[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PFwSz-0006Dv-OC@titan.mandriva.com>
Date: Tue, 09 Nov 2010 23:15:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:225 ] libmbfl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:225
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libmbfl
Date : November 9, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in libmbfl (php):
* Fix bug #53273 (mb_strcut() returns garbage with the excessive
length parameter) (CVE-2010-4156).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156
http://bugs.php.net/bug.php?id=49354
http://bugs.php.net/bug.php?id=53273
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
a3ff784ac8c403e09c3aaa8e05eb5d11 2010.0/i586/libmbfl1-1.1.0-0.2mdv2010.0.i586.rpm
349a58108b4f8e771417806e47d3abf8 2010.0/i586/libmbfl-devel-1.1.0-0.2mdv2010.0.i586.rpm
46a3d7535bbcabf299a10fc0b5611967 2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
84a2522e5d9f99c8757b264fc1ccf8bd 2010.0/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.0.x86_64.rpm
858a213d457bc91cfb14bac8f0fca6ae 2010.0/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.0.x86_64.rpm
46a3d7535bbcabf299a10fc0b5611967 2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.1:
c2a6706a1a63f23422de732317c875b2 2010.1/i586/libmbfl1-1.1.0-0.2mdv2010.1.i586.rpm
e61cd276bbbb67224682e0be0f518765 2010.1/i586/libmbfl-devel-1.1.0-0.2mdv2010.1.i586.rpm
529952ef37422e1b695da38e8ab6e77a 2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
a9df4c7d21e3f8219207f6964d3b5204 2010.1/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.1.x86_64.rpm
48c2d18fa8e20f25675ceedf051a9cea 2010.1/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.1.x86_64.rpm
529952ef37422e1b695da38e8ab6e77a 2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM2ZuOmqjQ0CJFipgRAlIeAJ459YXySExGECX+EYkPzRXQOQSyrACgzTrQ
3ax4hSV/YDfaKxuixKkGBR8=
=KCQC
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists