<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:053 - Updated xpcd package fix vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           xpcd
 Advisory ID:            MDKSA-2004:053
 Date:                   June 1st, 2004

 Affected versions:      10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar.
 xpcd-svga uses svgalib to display graphics on the console and it
 would copy user-supplied data of an arbitrary length into a fixed-size
 buffer in the pcd_open function.
 
 As well, Steve Kemp previously discovered a buffer overflow in
 xpcd-svga that could be triggered by a long HOME environment variable,
 which could be exploited by a local attacker to obtain root
 privileges.
 
 The updated packages resolve these vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0649
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0402
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 95c59861d1efef825ab730cba2691365  10.0/RPMS/xpcd-2.08-20.1.100mdk.i586.rpm
 3114811e46e3a4b82e053894f153643d  10.0/RPMS/xpcd-gimp-2.08-20.1.100mdk.i586.rpm
 b3df76a539187146894f18d67a2967fd  10.0/SRPMS/xpcd-2.08-20.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 50261e00a816e5621ce37d0f6320a941  
amd64/10.0/RPMS/xpcd-2.08-20.1.100mdk.amd64.rpm
 4362a1d3211af0c386aef08abfc74cc6  
amd64/10.0/RPMS/xpcd-gimp-2.08-20.1.100mdk.amd64.rpm
 b3df76a539187146894f18d67a2967fd  
amd64/10.0/SRPMS/xpcd-2.08-20.1.100mdk.src.rpm

 Mandrakelinux 9.2:
 907efca9e8de1fc9489755c919c51b8b  9.2/RPMS/xpcd-2.08-20.1.92mdk.i586.rpm
 41078887e2d6bf60d376540653e997f7  9.2/RPMS/xpcd-gimp-2.08-20.1.92mdk.i586.rpm
 9e2a2741fb7130324737a9262dbe8afb  9.2/SRPMS/xpcd-2.08-20.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 4f434cc67c282744664a14e285b24e9e  amd64/9.2/RPMS/xpcd-2.08-20.1.92mdk.amd64.rpm
 7b6d9c0dfe83763823cc007f0956b173  
amd64/9.2/RPMS/xpcd-gimp-2.08-20.1.92mdk.amd64.rpm
 9e2a2741fb7130324737a9262dbe8afb  amd64/9.2/SRPMS/xpcd-2.08-20.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAvPvgmqjQ0CJFipgRAo8iAJ45Y7VU+B4FPBUwtbpjNyq8WJPA7wCgoVf+
8St+6Ck5Tqq1iRjZpa9L/x4=
=iwPf
-----END PGP SIGNATURE-----