Date: Sat, 22 Apr 2000 14:38:09 +0200 From: Gael Duval <gduval@mandrakesoft.com> To: security-announce@linux-mandrake.com Subject: [Security Announce] latest updates: imwheel, gpm, openldap Hi, here is a resume of the recent security updates that have been posted to our website. They are all available through FTP (mirrors list on http://www.linux-mandrake.com/en/ftp.php3) or simply with the MandrakeUpdate tool. You will notice that this announce list has been renamed "security-announce". It's read-only (I hope so!) and dedicated to security updates notifications. If you have been subscribed by error to this list or don't wan't to receive it anymore, before crying please send: unsub security-announce in the subject of a message to: sympa@linux-mandrake.com Latest security updates (.i586.rpm is the binary package, .src.rpm is the source package - md5sum is given for all packages): * imwheel --------- A security bug was found in imwheel; the bug can be exploited to provide local users with root access. Version 0.9.8 fixes this problem. Please upgrade (manually or with MandrakeUpdate) to: Mandrake 7.0: 854fa68b384b28dbafeb298faeb67310 imwheel-0.9.8-1mdk.i586.rpm f5d52736bacb9f4c2d40df8cedcdbecb imwheel-0.9.8-1mdk.src.rpm This bug doesn't affect older versions of Linux-Mandrake. * gpm ----- A security bug was found in gpm; the bug can be exploited to provide local users with root access. Please upgrade to: Mandrake 6.0: 84573040f5d23e11e62e921bb9db04df gpm-1.19.1-3mdk.i586.rpm 613df6a46c236b6ac02acc56815362ac gpm-1.19.1-3mdk.src.rpm Mandrake 6.1: b9935537b2b7fa56de2ae464fbeb4b6e gpm-1.19.1-3mdk.i586.rpm 70daf482944c2c946645e149d968a648 gpm-1.19.1-3mdk.src.rpm Mandrake 7.0: 5df3ff53026912b679d1810e88828ff7 gpm-1.19.1-2mdk.i586.rpm 1a5b168c186a52fac7c62ddeace5212c gpm-1.19.1-2mdk.src.rpm * openldpap: ----------- Mandrake 7.0: OpenLDAP follows symbolic links when creating files. The default location for these files is /usr/tmp, which is a symlink to /tmp, which in turn is a world-writable directory. Local users can destroy the contents of any file on any mounted filesystem. Please upgrade to: e15137088145d315952586f1ad6330ef openldap-1.2.9-5mdk.i586.rpm 0807d4c34bf6cec47fede3cf7c2572c5 openldap-1.2.9-5mdk.src.rpm This bug doesn't affect older versions of Linux-Mandrake. -- < Gael DUVAL - gduval@mandrakesoft.com > < http://www.mandrake.com >