COMMAND

    MandrakeUpdate

SYSTEMS AFFECTED

    Linux-Mandrake 6.0, 6.1, 7.0, 7.1

PROBLEM

    Following is based on Linux-Mandrake Security Advisory.  There  is
    a possible race condition in MandrakeUpdate that has the potential
    for users to tamper  with RPMs downloaded by  MandrakeUpdate prior
    to them being installed.  This is due to files being stored in the
    /tmp directory.  This is a very low security-risk as most  servers
    that provide user logins shouldn't be using MandrakeUpdate.  These
    updated versions provide a fix for the problem by using  /root/tmp
    instead of /tmp.

SOLUTION

    Patch:

        Linux-Mandrake 6.0: 6.0/RPMS/MandrakeUpdate-6.0-6mdk.i586.rpm
                            6.0/RPMS/grpmi-0.9-6mdk.i586.rpm
                            6.0/SRPMS/MandrakeUpdate-6.0-6mdk.src.rpm

        Linux-Mandrake 6.1: 6.1/RPMS/MandrakeUpdate-6.1-4mdk.i586.rpm
                            6.1/RPMS/grpmi-0.9-4mdk.i586.rpm
                            6.1/SRPMS/MandrakeUpdate-6.1-4mdk.src.rpm

        Linux-Mandrake 7.0: 7.0/RPMS/grpmi-0.9-13mdk.i586.rpm
                            7.0/SRPMS/MandrakeUpdate-7.0-13mdk.src.rpm

        Linux-Mandrake 7.1: 7.1/RPMS/MandrakeUpdate-7.1-9mdk.i586.rpm
                            7.1/RPMS/grpmi-7.1-9mdk.i586.rpm
                            7.1/SRPMS/MandrakeUpdate-7.1-9mdk.src.rpm