drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in xli
Name: |
Zwei Probleme in xli |
|
ID: |
MDKSA-2005:076 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva 10.1, Mandriva Corporate 3.0, Mandriva Corporate Server 2.1, Mandriva 10.2 |
|
Datum: |
Fr, 22. April 2005, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0639 |
|
Applikationen: |
xloadimage |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory _______________________________________________________________________
Package name: xli Advisory ID: MDKSA-2005:076 Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________
Problem Description:
A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CAN-2005-0638). It was also found that insufficient validation of image properties could potentially result in buffer management errors (CAN-2005-0639). The updated packages have been patched to correct these problems. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0638 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0639 ______________________________________________________________________
Updated Packages: Mandrakelinux 10.1: f5ad03e5bb1c8b93fc1ebca1d7e2e111 10.1/RPMS/xli-1.17.0-8.1.101mdk.i586.rpm 757220d489a0cbafd393140ea7d5e205 10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64: e798f226cabe865cd3b0a8f3f9292b6d x86_64/10.1/RPMS/xli-1.17.0-8.1.101mdk.x86_64.rpm 757220d489a0cbafd393140ea7d5e205 x86_64/10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm
Mandrakelinux 10.2: 5e5bbac4a40ffc0f7156e671eb920ea0 10.2/RPMS/xli-1.17.0-8.1.102mdk.i586.rpm d6ee5ee583d8415f0028b2854ed19b3b 10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64: b49c19725cbc2850ead82731758fe8d8 x86_64/10.2/RPMS/xli-1.17.0-8.1.102mdk.x86_64.rpm d6ee5ee583d8415f0028b2854ed19b3b x86_64/10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm
Corporate Server 2.1: c89d695075c7117381d50301745bc82e corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.i586.rpm c219935cd3fb090af95d6467919faff1 corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64: 8b4a39d741f4eb8fde469411359cad5b x86_64/corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.x86_64.rpm c219935cd3fb090af95d6467919faff1 x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm
Corporate 3.0: fdbf0745aeb6733d6894afa089ac7dd2 corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.i586.rpm 88043776962e4a8bed6b538ae8d28824 corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm
Corporate 3.0/X86_64: ac33b6d6d9475104bb25c2bde9dfe0c7 x86_64/corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.x86_64.rpm 88043776962e4a8bed6b538ae8d28824 x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm _______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCZ1IJmqjQ0CJFipgRAjuRAKC+hW1sMUuM5yJN5UfSQ4nny/aFmgCeJ5zb 7no1gaq2GPMYobcTEPhHiAU= =NSEJ -----END PGP SIGNATURE-----
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
|
|
|
|