Mandrake: 'linuxconf' vulnerability
Posted by LinuxSecurity.com Team   
Mandrake WireX discovered a potential temporary file race problem in the vpop3d program in the linuxconf package.

________________________________________________________________________

                Linux-Mandrake Security Update Advisory
________________________________________________________________________

Package name:           linuxconf
Date:                   January 12th, 2001
Advisory ID:            MDKSA-2001:011

Affected versions:      6.0, 6.1, 7.0, 7.1, 7.2
________________________________________________________________________

Problem Description:

 WireX discovered a potential temporary file race problem in the vpop3d
 program in the linuxconf package.  This update corrects the problem.
________________________________________________________________________

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig package.rpm
You can get the GPG public key of the Linux-Mandrake Security Team at
   http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.

Linux-Mandrake 6.0:
7e6b1aba001ec31d89ace76ba9a9de8c  6.0/RPMS/linuxconf-1.15r2.2-7.1mdk.i586.rpm
44d44ae956faff05191866780326be80  6.0/RPMS/linuxconf-devel-1.15r2.2-7.1mdk.i586.rpm
acaca15ea448c7d579385936e163db8a  6.0/SRPMS/linuxconf-1.15r2.2-7.1mdk.src.rpm

Linux-Mandrake 6.1:
3b9f92a2b081942ab41d0836cbc4b8e8  6.1/RPMS/linuxconf-1.16r2.1-1.1mdk.i586.rpm
09b3e68104a4591cbc1a066ca4c226ad  6.1/RPMS/linuxconf-devel-1.16r2.1-1.1mdk.i586.rpm
cbacc234f560672e8603c4f9ca84dc7f  6.1/SRPMS/linuxconf-1.16r2.1-1.1mdk.src.rpm

Linux-Mandrake 7.0:
6f4da19a00b5f650b78242d62c8b78e4  7.0/RPMS/linuxconf-1.16r10-3.1mdk.i586.rpm
30bea04bbbdb8c3371103d6bd61dc987  7.0/RPMS/linuxconf-devel-1.16r10-3.1mdk.i586.rpm
bdf591021c27d76a4bec282977d58d0a  7.0/SRPMS/linuxconf-1.16r10-3.1mdk.src.rpm

Linux-Mandrake 7.1:
52a155c38bad17c32fec9e8927185d7e  7.1/RPMS/linuxconf-1.18-2.1mdk.i586.rpm
5991b6f22d8ccbc5ce4d884c719fff59  7.1/RPMS/linuxconf-devel-1.18-2.1mdk.i586.rpm
1105aee36798f22d8a1c92e8826daa57  7.1/SRPMS/linuxconf-1.18-2.1mdk.src.rpm

Linux-Mandrake 7.2:
43e5e6cc1db2645600a839687129fadc  7.2/RPMS/linuxconf-1.21r5-5.1mdk.i586.rpm
3041e8b3d5a3c31be3dd35d5d1a51998  7.2/RPMS/linuxconf-devel-1.21r5-5.1mdk.i586.rpm
898061066978da7348545f2e1eeffef4  7.2/RPMS/linuxconf-lang-cn-1.21r5-5.1mdk.i586.rpm
bd23ebe423c57591127d166c301c708e  7.2/RPMS/linuxconf-lang-cs-1.21r5-5.1mdk.i586.rpm
d0b393e019c3a3b162ef4bbc735f493c  7.2/RPMS/linuxconf-lang-de-1.21r5-5.1mdk.i586.rpm
604354b05cece34c22826259510dd0ac  7.2/RPMS/linuxconf-lang-es-1.21r5-5.1mdk.i586.rpm
d6a7be4929022bc4041a7108473b183d  7.2/RPMS/linuxconf-lang-fi-1.21r5-5.1mdk.i586.rpm
f346fd4957f6f26968511d0a78d3f8d1  7.2/RPMS/linuxconf-lang-fr-1.21r5-5.1mdk.i586.rpm
8f246dc27a3b452349ae234900fa75ee  7.2/RPMS/linuxconf-lang-it-1.21r5-5.1mdk.i586.rpm
8dc97fe8a3862b2f6d69ebf8f3f614dd  7.2/RPMS/linuxconf-lang-ko-1.21r5-5.1mdk.i586.rpm
aedb5e0816d56c88fe89e420e479c09f  7.2/RPMS/linuxconf-lang-no-1.21r5-5.1mdk.i586.rpm
5887bda35977e37041e84a083e59eea0  7.2/RPMS/linuxconf-lang-pt-1.21r5-5.1mdk.i586.rpm
434c04e440121f97979d9b4a361bdeda  7.2/RPMS/linuxconf-lang-ro-1.21r5-5.1mdk.i586.rpm
da0154ee9ec1df038662b32a6d933138  7.2/RPMS/linuxconf-lang-ru-SU-1.21r5-5.1mdk.i586.rpm
2637570113c1a542a3ecb6a2593d01ac  7.2/RPMS/linuxconf-lang-se-1.21r5-5.1mdk.i586.rpm
45ef4f1f3d8caa9a86dbe5782e46ae49  7.2/RPMS/linuxconf-lang-sk-1.21r5-5.1mdk.i586.rpm
ea6bb186ad8a6da67d156507964e37af  7.2/RPMS/linuxconf-lang-zh-1.21r5-5.1mdk.i586.rpm
2a34c501bc0c737ddf171bb024a2d2c2  7.2/RPMS/linuxconf-lib-1.21r5-5.1mdk.i586.rpm
e93ad684e4640e6e30f0e925b31a7ac3  7.2/RPMS/linuxconf-util-1.21r5-5.1mdk.i586.rpm
82a994ffde06af0de569e07a7561c93b  7.2/SRPMS/linuxconf-1.21r5-5.1mdk.src.rpm

Corporate Server 1.0.1:
52a155c38bad17c32fec9e8927185d7e  1.0.1/RPMS/linuxconf-1.18-2.1mdk.i586.rpm
5991b6f22d8ccbc5ce4d884c719fff59  1.0.1/RPMS/linuxconf-devel-1.18-2.1mdk.i586.rpm
1105aee36798f22d8a1c92e8826daa57  1.0.1/SRPMS/linuxconf-1.18-2.1mdk.src.rpm
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".

You can download the updates directly from one of the mirror sites
listed at:

   http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Linux-Mandrake 7.2, look for it in "updates/7.2/RPMS/".  Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other security advisories for Linux-Mandrake at:

   http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
________________________________________________________________________

Linux-Mandrake has two security-related mailing list services that
anyone can subscribe to:

security-announce@linux-mandrake.com

  Linux-Mandrake's security announcements mailing list.  Only
  announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

  Linux-Mandrake's security discussion mailing list.  This list is open
  to anyone to discuss Linux-Mandrake security specifically and Linux
  security in general.

To subscribe to either list, send a message to
  sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to
  sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to
  sympa@linux-mandrake.com
with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:

   http://www.linux-mandrake.com/en/flists.php3#security
________________________________________________________________________