MDKA-2007:062 : rpmdrake

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake host is missing one or more security-related
patches.

Description :

The rpmdrake package, which provides the graphical software
installation and update tools rpmdrake, drakrpm-edit-media and
MandrivaUpdate), included with Mandriva Linux 2007 Spring contains
several bugs. These include:

When installing software with rpmdrake, if packages are selected for
installation which require other packages to be installed as well, a
message will be displayed that says To satisfy dependencies, the
following packages also need to be installed:, but no list of
dependencies will actually be shown.

When installing software with rpmdrake, searching for a package
always searches through the full set of available packages even when
a search filter - such as All updates or Mandriva choices - is
selected.

When installing software with rpmdrake, when you switch between two
subsections with the same name - for instance, System/Settings/Other
and Development/Other - the list of packages is not updated; in the
example, the packages from the System/Settings/Other group will
continue to be displayed, instead of the packages from
Development/Other.

Running rpmdrake with the --merge-all-rpmnew parameter, which uses
rpmdrake to help you merge changes in updated configuration files,
does not work.

When updating your system with MandrivaUpdate, when a package name
cannot be correctly parsed, the name of the previous package in the
list will be displayed again instead.

When installing software with rpmdrake, the application will crash if
a package with a malformed summary in the Unicode text encoding
system was selected.

Some other, more minor bugs were also fixed in this update.

See also :

http://www.mandriva.com/security/advisories?name=MDKA-2007:062

Solution :

Update the affected package(s).

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36892 (mandrake_MDKA-2007-062.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now