Advisories
Mandriva Advisories
|
 |
| Problem Description |
A problem exists with the HylaFAX program, hfaxd. When hfaxd tries to
change it's queue directory and fails, it prints an error message via
syslog by directly passing user supplied data as the format string. If
hfaxd is installed setuid root, this behaviour can be exploited to gain
root access locally. Note that Linux-Mandrake does not ship hfaxd
setuid root by default.
| Updated Packages |
Mandrakelinux 7.1
ee6eab1c642154d5322dbd352f52b624 7.1/RPMS/hylafax-4.1-0.10mdk.i586.rpm b73c45f4ee1c4f491fcdedc91ac45030 7.1/RPMS/hylafax-client-4.1-0.10mdk.i586.rpm cfebff780619fe410c20a131d0e8e9b3 7.1/RPMS/hylafax-server-4.1-0.10mdk.i586.rpm d5beb2e46136d5828c1de8048ad8572e 7.1/SRPMS/hylafax-4.1-0.10mdk.src.rpm
Mandrakelinux 7.2
bb5496fcdf2be7c4cf1a235797ef3317 7.2/RPMS/hylafax-4.1-0.9mdk.i586.rpm 12dbc8359e7e7a179d9df0ff763b7b5d 7.2/RPMS/hylafax-client-4.1-0.9mdk.i586.rpm 2a5394dca8c6629179f2182ffae55329 7.2/RPMS/hylafax-server-4.1-0.9mdk.i586.rpm 9aca03bb7cabaf127cf25b5a810c7d92 7.2/SRPMS/hylafax-4.1-0.9mdk.src.rpm
Corporate Server 1.0.1
ee6eab1c642154d5322dbd352f52b624 1.0.1/RPMS/hylafax-4.1-0.10mdk.i586.rpm b73c45f4ee1c4f491fcdedc91ac45030 1.0.1/RPMS/hylafax-client-4.1-0.10mdk.i586.rpm cfebff780619fe410c20a131d0e8e9b3 1.0.1/RPMS/hylafax-server-4.1-0.10mdk.i586.rpm d5beb2e46136d5828c1de8048ad8572e 1.0.1/SRPMS/hylafax-4.1-0.10mdk.src.rpm
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.