lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1FvOvN-00063q-0t@mercury.mandriva.com>
Date: Tue, 27 Jun 2006 19:33:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:113
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tetex
 Date    : June 27, 2006
 Affected: 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Integer overflows were reported in the GD Graphics Library (libgd)
 2.0.28, and possibly other versions. These overflows allow remote
 attackers to  cause a denial of service and possibly execute arbitrary
 code via PNG image files with large image rows values that lead to a
 heap-based buffer overflow in the gdImageCreateFromPngCtx() function. 
 Tetex contains an embedded copy of the GD library code. (CAN-2004-0941)
 
 The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas 
 Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers 
 to cause a denial of service (CPU consumption) via malformed GIF data that 
 causes an infinite loop.  Tetex contains an embedded copy of the GD library
 code. (CVE-2006-2906)
 
 Updated packages have been patched to address both issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 5bcf729ccb4caca85d8d2142293b2d77  10.2/RPMS/jadetex-3.12-106.2.102mdk.i586.rpm
 bc31e31b117e2a751da7849907df917c  10.2/RPMS/tetex-3.0-8.2.102mdk.i586.rpm
 0910bcc1bce95b11963262c3b722fc47  10.2/RPMS/tetex-afm-3.0-8.2.102mdk.i586.rpm
 a3eac32b19e1c212c6ec8bf5ba6ca34a  10.2/RPMS/tetex-context-3.0-8.2.102mdk.i586.rpm
 b4a7db5b9c127e2399afdaf478f1141f  10.2/RPMS/tetex-devel-3.0-8.2.102mdk.i586.rpm
 9679b875893e7a5d283802472cf784eb  10.2/RPMS/tetex-doc-3.0-8.2.102mdk.i586.rpm
 3b250dbb1aa85b427f149eeb7b93bee5  10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.i586.rpm
 2af97694741d1589b9d4f4e9e2fff794  10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.i586.rpm
 713efa8fa744a3cb344ec016c7892be3  10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.i586.rpm
 8646db9366788d889c03333975a58fb3  10.2/RPMS/tetex-latex-3.0-8.2.102mdk.i586.rpm
 4b2bb6743bdda9afc4acaa5e9886eaf5  10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.i586.rpm
 b2f6632e88505d5449369f352bd3defe  10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.i586.rpm
 4c6665db413bc2763e671368c594b96d  10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.i586.rpm
 95689eb1cd6a82f24063af60dd6f6427  10.2/RPMS/xmltex-1.9-54.2.102mdk.i586.rpm
 73dffa296703ab7de146d3fbe811ab10  10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 e67d983720943369fde6b38fadae015a  x86_64/10.2/RPMS/jadetex-3.12-106.2.102mdk.x86_64.rpm
 75416081cfc3cdf6a8ccfe689618cae8  x86_64/10.2/RPMS/tetex-3.0-8.2.102mdk.x86_64.rpm
 81ad797551550873a29f408bd0740ac7  x86_64/10.2/RPMS/tetex-afm-3.0-8.2.102mdk.x86_64.rpm
 37f969186982784662e8ea84acd93713  x86_64/10.2/RPMS/tetex-context-3.0-8.2.102mdk.x86_64.rpm
 d20f39d3ef368502677cb5e137c41831  x86_64/10.2/RPMS/tetex-devel-3.0-8.2.102mdk.x86_64.rpm
 29717e89753a6566846d77c38d0ea661  x86_64/10.2/RPMS/tetex-doc-3.0-8.2.102mdk.x86_64.rpm
 ed84f2352218a281b3e926a00be8503c  x86_64/10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.x86_64.rpm
 09c946780c1bee9c2c66fbc0456d3225  x86_64/10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.x86_64.rpm
 dbd732fc3fbd6b95d4cdf819ce5229a2  x86_64/10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.x86_64.rpm
 b0c55dba84cf1c9be4f3e04d2ce53e41  x86_64/10.2/RPMS/tetex-latex-3.0-8.2.102mdk.x86_64.rpm
 73dcdebb1514d70b2bba997ce3562453  x86_64/10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.x86_64.rpm
 95f4fa468924bd6be520da4dde69d379  x86_64/10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.x86_64.rpm
 54cfa5d726e5b53a2811e601c351b8c9  x86_64/10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.x86_64.rpm
 1ed4d39c162d2153a7741effdedcd7ad  x86_64/10.2/RPMS/xmltex-1.9-54.2.102mdk.x86_64.rpm
 73dffa296703ab7de146d3fbe811ab10  x86_64/10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 c0cc16cb92ca140fa0cd77ab3082334c  2006.0/RPMS/jadetex-3.12-110.2.20060mdk.i586.rpm
 2a599e06878cfd913ee2460352d18833  2006.0/RPMS/tetex-3.0-12.2.20060mdk.i586.rpm
 80577accadf3ccede359d1c305e3cb62  2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.i586.rpm
 b1e27b6283a17194ef4feead5033b939  2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.i586.rpm
 e735ccd87def0f4a8bf1262aa3d92ca6  2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.i586.rpm
 dbd71f3daf27a1bafba42eb0051f2fab  2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.i586.rpm
 eea80943eaef26d2d0d40d4ef7e183aa  2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.i586.rpm
 05ce22c18eb82c10a6306cbe8d2446fa  2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.i586.rpm
 0d1270c9b9f940d3206aaa1be682b1cf  2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.i586.rpm
 962a78f23d0607544ffa35045b7af955  2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.i586.rpm
 4e823ca61b25f0285c75dc1886947e73  2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.i586.rpm
 44df21439b36aa5e9b60055b4f77936d  2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.i586.rpm
 8eab912c43ee68f35cdd1f9480d5951c  2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.i586.rpm
 6d8ba515e52f4abfd54dd306174462c7  2006.0/RPMS/xmltex-1.9-58.2.20060mdk.i586.rpm
 81d035449228282e7a72419f4b260e7a  2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 0466f60289f9ce688130e6d0a508e8bc  x86_64/2006.0/RPMS/jadetex-3.12-110.2.20060mdk.x86_64.rpm
 faf6465bf63a2f6719def5d3fb17ef17  x86_64/2006.0/RPMS/tetex-3.0-12.2.20060mdk.x86_64.rpm
 32f99226647319d5347d19077788bd5b  x86_64/2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.x86_64.rpm
 1d1aaee40dad532423173ccea3849e75  x86_64/2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.x86_64.rpm
 10d68d89752022e5bdf74ff0b07f1884  x86_64/2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.x86_64.rpm
 309c4b8d26fd7b6531b9ab183256191c  x86_64/2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.x86_64.rpm
 1afd5620adaad5e7a43a5f5b08aec37d  x86_64/2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.x86_64.rpm
 db2d9cc973c213cc3abe78bdf919c4bc  x86_64/2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.x86_64.rpm
 e1dffcb652dc8d246d0da1ec6620bd05  x86_64/2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.x86_64.rpm
 e792f17a436aae19883b979f32c08a33  x86_64/2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.x86_64.rpm
 b992bf51cb291e396a4a7f5d75bd2e84  x86_64/2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.x86_64.rpm
 eade7aa0e9665969c8d73bb7909da672  x86_64/2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.x86_64.rpm
 f1e9462e7213c74bcc59c27242b8d03b  x86_64/2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.x86_64.rpm
 4d1ade13bb2ffed71cb2f6d45165a672  x86_64/2006.0/RPMS/xmltex-1.9-58.2.20060mdk.x86_64.rpm
 81d035449228282e7a72419f4b260e7a  x86_64/2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEoa+vmqjQ0CJFipgRAmsqAKCDUHSEmHsPgDtQw43QlcPkN0HbnACfQrNM
aLENiehuiJNvmKyOFy6DVuo=
=7QK6
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ