[ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:227
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdegraphics
Date : December 11, 2006
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3,
as used by konqueror, digikam, and other KDE image browsers, allows
remote attackers to cause a denial of service (stack consumption) via a
crafted EXIF section in a JPEG file, which results in an infinite
recursion.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6297
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
6e89f3874a96540fa1d4031dcc37a17b
2007.0/i586/kdegraphics-3.5.4-7.1mdv2007.0.i586.rpm
fd7cf5ecd552b43c4b05be3e275fbe9e
2007.0/i586/kdegraphics-common-3.5.4-7.1mdv2007.0.i586.rpm
1fdacd36d0c735b99de188b35262739a
2007.0/i586/kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0.i586.rpm
3810fcfd704c735fdb599d03ccbcf051
2007.0/i586/kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0.i586.rpm
27d179e50c2a4181685df61b9d4831df
2007.0/i586/kdegraphics-kdvi-3.5.4-7.1mdv2007.0.i586.rpm
6ccd33d46c803152086e86efcb891421
2007.0/i586/kdegraphics-kfax-3.5.4-7.1mdv2007.0.i586.rpm
245d01f1f3202d7c15a076d2e0791abd
2007.0/i586/kdegraphics-kghostview-3.5.4-7.1mdv2007.0.i586.rpm
769d98df9e182b949a05120e94d4fbe1
2007.0/i586/kdegraphics-kiconedit-3.5.4-7.1mdv2007.0.i586.rpm
cd41454a7f01fc9ade690a6382267927
2007.0/i586/kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0.i586.rpm
de89292ad4c14021c5ee348c21fac260
2007.0/i586/kdegraphics-kooka-3.5.4-7.1mdv2007.0.i586.rpm
9c3ff4d37861a31d585483fd6fa7ab26
2007.0/i586/kdegraphics-kpdf-3.5.4-7.1mdv2007.0.i586.rpm
e7fb905b1acf999f25b1000f8cd3d6d6
2007.0/i586/kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0.i586.rpm
fd4a51c696a549ca050104e279c65ca2
2007.0/i586/kdegraphics-kruler-3.5.4-7.1mdv2007.0.i586.rpm
b3db1362303e456fcc34aee34e422614
2007.0/i586/kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0.i586.rpm
4d9acb96ddd3f13f3ad5dea86601c595
2007.0/i586/kdegraphics-ksvg-3.5.4-7.1mdv2007.0.i586.rpm
aad7047bd2c78070bd98a141144aa19b
2007.0/i586/kdegraphics-kuickshow-3.5.4-7.1mdv2007.0.i586.rpm
a5183761af7d80c95901b08bc2254513
2007.0/i586/kdegraphics-kview-3.5.4-7.1mdv2007.0.i586.rpm
d71c990067396203ebe90b15a890aaa0
2007.0/i586/kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0.i586.rpm
ac22d45901705b7bea1c55c2dfafaf8d
2007.0/i586/libkdegraphics0-common-3.5.4-7.1mdv2007.0.i586.rpm
60e221b46f5af9d4d11de18e7470a777
2007.0/i586/libkdegraphics0-common-devel-3.5.4-7.1mdv2007.0.i586.rpm
0a42a68e4f7085e7b52b455d02d3e5fc
2007.0/i586/libkdegraphics0-kghostview-3.5.4-7.1mdv2007.0.i586.rpm
c66f95121d95719b8929ea8383373a1a
2007.0/i586/libkdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0.i586.rpm
af3eb8e08afb4e93713f69be96e3a429
2007.0/i586/libkdegraphics0-kooka-3.5.4-7.1mdv2007.0.i586.rpm
d9142070b0b91c15749e8fd9252c3db0
2007.0/i586/libkdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0.i586.rpm
aebc94e07a8a77c3a99ad3a22bef8246
2007.0/i586/libkdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0.i586.rpm
7619c56e202bca1e34b28867dc0ad0e8
2007.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0.i586.rpm
b0395010aa1c01d1001c9543d5f17911
2007.0/i586/libkdegraphics0-ksvg-3.5.4-7.1mdv2007.0.i586.rpm
8ce4847dd75c97724a979299947948bf
2007.0/i586/libkdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0.i586.rpm
bbff80ead5c4dca8723c4c6369303d54
2007.0/i586/libkdegraphics0-kview-3.5.4-7.1mdv2007.0.i586.rpm
6be2fed4e62ac8a1539eea25fb208edc
2007.0/i586/libkdegraphics0-kview-devel-3.5.4-7.1mdv2007.0.i586.rpm
c35cf358df91e4d224a684d63b69c4f3
2007.0/SRPMS/kdegraphics-3.5.4-7.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
e79cfa9037fd4c26a5b79217a3d79497
2007.0/x86_64/kdegraphics-3.5.4-7.1mdv2007.0.x86_64.rpm
87b00c4fd7fbbac63ed82077caacd2cb
2007.0/x86_64/kdegraphics-common-3.5.4-7.1mdv2007.0.x86_64.rpm
6436ecb6465173e4c06f5f1c296ccbe9
2007.0/x86_64/kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0.x86_64.rpm
a01eb9cc427030f253a40a53e9d84d2c
2007.0/x86_64/kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0.x86_64.rpm
ec5ddf068cdbb6616ea05c714958e1ea
2007.0/x86_64/kdegraphics-kdvi-3.5.4-7.1mdv2007.0.x86_64.rpm
f1b9e09ad9e0cb6a9307dcf9241994b8
2007.0/x86_64/kdegraphics-kfax-3.5.4-7.1mdv2007.0.x86_64.rpm
74ea3d6f6650a01c5cb424b2926b16cb
2007.0/x86_64/kdegraphics-kghostview-3.5.4-7.1mdv2007.0.x86_64.rpm
415180a978a851df625224cdd7c13f77
2007.0/x86_64/kdegraphics-kiconedit-3.5.4-7.1mdv2007.0.x86_64.rpm
88c511450eaaeba69bdf510e277fc4e7
2007.0/x86_64/kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0.x86_64.rpm
230e339f6b524c7c8f93a7a86a3fe30e
2007.0/x86_64/kdegraphics-kooka-3.5.4-7.1mdv2007.0.x86_64.rpm
7e765122e5473f9750a13c2a89f70df1
2007.0/x86_64/kdegraphics-kpdf-3.5.4-7.1mdv2007.0.x86_64.rpm
eb721c17dc6f8dffbf8c3e8ab6dfae0a
2007.0/x86_64/kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0.x86_64.rpm
236129966f43709d4ae891f4c912d62c
2007.0/x86_64/kdegraphics-kruler-3.5.4-7.1mdv2007.0.x86_64.rpm
f2826041cde62e9a4f64d08d97dfee10
2007.0/x86_64/kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0.x86_64.rpm
4a7ec071aa6fbdf97d5909657580edf1
2007.0/x86_64/kdegraphics-ksvg-3.5.4-7.1mdv2007.0.x86_64.rpm
b578717af98f91c6cf025273a409ac8d
2007.0/x86_64/kdegraphics-kuickshow-3.5.4-7.1mdv2007.0.x86_64.rpm
7b62ddadb8cd518d5e8e60b7b5e14ce2
2007.0/x86_64/kdegraphics-kview-3.5.4-7.1mdv2007.0.x86_64.rpm
0b22ef36963b31051dd29d6659a9c7b9
2007.0/x86_64/kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0.x86_64.rpm
d2b5df8246590f1af9958094ccf160d7
2007.0/x86_64/lib64kdegraphics0-common-3.5.4-7.1mdv2007.0.x86_64.rpm
f940f76bd3f6d8a2ed4623f1f4320119
2007.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
b5ee5fd8c6e32a366874f9751f41d87b
2007.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-7.1mdv2007.0.x86_64.rpm
9271721cc1fb1a62f54e46a4d0ff359c
2007.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
679c511a383bcf6f49000b298a1bc284
2007.0/x86_64/lib64kdegraphics0-kooka-3.5.4-7.1mdv2007.0.x86_64.rpm
75ca0c4062caabc331d67ea677c616ee
2007.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
24e3dafdb8cf72305f3fc6232722d557
2007.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0.x86_64.rpm
5122b14c05d93aa5ae1b8184a6ec5680
2007.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
9af5412789b2686795cb70227101c576
2007.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-7.1mdv2007.0.x86_64.rpm
fa830aeb8ef9cee113fc411a8420b461
2007.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
0255428daec795631f0cbe2e7288262d
2007.0/x86_64/lib64kdegraphics0-kview-3.5.4-7.1mdv2007.0.x86_64.rpm
5b35c10c58b1434cd1a8bc0e252580a0
2007.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
c35cf358df91e4d224a684d63b69c4f3
2007.0/SRPMS/kdegraphics-3.5.4-7.1mdv2007.0.src.rpm
Corporate 3.0:
2fc94fe9cb1603d382452210242e7d77
corporate/3.0/i586/kdegraphics-3.2-15.13.C30mdk.i586.rpm
25f3a02decd96f02979b6e9d5dfb5b21
corporate/3.0/i586/kdegraphics-common-3.2-15.13.C30mdk.i586.rpm
ffca8e258ced134c3d5b209bd361d390
corporate/3.0/i586/kdegraphics-kdvi-3.2-15.13.C30mdk.i586.rpm
35e9d39b5bb214090f24137092d997c3
corporate/3.0/i586/kdegraphics-kfax-3.2-15.13.C30mdk.i586.rpm
29b648144b6811a07f4c76837be95f32
corporate/3.0/i586/kdegraphics-kghostview-3.2-15.13.C30mdk.i586.rpm
130e18e47bffccd5abdd44b08d0eb3f4
corporate/3.0/i586/kdegraphics-kiconedit-3.2-15.13.C30mdk.i586.rpm
090e96550a552c714e05d807a9af3b55
corporate/3.0/i586/kdegraphics-kooka-3.2-15.13.C30mdk.i586.rpm
6f49e3dad0a816fbbe53e72bdfaccc94
corporate/3.0/i586/kdegraphics-kpaint-3.2-15.13.C30mdk.i586.rpm
ebf5f34644cb198cb2f2f20d1fb09308
corporate/3.0/i586/kdegraphics-kpdf-3.2-15.13.C30mdk.i586.rpm
88347612742492086ae2a06294a42d0a
corporate/3.0/i586/kdegraphics-kpovmodeler-3.2-15.13.C30mdk.i586.rpm
80de2293b4e7c0a9ae849b175b391198
corporate/3.0/i586/kdegraphics-kruler-3.2-15.13.C30mdk.i586.rpm
3641f635fd16be1c464f89efadca7b09
corporate/3.0/i586/kdegraphics-ksnapshot-3.2-15.13.C30mdk.i586.rpm
634a386d2ac542dcbc2da7fb06726733
corporate/3.0/i586/kdegraphics-ksvg-3.2-15.13.C30mdk.i586.rpm
31179f3561568e582e3fef1ec551cdcb
corporate/3.0/i586/kdegraphics-kuickshow-3.2-15.13.C30mdk.i586.rpm
ebf206a03879f0cf7dacf606f870da16
corporate/3.0/i586/kdegraphics-kview-3.2-15.13.C30mdk.i586.rpm
15fb87595432138f486bd78b2da41a49
corporate/3.0/i586/kdegraphics-mrmlsearch-3.2-15.13.C30mdk.i586.rpm
34e6718386e6e6e57e80fb1096f843f8
corporate/3.0/i586/libkdegraphics0-common-3.2-15.13.C30mdk.i586.rpm
c3a1a3e06996647838452c428bb557f2
corporate/3.0/i586/libkdegraphics0-common-devel-3.2-15.13.C30mdk.i586.rpm
dbc772da3012bf55d2f1939f66ae5af6
corporate/3.0/i586/libkdegraphics0-kooka-3.2-15.13.C30mdk.i586.rpm
829beca412e89f2afef07504cfc32a3d
corporate/3.0/i586/libkdegraphics0-kooka-devel-3.2-15.13.C30mdk.i586.rpm
c616454fded8ae32ed7c30b713763b7d
corporate/3.0/i586/libkdegraphics0-kpovmodeler-3.2-15.13.C30mdk.i586.rpm
4fc6d8b358f75c67e67f454c479a3db7
corporate/3.0/i586/libkdegraphics0-kpovmodeler-devel-3.2-15.13.C30mdk.i586.rpm
418b0e06965439536f57c3aa65461a33
corporate/3.0/i586/libkdegraphics0-ksvg-3.2-15.13.C30mdk.i586.rpm
8254f0ed01d54eec133b863f860d2fb3
corporate/3.0/i586/libkdegraphics0-ksvg-devel-3.2-15.13.C30mdk.i586.rpm
f1f70eb5c715d9b430474dab0047ca84
corporate/3.0/i586/libkdegraphics0-kuickshow-3.2-15.13.C30mdk.i586.rpm
a40e3ba70707158be862d3eeb7ebc1ad
corporate/3.0/i586/libkdegraphics0-kview-3.2-15.13.C30mdk.i586.rpm
34b573701e057adf47be21c8c26a77bf
corporate/3.0/i586/libkdegraphics0-kview-devel-3.2-15.13.C30mdk.i586.rpm
82af2d9ecd3c94bb2bb9bb384e363175
corporate/3.0/i586/libkdegraphics0-mrmlsearch-3.2-15.13.C30mdk.i586.rpm
118616d1fbbc2a288b0c845b530ab5ba
corporate/3.0/SRPMS/kdegraphics-3.2-15.13.C30mdk.src.rpm
Corporate 3.0/X86_64:
e56f8e1452788a6682c63bf12d89c4dc
corporate/3.0/x86_64/kdegraphics-3.2-15.13.C30mdk.x86_64.rpm
ea747244ce018b9f7f0fe9e7acda73a2
corporate/3.0/x86_64/kdegraphics-common-3.2-15.13.C30mdk.x86_64.rpm
43f7612469f0530dca0ea13735d7fb21
corporate/3.0/x86_64/kdegraphics-kdvi-3.2-15.13.C30mdk.x86_64.rpm
ce8dccbcf4db264f3dab9bf12e876506
corporate/3.0/x86_64/kdegraphics-kfax-3.2-15.13.C30mdk.x86_64.rpm
605b6cd01214f45dd9472765acd69f1e
corporate/3.0/x86_64/kdegraphics-kghostview-3.2-15.13.C30mdk.x86_64.rpm
14eec91200f15fceaf0a7f6e62cb2e52
corporate/3.0/x86_64/kdegraphics-kiconedit-3.2-15.13.C30mdk.x86_64.rpm
a481acd62448ca88e0826d3566609f98
corporate/3.0/x86_64/kdegraphics-kooka-3.2-15.13.C30mdk.x86_64.rpm
3ceb16e8055e9777fd38c91f3e11706a
corporate/3.0/x86_64/kdegraphics-kpaint-3.2-15.13.C30mdk.x86_64.rpm
c0c2e035673223cd8602a0838b0598fb
corporate/3.0/x86_64/kdegraphics-kpdf-3.2-15.13.C30mdk.x86_64.rpm
df8c5c7111271082ad50fca8ffdf055d
corporate/3.0/x86_64/kdegraphics-kpovmodeler-3.2-15.13.C30mdk.x86_64.rpm
79e3e14d8dd7fa7e6349e97f1d9d7b5a
corporate/3.0/x86_64/kdegraphics-kruler-3.2-15.13.C30mdk.x86_64.rpm
c09dec0e9b5df4f3d2a2f69cd72c77f2
corporate/3.0/x86_64/kdegraphics-ksnapshot-3.2-15.13.C30mdk.x86_64.rpm
7758c9ebab956ac41e9f3a2d2a6c8a7c
corporate/3.0/x86_64/kdegraphics-ksvg-3.2-15.13.C30mdk.x86_64.rpm
702873b7683ebd5043bba05d38a93656
corporate/3.0/x86_64/kdegraphics-kuickshow-3.2-15.13.C30mdk.x86_64.rpm
ac5a46b1098454f4489496e4166c8b5f
corporate/3.0/x86_64/kdegraphics-kview-3.2-15.13.C30mdk.x86_64.rpm
56150fe2c88109c86bead8cf09ba04ac
corporate/3.0/x86_64/kdegraphics-mrmlsearch-3.2-15.13.C30mdk.x86_64.rpm
8f3a68bb43ef4525eb8c3a6e6117a182
corporate/3.0/x86_64/lib64kdegraphics0-common-3.2-15.13.C30mdk.x86_64.rpm
534eb8871b8983f86d8e63d46df30e10
corporate/3.0/x86_64/lib64kdegraphics0-common-devel-3.2-15.13.C30mdk.x86_64.rpm
cd981a050f0e0c6ae91acced2e52394b
corporate/3.0/x86_64/lib64kdegraphics0-kooka-3.2-15.13.C30mdk.x86_64.rpm
c1d1f2d8bcae49bedf6646798cb29453
corporate/3.0/x86_64/lib64kdegraphics0-kooka-devel-3.2-15.13.C30mdk.x86_64.rpm
4aa97e98fa26ddf8ef93f1fd4d1c22e2
corporate/3.0/x86_64/lib64kdegraphics0-kpovmodeler-3.2-15.13.C30mdk.x86_64.rpm
31702c7761c465b7d78177c865fcef2b
corporate/3.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.2-15.13.C30mdk.x86_64.rpm
4b50916440138d3ad18af03515eebdf5
corporate/3.0/x86_64/lib64kdegraphics0-ksvg-3.2-15.13.C30mdk.x86_64.rpm
f3be5478fcba1b48a41645859b65b373
corporate/3.0/x86_64/lib64kdegraphics0-ksvg-devel-3.2-15.13.C30mdk.x86_64.rpm
6a2d1c240d284bc741f72a283c990062
corporate/3.0/x86_64/lib64kdegraphics0-kuickshow-3.2-15.13.C30mdk.x86_64.rpm
7590b48293cf62557ff41d1a53896357
corporate/3.0/x86_64/lib64kdegraphics0-kview-3.2-15.13.C30mdk.x86_64.rpm
d39a534a98bc5751f6bcc0d1af3ae408
corporate/3.0/x86_64/lib64kdegraphics0-kview-devel-3.2-15.13.C30mdk.x86_64.rpm
c5f531f3c2798796b7fe5261c1af3c56
corporate/3.0/x86_64/lib64kdegraphics0-mrmlsearch-3.2-15.13.C30mdk.x86_64.rpm
118616d1fbbc2a288b0c845b530ab5ba
corporate/3.0/SRPMS/kdegraphics-3.2-15.13.C30mdk.src.rpm
Corporate 4.0:
400b776273133c15a27b3cd0bc7d492a
corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.2.20060mlcs4.i586.rpm
43c5da552e05179a7065f19f6153dc21
corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.i586.rpm
fdcff6a1e1770cc4eac9e25028bd427e
corporate/4.0/SRPMS/kdegraphics-3.5.4-0.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0d9fe775f62e6cd137875c52a24b5999
corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.2.20060mlcs4.x86_64.rpm
89ac83dc22519c9dc7d2729251dc90c1
corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.x86_64.rpm
fdcff6a1e1770cc4eac9e25028bd427e
corporate/4.0/SRPMS/kdegraphics-3.5.4-0.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFfYCCmqjQ0CJFipgRAqW6AKCHKd4zvoi9MG19M4OxqHjS8rp+7gCgpe3y
v/MH2AeKoaHaa/pOOkrTlig=
=eQAa
-----END PGP SIGNATURE-----