[Full-Disclosure] MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities

From: Mandrake Linux Security Team (security_at_linux-mandrake.com)
Date: 10/21/04

  • Next message: Todd Towles: "RE: [Full-Disclosure] Will a vote for John Kerry be counted by a Hart InterCivic eSlate3000 in Honolulu?"
    To: full-disclosure@lists.netsys.com
    Date: 21 Oct 2004 20:50:14 -0000
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                     Mandrakelinux Security Update Advisory
     _______________________________________________________________________

     Package name: wxGTK2
     Advisory ID: MDKSA-2004:111
     Date: October 21st, 2004

     Affected versions: 10.0
     ______________________________________________________________________

     Problem Description:

     Several vulnerabilities have been discovered in the libtiff package;
     wxGTK2 uses a libtiff code tree, so it may have the same
     vulnerabilities:
     
     Chris Evans discovered several problems in the RLE (run length
     encoding) decoders that could lead to arbitrary code execution.
     (CAN-2004-0803)
     
     Matthias Clasen discovered a division by zero through an integer
     overflow. (CAN-2004-0804)
     
     Dmitry V. Levin discovered several integer overflows that caused
     malloc issues which can result to either plain crash or memory
     corruption. (CAN-2004-0886)
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.0:
     89c1cb672d4c3b10f82028015bc70561 10.0/RPMS/libwxgtk2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
     cfce0a6e9ee754001a23ffd3c50c11db 10.0/RPMS/libwxgtk2.5-devel-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
     dd3cb6919ca0611c97c462acdb67b799 10.0/RPMS/libwxgtkgl2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
     162cbe607fe645bd9cbc65d5ef7095ef 10.0/RPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
     757b3b2aca258ecaedef0f16a8ea85da 10.0/SRPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.src.rpm

     Mandrakelinux 10.0/AMD64:
     0a871df7bb36c375d779304c453f521c amd64/10.0/RPMS/lib64wxgtk2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
     696c530bbd3fc68174a75231e68d2cee amd64/10.0/RPMS/lib64wxgtk2.5-devel-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
     ae7d9e51d3a93ba6581db43b26e6b626 amd64/10.0/RPMS/lib64wxgtkgl2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
     f93e1b508deaa09b4ea82a272a691371 amd64/10.0/RPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
     757b3b2aca258ecaedef0f16a8ea85da amd64/10.0/SRPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     All packages are signed by Mandrakesoft for security. You can obtain
     the GPG public key of the Mandrakelinux Security Team by executing:

      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

     You can view other update advisories for Mandrakelinux at:

      http://www.mandrakesoft.com/security/advisories

     If you want to report vulnerabilities, please contact

      security_linux-mandrake.com

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
      <security linux-mandrake.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQFBeCEGmqjQ0CJFipgRAiS+AJ94KmOihKIlOa7SwIVSQGnY8SNloACcDcW6
    S+KnG6wxTscbJZK0uhm5r80=
    =TSZs
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Todd Towles: "RE: [Full-Disclosure] Will a vote for John Kerry be counted by a Hart InterCivic eSlate3000 in Honolulu?"

    Relevant Pages