MDKSA-2004:049 - Updated libneon packages fix heap variable overflow issues

• Previous message: Thierry Carrez: "[ GLSA 200405-11 ] KDE URI Handler Vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 19 May 2004 18:27:09 -0000
To: bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name: libneon
 Advisory ID: MDKSA-2004:049
 Date: May 19th, 2004

 Affected versions: 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 It was discovered that in portions of neon, sscanf() is used in an unsafe
 manner. This will result in an overflow of a static heap variable.
 
 The updated packages provide a patched libneon to correct these
 problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 c4210d7bc9cf66d9787b66ab9fd2aad7 10.0/RPMS/libneon0.24-0.24.5-0.2.100mdk.i586.rpm
 55e73f435e3874af9f0071651578bb1b 10.0/RPMS/libneon0.24-devel-0.24.5-0.2.100mdk.i586.rpm
 50eea6e5d78f1d52f71f286608349c74 10.0/RPMS/libneon0.24-static-devel-0.24.5-0.2.100mdk.i586.rpm
 d50605f1b603303a0cadb37175c1a5e3 10.0/SRPMS/libneon-0.24.5-0.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 2b7eee868064046c077f095769fc9ecb amd64/10.0/RPMS/lib64neon0.24-0.24.5-0.2.100mdk.amd64.rpm
 4f2a2c05a74f7b0823ccec6961bd488d amd64/10.0/RPMS/lib64neon0.24-devel-0.24.5-0.2.100mdk.amd64.rpm
 28fbdae0e4ce0bcd859434726ca60bbf amd64/10.0/RPMS/lib64neon0.24-static-devel-0.24.5-0.2.100mdk.amd64.rpm
 d50605f1b603303a0cadb37175c1a5e3 amd64/10.0/SRPMS/libneon-0.24.5-0.2.100mdk.src.rpm

 Mandrakelinux 9.2:
 493d8de296578f6b79ff2f9dfd184e98 9.2/RPMS/libneon0.24-0.24.5-0.2.92mdk.i586.rpm
 22f236280bafdbc4dfbf4689885f29aa 9.2/RPMS/libneon0.24-devel-0.24.5-0.2.92mdk.i586.rpm
 1b4bc7135de9d6435fb34f75b30ef93a 9.2/RPMS/libneon0.24-static-devel-0.24.5-0.2.92mdk.i586.rpm
 7ad4ede0f92822aef97a89c92438f54d 9.2/SRPMS/libneon-0.24.5-0.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 acc2986d2b6230e6013adca7c8b9b025 amd64/9.2/RPMS/lib64neon0.24-0.24.5-0.2.92mdk.amd64.rpm
 aab98267d4df381730ca3cae16434590 amd64/9.2/RPMS/lib64neon0.24-devel-0.24.5-0.2.92mdk.amd64.rpm
 68b78514eaca5f4dcc0e19d918d5d664 amd64/9.2/RPMS/lib64neon0.24-static-devel-0.24.5-0.2.92mdk.amd64.rpm
 7ad4ede0f92822aef97a89c92438f54d amd64/9.2/SRPMS/libneon-0.24.5-0.2.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi. The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security. You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to. Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAq6b9mqjQ0CJFipgRAgvFAKDVm3MQbyCQkTr9vfQwRg/VggMY5QCgusp0
koCvbnT5uTB/jSiDLPlaL+U=
=QqYQ
-----END PGP SIGNATURE-----

• Previous message: Thierry Carrez: "[ GLSA 200405-11 ] KDE URI Handler Vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities ... The updated packages bring Ethereal to version 0.10.3 which is not ... All packages are signed by Mandrakesoft for security. ... the GPG public key of the Mandrakelinux Security Team by executing: ... Information on these lists can be obtained by ... (Bugtraq) [Full-Disclosure] MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities ... The updated packages bring Ethereal to version 0.10.3 which is not ... All packages are signed by Mandrakesoft for security. ... the GPG public key of the Mandrakelinux Security Team by executing: ... Information on these lists can be obtained by ... (Full-Disclosure) [Full-Disclosure] MDKSA-2004:048 - Updated cvs packages fix remotely exploitable vulnerability ... The updated packages contain a patch to correct the problem. ... All packages are signed by Mandrakesoft for security. ... the GPG public key of the Mandrakelinux Security Team by executing: ... Information on these lists can be obtained by ... (Full-Disclosure) [Full-Disclosure] MDKSA-2004:044 - Updated libuser packages fix vulnerability ... The updated packages provide a patched libuser to correct these ... All packages are signed by Mandrakesoft for security. ... the GPG public key of the Mandrakelinux Security Team by executing: ... Information on these lists can be obtained by ... (Full-Disclosure) MDKSA-2004:044 - Updated libuser packages fix vulnerability ... The updated packages provide a patched libuser to correct these ... All packages are signed by Mandrakesoft for security. ... the GPG public key of the Mandrakelinux Security Team by executing: ... Information on these lists can be obtained by ... (Bugtraq)