Mandriva 1273 Published by

Updated rsh packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: rsh
Advisory ID: MDKSA-2005:100
Date: June 14th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server.

The updated packages have been patched to correct this problem.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
5e6f513e437cc9a5a619f323509ca58a 10.0/RPMS/rsh-0.17-13.1.100mdk.i586.rpm
aec49c478c37577b6fd795bd9bb4ba67 10.0/RPMS/rsh-server-0.17-13.1.100mdk.i586.rpm
259dcd458b33d1de12d172e876366165 10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
fd2d00b91971f0b137696c0ca256b94a amd64/10.0/RPMS/rsh-0.17-13.1.100mdk.amd64.rpm
81fffa62d628599cee1f7b590ae4c38e amd64/10.0/RPMS/rsh-server-0.17-13.1.100mdk.amd64.rpm
259dcd458b33d1de12d172e876366165 amd64/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

Mandrakelinux 10.1:
de740985b0e213128f8639e3af831b5e 10.1/RPMS/rsh-0.17-13.1.101mdk.i586.rpm
ff6873ae461a9a12e6a2aeee30a80aa0 10.1/RPMS/rsh-server-0.17-13.1.101mdk.i586.rpm
2a5d801cdedfa0b0b588d340b79c9473 10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
716ae1dc777924d462d9c502238bda9e x86_64/10.1/RPMS/rsh-0.17-13.1.101mdk.x86_64.rpm
23ea2409d82a32918e5e132d8e1fff90 x86_64/10.1/RPMS/rsh-server-0.17-13.1.101mdk.x86_64.rpm
2a5d801cdedfa0b0b588d340b79c9473 x86_64/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

Mandrakelinux 10.2:
381a2b0e1418a14b618030f27ac445ea 10.2/RPMS/rsh-0.17-13.1.102mdk.i586.rpm
d750e7ffcf28e7530e19a294ca9d6bc7 10.2/RPMS/rsh-server-0.17-13.1.102mdk.i586.rpm
1b576319abe603cfaa12d8ee3e314b0d 10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
7d9fd388f7fefa1e454b9d938befcfdc x86_64/10.2/RPMS/rsh-0.17-13.1.102mdk.x86_64.rpm
decb83a56d54b9d6310f4e1f2aefe555 x86_64/10.2/RPMS/rsh-server-0.17-13.1.102mdk.x86_64.rpm
1b576319abe603cfaa12d8ee3e314b0d x86_64/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

Corporate Server 2.1:
a63459af04b29923eff1606742eb9ce4 corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.i586.rpm
b655300455ec6bd0fb8c782cfbcbe281 corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.i586.rpm
c828642735f509a405e4582b9f6f3a29 corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
14219e4f9ada6336f7b26a86881942e2 x86_64/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.x86_64.rpm
c32ccf5751017c29817fdd485c489f4b x86_64/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.x86_64.rpm
c828642735f509a405e4582b9f6f3a29 x86_64/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

Corporate 3.0:
b20aa1eb70c7bfc006c0c946601c9596 corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.i586.rpm
7ae577ac25ff29385f99516abd79baaf corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.i586.rpm
c6fac5847bb6c80b8c92a22750d1c438 corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
37a7576122ea4001257e11d034100c28 x86_64/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.x86_64.rpm
f7e9c14163f5a56b29fc2b17ae172bfb x86_64/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.x86_64.rpm
c6fac5847bb6c80b8c92a22750d1c438 x86_64/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com