lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PG8uH-0003Ae-4d@titan.mandriva.com>
Date: Wed, 10 Nov 2010 12:32:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:225-1 ] libmbfl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2010:225-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libmbfl
 Date    : November 10, 2010
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in libmbfl (php):
 
 * Fix bug #53273 (mb_strcut() returns garbage with the excessive
 length parameter) (CVE-2010-4156).
 
 The updated packages have been patched to correct these issues.

 Update:

 The MDVSA-2010:225 advisory used the wrong patch to address the
 problem, however it did fix the issue. This advisory provides the
 correct upstream patch.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156
 http://bugs.php.net/bug.php?id=49354
 http://bugs.php.net/bug.php?id=53273
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 78dd51cd031e9ec143e4bbe8461b4bd5  2010.0/i586/libmbfl1-1.1.0-0.3mdv2010.0.i586.rpm
 9d563d63a8e1718c5c8fd9cd6157aec6  2010.0/i586/libmbfl-devel-1.1.0-0.3mdv2010.0.i586.rpm 
 6d64c52b17d268a7361b4e2b84ba68dd  2010.0/SRPMS/libmbfl-1.1.0-0.3mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 5cc948f64a74d0be4e1c93d19f4699eb  2010.0/x86_64/lib64mbfl1-1.1.0-0.3mdv2010.0.x86_64.rpm
 85bc8266cbb3594ae01d8dfe7698dc85  2010.0/x86_64/lib64mbfl-devel-1.1.0-0.3mdv2010.0.x86_64.rpm 
 6d64c52b17d268a7361b4e2b84ba68dd  2010.0/SRPMS/libmbfl-1.1.0-0.3mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 46e5a0ede89a00c1d853d83f8b3e4cd9  2010.1/i586/libmbfl1-1.1.0-0.3mdv2010.1.i586.rpm
 3697bab667857726176e305ccfe67af9  2010.1/i586/libmbfl-devel-1.1.0-0.3mdv2010.1.i586.rpm 
 d2342d41d387636e4279f21375afad9d  2010.1/SRPMS/libmbfl-1.1.0-0.3mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 d94a733a8caa5d715037f7520a9bcf6c  2010.1/x86_64/lib64mbfl1-1.1.0-0.3mdv2010.1.x86_64.rpm
 a20db60b6211f97d0c49b4f00f7c9222  2010.1/x86_64/lib64mbfl-devel-1.1.0-0.3mdv2010.1.x86_64.rpm 
 d2342d41d387636e4279f21375afad9d  2010.1/SRPMS/libmbfl-1.1.0-0.3mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM2mgxmqjQ0CJFipgRAmprAKCxBRbVtysXteKNnAh8JEDH0tMHbACg10yB
JZw5hP5+6Qxq3Ttwe6w4/rk=
=bK+b
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ