<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           gnome-vfs2
 Advisory ID:            MDKSA-2005:074
 Date:                   April 20th, 2005

 Affected versions:      10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A buffer overflow bug was found by Joseph VanAndel in the way that grip
 handles data returned by CDDB servers.  If a user connected to a
 malicious CDDB server, an attacker could execute arbitrary code on the
 user's machine.  This same vulnerability is present in the gnome-vfs2
 code.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 5239e6ab9f4a24c2989ff2317c743cb0  
10.1/RPMS/gnome-vfs2-2.6.2-7.1.101mdk.i586.rpm
 08d6d7dcebd62773620441ef1c35eb58  
10.1/RPMS/libgnome-vfs2_0-2.6.2-7.1.101mdk.i586.rpm
 2a7241618cf989091dcf75e60e2a1041  
10.1/RPMS/libgnome-vfs2_0-devel-2.6.2-7.1.101mdk.i586.rpm
 765d4f62ab8e314a96e419b5c51d540b  
10.1/SRPMS/gnome-vfs2-2.6.2-7.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 4251d3ab183bbfbd0ef4a79b65740004  
x86_64/10.1/RPMS/gnome-vfs2-2.6.2-7.1.101mdk.x86_64.rpm
 c2b54afacf29f7148561a3e7f8bc3695  
x86_64/10.1/RPMS/lib64gnome-vfs2_0-2.6.2-7.1.101mdk.x86_64.rpm
 8c64c5379d83bf9e001617bae1935376  
x86_64/10.1/RPMS/lib64gnome-vfs2_0-devel-2.6.2-7.1.101mdk.x86_64.rpm
 765d4f62ab8e314a96e419b5c51d540b  
x86_64/10.1/SRPMS/gnome-vfs2-2.6.2-7.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 f60b317e9d82a64311e8fa76db389fea  
10.2/RPMS/gnome-vfs2-2.8.4-6.1.102mdk.i586.rpm
 83aaa09f41d650de8c216fca5eb1b854  
10.2/RPMS/libgnome-vfs2_0-2.8.4-6.1.102mdk.i586.rpm
 a74279c606173fd42e83e6507a7c206b  
10.2/RPMS/libgnome-vfs2_0-devel-2.8.4-6.1.102mdk.i586.rpm
 ea5d978ff12a70686c29fd84c461558a  
10.2/SRPMS/gnome-vfs2-2.8.4-6.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 aa889240e8867ec7289578036104c623  
x86_64/10.2/RPMS/gnome-vfs2-2.8.4-6.1.102mdk.x86_64.rpm
 e7224a715c8ea987c077adea71e29279  
x86_64/10.2/RPMS/lib64gnome-vfs2_0-2.8.4-6.1.102mdk.x86_64.rpm
 9e681bf74cb71e378e9eb1307159e2ce  
x86_64/10.2/RPMS/lib64gnome-vfs2_0-devel-2.8.4-6.1.102mdk.x86_64.rpm
 ea5d978ff12a70686c29fd84c461558a  
x86_64/10.2/SRPMS/gnome-vfs2-2.8.4-6.1.102mdk.src.rpm

 Corporate 3.0:
 216b2f6d3459328b757d03336da09d38  
corporate/3.0/RPMS/gnome-vfs2-2.4.2-5.1.C30mdk.i586.rpm
 af59a9db5ce5ededd91d3b6dff4e7c39  
corporate/3.0/RPMS/libgnome-vfs2_0-2.4.2-5.1.C30mdk.i586.rpm
 2d1516b9c4ff998116c1dac5dabe95a5  
corporate/3.0/RPMS/libgnome-vfs2_0-devel-2.4.2-5.1.C30mdk.i586.rpm
 03ba3b26530b88ca8c18fb41f9681018  
corporate/3.0/SRPMS/gnome-vfs2-2.4.2-5.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5645d370f2a7b81c17bff2c70a4a91c0  
x86_64/corporate/3.0/RPMS/gnome-vfs2-2.4.2-5.1.C30mdk.x86_64.rpm
 b78fb0708a038607dbb1f3d970a13bff  
x86_64/corporate/3.0/RPMS/lib64gnome-vfs2_0-2.4.2-5.1.C30mdk.x86_64.rpm
 5afd9d1f2c4193d72a0b2780c011bbf7  
x86_64/corporate/3.0/RPMS/lib64gnome-vfs2_0-devel-2.4.2-5.1.C30mdk.x86_64.rpm
 03ba3b26530b88ca8c18fb41f9681018  
x86_64/corporate/3.0/SRPMS/gnome-vfs2-2.4.2-5.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCZ1AFmqjQ0CJFipgRAku4AKDA72sSbNu90ACROKkbd5ePrPiXRwCdHJBe
bGLmzBiW6hphFqqgXjt9oVw=
=oblf
-----END PGP SIGNATURE-----