Mandrake alert: Updated gkrellm packages fix remote arbitrary code executeion vulnerability

Posted by dave on Aug 28, 2003 9:16 PM EDT
Mailing list
Mail this story
Print this story

A buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           gkrellm
Advisory ID:            MDKSA-2003:087
Date:                   August 28th, 2003

Affected versions:	9.1
________________________________________________________________________

Problem Description:

 A buffer overflow was discovered in gkrellmd, the server component of
 the gkrellm monitor package, in versions of gkrellm 2.1.x prior to
 2.1.14.  This buffer overflow occurs while reading data from connected
 gkrellm clients and can lead to possible arbitrary code execution as
 the user running the gkrellmd server.
 
 Updated packages are available for Mandrake Linux 9.1 which correct the
 problem.
________________________________________________________________________

References:
________________________________________________________________________

Updated Packages:
  
 Mandrake Linux 9.1:
 c02f29d80835be10c7474f7ecd1437ef  9.1/RPMS/gkrellm-2.1.7a-2.2mdk.i586.rpm
 293591b66fa463f69a554ac2efcb1940  9.1/RPMS/gkrellm-devel-2.1.7a-2.2mdk.i586.rpm
 a7b3793b971fef4865ba83d93b055b82  9.1/RPMS/gkrellm-server-2.1.7a-2.2mdk.i586.rpm
 a3d8c546650754a5d69569a88d35782b  9.1/SRPMS/gkrellm-2.1.7a-2.2mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 411b6128256554b16c3beeb53bbae224  ppc/9.1/RPMS/gkrellm-2.1.7a-2.2mdk.ppc.rpm
 257691a20effd147d53d1dd9d93a12dd  ppc/9.1/RPMS/gkrellm-devel-2.1.7a-2.2mdk.ppc.rpm
 073b0b1f3d5b1b91776b7769bee8550c  ppc/9.1/RPMS/gkrellm-server-2.1.7a-2.2mdk.ppc.rpm
 a3d8c546650754a5d69569a88d35782b  ppc/9.1/SRPMS/gkrellm-2.1.7a-2.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/TuHKmqjQ0CJFipgRAildAJ4soArEhuVkqMztk9RYfCa5ozlRVgCfe9UA
P1l5dwePZ0Mv3JmTOwBN6uM=
=V/tb
-----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Mandriva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.