lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PGuKI-0004jh-AE@titan.mandriva.com>
Date: Fri, 12 Nov 2010 15:10:02 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:229 ] kdegraphics

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:229
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kdegraphics
 Date    : November 12, 2010
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in kdegraphics:
 
 The Gfx::getPos function in the PDF parser in kdegraphics, allows
 context-dependent attackers to cause a denial of service (crash)
 via unknown vectors that trigger an uninitialized pointer dereference
 (CVE-2010-3702).
 
 The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
 in kdegraphics, allows context-dependent attackers to cause a denial
 of service (crash) and possibly execute arbitrary code via a PDF
 file with a crafted Type1 font that contains a negative array index,
 which bypasses input validation and which triggers memory corruption
 (CVE-2010-3704).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 ca7fc66407f8bce089a8cc674b19c151  corporate/4.0/i586/kdegraphics-3.5.4-0.12.20060mlcs4.i586.rpm
 70cf8e941a95ebb7c29ebaf86f6fbf21  corporate/4.0/i586/kdegraphics-common-3.5.4-0.12.20060mlcs4.i586.rpm
 e9ac44eca48479b959f8fe6fb95e08f0  corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.12.20060mlcs4.i586.rpm
 204ceb80cf1eb61d2bbff6980cde029f  corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.12.20060mlcs4.i586.rpm
 e36bc343ef8f1a5a1d65302d48b24d7c  corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.12.20060mlcs4.i586.rpm
 cb240518d43421152b6fecfc2569d3a5  corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.12.20060mlcs4.i586.rpm
 288498c8a2b49e0c52290eab2b385077  corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.12.20060mlcs4.i586.rpm
 927d95e35dd24f4c2b2d9c51351ff53d  corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.12.20060mlcs4.i586.rpm
 bae51eca43e42d5dea56a12e2244aaf7  corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.12.20060mlcs4.i586.rpm
 c5f9dbf0787af4860e83e4012ff95414  corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.12.20060mlcs4.i586.rpm
 3f87017a2d2f48bb58b9416165c58c05  corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.12.20060mlcs4.i586.rpm
 0fd23113ac80d598a89f540511e24391  corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.12.20060mlcs4.i586.rpm
 1679b176813d4cbd6f6985ec0802fd3f  corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.12.20060mlcs4.i586.rpm
 f15ee25628500750a730ce92a0201a4c  corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.12.20060mlcs4.i586.rpm
 7914fbb235b36ca74b8e2d9a860abccc  corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.12.20060mlcs4.i586.rpm
 d3fc0dd097c42df72ecfc8fd2675343d  corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.12.20060mlcs4.i586.rpm
 311455a89e5644a9851d4e8271a9e040  corporate/4.0/i586/kdegraphics-kview-3.5.4-0.12.20060mlcs4.i586.rpm
 daf09d00ef74a95a8b900056860d666d  corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.12.20060mlcs4.i586.rpm
 f5ffdde157c6812aedb93c7591ded12c  corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.12.20060mlcs4.i586.rpm
 01b461e1751a15a52086501c2a5ed470  corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 de7af69b690ab208a510dcc63a829e78  corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.12.20060mlcs4.i586.rpm
 b049a34f035dc104969ae6bcf36f5fea  corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 a22394fe4b115cd6440ce8ec49ae3f62  corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.12.20060mlcs4.i586.rpm
 181b757f32dc94a2812c8c001de3da3b  corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 5cb0455df62e6659b1f48d1867d67ac9  corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.12.20060mlcs4.i586.rpm
 9c05a10a32f9311e548c7c0d488e70ae  corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 5e2a5052e8cf52419c02684ed08f7a5f  corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.12.20060mlcs4.i586.rpm
 92f6b294a7b6047d3ffb63260b7e7a56  corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 246296dd53e92f43fbe399347777a76e  corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.12.20060mlcs4.i586.rpm
 66f77aeb07aa3880e6ea8a2ebe72cf35  corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.12.20060mlcs4.i586.rpm 
 c9c2263610c4e435444af0d1106c6cf1  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.12.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 36a31767741bd50a3004702c8a0593f7  corporate/4.0/x86_64/kdegraphics-3.5.4-0.12.20060mlcs4.x86_64.rpm
 bab9ffe58b658a83a26643a8eb663e55  corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.12.20060mlcs4.x86_64.rpm
 aca36f11bcc8512a03c63a2b045c1989  corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.12.20060mlcs4.x86_64.rpm
 2ebb73a245045a79a9e08d950fce8ebc  corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.12.20060mlcs4.x86_64.rpm
 b0310776b7781f97b861b85d08a7362d  corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.12.20060mlcs4.x86_64.rpm
 e246df26c4d8f4029265ea8c0d885f51  corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.12.20060mlcs4.x86_64.rpm
 e0df27e7686f643d040f3f637d0d4346  corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.12.20060mlcs4.x86_64.rpm
 cb0b2a6e1f336705b4d181c5f81b1cd2  corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.12.20060mlcs4.x86_64.rpm
 5f3ee4587164dabbdcdeee61b4332d02  corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.12.20060mlcs4.x86_64.rpm
 a64ef0630f8c48cd061dd86a2244f456  corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.12.20060mlcs4.x86_64.rpm
 276d87fb4e63586dd3fdf9d2374f2df1  corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.12.20060mlcs4.x86_64.rpm
 d9576eb89f668d85d6ac195df3f3b3cf  corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.12.20060mlcs4.x86_64.rpm
 7d703b1083e0d7830a137d68b6b87023  corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.12.20060mlcs4.x86_64.rpm
 441fe8501578b70c2f3d07aea5e2002d  corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.12.20060mlcs4.x86_64.rpm
 bf6eb39574f73c5e0d4799078d23e150  corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.12.20060mlcs4.x86_64.rpm
 ec6df8fdc72776d7a6fab6ee800b37d0  corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.12.20060mlcs4.x86_64.rpm
 0c328ed02ff0c8cdb29dc4999fd822da  corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.12.20060mlcs4.x86_64.rpm
 e5180f6d7b5f5f62ffc2b124b3342a3b  corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.12.20060mlcs4.x86_64.rpm
 ef3333ebf490da8a08536be2d6510d70  corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.12.20060mlcs4.x86_64.rpm
 f7b09a618f8c106f0a2c4219ddd80fbc  corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 c6ebaea536386e653f8553953616272b  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.12.20060mlcs4.x86_64.rpm
 1c9ef7849ea4e7e4536f4c1f914f856b  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 5e541a891e0974820de0432fbd7f25e6  corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.12.20060mlcs4.x86_64.rpm
 b2ab7198cdba8e6fc36c6c7e98b812a0  corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 c89418c553f375ea7466fba6cc49fc92  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.12.20060mlcs4.x86_64.rpm
 67efa16aaf65bb405682c77d35c8b600  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 129aef0550f1c3924e9af4eb2b58c12c  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.12.20060mlcs4.x86_64.rpm
 583ed26ed824d01f8f54e282800a541c  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 76bc8af5082d9ccda27f57ab8cb18f26  corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.12.20060mlcs4.x86_64.rpm
 075d3c547fa866b7787a099b14e49345  corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm 
 c9c2263610c4e435444af0d1106c6cf1  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.12.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM3R/tmqjQ0CJFipgRAvmvAJ4qEtOg9t5Gr5oVuPHDfFHY43dswwCcDMNz
dIOiMxVEGn+tcTMbXbfM1do=
=mjef
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ