.12-2.1mdv2007.0.i586.rpm
 6667d2fe30b9afa56d545f41d439bab8  2007.0/i586/librpcsecgss2-devel-0.12-2.1mdv2007.0.i586.rpm 
 82dd8353114027f39ea40147fa65d977  2007.0/SRPMS/librpcsecgss-0.12-2.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 aa72629dcbf7b309d1255ba8b4e9c7a8  2007.0/x86_64/lib64rpcsecgss2-0.12-2.1mdv2007.0.x86_64.rpm
 d4e208540e449e43ad3a791134b34085  2007.0/x86_64/lib64rpcsecgss2-devel-0.12-2.1mdv2007.0.x86_64.rpm 
 82dd8353114027f39ea40147fa65d977  2007.0/SRPMS/librpcsecgss-0.12-2.1mdv2007.0.src.rpm

Corporate Server 4.0

 ecd5d4eff04e2e09f7a6850da0b4dff1  corporate/4.0/i586/librpcsecgss0-0.5-1.1.20060mlcs4.i586.rpm
 7d77ed46e5427ce213987cbee409785e  corporate/4.0/i586/librpcsecgss0-devel-0.5-1.1.20060mlcs4.i586.rpm
 3f64577e676dfd9aa09d829fe9de24bd  corporate/4.0/i586/librpcsecgss2-0.12-1.1.20060mlcs4.i586.rpm
 2f5c87cc699941cb1062c00fe19e37a5  corporate/4.0/i586/librpcsecgss2-devel-0.12-1.1.20060mlcs4.i586.rpm 
 33512d4c9c0c349ef5a013e4b9b25332  corporate/4.0/SRPMS/librpcsecgss-0.12-1.1.20060mlcs4.src.rpm
 bd310e2ed1a24a876e8b06617034408f  corporate/4.0/SRPMS/librpcsecgss0-0.5-1.1.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 65df0614cbc92a6135759f984001dc6f  corporate/4.0/x86_64/lib64rpcsecgss0-0.5-1.1.20060mlcs4.x86_64.rpm
 0b37d5b2b99606080577a6e55cd92d49  corporate/4.0/x86_64/lib64rpcsecgss0-devel-0.5-1.1.20060mlcs4.x86_64.rpm
 52c1e1c4cbfe5968e360a7c953bae101  corporate/4.0/x86_64/lib64rpcsecgss2-0.12-1.1.20060mlcs4.x86_64.rpm
 7f324edf9b9eba95453d3f002f3688b7  corporate/4.0/x86_64/lib64rpcsecgss2-devel-0.12-1.1.20060mlcs4.x86_64.rpm 
 33512d4c9c0c349ef5a013e4b9b25332  corporate/4.0/SRPMS/librpcsecgss-0.12-1.1.20060mlcs4.src.rpm
 bd310e2ed1a24a876e8b06617034408f  corporate/4.0/SRPMS/librpcsecgss0-0.5-1.1.20060mlcs4.src.rpm

Mandriva Linux 2007.1

 163c85ca6bcd8fb0255f09ed6dc87d25  2007.1/i586/librpcsecgss3-0.14-1.1mdv2007.1.i586.rpm
 09660ca474ed5fa9264cba9260304271  2007.1/i586/librpcsecgss3-devel-0.14-1.1mdv2007.1.i586.rpm 
 e0a0fe57468e16a68c106a8cab72f826  2007.1/SRPMS/librpcsecgss-0.14-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 8b30c8009536197215abc9c0b5e43ae2  2007.1/x86_64/lib64rpcsecgss3-0.14-1.1mdv2007.1.x86_64.rpm
 4e4d10c2f7eb72948d6baee8f9c0039d  2007.1/x86_64/lib64rpcsecgss3-devel-0.14-1.1mdv2007.1.x86_64.rpm 
 e0a0fe57468e16a68c106a8cab72f826  2007.1/SRPMS/librpcsecgss-0.14-1.1mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer