Mandriva 1273 Published by

Updated hylafax packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: hylafax
Advisory ID: MDKSA-2005:006
Date: January 12th, 2005

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system.

The updated packages are provided to prevent this issue. Note that the packages included with Corporate Server 2.1 do not require this fix.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1182
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
ee579763c8d03a6700ed952b9ccec832 10.0/RPMS/hylafax-4.1.8-2.1.100mdk.i586.rpm
342f2d7f890f2b31ef689eb0a308dee4 10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.i586.rpm
998f0ad4665e364c607fae0d87bf6e63 10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.i586.rpm
5113375fd58490f64f6b5c0293780a79 10.0/RPMS/libhylafax4.1.1-4.1.8-2.1.100mdk.i586.rpm
996a95af88ca9ab77371448957b7271f 10.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.1.100mdk.i586.rpm
3530b9962aa58309aa59c1fd355d23ac 10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8b37c55f1eaadd9c4a0645c43b4ad25c amd64/10.0/RPMS/hylafax-4.1.8-2.1.100mdk.amd64.rpm
cb3290ee2bf666ed51e427e59829459d amd64/10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.amd64.rpm
05451b45a4036f314933d15b755ea8d7 amd64/10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.amd64.rpm
35310391ebce8f0a4085ed6b7d2ccd04 amd64/10.0/RPMS/lib64hylafax4.1.1-4.1.8-2.1.100mdk.amd64.rpm
d1b71635033b9e72c86057a0f156c544 amd64/10.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.1.100mdk.amd64.rpm
3530b9962aa58309aa59c1fd355d23ac amd64/10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
2cbc9e6bd58daf7d2d15f6091416ca23 10.1/RPMS/hylafax-4.2.0-1.1.101mdk.i586.rpm
80cf2d108124ebab09f2d92ffd3e2391 10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.i586.rpm
b4e98805f61130b91b5cc98ba886af89 10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.i586.rpm
5afec8caa3b77932c27d032e21a0eeed 10.1/RPMS/libhylafax4.2.0-4.2.0-1.1.101mdk.i586.rpm
e5aafca41da67cacdef699983d81f3f0 10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.1.101mdk.i586.rpm
1fae0a459f3dce423c904ab262921cba 10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ccfce91efcd9e16651a6bb2995a2cc78 x86_64/10.1/RPMS/hylafax-4.2.0-1.1.101mdk.x86_64.rpm
6fd803abc59ec7d04f289d3aca50bd25 x86_64/10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.x86_64.rpm
b7ee9463f3bdf38fa1c1f5271d1d4022 x86_64/10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.x86_64.rpm
394b51eaef66c424ce9d448dd4ab237e x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.1.101mdk.x86_64.rpm
75fbf7eb72ba172e204612580e58b2f1 x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.1.101mdk.x86_64.rpm
1fae0a459f3dce423c904ab262921cba x86_64/10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com