what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-198

Mandriva Linux Security Advisory 2008-198
Posted Sep 16, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A symlink vulnerability was found in the javareconf script in R that allows local users to overwrite arbitrary files. The updated packages have been patched to prevent this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2008-3931
SHA-256 | b99d99c5158b1d3ecb006714bbc150f0f8ab552425f2bd64778e1edb59aea90e

Mandriva Linux Security Advisory 2008-198

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:198
http://www.mandriva.com/security/
_______________________________________________________________________

Package : R-base
Date : September 16, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

A symlink vulnerability was found in the javareconf script in R that
allows local users to overwrite arbitrary files (CVE-2008-3931).

The updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3931
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
9a5c7a09fdf572a74368fae673d6b3b4 2008.0/i586/libRmath-2.5.1-3.1mdv2008.0.i586.rpm
6aac2b83064741ec5301191ef28cf01c 2008.0/i586/libRmath-devel-2.5.1-3.1mdv2008.0.i586.rpm
e2c37f14844baf407ab485899b5d25a5 2008.0/i586/R-base-2.5.1-3.1mdv2008.0.i586.rpm
55f08e70cb31f63c32656229496f2cc1 2008.0/SRPMS/R-base-2.5.1-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
c10af1c79d4a77e0c7b67d197f9d736a 2008.0/x86_64/lib64Rmath-2.5.1-3.1mdv2008.0.x86_64.rpm
55b8c74659a75c8ac1b852b1f8498dc0 2008.0/x86_64/lib64Rmath-devel-2.5.1-3.1mdv2008.0.x86_64.rpm
f93dd60a5b8acf5c3a55a4a853189528 2008.0/x86_64/R-base-2.5.1-3.1mdv2008.0.x86_64.rpm
55f08e70cb31f63c32656229496f2cc1 2008.0/SRPMS/R-base-2.5.1-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
993a6ceac7d4449223227c50fb0ac909 2008.1/i586/libRmath-2.6.2-3.1mdv2008.1.i586.rpm
fffeba26637c011fd5420782e0aca56e 2008.1/i586/libRmath-devel-2.6.2-3.1mdv2008.1.i586.rpm
b789a632e3a37d569e755c68d7d1ebda 2008.1/i586/R-base-2.6.2-3.1mdv2008.1.i586.rpm
53700724d57ca220a20b05bcf17a69bd 2008.1/SRPMS/R-base-2.6.2-3.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
f90761c90c971f97c796c79915722f98 2008.1/x86_64/lib64Rmath-2.6.2-3.1mdv2008.1.x86_64.rpm
164bc6c3961beb489332816d29636401 2008.1/x86_64/lib64Rmath-devel-2.6.2-3.1mdv2008.1.x86_64.rpm
366aa15f8337066a823556df0795d2aa 2008.1/x86_64/R-base-2.6.2-3.1mdv2008.1.x86_64.rpm
53700724d57ca220a20b05bcf17a69bd 2008.1/SRPMS/R-base-2.6.2-3.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIz/EhmqjQ0CJFipgRApZOAKDEoB/292czLvJX1KRZhgxf3UlFfQCfZVs/
f8CWLXJNq6Lu5XQTGMegkGI=
=PKS3
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close