From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability
Message-Id: <E1DOVhm-0000bx-1S@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Thu, 21 Apr 2005 01:02:30 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gnome-vfs2
Advisory ID: MDKSA-2005:074
Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow bug was found by Joseph VanAndel in the way that grip
handles data returned by CDDB servers. If a user connected to a
malicious CDDB server, an attacker could execute arbitrary code on the
user's machine. This same vulnerability is present in the gnome-vfs2
code.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
5239e6ab9f4a24c2989ff2317c743cb0 10.1/RPMS/gnome-vfs2-2.6.2-7.1.101mdk.i586.rpm
08d6d7dcebd62773620441ef1c35eb58 10.1/RPMS/libgnome-vfs2_0-2.6.2-7.1.101mdk.i586.rpm
2a7241618cf989091dcf75e60e2a1041 10.1/RPMS/libgnome-vfs2_0-devel-2.6.2-7.1.101mdk.i586.rpm
765d4f62ab8e314a96e419b5c51d540b 10.1/SRPMS/gnome-vfs2-2.6.2-7.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
4251d3ab183bbfbd0ef4a79b65740004 x86_64/10.1/RPMS/gnome-vfs2-2.6.2-7.1.101mdk.x86_64.rpm
c2b54afacf29f7148561a3e7f8bc3695 x86_64/10.1/RPMS/lib64gnome-vfs2_0-2.6.2-7.1.101mdk.x86_64.rpm
8c64c5379d83bf9e001617bae1935376 x86_64/10.1/RPMS/lib64gnome-vfs2_0-devel-2.6.2-7.1.101mdk.x86_64.rpm
765d4f62ab8e314a96e419b5c51d540b x86_64/10.1/SRPMS/gnome-vfs2-2.6.2-7.1.101mdk.src.rpm
Mandrakelinux 10.2:
f60b317e9d82a64311e8fa76db389fea 10.2/RPMS/gnome-vfs2-2.8.4-6.1.102mdk.i586.rpm
83aaa09f41d650de8c216fca5eb1b854 10.2/RPMS/libgnome-vfs2_0-2.8.4-6.1.102mdk.i586.rpm
a74279c606173fd42e83e6507a7c206b 10.2/RPMS/libgnome-vfs2_0-devel-2.8.4-6.1.102mdk.i586.rpm
ea5d978ff12a70686c29fd84c461558a 10.2/SRPMS/gnome-vfs2-2.8.4-6.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
aa889240e8867ec7289578036104c623 x86_64/10.2/RPMS/gnome-vfs2-2.8.4-6.1.102mdk.x86_64.rpm
e7224a715c8ea987c077adea71e29279 x86_64/10.2/RPMS/lib64gnome-vfs2_0-2.8.4-6.1.102mdk.x86_64.rpm
9e681bf74cb71e378e9eb1307159e2ce x86_64/10.2/RPMS/lib64gnome-vfs2_0-devel-2.8.4-6.1.102mdk.x86_64.rpm
ea5d978ff12a70686c29fd84c461558a x86_64/10.2/SRPMS/gnome-vfs2-2.8.4-6.1.102mdk.src.rpm
Corporate 3.0:
216b2f6d3459328b757d03336da09d38 corporate/3.0/RPMS/gnome-vfs2-2.4.2-5.1.C30mdk.i586.rpm
af59a9db5ce5ededd91d3b6dff4e7c39 corporate/3.0/RPMS/libgnome-vfs2_0-2.4.2-5.1.C30mdk.i586.rpm
2d1516b9c4ff998116c1dac5dabe95a5 corporate/3.0/RPMS/libgnome-vfs2_0-devel-2.4.2-5.1.C30mdk.i586.rpm
03ba3b26530b88ca8c18fb41f9681018 corporate/3.0/SRPMS/gnome-vfs2-2.4.2-5.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
5645d370f2a7b81c17bff2c70a4a91c0 x86_64/corporate/3.0/RPMS/gnome-vfs2-2.4.2-5.1.C30mdk.x86_64.rpm
b78fb0708a038607dbb1f3d970a13bff x86_64/corporate/3.0/RPMS/lib64gnome-vfs2_0-2.4.2-5.1.C30mdk.x86_64.rpm
5afd9d1f2c4193d72a0b2780c011bbf7 x86_64/corporate/3.0/RPMS/lib64gnome-vfs2_0-devel-2.4.2-5.1.C30mdk.x86_64.rpm
03ba3b26530b88ca8c18fb41f9681018 x86_64/corporate/3.0/SRPMS/gnome-vfs2-2.4.2-5.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCZ1AFmqjQ0CJFipgRAku4AKDA72sSbNu90ACROKkbd5ePrPiXRwCdHJBe
bGLmzBiW6hphFqqgXjt9oVw=
=oblf
-----END PGP SIGNATURE-----