User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDKSA-2005:074 (gnome-vfs2)

From:  Mandriva Security Team <security@mandriva.com>
To:  security-announce@mandrivalinux.org
Subject:  [Security Announce] MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability
Date:  Thu, 21 Apr 2005 01:02:30 -0600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: gnome-vfs2 Advisory ID: MDKSA-2005:074 Date: April 20th, 2005 Affected versions: 10.1, 10.2, Corporate 3.0 ______________________________________________________________________ Problem Description: A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the gnome-vfs2 code. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: 5239e6ab9f4a24c2989ff2317c743cb0 10.1/RPMS/gnome-vfs2-2.6.2-7.1.101mdk.i586.rpm 08d6d7dcebd62773620441ef1c35eb58 10.1/RPMS/libgnome-vfs2_0-2.6.2-7.1.101mdk.i586.rpm 2a7241618cf989091dcf75e60e2a1041 10.1/RPMS/libgnome-vfs2_0-devel-2.6.2-7.1.101mdk.i586.rpm 765d4f62ab8e314a96e419b5c51d540b 10.1/SRPMS/gnome-vfs2-2.6.2-7.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 4251d3ab183bbfbd0ef4a79b65740004 x86_64/10.1/RPMS/gnome-vfs2-2.6.2-7.1.101mdk.x86_64.rpm c2b54afacf29f7148561a3e7f8bc3695 x86_64/10.1/RPMS/lib64gnome-vfs2_0-2.6.2-7.1.101mdk.x86_64.rpm 8c64c5379d83bf9e001617bae1935376 x86_64/10.1/RPMS/lib64gnome-vfs2_0-devel-2.6.2-7.1.101mdk.x86_64.rpm 765d4f62ab8e314a96e419b5c51d540b x86_64/10.1/SRPMS/gnome-vfs2-2.6.2-7.1.101mdk.src.rpm Mandrakelinux 10.2: f60b317e9d82a64311e8fa76db389fea 10.2/RPMS/gnome-vfs2-2.8.4-6.1.102mdk.i586.rpm 83aaa09f41d650de8c216fca5eb1b854 10.2/RPMS/libgnome-vfs2_0-2.8.4-6.1.102mdk.i586.rpm a74279c606173fd42e83e6507a7c206b 10.2/RPMS/libgnome-vfs2_0-devel-2.8.4-6.1.102mdk.i586.rpm ea5d978ff12a70686c29fd84c461558a 10.2/SRPMS/gnome-vfs2-2.8.4-6.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: aa889240e8867ec7289578036104c623 x86_64/10.2/RPMS/gnome-vfs2-2.8.4-6.1.102mdk.x86_64.rpm e7224a715c8ea987c077adea71e29279 x86_64/10.2/RPMS/lib64gnome-vfs2_0-2.8.4-6.1.102mdk.x86_64.rpm 9e681bf74cb71e378e9eb1307159e2ce x86_64/10.2/RPMS/lib64gnome-vfs2_0-devel-2.8.4-6.1.102mdk.x86_64.rpm ea5d978ff12a70686c29fd84c461558a x86_64/10.2/SRPMS/gnome-vfs2-2.8.4-6.1.102mdk.src.rpm Corporate 3.0: 216b2f6d3459328b757d03336da09d38 corporate/3.0/RPMS/gnome-vfs2-2.4.2-5.1.C30mdk.i586.rpm af59a9db5ce5ededd91d3b6dff4e7c39 corporate/3.0/RPMS/libgnome-vfs2_0-2.4.2-5.1.C30mdk.i586.rpm 2d1516b9c4ff998116c1dac5dabe95a5 corporate/3.0/RPMS/libgnome-vfs2_0-devel-2.4.2-5.1.C30mdk.i586.rpm 03ba3b26530b88ca8c18fb41f9681018 corporate/3.0/SRPMS/gnome-vfs2-2.4.2-5.1.C30mdk.src.rpm Corporate 3.0/X86_64: 5645d370f2a7b81c17bff2c70a4a91c0 x86_64/corporate/3.0/RPMS/gnome-vfs2-2.4.2-5.1.C30mdk.x86_64.rpm b78fb0708a038607dbb1f3d970a13bff x86_64/corporate/3.0/RPMS/lib64gnome-vfs2_0-2.4.2-5.1.C30mdk.x86_64.rpm 5afd9d1f2c4193d72a0b2780c011bbf7 x86_64/corporate/3.0/RPMS/lib64gnome-vfs2_0-devel-2.4.2-5.1.C30mdk.x86_64.rpm 03ba3b26530b88ca8c18fb41f9681018 x86_64/corporate/3.0/SRPMS/gnome-vfs2-2.4.2-5.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCZ1AFmqjQ0CJFipgRAku4AKDA72sSbNu90ACROKkbd5ePrPiXRwCdHJBe bGLmzBiW6hphFqqgXjt9oVw= =oblf -----END PGP SIGNATURE----- ____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds