Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:077 - Updated wv packages fix vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 30 Jul 2004 05:26:09 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           wv
 Advisory ID:            MDKSA-2004:077
 Date:                   July 29th, 2004

 Affected versions:      10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 iDefense discovered a buffer overflow vulnerability in the wv package
 which could allow an attacker to execute arbitrary code with the
 privileges of the user running the vulnerable application.
 
 The updated packages are patched to protect against this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645
  http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 7bc8b712dbb5ca6592de05341b6d1489  10.0/RPMS/libwv-1.0_0-1.0.0-1.1.100mdk.i586.rpm
 bec8e09ab3be99e622bd62cf6c0cf3df  10.0/RPMS/libwv-1.0_0-devel-1.0.0-1.1.100mdk.i586.rpm
 e9795464f2baa0bb36ea2f15d7e420c6  10.0/RPMS/wv-1.0.0-1.1.100mdk.i586.rpm
 10a630945f35b4a90f36a6270d98d241  10.0/SRPMS/wv-1.0.0-1.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 e3072c5942b032b547b04dd10a442826  amd64/10.0/RPMS/lib64wv-1.0_0-1.0.0-1.1.100mdk.amd64.rpm
 8b369ac8db42130442c003cb7229a7d1  amd64/10.0/RPMS/lib64wv-1.0_0-devel-1.0.0-1.1.100mdk.amd64.rpm
 98c5fa468e3815501058461213bb7da7  amd64/10.0/RPMS/wv-1.0.0-1.1.100mdk.amd64.rpm
 10a630945f35b4a90f36a6270d98d241  amd64/10.0/SRPMS/wv-1.0.0-1.1.100mdk.src.rpm

 Mandrakelinux 9.2:
 dcf67ddd72cc96ea526d4189dce93edb  9.2/RPMS/libwv-1.0_0-1.0.0-1.1.92mdk.i586.rpm
 d9c0629e2c8921a93290aede1b5158f9  9.2/RPMS/libwv-1.0_0-devel-1.0.0-1.1.92mdk.i586.rpm
 fa6f235b5934c40af8cb087394bcdefc  9.2/RPMS/wv-1.0.0-1.1.92mdk.i586.rpm
 ef345c688ddb57bdbadba00a5b924c79  9.2/SRPMS/wv-1.0.0-1.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 a23f13d265c1916c45c514798a37aaad  amd64/9.2/RPMS/lib64wv-1.0_0-1.0.0-1.1.92mdk.amd64.rpm
 9ca5b4da978fb5c7908cd52018f6e191  amd64/9.2/RPMS/lib64wv-1.0_0-devel-1.0.0-1.1.92mdk.amd64.rpm
 568e4b5933ceed44a7c7b30dfff15f80  amd64/9.2/RPMS/wv-1.0.0-1.1.92mdk.amd64.rpm
 ef345c688ddb57bdbadba00a5b924c79  amd64/9.2/SRPMS/wv-1.0.0-1.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBCdvwmqjQ0CJFipgRAoHPAJ419K04Am6fBCVSjd92EMUjQyW3QACgvnkl
xlFsJ7R1txTrB3F7MPA7AMI=
=ywgN
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:077 - Updated wv packages fix vulnerability Mandrake Linux Security Team (Jul 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault