----- Forwarded message from Linux Mandrake Security Team <[EMAIL PROTECTED]> ----- > From: Linux Mandrake Security Team <[EMAIL PROTECTED]> > Reply-To: Linux Mandrake Security Team <[EMAIL PROTECTED]> > User-Agent: Mutt/1.2.5i > Date: Sat, 12 Aug 2000 17:47:50 -0600 > To: [EMAIL PROTECTED] > Subject: MDKSA-2000:034 MandrakeUpdate update > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ________________________________________________________________________ > > Linux-Mandrake Security Update Advisory > ________________________________________________________________________ > > Package name: MandrakeUpdate > Date: August 12th, 2000 > Advisory ID: MDKSA-2000:034 > > Affected versions: 6.0, 6.1, 7.0, 7.1 > ________________________________________________________________________ > > Problem Description: > > There is a possible race condition in MandrakeUpdate that has the > potential for users to tamper with RPMs downloaded by MandrakeUpdate > prior to them being installed. This is due to files being stored in > the /tmp directory. This is a very low security-risk as most servers > that provide user logins shouldn't be using MandrakeUpdate. These > updated versions provide a fix for the problem by using /root/tmp > instead of /tmp. > ________________________________________________________________________ > > Please verify these md5 checksums of the updates prior to upgrading to > ensure the integrity of the downloaded package. You can do this by > running the md5sum program on the downloaded package by using > "md5sum package.rpm" or by using a version of RPM greater than 3.0 with > the command "rpm -K package_name". This will also check the GnuPG > signature of the package provided you have the public key as part of > your keyring (the public key is provided at the end of this advisory). > > Linux-Mandrake 6.0: > ab5f320ff86ad0fa83e43d037683223f 6.0/RPMS/MandrakeUpdate-6.0-6mdk.i586.rpm > 74dd6d4fc6992095610bdf7f87ce4fb0 6.0/RPMS/grpmi-0.9-6mdk.i586.rpm > 4cbb0acfe62dc80f0a092e3103c74473 6.0/SRPMS/MandrakeUpdate-6.0-6mdk.src.rpm > > Linux-Mandrake 6.1: > 7a98b1aae4c89bb6685d5684aa5389bd 6.1/RPMS/MandrakeUpdate-6.1-4mdk.i586.rpm > bbd2772b962965231dde2cebc16697ad 6.1/RPMS/grpmi-0.9-4mdk.i586.rpm > 6058a51ae41c4f8ab4827ecd298d15af 6.1/SRPMS/MandrakeUpdate-6.1-4mdk.src.rpm > > Linux-Mandrake 7.0: > 0f47fd94502480cd323496fc2e4d3d38 7.0/RPMS/MandrakeUpdate-7.0-13mdk.i586.rpm > 4f473666fbc0b99b0505c73042eaf73e 7.0/RPMS/grpmi-0.9-13mdk.i586.rpm > 8e4daf4aff845feaca655f5d0d5739fd 7.0/SRPMS/MandrakeUpdate-7.0-13mdk.src.rpm > > Linux-Mandrake 7.1: > 06be2f821dddae85207e2a3832fb32fc 7.1/RPMS/MandrakeUpdate-7.1-9mdk.i586.rpm > a15a682c20f484d5054b70b9c226861f 7.1/RPMS/grpmi-7.1-9mdk.i586.rpm > 2cd78d22707aebeda6932daf40ff6c37 7.1/SRPMS/MandrakeUpdate-7.1-9mdk.src.rpm > ________________________________________________________________________ > > To upgrade automatically, use � MandrakeUpdate �. > > If you want to upgrade manually, download the updated package from one > of our FTP server mirrors and uprade with "rpm -Uvh package_name". > > You can download the updates directly from: > ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates > ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates > > Or try one of the other mirrors listed at: > > http://www.linux-mandrake.com/en/ftp.php3. > > Updated packages are available in the "updates/[ver]/RPMS/" directory. > For example, if you are looking for an updated RPM package for > Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/". Updated source > RPMs are available as well, but you generally do not need to download > them. > > Please be aware that sometimes it takes the mirrors a few hours to > update, so if you want an immediate upgrade, please use one of the two > above-listed mirrors. > > You can view other security advisories for Linux-Mandrake at: > > http://www.linux-mandrake.com/en/fupdates.php3 > > If you want to report vulnerabilities, please contact > > [EMAIL PROTECTED] > ________________________________________________________________________ > > Linux-Mandrake has two security-related mailing list services that > anyone can subscribe to: > > [EMAIL PROTECTED] > > Linux-Mandrake's security announcements mailing list. Only > announcements are sent to this list and it is read-only. > > [EMAIL PROTECTED] > > Linux-Mandrake's security discussion mailing list. This list is open > to anyone to discuss Linux-Mandrake security specifically and Linux > security in general. > > To subscribe to either list, send a message to > [EMAIL PROTECTED] > with "subscribe [listname]" in the body of the message. > > To remove yourself from either list, send a message to > [EMAIL PROTECTED] > with "unsubscribe [listname]" in the body of the message. > > To get more information on either list, send a message to > [EMAIL PROTECTED] > with "info [listname]" in the body of the message. > > Optionally, you can use the web interface to subscribe to or unsubscribe > from either list: > > http://www.linux-mandrake.com/en/flists.php3#security > ________________________________________________________________________ > > Type Bits/KeyID Date User ID > pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team > <[EMAIL PROTECTED]> > > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: GnuPG v1.0.1 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday > L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 > WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo > P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl > hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx > PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg > 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs > iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD > LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu > ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t > PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy > /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulq5AQ0EOWnn > 7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77 > 9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV > Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s > +A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX > Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl > 3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi > RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX > lA== > =WxWn > - -----END PGP PUBLIC KEY BLOCK----- > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE5leHtmqjQ0CJFipgRArcZAKCfH/OZI9pucixIPhH2/bNzoYOJGgCgxGiG > gJjqMielHMog2qSfYhUq3/8= > =CU0+ > -----END PGP SIGNATURE----- > > ----- End forwarded message ----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
