To: [email protected]Subject: [ MDKSA-2006:031 ] - Updated kdegraphics packages fixes heap-based buffer overflow vulnerability
Date: Thu, 2 Feb 2006 14:20:01 -0700
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1F4ls1-0005DF-J0@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:031
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdegraphics
Date : February 2, 2006
Affected: 2006.0
_______________________________________________________________________
Problem Description:
Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
cause a denial of service and possibly execute arbitrary code via
crafted splash images that produce certain values that exceed the width
or height of the associated bitmap.
Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same
issues.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
05cc9d9192609e6947a23751b6fb21b1 2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.i586.rpm
708cbdb3e41c7108db265490e5779cd3 2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.i586.rpm
6c96fdbb9db6927eba1c1fe6f4f5cf12 2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.i586.rpm
d04355d153efa6c3274c106ffdb23776 2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.i586.rpm
377ab151f92b3ef1d02dd280010491b2 2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.i586.rpm
db0ba637603ff299b83b789db9acf98f 2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.i586.rpm
314122999fcee0d62e79db850fe0876c 2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.i586.rpm
bad7784d58903a1d7d76aa9b3ae56345 2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.i586.rpm
e530e96917b2296cfb289f5123a042ac 2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.i586.rpm
3adf08e61864ebf9b1da4916bf4aa5b3 2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.i586.rpm
92a9d22e62ca1dc95b16ba5b192881f6 2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm
6dfe5233ca18b1c1780505c203e0bb7e 2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.i586.rpm
926a91082443f7cf04adcf3126be09ab 2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.i586.rpm
e502164d57e4e28cdf5f6bf7ddfd3fea 2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.i586.rpm
f6274a326d1234b5cdbbe6ea6ee5074e 2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.i586.rpm
b627c6d89626522c7ac0b1db1aff60d5 2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.i586.rpm
51f6043b09660216cf3b58183ae4c0e9 2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm
c729f766472b88783c1e7ed01c278102 2006.0/RPMS/libkdegraphics0-common-3.4.2-11.5.20060mdk.i586.rpm
31cb7fb149f7b5c9ef8d72864daa8862 2006.0/RPMS/libkdegraphics0-common-devel-3.4.2-11.5.20060mdk.i586.rpm
386c0569e197451fea5a4e397dfacec4 2006.0/RPMS/libkdegraphics0-kghostview-3.4.2-11.5.20060mdk.i586.rpm
3c4d500b7bcd7d100e50f1076feca5c6 2006.0/RPMS/libkdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.i586.rpm
6d4bea12f029996bfcfded04875479c3 2006.0/RPMS/libkdegraphics0-kooka-3.4.2-11.5.20060mdk.i586.rpm
04eb92287e1d099f8aac20796b55a22b 2006.0/RPMS/libkdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.i586.rpm
838aacb3a057a7f5a6d7d8cc11458761 2006.0/RPMS/libkdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm
acf180efd104a8296558223d6eb8d863 2006.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.i586.rpm
7b05741f85f1e3136435e8beb0507019 2006.0/RPMS/libkdegraphics0-ksvg-3.4.2-11.5.20060mdk.i586.rpm
6b9fed5002103f7a5b5a7018f0334cee 2006.0/RPMS/libkdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.i586.rpm
c0c2f0e7110b22b38bb5c3b84c860f09 2006.0/RPMS/libkdegraphics0-kuickshow-3.4.2-11.5.20060mdk.i586.rpm
d90c7ff03a87f7c8df35f9005671d16b 2006.0/RPMS/libkdegraphics0-kview-3.4.2-11.5.20060mdk.i586.rpm
7f09c2c76e06d81090c4a646fa602b4a 2006.0/RPMS/libkdegraphics0-kview-devel-3.4.2-11.5.20060mdk.i586.rpm
24762cf35a4cb099b04da82ed33d746f 2006.0/RPMS/libkdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm
1a2d59d9479691a3ccc608e37fa26e04 2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
c369e1bd017e812362140e73ad38cf62 x86_64/2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.x86_64.rpm
0716ba07a943676453db8eb61dd392f4 x86_64/2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.x86_64.rpm
160a394b89558f0b09585748c868472b x86_64/2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.x86_64.rpm
736c45f562adfcc7136e33e945b29be5 x86_64/2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.x86_64.rpm
a5bc85d02768c18ddeb0c147c4677d15 x86_64/2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm
2b90ae6915d37dc13362ef33b0915cb1 x86_64/2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.x86_64.rpm
165c3a2e8b33be77152296874655444e x86_64/2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.x86_64.rpm
fd5aaa8b3888807d0ec5a7dd192e671c x86_64/2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.x86_64.rpm
e9b0276671716cd811cdacb18b492830 x86_64/2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.x86_64.rpm
0d73da118e80bec6d3d1791bb34a9bc6 x86_64/2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.x86_64.rpm
a2e8103a0fd161932b99ca8f7eb517f4 x86_64/2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm
7378fab60dc020eedb221cb4d25ed995 x86_64/2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.x86_64.rpm
db7c0db8972d74c6353f1084c2dc4d9e x86_64/2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.x86_64.rpm
3e1746013811890a9a0343f4e8e677f6 x86_64/2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm
642d97e4d5a1d580374126599a9c181e x86_64/2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm
1d994fa4335d071200eba9f8122166bb x86_64/2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.x86_64.rpm
71663aeaa0e4eaa2d7d9dc0252e8de6a x86_64/2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm
2f4c23ad97a4c6c4153f0b3ca70074ae x86_64/2006.0/RPMS/lib64kdegraphics0-common-3.4.2-11.5.20060mdk.x86_64.rpm
30be8ac0103fccab32ed6b50c6ff134e x86_64/2006.0/RPMS/lib64kdegraphics0-common-devel-3.4.2-11.5.20060mdk.x86_64.rpm
06084720cd58adc260ae65fb2c23440c x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm
817dfe2a4ab8d3abcb593e9532b884c8 x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.x86_64.rpm
788e0915c0069225f2b023da2977bc79 x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-3.4.2-11.5.20060mdk.x86_64.rpm
0b95a7b54b2356b9123eddf6acec89e7 x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.x86_64.rpm
219da1cd37be7e8264f8a56b286e01d3 x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm
d7d1e8e2154d17caf6a9073969da8368 x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.x86_64.rpm
82438b1c5d006f1fc2aa16fe2d1a61a9 x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm
74214cc1a30a890dd293b9b7ce719528 x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.x86_64.rpm
bb9f9ae2fb0975bfd1269e02cd3d4ce8 x86_64/2006.0/RPMS/lib64kdegraphics0-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm
4512e36dfa5f7bb9172a9b2fcf3e4618 x86_64/2006.0/RPMS/lib64kdegraphics0-kview-3.4.2-11.5.20060mdk.x86_64.rpm
40d4fb84716f36eb4e1c8b4d67d4c6b1 x86_64/2006.0/RPMS/lib64kdegraphics0-kview-devel-3.4.2-11.5.20060mdk.x86_64.rpm
3ab99c3335f68457bb0896abfc407892 x86_64/2006.0/RPMS/lib64kdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm
1a2d59d9479691a3ccc608e37fa26e04 x86_64/2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFD4kysmqjQ0CJFipgRAldwAJ9IobL7u0BVhftYu8MlhhTFtkndxwCfYwUG
jSS53IzJNnwolOx3YygtQMs=
=m98j
-----END PGP SIGNATURE-----