| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Feb 2008 19:41:49 -0700 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2008:039 ] - Updated netpbm packages fix buffer overflow vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : netpbm Date : February 7, 2008 Affected: Corporate 3.0 _______________________________________________________________________ Problem Description: A buffer overflow in the giftopnm utility in netpbm prior to version 10.27 could allow attackers to have an unknown impact via a specially crafted GIF file. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0554 _______________________________________________________________________ Updated Packages: Corporate 3.0: a1229db35f2dd0edb45ecf42844fbdd5 corporate/3.0/i586/libnetpbm9-9.24-8.4.C30mdk.i586.rpm b69c7957841b97e6efe2246abc0445b5 corporate/3.0/i586/libnetpbm9-devel-9.24-8.4.C30mdk.i586.rpm 74e8149929edd4a38bc336a6e6ad815e corporate/3.0/i586/libnetpbm9-static-devel-9.24-8.4.C30mdk.i586.rpm 4b24aeaba17c33acc1984d972951e6e0 corporate/3.0/i586/netpbm-9.24-8.4.C30mdk.i586.rpm 09a57b241725ddc94de7aa784cbdcf23 corporate/3.0/SRPMS/netpbm-9.24-8.4.C30mdk.src.rpm Corporate 3.0/X86_64: 5826a02ad4a790a7f0267babd6d07c7b corporate/3.0/x86_64/lib64netpbm9-9.24-8.4.C30mdk.x86_64.rpm 5a878ca5fdfac52fa1982349f067184a corporate/3.0/x86_64/lib64netpbm9-devel-9.24-8.4.C30mdk.x86_64.rpm ee63faa77fbc7f5cf5fdad8b50211297 corporate/3.0/x86_64/lib64netpbm9-static-devel-9.24-8.4.C30mdk.x86_64.rpm 26953a92ce395301140d6eaab20f36c9 corporate/3.0/x86_64/netpbm-9.24-8.4.C30mdk.x86_64.rpm 09a57b241725ddc94de7aa784cbdcf23 corporate/3.0/SRPMS/netpbm-9.24-8.4.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHq5c6mqjQ0CJFipgRAvS6AKDJqnNiXi9S6ipkUCNWFt76wDU9mQCgzZ5t ZCyZ16y1ZW4lgKd/1YgbICc= =lR3k -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists