[ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:203
http://www.mandriva.com/security/
_______________________________________________________________________
Package : texinfo
Date : November 8, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Miloslav Trmac discovered a buffer overflow in texinfo. This issue can
cause texi2dvi or texindex to crash when processing a carefully crafted
file.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
cc1879d0392af708f7c37bca15dd9879 2006.0/i586/info-4.8-1.2.20060mdk.i586.rpm
4c80a4e06e04e28ae6bc9d34d0ce6b9c
2006.0/i586/info-install-4.8-1.2.20060mdk.i586.rpm
84e851c4c094d8259debe9a92da97efd
2006.0/i586/texinfo-4.8-1.2.20060mdk.i586.rpm
f63eeab2e5fd19d6df4d794cc9a0556d 2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
b37fd6f8393fe1a997da4dfcf24e0c6c
2006.0/x86_64/info-4.8-1.2.20060mdk.x86_64.rpm
d3e5f5d3df7464226e370d18d2040d78
2006.0/x86_64/info-install-4.8-1.2.20060mdk.x86_64.rpm
94ad72f47a76488f8fe3000187217e9d
2006.0/x86_64/texinfo-4.8-1.2.20060mdk.x86_64.rpm
f63eeab2e5fd19d6df4d794cc9a0556d 2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
841f25fd2ae052fa135f347d1a321a61 2007.0/i586/info-4.8-4.1mdv2007.0.i586.rpm
d0ba0f48503167816581c5f4166949ad
2007.0/i586/info-install-4.8-4.1mdv2007.0.i586.rpm
c731ee9865530fdbafc445b56b67e5ad
2007.0/i586/texinfo-4.8-4.1mdv2007.0.i586.rpm
b8bf1a5838ac82d4910e9a5e5ea612b4 2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
054058a5ef065bc25d0bb87b36ad3622
2007.0/x86_64/info-4.8-4.1mdv2007.0.x86_64.rpm
5b63631e0cd60e201e14332faf3e30d8
2007.0/x86_64/info-install-4.8-4.1mdv2007.0.x86_64.rpm
cbdda90e9cce0abc9de7fdfab70f593e
2007.0/x86_64/texinfo-4.8-4.1mdv2007.0.x86_64.rpm
b8bf1a5838ac82d4910e9a5e5ea612b4 2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm
Corporate 3.0:
81b5711c0afe51a12aa4458ab0b680c3
corporate/3.0/i586/info-4.6-1.2.C30mdk.i586.rpm
65e67c1be9ca13d7320218e60fab855c
corporate/3.0/i586/info-install-4.6-1.2.C30mdk.i586.rpm
fc7f021455259a97412c95b3939ede98
corporate/3.0/i586/texinfo-4.6-1.2.C30mdk.i586.rpm
13d484c70a47aa50038c1f59b514aaaa
corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
942bc82c461a5bd53799978b7c7d37ac
corporate/3.0/x86_64/info-4.6-1.2.C30mdk.x86_64.rpm
616999400ddebcfc8593bfb47f7a8835
corporate/3.0/x86_64/info-install-4.6-1.2.C30mdk.x86_64.rpm
ad900d22f4e1402ef303aa211109845a
corporate/3.0/x86_64/texinfo-4.6-1.2.C30mdk.x86_64.rpm
13d484c70a47aa50038c1f59b514aaaa
corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm
Corporate 4.0:
cc0ef9a317302dc40c14d90bbc10200d
corporate/4.0/i586/info-4.8-1.2.20060mlcs4.i586.rpm
db1c66093560e85561313346c9e8d110
corporate/4.0/i586/info-install-4.8-1.2.20060mlcs4.i586.rpm
cacd6c6cc8e1f1199d3bfc9efafe53f7
corporate/4.0/i586/texinfo-4.8-1.2.20060mlcs4.i586.rpm
915e8d5f747b0ed558491ed474f3ca4f
corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0016ff4dfe7b413ef3dff74d6d5037e2
corporate/4.0/x86_64/info-4.8-1.2.20060mlcs4.x86_64.rpm
4d4b71acc580a419fbb2a8654324a8b7
corporate/4.0/x86_64/info-install-4.8-1.2.20060mlcs4.x86_64.rpm
09f9fcfe879baa6a4296bde478e536c5
corporate/4.0/x86_64/texinfo-4.8-1.2.20060mlcs4.x86_64.rpm
915e8d5f747b0ed558491ed474f3ca4f
corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFUckhmqjQ0CJFipgRAq1PAJ4w4mL8uDnDkRGrZYQ7/Mz/8B98kwCggUQo
uHTmSaCDpMEUjAqWp9zkmOM=
=SLd6
-----END PGP SIGNATURE-----