lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NInOq-0004Po-Iv@titan.mandriva.com>
Date: Thu, 10 Dec 2009 19:06:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:331 ] kdegraphics


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:331
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kdegraphics
 Date    : December 10, 2009
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in kdegraphics:
 
 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
 and earlier allow remote attackers to cause a denial of service
 (crash) via a crafted PDF file, related to (1) setBitmap and (2)
 readSymbolDictSeg (CVE-2009-0146).
 
 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
 earlier allow remote attackers to cause a denial of service (crash)
 via a crafted PDF file (CVE-2009-0147).
 
 The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
 to cause a denial of service (crash) via a crafted PDF file that
 triggers a free of uninitialized memory (CVE-2009-0166).
 
 Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
 (application crash) or possibly execute arbitrary code via a crafted
 PDF file that triggers a heap-based buffer overflow, possibly
 related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)
 JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/.  NOTE: the
 JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791).
 
 Use-after-free vulnerability in the garbage-collection implementation
 in WebCore in WebKit in Apple Safari before 4.0 allows remote
 attackers to execute arbitrary code or cause a denial of service
 (heap corruption and application crash) via an SVG animation element,
 related to SVG set objects, SVG marker elements, the targetElement
 attribute, and unspecified caches. (CVE-2009-1709).
 
 WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple
 Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote
 attackers to execute arbitrary code via a crafted SVGList object that
 triggers memory corruption (CVE-2009-0945).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 0ec7bf7b568cd017c976b581046a4665  corporate/4.0/i586/kdegraphics-3.5.4-0.9.20060mlcs4.i586.rpm
 32bf2180033208d0d7fb98a1670f76ef  corporate/4.0/i586/kdegraphics-common-3.5.4-0.9.20060mlcs4.i586.rpm
 fc4d07f38b7c38a41924a87d1da87a7b  corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.i586.rpm
 60ac7ec91991f24378608445602156b4  corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.i586.rpm
 e23a46f8928ff9bf43dfb85d030d66f4  corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.i586.rpm
 0da4d8567fd0102fa3b71e14d7e77cce  corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.i586.rpm
 71e5fc67191644df05dc3eeaf3eea182  corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm
 5f712336e95e534ee5438bd6b601a6d5  corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.i586.rpm
 b37b6097ac674ebc3296125ed1c33615  corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.i586.rpm
 d873b5de956fa6f936135a0046387bf1  corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.i586.rpm
 2474e300ccd833db71a756b34d9fec94  corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.i586.rpm
 0454ff14fce7eda256890967555693bb  corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm
 bd79021aab7f406657774da069cc677d  corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.i586.rpm
 5ab29c519209bc802613729896d84c63  corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.i586.rpm
 771cf8aa682b615babcc8748cc09f4a9  corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm
 1445a204c7aa0dae1eefab7b0d5f5839  corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.i586.rpm
 fbd113f1442541e0cb05b624a2e08c74  corporate/4.0/i586/kdegraphics-kview-3.5.4-0.9.20060mlcs4.i586.rpm
 94dec05663eb9499d974ba3d6b14e885  corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.i586.rpm
 86ca6e187a798897c25d5c9a66112b96  corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.9.20060mlcs4.i586.rpm
 ed07099f0f6983c87188cd7cbe6fa4f5  corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 978a543e6af07842a0facab486419848  corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm
 9a7f4cf394eda5f91fe2d288bf6f6248  corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 c47855bb4af164237de071eca478b852  corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.9.20060mlcs4.i586.rpm
 61361d801c9e0bfc677147a0ebed83cc  corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 78333238aa1949fbd32f4bbe17587819  corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm
 cd42ba63d5df96750d5e0b65662a16c7  corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 45077a5366e72fd55f7ddf819ce087f9  corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm
 efbe90c91e2762073332c0994bdf0349  corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 4acdcf255082a2bb7328a4ac805dbcaa  corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.9.20060mlcs4.i586.rpm
 fddafb351cdd4da03e33f08d4af73622  corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.i586.rpm 
 64deef0a4a406a04f476f5263478d2e3  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0fd67ad8a003f2cc7b4b5b0f295af59e  corporate/4.0/x86_64/kdegraphics-3.5.4-0.9.20060mlcs4.x86_64.rpm
 1e62299bf29230174331f43de7215366  corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.9.20060mlcs4.x86_64.rpm
 a9c5b4e3f0db3db937261c8f504c44ca  corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.x86_64.rpm
 0c0cfaf7fb1fe22bac1740425df135b2  corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.x86_64.rpm
 9e961f83cdc9734007f9d5a90f4c888c  corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.x86_64.rpm
 a7a5204dadd20443f879cc696906ed70  corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.x86_64.rpm
 1bfb78ecd8e44dc61c48dad786238bad  corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm
 ddf5c19dbfcc64bb227173cb331dd661  corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.x86_64.rpm
 3b77da395b388a38a39805244ffb45dc  corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.x86_64.rpm
 52a4a93e2655edafc36d2e75c4adacb0  corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm
 6f4cdfee02441d22543b93252023490c  corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.x86_64.rpm
 e7351156f775cda56b9a026d6d230b66  corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm
 54062812371d272f1f7115143d750d18  corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.x86_64.rpm
 7967101313636798c9e67d7d6d9f7e8e  corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.x86_64.rpm
 db3dc6a00c46848ae9a31f8db2adb76b  corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm
 7bf017292f4ea7eb0007e30ee5f7ea06  corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.x86_64.rpm
 ea3a9b102557f7b71e5988b11812fb9d  corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm
 49ce4f2918d3ca3a726f157db4e326ff  corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.x86_64.rpm
 37962c005b21c9f034168193ac143686  corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.9.20060mlcs4.x86_64.rpm
 78bc99fdf48570c57b8d8e04578d0b0f  corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 f2627650fccc5194666844f18ff6a2e9  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm
 d6031ac8e48c554df0456a5c6ca25a6c  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 e485c792b85edd25c29025900c71d9a5  corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm
 c9d19e68cc7d9b1c17fce9f572c063d7  corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 c984a53011f393d7cbb6f2cc0774efa3  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm
 8d1c6a2c8eaf161632f5a333bd1639d8  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 0f066ee3e189779638a4c5d7c6d08b78  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm
 7efa7c6905de7b624e95ea8ba16088d8  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 e407dc0360d9108ce56b58b0bbce8d7e  corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm
 a1227e9c72b228994582c91678763e1e  corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm 
 64deef0a4a406a04f476f5263478d2e3  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLIQ2nmqjQ0CJFipgRAtveAKDD76Mn1SvVN71DMEESnFqN7Qk5+wCdGGMa
H2tf9QJ8H8rPmPybWHl8Yxs=
=DMWI
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ