Support / Security / Advisories / Mandriva Linux 2008.0 / MDVSA-2010:080

Package name: brltty
Date: 2010-04-17
Advisory ID: MDVSA-2010:080
Affected versions: 2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability has been found and corrected in brltty:

Untrusted search path vulnerability in libbrlttybba.so in brltty
3.7.2 allows local users to gain privileges via a crafted library,
related to an incorrect RPATH setting (CVE-2008-3279).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Updated packages

2008.0 i586

 38ac5a97f27b49c63ef2952f3816cc15  2008.0/i586/brltty-3.7.2-6.1mdv2008.0.i586.rpm
 4d070472b72553b4a865ab1ae33981ff  2008.0/i586/libbrlapi0.4.1_0-3.7.2-6.1mdv2008.0.i586.rpm
 c5ce1bd11292fb412381722df95f832b  2008.0/i586/libbrlapi0.4.1_0-devel-3.7.2-6.1mdv2008.0.i586.rpm 
 448e0cb99dcc2b4eaf233984916f0c42  2008.0/SRPMS/brltty-3.7.2-6.1mdv2008.0.src.rpm

2008.0 x86_64

 c0a72ca4d4ce74bcaa1c50b19021cf5f  2008.0/x86_64/brltty-3.7.2-6.1mdv2008.0.x86_64.rpm
 25ed9a9d84c7d1167173dbc90aec7a04  2008.0/x86_64/lib64brlapi0.4.1_0-3.7.2-6.1mdv2008.0.x86_64.rpm
 639031c15775b232c2afe6b9358a9fde  2008.0/x86_64/lib64brlapi0.4.1_0-devel-3.7.2-6.1mdv2008.0.x86_64.rpm 
 448e0cb99dcc2b4eaf233984916f0c42  2008.0/SRPMS/brltty-3.7.2-6.1mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3279