-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:024 http://www.mandriva.com/security/ _______________________________________________________________________ Package : coreutils Date : January 23, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability were discovered and corrected in coreutils: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp (CVE-2009-4135). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4135 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: bbc5a0b5bfae7d1da7b497b40082dcc6 2008.0/i586/coreutils-6.9-5.1mdv2008.0.i586.rpm 4b41bae490d2c668412e6ab78676074e 2008.0/i586/coreutils-doc-6.9-5.1mdv2008.0.i586.rpm ceec0934e3ebe1816d55667c507008c6 2008.0/SRPMS/coreutils-6.9-5.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5105b28b38878f141247d8b408467c4d 2008.0/x86_64/coreutils-6.9-5.1mdv2008.0.x86_64.rpm c9ddaa4146fceabf6224e4bbc7b5b214 2008.0/x86_64/coreutils-doc-6.9-5.1mdv2008.0.x86_64.rpm ceec0934e3ebe1816d55667c507008c6 2008.0/SRPMS/coreutils-6.9-5.1mdv2008.0.src.rpm Mandriva Linux 2009.0: 8c41d3f3f45657996085945a05a3ee1d 2009.0/i586/coreutils-6.12-2.5mdv2009.0.i586.rpm 1f01c000f74cca3d8ea80c80a5e77a77 2009.0/i586/coreutils-doc-6.12-2.5mdv2009.0.i586.rpm c0bfeba1f8803e84b0f19eda2dbcfc70 2009.0/SRPMS/coreutils-6.12-2.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 8d3fa8cf346205047b200e75e71a0f3b 2009.0/x86_64/coreutils-6.12-2.5mdv2009.0.x86_64.rpm 65f4ba201e1073044a5683ab5528f591 2009.0/x86_64/coreutils-doc-6.12-2.5mdv2009.0.x86_64.rpm c0bfeba1f8803e84b0f19eda2dbcfc70 2009.0/SRPMS/coreutils-6.12-2.5mdv2009.0.src.rpm Mandriva Linux 2009.1: 677a2e51fc24b865f50a9d246c3c47b6 2009.1/i586/coreutils-7.1-2.1mdv2009.1.i586.rpm 6ef52ebd79e343dd900c949efb2a72c1 2009.1/i586/coreutils-doc-7.1-2.1mdv2009.1.i586.rpm ea99205731c07360b5ba655ee3bbc3de 2009.1/SRPMS/coreutils-7.1-2.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 8d76e1e624c9c741569bb8e063cca8ab 2009.1/x86_64/coreutils-7.1-2.1mdv2009.1.x86_64.rpm 83a9d3e31bce5e465b84a730a6ff1fab 2009.1/x86_64/coreutils-doc-7.1-2.1mdv2009.1.x86_64.rpm ea99205731c07360b5ba655ee3bbc3de 2009.1/SRPMS/coreutils-7.1-2.1mdv2009.1.src.rpm Mandriva Linux 2010.0: a5595b72c83ada96d02a77ab8f899f44 2010.0/i586/coreutils-7.5-2.1mdv2010.0.i586.rpm cd3dd55d6071824c2ea70633ab222979 2010.0/i586/coreutils-doc-7.5-2.1mdv2010.0.i586.rpm ff13b7700b3c2133968e8910ea09911f 2010.0/SRPMS/coreutils-7.5-2.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 1b6e4154b358a5876ed80af38e8e978a 2010.0/x86_64/coreutils-7.5-2.1mdv2010.0.x86_64.rpm 9608a2886c7ef707b1df4183b894b3b4 2010.0/x86_64/coreutils-doc-7.5-2.1mdv2010.0.x86_64.rpm ff13b7700b3c2133968e8910ea09911f 2010.0/SRPMS/coreutils-7.5-2.1mdv2010.0.src.rpm Corporate 4.0: 09f9564f73c38994f7b7b86d817285f8 corporate/4.0/i586/coreutils-5.2.1-8.1.20060mlcs4.i586.rpm 7e5005893e4a2727e53fceb19db6ff8c corporate/4.0/i586/coreutils-doc-5.2.1-8.1.20060mlcs4.i586.rpm 0d9aad80fdd05f2eeffa7678b71f4aac corporate/4.0/SRPMS/coreutils-5.2.1-8.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 403f7d811c4c9b8822f0ab3f7cff683d corporate/4.0/x86_64/coreutils-5.2.1-8.1.20060mlcs4.x86_64.rpm 224927bf18cb5418b47d846b104bb34b corporate/4.0/x86_64/coreutils-doc-5.2.1-8.1.20060mlcs4.x86_64.rpm 0d9aad80fdd05f2eeffa7678b71f4aac corporate/4.0/SRPMS/coreutils-5.2.1-8.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: f877e344eb0908e073c3a854d12cadec mes5/i586/coreutils-6.12-2.5mdvmes5.i586.rpm d0cede58c64e7ff6d78dfef11276cec2 mes5/i586/coreutils-doc-6.12-2.5mdvmes5.i586.rpm f219918d16c0498311dcccc1a486b282 mes5/SRPMS/coreutils-6.12-2.5mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 6286996ffa27c4606fe018ee4a686b76 mes5/x86_64/coreutils-6.12-2.5mdvmes5.x86_64.rpm 697ae5dbe6e1bf0b47bf84c0c0fa1c21 mes5/x86_64/coreutils-doc-6.12-2.5mdvmes5.x86_64.rpm f219918d16c0498311dcccc1a486b282 mes5/SRPMS/coreutils-6.12-2.5mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLW00hmqjQ0CJFipgRAu+bAJ9kS1wAIZdkXX/xB+FHsOtsT5pjCQCgwEgZ FMFfLQUZs/exqLplc3bpiw0= =HBft -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/