Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in newt
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in newt
ID: MDVSA-2009:249-1
Distribution: Mandriva
Plattformen: Mandriva 2008.0
Datum: Sa, 5. Dezember 2009, 17:30
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905
Applikationen: newt

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260030632-24326-1664


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:249-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : newt
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in newt:

A heap-based buffer overflow flaw was found in the way newt processes
content that is to be displayed in a text dialog box. A local attacker
could issue a specially-crafted text dialog box display request
(direct or via a custom application), leading to a denial of service
(application crash) or, potentially, arbitrary code execution with the
privileges of the user running the application using the newt library
(CVE-2009-2905).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
654a1c3c587c6a5a14e6f4d23e890483
2008.0/i586/libnewt0.52-0.52.6-3.1mdv2008.0.i586.rpm
f0942a5df8fa536a02126f4034d3e53f
2008.0/i586/libnewt0.52-devel-0.52.6-3.1mdv2008.0.i586.rpm
0ce830ecabb85460249e58f53d1fe2c9
2008.0/i586/newt-0.52.6-3.1mdv2008.0.i586.rpm
228d192869250f150207ce14e8374fec
2008.0/SRPMS/newt-0.52.6-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
889b8c64d20e91ae4e05d0c7945cd45e
2008.0/x86_64/lib64newt0.52-0.52.6-3.1mdv2008.0.x86_64.rpm
57e8e2c4cffe147722dbc4a0054459c9
2008.0/x86_64/lib64newt0.52-devel-0.52.6-3.1mdv2008.0.x86_64.rpm
d960d8c779078deea2e6c33b70b9685d
2008.0/x86_64/newt-0.52.6-3.1mdv2008.0.x86_64.rpm
228d192869250f150207ce14e8374fec
2008.0/SRPMS/newt-0.52.6-3.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGl7ZmqjQ0CJFipgRAnviAJ9auPOyGciiDPdEAd6yvoiZKNlcZQCfWw8B
UPOkLw5FvPeXtYNk1GTBBeU=
=VpMX
-----END PGP SIGNATURE-----


------------=_1260030632-24326-1664
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260030632-24326-1664--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung