To: [email protected]Subject: [ MDKSA-2007:023 ] - Updated libgtop2 packages fix buffer overflow vulnerability
Date: Thu, 18 Jan 2007 15:30:53 -0700
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1H7fmX-0002jx-1d@artemis.annvix.ca.>
Sender: QA Team <qateam@artemis.annvix.ca.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:023
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libgtop2
Date : January 18, 2007
Affected: 2007.0
_______________________________________________________________________
Problem Description:
Stack-based buffer overflow in the glibtop_get_proc_map_s function in
libgtop before 2.14.6 (libgtop2) allows local users to cause a denial
of service (crash) and possibly execute arbitrary code via a process
with a long filename that is mapped in its address space, which
triggers the overflow in gnome-system-monitor.
The updated packages have been patched to correct this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0235
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
9a42ece573e6285e548d3611d905962b 2007.0/i586/libgtop2-2.14.3-1.1mdv2007.0.i586.rpm
015d57a79518ea22832f6fbda39271a2 2007.0/i586/libgtop2.0_7-2.14.3-1.1mdv2007.0.i586.rpm
90c71d829f0ecf9a190cd6f883d7641d 2007.0/i586/libgtop2.0_7-devel-2.14.3-1.1mdv2007.0.i586.rpm
d814d8ae476947ff129624b4bbf3c468 2007.0/SRPMS/libgtop2-2.14.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
6c29e33986f8edcb030c51c2a3f11284 2007.0/x86_64/lib64gtop2.0_7-2.14.3-1.1mdv2007.0.x86_64.rpm
7686a3045392d92d1f8a0e3e481b2172 2007.0/x86_64/lib64gtop2.0_7-devel-2.14.3-1.1mdv2007.0.x86_64.rpm
fd1b70ddc81ee08e70661710883255d5 2007.0/x86_64/libgtop2-2.14.3-1.1mdv2007.0.x86_64.rpm
d814d8ae476947ff129624b4bbf3c468 2007.0/SRPMS/libgtop2-2.14.3-1.1mdv2007.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFr8rTmqjQ0CJFipgRAgD7AJ9B68ksXN1Igw3gbiANW6EiWs/UxwCgsCUs
6JCAEa4WflSQgpWuMNP3x48=
=0z2K
-----END PGP SIGNATURE-----