[Mandriva] Schwachstelle in iproute2 – MDVSA-2011:135

[Mandriva] Schwachstelle in iproute2 - MDVSA-2011:135

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Advisory von Mandriva Security. Wir
geben diese Informationen unveraendert an Sie weiter.

MDVSA-2011:135 – Falsch gebautes Paket iproute2

Das Paket iproute2 in Mandriva wurde nicht mit der aktuellen Version der
iptables Bibliothek gebaut. Die aktuelle Version von iproute2 kann ein
bestimmtes Interface in der iptables Bibliothek mit falschen Argumenten
verwenden.

Betroffen sind die folgenden Software Pakete und Plattformen:

Paket iproute2

Mandriva Linux 2011
Mandriva Linux 2011/X86_64

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Torsten Voss

– —

Dipl.-Ing.(FH) Torsten Voss (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:135
http://www.mandriva.com/security/
_______________________________________________________________________

Package : iproute2
Date : September 23, 2011
Affected: 2011.
_______________________________________________________________________

Problem Description:

It was discovered that the iproute2 package was not rebuilt against
the latest iptables libraries.

This may have security issues, as the current iproute2 should
be calling an interface in the iptables libraries with incorrect
arguments.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
fe7189f36c5f724c11f8e7e4f9e7d238 2011/i586/iproute2-2.6.38-3.1-mdv2011.0.i586.rpm
2fde0c0bd68b03c8458b463053c451c5 2011/i586/iproute2-doc-2.6.38-3.1-mdv2011.0.i586.rpm
0a9a2f7eaad02a38fd41c63dad279bfb 2011/i586/libiproute2-static-devel-2.6.38-3.1-mdv2011.0.i586.rpm
3ffe7652a44efcc4d3ba14c509037aa6 2011/SRPMS/iproute2-2.6.38-3.1.src.rpm

Mandriva Linux 2011/X86_64:
0efa85c687c7533c75e8bd7b695ae4cd 2011/x86_64/iproute2-2.6.38-3.1-mdv2011.0.x86_64.rpm
9a51fd680c6306450b6ea5f3908aae4f 2011/x86_64/iproute2-doc-2.6.38-3.1-mdv2011.0.x86_64.rpm
d34b9c9428d757382df0e75310739d29 2011/x86_64/lib64iproute2-static-devel-2.6.38-3.1-mdv2011.0.x86_64.rpm
3ffe7652a44efcc4d3ba14c509037aa6 2011/SRPMS/iproute2-2.6.38-3.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

– —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOfA6KmqjQ0CJFipgRAjkMAJ9xdLXa42gMCty31tVFJkmEPBU2awCg8+UR
VsxGiSzM13W6s4ntxpnLPyg=
=2XaB
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)

iQEcBAEBAgAGBQJOgdOWAAoJEJtyb8U7iGZBaBMH/3lQYHofBmbwgFwanXK7LN3Z
fdAl1gsg3Xa48Vfiq3KW7/iyNKUhgxVzWJLnAiYMeJaffQ347Kx4DBnXrgaHpClB
anVNGct65qn8cpy8KNvt7pYxj6eJKMaXZEo838kRjpRHVi9x8yZ1C0d5ltlRmlzK
EV+r4jCFZ5pSso0tVJkPLnCfawV463+OwovSV3PYMZ0R+Vk6CuOvwI9mThLx38bt
tbsSh2fbVXG4MWYeOzL+kPrlVjkW1EutvotEzxWCrEmhxZXgH4o+QbHVSJhjMVj5
3xFvnD3X2Q7A588AVi5Kq1o/LZpItSXIwEpv21myHNCzy2vVWo8podDdy927Wtw=
=Nafm
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben