| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Apr 2012 16:42:00 +0200 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2012:061 ] raptor -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:061 http://www.mandriva.com/security/ _______________________________________________________________________ Package : raptor Date : April 21, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0037). The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037 http://www.libreoffice.org/advisories/CVE-2012-0037/ _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 24ec3d87dd77462b556f86859840eae1 2010.1/i586/libraptor1-1.4.21-5.1mdv2010.2.i586.rpm 85d61e2cd9d054d9da9211f4fa342f69 2010.1/i586/libraptor-devel-1.4.21-5.1mdv2010.2.i586.rpm e8b11b034af2de18b785e82cb4a30660 2010.1/i586/raptor-1.4.21-5.1mdv2010.2.i586.rpm 4379f2bfca9cfc03d297058d9635156a 2010.1/SRPMS/raptor-1.4.21-5.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 44aa890dd881c56e92f2b3983f4bc686 2010.1/x86_64/lib64raptor1-1.4.21-5.1mdv2010.2.x86_64.rpm 068c7d529fb465a3238f51179651ba2f 2010.1/x86_64/lib64raptor-devel-1.4.21-5.1mdv2010.2.x86_64.rpm 76bf6ce10c21fcc1c5f27e39d08b260d 2010.1/x86_64/raptor-1.4.21-5.1mdv2010.2.x86_64.rpm 4379f2bfca9cfc03d297058d9635156a 2010.1/SRPMS/raptor-1.4.21-5.1mdv2010.2.src.rpm Mandriva Linux 2011: e94c657f023e62cd238ea2f83ae0d88a 2011/i586/libraptor1-1.4.21-5.1-mdv2011.0.i586.rpm 79e92a9a81648805e7ae4cb28eb888f2 2011/i586/libraptor2_0-2.0.7-0.1-mdv2011.0.i586.rpm 11eef49d485d71baf0a11b66b48db345 2011/i586/libraptor2-devel-2.0.7-0.1-mdv2011.0.i586.rpm ae76f3b8f48824daa66675f4fc007235 2011/i586/libraptor-devel-1.4.21-5.1-mdv2011.0.i586.rpm 9a42145d50101d1b3f8348808638240a 2011/i586/raptor-1.4.21-5.1-mdv2011.0.i586.rpm 6c528626b8a2602fdcb1761eac68e25e 2011/i586/raptor2-2.0.7-0.1-mdv2011.0.i586.rpm 7adcdbaed9ca771c734765e9ed92e8c4 2011/SRPMS/raptor-1.4.21-5.1.src.rpm 404f1edc446a93566026bbee0fbc8210 2011/SRPMS/raptor2-2.0.7-0.1.src.rpm Mandriva Linux 2011/X86_64: c4c7ac5bf156c0d3f9bb1fd5740f347f 2011/x86_64/lib64raptor1-1.4.21-5.1-mdv2011.0.x86_64.rpm 83b05b1707a083e7cf76c67d5f646320 2011/x86_64/lib64raptor2_0-2.0.7-0.1-mdv2011.0.x86_64.rpm f6c697b5e8ee115eb4e318a886105c35 2011/x86_64/lib64raptor2-devel-2.0.7-0.1-mdv2011.0.x86_64.rpm aba11394c42aed7d4f99200900723837 2011/x86_64/lib64raptor-devel-1.4.21-5.1-mdv2011.0.x86_64.rpm f557b8057cb4b8aa371f48626d8e2c11 2011/x86_64/raptor-1.4.21-5.1-mdv2011.0.x86_64.rpm f7b4e5e149fb3d338c85eef948e16b27 2011/x86_64/raptor2-2.0.7-0.1-mdv2011.0.x86_64.rpm 7adcdbaed9ca771c734765e9ed92e8c4 2011/SRPMS/raptor-1.4.21-5.1.src.rpm 404f1edc446a93566026bbee0fbc8210 2011/SRPMS/raptor2-2.0.7-0.1.src.rpm Mandriva Enterprise Server 5: 5d0221fba67389461f2808a8c1cf93fd mes5/i586/libraptor1-1.4.18-3.1mdvmes5.2.i586.rpm 777bcd9d7035fcec459c2b0848ccb660 mes5/i586/libraptor-devel-1.4.18-3.1mdvmes5.2.i586.rpm 56c867304527d1b6ba5980b7d5c6e354 mes5/i586/raptor-1.4.18-3.1mdvmes5.2.i586.rpm 5d90acb0be0fd63e90a5dec62a19dfdc mes5/SRPMS/raptor-1.4.18-3.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 4680f20036dc383367955faab0ffb028 mes5/x86_64/lib64raptor1-1.4.18-3.1mdvmes5.2.x86_64.rpm f40ea3da4964474fcf1acab58511d59b mes5/x86_64/lib64raptor-devel-1.4.18-3.1mdvmes5.2.x86_64.rpm 593bb4d51e183ea45d416ff90ff4cb07 mes5/x86_64/raptor-1.4.18-3.1mdvmes5.2.x86_64.rpm 5d90acb0be0fd63e90a5dec62a19dfdc mes5/SRPMS/raptor-1.4.18-3.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPkp0nmqjQ0CJFipgRAvUfAKCOqVsQF5ZKvywfrhq83Sa0vBo7TwCfTD7R M+UaIWCajC9axOQi1nshPRA= =Sy3/ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists