lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1E5qiJ-0000bA-Mb@mercury.mandriva.com>
Date: Thu, 18 Aug 2005 14:10:11 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:144 - Updated wxPythonGTK packages several vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           wxPythonGTK
 Advisory ID:            MDKSA-2005:144
 Date:                   August 18th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Wouter Hanegraaff discovered that the TIFF library did not sufficiently
 validate the "YCbCr subsampling" value in TIFF image headers. Decoding 
 a malicious image with a zero value resulted in an arithmetic exception, 
 which can cause a program that uses the TIFF library to crash. 
 
 wxPythonGTK uses an embedded libtiff source tree, and as such has the
 same vulnerability.
 
 The updated packages have been rebuilt using the system libraries and
 should now incorporate all the updates to libjpeg, libpng, libtiff and
 zlib.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 1792bef2b7c38d434f5c580885918fa9  10.1/RPMS/libwxPythonGTK2.5_2-2.5.2.7-3.1.101mdk.i586.rpm
 e74ecbc67fb44bc41c211c9c48d99bf2  10.1/RPMS/libwxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk.i586.rpm
 cbc0ab1e5ff4890e6ca773bc106a22ba  10.1/RPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.i586.rpm
 b9a21a161373a223927041bfb59e9daa  10.1/SRPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 58a22e1baf7b89f5cba1904cc385a62d  x86_64/10.1/RPMS/lib64wxPythonGTK2.5_2-2.5.2.7-3.1.101mdk.x86_64.rpm
 3416e43ec121b43dd0fa320ced1a1692  x86_64/10.1/RPMS/lib64wxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk.x86_64.rpm
 04420e8c6fa31ae8266bf1646442665b  x86_64/10.1/RPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.x86_64.rpm
 b9a21a161373a223927041bfb59e9daa  x86_64/10.1/SRPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 8deaae175c40b0b2aae1c0a9260e6c5e  10.2/RPMS/libwxPythonGTK2.5_3-2.5.3.1-3.1.102mdk.i586.rpm
 b240df592e137d2b429118a51561475f  10.2/RPMS/libwxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk.i586.rpm
 142a95ae853496fa62488898a8e22a5c  10.2/RPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.i586.rpm
 8a04fcd0d0d70bc22549b20374aa2fc4  10.2/SRPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 3641fdd53027c69755b2026f9868bcd4  x86_64/10.2/RPMS/lib64wxPythonGTK2.5_3-2.5.3.1-3.1.102mdk.x86_64.rpm
 a84597c3db0f2f38f493693d0cfbf0d6  x86_64/10.2/RPMS/lib64wxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk.x86_64.rpm
 f453d626b50c9f8e5fd7b801f06a53c6  x86_64/10.2/RPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.x86_64.rpm
 8a04fcd0d0d70bc22549b20374aa2fc4  x86_64/10.2/SRPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.src.rpm

 Corporate 3.0:
 30310777699ba2bc43269fea791785a6  corporate/3.0/RPMS/libwxPythonGTK2.4-2.4.2.4-2.1.C30mdk.i586.rpm
 2ab1c06543b33f2304caa2f75c234a74  corporate/3.0/RPMS/libwxPythonGTK2.4-devel-2.4.2.4-2.1.C30mdk.i586.rpm
 1ff251baed6af07e5604521ae8390f06  corporate/3.0/RPMS/wxPythonGTK-2.4.2.4-2.1.C30mdk.i586.rpm
 fbf97259f8e496bf20af99c1cacb08b1  corporate/3.0/SRPMS/wxPythonGTK-2.4.2.4-2.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDBOsjmqjQ0CJFipgRAi91AJwOyfuUHD4/Zr5KsndSbEJqAzI7MgCfRb2r
wUXPRILQAr0ZQlQMXBFxZT4=
=6Vnf
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ