MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gnome-vfs2
Advisory ID: MDKSA-2005:074
Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow bug was found by Joseph VanAndel in the way that grip
handles data returned by CDDB servers. If a user connected to a
malicious CDDB server, an attacker could execute arbitrary code on the
user's machine. This same vulnerability is present in the gnome-vfs2
code.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
5239e6ab9f4a24c2989ff2317c743cb0
10.1/RPMS/gnome-vfs2-2.6.2-7.1.101mdk.i586.rpm
08d6d7dcebd62773620441ef1c35eb58
10.1/RPMS/libgnome-vfs2_0-2.6.2-7.1.101mdk.i586.rpm
2a7241618cf989091dcf75e60e2a1041
10.1/RPMS/libgnome-vfs2_0-devel-2.6.2-7.1.101mdk.i586.rpm
765d4f62ab8e314a96e419b5c51d540b
10.1/SRPMS/gnome-vfs2-2.6.2-7.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
4251d3ab183bbfbd0ef4a79b65740004
x86_64/10.1/RPMS/gnome-vfs2-2.6.2-7.1.101mdk.x86_64.rpm
c2b54afacf29f7148561a3e7f8bc3695
x86_64/10.1/RPMS/lib64gnome-vfs2_0-2.6.2-7.1.101mdk.x86_64.rpm
8c64c5379d83bf9e001617bae1935376
x86_64/10.1/RPMS/lib64gnome-vfs2_0-devel-2.6.2-7.1.101mdk.x86_64.rpm
765d4f62ab8e314a96e419b5c51d540b
x86_64/10.1/SRPMS/gnome-vfs2-2.6.2-7.1.101mdk.src.rpm
Mandrakelinux 10.2:
f60b317e9d82a64311e8fa76db389fea
10.2/RPMS/gnome-vfs2-2.8.4-6.1.102mdk.i586.rpm
83aaa09f41d650de8c216fca5eb1b854
10.2/RPMS/libgnome-vfs2_0-2.8.4-6.1.102mdk.i586.rpm
a74279c606173fd42e83e6507a7c206b
10.2/RPMS/libgnome-vfs2_0-devel-2.8.4-6.1.102mdk.i586.rpm
ea5d978ff12a70686c29fd84c461558a
10.2/SRPMS/gnome-vfs2-2.8.4-6.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
aa889240e8867ec7289578036104c623
x86_64/10.2/RPMS/gnome-vfs2-2.8.4-6.1.102mdk.x86_64.rpm
e7224a715c8ea987c077adea71e29279
x86_64/10.2/RPMS/lib64gnome-vfs2_0-2.8.4-6.1.102mdk.x86_64.rpm
9e681bf74cb71e378e9eb1307159e2ce
x86_64/10.2/RPMS/lib64gnome-vfs2_0-devel-2.8.4-6.1.102mdk.x86_64.rpm
ea5d978ff12a70686c29fd84c461558a
x86_64/10.2/SRPMS/gnome-vfs2-2.8.4-6.1.102mdk.src.rpm
Corporate 3.0:
216b2f6d3459328b757d03336da09d38
corporate/3.0/RPMS/gnome-vfs2-2.4.2-5.1.C30mdk.i586.rpm
af59a9db5ce5ededd91d3b6dff4e7c39
corporate/3.0/RPMS/libgnome-vfs2_0-2.4.2-5.1.C30mdk.i586.rpm
2d1516b9c4ff998116c1dac5dabe95a5
corporate/3.0/RPMS/libgnome-vfs2_0-devel-2.4.2-5.1.C30mdk.i586.rpm
03ba3b26530b88ca8c18fb41f9681018
corporate/3.0/SRPMS/gnome-vfs2-2.4.2-5.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
5645d370f2a7b81c17bff2c70a4a91c0
x86_64/corporate/3.0/RPMS/gnome-vfs2-2.4.2-5.1.C30mdk.x86_64.rpm
b78fb0708a038607dbb1f3d970a13bff
x86_64/corporate/3.0/RPMS/lib64gnome-vfs2_0-2.4.2-5.1.C30mdk.x86_64.rpm
5afd9d1f2c4193d72a0b2780c011bbf7
x86_64/corporate/3.0/RPMS/lib64gnome-vfs2_0-devel-2.4.2-5.1.C30mdk.x86_64.rpm
03ba3b26530b88ca8c18fb41f9681018
x86_64/corporate/3.0/SRPMS/gnome-vfs2-2.4.2-5.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCZ1AFmqjQ0CJFipgRAku4AKDA72sSbNu90ACROKkbd5ePrPiXRwCdHJBe
bGLmzBiW6hphFqqgXjt9oVw=
=oblf
-----END PGP SIGNATURE-----