|
|
>> Mandriva Security Update Fixes Cpio File Handling Multiple Vulnerabilities
|
Title : Mandriva Security Update Fixes Cpio File Handling Multiple Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-4033
CVE ID : CVE-2005-1229 - CVE-2007-4476
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-29
|
Multiple vulnerabilities have been identified in various Mandriva products, which could be exploited by attackers to compromise a vulnerable system. These issues are caused by errors in Cpio. For additional information, see : VUPEN/ADV-2007-3511
Affected Products
Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Linux 2008.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Mandriva Multi Network Firewall 2.0
Solution
Upgrade the affected packages :
Mandriva Linux 2007.0:
88af30721a848b5fd4b3e26c5c055846 2007.0/i586/cpio-2.6-7.1mdv2007.0.i586.rpm
250697255ccc671ca2a01c2ba762aac6 2007.0/SRPMS/cpio-2.6-7.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
fc1e32f7b528997237b392b1c1da9c3c 2007.0/x86_64/cpio-2.6-7.1mdv2007.0.x86_64.rpm
250697255ccc671ca2a01c2ba762aac6 2007.0/SRPMS/cpio-2.6-7.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
0814f474aa054b2b7fc92af6e1f5ba01 2007.1/i586/cpio-2.7-3.1mdv2007.1.i586.rpm
7292ed206fa271c377cbe72577b42a0d 2007.1/SRPMS/cpio-2.7-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
851d9793b6f791817bc76b558f8fdd5b 2007.1/x86_64/cpio-2.7-3.1mdv2007.1.x86_64.rpm
7292ed206fa271c377cbe72577b42a0d 2007.1/SRPMS/cpio-2.7-3.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
a6747328c665be64979fee53f3878fdb 2008.0/i586/cpio-2.9-2.1mdv2008.0.i586.rpm
de436966331be58abba226049bff8edf 2008.0/SRPMS/cpio-2.9-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
953e95a47bb9a978aa1b98e1c7f56e65 2008.0/x86_64/cpio-2.9-2.1mdv2008.0.x86_64.rpm
de436966331be58abba226049bff8edf 2008.0/SRPMS/cpio-2.9-2.1mdv2008.0.src.rpm
Corporate 3.0:
4dfe1f2b387d396eca07927d65a77ce4 corporate/3.0/i586/cpio-2.5-4.4.C30mdk.i586.rpm
10e1e7fcb59c195b6f679b80e75fade0 corporate/3.0/SRPMS/cpio-2.5-4.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
dc91afd2f8c7b93a95b898cc9a98182a corporate/3.0/x86_64/cpio-2.5-4.4.C30mdk.x86_64.rpm
10e1e7fcb59c195b6f679b80e75fade0 corporate/3.0/SRPMS/cpio-2.5-4.4.C30mdk.src.rpm
Corporate 4.0:
79936c67409d3889d7988fecfde649b5 corporate/4.0/i586/cpio-2.6-5.1.20060mlcs4.i586.rpm
593f22ed1a261614a1f0d45932b6c441 corporate/4.0/SRPMS/cpio-2.6-5.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
a32dd1c2fcb89b32dacd9c7f5d56acd7 corporate/4.0/x86_64/cpio-2.6-5.1.20060mlcs4.x86_64.rpm
593f22ed1a261614a1f0d45932b6c441 corporate/4.0/SRPMS/cpio-2.6-5.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
3abab72dae445f67c65d58f975f8816c mnf/2.0/i586/cpio-2.5-4.4.M20mdk.i586.rpm
2a1e733d240e05b2771c135ebcbca4d4 mnf/2.0/SRPMS/cpio-2.5-4.4.M20mdk.src.rpm
References
http://www.vupen.com/english/advisories/2007/4033
http://archives.mandrivalinux.com/security-announce/2007-11/msg00055.php
ChangeLog
2007-11-29 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
