Sicherheit: Zwei Probleme in xli

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: xli
Advisory ID: MDKSA-2005:076
Date: April 20th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A number of vulnerabilities have been found in the xli image viewer.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw
in the handling of compressed images where shell meta-characters are
not properly escaped (CAN-2005-0638). It was also found that
insufficient validation of image properties could potentially result
in buffer management errors (CAN-2005-0639).

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0639
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
f5ad03e5bb1c8b93fc1ebca1d7e2e111 10.1/RPMS/xli-1.17.0-8.1.101mdk.i586.rpm
757220d489a0cbafd393140ea7d5e205 10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
e798f226cabe865cd3b0a8f3f9292b6d
x86_64/10.1/RPMS/xli-1.17.0-8.1.101mdk.x86_64.rpm
757220d489a0cbafd393140ea7d5e205
x86_64/10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm

Mandrakelinux 10.2:
5e5bbac4a40ffc0f7156e671eb920ea0 10.2/RPMS/xli-1.17.0-8.1.102mdk.i586.rpm
d6ee5ee583d8415f0028b2854ed19b3b 10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
b49c19725cbc2850ead82731758fe8d8
x86_64/10.2/RPMS/xli-1.17.0-8.1.102mdk.x86_64.rpm
d6ee5ee583d8415f0028b2854ed19b3b
x86_64/10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm

Corporate Server 2.1:
c89d695075c7117381d50301745bc82e
corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.i586.rpm
c219935cd3fb090af95d6467919faff1
corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
8b4a39d741f4eb8fde469411359cad5b
x86_64/corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.x86_64.rpm
c219935cd3fb090af95d6467919faff1
x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm

Corporate 3.0:
fdbf0745aeb6733d6894afa089ac7dd2
corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.i586.rpm
88043776962e4a8bed6b538ae8d28824
corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
ac33b6d6d9475104bb25c2bde9dfe0c7
x86_64/corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.x86_64.rpm
88043776962e4a8bed6b538ae8d28824
x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCZ1IJmqjQ0CJFipgRAjuRAKC+hW1sMUuM5yJN5UfSQ4nny/aFmgCeJ5zb
7no1gaq2GPMYobcTEPhHiAU=
=NSEJ
-----END PGP SIGNATURE-----

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________