Support / Security / Advisories / Mandrakelinux 7.0 / MDKSA-2000:034

Package name: MandrakeUpdate
Date: 2000-08-12
Advisory ID: MDKSA-2000:034
Affected versions: 6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

There is a possible race condition in MandrakeUpdate that has the potential for users to tamper with RPMs downloaded by MandrakeUpdate prior to them being installed. This is due to files being stored in the /tmp directory. This is a very low security-risk as most servers that provide user logins shouldn't be using MandrakeUpdate. These updated versions provide a fix for the problem by using /root/tmp instead of /tmp.

Updated packages

6.1 i586

 7a98b1aae4c89bb6685d5684aa5389bd  6.1/RPMS/MandrakeUpdate-6.1-4mdk.i586.rpm
bbd2772b962965231dde2cebc16697ad  6.1/RPMS/grpmi-0.9-4mdk.i586.rpm
6058a51ae41c4f8ab4827ecd298d15af  6.1/SRPMS/MandrakeUpdate-6.1-4mdk.src.rpm

6.0 i586

 ab5f320ff86ad0fa83e43d037683223f  6.0/RPMS/MandrakeUpdate-6.0-6mdk.i586.rpm
74dd6d4fc6992095610bdf7f87ce4fb0  6.0/RPMS/grpmi-0.9-6mdk.i586.rpm
4cbb0acfe62dc80f0a092e3103c74473  6.0/SRPMS/MandrakeUpdate-6.0-6mdk.src.rpm

7.0 i586

 0f47fd94502480cd323496fc2e4d3d38  7.0/RPMS/MandrakeUpdate-7.0-13mdk.i586.rpm
4f473666fbc0b99b0505c73042eaf73e  7.0/RPMS/grpmi-0.9-13mdk.i586.rpm
8e4daf4aff845feaca655f5d0d5739fd  7.0/SRPMS/MandrakeUpdate-7.0-13mdk.src.rpm

7.1 i586

 06be2f821dddae85207e2a3832fb32fc  7.1/RPMS/MandrakeUpdate-7.1-9mdk.i586.rpm
a15a682c20f484d5054b70b9c226861f  7.1/RPMS/grpmi-7.1-9mdk.i586.rpm
2cd78d22707aebeda6932daf40ff6c37  7.1/SRPMS/MandrakeUpdate-7.1-9mdk.src.rpm