Login
Newsletter
Werbung
Sicherheit: Pufferüberläufe in kdegraphics
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in kdegraphics
ID: MDKSA-2006:136
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0
Datum: Mi, 2. August 2006, 02:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
Applikationen: KDE Software Compilation

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1154478861-9299-735


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:136
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdegraphics
 Date    : August 1, 2006
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy, Google Security Team, discovered several vulnerabilites
 the libtiff image processing library. Older versions of kdegraphics use
 an embedded copy of the libtiff code, with possibly the same
 vulnerabilities:
 
 Several buffer overflows have been discovered, including a stack
 buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is
 used to read two unsigned shorts from the input file. While a bounds
 check is performed via CheckDirCount(), no action is taken on the
 result allowing a pathological tdir_count to read an arbitrary number
 of unsigned shorts onto a stack buffer. (CVE-2006-3459) 
 
 A heap overflow vulnerability was discovered in the jpeg decoder,
 where TIFFScanLineSize() is  documented to return the size in bytes
 that a subsequent call to TIFFReadScanline() would write, however the
 encoded jpeg stream may disagree with these results and overrun the
 buffer with more data than expected. (CVE-2006-3460)
 
 The NeXT RLE decoder was also vulnerable to a heap overflow
 vulnerability, where no bounds checking was performed on the result of
 certain RLE decoding operations. This was solved by ensuring the
 number of pixels written did not exceed the size of the scanline
 buffer already prepared. (CVE-2006-3462)
 
 An infinite loop was discovered in EstimateStripByteCounts(), where a
 16bit unsigned short was used to iterate over a 32bit unsigned value,
 should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the
 loop would never terminate and continue forever. (CVE-2006-3463)
 
 Multiple unchecked arithmetic operations were uncovered, including a
 number of the range checking operations deisgned to ensure the offsets
 specified in tiff directories are legitimate. These  can be caused to
 wrap for extreme values, bypassing sanity checks. Additionally, a
 number of codepaths were uncovered where assertions did not hold true,
 resulting in the client application calling abort(). (CVE-2006-3464)
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 ffe82a8c94848359195a701299aa19b1 
 corporate/3.0/RPMS/kdegraphics-3.2-15.12.C30mdk.i586.rpm
 4e8f11ba3a0c99c69c128e106e87054b 
 corporate/3.0/RPMS/kdegraphics-common-3.2-15.12.C30mdk.i586.rpm
 50eb22c5dd901bc8fa21b555ba95b50b 
 corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.12.C30mdk.i586.rpm
 49e8afb51a0bf84832efe7ad612e2f68 
 corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.12.C30mdk.i586.rpm
 7887720f05d3a9a45b849aa372aaf727 
 corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.12.C30mdk.i586.rpm
 0f2eba3232a585463cb5adaba611e8d9 
 corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.12.C30mdk.i586.rpm
 0e590ee1edf76c6a8cec5e87f0d6d3ad 
 corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.12.C30mdk.i586.rpm
 c3b8af17de250652eb59fe9824500847 
 corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.12.C30mdk.i586.rpm
 a42c4b132192b823c8e0d516c2c59ea5 
 corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.12.C30mdk.i586.rpm
 78d76cf40472248ae81e296bfb0688f7 
 corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.12.C30mdk.i586.rpm
 8775439408ddd984d92721cec5c450c0 
 corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.12.C30mdk.i586.rpm
 324e0c5054f677229884cd940193e8cb 
 corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.12.C30mdk.i586.rpm
 7d4c56e5f329fa4aaff59a68340ab1c4 
 corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.12.C30mdk.i586.rpm
 7fd0b572f5f14217d6351a2541e00eba 
 corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.12.C30mdk.i586.rpm
 539a8dbb1b3541eb91766ec6723eb5f5 
 corporate/3.0/RPMS/kdegraphics-kview-3.2-15.12.C30mdk.i586.rpm
 35697d28e45aa111345ac4dcdf74cfb9 
 corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.12.C30mdk.i586.rpm
 3ffbe6daaf39f4cf7d82361ce5c98775 
 corporate/3.0/RPMS/libkdegraphics0-common-3.2-15.12.C30mdk.i586.rpm
 8e1a27553501fa692fe636e4b47e6e4a 
 corporate/3.0/RPMS/libkdegraphics0-common-devel-3.2-15.12.C30mdk.i586.rpm
 07c85d488505f6a1d2b76ca471f44df2 
 corporate/3.0/RPMS/libkdegraphics0-kooka-3.2-15.12.C30mdk.i586.rpm
 cb66d0274660cd8ae83011c81549817a 
 corporate/3.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.12.C30mdk.i586.rpm
 e7ebdfdb1f7de60a67c12d12fb707391 
 corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.12.C30mdk.i586.rpm
 4097d61133e196d5befdb27416d2852b 
 corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.12.C30mdk.i586.rpm
 2bebf0ea38c518bdf949ce5ccb5f6fee 
 corporate/3.0/RPMS/libkdegraphics0-ksvg-3.2-15.12.C30mdk.i586.rpm
 055a6c51d85eaf06a41a1ff58b05d60f 
 corporate/3.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.12.C30mdk.i586.rpm
 57d301f6fd18ab065b8ff0ef03d1ce1a 
 corporate/3.0/RPMS/libkdegraphics0-kuickshow-3.2-15.12.C30mdk.i586.rpm
 d951ff658d420ba1d02903af2741ee1e 
 corporate/3.0/RPMS/libkdegraphics0-kview-3.2-15.12.C30mdk.i586.rpm
 9affc4cf4a576b53ce6115597b934b07 
 corporate/3.0/RPMS/libkdegraphics0-kview-devel-3.2-15.12.C30mdk.i586.rpm
 3f82bebd036a81c07910a92a41cf67f2 
 corporate/3.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.12.C30mdk.i586.rpm
 7da97a6a01cc1ee884b57a63f532ae6e 
 corporate/3.0/SRPMS/kdegraphics-3.2-15.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 9aea4a7d7363002d86d3e5bf4a3f989c 
 x86_64/corporate/3.0/RPMS/kdegraphics-3.2-15.12.C30mdk.x86_64.rpm
 2ae89f69ce9a016fb8c4d0e3e36d43be 
 x86_64/corporate/3.0/RPMS/kdegraphics-common-3.2-15.12.C30mdk.x86_64.rpm
 d8195cf7e7848a81f3de13385f98d12a 
 x86_64/corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.12.C30mdk.x86_64.rpm
 316c9ce7fcc39e4fddd1bbabd1f14caf 
 x86_64/corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.12.C30mdk.x86_64.rpm
 c9d4aff70f034a34bc45f3e4898ce1c3 
 x86_64/corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.12.C30mdk.x86_64.rpm
 8851cd0f9265ba9a74eeee6f9f260d08 
 x86_64/corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.12.C30mdk.x86_64.rpm
 482a85cdee1f349f37d5260ef61c4e45 
 x86_64/corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.12.C30mdk.x86_64.rpm
 6d877b1991d4b033fe65b1959f5cc83f 
 x86_64/corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.12.C30mdk.x86_64.rpm
 5695710f2da2f7e4932cec14affcd227 
 x86_64/corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.12.C30mdk.x86_64.rpm
 abbf166e5edf694b11507c488fdd7bd9 
 x86_64/corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.12.C30mdk.x86_64.rpm
 9792b16c83ff79618a53ef75ce17ab2d 
 x86_64/corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.12.C30mdk.x86_64.rpm
 7304c418876d04f729771c013356b29f 
 x86_64/corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.12.C30mdk.x86_64.rpm
 d71200dbae7ee507efe8b524d1d0ea90 
 x86_64/corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.12.C30mdk.x86_64.rpm
 9ccf9a90d87a2deda26d624bc956219f 
 x86_64/corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.12.C30mdk.x86_64.rpm
 6089e2fd15c38a71e49ad7a396cbb987 
 x86_64/corporate/3.0/RPMS/kdegraphics-kview-3.2-15.12.C30mdk.x86_64.rpm
 797f03c1792a9a8d1ef1f19a69d3a344 
 x86_64/corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.12.C30mdk.x86_64.rpm
 6bee61c89fcd6e95f49db89f36eb1541 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-3.2-15.12.C30mdk.x86_64.rpm
 06f97ba7f3ab4a14f4dc6ee60113741e 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.12.C30mdk.x86_64.rpm
 7e6c67ba4e81a922e5201d8dcb2ef742 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-3.2-15.12.C30mdk.x86_64.rpm
 566c9e310a35f17f25ebe5939deb515b 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.12.C30mdk.x86_64.rpm
 b8a16808b64873d4cdbdba01632c358f 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.12.C30mdk.x86_64.rpm
 a2dc96c8eeadbfc11619ee72e165c3a4 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.12.C30mdk.x86_64.rpm
 dc55dbb5d5ded3918bd20f762d2c9bdc 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.12.C30mdk.x86_64.rpm
 5f1a91bfc2c835989bc2471d459ae534 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.12.C30mdk.x86_64.rpm
 03e89291ec1a8722fa4a48df390ccaa5 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.12.C30mdk.x86_64.rpm
 11a242471daafa5cd19d71360676cae6 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-3.2-15.12.C30mdk.x86_64.rpm
 7d1945bbd292094bebdd66ba0eab18f7 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.12.C30mdk.x86_64.rpm
 804b8efff16a11377bb24bd4efd03d01 
 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.12.C30mdk.x86_64.rpm
 7da97a6a01cc1ee884b57a63f532ae6e 
 x86_64/corporate/3.0/SRPMS/kdegraphics-3.2-15.12.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEz4SQmqjQ0CJFipgRAtmDAJoC2SbJFPu2EYZYfxoZD+6+6jytlwCcCsGs
61Tnsza/Jz0VjAoTVBTjnhA=
=qGgE
-----END PGP SIGNATURE-----


------------=_1154478861-9299-735
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1154478861-9299-735--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung