Home > Security > Advisories

Advisories

Mandriva Advisories

Package name gettext
Date February 28th, 2006
Advisory ID MDKSA-2006:051
Affected versions CS3.0, MNF2.0
Synopsis Updated gettext packages fix temporary file vulnerabilities

Problem Description

The Trustix developers discovered temporary file vulnerabilities in the autopoint and gettextize scripts, part of GNU gettext. These scripts insecurely created temporary files which could allow a malicious user to overwrite another user's files via a symlink attack. The updated packages have been patched to address this issue.

Updated Packages

Corporate Server 3.0

3e90a65b63c6cef50ea2362b97d601af  corporate/3.0/RPMS/gettext-0.13.1-1.3.C30mdk.i586.rpm
 88645a36cc137b6d15baff31df84bb5f  corporate/3.0/RPMS/gettext-base-0.13.1-1.3.C30mdk.i586.rpm
 122cf7a4d0173cd80c3c6a388b76ec5a  corporate/3.0/RPMS/gettext-devel-0.13.1-1.3.C30mdk.i586.rpm
 d9e9d121c5833e80c9bbd642af24fb40  corporate/3.0/RPMS/gettext-java-0.13.1-1.3.C30mdk.i586.rpm
 7aa6d70debb3c1814333fca662e23cac  corporate/3.0/RPMS/libgettextmisc-0.13.1-1.3.C30mdk.i586.rpm
 cfe279f682d65f910505e069b911d7c7  corporate/3.0/RPMS/libintl2-0.13.1-1.3.C30mdk.i586.rpm
 fc15df73311804bf0fd371fa9682c0c5  corporate/3.0/SRPMS/gettext-0.13.1-1.3.C30mdk.src.rpm

Corporate Server 3.0/X86_64

c3648f970e7794014773ddedd68eaf91  x86_64/corporate/3.0/RPMS/gettext-0.13.1-1.3.C30mdk.x86_64.rpm
 d876576394822262df7e2351775c1aaa  x86_64/corporate/3.0/RPMS/gettext-base-0.13.1-1.3.C30mdk.x86_64.rpm
 af77cf6ee5a7d238ec122fbc4af7d353  x86_64/corporate/3.0/RPMS/gettext-devel-0.13.1-1.3.C30mdk.x86_64.rpm
 1173d049f6621cd8ff8d0396d24eb097  x86_64/corporate/3.0/RPMS/gettext-java-0.13.1-1.3.C30mdk.x86_64.rpm
 f757f8a584bfc7ebd99d13a92415241b  x86_64/corporate/3.0/RPMS/lib64gettextmisc-0.13.1-1.3.C30mdk.x86_64.rpm
 ecb7b9c26a607287c10f12bc70d5ffa9  x86_64/corporate/3.0/RPMS/lib64intl2-0.13.1-1.3.C30mdk.x86_64.rpm
 fc15df73311804bf0fd371fa9682c0c5  x86_64/corporate/3.0/SRPMS/gettext-0.13.1-1.3.C30mdk.src.rpm

Multi Network Firewall 2.0

bf7a130a64632e27c4c0e35bcce1838d  mnf/2.0/RPMS/gettext-0.13.1-1.3.M20mdk.i586.rpm
 26b569b31b5786eb3dc90c466ad42951  mnf/2.0/RPMS/gettext-base-0.13.1-1.3.M20mdk.i586.rpm
 513319968508b7d6c22135aed2a4ebcf  mnf/2.0/RPMS/gettext-devel-0.13.1-1.3.M20mdk.i586.rpm
 8ebc491dd574ec6e9624776b39adb08e  mnf/2.0/RPMS/gettext-java-0.13.1-1.3.M20mdk.i586.rpm
 d7efcc35298ade62c0d21b75cec11d35  mnf/2.0/RPMS/libgettextmisc-0.13.1-1.3.M20mdk.i586.rpm
 d0993ab7f263642207f1ae95f4861525  mnf/2.0/RPMS/libintl2-0.13.1-1.3.M20mdk.i586.rpm
 76fec48911a57db5edad551ae40cb3d1  mnf/2.0/SRPMS/gettext-0.13.1-1.3.M20mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0966

Upgrade

To upgrade automatically, use MandrakeUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.