Sicherheit: Zahlenüberlauf in GDAL
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in GDAL
ID: FEDORA-2013-1494
Distribution: Fedora
Plattformen: Fedora 16
Datum: Mo, 4. Februar 2013, 07:44
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5127
Applikationen: GDAL


Name        : gdal
Product : Fedora 16
Version : 1.7.3
Release : 15.fc16
URL : http://www.gdal.org/
Summary : GIS file format library
Description :
The GDAL library provides support to handle multiple GIS file formats.

Update Information:

Security libwebp release, where an integer overflow allows remote attackers to
cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.

* Wed Jan 23 2013 Rex Dieter <rdieter@fedoraproject.org> 1.7.3-15
- rebuild (libwebp)
* Sun Feb 19 2012 Volker Fröhlich <volker27@gmx.at> - 1.7.3-14
- Require Ruby abi
- Add patch for Ruby 1.9 include dir, back-ported from GDAL 1.9
- Change version string for gdal-config from <version>-fedora to
- Revert installation path for Ruby modules, as it proved wrong
- Use libjpeg-turbo
* Thu Feb 9 2012 Volker Fröhlich <volker27@gmx.at> - 1.7.3-13
- Rebuild for Ruby 1.9
* Tue Jan 10 2012 Volker Fröhlich <volker27@gmx.at> - 1.7.3-12
- Remove FC10 specific patch0
- Versioned MODULE_COMPAT_ Requires for Perl (BZ 768265)
- Add isa macro to base package Requires
- Remove conditional for xerces_c in EL6, as EL6 has xerces_c
even for ppc64 via EPEL
- Remove EL4 conditionals
- Replace the python_lib macro definition and install Python bindings
to sitearch directory, where they belong
- Use correct dap library names for linking
- Correct Ruby installation path in the Makefile instead of moving it later
- Use libdir variable in ppc64 Python path
- Delete obsolete chmod for Python libraries
- Move correction for Doxygen footer to prep section
- Delete bundled libraries before building
- Build without bsb and remove it from the tarball
- Use mavenpomdir macro and be a bit more precise on manpages in
the files section
- Remove elements for grass support --> Will be replaced by plug-in
- Remove unnecessary defattr
- Correct version number in POM
- Allow for libpng 1.5
* Tue Dec 6 2011 Adam Jackson <ajax@redhat.com> - 1.7.3-11
- Rebuild for new libpng

[ 1 ] Bug #875071 - CVE-2012-5127 libwebp: Integer overflow when processing
crafted WebP image

This update can be installed with the "yum" update program. Use
su -c 'yum update gdal' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Neue Nachrichten