lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-id: <E1Jefi5-00040p-Jh@artemis.annvix.ca>
Date: Wed, 26 Mar 2008 18:11:13 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:077 ] - Updated perl-Tk packages fix
 GIF processing vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:077
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : perl-Tk
 Date    : March 26, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in perl-Tk was found where specially crafted GIF images
 could crash perl-Tk (an identical issue to that found in php-gd, gd,
 and SDL_image).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 617890813c4fbde09881f93318d8fb0c  2007.0/i586/perl-Tk-804.027-7.1mdv2007.0.i586.rpm
 e9a52dbb6ae3c66329e8804db7540255  2007.0/i586/perl-Tk-devel-804.027-7.1mdv2007.0.i586.rpm
 62ec6966a6e1b75a32cc69ba429383d9  2007.0/i586/perl-Tk-doc-804.027-7.1mdv2007.0.i586.rpm 
 35c904dd5d8fdfcb1289cff6f5683ffd  2007.0/SRPMS/perl-Tk-804.027-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 1c90b8668b367864a7a745e7c5fe7a3e  2007.0/x86_64/perl-Tk-804.027-7.1mdv2007.0.x86_64.rpm
 94e06f5c06bdaaca2387d78f883bd42b  2007.0/x86_64/perl-Tk-devel-804.027-7.1mdv2007.0.x86_64.rpm
 c716b24bd69c972f60d8a77a297571fb  2007.0/x86_64/perl-Tk-doc-804.027-7.1mdv2007.0.x86_64.rpm 
 35c904dd5d8fdfcb1289cff6f5683ffd  2007.0/SRPMS/perl-Tk-804.027-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 ccd8c93b6638f18f44956e3a7976843f  2007.1/i586/perl-Tk-804.027-7.1mdv2007.1.i586.rpm
 6f36c284047f89d996039a4890ef24a5  2007.1/i586/perl-Tk-devel-804.027-7.1mdv2007.1.i586.rpm
 ea68a42b822f65622c08401438e18f3a  2007.1/i586/perl-Tk-doc-804.027-7.1mdv2007.1.i586.rpm 
 ba77b6b3ba20990bb584112edd8a8a11  2007.1/SRPMS/perl-Tk-804.027-7.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 64c30b9a6521ee330c3ab503c7af4a81  2007.1/x86_64/perl-Tk-804.027-7.1mdv2007.1.x86_64.rpm
 3af0d32f148366759bc38b6ebe9d0ed2  2007.1/x86_64/perl-Tk-devel-804.027-7.1mdv2007.1.x86_64.rpm
 a7deec6b34f5ae1b4a2415f184fce3f6  2007.1/x86_64/perl-Tk-doc-804.027-7.1mdv2007.1.x86_64.rpm 
 ba77b6b3ba20990bb584112edd8a8a11  2007.1/SRPMS/perl-Tk-804.027-7.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 c0640864a0032ccb32e154b1eeb31e46  2008.0/i586/perl-Tk-804.027-7.1mdv2008.0.i586.rpm
 cc4587989566c6cc9834aa766a97de70  2008.0/i586/perl-Tk-devel-804.027-7.1mdv2008.0.i586.rpm
 bbff9b65728eb4be47ffd4fdde627364  2008.0/i586/perl-Tk-doc-804.027-7.1mdv2008.0.i586.rpm 
 08a52245b151a07de2f1ff578f5b94d4  2008.0/SRPMS/perl-Tk-804.027-7.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 4784cc19583484e691657d027557e273  2008.0/x86_64/perl-Tk-804.027-7.1mdv2008.0.x86_64.rpm
 e2cb98338952dbcf381ac41755c5bbcf  2008.0/x86_64/perl-Tk-devel-804.027-7.1mdv2008.0.x86_64.rpm
 8f5e35f7f7ddffe3a0bc557fc7124f97  2008.0/x86_64/perl-Tk-doc-804.027-7.1mdv2008.0.x86_64.rpm 
 08a52245b151a07de2f1ff578f5b94d4  2008.0/SRPMS/perl-Tk-804.027-7.1mdv2008.0.src.rpm

 Corporate 3.0:
 664977154c6d3a6cf097535e4e4cffb6  corporate/3.0/i586/perl-Tk-800.024-4.1.C30mdk.i586.rpm
 7ac67c7e4768fda4bc24f64f46de052f  corporate/3.0/i586/perl-Tk-devel-800.024-4.1.C30mdk.i586.rpm
 86a465731211ca4f8b5eb06736580f7a  corporate/3.0/i586/perl-Tk-doc-800.024-4.1.C30mdk.i586.rpm 
 efeb7e3c708c1891dca5291e89a90ffb  corporate/3.0/SRPMS/perl-Tk-800.024-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e273a52a8ce4b4df938f6f1a332c5a9a  corporate/3.0/x86_64/perl-Tk-800.024-4.1.C30mdk.x86_64.rpm
 c626b81ebcca6319a493da41daa64c59  corporate/3.0/x86_64/perl-Tk-devel-800.024-4.1.C30mdk.x86_64.rpm
 59ba63dec80a1409340053b8d036c16a  corporate/3.0/x86_64/perl-Tk-doc-800.024-4.1.C30mdk.x86_64.rpm 
 efeb7e3c708c1891dca5291e89a90ffb  corporate/3.0/SRPMS/perl-Tk-800.024-4.1.C30mdk.src.rpm

 Corporate 4.0:
 40a305aea1ccccac122eeaa29623fc9d  corporate/4.0/i586/perl-Tk-804.027-4.1.20060mlcs4.i586.rpm
 500f724e392a66d8b77883ef45bb0d27  corporate/4.0/i586/perl-Tk-devel-804.027-4.1.20060mlcs4.i586.rpm
 c37c8e2110050388d91fb82f23bc365a  corporate/4.0/i586/perl-Tk-doc-804.027-4.1.20060mlcs4.i586.rpm 
 57e6e403c1e65b45c85ea086a3dcf861  corporate/4.0/SRPMS/perl-Tk-804.027-4.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 33856879c459ad1b8d105860d6a93bdf  corporate/4.0/x86_64/perl-Tk-804.027-4.1.20060mlcs4.x86_64.rpm
 cd1461f7f031beea459abbcecfd74780  corporate/4.0/x86_64/perl-Tk-devel-804.027-4.1.20060mlcs4.x86_64.rpm
 fa087aea0cf09672dd2a25e57461ab15  corporate/4.0/x86_64/perl-Tk-doc-804.027-4.1.20060mlcs4.x86_64.rpm 
 57e6e403c1e65b45c85ea086a3dcf861  corporate/4.0/SRPMS/perl-Tk-804.027-4.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFH6rp4mqjQ0CJFipgRAqQiAJ4i8fJCHSoQbNvC0NicfGKWn7FfmwCePm8Q
V47v9hN1u8VDgaYEMeUm9Qs=
=sPW1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ