Advisories
Mandriva Advisories
|
 |
| Problem Description |
All versions of exmh prior to 2.3.1 use the /tmp directory for storing
temporary files. This was done in an insecure manner as exmh did not
check to ensure that nobody placed a symlink with the same name in /tmp
in the meantime and thus was vulnerable to a symlink attack. This
could lead to a malicious local user being able to overwrite any file
writable by the user executing exmh. These updated versions of exmh
now use /tmp/username unless TMPDIR or EXMHTMPDIR is set.
| Updated Packages |
Mandrakelinux 6.0
df41f52609427ea68a23cabec9e5ecdf 6.0/RPMS/exmh-2.0.2-8.1mdk.noarch.rpm 8a2a479d1ed9a982e97745d62cd22a31 6.0/SRPMS/exmh-2.0.2-8.1mdk.src.rpm
Mandrakelinux 6.1
2d5601696033fb25e51712f2d510467f 6.1/RPMS/exmh-2.0.3-8.1mdk.noarch.rpm 92ca9c194cc6114f75ba33041a425330 6.1/SRPMS/exmh-2.0.3-8.1mdk.src.rpm
Mandrakelinux 7.0
236ee27fb0498b1cc3c696d5d81c321f 7.0/RPMS/exmh-2.1.1-5.1mdk.noarch.rpm 58d6b7a0c0c95005c5f5d924d5edab19 7.0/SRPMS/exmh-2.1.1-5.1mdk.src.rpm
Mandrakelinux 7.1
a34c9cc91e5a5b365c7cdfe4565a29fd 7.1/RPMS/exmh-2.1.1-5.1mdk.noarch.rpm 58d6b7a0c0c95005c5f5d924d5edab19 7.1/SRPMS/exmh-2.1.1-5.1mdk.src.rpm
Mandrakelinux 7.2
efdd5d3fecc72805d1099693a6dfc7cb 7.2/RPMS/exmh-2.2-4.1mdk.noarch.rpm 1ac6b56522683d758aeda0e2c14fb7b6 7.2/SRPMS/exmh-2.2-4.1mdk.src.rpm
Corporate Server 1.0.1
a34c9cc91e5a5b365c7cdfe4565a29fd 1.0.1/RPMS/exmh-2.1.1-5.1mdk.noarch.rpm 58d6b7a0c0c95005c5f5d924d5edab19 1.0.1/SRPMS/exmh-2.1.1-5.1mdk.src.rpm
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.