[Full-disclosure] MDKSA-2005:144 - Updated wxPythonGTK packages several vulnerabilities

From: Mandriva Security Team (security_at_mandriva.com)
Date: 08/18/05

  • Next message: Bennett Todd: "[Full-disclosure] Re: not telling enough - ethics"
    To: full-disclosure@lists.grok.org.uk
    Date: Thu, 18 Aug 2005 14:10:11 -0600
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                    Mandriva Linux Security Update Advisory
     _______________________________________________________________________

     Package name: wxPythonGTK
     Advisory ID: MDKSA-2005:144
     Date: August 18th, 2005

     Affected versions: 10.1, 10.2, Corporate 3.0
     ______________________________________________________________________

     Problem Description:

     Wouter Hanegraaff discovered that the TIFF library did not sufficiently
     validate the "YCbCr subsampling" value in TIFF image headers. Decoding
     a malicious image with a zero value resulted in an arithmetic exception,
     which can cause a program that uses the TIFF library to crash.
     
     wxPythonGTK uses an embedded libtiff source tree, and as such has the
     same vulnerability.
     
     The updated packages have been rebuilt using the system libraries and
     should now incorporate all the updates to libjpeg, libpng, libtiff and
     zlib.
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.1:
     1792bef2b7c38d434f5c580885918fa9 10.1/RPMS/libwxPythonGTK2.5_2-2.5.2.7-3.1.101mdk.i586.rpm
     e74ecbc67fb44bc41c211c9c48d99bf2 10.1/RPMS/libwxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk.i586.rpm
     cbc0ab1e5ff4890e6ca773bc106a22ba 10.1/RPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.i586.rpm
     b9a21a161373a223927041bfb59e9daa 10.1/SRPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.src.rpm

     Mandrakelinux 10.1/X86_64:
     58a22e1baf7b89f5cba1904cc385a62d x86_64/10.1/RPMS/lib64wxPythonGTK2.5_2-2.5.2.7-3.1.101mdk.x86_64.rpm
     3416e43ec121b43dd0fa320ced1a1692 x86_64/10.1/RPMS/lib64wxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk.x86_64.rpm
     04420e8c6fa31ae8266bf1646442665b x86_64/10.1/RPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.x86_64.rpm
     b9a21a161373a223927041bfb59e9daa x86_64/10.1/SRPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.src.rpm

     Mandrakelinux 10.2:
     8deaae175c40b0b2aae1c0a9260e6c5e 10.2/RPMS/libwxPythonGTK2.5_3-2.5.3.1-3.1.102mdk.i586.rpm
     b240df592e137d2b429118a51561475f 10.2/RPMS/libwxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk.i586.rpm
     142a95ae853496fa62488898a8e22a5c 10.2/RPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.i586.rpm
     8a04fcd0d0d70bc22549b20374aa2fc4 10.2/SRPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.src.rpm

     Mandrakelinux 10.2/X86_64:
     3641fdd53027c69755b2026f9868bcd4 x86_64/10.2/RPMS/lib64wxPythonGTK2.5_3-2.5.3.1-3.1.102mdk.x86_64.rpm
     a84597c3db0f2f38f493693d0cfbf0d6 x86_64/10.2/RPMS/lib64wxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk.x86_64.rpm
     f453d626b50c9f8e5fd7b801f06a53c6 x86_64/10.2/RPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.x86_64.rpm
     8a04fcd0d0d70bc22549b20374aa2fc4 x86_64/10.2/SRPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.src.rpm

     Corporate 3.0:
     30310777699ba2bc43269fea791785a6 corporate/3.0/RPMS/libwxPythonGTK2.4-2.4.2.4-2.1.C30mdk.i586.rpm
     2ab1c06543b33f2304caa2f75c234a74 corporate/3.0/RPMS/libwxPythonGTK2.4-devel-2.4.2.4-2.1.C30mdk.i586.rpm
     1ff251baed6af07e5604521ae8390f06 corporate/3.0/RPMS/wxPythonGTK-2.4.2.4-2.1.C30mdk.i586.rpm
     fbf97259f8e496bf20af99c1cacb08b1 corporate/3.0/SRPMS/wxPythonGTK-2.4.2.4-2.1.C30mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     All packages are signed by Mandriva for security. You can obtain the
     GPG public key of the Mandriva Security Team by executing:

      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

     You can view other update advisories for Mandriva Linux at:

      http://www.mandriva.com/security/advisories

     If you want to report vulnerabilities, please contact

      security_(at)_mandriva.com
     _______________________________________________________________________

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Mandriva Security Team
      <security*mandriva.com>

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFDBOsjmqjQ0CJFipgRAi91AJwOyfuUHD4/Zr5KsndSbEJqAzI7MgCfRb2r
    wUXPRILQAr0ZQlQMXBFxZT4=
    =6Vnf
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Bennett Todd: "[Full-disclosure] Re: not telling enough - ethics"

    Relevant Pages