-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:170 http://www.mandriva.com/security/ _______________________________________________________________________ Package : initscripts Date : July 28, 2009 Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Mandriva Security team has identified and fixed a vulnerability in initscripts which could lead to partial wireless password disclosure for WPA/WPA2 passwords of certain length which contained spaces. This update fixes the vulnerability. _______________________________________________________________________ References: https://qa.mandriva.com/52149 https://qa.mandriva.com/51606 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: c2f82185b6a1b451e8d0a469224d8c5a 2008.1/i586/initscripts-8.63-9.4mdv2008.1.i586.rpm 64f2ca707c0e6635cababcd7263d4abb 2008.1/SRPMS/initscripts-8.63-9.4mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: fb044db8aee555c5e165e4c3ca608433 2008.1/x86_64/initscripts-8.63-9.4mdv2008.1.x86_64.rpm 64f2ca707c0e6635cababcd7263d4abb 2008.1/SRPMS/initscripts-8.63-9.4mdv2008.1.src.rpm Mandriva Linux 2009.0: 547725f36363ffcfcc8c0389f2aeb298 2009.0/i586/debugmode-8.81-10.2mdv2009.0.i586.rpm 4779e320e3a1a345d926106de5135552 2009.0/i586/initscripts-8.81-10.2mdv2009.0.i586.rpm 5a0edc132358a4a0e1627edc64a2b734 2009.0/SRPMS/initscripts-8.81-10.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 73c516af3830e70547cc15d69d2fbcd2 2009.0/x86_64/debugmode-8.81-10.2mdv2009.0.x86_64.rpm 7ecbe026d44e11ebfab474ea6941edd1 2009.0/x86_64/initscripts-8.81-10.2mdv2009.0.x86_64.rpm 5a0edc132358a4a0e1627edc64a2b734 2009.0/SRPMS/initscripts-8.81-10.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 6a202f378cfdd5bca9bf3fefcd28f884 2009.1/i586/debugmode-8.88-23.2mdv2009.1.i586.rpm e21426bd4d5b4f2b8aa4b29b445ec0f3 2009.1/i586/initscripts-8.88-23.2mdv2009.1.i586.rpm 8e00b02e0fea6bb32370ab25f6add0dd 2009.1/SRPMS/initscripts-8.88-23.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 14a7c9ca90043ec2989f3f9dd01f5ed7 2009.1/x86_64/debugmode-8.88-23.2mdv2009.1.x86_64.rpm 1f9acc735be39aa8bc937087c39808bd 2009.1/x86_64/initscripts-8.88-23.2mdv2009.1.x86_64.rpm 8e00b02e0fea6bb32370ab25f6add0dd 2009.1/SRPMS/initscripts-8.88-23.2mdv2009.1.src.rpm Mandriva Enterprise Server 5: bd9082dc2f1bf9f4ec7d376f946b1ccd mes5/i586/debugmode-8.81-10.2mdvmes5.i586.rpm 23bdff614d8f7cc132f3dcbba2c7df45 mes5/i586/initscripts-8.81-10.2mdvmes5.i586.rpm 7458437fd85bd4fd0f7e9e67e1289883 mes5/SRPMS/initscripts-8.81-10.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 95d8a219c11a9d357360e9ad6906ad41 mes5/x86_64/debugmode-8.81-10.2mdvmes5.x86_64.rpm 155bc9d037dbdaca8286b179ac03664b mes5/x86_64/initscripts-8.81-10.2mdvmes5.x86_64.rpm 7458437fd85bd4fd0f7e9e67e1289883 mes5/SRPMS/initscripts-8.81-10.2mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKb1pYmqjQ0CJFipgRAhT3AKDuxg88YO9tgrdu/NfViMinrNLlbgCfUciW FZYSM6wOroGiquvGehX8TW8= =7/zd -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/