Advisories

Mandriva Advisories

Package name	texinfo
Date	October 6th, 2005
Advisory ID	MDKSA-2005:175
Affected versions	10.1, CS2.1, CS3.0, 10.2, 2006.0
Synopsis	Updated texinfo packages fix temporary file vulnerability

Problem Description

Frank Lichtenheld has discovered that texindex insecurely creates temporary files with predictable filenames. This is exploitable if a local attacker were to create symbolic links in the temporary files directory, pointing to a valid file on the filesystem. When texindex is executed, the file would be overwitten with the rights of the user running texindex.

The updated packages have been patched to correct this issue.

Updated Packages

Mandrakelinux 10.1

76e53b496b39c7b28f0267a90ba586a8  10.1/RPMS/info-4.7-2.1.101mdk.i586.rpm
10cd78726493bda942913b5584bcf0ea  10.1/RPMS/info-install-4.7-2.1.101mdk.i586.rpm
25b0fff505495b5b4b80ffcf113ecb15  10.1/RPMS/texinfo-4.7-2.1.101mdk.i586.rpm
e47fb813ed54544bd93b6897031b6d2d  10.1/SRPMS/texinfo-4.7-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

5f47ff5b3e06addb1924f92b8ade046f  x86_64/10.1/RPMS/info-4.7-2.1.101mdk.x86_64.rpm
66cb5ffb24e9e263cfe2af552b5f2ac1  x86_64/10.1/RPMS/info-install-4.7-2.1.101mdk.x86_64.rpm
bda2aa2a304be57fa28f2879b85fc9c0  x86_64/10.1/RPMS/texinfo-4.7-2.1.101mdk.x86_64.rpm
e47fb813ed54544bd93b6897031b6d2d  x86_64/10.1/SRPMS/texinfo-4.7-2.1.101mdk.src.rpm

Corporate Server 2.1

af212fb87728fcb48c736f5f30f0a906  corporate/2.1/RPMS/info-4.2-5.1.C21mdk.i586.rpm
256c91dbdf2650f5323c9294916eb25c  corporate/2.1/RPMS/info-install-4.2-5.1.C21mdk.i586.rpm
37f29e7fc13e78f1de4213591a028723  corporate/2.1/RPMS/texinfo-4.2-5.1.C21mdk.i586.rpm
8c4df474276402f88497af71c8e6586a  corporate/2.1/SRPMS/texinfo-4.2-5.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

32d0a4f0f9e9d14bfb34368f5d5e429e  x86_64/corporate/2.1/RPMS/info-4.2-5.1.C21mdk.x86_64.rpm
8df053321dd699e94bfed39387df0541  x86_64/corporate/2.1/RPMS/info-install-4.2-5.1.C21mdk.x86_64.rpm
44a60c312004ed7490a802521559ddae  x86_64/corporate/2.1/RPMS/texinfo-4.2-5.1.C21mdk.x86_64.rpm
8c4df474276402f88497af71c8e6586a  x86_64/corporate/2.1/SRPMS/texinfo-4.2-5.1.C21mdk.src.rpm

Corporate Server 3.0

9556168c04d13c9a6a3f6e7015a398de  corporate/3.0/RPMS/info-4.6-1.1.C30mdk.i586.rpm
ed35b999cc4037b9ad7f838eb641a837  corporate/3.0/RPMS/info-install-4.6-1.1.C30mdk.i586.rpm
7f26434349820297ee62871c754c61d4  corporate/3.0/RPMS/texinfo-4.6-1.1.C30mdk.i586.rpm
83cb27358b6e352de4f1173407175823  corporate/3.0/SRPMS/texinfo-4.6-1.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

217fc652b60c5aac4e9c17ea69f5ab33  x86_64/corporate/3.0/RPMS/info-4.6-1.1.C30mdk.x86_64.rpm
7c3eee4af8b915337903ed6f8e8cedaf  x86_64/corporate/3.0/RPMS/info-install-4.6-1.1.C30mdk.x86_64.rpm
11af71727eee1214d330d34ff9dbfe54  x86_64/corporate/3.0/RPMS/texinfo-4.6-1.1.C30mdk.x86_64.rpm
83cb27358b6e352de4f1173407175823  x86_64/corporate/3.0/SRPMS/texinfo-4.6-1.1.C30mdk.src.rpm

Mandrivalinux LE2005

da38f9033ba2495d786bbb95bcee6c9f  10.2/RPMS/info-4.8-1.1.102mdk.i586.rpm
e1dbdf1b7c0ad41fde7bab6cab92be6f  10.2/RPMS/info-install-4.8-1.1.102mdk.i586.rpm
2b0c6e496d0adfa9b8c486c048c5cd65  10.2/RPMS/texinfo-4.8-1.1.102mdk.i586.rpm
e018dbb4a415940d5c5062c4cdd01a1f  10.2/SRPMS/texinfo-4.8-1.1.102mdk.src.rpm

Mandrivalinux LE2005/X86_64

9baa45ce2070d15f35062c41a574bf4f  x86_64/10.2/RPMS/info-4.8-1.1.102mdk.x86_64.rpm
821d86aeae3923411e2667ea8cca3723  x86_64/10.2/RPMS/info-install-4.8-1.1.102mdk.x86_64.rpm
54c74f133bcf8cf6791cc97ef9c2e2f2  x86_64/10.2/RPMS/texinfo-4.8-1.1.102mdk.x86_64.rpm
e018dbb4a415940d5c5062c4cdd01a1f  x86_64/10.2/SRPMS/texinfo-4.8-1.1.102mdk.src.rpm

Mandrivalinux 2006

8b6d88e8dc11347d15daaecea9614350  2006.0/RPMS/info-4.8-1.1.20060mdk.i586.rpm
db1fb3ef2f3810ad044f7ceb0e7f28ba  2006.0/RPMS/info-install-4.8-1.1.20060mdk.i586.rpm
71bd982b51dd4ce475bff38b13e602ee  2006.0/RPMS/texinfo-4.8-1.1.20060mdk.i586.rpm
727c5b4c31890156019eeaa67693d169  2006.0/SRPMS/texinfo-4.8-1.1.20060mdk.src.rpm

Mandrivalinux 2006/X86_64

1ebc92ec90e633ed7bd2c23df56db8e6  x86_64/2006.0/RPMS/info-4.8-1.1.20060mdk.x86_64.rpm
52a3c172223d5c4fac673719232df4b5  x86_64/2006.0/RPMS/info-install-4.8-1.1.20060mdk.x86_64.rpm
ad9da3a4cfa7e804c2880a94622bbe66  x86_64/2006.0/RPMS/texinfo-4.8-1.1.20060mdk.x86_64.rpm
727c5b4c31890156019eeaa67693d169  x86_64/2006.0/SRPMS/texinfo-4.8-1.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011

Upgrade

To upgrade automatically, use MandrakeUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

http://frontal2.mandriva.com/security/advisories

Short link:

http://frontal2.mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer