lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LmxSa-0005ls-SZ@titan.mandriva.com>
Date: Thu, 26 Mar 2009 22:50:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:080 ] glib2.0


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:080
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : glib2.0
 Date    : March 26, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 Multiple integer overflows in GLib's Base64 encoding and decoding
 functions enable attackers (possibly remote ones, depending on
 the applications glib2 is linked against with - mostly GNOME ones)
 either to cause denial of service and to execute arbitrary code via
 an untrusted input (CVE-2008-4316).
 
 This update provide the fix for that security issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 ec6549c72d1fb6125ab8d398586ea4fb  2008.0/i586/glib2.0-common-2.14.1-2.1mdv2008.0.i586.rpm
 af169954484c24fb30888317ae22b408  2008.0/i586/glib-gettextize-2.14.1-2.1mdv2008.0.i586.rpm
 f933fbb158f4a94311ea0adb0267abfd  2008.0/i586/libglib2.0_0-2.14.1-2.1mdv2008.0.i586.rpm
 36f304c0aec1f7989146364acaf8c0b2  2008.0/i586/libglib2.0_0-devel-2.14.1-2.1mdv2008.0.i586.rpm 
 1786bde9976bce5014db73d0801b38ac  2008.0/SRPMS/glib2.0-2.14.1-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 9cf29b7dbebf5048084b6b1f35e0f4cb  2008.0/x86_64/glib2.0-common-2.14.1-2.1mdv2008.0.x86_64.rpm
 270bcf8ba069c5ac6b6e6cf89987b807  2008.0/x86_64/glib-gettextize-2.14.1-2.1mdv2008.0.x86_64.rpm
 31031ac78ab9d873a29fa369ff30e610  2008.0/x86_64/lib64glib2.0_0-2.14.1-2.1mdv2008.0.x86_64.rpm
 9c1d61a59e7c60092e1c0e3908bb6a65  2008.0/x86_64/lib64glib2.0_0-devel-2.14.1-2.1mdv2008.0.x86_64.rpm 
 1786bde9976bce5014db73d0801b38ac  2008.0/SRPMS/glib2.0-2.14.1-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 1baba5d7eb9f0c432bf73fd88b4ed7b2  2008.1/i586/glib2.0-common-2.16.2-1.1mdv2008.1.i586.rpm
 25195a507ab1cb4c83821ec13b73c2de  2008.1/i586/glib-gettextize-2.16.2-1.1mdv2008.1.i586.rpm
 0842c6fcbc536211ccf2a0a4d87e3546  2008.1/i586/libgio2.0_0-2.16.2-1.1mdv2008.1.i586.rpm
 0e8cf91144c192f2bb5f35baf83f962c  2008.1/i586/libglib2.0_0-2.16.2-1.1mdv2008.1.i586.rpm
 6323a69186cb517ae2863d7a76781048  2008.1/i586/libglib2.0-devel-2.16.2-1.1mdv2008.1.i586.rpm 
 7ae19c9ab3b92c24968805d227a59016  2008.1/SRPMS/glib2.0-2.16.2-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 1589cb70c3243cef09da4d50c15b09b1  2008.1/x86_64/glib2.0-common-2.16.2-1.1mdv2008.1.x86_64.rpm
 6c2579e55949fbe1835adf31ea5131bd  2008.1/x86_64/glib-gettextize-2.16.2-1.1mdv2008.1.x86_64.rpm
 194712afcd7513be076a6759525f12f9  2008.1/x86_64/lib64gio2.0_0-2.16.2-1.1mdv2008.1.x86_64.rpm
 3da1dd0e0141705c2c0e31499dd75608  2008.1/x86_64/lib64glib2.0_0-2.16.2-1.1mdv2008.1.x86_64.rpm
 36eed7d79a1e42f832db1e45fba41e7c  2008.1/x86_64/lib64glib2.0-devel-2.16.2-1.1mdv2008.1.x86_64.rpm 
 7ae19c9ab3b92c24968805d227a59016  2008.1/SRPMS/glib2.0-2.16.2-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 690e5195cc87714bdc3cc0fbd5d1e443  2009.0/i586/glib2.0-common-2.18.1-1.1mdv2009.0.i586.rpm
 d9ca28417fae46f7fb2623a12d43ae0a  2009.0/i586/glib-gettextize-2.18.1-1.1mdv2009.0.i586.rpm
 515b3c6e02aaa3d2323b2205b77e4f60  2009.0/i586/libgio2.0_0-2.18.1-1.1mdv2009.0.i586.rpm
 05ef65b0189ed3df27459b0357e84156  2009.0/i586/libglib2.0_0-2.18.1-1.1mdv2009.0.i586.rpm
 7433775a074a0631631f9a36c38cb603  2009.0/i586/libglib2.0-devel-2.18.1-1.1mdv2009.0.i586.rpm 
 dc74fa4eccc0e8a4fe016d6e48efd7c2  2009.0/SRPMS/glib2.0-2.18.1-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 a354c7986fc2d17ea31679d5c9c3c32c  2009.0/x86_64/glib2.0-common-2.18.1-1.1mdv2009.0.x86_64.rpm
 c696c96b510cc0d983c3f4449208109d  2009.0/x86_64/glib-gettextize-2.18.1-1.1mdv2009.0.x86_64.rpm
 fc5eb4080df3b6670b53952c82f0df47  2009.0/x86_64/lib64gio2.0_0-2.18.1-1.1mdv2009.0.x86_64.rpm
 29fc292f7f40bcf4a64b889694141d5e  2009.0/x86_64/lib64glib2.0_0-2.18.1-1.1mdv2009.0.x86_64.rpm
 479553db25caae6550ab085986b88801  2009.0/x86_64/lib64glib2.0-devel-2.18.1-1.1mdv2009.0.x86_64.rpm 
 dc74fa4eccc0e8a4fe016d6e48efd7c2  2009.0/SRPMS/glib2.0-2.18.1-1.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJy8u1mqjQ0CJFipgRAlGJAJ9VHB8hVdCEydzypTyey6I5XUmnpgCgpMFM
2+7+r/yYeuRKOgQrCp56MgM=
=GpP3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ