Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in doxygen
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in doxygen
ID: MDKSA-2006:212
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva 2006.0, Mandriva Corporate 4.0, Mandriva 2007.0
Datum: Fr, 17. November 2006, 00:22
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
Applikationen: doxygen

Originalnachricht

This is a multi-part message in MIME format...

------------=_1163719369-16192-1999


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:212
http://www.mandriva.com/security/
_______________________________________________________________________

Package : doxygen
Date : November 16, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Doxygen is a documentation system for C, C++ and IDL. It is built with
a private copy of libpng, and as such could be susceptible to some of
the same vulnerabilities:

Buffer overflow in the png_decompress_chunk function in pngrutil.c in
libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the
"chunk_name". (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the
patch to correct the issue has been included in versions < 1.2.12.

Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a
typo in png_set_sPLT() that may cause an application using libpng to
read out of bounds, resulting in a crash. (CVE-2006-5793)

In addition, an patch to address several old vulnerabilities has been
applied to this build. (CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,
CAN-2004-0598, CAN-2004-0599)

Packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
f85fd4b73ca06136e4346df073851e5f
2006.0/i586/doxygen-1.4.4-1.1.20060mdk.i586.rpm
0842c1496bbb02b79d5cef3386b19380
2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
fc3e569bd8ad2aa9aea76a6f4246cfec
2006.0/x86_64/doxygen-1.4.4-1.1.20060mdk.x86_64.rpm
0842c1496bbb02b79d5cef3386b19380
2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
9d0af28627560057e6c80e64bbacf030
2007.0/i586/doxygen-1.4.7-1.1mdv2007.0.i586.rpm
f673aab0185f79a8aa048f69b06807bf
2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7fca6ebbe6f07e51de7fd771678277b4
2007.0/x86_64/doxygen-1.4.7-1.1mdv2007.0.x86_64.rpm
f673aab0185f79a8aa048f69b06807bf
2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm

Corporate 3.0:
9452cede2d92671808eebe1adfc395ef
corporate/3.0/i586/doxygen-1.3.5-2.1.C30mdk.i586.rpm
9e84b6e12b77f43d123888b7ae05e5f4
corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
d988dc94c39515b3855116709bcc84de
corporate/3.0/x86_64/doxygen-1.3.5-2.1.C30mdk.x86_64.rpm
9e84b6e12b77f43d123888b7ae05e5f4
corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm

Corporate 4.0:
a3b4702c81d1739249d59782efb316dc
corporate/4.0/i586/doxygen-1.4.4-1.1.20060mlcs4.i586.rpm
8223a356c6cf8a790dd20b3d70533f19
corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0568b10460c651f18fd3e2a8e76b4300
corporate/4.0/x86_64/doxygen-1.4.4-1.1.20060mlcs4.x86_64.rpm
8223a356c6cf8a790dd20b3d70533f19
corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFXMIpmqjQ0CJFipgRAnt1AJ9NuzEsIC9PzHE278eZAhOPHjMh8QCePD/Q
pK8OJ2vhx3DqZ400EPH5QMw=
=R8Jo
-----END PGP SIGNATURE-----


------------=_1163719369-16192-1999
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1163719369-16192-1999--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung