[Security Announce] [ MDVSA-2008:083 ] - Updated audit packages fix vulnerability

news · April 12, 2008

This is a multi-part message in MIME format...

------------=_1208016303-11275-2428

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:083

http://www.mandriva.com/security/

_______________________________________________________________________

Package : audit

Date : April 9, 2008

Affected: 2008.0, 2008.1

_______________________________________________________________________

Problem Description:

Joe Nall reported a stack-based buffer overflow in Audit's log handling

that could allow remote attackers to execute arbitrary code via a

long command argument (CVE-2008-1628).

The updated packages have been patched to correct this issue.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1628

_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:

5c388b3cec134bb2bc570c9ab34f0103 2008.0/i586/audit-1.6.1-5.1mdv2008.0.i586.rpm

4a152d4bb81045cfc98d59fa883f3185 2008.0/i586/libaudit0-1.6.1-5.1mdv2008.0.i586.rpm

3490054dc24fd9f870b565d10790986c 2008.0/i586/libaudit-devel-1.6.1-5.1mdv2008.0.i586.rpm

64be797dd06d21706ec561cb781777f8 2008.0/i586/libaudit-static-devel-1.6.1-5.1mdv2008.0.i586.rpm

2d2d7d31cc0b730e9bc89bacae6a5782 2008.0/i586/python-audit-1.6.1-5.1mdv2008.0.i586.rpm

24067d0c21a44ef6ee534e83da6473de 2008.0/i586/system-config-audit-1.6.1-5.1mdv2008.0.i586.rpm

6eee4f5ed8cb106e37f5966c3f112796 2008.0/SRPMS/audit-1.6.1-5.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:

8c900519e78b7a89cc5984d24c68948d 2008.0/x86_64/audit-1.6.1-5.1mdv2008.0.x86_64.rpm

4c9d5031d8a7ebdc0b5136cbbc0c2921 2008.0/x86_64/lib64audit0-1.6.1-5.1mdv2008.0.x86_64.rpm

b2dc7d00c34d925a7fd37c320c166047 2008.0/x86_64/lib64audit-devel-1.6.1-5.1mdv2008.0.x86_64.rpm

666b93899443850b22debb3ed26850a9 2008.0/x86_64/lib64audit-static-devel-1.6.1-5.1mdv2008.0.x86_64.rpm

b36304d7c0ddb1e2b20f9e34f8f71327 2008.0/x86_64/python-audit-1.6.1-5.1mdv2008.0.x86_64.rpm

3e7afa051613cd3e76b930c4abe9a644 2008.0/x86_64/system-config-audit-1.6.1-5.1mdv2008.0.x86_64.rpm

6eee4f5ed8cb106e37f5966c3f112796 2008.0/SRPMS/audit-1.6.1-5.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:

dac71c3cafa7ca376236f4876e83bc19 2008.1/i586/audispd-plugins-1.6.8-1.1mdv2008.1.i586.rpm

78b9969d24f90b57eb5e0d758b13979b 2008.1/i586/audit-1.6.8-1.1mdv2008.1.i586.rpm

fdd6573da83e2b25c36baacce0239b0e 2008.1/i586/libaudit0-1.6.8-1.1mdv2008.1.i586.rpm

2a5e0099ac9bfb1d0510f7cf6930ef3e 2008.1/i586/libaudit-devel-1.6.8-1.1mdv2008.1.i586.rpm

0da5de8573d2e87f2eab3c36148f6ae8 2008.1/i586/libaudit-static-devel-1.6.8-1.1mdv2008.1.i586.rpm

98ccd43798fb49cdc507b4be34045d0e 2008.1/i586/python-audit-1.6.8-1.1mdv2008.1.i586.rpm

36e04ddb3bd5704d9eabdf6f9a72e34f 2008.1/i586/system-config-audit-1.6.8-1.1mdv2008.1.i586.rpm

048ee49d43b23de9a0548dd487aa05ab 2008.1/SRPMS/audit-1.6.8-1.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:

38706b3987e3c028cc1e4b530feae0ab 2008.1/x86_64/audispd-plugins-1.6.8-1.1mdv2008.1.x86_64.rpm

1aeb2075292c201d6f41a740d0a9f86c 2008.1/x86_64/audit-1.6.8-1.1mdv2008.1.x86_64.rpm

db8c62f5248641507775b8d08f9e16ee 2008.1/x86_64/lib64audit0-1.6.8-1.1mdv2008.1.x86_64.rpm

85c81bdb2242940b35e87b8b29821c1e 2008.1/x86_64/lib64audit-devel-1.6.8-1.1mdv2008.1.x86_64.rpm

8649bc6869faf51fc9ec2fea6d2ea98a 2008.1/x86_64/lib64audit-static-devel-1.6.8-1.1mdv2008.1.x86_64.rpm

8976021b103d5d0a7821f9ec8324665b 2008.1/x86_64/python-audit-1.6.8-1.1mdv2008.1.x86_64.rpm

77e1ed778ea69c044b7ee176a93b1880 2008.1/x86_64/system-config-audit-1.6.8-1.1mdv2008.1.x86_64.rpm

048ee49d43b23de9a0548dd487aa05ab 2008.1/SRPMS/audit-1.6.8-1.1mdv2008.1.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH/R3vmqjQ0CJFipgRAqk4AKDOUB1SC1XO1dPg44If4m7eDRCg+QCgw+oP

bpKDxCSUPB+5Jz7h+w5mK3A=

=d2p2

-----END PGP SIGNATURE-----

------------=_1208016303-11275-2428

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1208016303-11275-2428--

Sign In

[Security Announce] [ MDVSA-2008:083 ] - Updated audit packages fix vulnerability

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity