Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Linux-Mandrake Security Update Advisory

Linux-Mandrake Security Update Advisory

by phiber on March 8th, 2001 Several potential buffer overflows in the ePerl package have been found by Fumitoshi Ukai and Denis Barbier. When eperl is installed setuid root, it can switch to the UID/GID of the script's owner. Although Linux-Mandrake does not ship the program setuid root, this is a useful feature which some users may have activated locally on their own. There is also the potential for a remote vulnerability as well.




Solution:


Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:

rpm --checksig package.rpm

You can get the GPG public key of the Linux-Mandrake Security Team at

http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS

If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.


URLs are available in the whole advisory

Download the whole advisory

Visit Mandrake Security


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »