lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1EX5Rs-00036q-EX@mercury.mandriva.com>
Date: Tue, 01 Nov 2005 16:21:48 -0700
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:203 - Updated gda2.0 packages fix string format vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:203
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gda2.0
 Date    : November 1, 2005
 Affected: 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Steve Kemp discovered two format string vulnerabilities in libgda2, 
 the GNOME Data Access library for GNOME2, which may lead to the 
 execution of arbitrary code in programs that use this library.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2958
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 c2bee0812a3911016f32406c7e6b98c6  corporate/3.0/RPMS/gda2.0-1.0.3-3.2.C30mdk.i586.rpm
 1c60c3861756e5f2ebec25810d698319  corporate/3.0/RPMS/gda2.0-ldap-1.0.3-3.2.C30mdk.i586.rpm
 76329346f822881c283f1d80eccf0321  corporate/3.0/RPMS/gda2.0-mysql-1.0.3-3.2.C30mdk.i586.rpm
 9366a1dfd24862ba1c2e785c880f42b1  corporate/3.0/RPMS/gda2.0-odbc-1.0.3-3.2.C30mdk.i586.rpm
 d2eaf777cbc85fa050ea15d9483e8530  corporate/3.0/RPMS/gda2.0-postgres-1.0.3-3.2.C30mdk.i586.rpm
 efb6dcf8757552aca5a2afad5e214afa  corporate/3.0/RPMS/gda2.0-sqlite-1.0.3-3.2.C30mdk.i586.rpm
 d19b0dc56ecc6645735e5ba4df226ea5  corporate/3.0/RPMS/libgda2.0_1-1.0.3-3.2.C30mdk.i586.rpm
 04904635f832181f5f4bc13defbd2404  corporate/3.0/RPMS/libgda2.0_1-devel-1.0.3-3.2.C30mdk.i586.rpm
 4ded9fd88d06c155f3fadd5438855b49  corporate/3.0/SRPMS/gda2.0-1.0.3-3.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6db35535deba7751a627682f1ba77ace  x86_64/corporate/3.0/RPMS/gda2.0-1.0.3-3.2.C30mdk.x86_64.rpm
 f3cc7763718da0f76c3c1e9131e1b9f5  x86_64/corporate/3.0/RPMS/gda2.0-ldap-1.0.3-3.2.C30mdk.x86_64.rpm
 7f01b17e60477e916f6a390b4e4b7222  x86_64/corporate/3.0/RPMS/gda2.0-mysql-1.0.3-3.2.C30mdk.x86_64.rpm
 3c93f0b8fe2f90ad54c505a813a3ea4f  x86_64/corporate/3.0/RPMS/gda2.0-odbc-1.0.3-3.2.C30mdk.x86_64.rpm
 527ff7ccbd2af3ea24ac3f572b050de3  x86_64/corporate/3.0/RPMS/gda2.0-postgres-1.0.3-3.2.C30mdk.x86_64.rpm
 cc2aead64a14a2fa99c34a572024adbe  x86_64/corporate/3.0/RPMS/gda2.0-sqlite-1.0.3-3.2.C30mdk.x86_64.rpm
 0eb6f8c613088bbcbb0205eec0e7374d  x86_64/corporate/3.0/RPMS/lib64gda2.0_1-1.0.3-3.2.C30mdk.x86_64.rpm
 c4c5b62e45e95c0142fc823e2db49b4c  x86_64/corporate/3.0/RPMS/lib64gda2.0_1-devel-1.0.3-3.2.C30mdk.x86_64.rpm
 4ded9fd88d06c155f3fadd5438855b49  x86_64/corporate/3.0/SRPMS/gda2.0-1.0.3-3.2.C30mdk.src.rpm

 Mandriva Linux 10.2:
 8581951dac7e2e51d0e583355f0c4fdf  10.2/RPMS/gda2.0-1.2.1-1.2.102mdk.i586.rpm
 6df29b76c68f2dac41511f0047844a6c  10.2/RPMS/gda2.0-bdb-1.2.1-1.2.102mdk.i586.rpm
 ab2a54b37f5d3a5903c13b5caf0884f1  10.2/RPMS/gda2.0-ldap-1.2.1-1.2.102mdk.i586.rpm
 a46e61c38f33d3590255b349371e5dd2  10.2/RPMS/gda2.0-mysql-1.2.1-1.2.102mdk.i586.rpm
 5f82b737ad1df0f5e367554a6af57d25  10.2/RPMS/gda2.0-odbc-1.2.1-1.2.102mdk.i586.rpm
 9c15f2853a50a9b8ce21c99b7c357d69  10.2/RPMS/gda2.0-postgres-1.2.1-1.2.102mdk.i586.rpm
 2a99984e0d3f0ed0bb77e1df0781a745  10.2/RPMS/gda2.0-sqlite-1.2.1-1.2.102mdk.i586.rpm
 ac79f03faefae3d12b25a692d84aa09c  10.2/RPMS/gda2.0-xbase-1.2.1-1.2.102mdk.i586.rpm
 c246c62a8b6a44bdf517fc13ab5a9629  10.2/RPMS/libgda2.0_3-1.2.1-1.2.102mdk.i586.rpm
 33244d3790d14e77cf83e297d105a0e5  10.2/RPMS/libgda2.0_3-devel-1.2.1-1.2.102mdk.i586.rpm
 2ae1d69e77d265b6a45701dede9187b6  10.2/SRPMS/gda2.0-1.2.1-1.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 a22c56a701d4b323cd58199bd330d358  x86_64/10.2/RPMS/gda2.0-1.2.1-1.2.102mdk.x86_64.rpm
 ab86e362890a87d588c6180df048d380  x86_64/10.2/RPMS/gda2.0-bdb-1.2.1-1.2.102mdk.x86_64.rpm
 e68a0231c0ed2d16c71330ab2ec0bc02  x86_64/10.2/RPMS/gda2.0-ldap-1.2.1-1.2.102mdk.x86_64.rpm
 561b6118c3f60507bd1d39a61ae1d1ef  x86_64/10.2/RPMS/gda2.0-mysql-1.2.1-1.2.102mdk.x86_64.rpm
 9c09bdaed784668cf9326aaa25fe045e  x86_64/10.2/RPMS/gda2.0-odbc-1.2.1-1.2.102mdk.x86_64.rpm
 9c05d405913600ab83af41a5c43012f1  x86_64/10.2/RPMS/gda2.0-postgres-1.2.1-1.2.102mdk.x86_64.rpm
 678405e55c25c6be5fd1bc7282918dab  x86_64/10.2/RPMS/gda2.0-sqlite-1.2.1-1.2.102mdk.x86_64.rpm
 dd2b4c22b66bfdd9e7d079fceb8052bc  x86_64/10.2/RPMS/gda2.0-xbase-1.2.1-1.2.102mdk.x86_64.rpm
 3ad48b3adeb00a9f9a3ea7a1c987b735  x86_64/10.2/RPMS/lib64gda2.0_3-1.2.1-1.2.102mdk.x86_64.rpm
 e4d9fb39922d57f56902b721b80d7c9f  x86_64/10.2/RPMS/lib64gda2.0_3-devel-1.2.1-1.2.102mdk.x86_64.rpm
 2ae1d69e77d265b6a45701dede9187b6  x86_64/10.2/SRPMS/gda2.0-1.2.1-1.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 291823a3cf2fbd1321fafd6d465b9fbc  2006.0/RPMS/gda2.0-1.2.2-2.2.20060mdk.i586.rpm
 f8c350c51a5847e02e391507f1052867  2006.0/RPMS/gda2.0-bdb-1.2.2-2.2.20060mdk.i586.rpm
 dd0126df1e10c2f127ebecc5e0a1c26c  2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.i586.rpm
 47e6a607eaa3738b4d07adb619232eb1  2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.i586.rpm
 4d1f9d08c55ed0a195ca001996f239e3  2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.i586.rpm
 e9dc80d837f6932969c3601f03707c59  2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.i586.rpm
 0ec62e103852325ee70769fe2eadb6c4  2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.i586.rpm
 a5d3d090e83d080ebf6a1c210aa113f1  2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.i586.rpm
 a4a8ae72f7cd866183c2e8a4a2e16bd3  2006.0/RPMS/libgda2.0_3-1.2.2-2.2.20060mdk.i586.rpm
 2b4c20ea0a38bf22c5aa31da3cd8884f  2006.0/RPMS/libgda2.0_3-devel-1.2.2-2.2.20060mdk.i586.rpm
 16c1de82d2b1996adeb4577b1ff9cdcd  2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 36a04443e670524ae0c4d93bf0752e9f  x86_64/2006.0/RPMS/gda2.0-1.2.2-2.2.20060mdk.x86_64.rpm
 d2fecb3c702f5c764c6a67c85e36e448  x86_64/2006.0/RPMS/gda2.0-bdb-1.2.2-2.2.20060mdk.x86_64.rpm
 44171de894c358c5bd3d4301b488170e  x86_64/2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.x86_64.rpm
 863aacd7318479757dc2d2e1ed238418  x86_64/2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.x86_64.rpm
 a82c2fceef36372b1fc17086b6237293  x86_64/2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.x86_64.rpm
 067f1f9a633b3e2dbe8ca08591d48642  x86_64/2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.x86_64.rpm
 4b257c7716b6eefcfb0fec95732975a0  x86_64/2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.x86_64.rpm
 9fef9fad9b8d98708c30c87b4bfdbece  x86_64/2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.x86_64.rpm
 84787803035a7d1ee2bb7b12775ea9f0  x86_64/2006.0/RPMS/lib64gda2.0_3-1.2.2-2.2.20060mdk.x86_64.rpm
 3037e49d4a6f17e6b752fcff37f05986  x86_64/2006.0/RPMS/lib64gda2.0_3-devel-1.2.2-2.2.20060mdk.x86_64.rpm
 16c1de82d2b1996adeb4577b1ff9cdcd  x86_64/2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDZ/iMmqjQ0CJFipgRAsECAJ9a/c0Go4Yy9/+4hY/DWo72IrpRSgCgnX3g
zDqRFrxHNRzw/J1onPK4fc0=
=NhHM
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ