Sicherheit: Mehrere Probleme in netpbm

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1246056331-22127-327

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:143
http://www.mandriva.com/security/
_______________________________________________________________________

Package : netpbm
Date : June 26, 2009
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple security vulnerabilities has been identified and fixed
in netpbm:

Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).

Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).

The updated packages have been patched to prevent this.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
ee725813ce84328353f254deaae6fb37
corporate/4.0/i586/libnetpbm10-10.29-1.5.20060mlcs4.i586.rpm
2aa11003c3f25f8e8c24b77bb149651c
corporate/4.0/i586/libnetpbm10-devel-10.29-1.5.20060mlcs4.i586.rpm
986bf041d7635b323627d1e22d1dcad5
corporate/4.0/i586/libnetpbm10-static-devel-10.29-1.5.20060mlcs4.i586.rpm
785b15f9024d98211c8dce6924db0a1b
corporate/4.0/i586/netpbm-10.29-1.5.20060mlcs4.i586.rpm
3e1a668baa86c6b280ec7cd07547c93c
corporate/4.0/SRPMS/netpbm-10.29-1.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
d298f85e7e353913ac97ea15dc01a674
corporate/4.0/x86_64/lib64netpbm10-10.29-1.5.20060mlcs4.x86_64.rpm
70485d93a13188b2210a8024a96bc4f3
corporate/4.0/x86_64/lib64netpbm10-devel-10.29-1.5.20060mlcs4.x86_64.rpm
5c0f09c43181f26f57b0ced97be203ff
corporate/4.0/x86_64/lib64netpbm10-static-devel-10.29-1.5.20060mlcs4.x86_64.rpm
3176c141b4a8b67f6418bb7ebe333675
corporate/4.0/x86_64/netpbm-10.29-1.5.20060mlcs4.x86_64.rpm
3e1a668baa86c6b280ec7cd07547c93c
corporate/4.0/SRPMS/netpbm-10.29-1.5.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKRSSJmqjQ0CJFipgRAujBAKDtyVM+3LrDfWdPPN/+L1zN84kJvwCfRtlT
sB0NMhjI53zZSelwdUaTBrg=
=APY8
-----END PGP SIGNATURE-----

------------=_1246056331-22127-327
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1246056331-22127-327--