From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: bugtraq@securityfocus.com
Subject: MDKSA-2005:006 - Updated hylafax packages fix vulnerability
Message-Id: <E1CoyWn-0008IG-6K@updates.mandrakesoft.com.>
Date: Wed, 12 Jan 2005 23:32:17 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: hylafax
Advisory ID: MDKSA-2005:006
Date: January 12th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
Patrice Fournier discovered a vulnerability in the authorization
sub-system of hylafax. A local or remote user guessing the contents
of the hosts.hfaxd database could gain unauthorized access to the
fax system.
The updated packages are provided to prevent this issue. Note that
the packages included with Corporate Server 2.1 do not require this
fix.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1182
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
ee579763c8d03a6700ed952b9ccec832 10.0/RPMS/hylafax-4.1.8-2.1.100mdk.i586.rpm
342f2d7f890f2b31ef689eb0a308dee4 10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.i586.rpm
998f0ad4665e364c607fae0d87bf6e63 10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.i586.rpm
5113375fd58490f64f6b5c0293780a79 10.0/RPMS/libhylafax4.1.1-4.1.8-2.1.100mdk.i586.rpm
996a95af88ca9ab77371448957b7271f 10.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.1.100mdk.i586.rpm
3530b9962aa58309aa59c1fd355d23ac 10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
8b37c55f1eaadd9c4a0645c43b4ad25c amd64/10.0/RPMS/hylafax-4.1.8-2.1.100mdk.amd64.rpm
cb3290ee2bf666ed51e427e59829459d amd64/10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.amd64.rpm
05451b45a4036f314933d15b755ea8d7 amd64/10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.amd64.rpm
35310391ebce8f0a4085ed6b7d2ccd04 amd64/10.0/RPMS/lib64hylafax4.1.1-4.1.8-2.1.100mdk.amd64.rpm
d1b71635033b9e72c86057a0f156c544 amd64/10.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.1.100mdk.amd64.rpm
3530b9962aa58309aa59c1fd355d23ac amd64/10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm
Mandrakelinux 10.1:
2cbc9e6bd58daf7d2d15f6091416ca23 10.1/RPMS/hylafax-4.2.0-1.1.101mdk.i586.rpm
80cf2d108124ebab09f2d92ffd3e2391 10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.i586.rpm
b4e98805f61130b91b5cc98ba886af89 10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.i586.rpm
5afec8caa3b77932c27d032e21a0eeed 10.1/RPMS/libhylafax4.2.0-4.2.0-1.1.101mdk.i586.rpm
e5aafca41da67cacdef699983d81f3f0 10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.1.101mdk.i586.rpm
1fae0a459f3dce423c904ab262921cba 10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
ccfce91efcd9e16651a6bb2995a2cc78 x86_64/10.1/RPMS/hylafax-4.2.0-1.1.101mdk.x86_64.rpm
6fd803abc59ec7d04f289d3aca50bd25 x86_64/10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.x86_64.rpm
b7ee9463f3bdf38fa1c1f5271d1d4022 x86_64/10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.x86_64.rpm
394b51eaef66c424ce9d448dd4ab237e x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.1.101mdk.x86_64.rpm
75fbf7eb72ba172e204612580e58b2f1 x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.1.101mdk.x86_64.rpm
1fae0a459f3dce423c904ab262921cba x86_64/10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB5hXxmqjQ0CJFipgRAsKAAJ9BQXhAKBLMQ9rBpe+OfRpNGonKKgCg2NaN
kQcWe5+upOq+jtr7PT1q6NM=
=eiBI
-----END PGP SIGNATURE-----
