Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability
From: security () mandriva com
Date: Mon, 11 Dec 2006 12:07:01 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:227
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdegraphics
 Date    : December 11, 2006
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3,
 as used by konqueror, digikam, and other KDE image browsers, allows
 remote attackers to cause a denial of service (stack consumption) via a
 crafted EXIF section in a JPEG file, which results in an infinite
 recursion.

 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6297
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 6e89f3874a96540fa1d4031dcc37a17b  2007.0/i586/kdegraphics-3.5.4-7.1mdv2007.0.i586.rpm
 fd7cf5ecd552b43c4b05be3e275fbe9e  2007.0/i586/kdegraphics-common-3.5.4-7.1mdv2007.0.i586.rpm
 1fdacd36d0c735b99de188b35262739a  2007.0/i586/kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0.i586.rpm
 3810fcfd704c735fdb599d03ccbcf051  2007.0/i586/kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0.i586.rpm
 27d179e50c2a4181685df61b9d4831df  2007.0/i586/kdegraphics-kdvi-3.5.4-7.1mdv2007.0.i586.rpm
 6ccd33d46c803152086e86efcb891421  2007.0/i586/kdegraphics-kfax-3.5.4-7.1mdv2007.0.i586.rpm
 245d01f1f3202d7c15a076d2e0791abd  2007.0/i586/kdegraphics-kghostview-3.5.4-7.1mdv2007.0.i586.rpm
 769d98df9e182b949a05120e94d4fbe1  2007.0/i586/kdegraphics-kiconedit-3.5.4-7.1mdv2007.0.i586.rpm
 cd41454a7f01fc9ade690a6382267927  2007.0/i586/kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0.i586.rpm
 de89292ad4c14021c5ee348c21fac260  2007.0/i586/kdegraphics-kooka-3.5.4-7.1mdv2007.0.i586.rpm
 9c3ff4d37861a31d585483fd6fa7ab26  2007.0/i586/kdegraphics-kpdf-3.5.4-7.1mdv2007.0.i586.rpm
 e7fb905b1acf999f25b1000f8cd3d6d6  2007.0/i586/kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0.i586.rpm
 fd4a51c696a549ca050104e279c65ca2  2007.0/i586/kdegraphics-kruler-3.5.4-7.1mdv2007.0.i586.rpm
 b3db1362303e456fcc34aee34e422614  2007.0/i586/kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0.i586.rpm
 4d9acb96ddd3f13f3ad5dea86601c595  2007.0/i586/kdegraphics-ksvg-3.5.4-7.1mdv2007.0.i586.rpm
 aad7047bd2c78070bd98a141144aa19b  2007.0/i586/kdegraphics-kuickshow-3.5.4-7.1mdv2007.0.i586.rpm
 a5183761af7d80c95901b08bc2254513  2007.0/i586/kdegraphics-kview-3.5.4-7.1mdv2007.0.i586.rpm
 d71c990067396203ebe90b15a890aaa0  2007.0/i586/kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0.i586.rpm
 ac22d45901705b7bea1c55c2dfafaf8d  2007.0/i586/libkdegraphics0-common-3.5.4-7.1mdv2007.0.i586.rpm
 60e221b46f5af9d4d11de18e7470a777  2007.0/i586/libkdegraphics0-common-devel-3.5.4-7.1mdv2007.0.i586.rpm
 0a42a68e4f7085e7b52b455d02d3e5fc  2007.0/i586/libkdegraphics0-kghostview-3.5.4-7.1mdv2007.0.i586.rpm
 c66f95121d95719b8929ea8383373a1a  2007.0/i586/libkdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0.i586.rpm
 af3eb8e08afb4e93713f69be96e3a429  2007.0/i586/libkdegraphics0-kooka-3.5.4-7.1mdv2007.0.i586.rpm
 d9142070b0b91c15749e8fd9252c3db0  2007.0/i586/libkdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0.i586.rpm
 aebc94e07a8a77c3a99ad3a22bef8246  2007.0/i586/libkdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0.i586.rpm
 7619c56e202bca1e34b28867dc0ad0e8  2007.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0.i586.rpm
 b0395010aa1c01d1001c9543d5f17911  2007.0/i586/libkdegraphics0-ksvg-3.5.4-7.1mdv2007.0.i586.rpm
 8ce4847dd75c97724a979299947948bf  2007.0/i586/libkdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0.i586.rpm
 bbff80ead5c4dca8723c4c6369303d54  2007.0/i586/libkdegraphics0-kview-3.5.4-7.1mdv2007.0.i586.rpm
 6be2fed4e62ac8a1539eea25fb208edc  2007.0/i586/libkdegraphics0-kview-devel-3.5.4-7.1mdv2007.0.i586.rpm 
 c35cf358df91e4d224a684d63b69c4f3  2007.0/SRPMS/kdegraphics-3.5.4-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 e79cfa9037fd4c26a5b79217a3d79497  2007.0/x86_64/kdegraphics-3.5.4-7.1mdv2007.0.x86_64.rpm
 87b00c4fd7fbbac63ed82077caacd2cb  2007.0/x86_64/kdegraphics-common-3.5.4-7.1mdv2007.0.x86_64.rpm
 6436ecb6465173e4c06f5f1c296ccbe9  2007.0/x86_64/kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0.x86_64.rpm
 a01eb9cc427030f253a40a53e9d84d2c  2007.0/x86_64/kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0.x86_64.rpm
 ec5ddf068cdbb6616ea05c714958e1ea  2007.0/x86_64/kdegraphics-kdvi-3.5.4-7.1mdv2007.0.x86_64.rpm
 f1b9e09ad9e0cb6a9307dcf9241994b8  2007.0/x86_64/kdegraphics-kfax-3.5.4-7.1mdv2007.0.x86_64.rpm
 74ea3d6f6650a01c5cb424b2926b16cb  2007.0/x86_64/kdegraphics-kghostview-3.5.4-7.1mdv2007.0.x86_64.rpm
 415180a978a851df625224cdd7c13f77  2007.0/x86_64/kdegraphics-kiconedit-3.5.4-7.1mdv2007.0.x86_64.rpm
 88c511450eaaeba69bdf510e277fc4e7  2007.0/x86_64/kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0.x86_64.rpm
 230e339f6b524c7c8f93a7a86a3fe30e  2007.0/x86_64/kdegraphics-kooka-3.5.4-7.1mdv2007.0.x86_64.rpm
 7e765122e5473f9750a13c2a89f70df1  2007.0/x86_64/kdegraphics-kpdf-3.5.4-7.1mdv2007.0.x86_64.rpm
 eb721c17dc6f8dffbf8c3e8ab6dfae0a  2007.0/x86_64/kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0.x86_64.rpm
 236129966f43709d4ae891f4c912d62c  2007.0/x86_64/kdegraphics-kruler-3.5.4-7.1mdv2007.0.x86_64.rpm
 f2826041cde62e9a4f64d08d97dfee10  2007.0/x86_64/kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0.x86_64.rpm
 4a7ec071aa6fbdf97d5909657580edf1  2007.0/x86_64/kdegraphics-ksvg-3.5.4-7.1mdv2007.0.x86_64.rpm
 b578717af98f91c6cf025273a409ac8d  2007.0/x86_64/kdegraphics-kuickshow-3.5.4-7.1mdv2007.0.x86_64.rpm
 7b62ddadb8cd518d5e8e60b7b5e14ce2  2007.0/x86_64/kdegraphics-kview-3.5.4-7.1mdv2007.0.x86_64.rpm
 0b22ef36963b31051dd29d6659a9c7b9  2007.0/x86_64/kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0.x86_64.rpm
 d2b5df8246590f1af9958094ccf160d7  2007.0/x86_64/lib64kdegraphics0-common-3.5.4-7.1mdv2007.0.x86_64.rpm
 f940f76bd3f6d8a2ed4623f1f4320119  2007.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
 b5ee5fd8c6e32a366874f9751f41d87b  2007.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-7.1mdv2007.0.x86_64.rpm
 9271721cc1fb1a62f54e46a4d0ff359c  2007.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
 679c511a383bcf6f49000b298a1bc284  2007.0/x86_64/lib64kdegraphics0-kooka-3.5.4-7.1mdv2007.0.x86_64.rpm
 75ca0c4062caabc331d67ea677c616ee  2007.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
 24e3dafdb8cf72305f3fc6232722d557  2007.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0.x86_64.rpm
 5122b14c05d93aa5ae1b8184a6ec5680  2007.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
 9af5412789b2686795cb70227101c576  2007.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-7.1mdv2007.0.x86_64.rpm
 fa830aeb8ef9cee113fc411a8420b461  2007.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
 0255428daec795631f0cbe2e7288262d  2007.0/x86_64/lib64kdegraphics0-kview-3.5.4-7.1mdv2007.0.x86_64.rpm
 5b35c10c58b1434cd1a8bc0e252580a0  2007.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-7.1mdv2007.0.x86_64.rpm 
 c35cf358df91e4d224a684d63b69c4f3  2007.0/SRPMS/kdegraphics-3.5.4-7.1mdv2007.0.src.rpm

 Corporate 3.0:
 2fc94fe9cb1603d382452210242e7d77  corporate/3.0/i586/kdegraphics-3.2-15.13.C30mdk.i586.rpm
 25f3a02decd96f02979b6e9d5dfb5b21  corporate/3.0/i586/kdegraphics-common-3.2-15.13.C30mdk.i586.rpm
 ffca8e258ced134c3d5b209bd361d390  corporate/3.0/i586/kdegraphics-kdvi-3.2-15.13.C30mdk.i586.rpm
 35e9d39b5bb214090f24137092d997c3  corporate/3.0/i586/kdegraphics-kfax-3.2-15.13.C30mdk.i586.rpm
 29b648144b6811a07f4c76837be95f32  corporate/3.0/i586/kdegraphics-kghostview-3.2-15.13.C30mdk.i586.rpm
 130e18e47bffccd5abdd44b08d0eb3f4  corporate/3.0/i586/kdegraphics-kiconedit-3.2-15.13.C30mdk.i586.rpm
 090e96550a552c714e05d807a9af3b55  corporate/3.0/i586/kdegraphics-kooka-3.2-15.13.C30mdk.i586.rpm
 6f49e3dad0a816fbbe53e72bdfaccc94  corporate/3.0/i586/kdegraphics-kpaint-3.2-15.13.C30mdk.i586.rpm
 ebf5f34644cb198cb2f2f20d1fb09308  corporate/3.0/i586/kdegraphics-kpdf-3.2-15.13.C30mdk.i586.rpm
 88347612742492086ae2a06294a42d0a  corporate/3.0/i586/kdegraphics-kpovmodeler-3.2-15.13.C30mdk.i586.rpm
 80de2293b4e7c0a9ae849b175b391198  corporate/3.0/i586/kdegraphics-kruler-3.2-15.13.C30mdk.i586.rpm
 3641f635fd16be1c464f89efadca7b09  corporate/3.0/i586/kdegraphics-ksnapshot-3.2-15.13.C30mdk.i586.rpm
 634a386d2ac542dcbc2da7fb06726733  corporate/3.0/i586/kdegraphics-ksvg-3.2-15.13.C30mdk.i586.rpm
 31179f3561568e582e3fef1ec551cdcb  corporate/3.0/i586/kdegraphics-kuickshow-3.2-15.13.C30mdk.i586.rpm
 ebf206a03879f0cf7dacf606f870da16  corporate/3.0/i586/kdegraphics-kview-3.2-15.13.C30mdk.i586.rpm
 15fb87595432138f486bd78b2da41a49  corporate/3.0/i586/kdegraphics-mrmlsearch-3.2-15.13.C30mdk.i586.rpm
 34e6718386e6e6e57e80fb1096f843f8  corporate/3.0/i586/libkdegraphics0-common-3.2-15.13.C30mdk.i586.rpm
 c3a1a3e06996647838452c428bb557f2  corporate/3.0/i586/libkdegraphics0-common-devel-3.2-15.13.C30mdk.i586.rpm
 dbc772da3012bf55d2f1939f66ae5af6  corporate/3.0/i586/libkdegraphics0-kooka-3.2-15.13.C30mdk.i586.rpm
 829beca412e89f2afef07504cfc32a3d  corporate/3.0/i586/libkdegraphics0-kooka-devel-3.2-15.13.C30mdk.i586.rpm
 c616454fded8ae32ed7c30b713763b7d  corporate/3.0/i586/libkdegraphics0-kpovmodeler-3.2-15.13.C30mdk.i586.rpm
 4fc6d8b358f75c67e67f454c479a3db7  corporate/3.0/i586/libkdegraphics0-kpovmodeler-devel-3.2-15.13.C30mdk.i586.rpm
 418b0e06965439536f57c3aa65461a33  corporate/3.0/i586/libkdegraphics0-ksvg-3.2-15.13.C30mdk.i586.rpm
 8254f0ed01d54eec133b863f860d2fb3  corporate/3.0/i586/libkdegraphics0-ksvg-devel-3.2-15.13.C30mdk.i586.rpm
 f1f70eb5c715d9b430474dab0047ca84  corporate/3.0/i586/libkdegraphics0-kuickshow-3.2-15.13.C30mdk.i586.rpm
 a40e3ba70707158be862d3eeb7ebc1ad  corporate/3.0/i586/libkdegraphics0-kview-3.2-15.13.C30mdk.i586.rpm
 34b573701e057adf47be21c8c26a77bf  corporate/3.0/i586/libkdegraphics0-kview-devel-3.2-15.13.C30mdk.i586.rpm
 82af2d9ecd3c94bb2bb9bb384e363175  corporate/3.0/i586/libkdegraphics0-mrmlsearch-3.2-15.13.C30mdk.i586.rpm 
 118616d1fbbc2a288b0c845b530ab5ba  corporate/3.0/SRPMS/kdegraphics-3.2-15.13.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e56f8e1452788a6682c63bf12d89c4dc  corporate/3.0/x86_64/kdegraphics-3.2-15.13.C30mdk.x86_64.rpm
 ea747244ce018b9f7f0fe9e7acda73a2  corporate/3.0/x86_64/kdegraphics-common-3.2-15.13.C30mdk.x86_64.rpm
 43f7612469f0530dca0ea13735d7fb21  corporate/3.0/x86_64/kdegraphics-kdvi-3.2-15.13.C30mdk.x86_64.rpm
 ce8dccbcf4db264f3dab9bf12e876506  corporate/3.0/x86_64/kdegraphics-kfax-3.2-15.13.C30mdk.x86_64.rpm
 605b6cd01214f45dd9472765acd69f1e  corporate/3.0/x86_64/kdegraphics-kghostview-3.2-15.13.C30mdk.x86_64.rpm
 14eec91200f15fceaf0a7f6e62cb2e52  corporate/3.0/x86_64/kdegraphics-kiconedit-3.2-15.13.C30mdk.x86_64.rpm
 a481acd62448ca88e0826d3566609f98  corporate/3.0/x86_64/kdegraphics-kooka-3.2-15.13.C30mdk.x86_64.rpm
 3ceb16e8055e9777fd38c91f3e11706a  corporate/3.0/x86_64/kdegraphics-kpaint-3.2-15.13.C30mdk.x86_64.rpm
 c0c2e035673223cd8602a0838b0598fb  corporate/3.0/x86_64/kdegraphics-kpdf-3.2-15.13.C30mdk.x86_64.rpm
 df8c5c7111271082ad50fca8ffdf055d  corporate/3.0/x86_64/kdegraphics-kpovmodeler-3.2-15.13.C30mdk.x86_64.rpm
 79e3e14d8dd7fa7e6349e97f1d9d7b5a  corporate/3.0/x86_64/kdegraphics-kruler-3.2-15.13.C30mdk.x86_64.rpm
 c09dec0e9b5df4f3d2a2f69cd72c77f2  corporate/3.0/x86_64/kdegraphics-ksnapshot-3.2-15.13.C30mdk.x86_64.rpm
 7758c9ebab956ac41e9f3a2d2a6c8a7c  corporate/3.0/x86_64/kdegraphics-ksvg-3.2-15.13.C30mdk.x86_64.rpm
 702873b7683ebd5043bba05d38a93656  corporate/3.0/x86_64/kdegraphics-kuickshow-3.2-15.13.C30mdk.x86_64.rpm
 ac5a46b1098454f4489496e4166c8b5f  corporate/3.0/x86_64/kdegraphics-kview-3.2-15.13.C30mdk.x86_64.rpm
 56150fe2c88109c86bead8cf09ba04ac  corporate/3.0/x86_64/kdegraphics-mrmlsearch-3.2-15.13.C30mdk.x86_64.rpm
 8f3a68bb43ef4525eb8c3a6e6117a182  corporate/3.0/x86_64/lib64kdegraphics0-common-3.2-15.13.C30mdk.x86_64.rpm
 534eb8871b8983f86d8e63d46df30e10  corporate/3.0/x86_64/lib64kdegraphics0-common-devel-3.2-15.13.C30mdk.x86_64.rpm
 cd981a050f0e0c6ae91acced2e52394b  corporate/3.0/x86_64/lib64kdegraphics0-kooka-3.2-15.13.C30mdk.x86_64.rpm
 c1d1f2d8bcae49bedf6646798cb29453  corporate/3.0/x86_64/lib64kdegraphics0-kooka-devel-3.2-15.13.C30mdk.x86_64.rpm
 4aa97e98fa26ddf8ef93f1fd4d1c22e2  corporate/3.0/x86_64/lib64kdegraphics0-kpovmodeler-3.2-15.13.C30mdk.x86_64.rpm
 31702c7761c465b7d78177c865fcef2b  corporate/3.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.2-15.13.C30mdk.x86_64.rpm
 4b50916440138d3ad18af03515eebdf5  corporate/3.0/x86_64/lib64kdegraphics0-ksvg-3.2-15.13.C30mdk.x86_64.rpm
 f3be5478fcba1b48a41645859b65b373  corporate/3.0/x86_64/lib64kdegraphics0-ksvg-devel-3.2-15.13.C30mdk.x86_64.rpm
 6a2d1c240d284bc741f72a283c990062  corporate/3.0/x86_64/lib64kdegraphics0-kuickshow-3.2-15.13.C30mdk.x86_64.rpm
 7590b48293cf62557ff41d1a53896357  corporate/3.0/x86_64/lib64kdegraphics0-kview-3.2-15.13.C30mdk.x86_64.rpm
 d39a534a98bc5751f6bcc0d1af3ae408  corporate/3.0/x86_64/lib64kdegraphics0-kview-devel-3.2-15.13.C30mdk.x86_64.rpm
 c5f531f3c2798796b7fe5261c1af3c56  corporate/3.0/x86_64/lib64kdegraphics0-mrmlsearch-3.2-15.13.C30mdk.x86_64.rpm 
 118616d1fbbc2a288b0c845b530ab5ba  corporate/3.0/SRPMS/kdegraphics-3.2-15.13.C30mdk.src.rpm

 Corporate 4.0:
 400b776273133c15a27b3cd0bc7d492a  corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.2.20060mlcs4.i586.rpm
 43c5da552e05179a7065f19f6153dc21  corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.i586.rpm 
 fdcff6a1e1770cc4eac9e25028bd427e  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0d9fe775f62e6cd137875c52a24b5999  corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.2.20060mlcs4.x86_64.rpm
 89ac83dc22519c9dc7d2729251dc90c1  corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.x86_64.rpm 
 fdcff6a1e1770cc4eac9e25028bd427e  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFfYCCmqjQ0CJFipgRAqW6AKCHKd4zvoi9MG19M4OxqHjS8rp+7gCgpe3y
v/MH2AeKoaHaa/pOOkrTlig=
=eQAa
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability security (Dec 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault