[ MDVSA-2011:010 ] xfig



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:010
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xfig
Date : January 15, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in xfig:

Stack-based buffer overflow in the read_1_3_textobject function in
f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject
function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier,
allows remote attackers to execute arbitrary code via a long string
in a malformed .fig file that uses the 1.3 file format. NOTE:
some of these details are obtained from third party information
(CVE-2009-4227).

Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier
allows remote attackers to cause a denial of service (application
crash) via a long string in a malformed .fig file that uses the 1.3
file format, possibly related to the readfp_fig function in f_read.c
(CVE-2009-4228).

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a FIG image with a crafted color definition
(CVE-2010-4262).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4262
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
e39602fc8ee985c8b9a53872593a0f81 2009.0/i586/xfig-3.2.5-4.1mdv2009.0.i586.rpm
1939fb7dc9bea4407c6ef8fac24ed8cf 2009.0/SRPMS/xfig-3.2.5-4.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
2d23d023c54c3e97e0785a4c132e6920 2009.0/x86_64/xfig-3.2.5-4.1mdv2009.0.x86_64.rpm
1939fb7dc9bea4407c6ef8fac24ed8cf 2009.0/SRPMS/xfig-3.2.5-4.1mdv2009.0.src.rpm

Mandriva Linux 2010.0:
fa216772dd4e5cce2646af8e3fdab037 2010.0/i586/xfig-3.2.5b-1.3mdv2010.0.i586.rpm
a5d6698dd7015208f7c2bdaa94eaded8 2010.0/SRPMS/xfig-3.2.5b-1.3mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
41a861a853686f15faf79ac78d23f01b 2010.0/x86_64/xfig-3.2.5b-1.3mdv2010.0.x86_64.rpm
a5d6698dd7015208f7c2bdaa94eaded8 2010.0/SRPMS/xfig-3.2.5b-1.3mdv2010.0.src.rpm

Mandriva Linux 2010.1:
6246b2d654ecc3208eb6a1484e656680 2010.1/i586/xfig-3.2.5b-3.1mdv2010.2.i586.rpm
1d0ca214e51934ffe9d52e7a4ed9b589 2010.1/SRPMS/xfig-3.2.5b-3.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
e967afae295de665073e0c9ef751e86d 2010.1/x86_64/xfig-3.2.5b-3.1mdv2010.2.x86_64.rpm
1d0ca214e51934ffe9d52e7a4ed9b589 2010.1/SRPMS/xfig-3.2.5b-3.1mdv2010.2.src.rpm

Corporate 4.0:
66396295f199c85cdba5b7c83efd82c6 corporate/4.0/i586/xfig-3.2.5-0.4.20060mlcs4.i586.rpm
047a3ee6ff83f35c6c7a167f442af9b8 corporate/4.0/SRPMS/xfig-3.2.5-0.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0089a3e8d5436d7ea3a72afad505a39b corporate/4.0/x86_64/xfig-3.2.5-0.4.20060mlcs4.x86_64.rpm
047a3ee6ff83f35c6c7a167f442af9b8 corporate/4.0/SRPMS/xfig-3.2.5-0.4.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNMfMSmqjQ0CJFipgRAuy4AJ9cJPnx510QGOr4rS0WWSd98c105gCgwS0l
51YvC5zhkNyiQiTTb57njsA=
=bct3
-----END PGP SIGNATURE-----