<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:031 ] - Updated kdegraphics packages fixes heap-based buffer overflow vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:031
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdegraphics
 Date    : February 2, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
 cause a denial of service and possibly execute arbitrary code via
 crafted splash images that produce certain values that exceed the width
 or height of the associated bitmap.
 
 Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same
 issues.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 05cc9d9192609e6947a23751b6fb21b1  
2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.i586.rpm
 708cbdb3e41c7108db265490e5779cd3  
2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.i586.rpm
 6c96fdbb9db6927eba1c1fe6f4f5cf12  
2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.i586.rpm
 d04355d153efa6c3274c106ffdb23776  
2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.i586.rpm
 377ab151f92b3ef1d02dd280010491b2  
2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.i586.rpm
 db0ba637603ff299b83b789db9acf98f  
2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.i586.rpm
 314122999fcee0d62e79db850fe0876c  
2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.i586.rpm
 bad7784d58903a1d7d76aa9b3ae56345  
2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.i586.rpm
 e530e96917b2296cfb289f5123a042ac  
2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.i586.rpm
 3adf08e61864ebf9b1da4916bf4aa5b3  
2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.i586.rpm
 92a9d22e62ca1dc95b16ba5b192881f6  
2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm
 6dfe5233ca18b1c1780505c203e0bb7e  
2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.i586.rpm
 926a91082443f7cf04adcf3126be09ab  
2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.i586.rpm
 e502164d57e4e28cdf5f6bf7ddfd3fea  
2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.i586.rpm
 f6274a326d1234b5cdbbe6ea6ee5074e  
2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.i586.rpm
 b627c6d89626522c7ac0b1db1aff60d5  
2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.i586.rpm
 51f6043b09660216cf3b58183ae4c0e9  
2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm
 c729f766472b88783c1e7ed01c278102  
2006.0/RPMS/libkdegraphics0-common-3.4.2-11.5.20060mdk.i586.rpm
 31cb7fb149f7b5c9ef8d72864daa8862  
2006.0/RPMS/libkdegraphics0-common-devel-3.4.2-11.5.20060mdk.i586.rpm
 386c0569e197451fea5a4e397dfacec4  
2006.0/RPMS/libkdegraphics0-kghostview-3.4.2-11.5.20060mdk.i586.rpm
 3c4d500b7bcd7d100e50f1076feca5c6  
2006.0/RPMS/libkdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.i586.rpm
 6d4bea12f029996bfcfded04875479c3  
2006.0/RPMS/libkdegraphics0-kooka-3.4.2-11.5.20060mdk.i586.rpm
 04eb92287e1d099f8aac20796b55a22b  
2006.0/RPMS/libkdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.i586.rpm
 838aacb3a057a7f5a6d7d8cc11458761  
2006.0/RPMS/libkdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm
 acf180efd104a8296558223d6eb8d863  
2006.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.i586.rpm
 7b05741f85f1e3136435e8beb0507019  
2006.0/RPMS/libkdegraphics0-ksvg-3.4.2-11.5.20060mdk.i586.rpm
 6b9fed5002103f7a5b5a7018f0334cee  
2006.0/RPMS/libkdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.i586.rpm
 c0c2f0e7110b22b38bb5c3b84c860f09  
2006.0/RPMS/libkdegraphics0-kuickshow-3.4.2-11.5.20060mdk.i586.rpm
 d90c7ff03a87f7c8df35f9005671d16b  
2006.0/RPMS/libkdegraphics0-kview-3.4.2-11.5.20060mdk.i586.rpm
 7f09c2c76e06d81090c4a646fa602b4a  
2006.0/RPMS/libkdegraphics0-kview-devel-3.4.2-11.5.20060mdk.i586.rpm
 24762cf35a4cb099b04da82ed33d746f  
2006.0/RPMS/libkdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm
 1a2d59d9479691a3ccc608e37fa26e04  
2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c369e1bd017e812362140e73ad38cf62  
x86_64/2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.x86_64.rpm
 0716ba07a943676453db8eb61dd392f4  
x86_64/2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.x86_64.rpm
 160a394b89558f0b09585748c868472b  
x86_64/2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.x86_64.rpm
 736c45f562adfcc7136e33e945b29be5  
x86_64/2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.x86_64.rpm
 a5bc85d02768c18ddeb0c147c4677d15  
x86_64/2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm
 2b90ae6915d37dc13362ef33b0915cb1  
x86_64/2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.x86_64.rpm
 165c3a2e8b33be77152296874655444e  
x86_64/2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.x86_64.rpm
 fd5aaa8b3888807d0ec5a7dd192e671c  
x86_64/2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.x86_64.rpm
 e9b0276671716cd811cdacb18b492830  
x86_64/2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.x86_64.rpm
 0d73da118e80bec6d3d1791bb34a9bc6  
x86_64/2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.x86_64.rpm
 a2e8103a0fd161932b99ca8f7eb517f4  
x86_64/2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm
 7378fab60dc020eedb221cb4d25ed995  
x86_64/2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.x86_64.rpm
 db7c0db8972d74c6353f1084c2dc4d9e  
x86_64/2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.x86_64.rpm
 3e1746013811890a9a0343f4e8e677f6  
x86_64/2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm
 642d97e4d5a1d580374126599a9c181e  
x86_64/2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm
 1d994fa4335d071200eba9f8122166bb  
x86_64/2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.x86_64.rpm
 71663aeaa0e4eaa2d7d9dc0252e8de6a  
x86_64/2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm
 2f4c23ad97a4c6c4153f0b3ca70074ae  
x86_64/2006.0/RPMS/lib64kdegraphics0-common-3.4.2-11.5.20060mdk.x86_64.rpm
 30be8ac0103fccab32ed6b50c6ff134e  
x86_64/2006.0/RPMS/lib64kdegraphics0-common-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 06084720cd58adc260ae65fb2c23440c  
x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm
 817dfe2a4ab8d3abcb593e9532b884c8  
x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 788e0915c0069225f2b023da2977bc79  
x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-3.4.2-11.5.20060mdk.x86_64.rpm
 0b95a7b54b2356b9123eddf6acec89e7  
x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 219da1cd37be7e8264f8a56b286e01d3  
x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm
 d7d1e8e2154d17caf6a9073969da8368  
x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 82438b1c5d006f1fc2aa16fe2d1a61a9  
x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm
 74214cc1a30a890dd293b9b7ce719528  
x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 bb9f9ae2fb0975bfd1269e02cd3d4ce8  
x86_64/2006.0/RPMS/lib64kdegraphics0-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm
 4512e36dfa5f7bb9172a9b2fcf3e4618  
x86_64/2006.0/RPMS/lib64kdegraphics0-kview-3.4.2-11.5.20060mdk.x86_64.rpm
 40d4fb84716f36eb4e1c8b4d67d4c6b1  
x86_64/2006.0/RPMS/lib64kdegraphics0-kview-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 3ab99c3335f68457bb0896abfc407892  
x86_64/2006.0/RPMS/lib64kdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm
 1a2d59d9479691a3ccc608e37fa26e04  
x86_64/2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD4kysmqjQ0CJFipgRAldwAJ9IobL7u0BVhftYu8MlhhTFtkndxwCfYwUG
jSS53IzJNnwolOx3YygtQMs=
=m98j
-----END PGP SIGNATURE-----