lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DWFBh-0002VR-Tp@mercury.mandriva.com>
Date: Thu May 12 16:01:31 2005
From: security at mandriva.com (Mandriva Security Team)
Subject: MDKSA-2005:085 - Updated kdelibs packages fix
	vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           kdelibs
 Advisory ID:            MDKSA-2005:085
 Date:                   May 12th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A buffer overflow in the PCX decoder of kimgio was discovered by Bruno
 Rohee.  If an attacker could trick a user into loading a malicious PCX
 image with any KDE application, he could cause the execution of
 arbitrary code with the privileges of the user opening the image.
 
 The provided packages have been patched to correct this issue.
 
 In addition, the LE2005 packages contain fixes to configuring email
 into kbugreport, fixing a KDE crasher bug, fixing a kicondialog
 bug, a KHTML bug, and a knewsticker export symbol problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
  http://bugs.kde.org/show_bug.cgi?id=101577
  http://bugs.kde.org/show_bug.cgi?id=104475
  http://bugs.kde.org/show_bug.cgi?id=99970
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 d9187f933c87279b7e72df6513490154  10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.i586.rpm
 debbf58c43f6ceb879175c2b45fb7382  10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
 3fed03ddab92dafaf8a7edb70ddb6cc9  10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
 44d483efd87e38e49738825009d65f9c  10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 2df5f703c954bcb4c206c2da57c30b50  x86_64/10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.x86_64.rpm
 d336bec3abe9699aaf20a8aa6b138af9  x86_64/10.1/RPMS/lib64kdecore4-3.2.3-106.1.101mdk.x86_64.rpm
 f0f24bd12da26bc53d1385b661499f91  x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-106.1.101mdk.x86_64.rpm
 debbf58c43f6ceb879175c2b45fb7382  x86_64/10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
 3fed03ddab92dafaf8a7edb70ddb6cc9  x86_64/10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
 44d483efd87e38e49738825009d65f9c  x86_64/10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 4bbf3caa4f7162f354c8f9049ff04cc6  10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.i586.rpm
 9f45e9f161e746cef2782d8be428fa67  10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
 a9848e016ff7b6e468a42f049c1674a8  10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
 3da564391e8a3ba9e0336b78407e5af1  10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 b339bb5667ca8c8e49a91c52e8763953  x86_64/10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.x86_64.rpm
 6898b9fc463185750f73ca7249d0e079  x86_64/10.2/RPMS/lib64kdecore4-3.3.2-124.1.102mdk.x86_64.rpm
 4d6de10fe1dacfd0f7f5ca727a066d6f  x86_64/10.2/RPMS/lib64kdecore4-devel-3.3.2-124.1.102mdk.x86_64.rpm
 9f45e9f161e746cef2782d8be428fa67  x86_64/10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
 a9848e016ff7b6e468a42f049c1674a8  x86_64/10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
 3da564391e8a3ba9e0336b78407e5af1  x86_64/10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm

 Corporate 3.0:
 8fefa57d6fb048680557990918a44c59  corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.i586.rpm
 cbaf86b446afde95d87ca74b67788ad6  corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
 b9a0035248fdb687d370c3eba66b854e  corporate/3.0/RPMS/libkdecore4-devel-3.2-36.13.C30mdk.i586.rpm
 f6a2b830e0e3810df0fb8d07dc4ac183  corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 2ca4ecccc1afe1a6a1c7793af93fd324  x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.x86_64.rpm
 8f5cad1f3b8577a824b82d1937fdf127  x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.13.C30mdk.x86_64.rpm
 305120c975db121e6e79699d6c7e9ef0  x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.13.C30mdk.x86_64.rpm
 cbaf86b446afde95d87ca74b67788ad6  x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
 f6a2b830e0e3810df0fb8d07dc4ac183  x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCg2/BmqjQ0CJFipgRAplaAJ0azQ0LTUvfY39VLdPZSopTWv1zygCgiflw
qhZt2mYEQ87UYjXGLz0e8Jk=
=KwJu
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ