Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <security <at> mandriva.com>
Subject: [ MDVSA-2009:345 ] acl
Newsgroups: gmane.linux.mandrake.security.announce
Date: Tuesday 29th December 2009 00:33:01 UTC (over 6 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:345
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : acl
 Date    : December 28, 2009
 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in acl:
 
 The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when
 running in recursive (-R) mode, follow symbolic links even when the
 --physical (aka -P) or -L option is specified, which might allow
 local users to modify the ACL for arbitrary files or directories via
 a symlink attack (CVE-2009-4411).
 
 This update provides a fix for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 85085eb1f2e217ac6db6819f36e590db 
2009.0/i586/acl-2.2.47-4.2mdv2009.0.i586.rpm
 d6850e7ee04d6e5d6c1e006148807f9a 
2009.0/i586/libacl1-2.2.47-4.2mdv2009.0.i586.rpm
 35ecb78e1345620c6640cbac8aca7cd0 
2009.0/i586/libacl-devel-2.2.47-4.2mdv2009.0.i586.rpm 
 2f3de3fef6add27f07d7536603daf96f 
2009.0/SRPMS/acl-2.2.47-4.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 44d4d3cffbdf3088681ba8eac294f405 
2009.0/x86_64/acl-2.2.47-4.2mdv2009.0.x86_64.rpm
 8b0918e159b2da664a762dab891bd322 
2009.0/x86_64/lib64acl1-2.2.47-4.2mdv2009.0.x86_64.rpm
 b984bbb26adc1f73d7ee010e351a5f6d 
2009.0/x86_64/lib64acl-devel-2.2.47-4.2mdv2009.0.x86_64.rpm 
 2f3de3fef6add27f07d7536603daf96f 
2009.0/SRPMS/acl-2.2.47-4.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 c3a02ac328bc96547b9157f68977c173 
2009.1/i586/acl-2.2.47-5.1mdv2009.1.i586.rpm
 674911bdf647ee4d30149bd32e417bb7 
2009.1/i586/libacl1-2.2.47-5.1mdv2009.1.i586.rpm
 62a1f6e00abd0da7174771b8d012a85b 
2009.1/i586/libacl-devel-2.2.47-5.1mdv2009.1.i586.rpm 
 f05c4e59f1772c729fafaac0294d57bc 
2009.1/SRPMS/acl-2.2.47-5.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 d7c7d4ad8c86b129097ab77d47b02d9e 
2009.1/x86_64/acl-2.2.47-5.1mdv2009.1.x86_64.rpm
 849241d3c01fe1854e5553af5bb22b4c 
2009.1/x86_64/lib64acl1-2.2.47-5.1mdv2009.1.x86_64.rpm
 0ca12919b3f2110c4be3c260fcfa8321 
2009.1/x86_64/lib64acl-devel-2.2.47-5.1mdv2009.1.x86_64.rpm 
 f05c4e59f1772c729fafaac0294d57bc 
2009.1/SRPMS/acl-2.2.47-5.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 c47933ef2dc3d89ebe614471b8ecb861 
2010.0/i586/acl-2.2.48-1.1mdv2010.0.i586.rpm
 45f7cc7ce0afcce08a0b0e02c2d76973 
2010.0/i586/libacl1-2.2.48-1.1mdv2010.0.i586.rpm
 d533e59fb185f5674944387aede52d4b 
2010.0/i586/libacl-devel-2.2.48-1.1mdv2010.0.i586.rpm 
 f17057a31d8f7f6f441dbc7ead634776 
2010.0/SRPMS/acl-2.2.48-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 71744500b8e325e09062acd221cad582 
2010.0/x86_64/acl-2.2.48-1.1mdv2010.0.x86_64.rpm
 bf7c769383b9cc736aa565261be57a33 
2010.0/x86_64/lib64acl1-2.2.48-1.1mdv2010.0.x86_64.rpm
 7f8a8db6720f0c8f18b0e5b22269929a 
2010.0/x86_64/lib64acl-devel-2.2.48-1.1mdv2010.0.x86_64.rpm 
 f17057a31d8f7f6f441dbc7ead634776 
2010.0/SRPMS/acl-2.2.48-1.1mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 78ed39a64acd0186365f86d484c01edd  mes5/i586/acl-2.2.47-4.2mdvmes5.i586.rpm
 5c6079223bbd9797175934347c3fc3bb 
mes5/i586/libacl1-2.2.47-4.2mdvmes5.i586.rpm
 a67beea2c129051e33bfa2ef2342c9ac 
mes5/i586/libacl-devel-2.2.47-4.2mdvmes5.i586.rpm 
 bbda0bedef0d52edb98a93ad62f256c2  mes5/SRPMS/acl-2.2.47-4.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 802538312a3c3ef0cf70411feaaf9f38 
mes5/x86_64/acl-2.2.47-4.2mdvmes5.x86_64.rpm
 5f48b77cb6c0fd2e4ae442b6e10f923e 
mes5/x86_64/lib64acl1-2.2.47-4.2mdvmes5.x86_64.rpm
 5042eb91ee69f76c34e4c340890e2e32 
mes5/x86_64/lib64acl-devel-2.2.47-4.2mdvmes5.x86_64.rpm 
 bbda0bedef0d52edb98a93ad62f256c2  mes5/SRPMS/acl-2.2.47-4.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLOSDdmqjQ0CJFipgRAvXNAKDip6+gvkNWkz6Fj1ed6cvEBGZRdgCfROOL
a3Es+T2rqHu6X3xp7bcEIig=
=SaC5
-----END PGP SIGNATURE-----
 
CD: 3ms