AOH :: Linux :: Mandrake/Mandriva

AOH :: Linux :: Mandrake/Mandriva :: UPDATEMD.TXT
Mandrake Linux Update race condition


COMMAND

    MandrakeUpdate

SYSTEMS AFFECTED

    Linux-Mandrake 6.0, 6.1, 7.0, 7.1

PROBLEM

    Following is based on Linux-Mandrake Security Advisory.  There  is
    a possible race condition in MandrakeUpdate that has the potential
    for users to tamper  with RPMs downloaded by  MandrakeUpdate prior
    to them being installed.  This is due to files being stored in the
    /tmp directory.  This is a very low security-risk as most  servers
    that provide user logins shouldn't be using MandrakeUpdate.  These
    updated versions provide a fix for the problem by using  /root/tmp
    instead of /tmp.

SOLUTION

    Patch:

        Linux-Mandrake 6.0: 6.0/RPMS/MandrakeUpdate-6.0-6mdk.i586.rpm
                            6.0/RPMS/grpmi-0.9-6mdk.i586.rpm
                            6.0/SRPMS/MandrakeUpdate-6.0-6mdk.src.rpm

        Linux-Mandrake 6.1: 6.1/RPMS/MandrakeUpdate-6.1-4mdk.i586.rpm
                            6.1/RPMS/grpmi-0.9-4mdk.i586.rpm
                            6.1/SRPMS/MandrakeUpdate-6.1-4mdk.src.rpm

        Linux-Mandrake 7.0: 7.0/RPMS/grpmi-0.9-13mdk.i586.rpm
                            7.0/SRPMS/MandrakeUpdate-7.0-13mdk.src.rpm

        Linux-Mandrake 7.1: 7.1/RPMS/MandrakeUpdate-7.1-9mdk.i586.rpm
                            7.1/RPMS/grpmi-7.1-9mdk.i586.rpm
                            7.1/SRPMS/MandrakeUpdate-7.1-9mdk.src.rpm

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.