To: [email protected]Subject: [ MDKSA-2006:109 ] - Updated wv2 packages fix vulnerability
Date: Tue, 20 Jun 2006 19:04:00 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1Fsr8S-0002Tp-Th@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:109
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wv2
Date : June 20, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
A boundary checking error was discovered in the wv2 library, used for
accessing Microsoft Word documents. This error can lead to an integer
overflow induced by processing certain Word files.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2197
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
de94c8e865cf5c1b1a018d9e99be1a2f 2006.0/RPMS/libwv2_1-0.2.2-3.1.20060mdk.i586.rpm
25a43e0933dc84a8328db4c29bfab8f2 2006.0/RPMS/libwv2_1-devel-0.2.2-3.1.20060mdk.i586.rpm
2a6d2bf2a9d22f208ec24aa1f447606b 2006.0/SRPMS/wv2-0.2.2-3.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
fa5f63d79ee02b7f35ca0c0c9e959817 x86_64/2006.0/RPMS/lib64wv2_1-0.2.2-3.1.20060mdk.x86_64.rpm
3aeae3be8616d1ab888a26e8d0e5fbf8 x86_64/2006.0/RPMS/lib64wv2_1-devel-0.2.2-3.1.20060mdk.x86_64.rpm
2a6d2bf2a9d22f208ec24aa1f447606b x86_64/2006.0/SRPMS/wv2-0.2.2-3.1.20060mdk.src.rpm
Corporate 3.0:
145d276e1cb06b5ffe6bc9a79666e64b corporate/3.0/RPMS/libwv2_1-0.2.1-1.1.C30mdk.i586.rpm
148f83cdc9b06a767b47419193a21800 corporate/3.0/RPMS/libwv2_1-devel-0.2.1-1.1.C30mdk.i586.rpm
1ab35d6fc18115a6a3c2cdf1a81fd7dc corporate/3.0/SRPMS/wv2-0.2.1-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
15fcfb9ca05c8e319d6357c4a05d8899 x86_64/corporate/3.0/RPMS/lib64wv2_1-0.2.1-1.1.C30mdk.x86_64.rpm
d717c6ba6190d0f1ce5c92432a7b97f5 x86_64/corporate/3.0/RPMS/lib64wv2_1-devel-0.2.1-1.1.C30mdk.x86_64.rpm
1ab35d6fc18115a6a3c2cdf1a81fd7dc x86_64/corporate/3.0/SRPMS/wv2-0.2.1-1.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEmHDWmqjQ0CJFipgRAos2AJ4ru9DFXgaIKCuhEAmpzU81Xe9tIQCgq/75
BnaT3jkudnBRQOyvNfkFfk4=
=9nFU
-----END PGP SIGNATURE-----