Support / Security / Advisories / Mandrakelinux 8.1 / MDKSA-2002:052

Package name: sharutils
Date: 2002-08-14
Advisory ID: MDKSA-2002:052
Affected versions: 8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.1 i586 , 7.2 i586

Problem description

The uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this vulnerability by checking to see if the destination output file is a symlink or pipe.

Updated packages

8.1 i586

 ab622e101d1fb45e70cb91f2d8095ceb  ia64/8.1/RPMS/sharutils-4.2.1-8.1mdk.ia64.rpm
cec98ba6349a7533873d1bbf7d77df92  ia64/8.1/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

SNF7.2 i586

 4f6cc4d34eb4383ac86b1f24d66b2609  snf7.2/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm
cec98ba6349a7533873d1bbf7d77df92  snf7.2/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

CS1.0 i586

 0cef090407766961c9cfbf39ae47cb4f  1.0.1/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm
cec98ba6349a7533873d1bbf7d77df92  1.0.1/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

8.1 i586

 b29aa6f0277acb8ec0322b0449a5d5cc  8.1/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm
cec98ba6349a7533873d1bbf7d77df92  8.1/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

8.0 i586

 73204916c2ddaaa35928aae097bf34a6  8.0/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm
cec98ba6349a7533873d1bbf7d77df92  8.0/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

8.2 i586

 933544c2edfed6f26eb5e6a9105dd3f1  8.2/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm
cec98ba6349a7533873d1bbf7d77df92  8.2/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

8.0 i586

 7d268cb972cba165ad00edb748280463  ppc/8.0/RPMS/sharutils-4.2.1-8.1mdk.ppc.rpm
cec98ba6349a7533873d1bbf7d77df92  ppc/8.0/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

8.2 i586

 9e9df329ac4933f1ee7e2a7a03e587c8  ppc/8.2/RPMS/sharutils-4.2.1-8.1mdk.ppc.rpm
cec98ba6349a7533873d1bbf7d77df92  ppc/8.2/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

7.1 i586

 0cef090407766961c9cfbf39ae47cb4f  7.1/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm
cec98ba6349a7533873d1bbf7d77df92  7.1/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

7.2 i586

 4f6cc4d34eb4383ac86b1f24d66b2609  7.2/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm
cec98ba6349a7533873d1bbf7d77df92  7.2/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm

MDKSA-2002:052

Problem description

Updated packages

8.1 i586

SNF7.2 i586

CS1.0 i586

8.1 i586

8.0 i586

8.2 i586

8.0 i586

8.2 i586

7.1 i586

7.2 i586

References