lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1McpqO-00010K-Nw@titan.mandriva.com>
Date: Mon, 17 Aug 2009 02:13:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:204 ] wxgtk


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:204
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wxgtk
 Date    : August 16, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in wxgtk:
 
 Integer overflow in the wxImage::Create function in
 src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause
 a denial of service (crash) and possibly execute arbitrary code via
 a crafted JPEG file, which triggers a heap-based buffer overflow.
 NOTE: the provenance of this information is unknown; the details are
 obtained solely from third party information (CVE-2009-2369).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2369
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 9dc6e8e719baf1d987f97bbde60712de  2008.1/i586/libwxgtk2.6-2.6.4-14.1mdv2008.1.i586.rpm
 f23c5030971ed93b3c74b879ebbb3b8b  2008.1/i586/libwxgtk2.6-devel-2.6.4-14.1mdv2008.1.i586.rpm
 7cf2e7531b37fc6bc28a791a095d487f  2008.1/i586/libwxgtk2.8-2.8.7-1.1mdv2008.1.i586.rpm
 08620a61436b7199be2be7a9399a34bd  2008.1/i586/libwxgtk2.8-devel-2.8.7-1.1mdv2008.1.i586.rpm
 891255432a74d7d58aeb026a1d3b4109  2008.1/i586/libwxgtkgl2.6-2.6.4-14.1mdv2008.1.i586.rpm
 a396ce4233ad2bae3d4a134abe732645  2008.1/i586/libwxgtkgl2.8-2.8.7-1.1mdv2008.1.i586.rpm
 5d2773bb963bf098176a4a8dc60d365d  2008.1/i586/libwxgtkglu2.6-2.6.4-14.1mdv2008.1.i586.rpm
 48bbf610793fa67426aca1299a9a164b  2008.1/i586/libwxgtkglu2.8-2.8.7-1.1mdv2008.1.i586.rpm
 c4714e02fa1513936752b8aa7f19a808  2008.1/i586/libwxgtku2.6-2.6.4-14.1mdv2008.1.i586.rpm
 ff783e25a50136dc6d3eeb68408ea30b  2008.1/i586/libwxgtku2.6-devel-2.6.4-14.1mdv2008.1.i586.rpm
 e99b37d7d2e75aa6f258e4c6b27a9722  2008.1/i586/libwxgtku2.8-2.8.7-1.1mdv2008.1.i586.rpm
 c5ed76e85ce79e03d353abccbbffbe30  2008.1/i586/libwxgtku2.8-devel-2.8.7-1.1mdv2008.1.i586.rpm
 7d076f5552f8b24410d5e59d138f63bd  2008.1/i586/wxGTK2.6-2.6.4-14.1mdv2008.1.i586.rpm
 08d35eef3c6dd8abaa2956f8a87ebae2  2008.1/i586/wxgtk2.8-2.8.7-1.1mdv2008.1.i586.rpm 
 465ff3df30f3bc8dd91e9b906b38158c  2008.1/SRPMS/wxGTK2.6-2.6.4-14.1mdv2008.1.src.rpm
 9c40827bf45e99abcd306b69ee98b9ff  2008.1/SRPMS/wxgtk2.8-2.8.7-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 69e18858e88cdc6f7422d05164285cf0  2008.1/x86_64/lib64wxgtk2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
 ad79430e27c6bcc118dac5ef82b4ed77  2008.1/x86_64/lib64wxgtk2.6-devel-2.6.4-14.1mdv2008.1.x86_64.rpm
 26281d0605bab2d2a29693a5192129f9  2008.1/x86_64/lib64wxgtk2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
 2402b86fc51ad984a0e8e8d9467003dd  2008.1/x86_64/lib64wxgtk2.8-devel-2.8.7-1.1mdv2008.1.x86_64.rpm
 2b43e583b20a4de1b41e62f9523e2d26  2008.1/x86_64/lib64wxgtkgl2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
 1f76056cc2107e72f67402879513279f  2008.1/x86_64/lib64wxgtkgl2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
 5025b73502e69b720f8ccb0dce5fcd90  2008.1/x86_64/lib64wxgtkglu2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
 8defd7f0ea46c1c503a040c0c1448f2b  2008.1/x86_64/lib64wxgtkglu2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
 5c3fecbd0883787eb696bc61553175fc  2008.1/x86_64/lib64wxgtku2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
 fe57d33c500a5f7996fa8bccf1dbc12b  2008.1/x86_64/lib64wxgtku2.6-devel-2.6.4-14.1mdv2008.1.x86_64.rpm
 dd9063c83d389c68809bdd6a7647bf32  2008.1/x86_64/lib64wxgtku2.8-2.8.7-1.1mdv2008.1.x86_64.rpm
 88fa100cb6e5974ca54de295f6bea515  2008.1/x86_64/lib64wxgtku2.8-devel-2.8.7-1.1mdv2008.1.x86_64.rpm
 0f38542b20b1d098d98ba01ac16d6f1e  2008.1/x86_64/wxGTK2.6-2.6.4-14.1mdv2008.1.x86_64.rpm
 6283212ea1ad0f35d2319e22c64b9019  2008.1/x86_64/wxgtk2.8-2.8.7-1.1mdv2008.1.x86_64.rpm 
 465ff3df30f3bc8dd91e9b906b38158c  2008.1/SRPMS/wxGTK2.6-2.6.4-14.1mdv2008.1.src.rpm
 9c40827bf45e99abcd306b69ee98b9ff  2008.1/SRPMS/wxgtk2.8-2.8.7-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 fd90e9d6aad6676c8584a88f0d2bc814  2009.0/i586/libwxgtk2.6-2.6.4-16.1mdv2009.0.i586.rpm
 f7092574561340ac0feee731e68370a3  2009.0/i586/libwxgtk2.6-devel-2.6.4-16.1mdv2009.0.i586.rpm
 2653b9edb82077d99ca6adb545aa33f8  2009.0/i586/libwxgtk2.8-2.8.8-1.1mdv2009.0.i586.rpm
 9115da0da60f9d56cd7dd4114a185a10  2009.0/i586/libwxgtk2.8-devel-2.8.8-1.1mdv2009.0.i586.rpm
 356d92dfa46d5a07cb78a9bc472de066  2009.0/i586/libwxgtkgl2.6-2.6.4-16.1mdv2009.0.i586.rpm
 fc14ae9b9eb4cfe94b1c5affafd81585  2009.0/i586/libwxgtkgl2.8-2.8.8-1.1mdv2009.0.i586.rpm
 c539553f6e8d15fa555b5e1c70fc317d  2009.0/i586/libwxgtkglu2.6-2.6.4-16.1mdv2009.0.i586.rpm
 28cc63d000b8afd5332a7ce02e755656  2009.0/i586/libwxgtkglu2.8-2.8.8-1.1mdv2009.0.i586.rpm
 9d6eaf37c2c5f645f14881080e369160  2009.0/i586/libwxgtku2.6-2.6.4-16.1mdv2009.0.i586.rpm
 0f91c80b3ce77f51d4c1f5d36e0819f4  2009.0/i586/libwxgtku2.6-devel-2.6.4-16.1mdv2009.0.i586.rpm
 ff86706ea654ea7a468d6363dda6feab  2009.0/i586/libwxgtku2.8-2.8.8-1.1mdv2009.0.i586.rpm
 8c68a793d4c2d757433eea4e77a60f55  2009.0/i586/libwxgtku2.8-devel-2.8.8-1.1mdv2009.0.i586.rpm
 f8a1e00d8b94a7db2609d8a71462f0df  2009.0/i586/wxGTK2.6-2.6.4-16.1mdv2009.0.i586.rpm
 de0c1a62f4cf70af914191defdc7f76e  2009.0/i586/wxgtk2.8-2.8.8-1.1mdv2009.0.i586.rpm 
 e930a36288bf2ff3b8aca22399863eba  2009.0/SRPMS/wxGTK2.6-2.6.4-16.1mdv2009.0.src.rpm
 6bde57c053c58878704038b21c2d1676  2009.0/SRPMS/wxgtk2.8-2.8.8-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 cb965c0dddbe7b7e303ad0b5ebde0cc9  2009.0/x86_64/lib64wxgtk2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
 af54a23998cd6c032fa48f81c228c175  2009.0/x86_64/lib64wxgtk2.6-devel-2.6.4-16.1mdv2009.0.x86_64.rpm
 544d87b36b2a6f99f4435bbb9a7cb2c0  2009.0/x86_64/lib64wxgtk2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
 43f5f90dc44adc7d23831eb428501484  2009.0/x86_64/lib64wxgtk2.8-devel-2.8.8-1.1mdv2009.0.x86_64.rpm
 561630fdbd6989c87912194b2c0777d1  2009.0/x86_64/lib64wxgtkgl2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
 4262b7dc3e62e814e2f31af892d1e7d3  2009.0/x86_64/lib64wxgtkgl2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
 587512fe0e20bda8f15941f298398fcd  2009.0/x86_64/lib64wxgtkglu2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
 fcea1308febc43a1e63798d483aa9b32  2009.0/x86_64/lib64wxgtkglu2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
 c5322379be157f028733dd0409f5f1b0  2009.0/x86_64/lib64wxgtku2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
 c0f8976fd1ea4753fbb35d057f7f6790  2009.0/x86_64/lib64wxgtku2.6-devel-2.6.4-16.1mdv2009.0.x86_64.rpm
 a1a75543ff88ba2077ff8e97d85bb649  2009.0/x86_64/lib64wxgtku2.8-2.8.8-1.1mdv2009.0.x86_64.rpm
 36ab506bcf29555c832026ef8b14d98c  2009.0/x86_64/lib64wxgtku2.8-devel-2.8.8-1.1mdv2009.0.x86_64.rpm
 6d6ac31a5dece6e11bf0b1270a539b97  2009.0/x86_64/wxGTK2.6-2.6.4-16.1mdv2009.0.x86_64.rpm
 370573fa244efd69c2ca1313d8b39320  2009.0/x86_64/wxgtk2.8-2.8.8-1.1mdv2009.0.x86_64.rpm 
 e930a36288bf2ff3b8aca22399863eba  2009.0/SRPMS/wxGTK2.6-2.6.4-16.1mdv2009.0.src.rpm
 6bde57c053c58878704038b21c2d1676  2009.0/SRPMS/wxgtk2.8-2.8.8-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 3979d52a3bd6ccf111f4a40b64ec5eea  2009.1/i586/libwxgtk2.8-2.8.9-3.1mdv2009.1.i586.rpm
 d9d16a58951147f0888bb6a60b1e9d5a  2009.1/i586/libwxgtk2.8-devel-2.8.9-3.1mdv2009.1.i586.rpm
 78bb27f22b501c2240edb0f82defe0a3  2009.1/i586/libwxgtkgl2.8-2.8.9-3.1mdv2009.1.i586.rpm
 03cc02b50295a401f49021689439af76  2009.1/i586/libwxgtkglu2.8-2.8.9-3.1mdv2009.1.i586.rpm
 db1398114cde348c62e3fb56752b17fe  2009.1/i586/libwxgtku2.8-2.8.9-3.1mdv2009.1.i586.rpm
 69bceb618bee5154fc1be7ebed3c36cc  2009.1/i586/libwxgtku2.8-devel-2.8.9-3.1mdv2009.1.i586.rpm
 328f826b7f8981ecbad53123547e3d86  2009.1/i586/wxgtk2.8-2.8.9-3.1mdv2009.1.i586.rpm 
 d845e40860f9222aa10525e0fdf77d49  2009.1/SRPMS/wxgtk2.8-2.8.9-3.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 3ea359aa650974fe4eade365d7735d26  2009.1/x86_64/lib64wxgtk2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
 0b521987ee5a1374e409a1cc480fe9ce  2009.1/x86_64/lib64wxgtk2.8-devel-2.8.9-3.1mdv2009.1.x86_64.rpm
 9782e47812d647a3ee0ad8ab7a334a3a  2009.1/x86_64/lib64wxgtkgl2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
 837559e31c0e56ef10c722439cf911c3  2009.1/x86_64/lib64wxgtkglu2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
 0b92147cce6dedf0389f105648444c2a  2009.1/x86_64/lib64wxgtku2.8-2.8.9-3.1mdv2009.1.x86_64.rpm
 2a29085953161be80ecf2a3b5c69352b  2009.1/x86_64/lib64wxgtku2.8-devel-2.8.9-3.1mdv2009.1.x86_64.rpm
 ec4d61fc4898e4786f418c3e13d84fb8  2009.1/x86_64/wxgtk2.8-2.8.9-3.1mdv2009.1.x86_64.rpm 
 d845e40860f9222aa10525e0fdf77d49  2009.1/SRPMS/wxgtk2.8-2.8.9-3.1mdv2009.1.src.rpm

 Corporate 4.0:
 dc4c6e0a79098643d963619b60e7cd9e  corporate/4.0/i586/libwxgtk2.6-2.6.1-1.1.20060mlcs4.i586.rpm
 e205de34a2ec8bb2ef63133e01e17608  corporate/4.0/i586/libwxgtk2.6-devel-2.6.1-1.1.20060mlcs4.i586.rpm
 8c7ae887633a1c98883321a54fa3ca14  corporate/4.0/i586/libwxgtkgl2.6-2.6.1-1.1.20060mlcs4.i586.rpm
 da12877bb22222c307a15b93808aad2c  corporate/4.0/i586/libwxgtkglu2.6-2.6.1-1.1.20060mlcs4.i586.rpm
 fe783f2a999f1ad7bd7523d39f4b5685  corporate/4.0/i586/libwxgtku2.6-2.6.1-1.1.20060mlcs4.i586.rpm
 ec16a26ad50a9d2b9c5743ae5fac7cae  corporate/4.0/i586/libwxgtku2.6-devel-2.6.1-1.1.20060mlcs4.i586.rpm
 056219b0008826fa1ac1696d1f4ff432  corporate/4.0/i586/wxGTK2.6-2.6.1-1.1.20060mlcs4.i586.rpm 
 8d8b3aba0a3e22d707f28cb9f8608ef4  corporate/4.0/SRPMS/wxGTK2.6-2.6.1-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 32e416f12f857045a2745d61b3f90f5d  corporate/4.0/x86_64/lib64wxgtk2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
 861a866b3c5aa376930190e9046e4eb3  corporate/4.0/x86_64/lib64wxgtk2.6-devel-2.6.1-1.1.20060mlcs4.x86_64.rpm
 77f2d6060c1eb83e06533537984d194b  corporate/4.0/x86_64/lib64wxgtkgl2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
 be0a40d1a42feb11f1186b43d5c24e6d  corporate/4.0/x86_64/lib64wxgtkglu2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
 61b49d21b5da866d3e85626073f102b9  corporate/4.0/x86_64/lib64wxgtku2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm
 ab88d380ffd073f308b155066fb85523  corporate/4.0/x86_64/lib64wxgtku2.6-devel-2.6.1-1.1.20060mlcs4.x86_64.rpm
 35f808f8cd59723580659ceb2ff81800  corporate/4.0/x86_64/wxGTK2.6-2.6.1-1.1.20060mlcs4.x86_64.rpm 
 8d8b3aba0a3e22d707f28cb9f8608ef4  corporate/4.0/SRPMS/wxGTK2.6-2.6.1-1.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 b9949389f8c2f255f7c08d4deee8a205  mes5/i586/libwxgtk2.8-2.8.8-1.1mdvmes5.i586.rpm
 62e01f7fac4ddcad704dcc44d8a20f18  mes5/i586/libwxgtk2.8-devel-2.8.8-1.1mdvmes5.i586.rpm
 ac213b138398076f018d0c3f22138d26  mes5/i586/libwxgtkgl2.8-2.8.8-1.1mdvmes5.i586.rpm
 1007cc1c288d2dd0ea49a11a69314744  mes5/i586/libwxgtkglu2.8-2.8.8-1.1mdvmes5.i586.rpm
 55ca51004e86b7393efe71e21a1cbc4b  mes5/i586/libwxgtku2.8-2.8.8-1.1mdvmes5.i586.rpm
 76ad64e12a1785e5344003ad93262dbb  mes5/i586/libwxgtku2.8-devel-2.8.8-1.1mdvmes5.i586.rpm
 26fa6078f737e69ab3024047c1591a4a  mes5/i586/wxgtk2.8-2.8.8-1.1mdvmes5.i586.rpm 
 8d25aab35d794053627efec49dc73b50  mes5/SRPMS/wxgtk2.8-2.8.8-1.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 685a0e502184adff3ebb251eb0f65d7f  mes5/x86_64/lib64wxgtk2.8-2.8.8-1.1mdvmes5.x86_64.rpm
 461ec9738183f7474f3765aefddff47e  mes5/x86_64/lib64wxgtk2.8-devel-2.8.8-1.1mdvmes5.x86_64.rpm
 78c67aaacdf55179d499fbba0b742de0  mes5/x86_64/lib64wxgtkgl2.8-2.8.8-1.1mdvmes5.x86_64.rpm
 88ed2a84aeed286a2e6234e7740d5fd3  mes5/x86_64/lib64wxgtkglu2.8-2.8.8-1.1mdvmes5.x86_64.rpm
 f40bcaac3f32956e83d85ed7ba318c79  mes5/x86_64/lib64wxgtku2.8-2.8.8-1.1mdvmes5.x86_64.rpm
 4087d948db042660433e8f231b893b42  mes5/x86_64/lib64wxgtku2.8-devel-2.8.8-1.1mdvmes5.x86_64.rpm
 1566dd6943961d3e43027716539ba072  mes5/x86_64/wxgtk2.8-2.8.8-1.1mdvmes5.x86_64.rpm 
 8d25aab35d794053627efec49dc73b50  mes5/SRPMS/wxgtk2.8-2.8.8-1.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKiHKwmqjQ0CJFipgRApvpAKDOu03RiPsa87evchns6DdzX4qznQCfYKbn
aNUc9rmakeIt34fk4FfpC4Y=
=Pna2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ