| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Nov 2010 15:10:02 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2010:229 ] kdegraphics -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:229 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdegraphics Date : November 12, 2010 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered and corrected in kdegraphics: The Gfx::getPos function in the PDF parser in kdegraphics, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in kdegraphics, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 _______________________________________________________________________ Updated Packages: Corporate 4.0: ca7fc66407f8bce089a8cc674b19c151 corporate/4.0/i586/kdegraphics-3.5.4-0.12.20060mlcs4.i586.rpm 70cf8e941a95ebb7c29ebaf86f6fbf21 corporate/4.0/i586/kdegraphics-common-3.5.4-0.12.20060mlcs4.i586.rpm e9ac44eca48479b959f8fe6fb95e08f0 corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.12.20060mlcs4.i586.rpm 204ceb80cf1eb61d2bbff6980cde029f corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.12.20060mlcs4.i586.rpm e36bc343ef8f1a5a1d65302d48b24d7c corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.12.20060mlcs4.i586.rpm cb240518d43421152b6fecfc2569d3a5 corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.12.20060mlcs4.i586.rpm 288498c8a2b49e0c52290eab2b385077 corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.12.20060mlcs4.i586.rpm 927d95e35dd24f4c2b2d9c51351ff53d corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.12.20060mlcs4.i586.rpm bae51eca43e42d5dea56a12e2244aaf7 corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.12.20060mlcs4.i586.rpm c5f9dbf0787af4860e83e4012ff95414 corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.12.20060mlcs4.i586.rpm 3f87017a2d2f48bb58b9416165c58c05 corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.12.20060mlcs4.i586.rpm 0fd23113ac80d598a89f540511e24391 corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.12.20060mlcs4.i586.rpm 1679b176813d4cbd6f6985ec0802fd3f corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.12.20060mlcs4.i586.rpm f15ee25628500750a730ce92a0201a4c corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.12.20060mlcs4.i586.rpm 7914fbb235b36ca74b8e2d9a860abccc corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.12.20060mlcs4.i586.rpm d3fc0dd097c42df72ecfc8fd2675343d corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.12.20060mlcs4.i586.rpm 311455a89e5644a9851d4e8271a9e040 corporate/4.0/i586/kdegraphics-kview-3.5.4-0.12.20060mlcs4.i586.rpm daf09d00ef74a95a8b900056860d666d corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.12.20060mlcs4.i586.rpm f5ffdde157c6812aedb93c7591ded12c corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.12.20060mlcs4.i586.rpm 01b461e1751a15a52086501c2a5ed470 corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.12.20060mlcs4.i586.rpm de7af69b690ab208a510dcc63a829e78 corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.12.20060mlcs4.i586.rpm b049a34f035dc104969ae6bcf36f5fea corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.12.20060mlcs4.i586.rpm a22394fe4b115cd6440ce8ec49ae3f62 corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.12.20060mlcs4.i586.rpm 181b757f32dc94a2812c8c001de3da3b corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.12.20060mlcs4.i586.rpm 5cb0455df62e6659b1f48d1867d67ac9 corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.12.20060mlcs4.i586.rpm 9c05a10a32f9311e548c7c0d488e70ae corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.12.20060mlcs4.i586.rpm 5e2a5052e8cf52419c02684ed08f7a5f corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.12.20060mlcs4.i586.rpm 92f6b294a7b6047d3ffb63260b7e7a56 corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.12.20060mlcs4.i586.rpm 246296dd53e92f43fbe399347777a76e corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.12.20060mlcs4.i586.rpm 66f77aeb07aa3880e6ea8a2ebe72cf35 corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.12.20060mlcs4.i586.rpm c9c2263610c4e435444af0d1106c6cf1 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.12.20060mlcs4.src.rpm Corporate 4.0/X86_64: 36a31767741bd50a3004702c8a0593f7 corporate/4.0/x86_64/kdegraphics-3.5.4-0.12.20060mlcs4.x86_64.rpm bab9ffe58b658a83a26643a8eb663e55 corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.12.20060mlcs4.x86_64.rpm aca36f11bcc8512a03c63a2b045c1989 corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.12.20060mlcs4.x86_64.rpm 2ebb73a245045a79a9e08d950fce8ebc corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.12.20060mlcs4.x86_64.rpm b0310776b7781f97b861b85d08a7362d corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.12.20060mlcs4.x86_64.rpm e246df26c4d8f4029265ea8c0d885f51 corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.12.20060mlcs4.x86_64.rpm e0df27e7686f643d040f3f637d0d4346 corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.12.20060mlcs4.x86_64.rpm cb0b2a6e1f336705b4d181c5f81b1cd2 corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.12.20060mlcs4.x86_64.rpm 5f3ee4587164dabbdcdeee61b4332d02 corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.12.20060mlcs4.x86_64.rpm a64ef0630f8c48cd061dd86a2244f456 corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.12.20060mlcs4.x86_64.rpm 276d87fb4e63586dd3fdf9d2374f2df1 corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.12.20060mlcs4.x86_64.rpm d9576eb89f668d85d6ac195df3f3b3cf corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.12.20060mlcs4.x86_64.rpm 7d703b1083e0d7830a137d68b6b87023 corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.12.20060mlcs4.x86_64.rpm 441fe8501578b70c2f3d07aea5e2002d corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.12.20060mlcs4.x86_64.rpm bf6eb39574f73c5e0d4799078d23e150 corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.12.20060mlcs4.x86_64.rpm ec6df8fdc72776d7a6fab6ee800b37d0 corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.12.20060mlcs4.x86_64.rpm 0c328ed02ff0c8cdb29dc4999fd822da corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.12.20060mlcs4.x86_64.rpm e5180f6d7b5f5f62ffc2b124b3342a3b corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.12.20060mlcs4.x86_64.rpm ef3333ebf490da8a08536be2d6510d70 corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.12.20060mlcs4.x86_64.rpm f7b09a618f8c106f0a2c4219ddd80fbc corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm c6ebaea536386e653f8553953616272b corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.12.20060mlcs4.x86_64.rpm 1c9ef7849ea4e7e4536f4c1f914f856b corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm 5e541a891e0974820de0432fbd7f25e6 corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.12.20060mlcs4.x86_64.rpm b2ab7198cdba8e6fc36c6c7e98b812a0 corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm c89418c553f375ea7466fba6cc49fc92 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.12.20060mlcs4.x86_64.rpm 67efa16aaf65bb405682c77d35c8b600 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm 129aef0550f1c3924e9af4eb2b58c12c corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.12.20060mlcs4.x86_64.rpm 583ed26ed824d01f8f54e282800a541c corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm 76bc8af5082d9ccda27f57ab8cb18f26 corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.12.20060mlcs4.x86_64.rpm 075d3c547fa866b7787a099b14e49345 corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm c9c2263610c4e435444af0d1106c6cf1 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.12.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM3R/tmqjQ0CJFipgRAvmvAJ4qEtOg9t5Gr5oVuPHDfFHY43dswwCcDMNz dIOiMxVEGn+tcTMbXbfM1do= =mjef -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists