lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1Ib0oh-0000WA-Fc@artemis.annvix.ca>
Date: Thu, 27 Sep 2007 15:22:39 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:189 ] - Updated t1lib packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:189
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : t1lib
 Date    : September 27, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A buffer overflow vulnerability was discovered in t1lib due to improper
 bounds checking.  An attacker could send specially crafted input to
 an application linked against t1lib which could lead to a denial of
 service or the execution of arbitrary code.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 cbdac5227208ce1ee0e3873a017fd310  2007.0/i586/libt1lib5-5.1.0-3.1mdv2007.0.i586.rpm
 1ec267053ed01a82da1e4a69e860bea7  2007.0/i586/libt1lib5-devel-5.1.0-3.1mdv2007.0.i586.rpm
 9e3536947b46739a6bebae8f27c791f6  2007.0/i586/libt1lib5-static-devel-5.1.0-3.1mdv2007.0.i586.rpm
 44a1629a984d4e8aed17fed497afb645  2007.0/i586/t1lib-config-5.1.0-3.1mdv2007.0.i586.rpm
 ffd2ec19d1b7b2248ba99dc476f0334e  2007.0/i586/t1lib-progs-5.1.0-3.1mdv2007.0.i586.rpm 
 6d3ba087bc088de95887bbb081026030  2007.0/SRPMS/t1lib-5.1.0-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7302ddcd84216528f563a0afff9f13e9  2007.0/x86_64/lib64t1lib5-5.1.0-3.1mdv2007.0.x86_64.rpm
 1c9e9e376fa0c9a3999781f98b3e54c1  2007.0/x86_64/lib64t1lib5-devel-5.1.0-3.1mdv2007.0.x86_64.rpm
 3478e0036344cc60dd957ecd9b42d3e8  2007.0/x86_64/lib64t1lib5-static-devel-5.1.0-3.1mdv2007.0.x86_64.rpm
 2370d65683dbe200cea28e2809643f52  2007.0/x86_64/t1lib-config-5.1.0-3.1mdv2007.0.x86_64.rpm
 8b0f959cac3661d0a8c4d950b12f0798  2007.0/x86_64/t1lib-progs-5.1.0-3.1mdv2007.0.x86_64.rpm 
 6d3ba087bc088de95887bbb081026030  2007.0/SRPMS/t1lib-5.1.0-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 2f362838de05e2f0b47208ea0363037e  2007.1/i586/libt1lib5-5.1.1-1.1mdv2007.1.i586.rpm
 137cbab139e8eac13add031760e68168  2007.1/i586/libt1lib5-devel-5.1.1-1.1mdv2007.1.i586.rpm
 227aaeb5b35693db3de34f8f80c431c3  2007.1/i586/libt1lib5-static-devel-5.1.1-1.1mdv2007.1.i586.rpm
 236a2b2b1511736aaa303fe16bfef7f9  2007.1/i586/t1lib-config-5.1.1-1.1mdv2007.1.i586.rpm
 f1c949c7de238afaa055c8cc1350d9d7  2007.1/i586/t1lib-progs-5.1.1-1.1mdv2007.1.i586.rpm 
 3a53755fae6aa7f0cde25e535059c366  2007.1/SRPMS/t1lib-5.1.1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 be99aaff094fdc728b556cd89c55264b  2007.1/x86_64/lib64t1lib5-5.1.1-1.1mdv2007.1.x86_64.rpm
 9d838eba24848d3c5ba643738cddddd6  2007.1/x86_64/lib64t1lib5-devel-5.1.1-1.1mdv2007.1.x86_64.rpm
 028d704f2d58eca3241198c3c4ddced0  2007.1/x86_64/lib64t1lib5-static-devel-5.1.1-1.1mdv2007.1.x86_64.rpm
 cbc901c6517523834f6c20ff163ad0b5  2007.1/x86_64/t1lib-config-5.1.1-1.1mdv2007.1.x86_64.rpm
 25cdc40f3f64fa499c84e82aeaac2f8c  2007.1/x86_64/t1lib-progs-5.1.1-1.1mdv2007.1.x86_64.rpm 
 3a53755fae6aa7f0cde25e535059c366  2007.1/SRPMS/t1lib-5.1.1-1.1mdv2007.1.src.rpm

 Corporate 3.0:
 5e28c2db10fa85c05884c1f3f4b229b8  corporate/3.0/i586/t1lib1-1.3.1-14.1.C30mdk.i586.rpm
 7d1a89a7ccf9a95245094668d678a990  corporate/3.0/i586/t1lib1-devel-1.3.1-14.1.C30mdk.i586.rpm
 6e7366963e47c402b12c278cb346b170  corporate/3.0/i586/t1lib1-progs-1.3.1-14.1.C30mdk.i586.rpm
 ac8c1033158e14036a439459b608f12e  corporate/3.0/i586/t1lib1-static-devel-1.3.1-14.1.C30mdk.i586.rpm 
 287aa7fc6ee135e629fcd97689269601  corporate/3.0/SRPMS/t1lib-1.3.1-14.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 87dee3b68224e07431e1372af7dda010  corporate/3.0/x86_64/t1lib1-1.3.1-14.1.C30mdk.x86_64.rpm
 64158e29571d0a03d37205b9b7dcf518  corporate/3.0/x86_64/t1lib1-devel-1.3.1-14.1.C30mdk.x86_64.rpm
 4fc5b034866dce22681ca038d07fbbdf  corporate/3.0/x86_64/t1lib1-progs-1.3.1-14.1.C30mdk.x86_64.rpm
 56175b392c80058920294cf53a5ff2f7  corporate/3.0/x86_64/t1lib1-static-devel-1.3.1-14.1.C30mdk.x86_64.rpm 
 287aa7fc6ee135e629fcd97689269601  corporate/3.0/SRPMS/t1lib-1.3.1-14.1.C30mdk.src.rpm

 Corporate 4.0:
 44e5d7138b23c9c727a4b73b0e77c0a4  corporate/4.0/i586/libt1lib5-5.1.0-1.1.20060mlcs4.i586.rpm
 dc674710b237a11d1c65a524fdf64c53  corporate/4.0/i586/libt1lib5-devel-5.1.0-1.1.20060mlcs4.i586.rpm
 1676db932bdb79fc8b25a7788d26b23a  corporate/4.0/i586/libt1lib5-static-devel-5.1.0-1.1.20060mlcs4.i586.rpm
 614c6e18e986a02e6a7eae5865cdb47e  corporate/4.0/i586/t1lib-config-5.1.0-1.1.20060mlcs4.i586.rpm
 32fe2bcf3481d0dabf8ddd57f8053fa4  corporate/4.0/i586/t1lib-progs-5.1.0-1.1.20060mlcs4.i586.rpm 
 58b16472c8f3a04b8d69e132b2465b55  corporate/4.0/SRPMS/t1lib-5.1.0-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3163e3c97bc45d75a7c3a859bf0d9a7b  corporate/4.0/x86_64/lib64t1lib5-5.1.0-1.1.20060mlcs4.x86_64.rpm
 b939be5ac96ace080ff9d9de9825bc7e  corporate/4.0/x86_64/lib64t1lib5-devel-5.1.0-1.1.20060mlcs4.x86_64.rpm
 130998cc75abb6b4d0f8c7497e281acf  corporate/4.0/x86_64/lib64t1lib5-static-devel-5.1.0-1.1.20060mlcs4.x86_64.rpm
 2dfe21a41d25e4816cb988c2f9cfac91  corporate/4.0/x86_64/t1lib-config-5.1.0-1.1.20060mlcs4.x86_64.rpm
 cde552aaea2a081a5e5466477a262c20  corporate/4.0/x86_64/t1lib-progs-5.1.0-1.1.20060mlcs4.x86_64.rpm 
 58b16472c8f3a04b8d69e132b2465b55  corporate/4.0/SRPMS/t1lib-5.1.0-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG+/N6mqjQ0CJFipgRAvE9AJ4109zHLItQJWJpo3CLGuyY15O94gCdFCR7
QV4/MenNHv/YfKBUBODn49M=
=xvzl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ