Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23122
HistoryJan 26, 2010 - 12:00 a.m.

[ MDVSA-2010:024 ] coreutils

2010-01-2600:00:00
vulners.com
10
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2010:024
http://www.mandriva.com/security/

Package : coreutils
Date : January 23, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0

Problem Description:

A vulnerability were discovered and corrected in coreutils:

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through
8.1 allows local users to gain privileges via a symlink attack on a
file in a directory tree under /tmp (CVE-2009-4135).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4135

Updated Packages:

Mandriva Linux 2008.0:
bbc5a0b5bfae7d1da7b497b40082dcc6 2008.0/i586/coreutils-6.9-5.1mdv2008.0.i586.rpm
4b41bae490d2c668412e6ab78676074e 2008.0/i586/coreutils-doc-6.9-5.1mdv2008.0.i586.rpm
ceec0934e3ebe1816d55667c507008c6 2008.0/SRPMS/coreutils-6.9-5.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
5105b28b38878f141247d8b408467c4d 2008.0/x86_64/coreutils-6.9-5.1mdv2008.0.x86_64.rpm
c9ddaa4146fceabf6224e4bbc7b5b214 2008.0/x86_64/coreutils-doc-6.9-5.1mdv2008.0.x86_64.rpm
ceec0934e3ebe1816d55667c507008c6 2008.0/SRPMS/coreutils-6.9-5.1mdv2008.0.src.rpm

Mandriva Linux 2009.0:
8c41d3f3f45657996085945a05a3ee1d 2009.0/i586/coreutils-6.12-2.5mdv2009.0.i586.rpm
1f01c000f74cca3d8ea80c80a5e77a77 2009.0/i586/coreutils-doc-6.12-2.5mdv2009.0.i586.rpm
c0bfeba1f8803e84b0f19eda2dbcfc70 2009.0/SRPMS/coreutils-6.12-2.5mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
8d3fa8cf346205047b200e75e71a0f3b 2009.0/x86_64/coreutils-6.12-2.5mdv2009.0.x86_64.rpm
65f4ba201e1073044a5683ab5528f591 2009.0/x86_64/coreutils-doc-6.12-2.5mdv2009.0.x86_64.rpm
c0bfeba1f8803e84b0f19eda2dbcfc70 2009.0/SRPMS/coreutils-6.12-2.5mdv2009.0.src.rpm

Mandriva Linux 2009.1:
677a2e51fc24b865f50a9d246c3c47b6 2009.1/i586/coreutils-7.1-2.1mdv2009.1.i586.rpm
6ef52ebd79e343dd900c949efb2a72c1 2009.1/i586/coreutils-doc-7.1-2.1mdv2009.1.i586.rpm
ea99205731c07360b5ba655ee3bbc3de 2009.1/SRPMS/coreutils-7.1-2.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
8d76e1e624c9c741569bb8e063cca8ab 2009.1/x86_64/coreutils-7.1-2.1mdv2009.1.x86_64.rpm
83a9d3e31bce5e465b84a730a6ff1fab 2009.1/x86_64/coreutils-doc-7.1-2.1mdv2009.1.x86_64.rpm
ea99205731c07360b5ba655ee3bbc3de 2009.1/SRPMS/coreutils-7.1-2.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
a5595b72c83ada96d02a77ab8f899f44 2010.0/i586/coreutils-7.5-2.1mdv2010.0.i586.rpm
cd3dd55d6071824c2ea70633ab222979 2010.0/i586/coreutils-doc-7.5-2.1mdv2010.0.i586.rpm
ff13b7700b3c2133968e8910ea09911f 2010.0/SRPMS/coreutils-7.5-2.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
1b6e4154b358a5876ed80af38e8e978a 2010.0/x86_64/coreutils-7.5-2.1mdv2010.0.x86_64.rpm
9608a2886c7ef707b1df4183b894b3b4 2010.0/x86_64/coreutils-doc-7.5-2.1mdv2010.0.x86_64.rpm
ff13b7700b3c2133968e8910ea09911f 2010.0/SRPMS/coreutils-7.5-2.1mdv2010.0.src.rpm

Corporate 4.0:
09f9564f73c38994f7b7b86d817285f8 corporate/4.0/i586/coreutils-5.2.1-8.1.20060mlcs4.i586.rpm
7e5005893e4a2727e53fceb19db6ff8c
corporate/4.0/i586/coreutils-doc-5.2.1-8.1.20060mlcs4.i586.rpm
0d9aad80fdd05f2eeffa7678b71f4aac corporate/4.0/SRPMS/coreutils-5.2.1-8.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
403f7d811c4c9b8822f0ab3f7cff683d
corporate/4.0/x86_64/coreutils-5.2.1-8.1.20060mlcs4.x86_64.rpm
224927bf18cb5418b47d846b104bb34b
corporate/4.0/x86_64/coreutils-doc-5.2.1-8.1.20060mlcs4.x86_64.rpm
0d9aad80fdd05f2eeffa7678b71f4aac corporate/4.0/SRPMS/coreutils-5.2.1-8.1.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
f877e344eb0908e073c3a854d12cadec mes5/i586/coreutils-6.12-2.5mdvmes5.i586.rpm
d0cede58c64e7ff6d78dfef11276cec2 mes5/i586/coreutils-doc-6.12-2.5mdvmes5.i586.rpm
f219918d16c0498311dcccc1a486b282 mes5/SRPMS/coreutils-6.12-2.5mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
6286996ffa27c4606fe018ee4a686b76 mes5/x86_64/coreutils-6.12-2.5mdvmes5.x86_64.rpm
697ae5dbe6e1bf0b47bf84c0c0fa1c21 mes5/x86_64/coreutils-doc-6.12-2.5mdvmes5.x86_64.rpm
f219918d16c0498311dcccc1a486b282 mes5/SRPMS/coreutils-6.12-2.5mdvmes5.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLW00hmqjQ0CJFipgRAu+bAJ9kS1wAIZdkXX/xB+FHsOtsT5pjCQCgwEgZ
FMFfLQUZs/exqLplc3bpiw0=
=HBft
-----END PGP SIGNATURE-----

Related

nessus 4
fedora 2
openvas 7
seebug 1
cve 1
ubuntucve 1
securityvulns 2
prion 1
debiancve 1
ubuntu 1
nessus
nessus
Fedora 11 : coreutils-7.2-5.fc11 (2009-13216)
2009-12-18 00:00:00
Fedora 12 : coreutils-7.6-8.fc12 (2009-13181)
2009-12-18 00:00:00
Mandriva Linux Security Advisory : coreutils (MDVSA-2010:024)
2010-01-25 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: coreutils-7.2-5.fc11
2009-12-18 04:24:19
[SECURITY] Fedora 12 Update: coreutils-7.6-8.fc12
2009-12-18 04:28:37
openvas
openvas
Fedora Core 11 FEDORA-2009-13216 (coreutils)
2009-12-30 00:00:00
Mandriva Update for coreutils MDVSA-2010:024 (coreutils)
2010-01-25 00:00:00
Fedora Core 12 FEDORA-2009-13181 (coreutils)
2009-12-30 00:00:00
seebug
seebug
GNU Coreutilsไธๅฎ‰ๅ…จไธดๆ—ถๆ–‡ไปถๅปบ็ซ‹ๆผๆดž
2009-12-14 00:00:00
cve
cve
CVE-2009-4135
2009-12-11 16:30:00
ubuntucve
ubuntucve
CVE-2009-4135
2009-12-11 00:00:00
securityvulns
securityvulns
GNU coreutils symbolic links vulnerability
2010-01-26 00:00:00
[USN-2473-1] coreutils vulnerabilities
2015-01-19 00:00:00
prion
prion
Arbitrary file deletion
2009-12-11 16:30:00
debiancve
debiancve
CVE-2009-4135
2009-12-11 16:30:00
ubuntu
ubuntu
coreutils vulnerabilities
2015-01-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:23122
nessus4fedora2openvas7seebug1cve1ubuntucve1securityvulns2prion1debiancve1ubuntu1