MDKSA-2005:076 - Updated xli packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: xli
Advisory ID: MDKSA-2005:076
Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities have been found in the xli image viewer.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw
in the handling of compressed images where shell meta-characters are
not properly escaped (CAN-2005-0638). It was also found that
insufficient validation of image properties could potentially result
in buffer management errors (CAN-2005-0639).
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0639
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
f5ad03e5bb1c8b93fc1ebca1d7e2e111 10.1/RPMS/xli-1.17.0-8.1.101mdk.i586.rpm
757220d489a0cbafd393140ea7d5e205 10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
e798f226cabe865cd3b0a8f3f9292b6d
x86_64/10.1/RPMS/xli-1.17.0-8.1.101mdk.x86_64.rpm
757220d489a0cbafd393140ea7d5e205
x86_64/10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm
Mandrakelinux 10.2:
5e5bbac4a40ffc0f7156e671eb920ea0 10.2/RPMS/xli-1.17.0-8.1.102mdk.i586.rpm
d6ee5ee583d8415f0028b2854ed19b3b 10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
b49c19725cbc2850ead82731758fe8d8
x86_64/10.2/RPMS/xli-1.17.0-8.1.102mdk.x86_64.rpm
d6ee5ee583d8415f0028b2854ed19b3b
x86_64/10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm
Corporate Server 2.1:
c89d695075c7117381d50301745bc82e
corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.i586.rpm
c219935cd3fb090af95d6467919faff1
corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
8b4a39d741f4eb8fde469411359cad5b
x86_64/corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.x86_64.rpm
c219935cd3fb090af95d6467919faff1
x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm
Corporate 3.0:
fdbf0745aeb6733d6894afa089ac7dd2
corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.i586.rpm
88043776962e4a8bed6b538ae8d28824
corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
ac33b6d6d9475104bb25c2bde9dfe0c7
x86_64/corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.x86_64.rpm
88043776962e4a8bed6b538ae8d28824
x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCZ1IJmqjQ0CJFipgRAjuRAKC+hW1sMUuM5yJN5UfSQ4nny/aFmgCeJ5zb
7no1gaq2GPMYobcTEPhHiAU=
=NSEJ
-----END PGP SIGNATURE-----