Package name
Advisory ID
Affected versions
7.2 i586

Problem description

Ben Collins identified a temporary file race in the Utah-glx component of the Mesa package which affects Linux-Mandrake 7.2. The /tmp/glxmemory file is created by Utah-glx and because it is not created securely could be used in a symlink attack which allows files to be overwritten the next time the X server is started.

Updated packages

7.2 i586

 d75f85f30af6c8fb57938b76323067ce  7.2/RPMS/Mesa-3.3-14.1mdk.i586.rpm
1a8bddaf0f26c5d1caa5c3af44d1c108  7.2/RPMS/Mesa-common-3.3-14.1mdk.i586.rpm
ffd886a66f866faaf9ae0b7402644cde  7.2/RPMS/Mesa-common-devel-3.3-14.1mdk.i586.rpm
c9f32276cd54d8772c31afba619bf856  7.2/RPMS/Mesa-demos-3.3-14.1mdk.i586.rpm
593a5bb2a4d51460727f3affb0a78fdd  7.2/SRPMS/Mesa-3.3-14.1mdk.src.rpm