Mandrake Linux Security Advisory : MandrakeUpdate (MDKSA-2000:034)
High Nessus Plugin ID 61828
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThere is a possible race condition in MandrakeUpdate that has the potential for users to tamper with RPMs downloaded by MandrakeUpdate prior to them being installed. This is due to files being stored in the /tmp directory. This is a very low security-risk as most servers that provide user logins shouldn't be using MandrakeUpdate. These updated versions provide a fix for the problem by using /root/tmp instead of /tmp.
SolutionUpdate the affected MandrakeUpdate and / or grpmi packages.