[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1McpqO-00010K-Nw@titan.mandriva.com>
Date: Mon, 17 Aug 2009 02:13:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:204 ] wxgtk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:204
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wxgtk
Date : August 16, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in wxgtk:
Integer overflow in the wxImage::Create function in
src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause
a denial of service (crash) and possibly execute arbitrary code via
a crafted JPEG file, which triggers a heap-based buffer overflow.
NOTE: the provenance of this information is unknown; the details are
obtained solely from third party information (CVE-2009-2369).
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2369
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
9dc6e8e719baf1d987f97bbde60712de 2008.1/i586/libwxgtk2.6-2.6.4-14.1mdv2008.1.i586.rpm
f23c5030971ed93b3c74b879ebbb3b8b 2008.1/i586/libwxgtk2.6-devel-2.6.4-14.1mdv2008.1.i586.rpm
7cf2e7531b37fc6bc28a791a095d487f 2008.1/i586/libwxgtk2.8-2.8.7-1.1mdv2008.1.i586.rpm
08620a61436b7199be2be7a9399a34bd 2008.1/i586/libwxgtk2.8-devel-2.8.7-1.1mdv2008.1.i586.rpm
891255432a74d7d58aeb026a1d3b4109 2008.1/i586/libwxgtkgl2.6-2.6.4-14.1mdv2008.1.i586.rpm
a396ce4233ad2bae3d4a134abe732645 2008.1/i586/libwxgtkgl2.8-2.8.7-1.1mdv2008.1.i586.rpm
5d2773bb963bf098176a4a8dc60d365d 2008.1/i586/libwxgtkglu2.6-2.6.4-14.1mdv2008.1.i586.rpm
48bbf610793fa67426aca1299a9a164b 2008.1/i586/libwxgtkglu2.8-2.8.7-1.1mdv2008.1.i586.rpm
c4714e02fa1513936752b8aa7f19a808 2008.1/i586/libwxgtku2.6-2.6.4-14.1mdv2008.1.i586.rpm
ff783e25a50136dc6d3eeb68408ea30b 2008.1/i586/libwxgtku2.6-devel-2.6.4-14.1mdv2008.1.i586.rpm
e99b37d7d2e75aa6f258e4c6b27a9722 2008.1/i586/libwxgtku2.8-2.8.7-1.1mdv2008.1.i586.rpm
c5ed76e85ce79e03d353abccbbffbe30 2008.1/i586/libwxgtku2.8-devel-2.8.7-1.1mdv2008.1.i586.rpm
7d076f5552f8b24410d5e59d138f63bd 2008.1/i586/wxGTK2.6-2.6.4-14.1mdv2008.1.i586.rpm
08d35eef3c6dd8abaa2956f8a87ebae2 2008.1/i586/wxgtk2.8-2.8.7-1.1mdv2008.1.i586.rpm
465ff3df30f3bc8dd91e9b906b38158c 2008.1/SRPMS/wxGTK2.6-2.6.4-14.1mdv2008.1.src.rpm
9c40827bf45e99abcd306b69ee98b9ff 2008.1/SRPMS/wxgtk2.8-2.8.7-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
69e18858e88cdc6f7422d05164285cf0 2008.1/x86_64/lib64wxgtk2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
ad79430e27c6bcc118dac5ef82b4ed77 2008.1/x86_64/lib64wxgtk2.6-devel-2.6.4-14.1mdv2008.1.x86_64.rpm
26281d0605bab2d2a29693a5192129f9 2008.1/x86_64/lib64wxgtk2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
2402b86fc51ad984a0e8e8d9467003dd 2008.1/x86_64/lib64wxgtk2.8-devel-2.8.7-1.1mdv2008.1.x86_64.rpm
2b43e583b20a4de1b41e62f9523e2d26 2008.1/x86_64/lib64wxgtkgl2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
1f76056cc2107e72f67402879513279f 2008.1/x86_64/lib64wxgtkgl2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
5025b73502e69b720f8ccb0dce5fcd90 2008.1/x86_64/lib64wxgtkglu2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
8defd7f0ea46c1c503a040c0c1448f2b 2008.1/x86_64/lib64wxgtkglu2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
5c3fecbd0883787eb696bc61553175fc 2008.1/x86_64/lib64wxgtku2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
fe57d33c500a5f7996fa8bccf1dbc12b 2008.1/x86_64/lib64wxgtku2.6-devel-2.6.4-14.1mdv2008.1.x86_64.rpm
dd9063c83d389c68809bdd6a7647bf32 2008.1/x86_64/lib64wxgtku2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
88fa100cb6e5974ca54de295f6bea515 2008.1/x86_64/lib64wxgtku2.8-devel-2.8.7-1.1mdv2008.1.x86_64.rpm
0f38542b20b1d098d98ba01ac16d6f1e 2008.1/x86_64/wxGTK2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
6283212ea1ad0f35d2319e22c64b9019 2008.1/x86_64/wxgtk2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
465ff3df30f3bc8dd91e9b906b38158c 2008.1/SRPMS/wxGTK2.6-2.6.4-14.1mdv2008.1.src.rpm
9c40827bf45e99abcd306b69ee98b9ff 2008.1/SRPMS/wxgtk2.8-2.8.7-1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
fd90e9d6aad6676c8584a88f0d2bc814 2009.0/i586/libwxgtk2.6-2.6.4-16.1mdv2009.0.i586.rpm
f7092574561340ac0feee731e68370a3 2009.0/i586/libwxgtk2.6-devel-2.6.4-16.1mdv2009.0.i586.rpm
2653b9edb82077d99ca6adb545aa33f8 2009.0/i586/libwxgtk2.8-2.8.8-1.1mdv2009.0.i586.rpm
9115da0da60f9d56cd7dd4114a185a10 2009.0/i586/libwxgtk2.8-devel-2.8.8-1.1mdv2009.0.i586.rpm
356d92dfa46d5a07cb78a9bc472de066 2009.0/i586/libwxgtkgl2.6-2.6.4-16.1mdv2009.0.i586.rpm
fc14ae9b9eb4cfe94b1c5affafd81585 2009.0/i586/libwxgtkgl2.8-2.8.8-1.1mdv2009.0.i586.rpm
c539553f6e8d15fa555b5e1c70fc317d 2009.0/i586/libwxgtkglu2.6-2.6.4-16.1mdv2009.0.i586.rpm
28cc63d000b8afd5332a7ce02e755656 2009.0/i586/libwxgtkglu2.8-2.8.8-1.1mdv2009.0.i586.rpm
9d6eaf37c2c5f645f14881080e369160 2009.0/i586/libwxgtku2.6-2.6.4-16.1mdv2009.0.i586.rpm
0f91c80b3ce77f51d4c1f5d36e0819f4 2009.0/i586/libwxgtku2.6-devel-2.6.4-16.1mdv2009.0.i586.rpm
ff86706ea654ea7a468d6363dda6feab 2009.0/i586/libwxgtku2.8-2.8.8-1.1mdv2009.0.i586.rpm
8c68a793d4c2d757433eea4e77a60f55 2009.0/i586/libwxgtku2.8-devel-2.8.8-1.1mdv2009.0.i586.rpm
f8a1e00d8b94a7db2609d8a71462f0df 2009.0/i586/wxGTK2.6-2.6.4-16.1mdv2009.0.i586.rpm
de0c1a62f4cf70af914191defdc7f76e 2009.0/i586/wxgtk2.8-2.8.8-1.1mdv2009.0.i586.rpm
e930a36288bf2ff3b8aca22399863eba 2009.0/SRPMS/wxGTK2.6-2.6.4-16.1mdv2009.0.src.rpm
6bde57c053c58878704038b21c2d1676 2009.0/SRPMS/wxgtk2.8-2.8.8-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
cb965c0dddbe7b7e303ad0b5ebde0cc9 2009.0/x86_64/lib64wxgtk2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
af54a23998cd6c032fa48f81c228c175 2009.0/x86_64/lib64wxgtk2.6-devel-2.6.4-16.1mdv2009.0.x86_64.rpm
544d87b36b2a6f99f4435bbb9a7cb2c0 2009.0/x86_64/lib64wxgtk2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
43f5f90dc44adc7d23831eb428501484 2009.0/x86_64/lib64wxgtk2.8-devel-2.8.8-1.1mdv2009.0.x86_64.rpm
561630fdbd6989c87912194b2c0777d1 2009.0/x86_64/lib64wxgtkgl2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
4262b7dc3e62e814e2f31af892d1e7d3 2009.0/x86_64/lib64wxgtkgl2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
587512fe0e20bda8f15941f298398fcd 2009.0/x86_64/lib64wxgtkglu2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
fcea1308febc43a1e63798d483aa9b32 2009.0/x86_64/lib64wxgtkglu2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
c5322379be157f028733dd0409f5f1b0 2009.0/x86_64/lib64wxgtku2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
c0f8976fd1ea4753fbb35d057f7f6790 2009.0/x86_64/lib64wxgtku2.6-devel-2.6.4-16.1mdv2009.0.x86_64.rpm
a1a75543ff88ba2077ff8e97d85bb649 2009.0/x86_64/lib64wxgtku2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
36ab506bcf29555c832026ef8b14d98c 2009.0/x86_64/lib64wxgtku2.8-devel-2.8.8-1.1mdv2009.0.x86_64.rpm
6d6ac31a5dece6e11bf0b1270a539b97 2009.0/x86_64/wxGTK2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
370573fa244efd69c2ca1313d8b39320 2009.0/x86_64/wxgtk2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
e930a36288bf2ff3b8aca22399863eba 2009.0/SRPMS/wxGTK2.6-2.6.4-16.1mdv2009.0.src.rpm
6bde57c053c58878704038b21c2d1676 2009.0/SRPMS/wxgtk2.8-2.8.8-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
3979d52a3bd6ccf111f4a40b64ec5eea 2009.1/i586/libwxgtk2.8-2.8.9-3.1mdv2009.1.i586.rpm
d9d16a58951147f0888bb6a60b1e9d5a 2009.1/i586/libwxgtk2.8-devel-2.8.9-3.1mdv2009.1.i586.rpm
78bb27f22b501c2240edb0f82defe0a3 2009.1/i586/libwxgtkgl2.8-2.8.9-3.1mdv2009.1.i586.rpm
03cc02b50295a401f49021689439af76 2009.1/i586/libwxgtkglu2.8-2.8.9-3.1mdv2009.1.i586.rpm
db1398114cde348c62e3fb56752b17fe 2009.1/i586/libwxgtku2.8-2.8.9-3.1mdv2009.1.i586.rpm
69bceb618bee5154fc1be7ebed3c36cc 2009.1/i586/libwxgtku2.8-devel-2.8.9-3.1mdv2009.1.i586.rpm
328f826b7f8981ecbad53123547e3d86 2009.1/i586/wxgtk2.8-2.8.9-3.1mdv2009.1.i586.rpm
d845e40860f9222aa10525e0fdf77d49 2009.1/SRPMS/wxgtk2.8-2.8.9-3.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
3ea359aa650974fe4eade365d7735d26 2009.1/x86_64/lib64wxgtk2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
0b521987ee5a1374e409a1cc480fe9ce 2009.1/x86_64/lib64wxgtk2.8-devel-2.8.9-3.1mdv2009.1.x86_64.rpm
9782e47812d647a3ee0ad8ab7a334a3a 2009.1/x86_64/lib64wxgtkgl2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
837559e31c0e56ef10c722439cf911c3 2009.1/x86_64/lib64wxgtkglu2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
0b92147cce6dedf0389f105648444c2a 2009.1/x86_64/lib64wxgtku2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
2a29085953161be80ecf2a3b5c69352b 2009.1/x86_64/lib64wxgtku2.8-devel-2.8.9-3.1mdv2009.1.x86_64.rpm
ec4d61fc4898e4786f418c3e13d84fb8 2009.1/x86_64/wxgtk2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
d845e40860f9222aa10525e0fdf77d49 2009.1/SRPMS/wxgtk2.8-2.8.9-3.1mdv2009.1.src.rpm
Corporate 4.0:
dc4c6e0a79098643d963619b60e7cd9e corporate/4.0/i586/libwxgtk2.6-2.6.1-1.1.20060mlcs4.i586.rpm
e205de34a2ec8bb2ef63133e01e17608 corporate/4.0/i586/libwxgtk2.6-devel-2.6.1-1.1.20060mlcs4.i586.rpm
8c7ae887633a1c98883321a54fa3ca14 corporate/4.0/i586/libwxgtkgl2.6-2.6.1-1.1.20060mlcs4.i586.rpm
da12877bb22222c307a15b93808aad2c corporate/4.0/i586/libwxgtkglu2.6-2.6.1-1.1.20060mlcs4.i586.rpm
fe783f2a999f1ad7bd7523d39f4b5685 corporate/4.0/i586/libwxgtku2.6-2.6.1-1.1.20060mlcs4.i586.rpm
ec16a26ad50a9d2b9c5743ae5fac7cae corporate/4.0/i586/libwxgtku2.6-devel-2.6.1-1.1.20060mlcs4.i586.rpm
056219b0008826fa1ac1696d1f4ff432 corporate/4.0/i586/wxGTK2.6-2.6.1-1.1.20060mlcs4.i586.rpm
8d8b3aba0a3e22d707f28cb9f8608ef4 corporate/4.0/SRPMS/wxGTK2.6-2.6.1-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
32e416f12f857045a2745d61b3f90f5d corporate/4.0/x86_64/lib64wxgtk2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
861a866b3c5aa376930190e9046e4eb3 corporate/4.0/x86_64/lib64wxgtk2.6-devel-2.6.1-1.1.20060mlcs4.x86_64.rpm
77f2d6060c1eb83e06533537984d194b corporate/4.0/x86_64/lib64wxgtkgl2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
be0a40d1a42feb11f1186b43d5c24e6d corporate/4.0/x86_64/lib64wxgtkglu2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
61b49d21b5da866d3e85626073f102b9 corporate/4.0/x86_64/lib64wxgtku2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
ab88d380ffd073f308b155066fb85523 corporate/4.0/x86_64/lib64wxgtku2.6-devel-2.6.1-1.1.20060mlcs4.x86_64.rpm
35f808f8cd59723580659ceb2ff81800 corporate/4.0/x86_64/wxGTK2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
8d8b3aba0a3e22d707f28cb9f8608ef4 corporate/4.0/SRPMS/wxGTK2.6-2.6.1-1.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
b9949389f8c2f255f7c08d4deee8a205 mes5/i586/libwxgtk2.8-2.8.8-1.1mdvmes5.i586.rpm
62e01f7fac4ddcad704dcc44d8a20f18 mes5/i586/libwxgtk2.8-devel-2.8.8-1.1mdvmes5.i586.rpm
ac213b138398076f018d0c3f22138d26 mes5/i586/libwxgtkgl2.8-2.8.8-1.1mdvmes5.i586.rpm
1007cc1c288d2dd0ea49a11a69314744 mes5/i586/libwxgtkglu2.8-2.8.8-1.1mdvmes5.i586.rpm
55ca51004e86b7393efe71e21a1cbc4b mes5/i586/libwxgtku2.8-2.8.8-1.1mdvmes5.i586.rpm
76ad64e12a1785e5344003ad93262dbb mes5/i586/libwxgtku2.8-devel-2.8.8-1.1mdvmes5.i586.rpm
26fa6078f737e69ab3024047c1591a4a mes5/i586/wxgtk2.8-2.8.8-1.1mdvmes5.i586.rpm
8d25aab35d794053627efec49dc73b50 mes5/SRPMS/wxgtk2.8-2.8.8-1.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
685a0e502184adff3ebb251eb0f65d7f mes5/x86_64/lib64wxgtk2.8-2.8.8-1.1mdvmes5.x86_64.rpm
461ec9738183f7474f3765aefddff47e mes5/x86_64/lib64wxgtk2.8-devel-2.8.8-1.1mdvmes5.x86_64.rpm
78c67aaacdf55179d499fbba0b742de0 mes5/x86_64/lib64wxgtkgl2.8-2.8.8-1.1mdvmes5.x86_64.rpm
88ed2a84aeed286a2e6234e7740d5fd3 mes5/x86_64/lib64wxgtkglu2.8-2.8.8-1.1mdvmes5.x86_64.rpm
f40bcaac3f32956e83d85ed7ba318c79 mes5/x86_64/lib64wxgtku2.8-2.8.8-1.1mdvmes5.x86_64.rpm
4087d948db042660433e8f231b893b42 mes5/x86_64/lib64wxgtku2.8-devel-2.8.8-1.1mdvmes5.x86_64.rpm
1566dd6943961d3e43027716539ba072 mes5/x86_64/wxgtk2.8-2.8.8-1.1mdvmes5.x86_64.rpm
8d25aab35d794053627efec49dc73b50 mes5/SRPMS/wxgtk2.8-2.8.8-1.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKiHKwmqjQ0CJFipgRApvpAKDOu03RiPsa87evchns6DdzX4qznQCfYKbn
aNUc9rmakeIt34fk4FfpC4Y=
=Pna2
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists