Support / Sécurité / Annonces de sécurité / Mandriva Linux 2009.1 / MDVSA-2010:106

Nom du paquet: aria2
Date: 2010-05-24
Advisory ID: MDVSA-2010:106
Affected versions: 2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

A vulnerability was discovered in aria2 which allows remote attackers
to create arbitrary files via directory traversal sequences in the
name attribute of a file element in a metalink file (CVE-2010-1512).

This update fixes this issue.

Packages for 2009.0 are provided as of the Extended Maintenance
Program.
Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Updated packages

2009.0 x86_64

 7aef880fdb7cf05f04d3e5ffec5a88b4  2009.0/x86_64/aria2-0.15.3-0.20080918.3.2mdv2009.0.x86_64.rpm 
 23fe7be66e5ab872ecd529d6b4adb333  2009.0/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm

MES5 i586

 44ff68b509e581bd4b7bccbb219b7d8d  mes5/i586/aria2-0.15.3-0.20080918.3.2mdvmes5.1.i586.rpm 
 378aa9a1713fe97bf4ad025b38a68c3b  mes5/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm

2010.0 x86_64

 19a28817e1009d43272161f72bdc1148  2010.0/x86_64/aria2-1.6.2-1.4mdv2010.0.x86_64.rpm 
 8750b5dc33e770d1c482a0816a6c117e  2010.0/SRPMS/aria2-1.6.2-1.4mdv2010.0.src.rpm

2010.0 i586

 36bc7a159d8c274e43a6ba0b9b5bd5cf  2010.0/i586/aria2-1.6.2-1.4mdv2010.0.i586.rpm 
 8750b5dc33e770d1c482a0816a6c117e  2010.0/SRPMS/aria2-1.6.2-1.4mdv2010.0.src.rpm

2009.1 i586

 defb85a38a22de997415c21d06e4a98f  2009.1/i586/aria2-1.2.0-0.20090201.5.3mdv2009.1.i586.rpm 
 604a90cb5d6c306c86a6d0eb9b408400  2009.1/SRPMS/aria2-1.2.0-0.20090201.5.3mdv2009.1.src.rpm

2009.0 i586

 5ea05c2ad0ae20f6e6ec2407d7ec687c  2009.0/i586/aria2-0.15.3-0.20080918.3.2mdv2009.0.i586.rpm 
 23fe7be66e5ab872ecd529d6b4adb333  2009.0/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm

2009.1 x86_64

 3438511cfd153c536d867bbfc0f77c28  2009.1/x86_64/aria2-1.2.0-0.20090201.5.3mdv2009.1.x86_64.rpm 
 604a90cb5d6c306c86a6d0eb9b408400  2009.1/SRPMS/aria2-1.2.0-0.20090201.5.3mdv2009.1.src.rpm

MES5 x86_64

 bd717edf887ab38d2e05e0b407eaa6bb  mes5/x86_64/aria2-0.15.3-0.20080918.3.2mdvmes5.1.x86_64.rpm 
 378aa9a1713fe97bf4ad025b38a68c3b  mes5/SRPMS/aria2-0.15.3-0.20080918.3.2mdv2009.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1512