lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P9M25-0001m7-FT@titan.mandriva.com>
Date: Fri, 22 Oct 2010 20:08:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:209 ] libsmi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:209
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libsmi
 Date    : October 22, 2010
 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A buffer overflow was discovered in libsmi when long OID was given
 in numerical form. This could lead to arbitraty code execution
 (CVE-2010-2891).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2891
 http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 230070b589c65215e5c2462463cb7280  2009.0/i586/libsmi2-0.4.8-2.1mdv2009.0.i586.rpm
 27ef87b85757b01b77be1cda5a198b34  2009.0/i586/libsmi-devel-0.4.8-2.1mdv2009.0.i586.rpm
 c48898a4d4e851a11978caf4b8395035  2009.0/i586/libsmi-mibs-ext-0.4.8-2.1mdv2009.0.i586.rpm
 ae5df441f158148e1e57347ef68cd886  2009.0/i586/libsmi-mibs-std-0.4.8-2.1mdv2009.0.i586.rpm
 d01c84bbc5e6d56bb7396471c551084c  2009.0/i586/smi-tools-0.4.8-2.1mdv2009.0.i586.rpm 
 fdeeda9fd49068794ee90be9d3dddc0b  2009.0/SRPMS/libsmi-0.4.8-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 bf768c77731e82ecb9a7c4a45d27975a  2009.0/x86_64/lib64smi2-0.4.8-2.1mdv2009.0.x86_64.rpm
 b09420d25560cc97549d084886bb340b  2009.0/x86_64/lib64smi-devel-0.4.8-2.1mdv2009.0.x86_64.rpm
 b08a913fefdf57efe581099998677fab  2009.0/x86_64/libsmi-mibs-ext-0.4.8-2.1mdv2009.0.x86_64.rpm
 4025d3e79d863b2dfb7a40caa32e6697  2009.0/x86_64/libsmi-mibs-std-0.4.8-2.1mdv2009.0.x86_64.rpm
 3370c7c4b7aa20513c9a0a54ed67c6b2  2009.0/x86_64/smi-tools-0.4.8-2.1mdv2009.0.x86_64.rpm 
 fdeeda9fd49068794ee90be9d3dddc0b  2009.0/SRPMS/libsmi-0.4.8-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 23bcdfc5e4ee3ce28137594d9eb65ce9  2009.1/i586/libsmi2-0.4.8-2.1mdv2009.1.i586.rpm
 6599eda64457ef7b1cf29fa3dcdb5ce6  2009.1/i586/libsmi-devel-0.4.8-2.1mdv2009.1.i586.rpm
 d468ad3f6273e03436a365149c362769  2009.1/i586/libsmi-mibs-ext-0.4.8-2.1mdv2009.1.i586.rpm
 6f6c526d5c644f291503c26e2587c9bf  2009.1/i586/libsmi-mibs-std-0.4.8-2.1mdv2009.1.i586.rpm
 a8d8658729676ed8b580c3ec7d10a20b  2009.1/i586/smi-tools-0.4.8-2.1mdv2009.1.i586.rpm 
 105620bf63d91960d4b7f37ebfe3ac20  2009.1/SRPMS/libsmi-0.4.8-2.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 bb8f235d85d96d3d62c0e9c8fa9eb627  2009.1/x86_64/lib64smi2-0.4.8-2.1mdv2009.1.x86_64.rpm
 52b773ca8e2357b8f431a7d5bdfac23f  2009.1/x86_64/lib64smi-devel-0.4.8-2.1mdv2009.1.x86_64.rpm
 3ce3f55a6a0ffc31533a74dfee891529  2009.1/x86_64/libsmi-mibs-ext-0.4.8-2.1mdv2009.1.x86_64.rpm
 a32b5ea9bf1696e153a7e4458ad9af23  2009.1/x86_64/libsmi-mibs-std-0.4.8-2.1mdv2009.1.x86_64.rpm
 98d7fdce1fba4411d53ecf7ea27d9cfc  2009.1/x86_64/smi-tools-0.4.8-2.1mdv2009.1.x86_64.rpm 
 105620bf63d91960d4b7f37ebfe3ac20  2009.1/SRPMS/libsmi-0.4.8-2.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 d13a39dcf5ee9be9fb667f7692491063  2010.0/i586/libsmi2-0.4.8-4.1mdv2010.0.i586.rpm
 beffc6933095ee39d9c3c3cf6c54b1e9  2010.0/i586/libsmi-devel-0.4.8-4.1mdv2010.0.i586.rpm
 21dce9fd5be4444edafd5987c818a443  2010.0/i586/libsmi-mibs-ext-0.4.8-4.1mdv2010.0.i586.rpm
 82192daea352c5a59fbb360244ce75de  2010.0/i586/libsmi-mibs-std-0.4.8-4.1mdv2010.0.i586.rpm
 4e2f59c6cff179e2d99feb43e99f1b99  2010.0/i586/smi-tools-0.4.8-4.1mdv2010.0.i586.rpm 
 ffd1804f2ebdebcd9e2782e54a9b5ff7  2010.0/SRPMS/libsmi-0.4.8-4.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 7e6a22aff548103c54dd9bb8c52af3d7  2010.0/x86_64/lib64smi2-0.4.8-4.1mdv2010.0.x86_64.rpm
 0c8fe479f949478c854bb2b3bb7124c2  2010.0/x86_64/lib64smi-devel-0.4.8-4.1mdv2010.0.x86_64.rpm
 871fdd4f8067444f07d3b4a93877035e  2010.0/x86_64/libsmi-mibs-ext-0.4.8-4.1mdv2010.0.x86_64.rpm
 ace6aa0ec8efc29c5d5394bca4162b5d  2010.0/x86_64/libsmi-mibs-std-0.4.8-4.1mdv2010.0.x86_64.rpm
 0b1486fe89a86d57a4d8d7f80935f91b  2010.0/x86_64/smi-tools-0.4.8-4.1mdv2010.0.x86_64.rpm 
 ffd1804f2ebdebcd9e2782e54a9b5ff7  2010.0/SRPMS/libsmi-0.4.8-4.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 1bd1d0260b4c3430cea874710de69c76  2010.1/i586/libsmi2-0.4.8-5.1mdv2010.1.i586.rpm
 17836a29f1e41c7550d4f006dc6e21f7  2010.1/i586/libsmi-devel-0.4.8-5.1mdv2010.1.i586.rpm
 741e23825bd87ea4add768ae88bd67b4  2010.1/i586/libsmi-mibs-ext-0.4.8-5.1mdv2010.1.i586.rpm
 84c3ef577b615a2828bc644b3f1d9d98  2010.1/i586/libsmi-mibs-std-0.4.8-5.1mdv2010.1.i586.rpm
 5c23ffa2845da3fcc9d59ba41a22c269  2010.1/i586/smi-tools-0.4.8-5.1mdv2010.1.i586.rpm 
 c9588e965aefaa2e5ddc39d6e7f7713c  2010.1/SRPMS/libsmi-0.4.8-5.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 c6777ab02c60d4549d74c15015d93e02  2010.1/x86_64/lib64smi2-0.4.8-5.1mdv2010.1.x86_64.rpm
 00b30d703b73842652fbf0758f991281  2010.1/x86_64/lib64smi-devel-0.4.8-5.1mdv2010.1.x86_64.rpm
 d6cf003e92a76144cf497586a1ec5b59  2010.1/x86_64/libsmi-mibs-ext-0.4.8-5.1mdv2010.1.x86_64.rpm
 00d65925c8b3b1e2a21cb7231e04b27c  2010.1/x86_64/libsmi-mibs-std-0.4.8-5.1mdv2010.1.x86_64.rpm
 c44af803b1cb2fce19f455f1230da5ef  2010.1/x86_64/smi-tools-0.4.8-5.1mdv2010.1.x86_64.rpm 
 c9588e965aefaa2e5ddc39d6e7f7713c  2010.1/SRPMS/libsmi-0.4.8-5.1mdv2010.1.src.rpm

 Corporate 4.0:
 1f8a73696ff4766dd4a0cf53c79bd09c  corporate/4.0/i586/libsmi2-0.4.5-2.3.20060mlcs4.i586.rpm
 83ab7c05d9cf4422b3f9a22aedafd1bf  corporate/4.0/i586/libsmi2-devel-0.4.5-2.3.20060mlcs4.i586.rpm
 9ebd6ecd1dd8c5aa323c93be1c0859b3  corporate/4.0/i586/libsmi-mibs-ext-0.4.5-2.3.20060mlcs4.i586.rpm
 bcb4ff461a4eee3cf85843bcaf3fc6f7  corporate/4.0/i586/libsmi-mibs-std-0.4.5-2.3.20060mlcs4.i586.rpm
 e0dd2baeb56cc48e3143070861ae6d43  corporate/4.0/i586/smi-tools-0.4.5-2.3.20060mlcs4.i586.rpm 
 ca58a4a14d8875aae2d7534de788cc2a  corporate/4.0/SRPMS/libsmi-0.4.5-2.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 e330dbcba0b5b2f1354a94153ac59370  corporate/4.0/x86_64/lib64smi2-0.4.5-2.3.20060mlcs4.x86_64.rpm
 9f5464d76dc8aaf14f3c24c8ee5e6d93  corporate/4.0/x86_64/lib64smi2-devel-0.4.5-2.3.20060mlcs4.x86_64.rpm
 280aade34924d98e4aebf24227ed18fd  corporate/4.0/x86_64/libsmi-mibs-ext-0.4.5-2.3.20060mlcs4.x86_64.rpm
 e1e9fad149d72362c9600d5b891fc672  corporate/4.0/x86_64/libsmi-mibs-std-0.4.5-2.3.20060mlcs4.x86_64.rpm
 19557315a433d0e634e18d71b1f5cd72  corporate/4.0/x86_64/smi-tools-0.4.5-2.3.20060mlcs4.x86_64.rpm 
 ca58a4a14d8875aae2d7534de788cc2a  corporate/4.0/SRPMS/libsmi-0.4.5-2.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 233d105ea7b62413f87ad041358af3eb  mes5/i586/libsmi2-0.4.8-2.1mdvmes5.1.i586.rpm
 1c4a556840f3befebaa79433e82348d1  mes5/i586/libsmi-devel-0.4.8-2.1mdvmes5.1.i586.rpm
 ae5c75fe6184527c54da68d606b31c50  mes5/i586/libsmi-mibs-ext-0.4.8-2.1mdvmes5.1.i586.rpm
 5c8efd8d61c5e20ac2958975c53d426a  mes5/i586/libsmi-mibs-std-0.4.8-2.1mdvmes5.1.i586.rpm
 64749e85dc86d9380efec8de71df0680  mes5/i586/smi-tools-0.4.8-2.1mdvmes5.1.i586.rpm 
 78f0ce7101f8496a42bcec21d82f1134  mes5/SRPMS/libsmi-0.4.8-2.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 87a1f1574fb1171dc4626b5e7f011bc4  mes5/x86_64/lib64smi2-0.4.8-2.1mdvmes5.1.x86_64.rpm
 91167084826ef9ebba5704c13965a2c1  mes5/x86_64/lib64smi-devel-0.4.8-2.1mdvmes5.1.x86_64.rpm
 80ce7cb5dca99b590c0af17ae65b725f  mes5/x86_64/libsmi-mibs-ext-0.4.8-2.1mdvmes5.1.x86_64.rpm
 077cd357800bcac35820bf037d313222  mes5/x86_64/libsmi-mibs-std-0.4.8-2.1mdvmes5.1.x86_64.rpm
 20aedc7ef1dac2ad6e53838ccc6399dc  mes5/x86_64/smi-tools-0.4.8-2.1mdvmes5.1.x86_64.rpm 
 78f0ce7101f8496a42bcec21d82f1134  mes5/SRPMS/libsmi-0.4.8-2.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMwaGpmqjQ0CJFipgRAp3EAJ9X4+XfMgi77RfFLgsFkxq/WbRyhgCg4Uz3
BGAY2RaRcg1L8jzy7OyN/+w=
=XAf1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ