NEW UPDATES MDK 9.1 !!

[nlinecomputers]

Tonight we have 3 updates. Only FTP servers updated TODAY (27 Jun 2003) will have these patches.List of all Mandrake FTP update servers is here. Mandrake Linux Update Advisory Package name: xfsprogsAdvisory ID: MDKA-2003:017Date: June 27th, 2003Affected versions: 9.1Problem Description: The XFS-related tools (xfsprogs, xfsdump, acl, and attr) released with Mandrake Linux 9.1 were out-dated at release and were not the recommended versions to be used with the 2.4.20+ Linux kernel. This update brings all of the XFS-related tools up to date which provide better support for the XFS filesystem, fix bugs, and offer other enhancements. Link to this advisory. Mandrake Linux Security Update Advisory Package name: xpdfAdvisory ID: MDKSA-2003:071Date: June 27th, 2003Affected versions: 9.0, 9.1, Corporate Server 2.1Problem Description: Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document. Link to this advisory. Mandrake Linux Security Update Advisory Package name: ypservAdvisory ID: MDKSA-2003:072Date: June 27th, 2003Affected versions: 8.2, 9.0, Corporate Server 2.1Problem Description: A vulnerability was found in versions of ypserv prior to version 2.7. If a malicious client were to query ypserv via TCP and subsequently ignore the server's response, ypserv will block attempting to send the reply. The result is that ypserv will fail to respond to other client requests. ypserv 2.7 and above have been altered to fork a child for each client request, which prevents any one request from causing the server to block. Link to this advisory.

[quint]

Thanks, Nathan, will get it.

[teacher]

Quint, I guess if you run more than one distro, you have more updates to do. Nathan, thanks for the reminder to do an update!

[quint]

Quint, I guess if you run more than one distro, you have more updates to do. Nathan,  thanks for the reminder to do an update!

[teacher]

Quint, I guess if you run more than one distro, you have more updates to do. Nathan,  thanks for the reminder to do an update!

Love your smilies! Had to quote your post to find out where you found them!

[jong357]

I've always liked theese guys as well.....

[quint]

Quint, I guess if you run more than one distro, you have more updates to do. Nathan,  thanks for the reminder to do an update!

Love your smilies! Had to quote your post to find out where you found them!

Oh, Julia, do not think lowly of me...had to "pilfer" them, from websites far, far, away...

[teacher]

We don't pilfer on the Internet. We simply quote....... Is there such a thing as far, far, away here anyway?I was showing my neighbor a thread last night and had to explain that the responses were from Canada, Austrailia and Amsterdam. Sure makes our world pretty small.

[quint]

We don't pilfer on the Internet.  We simply quote.......  Is there such a thing as far, far, away here anyway?I was showing my neighbor a thread last night and had to explain that the responses were from Canada, Austrailia and Amsterdam.  Sure makes our world pretty small. 

Excellent point, as usual, Julia...thanks.

[Bruno]

Available on ALL mirrors now: ( even the ones that don´t get updated every day . . )libacl1-2.1.1-1.1mdklibattr1-2.1.1-1.1mdkxpdf-2.01-2.1mdkTotal 11MBB) Bruno

[quint]

Available on ALL mirrors now: ( even the ones that don´t get updated every day . .  )libacl1-2.1.1-1.1mdklibattr1-2.1.1-1.1mdkxpdf-2.01-2.1mdkTotal 11MBB) Bruno

Got 'em...thanks, Bruno.

[greengeek]

On dialup I can't keep up with all these updates so I don't do them, not for Windows either. All my OSs are running fine without them.

[Bruno]

Hi Joy,On dial up, your IP address does change every time you dial-in and the time on line is very limited, so the security patches are less important to you, only if you´re on line 24/7 and even more if you run a ( mail or web ) server the updates are vital. As for the bugfixes: If you have a system that runs fine, there is no real need to fix anything.More then half of the updates that are on the mirrors is for software that the majority of people do not even have on their ( home ) computer. ( If you ever really would need an update, there are special CDs available with the updates all together. ) Bruno

[Bruno]

Also on the ¨late-updated¨ mirrors:unzip-5.50-4.1mdkSize: 530 KBB) Bruno

[havnblast]

Mandrake Linux Advisory: kernel

Package name: kernelAdvisory ID: MDKSA-2003:074Date: July 15th, 2003Affected versions: 8.2, 9.0, Corporate Server 2.1, Multi Network Firewall 8.2

View Article

[quint]

Thank you, Kelly, will look into this further.

[quint]

Mandrake Linux Advisory: kernel

Package name: kernelAdvisory ID: MDKSA-2003:074Date: July 15th, 2003Affected versions: 8.2, 9.0, Corporate Server 2.1, Multi Network Firewall 8.2

View Article

Hi Kelly,Thanks again, for the "heads up"...and Boy! am I relieved, because my version (Mandrake 9.1) is not affected by this!!! I read over the advisory, and thought: Whew! I've escaped this one! Somehow a kernel upgrade or recompile, is not to my desire, when my Mandrake is running so well. Thanks again, Kelly...you are "right on the ball".

[havnblast]

That's good to hear quint, and I hear you on the recompiling of a Kernal - have not taken that step either. At least we have Bruno here to possibly give advice in the future

[quint]

That's good to hear quint, and I hear you on the recompiling of a Kernal - have not taken that step either.  At least we have Bruno here to possibly give advice in the future 

Am sure that Bruno would help, but I think (cannot speak for him), that he would first ask if there was a good reason for it. Have been reading alot about it, and may try it one day, as it fascinates me, but would only do it on a distro that I was not concerned about "trashing", and right now, none qualify. My system has been running pretty good, since finishing up on the new hdd...would like to try to keep it that way...at least for awhile.

[Bruno]

Sure, you brave guys . . . . . . go ahead . . . . . . . Configuring and Compiling the Kernel . . . . . oh, and maybe you will need this one as well: Re-install . . . Bruno

[quint]

Sure, you brave guys . . . . . .  go ahead . . . . . . . Configuring and Compiling the Kernel . . . . . oh, and maybe you will need this one as well: Re-install . . . Bruno

[volunteer]

Bruno and all, I've been reading this thread since I installed Mandrake. I decided to wait and see how the updates were progressing. This is my first browsing experience with Mandrake. Konqueror is a pretty nice browser.I'm headed to the updats! Ken

[teacher]

Yes, get all those updates. After you do all your updates then you might want to go and browse through the applications available. Bruno's tip will tell you how to do that.

[Bruno]

Bruno and all, I've been reading this thread since I installed Mandrake.  I decided to wait and see how the updates were progressing.  This is my first browsing experience with Mandrake.  Konqueror is a  pretty nice browser.I'm headed to the updats!  Ken

Happy updating Ken !!( why did you wait that long . . ?? ) Bruno

[nlinecomputers]

Mandrake Linux Security Update Advisory Package name: kernelAdvisory ID: MDKSA-2003:066-1Date: July 21st, 2003Original Advisory Date: June 11th, 2003Affected versions: 9.1Problem Description: Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. As well, a number of bug fixes were made in the 9.1 kernel including: * Support for more machines that did not work with APIC * Audigy2 support * New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine, * Fixed SiS IOAPIC * IRQ balancing has been fixed for SMP * Updates to ext3 * The previous ptrace fix has been redone to work better MandrakeSoft encourages all users to upgrade to these new kernels. Updated kernels will be available shortly for other supported platforms and architectures. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.Kernel Advsiory

[nlinecomputers]

Mandrake Linux Security Update Advisory Package name: apache2Advisory ID: MDKSA-2003:075Date: July 21st, 2003Affected versions: 9.1Problem Description: Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes: Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CAN-2003-0192). Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CAN-2003-0253). Denial of Service was caused when target host is IPv6 but FTP proxy server can't create IPv6 socket (CAN-2003-0254). The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests (VU#379828). The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo for responsibly reporting these issues. To upgrade these apache packages, first stop Apache by issuing, as root: service httpd stop After the upgrade, restart Apache with: service httpd startApache Advisory

[nlinecomputers]

MandrakeSoft Security Advisory MDKSA-2003:076 : nfs-utilsPackage name nfs-utilsDate July 21st, 2003Advisory ID MDKSA-2003:076Affected versions 8.2, 9.0, 9.1, Corporate Server 2.1Synopsis Updated nfs-utils packages fix buffer overflow Problem DescriptionAn off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests. nfs-utils Advisory

[SonicDragon]

Volunteer: Be careful updating. You probably won't need everthing in there. I just updated a new Red Hat box at work today, and i just selected all the updates without even thinking. It went on for 4 hours updating, and then i had to leave! It downloaded like GUI support for like 10 different languages, all this developer stuff that i didn't need, etc. Some of the updates we just laughed at cause they were something that almost no one would ever need.It was a slow computer mind you, but you still just might want to quickly check over them

[nlinecomputers]

WARNING -----WARNING I got this email about the latest MDK kernel:From: Vincent Danen [vdanen@mandrakesoft.com]Sent: Wednesday, July 23, 2003 5:20 PMTo: announce@mandrakesecure.netSubject: Regarding the latest kernel upgradeI have a very important alert for those who have done the kernel upgrade as noted in MDKSA-2003:066-1:http://www.mandrakesecure.net/en/advisorie...DKSA-2003:066-1It has been noticed that the regular kernel (kernel-2.4.21.0.24mdk) has a problem where it is ignoring umask settings and instead is creating files with mode 0666 (world writeable). The secure and enterprise kernels do not exhibit this behaviour, however.If at all possible, please back down to 0.18mdk or switch to the secure kernel for the time being. We hope to have this issue resolved ASAP.Thank you.-- MandrakeSoft Security; http://www.mandrakesecure.net/Online Security Resource Book; http://linsec.ca/"lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

[Bruno]

Security updates: ( on ALL mirrors now ) Name: mpg123 Version: 0.59r-17.1mdk Name: xpdf Version: 2.01-2.2mdk Total: 11MBB) Bruno