[ MDVSA-2009:213 ] wxgtk




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:213
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wxgtk
Date : August 23, 2009
Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.

This update fixes this vulnerability.
_______________________________________________________________________

References:

https://bugs.gentoo.org/show_bug.cgi?id=280615
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
cd70e3562fc1453a74c54dc415114e8e 2008.1/i586/libwxgtk2.6-2.6.4-14.2mdv2008.1.i586.rpm
929cd8179308b93a22fccf0dc9e7a165 2008.1/i586/libwxgtk2.6-devel-2.6.4-14.2mdv2008.1.i586.rpm
e2d54a94aa52556beffd39a5e1eec746 2008.1/i586/libwxgtk2.8-2.8.7-1.2mdv2008.1.i586.rpm
7d6091f404680c2cc44234e39a4f38f1 2008.1/i586/libwxgtk2.8-devel-2.8.7-1.2mdv2008.1.i586.rpm
2c8afbdafabdfef2a45199a4a0910257 2008.1/i586/libwxgtkgl2.6-2.6.4-14.2mdv2008.1.i586.rpm
c11d5d57234dda587b701a9198f04d97 2008.1/i586/libwxgtkgl2.8-2.8.7-1.2mdv2008.1.i586.rpm
98c318c51c6815b4a99ccf1ddade2d63 2008.1/i586/libwxgtkglu2.6-2.6.4-14.2mdv2008.1.i586.rpm
79289de2fc580931d6a412ecbf9eed9f 2008.1/i586/libwxgtkglu2.8-2.8.7-1.2mdv2008.1.i586.rpm
5fbbee5ab35cf40fca02c7bef63465b4 2008.1/i586/libwxgtku2.6-2.6.4-14.2mdv2008.1.i586.rpm
5f29f2f96b6d09e7496e9e26a977a805 2008.1/i586/libwxgtku2.6-devel-2.6.4-14.2mdv2008.1.i586.rpm
21a1d192865f1fb0912ef0f1c19e3ed2 2008.1/i586/libwxgtku2.8-2.8.7-1.2mdv2008.1.i586.rpm
3c6cffdab1aeac2fba5d4c745ca0c659 2008.1/i586/libwxgtku2.8-devel-2.8.7-1.2mdv2008.1.i586.rpm
0af9291dc96e85b2a24636867a6d7f87 2008.1/i586/wxGTK2.6-2.6.4-14.2mdv2008.1.i586.rpm
4cdff1f1e072ab4b66345fbcf5fd3138 2008.1/i586/wxgtk2.8-2.8.7-1.2mdv2008.1.i586.rpm
4f328c77ce7320887c20503eb56784da 2008.1/SRPMS/wxGTK2.6-2.6.4-14.2mdv2008.1.src.rpm
81d27b0eba2bf081d733ebd595487e8f 2008.1/SRPMS/wxgtk2.8-2.8.7-1.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
4d37af6a7dcaf17724f780fbf1e6be13 2008.1/x86_64/lib64wxgtk2.6-2.6.4-14.2mdv2008.1.x86_64.rpm
f81b14d13dfeaafa61cb8d247511b92e 2008.1/x86_64/lib64wxgtk2.6-devel-2.6.4-14.2mdv2008.1.x86_64.rpm
5d3c2a73da6d4d622d86010428936525 2008.1/x86_64/lib64wxgtk2.8-2.8.7-1.2mdv2008.1.x86_64.rpm
7445fb0d80960c4d131b6c8bd1d16d35 2008.1/x86_64/lib64wxgtk2.8-devel-2.8.7-1.2mdv2008.1.x86_64.rpm
6a86cf73d4696f754db04259ff2c1d76 2008.1/x86_64/lib64wxgtkgl2.6-2.6.4-14.2mdv2008.1.x86_64.rpm
2e4c629defe2937ac0180366aca712d4 2008.1/x86_64/lib64wxgtkgl2.8-2.8.7-1.2mdv2008.1.x86_64.rpm
4dc7e4999156755b4f2e89559806cf99 2008.1/x86_64/lib64wxgtkglu2.6-2.6.4-14.2mdv2008.1.x86_64.rpm
59687cd7cdc0f3b58b71cc1d2e54ba5c 2008.1/x86_64/lib64wxgtkglu2.8-2.8.7-1.2mdv2008.1.x86_64.rpm
97b9a8435468a5c009872f9fdc2cbf7e 2008.1/x86_64/lib64wxgtku2.6-2.6.4-14.2mdv2008.1.x86_64.rpm
51c597e2e38dc2b34c18cc0f7d22c97f 2008.1/x86_64/lib64wxgtku2.6-devel-2.6.4-14.2mdv2008.1.x86_64.rpm
9898f7270a828c710e5460a35bb21821 2008.1/x86_64/lib64wxgtku2.8-2.8.7-1.2mdv2008.1.x86_64.rpm
cdd1df7c2187055b0106249e24215c7b 2008.1/x86_64/lib64wxgtku2.8-devel-2.8.7-1.2mdv2008.1.x86_64.rpm
426e8b21972258328e031636f7cfe446 2008.1/x86_64/wxGTK2.6-2.6.4-14.2mdv2008.1.x86_64.rpm
f392c01131bd4cf9552d68f16a212793 2008.1/x86_64/wxgtk2.8-2.8.7-1.2mdv2008.1.x86_64.rpm
4f328c77ce7320887c20503eb56784da 2008.1/SRPMS/wxGTK2.6-2.6.4-14.2mdv2008.1.src.rpm
81d27b0eba2bf081d733ebd595487e8f 2008.1/SRPMS/wxgtk2.8-2.8.7-1.2mdv2008.1.src.rpm

Mandriva Linux 2009.0:
4cf2dbe5b3283544c95b3f9172be9928 2009.0/i586/libwxgtk2.6-2.6.4-16.2mdv2009.0.i586.rpm
b7a6e601e393d3e84b4e1a54a443d0e3 2009.0/i586/libwxgtk2.6-devel-2.6.4-16.2mdv2009.0.i586.rpm
f8c478d7815a9460941ed40326700637 2009.0/i586/libwxgtk2.8-2.8.8-1.2mdv2009.0.i586.rpm
b58541a2bec74311256b4b02d8600ae1 2009.0/i586/libwxgtk2.8-devel-2.8.8-1.2mdv2009.0.i586.rpm
62b8fe6d504b92393fd5aaf4f7fb3804 2009.0/i586/libwxgtkgl2.6-2.6.4-16.2mdv2009.0.i586.rpm
ebcd1c2d4afd78d5c37d3d10a09f60d4 2009.0/i586/libwxgtkgl2.8-2.8.8-1.2mdv2009.0.i586.rpm
b5eb342dd3cab8b4b0993460bbe76e71 2009.0/i586/libwxgtkglu2.6-2.6.4-16.2mdv2009.0.i586.rpm
09db176ab00ba052a3c100df997fa92b 2009.0/i586/libwxgtkglu2.8-2.8.8-1.2mdv2009.0.i586.rpm
4e01c277b21cb70f69df4a60f6743615 2009.0/i586/libwxgtku2.6-2.6.4-16.2mdv2009.0.i586.rpm
d0e907ba8f0899dce210ab75febd1752 2009.0/i586/libwxgtku2.6-devel-2.6.4-16.2mdv2009.0.i586.rpm
c3cc2825a22c1726572dab17abe2912a 2009.0/i586/libwxgtku2.8-2.8.8-1.2mdv2009.0.i586.rpm
5465dfb9c65aee011271f2e8a44c1e97 2009.0/i586/libwxgtku2.8-devel-2.8.8-1.2mdv2009.0.i586.rpm
dd2cd45b3cffd10ab513c7c13a2c64f6 2009.0/i586/wxGTK2.6-2.6.4-16.2mdv2009.0.i586.rpm
cde351a4e621edd56a02fecc6ca4218b 2009.0/i586/wxgtk2.8-2.8.8-1.2mdv2009.0.i586.rpm
c7f45d86f2fb00554b7cfd2ca2317a5a 2009.0/SRPMS/wxGTK2.6-2.6.4-16.2mdv2009.0.src.rpm
f84d8987d04c154bf38886694129740d 2009.0/SRPMS/wxgtk2.8-2.8.8-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
17d159c7780d3cfd94ed603b42225848 2009.0/x86_64/lib64wxgtk2.6-2.6.4-16.2mdv2009.0.x86_64.rpm
191b3039a96bd1da2fc00aabb43c3586 2009.0/x86_64/lib64wxgtk2.6-devel-2.6.4-16.2mdv2009.0.x86_64.rpm
a2b06c2fd514ab04a3679a198c3f6634 2009.0/x86_64/lib64wxgtk2.8-2.8.8-1.2mdv2009.0.x86_64.rpm
16f9b9b7f3d2629dcec4b74b1df548b7 2009.0/x86_64/lib64wxgtk2.8-devel-2.8.8-1.2mdv2009.0.x86_64.rpm
719d052ce367c2f1e8881e276c06ea07 2009.0/x86_64/lib64wxgtkgl2.6-2.6.4-16.2mdv2009.0.x86_64.rpm
f23b3b9bf38c39fa07f599aa37d0dd27 2009.0/x86_64/lib64wxgtkgl2.8-2.8.8-1.2mdv2009.0.x86_64.rpm
17254e8fbbadbe60a729d3420d28c72a 2009.0/x86_64/lib64wxgtkglu2.6-2.6.4-16.2mdv2009.0.x86_64.rpm
22c2c38c18050b78ffc329d14aa9aafa 2009.0/x86_64/lib64wxgtkglu2.8-2.8.8-1.2mdv2009.0.x86_64.rpm
d62de16e883aac25e5e90c34e9049d36 2009.0/x86_64/lib64wxgtku2.6-2.6.4-16.2mdv2009.0.x86_64.rpm
816d0b5fca6cce0b86fc58a978dba430 2009.0/x86_64/lib64wxgtku2.6-devel-2.6.4-16.2mdv2009.0.x86_64.rpm
6126c791fd81fe2dd82cd3bb7cf0562f 2009.0/x86_64/lib64wxgtku2.8-2.8.8-1.2mdv2009.0.x86_64.rpm
f003ff7a13e168bd35160e0a0892c99c 2009.0/x86_64/lib64wxgtku2.8-devel-2.8.8-1.2mdv2009.0.x86_64.rpm
73ec2b1c0708a9c53e199687f5a54aa7 2009.0/x86_64/wxGTK2.6-2.6.4-16.2mdv2009.0.x86_64.rpm
f606c5aefd87760e8af36993bde1f317 2009.0/x86_64/wxgtk2.8-2.8.8-1.2mdv2009.0.x86_64.rpm
c7f45d86f2fb00554b7cfd2ca2317a5a 2009.0/SRPMS/wxGTK2.6-2.6.4-16.2mdv2009.0.src.rpm
f84d8987d04c154bf38886694129740d 2009.0/SRPMS/wxgtk2.8-2.8.8-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.1:
4449edb724c68f5bc539666d3f1c367a 2009.1/i586/libwxgtk2.8-2.8.9-3.2mdv2009.1.i586.rpm
387ce28024773d4cd071c290e3055245 2009.1/i586/libwxgtk2.8-devel-2.8.9-3.2mdv2009.1.i586.rpm
4cd7e75f99c6e1ffe4107eee7578cde6 2009.1/i586/libwxgtkgl2.8-2.8.9-3.2mdv2009.1.i586.rpm
ac8090da2f03cc7db40bb1f67ef69860 2009.1/i586/libwxgtkglu2.8-2.8.9-3.2mdv2009.1.i586.rpm
3cbcd989ec0061a27ee3968a52b7c895 2009.1/i586/libwxgtku2.8-2.8.9-3.2mdv2009.1.i586.rpm
2c7f7f8996b224d209db79c3a78254d9 2009.1/i586/libwxgtku2.8-devel-2.8.9-3.2mdv2009.1.i586.rpm
ae88f0037f8e2b3076e0c62f634dd61a 2009.1/i586/wxgtk2.8-2.8.9-3.2mdv2009.1.i586.rpm
627ab9b7be0ebbd48a81580a59a12fe6 2009.1/SRPMS/wxgtk2.8-2.8.9-3.2mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
f7502d45467f5324836bf6c9455290b7 2009.1/x86_64/lib64wxgtk2.8-2.8.9-3.2mdv2009.1.x86_64.rpm
84b0fa969460c387d3bb8047e779fca9 2009.1/x86_64/lib64wxgtk2.8-devel-2.8.9-3.2mdv2009.1.x86_64.rpm
942afb22e94d59602acf744686e7ade7 2009.1/x86_64/lib64wxgtkgl2.8-2.8.9-3.2mdv2009.1.x86_64.rpm
e3262874ac99f87d4c6835c9ffde71f5 2009.1/x86_64/lib64wxgtkglu2.8-2.8.9-3.2mdv2009.1.x86_64.rpm
23373d69fa8cb2ae0a5df8078a1ce347 2009.1/x86_64/lib64wxgtku2.8-2.8.9-3.2mdv2009.1.x86_64.rpm
975bddaa2c762a22c8f2d413006e91bd 2009.1/x86_64/lib64wxgtku2.8-devel-2.8.9-3.2mdv2009.1.x86_64.rpm
8fdbb107941a8befdf34d5268fbc9f9c 2009.1/x86_64/wxgtk2.8-2.8.9-3.2mdv2009.1.x86_64.rpm
627ab9b7be0ebbd48a81580a59a12fe6 2009.1/SRPMS/wxgtk2.8-2.8.9-3.2mdv2009.1.src.rpm

Mandriva Enterprise Server 5:
65d7e0cce48cc45b7046e9d9e173a2f2 mes5/i586/libwxgtk2.8-2.8.8-1.2mdvmes5.i586.rpm
54ca498e0636a85ecd3b9416bd3dc6fe mes5/i586/libwxgtk2.8-devel-2.8.8-1.2mdvmes5.i586.rpm
e0048e0b59d95f1373e7ad937d4b721a mes5/i586/libwxgtkgl2.8-2.8.8-1.2mdvmes5.i586.rpm
15b4f5681fde5acf46a8901ff1ece2a8 mes5/i586/libwxgtkglu2.8-2.8.8-1.2mdvmes5.i586.rpm
2797cc0b40f59730512fad3eac14c9cb mes5/i586/libwxgtku2.8-2.8.8-1.2mdvmes5.i586.rpm
6a072bac4f4327627f7778ed2728a38d mes5/i586/libwxgtku2.8-devel-2.8.8-1.2mdvmes5.i586.rpm
210571d5c6ef86b6bacf55bdbcb66af1 mes5/i586/wxgtk2.8-2.8.8-1.2mdvmes5.i586.rpm
13b367791194a6af3b1f761885e7f828 mes5/SRPMS/wxgtk2.8-2.8.8-1.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
91f09f1194e3265c099f14d970e14367 mes5/x86_64/lib64wxgtk2.8-2.8.8-1.2mdvmes5.x86_64.rpm
d204cf4b4bca378c601512c31658bc8a mes5/x86_64/lib64wxgtk2.8-devel-2.8.8-1.2mdvmes5.x86_64.rpm
3b4edd03ea2814cd1d7b642615d91dc9 mes5/x86_64/lib64wxgtkgl2.8-2.8.8-1.2mdvmes5.x86_64.rpm
a32d8c8a715a302901e477cc65b9c201 mes5/x86_64/lib64wxgtkglu2.8-2.8.8-1.2mdvmes5.x86_64.rpm
d5d645073971ae85c61d0b4ba8da6ec7 mes5/x86_64/lib64wxgtku2.8-2.8.8-1.2mdvmes5.x86_64.rpm
decb215e2fc6ece2254d9b6627ecf8e7 mes5/x86_64/lib64wxgtku2.8-devel-2.8.8-1.2mdvmes5.x86_64.rpm
864f28c4fd0093f083386b5399deb288 mes5/x86_64/wxgtk2.8-2.8.8-1.2mdvmes5.x86_64.rpm
13b367791194a6af3b1f761885e7f828 mes5/SRPMS/wxgtk2.8-2.8.8-1.2mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKkXPzmqjQ0CJFipgRAkOMAKDX0Eyuw2PFnn1LyrNpCPRiRA6uKgCgnTg3
ffzAJHsI8ZG+TeyhmJ5GyIY=
=GNVV
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2010:073-1 ] cups
    ... Use-after-free vulnerability in the abstract file-descriptor handling ... scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers ... The updated packages have been patched to correct these issues. ... Packages for Mandriva Linux 2010.0 was missing with ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2010:084 ] java-1.6.0-openjdk
    ... Multiple Java OpenJDK security vulnerabilities has been identified ... CMM readMabCurveData Buffer Overflow Vulnerability. ... Packages for 2009.0 are provided due to the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2010:084 ] java-1.6.0-openjdk
    ... Multiple Java OpenJDK security vulnerabilities has been identified ... CMM readMabCurveData Buffer Overflow Vulnerability. ... Packages for 2009.0 are provided due to the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [ MDVSA-2010:073-1 ] cups
    ... Use-after-free vulnerability in the abstract file-descriptor handling ... scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers ... The updated packages have been patched to correct these issues. ... Packages for Mandriva Linux 2010.0 was missing with ...
    (Bugtraq)
  • [Full-disclosure] [ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86 packages fix i
    ... Local exploitation of a memory corruption vulnerability in the X.Org ... Updated packages are patched to address these issues. ... Packages for Mandriva Linux 2007.1 are now available. ...
    (Full-Disclosure)