[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2011:034 ] banshee



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:034
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : banshee
 Date    : February 21, 2011
 Affected: 2009.0, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in banshee:
 
 The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and
 earlier place a zero-length directory name in the LD_LIBRARY_PATH,
 which allows local users to gain privileges via a Trojan horse shared
 library in the current working directory (CVE-2010-3998).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3998
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 3bb68f7fec533d24982491f89b2f35c7  
2009.0/i586/banshee-1.2.1-6.2mdv2009.0.i586.rpm
 77777585c8ff33baf49c9a4c9edd1168  
2009.0/i586/banshee-doc-1.2.1-6.2mdv2009.0.i586.rpm
 8f7032b1da92e39d419acc1fc93cd6f2  
2009.0/i586/banshee-ipod-1.2.1-6.2mdv2009.0.i586.rpm
 da5fc07698b086e7e5773397256aeab7  
2009.0/i586/banshee-mtp-1.2.1-6.2mdv2009.0.i586.rpm 
 48427574d8e66a51aa4eaa824e7aadd3  
2009.0/SRPMS/banshee-1.2.1-6.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 c43f1984d3e2051f497568ce21cba63d  
2009.0/x86_64/banshee-1.2.1-6.2mdv2009.0.x86_64.rpm
 568846c7af0470bdfb17ff3cffa441b5  
2009.0/x86_64/banshee-doc-1.2.1-6.2mdv2009.0.x86_64.rpm
 1852da041a455daf2b9b1fd2efee11a1  
2009.0/x86_64/banshee-ipod-1.2.1-6.2mdv2009.0.x86_64.rpm
 7a75e047fb376aba4885777e762320aa  
2009.0/x86_64/banshee-mtp-1.2.1-6.2mdv2009.0.x86_64.rpm 
 48427574d8e66a51aa4eaa824e7aadd3  
2009.0/SRPMS/banshee-1.2.1-6.2mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 606e221f10ec4761a41f7daac57c8aa5  
2010.0/i586/banshee-1.5.1-2.1mdv2010.0.i586.rpm
 e171339a09067d149a4e03217dbc5709  
2010.0/i586/banshee-doc-1.5.1-2.1mdv2010.0.i586.rpm
 6d3298694dfbcb4b153c8e3dad050b93  
2010.0/i586/banshee-ipod-1.5.1-2.1mdv2010.0.i586.rpm
 97699494f1888ac878938e1942ebdc66  
2010.0/i586/banshee-karma-1.5.1-2.1mdv2010.0.i586.rpm
 ff88670743e47fb360223164ada17214  
2010.0/i586/banshee-mtp-1.5.1-2.1mdv2010.0.i586.rpm 
 adca19cb11040e0a98a9cc0485222675  
2010.0/SRPMS/banshee-1.5.1-2.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 5f8df9b4f469be08a57eb39fc177a4d3  
2010.0/x86_64/banshee-1.5.1-2.1mdv2010.0.x86_64.rpm
 f55e78967d9830882825c7b42f3d0bce  
2010.0/x86_64/banshee-doc-1.5.1-2.1mdv2010.0.x86_64.rpm
 ea500cc72334cfbbe171d4b038df1853  
2010.0/x86_64/banshee-ipod-1.5.1-2.1mdv2010.0.x86_64.rpm
 b2ad6dbc64fb33db88854e2f079f33e4  
2010.0/x86_64/banshee-karma-1.5.1-2.1mdv2010.0.x86_64.rpm
 b1924cdf119d333b4813c51a9519a037  
2010.0/x86_64/banshee-mtp-1.5.1-2.1mdv2010.0.x86_64.rpm 
 adca19cb11040e0a98a9cc0485222675  
2010.0/SRPMS/banshee-1.5.1-2.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 ec99b15d4bde9910cc154ad6d425086a  
2010.1/i586/banshee-1.6.0-6.1mdv2010.2.i586.rpm
 8caa8fe94aeea27f72e332caae1a01a8  
2010.1/i586/banshee-doc-1.6.0-6.1mdv2010.2.i586.rpm
 31ed6800bb2d6db4aac70cb6b59e31ee  
2010.1/i586/banshee-ipod-1.6.0-6.1mdv2010.2.i586.rpm
 75696680b42f44e68c7201cb0ee7736a  
2010.1/i586/banshee-karma-1.6.0-6.1mdv2010.2.i586.rpm
 ae27cd9821d238b2c6750aeefadf9c55  
2010.1/i586/banshee-mtp-1.6.0-6.1mdv2010.2.i586.rpm 
 1d6e23d304ced2c7ad93841f8ec35a3a  
2010.1/SRPMS/banshee-1.6.0-6.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 d79b1abfc29c8fd31b54ba46ea5d45dc  
2010.1/x86_64/banshee-1.6.0-6.1mdv2010.2.x86_64.rpm
 ad785eb694eb870a279079b19a832662  
2010.1/x86_64/banshee-doc-1.6.0-6.1mdv2010.2.x86_64.rpm
 7495bd4cfe1db1e2cbc1e9aaf0892bad  
2010.1/x86_64/banshee-ipod-1.6.0-6.1mdv2010.2.x86_64.rpm
 71b24b5fa44ca81d1658fcf1e84b020c  
2010.1/x86_64/banshee-karma-1.6.0-6.1mdv2010.2.x86_64.rpm
 384f0ced2db50f1a1325fe805e314950  
2010.1/x86_64/banshee-mtp-1.6.0-6.1mdv2010.2.x86_64.rpm 
 1d6e23d304ced2c7ad93841f8ec35a3a  
2010.1/SRPMS/banshee-1.6.0-6.1mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNYpKnmqjQ0CJFipgRAqKCAKCYfMLV4sasJ/Iv282sESGeonkFyQCeLO2r
Os02aXkQmhMZhsMtMBXM1Q4=
=2ImD
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/