Sicherheit: Pufferüberläufe in SDL_image

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1202438895-4794-9832

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:040
http://www.mandriva.com/security/
_______________________________________________________________________

Package : SDL_image
Date : February 7, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image
contain a boundary error that could be triggered to cause a static
buffer overflow and a heap-based buffer overflow. If a user using
an application linked against the SDL_image library were to open a
carefully crafted GIF or IFF ILBM file, the application could crash
or possibly allow for the execution of arbitrary code.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0544
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
3b60927741b60c634afd430c5aa4ae00
2007.0/i586/libSDL_image1.2-1.2.5-1.1mdv2007.0.i586.rpm
71875c2de4180b5958a91107a974e327
2007.0/i586/libSDL_image1.2-devel-1.2.5-1.1mdv2007.0.i586.rpm
89b1410a912346b148393f95e01cfee0
2007.0/i586/libSDL_image1.2-test-1.2.5-1.1mdv2007.0.i586.rpm
f0142948917c13c85db6d9a414a744b2
2007.0/SRPMS/SDL_image-1.2.5-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
d2857eb81cc32a44621d047b432fab33
2007.0/x86_64/lib64SDL_image1.2-1.2.5-1.1mdv2007.0.x86_64.rpm
41ef7e520b3cca2670fcd0cb149f7c63
2007.0/x86_64/lib64SDL_image1.2-devel-1.2.5-1.1mdv2007.0.x86_64.rpm
ffa3317bcb0516f791317f2f917a8b74
2007.0/x86_64/lib64SDL_image1.2-test-1.2.5-1.1mdv2007.0.x86_64.rpm
f0142948917c13c85db6d9a414a744b2
2007.0/SRPMS/SDL_image-1.2.5-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
bb2d59af04d2816958816e327dbda0bc
2007.1/i586/libSDL_image1.2-1.2.5-2.1mdv2007.1.i586.rpm
44ce0300888500b1d1e4a3100ad268eb
2007.1/i586/libSDL_image1.2-devel-1.2.5-2.1mdv2007.1.i586.rpm
5441a072b2d68546aa54ed36e54829d5
2007.1/i586/libSDL_image1.2-test-1.2.5-2.1mdv2007.1.i586.rpm
e154807a8ec099e1d3dc547b932ceff6
2007.1/SRPMS/SDL_image-1.2.5-2.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
bc77c3b06e626902adc6372ef553442c
2007.1/x86_64/lib64SDL_image1.2-1.2.5-2.1mdv2007.1.x86_64.rpm
0fca19243b1718cce5b696bc4a0c6028
2007.1/x86_64/lib64SDL_image1.2-devel-1.2.5-2.1mdv2007.1.x86_64.rpm
a700e02ec34d2c29faa682da74545d8b
2007.1/x86_64/lib64SDL_image1.2-test-1.2.5-2.1mdv2007.1.x86_64.rpm
e154807a8ec099e1d3dc547b932ceff6
2007.1/SRPMS/SDL_image-1.2.5-2.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
e40fff1a799fe26e0374702198768c48
2008.0/i586/libSDL_image1.2-1.2.6-1.1mdv2008.0.i586.rpm
1a021d41e4efa44a2df41939e70aa479
2008.0/i586/libSDL_image1.2-devel-1.2.6-1.1mdv2008.0.i586.rpm
22a22ac45381677f13e3b053c62f47d4
2008.0/i586/libSDL_image1.2-test-1.2.6-1.1mdv2008.0.i586.rpm
0ed8f31fca8e68ee38e66714ed0b2ea5
2008.0/SRPMS/SDL_image-1.2.6-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
aaf18e912ee7ae18060f5a45f8b52d5c
2008.0/x86_64/lib64SDL_image1.2-1.2.6-1.1mdv2008.0.x86_64.rpm
63c882b5750b11cf1aec1669d26eed40
2008.0/x86_64/lib64SDL_image1.2-devel-1.2.6-1.1mdv2008.0.x86_64.rpm
96b96533f54e7297fb68e0de1682bc28
2008.0/x86_64/lib64SDL_image1.2-test-1.2.6-1.1mdv2008.0.x86_64.rpm
0ed8f31fca8e68ee38e66714ed0b2ea5
2008.0/SRPMS/SDL_image-1.2.6-1.1mdv2008.0.src.rpm

Corporate 3.0:
3eb65d139568c061dd34e599a7ebdfdb
corporate/3.0/i586/libSDL_image1.2-1.2.3-3.1.C30mdk.i586.rpm
fce96c4bfc823e5f8ae308daedabbdfe
corporate/3.0/i586/libSDL_image1.2-devel-1.2.3-3.1.C30mdk.i586.rpm
828b87047944aec9533b04f9e95df814
corporate/3.0/i586/libSDL_image1.2-test-1.2.3-3.1.C30mdk.i586.rpm
47cd75e075030313a3259560d7173de7
corporate/3.0/SRPMS/SDL_image-1.2.3-3.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
700a0b9eeceb7958270c7469b4d9526e
corporate/3.0/x86_64/lib64SDL_image1.2-1.2.3-3.1.C30mdk.x86_64.rpm
0247d9f7c8c3c07b0a6d8eaf0ddb49ad
corporate/3.0/x86_64/lib64SDL_image1.2-devel-1.2.3-3.1.C30mdk.x86_64.rpm
d88895f601d1ead8ceef727e141c06ae
corporate/3.0/x86_64/lib64SDL_image1.2-test-1.2.3-3.1.C30mdk.x86_64.rpm
47cd75e075030313a3259560d7173de7
corporate/3.0/SRPMS/SDL_image-1.2.3-3.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHq5eZmqjQ0CJFipgRAoe0AJ9qE3LjXli6q+ky0PBgI1nF/4QemACg9Sv5
8ujlkUUFzW7tHKzY87ADskk=
=iqdO
-----END PGP SIGNATURE-----

------------=_1202438895-4794-9832
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1202438895-4794-9832--