7541154 2001-11-20 08:59 -0700 /219 rader/ Linux Mandrake Security Team <security@linux-mandrake.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-11-21 02:48 av Brevbäraren
Extern mottagare: Linux Mandrake Security Announcements <security-announce@linux-mandrake.com>
Extern kopiemottagare: Linux Mandrake Security <mdk-security@lists.freezer-burn.org>
Extern kopiemottagare: Bugtraq <bugtraq@securityfocus.com>
Mottagare: Bugtraq (import) <19827>
Ärende: MDKSA-2001:086 - tetex update
------------------------------------------------------------
From: Linux Mandrake Security Team <security@linux-mandrake.com>
To: Linux Mandrake Security Announcements <security-announce@linux-mandrake.com>
Cc: Linux Mandrake Security <mdk-security@lists.freezer-burn.org>,
Bugtraq <bugtraq@securityfocus.com>
Message-ID: <20011120085928.F27165@mandrakesoft.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: tetex
Date: November 20th, 2001
Advisory ID: MDKSA-2001:086
Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1
________________________________________________________________________
Problem Description:
A problem was discovered in the temporary file handling capabilities
of some teTeX filters by zen-parse. These filters are used as print
filters automatically when printing .dvi files using lpr. This can
lead to elevated privileges. This update relies on the updated
mktemp packages for 7.x in MDKA-2001:021, which gives mktemp the
ability to create temporary directories. 8.x users already have a
mktemp that
works in this fashion.
________________________________________________________________________
References:
http://www.securityfocus.com/archive/1/192647
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=43342
________________________________________________________________________
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:
rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.
Linux-Mandrake 7.1: 03ef1ee1b633f7b15a96e0aaeb7add41
7.1/RPMS/tetex-1.0.7-6.1mdk.i586.rpm d8adc388002098ee54c25a85e48a1861
7.1/RPMS/tetex-afm-1.0.7-6.1mdk.i586.rpm
bf8af031068beb610175b69c2f56bf83
7.1/RPMS/tetex-doc-1.0.7-6.1mdk.i586.rpm
f1a8dfd94a0da14dc9446d7a1d58f227
7.1/RPMS/tetex-dvilj-1.0.7-6.1mdk.i586.rpm
25ed14dcdd9b3ba3862387d22eab47ca
7.1/RPMS/tetex-dvips-1.0.7-6.1mdk.i586.rpm
0a2951e2aee8ed37a2b206efa37e0a90
7.1/RPMS/tetex-latex-1.0.7-6.1mdk.i586.rpm
c5c7882c0d386ca5176464b52b583afa
7.1/RPMS/tetex-xdvi-1.0.7-6.1mdk.i586.rpm
f25809018552ee50468b8695562703f5 7.1/SRPMS/tetex-1.0.7-6.1mdk.src.rpm
Linux-Mandrake 7.2: 51007b87bf1dba689b08a7a2d481409d
7.2/RPMS/tetex-1.0.7-11.1mdk.i586.rpm
df7ecae9c6f7080ed3e869e5f5723dfb
7.2/RPMS/tetex-afm-1.0.7-11.1mdk.i586.rpm
046adf359223e78bfb174128019f8c2b
7.2/RPMS/tetex-doc-1.0.7-11.1mdk.i586.rpm
8924196a007e4358fbb4295ad0ffdd08
7.2/RPMS/tetex-dvilj-1.0.7-11.1mdk.i586.rpm
95713800fbf8d5cecaeeb4f0112ab0bb
7.2/RPMS/tetex-dvips-1.0.7-11.1mdk.i586.rpm
3ae21fe8d70ef236944be4a3f065c053
7.2/RPMS/tetex-latex-1.0.7-11.1mdk.i586.rpm
313f849bb6578966e78463799d37b019
7.2/RPMS/tetex-xdvi-1.0.7-11.1mdk.i586.rpm
f7f1a22b452d0acdbbc9424f73686ab5
7.2/SRPMS/tetex-1.0.7-11.1mdk.src.rpm
Mandrake Linux 8.0: a5e5697f6b6c521e3132a0ccaa3bcdaa
8.0/RPMS/tetex-1.0.7-21.1mdk.i586.rpm
37132ac11983dfccb2ee7c1d9ff0203d
8.0/RPMS/tetex-afm-1.0.7-21.1mdk.i586.rpm
658a56ca65ddddfc0d4a288eec16a5d5
8.0/RPMS/tetex-doc-1.0.7-21.1mdk.i586.rpm
6213815683453df4029c4190c3ca4285
8.0/RPMS/tetex-dvilj-1.0.7-21.1mdk.i586.rpm
b79a68dbfba6c2bbc9455e93c3aa9b08
8.0/RPMS/tetex-dvipdfm-1.0.7-21.1mdk.i586.rpm
7c78663dff6b7d6110d52360ffe51bdf
8.0/RPMS/tetex-dvips-1.0.7-21.1mdk.i586.rpm
63e5cce1fed58e0870f067ef7d345f83
8.0/RPMS/tetex-latex-1.0.7-21.1mdk.i586.rpm
73d00015e30e78cdaf4fed01863696f2
8.0/RPMS/tetex-xdvi-1.0.7-21.1mdk.i586.rpm
c9d8502ab2e9ee1cbce62074dafc9ea9
8.0/SRPMS/tetex-1.0.7-21.1mdk.src.rpm
Mandrake Linux 8.0 (PPC): 4c4431b6b402049f1616519b7f17f4e3
ppc/8.0/RPMS/tetex-1.0.7-21.1mdk.ppc.rpm
044a5b357a7a5e6c5e6b75f917427333
ppc/8.0/RPMS/tetex-afm-1.0.7-21.1mdk.ppc.rpm
ae24f1aae2d0cc8fe306256916fd7c45
ppc/8.0/RPMS/tetex-doc-1.0.7-21.1mdk.ppc.rpm
26c8812140346ca3524974b44487fd26
ppc/8.0/RPMS/tetex-dvilj-1.0.7-21.1mdk.ppc.rpm
127a7b1c4a8cce9e54315508ad6f4db7
ppc/8.0/RPMS/tetex-dvipdfm-1.0.7-21.1mdk.ppc.rpm
a3eba4dac3b4f0944b26a4a3b625d95e
ppc/8.0/RPMS/tetex-dvips-1.0.7-21.1mdk.ppc.rpm
0316f1614af04b923ffd20b95cb98f3e
ppc/8.0/RPMS/tetex-latex-1.0.7-21.1mdk.ppc.rpm
9c02e6a5ed8ed4d3f5cf9ce7637703f4
ppc/8.0/RPMS/tetex-xdvi-1.0.7-21.1mdk.ppc.rpm
c9d8502ab2e9ee1cbce62074dafc9ea9
ppc/8.0/SRPMS/tetex-1.0.7-21.1mdk.src.rpm
Mandrake Linux 8.1: 2d7aaee76ce94274b105c89ae9104d9e
8.1/RPMS/tetex-1.0.7-31.1mdk.i586.rpm
ea793c3d29c61bd5cafbf90a7ab93ac7
8.1/RPMS/tetex-afm-1.0.7-31.1mdk.i586.rpm
fcc2d001813252656f5b2c5a140c3937
8.1/RPMS/tetex-doc-1.0.7-31.1mdk.i586.rpm
53881ceff47afb6723b22f5dee508cec
8.1/RPMS/tetex-dvilj-1.0.7-31.1mdk.i586.rpm
ce6fd105fdc6dcee614747b02fad8e52
8.1/RPMS/tetex-dvipdfm-1.0.7-31.1mdk.i586.rpm
2bd08b27ad7961e5405532f58ca840b0
8.1/RPMS/tetex-dvips-1.0.7-31.1mdk.i586.rpm
a454c5cf0e0031a85e6ecfd9e6e32c5e
8.1/RPMS/tetex-latex-1.0.7-31.1mdk.i586.rpm
55841068d15f1509a3bbefa9ecf89865
8.1/RPMS/tetex-xdvi-1.0.7-31.1mdk.i586.rpm
295d0cd04109922869668dcd21f203b5
8.1/SRPMS/tetex-1.0.7-31.1mdk.src.rpm
Corporate Server 1.0.1: 03ef1ee1b633f7b15a96e0aaeb7add41
1.0.1/RPMS/tetex-1.0.7-6.1mdk.i586.rpm
d8adc388002098ee54c25a85e48a1861
1.0.1/RPMS/tetex-afm-1.0.7-6.1mdk.i586.rpm
bf8af031068beb610175b69c2f56bf83
1.0.1/RPMS/tetex-doc-1.0.7-6.1mdk.i586.rpm
f1a8dfd94a0da14dc9446d7a1d58f227
1.0.1/RPMS/tetex-dvilj-1.0.7-6.1mdk.i586.rpm
25ed14dcdd9b3ba3862387d22eab47ca
1.0.1/RPMS/tetex-dvips-1.0.7-6.1mdk.i586.rpm
0a2951e2aee8ed37a2b206efa37e0a90
1.0.1/RPMS/tetex-latex-1.0.7-6.1mdk.i586.rpm
c5c7882c0d386ca5176464b52b583afa
1.0.1/RPMS/tetex-xdvi-1.0.7-6.1mdk.i586.rpm
f25809018552ee50468b8695562703f5
1.0.1/SRPMS/tetex-1.0.7-6.1mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".
You can download the updates directly from one of the mirror sites
listed at:
http://www.linux-mandrake.com/en/ftp.php3.
Updated packages are available in the "updates/[ver]/RPMS/"
directory. For example, if you are looking for an updated RPM
package for Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/".
Updated source RPMs are available as well, but you generally do not
need to download them.
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other security advisories for Mandrake Linux at:
http://www.linux-mandrake.com/en/security/
If you want to report vulnerabilities, please contact
security@linux-mandrake.com
________________________________________________________________________
Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:
security-announce@linux-mandrake.com
Mandrake Linux's security announcements mailing list. Only
announcements are sent to this list and it is read-only.
security-discuss@linux-mandrake.com
Mandrake Linux's security discussion mailing list. This list is
open to anyone to discuss Mandrake Linux security specifically and
Linux security in general.
To subscribe to either list, send a message to
sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.
To remove yourself from either list, send a message to
sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.
To get more information on either list, send a message to
sympa@linux-mandrake.com
with "info [listname]" in the body of the message.
Optionally, you can use the web interface to subscribe to or
unsubscribe from either list:
http://www.linux-mandrake.com/en/flists.php3#security
________________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security@linux-mandrake.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7+gMvmqjQ0CJFipgRAsXBAKDUvFQmjx38nWwMWmdBAW4NXXwDOQCfUBWY
a7l0N39ZBqeefx9zUf5dEvE=
=tK23
-----END PGP SIGNATURE-----
(7541154) /Linux Mandrake Security Team <security@linux-mandrake.com>/(Ombruten)