[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P9M25-0001m7-FT@titan.mandriva.com>
Date: Fri, 22 Oct 2010 20:08:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:209 ] libsmi
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:209
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libsmi
Date : October 22, 2010
Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A buffer overflow was discovered in libsmi when long OID was given
in numerical form. This could lead to arbitraty code execution
(CVE-2010-2891).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2891
http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
230070b589c65215e5c2462463cb7280 2009.0/i586/libsmi2-0.4.8-2.1mdv2009.0.i586.rpm
27ef87b85757b01b77be1cda5a198b34 2009.0/i586/libsmi-devel-0.4.8-2.1mdv2009.0.i586.rpm
c48898a4d4e851a11978caf4b8395035 2009.0/i586/libsmi-mibs-ext-0.4.8-2.1mdv2009.0.i586.rpm
ae5df441f158148e1e57347ef68cd886 2009.0/i586/libsmi-mibs-std-0.4.8-2.1mdv2009.0.i586.rpm
d01c84bbc5e6d56bb7396471c551084c 2009.0/i586/smi-tools-0.4.8-2.1mdv2009.0.i586.rpm
fdeeda9fd49068794ee90be9d3dddc0b 2009.0/SRPMS/libsmi-0.4.8-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
bf768c77731e82ecb9a7c4a45d27975a 2009.0/x86_64/lib64smi2-0.4.8-2.1mdv2009.0.x86_64.rpm
b09420d25560cc97549d084886bb340b 2009.0/x86_64/lib64smi-devel-0.4.8-2.1mdv2009.0.x86_64.rpm
b08a913fefdf57efe581099998677fab 2009.0/x86_64/libsmi-mibs-ext-0.4.8-2.1mdv2009.0.x86_64.rpm
4025d3e79d863b2dfb7a40caa32e6697 2009.0/x86_64/libsmi-mibs-std-0.4.8-2.1mdv2009.0.x86_64.rpm
3370c7c4b7aa20513c9a0a54ed67c6b2 2009.0/x86_64/smi-tools-0.4.8-2.1mdv2009.0.x86_64.rpm
fdeeda9fd49068794ee90be9d3dddc0b 2009.0/SRPMS/libsmi-0.4.8-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
23bcdfc5e4ee3ce28137594d9eb65ce9 2009.1/i586/libsmi2-0.4.8-2.1mdv2009.1.i586.rpm
6599eda64457ef7b1cf29fa3dcdb5ce6 2009.1/i586/libsmi-devel-0.4.8-2.1mdv2009.1.i586.rpm
d468ad3f6273e03436a365149c362769 2009.1/i586/libsmi-mibs-ext-0.4.8-2.1mdv2009.1.i586.rpm
6f6c526d5c644f291503c26e2587c9bf 2009.1/i586/libsmi-mibs-std-0.4.8-2.1mdv2009.1.i586.rpm
a8d8658729676ed8b580c3ec7d10a20b 2009.1/i586/smi-tools-0.4.8-2.1mdv2009.1.i586.rpm
105620bf63d91960d4b7f37ebfe3ac20 2009.1/SRPMS/libsmi-0.4.8-2.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
bb8f235d85d96d3d62c0e9c8fa9eb627 2009.1/x86_64/lib64smi2-0.4.8-2.1mdv2009.1.x86_64.rpm
52b773ca8e2357b8f431a7d5bdfac23f 2009.1/x86_64/lib64smi-devel-0.4.8-2.1mdv2009.1.x86_64.rpm
3ce3f55a6a0ffc31533a74dfee891529 2009.1/x86_64/libsmi-mibs-ext-0.4.8-2.1mdv2009.1.x86_64.rpm
a32b5ea9bf1696e153a7e4458ad9af23 2009.1/x86_64/libsmi-mibs-std-0.4.8-2.1mdv2009.1.x86_64.rpm
98d7fdce1fba4411d53ecf7ea27d9cfc 2009.1/x86_64/smi-tools-0.4.8-2.1mdv2009.1.x86_64.rpm
105620bf63d91960d4b7f37ebfe3ac20 2009.1/SRPMS/libsmi-0.4.8-2.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
d13a39dcf5ee9be9fb667f7692491063 2010.0/i586/libsmi2-0.4.8-4.1mdv2010.0.i586.rpm
beffc6933095ee39d9c3c3cf6c54b1e9 2010.0/i586/libsmi-devel-0.4.8-4.1mdv2010.0.i586.rpm
21dce9fd5be4444edafd5987c818a443 2010.0/i586/libsmi-mibs-ext-0.4.8-4.1mdv2010.0.i586.rpm
82192daea352c5a59fbb360244ce75de 2010.0/i586/libsmi-mibs-std-0.4.8-4.1mdv2010.0.i586.rpm
4e2f59c6cff179e2d99feb43e99f1b99 2010.0/i586/smi-tools-0.4.8-4.1mdv2010.0.i586.rpm
ffd1804f2ebdebcd9e2782e54a9b5ff7 2010.0/SRPMS/libsmi-0.4.8-4.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
7e6a22aff548103c54dd9bb8c52af3d7 2010.0/x86_64/lib64smi2-0.4.8-4.1mdv2010.0.x86_64.rpm
0c8fe479f949478c854bb2b3bb7124c2 2010.0/x86_64/lib64smi-devel-0.4.8-4.1mdv2010.0.x86_64.rpm
871fdd4f8067444f07d3b4a93877035e 2010.0/x86_64/libsmi-mibs-ext-0.4.8-4.1mdv2010.0.x86_64.rpm
ace6aa0ec8efc29c5d5394bca4162b5d 2010.0/x86_64/libsmi-mibs-std-0.4.8-4.1mdv2010.0.x86_64.rpm
0b1486fe89a86d57a4d8d7f80935f91b 2010.0/x86_64/smi-tools-0.4.8-4.1mdv2010.0.x86_64.rpm
ffd1804f2ebdebcd9e2782e54a9b5ff7 2010.0/SRPMS/libsmi-0.4.8-4.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
1bd1d0260b4c3430cea874710de69c76 2010.1/i586/libsmi2-0.4.8-5.1mdv2010.1.i586.rpm
17836a29f1e41c7550d4f006dc6e21f7 2010.1/i586/libsmi-devel-0.4.8-5.1mdv2010.1.i586.rpm
741e23825bd87ea4add768ae88bd67b4 2010.1/i586/libsmi-mibs-ext-0.4.8-5.1mdv2010.1.i586.rpm
84c3ef577b615a2828bc644b3f1d9d98 2010.1/i586/libsmi-mibs-std-0.4.8-5.1mdv2010.1.i586.rpm
5c23ffa2845da3fcc9d59ba41a22c269 2010.1/i586/smi-tools-0.4.8-5.1mdv2010.1.i586.rpm
c9588e965aefaa2e5ddc39d6e7f7713c 2010.1/SRPMS/libsmi-0.4.8-5.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
c6777ab02c60d4549d74c15015d93e02 2010.1/x86_64/lib64smi2-0.4.8-5.1mdv2010.1.x86_64.rpm
00b30d703b73842652fbf0758f991281 2010.1/x86_64/lib64smi-devel-0.4.8-5.1mdv2010.1.x86_64.rpm
d6cf003e92a76144cf497586a1ec5b59 2010.1/x86_64/libsmi-mibs-ext-0.4.8-5.1mdv2010.1.x86_64.rpm
00d65925c8b3b1e2a21cb7231e04b27c 2010.1/x86_64/libsmi-mibs-std-0.4.8-5.1mdv2010.1.x86_64.rpm
c44af803b1cb2fce19f455f1230da5ef 2010.1/x86_64/smi-tools-0.4.8-5.1mdv2010.1.x86_64.rpm
c9588e965aefaa2e5ddc39d6e7f7713c 2010.1/SRPMS/libsmi-0.4.8-5.1mdv2010.1.src.rpm
Corporate 4.0:
1f8a73696ff4766dd4a0cf53c79bd09c corporate/4.0/i586/libsmi2-0.4.5-2.3.20060mlcs4.i586.rpm
83ab7c05d9cf4422b3f9a22aedafd1bf corporate/4.0/i586/libsmi2-devel-0.4.5-2.3.20060mlcs4.i586.rpm
9ebd6ecd1dd8c5aa323c93be1c0859b3 corporate/4.0/i586/libsmi-mibs-ext-0.4.5-2.3.20060mlcs4.i586.rpm
bcb4ff461a4eee3cf85843bcaf3fc6f7 corporate/4.0/i586/libsmi-mibs-std-0.4.5-2.3.20060mlcs4.i586.rpm
e0dd2baeb56cc48e3143070861ae6d43 corporate/4.0/i586/smi-tools-0.4.5-2.3.20060mlcs4.i586.rpm
ca58a4a14d8875aae2d7534de788cc2a corporate/4.0/SRPMS/libsmi-0.4.5-2.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
e330dbcba0b5b2f1354a94153ac59370 corporate/4.0/x86_64/lib64smi2-0.4.5-2.3.20060mlcs4.x86_64.rpm
9f5464d76dc8aaf14f3c24c8ee5e6d93 corporate/4.0/x86_64/lib64smi2-devel-0.4.5-2.3.20060mlcs4.x86_64.rpm
280aade34924d98e4aebf24227ed18fd corporate/4.0/x86_64/libsmi-mibs-ext-0.4.5-2.3.20060mlcs4.x86_64.rpm
e1e9fad149d72362c9600d5b891fc672 corporate/4.0/x86_64/libsmi-mibs-std-0.4.5-2.3.20060mlcs4.x86_64.rpm
19557315a433d0e634e18d71b1f5cd72 corporate/4.0/x86_64/smi-tools-0.4.5-2.3.20060mlcs4.x86_64.rpm
ca58a4a14d8875aae2d7534de788cc2a corporate/4.0/SRPMS/libsmi-0.4.5-2.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
233d105ea7b62413f87ad041358af3eb mes5/i586/libsmi2-0.4.8-2.1mdvmes5.1.i586.rpm
1c4a556840f3befebaa79433e82348d1 mes5/i586/libsmi-devel-0.4.8-2.1mdvmes5.1.i586.rpm
ae5c75fe6184527c54da68d606b31c50 mes5/i586/libsmi-mibs-ext-0.4.8-2.1mdvmes5.1.i586.rpm
5c8efd8d61c5e20ac2958975c53d426a mes5/i586/libsmi-mibs-std-0.4.8-2.1mdvmes5.1.i586.rpm
64749e85dc86d9380efec8de71df0680 mes5/i586/smi-tools-0.4.8-2.1mdvmes5.1.i586.rpm
78f0ce7101f8496a42bcec21d82f1134 mes5/SRPMS/libsmi-0.4.8-2.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
87a1f1574fb1171dc4626b5e7f011bc4 mes5/x86_64/lib64smi2-0.4.8-2.1mdvmes5.1.x86_64.rpm
91167084826ef9ebba5704c13965a2c1 mes5/x86_64/lib64smi-devel-0.4.8-2.1mdvmes5.1.x86_64.rpm
80ce7cb5dca99b590c0af17ae65b725f mes5/x86_64/libsmi-mibs-ext-0.4.8-2.1mdvmes5.1.x86_64.rpm
077cd357800bcac35820bf037d313222 mes5/x86_64/libsmi-mibs-std-0.4.8-2.1mdvmes5.1.x86_64.rpm
20aedc7ef1dac2ad6e53838ccc6399dc mes5/x86_64/smi-tools-0.4.8-2.1mdvmes5.1.x86_64.rpm
78f0ce7101f8496a42bcec21d82f1134 mes5/SRPMS/libsmi-0.4.8-2.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMwaGpmqjQ0CJFipgRAp3EAJ9X4+XfMgi77RfFLgsFkxq/WbRyhgCg4Uz3
BGAY2RaRcg1L8jzy7OyN/+w=
=XAf1
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists