Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:115 - Updated kdegraphics packages fix DoS vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 22 Oct 2004 02:59:55 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kdegraphics
 Advisory ID:            MDKSA-2004:115
 Date:                   October 21st, 2004

 Affected versions:      10.0
 ______________________________________________________________________

 Problem Description:

 Chris Evans discovered numerous vulnerabilities in the xpdf package, 
 which also effect software using embedded xpdf code, such as kpdf:
 
 Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
 Also programs like kpdf which have embedded versions of xpdf.
 These can result in writing an arbitrary byte to an attacker controlled
 location which probably could lead to arbitrary code execution.
 
 The updated packages are patched to protect against these
 vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 54d34901667194a884990df8fceda44c  10.0/RPMS/kdegraphics-3.2-15.2.100mdk.i586.rpm
 c4393b2bef8977690eccc8ed51a8efca  10.0/RPMS/kdegraphics-common-3.2-15.2.100mdk.i586.rpm
 edbbe2c21d81f8677f16c2956a06009c  10.0/RPMS/kdegraphics-kdvi-3.2-15.2.100mdk.i586.rpm
 b69407bdd8d350da7173f517f2f7d51e  10.0/RPMS/kdegraphics-kfax-3.2-15.2.100mdk.i586.rpm
 cd077849e2865034b3610c9235d53819  10.0/RPMS/kdegraphics-kghostview-3.2-15.2.100mdk.i586.rpm
 3de0a548d73689a892d48a85406b8367  10.0/RPMS/kdegraphics-kiconedit-3.2-15.2.100mdk.i586.rpm
 1d4eaaa7b4a47343b05004d4fc023988  10.0/RPMS/kdegraphics-kooka-3.2-15.2.100mdk.i586.rpm
 60f70cd8d5980f74ca000903a1d71771  10.0/RPMS/kdegraphics-kpaint-3.2-15.2.100mdk.i586.rpm
 7176f1ebb79391b5fcc3d68941dccb35  10.0/RPMS/kdegraphics-kpdf-3.2-15.2.100mdk.i586.rpm
 2133d2d63704206192910570b6bc742d  10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.2.100mdk.i586.rpm
 6b21f6fea34206888c47b89d5a0536af  10.0/RPMS/kdegraphics-kruler-3.2-15.2.100mdk.i586.rpm
 86612aea584598abec93481389525095  10.0/RPMS/kdegraphics-ksnapshot-3.2-15.2.100mdk.i586.rpm
 1f87a0f8ee2de982a58ad24491fc6b1e  10.0/RPMS/kdegraphics-ksvg-3.2-15.2.100mdk.i586.rpm
 e09d7392164b04b3209f6ef5f197325e  10.0/RPMS/kdegraphics-kuickshow-3.2-15.2.100mdk.i586.rpm
 0681dd5bd8be3c6eaef7d26bbfd338aa  10.0/RPMS/kdegraphics-kview-3.2-15.2.100mdk.i586.rpm
 cc6e2ea22232cd78ac6563e636ba2b22  10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.2.100mdk.i586.rpm
 cb5026e54d040308243b9644dff42bae  10.0/RPMS/libkdegraphics0-common-3.2-15.2.100mdk.i586.rpm
 6bec482da4b14188d860853db62228b5  10.0/RPMS/libkdegraphics0-common-devel-3.2-15.2.100mdk.i586.rpm
 73cc1c8d2165273320375df5dc29e7c2  10.0/RPMS/libkdegraphics0-kooka-3.2-15.2.100mdk.i586.rpm
 c64f9cd73ab00e9e52338e03b29cb2f4  10.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.2.100mdk.i586.rpm
 425f38c7c3cc3fab66ff43d4f554c7d2  10.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.2.100mdk.i586.rpm
 c33cf1d0feb1d82cc196e677a5efc758  10.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.2.100mdk.i586.rpm
 a8c9c5d367d4f85cd4f9fcc61a8a0d2d  10.0/RPMS/libkdegraphics0-ksvg-3.2-15.2.100mdk.i586.rpm
 974b2c6f93cdc7dfd06ea67ff9f02164  10.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.2.100mdk.i586.rpm
 c5977ef7a743dfd00240bbc3043d8e56  10.0/RPMS/libkdegraphics0-kuickshow-3.2-15.2.100mdk.i586.rpm
 e820d02b9fb85f24ac1a6fda9de70661  10.0/RPMS/libkdegraphics0-kview-3.2-15.2.100mdk.i586.rpm
 fb591c6cfe29caf42f8ae5a224138f3a  10.0/RPMS/libkdegraphics0-kview-devel-3.2-15.2.100mdk.i586.rpm
 f430452370cab160119df86eb2b2b63e  10.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.2.100mdk.i586.rpm
 3f22b2bdc5c9e388f8d2e264722b7d2a  10.0/SRPMS/kdegraphics-3.2-15.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 ee02e1458dcf080047edabfdd7047e3c  amd64/10.0/RPMS/kdegraphics-3.2-15.2.100mdk.amd64.rpm
 65c92d7d9c5288662bdba996bf3f6d2f  amd64/10.0/RPMS/kdegraphics-common-3.2-15.2.100mdk.amd64.rpm
 64d471c8e414f14fa16d74f251fc3584  amd64/10.0/RPMS/kdegraphics-kdvi-3.2-15.2.100mdk.amd64.rpm
 b5749f135d53171d3eb100f0052198c4  amd64/10.0/RPMS/kdegraphics-kfax-3.2-15.2.100mdk.amd64.rpm
 9b392ea47cf0f9aa4c2a7eb04289e0fe  amd64/10.0/RPMS/kdegraphics-kghostview-3.2-15.2.100mdk.amd64.rpm
 31eed9dd801faa37e97ec9e5a9e71992  amd64/10.0/RPMS/kdegraphics-kiconedit-3.2-15.2.100mdk.amd64.rpm
 11653b00fe1fea148bb07bb1675fc01d  amd64/10.0/RPMS/kdegraphics-kooka-3.2-15.2.100mdk.amd64.rpm
 870d1f006b04602c41a816355c9769eb  amd64/10.0/RPMS/kdegraphics-kpaint-3.2-15.2.100mdk.amd64.rpm
 99b640d366d4f629ee18cd55df4ba37f  amd64/10.0/RPMS/kdegraphics-kpdf-3.2-15.2.100mdk.amd64.rpm
 87b282af64223971d10f003c8c717714  amd64/10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.2.100mdk.amd64.rpm
 d6e2df5e9cbe67781712cc3220db4d14  amd64/10.0/RPMS/kdegraphics-kruler-3.2-15.2.100mdk.amd64.rpm
 f68a79ffd407b44a75b3d8c83448d8c3  amd64/10.0/RPMS/kdegraphics-ksnapshot-3.2-15.2.100mdk.amd64.rpm
 ab67b16558cbd39eb2f6ce960f55aac8  amd64/10.0/RPMS/kdegraphics-ksvg-3.2-15.2.100mdk.amd64.rpm
 df749af5048d222370e41c91aff26353  amd64/10.0/RPMS/kdegraphics-kuickshow-3.2-15.2.100mdk.amd64.rpm
 a63255ee573e2f414c8bdc8a6ea7dbc4  amd64/10.0/RPMS/kdegraphics-kview-3.2-15.2.100mdk.amd64.rpm
 e025d51bea713a40a0d227094bb7392f  amd64/10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.2.100mdk.amd64.rpm
 8d49246916b1f89ddf1af50f804c7ee9  amd64/10.0/RPMS/lib64kdegraphics0-common-3.2-15.2.100mdk.amd64.rpm
 f3ff0d16d3c9a9af87cb5c67c8888e01  amd64/10.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.2.100mdk.amd64.rpm
 f240739fdae68158779b796773e9c503  amd64/10.0/RPMS/lib64kdegraphics0-kooka-3.2-15.2.100mdk.amd64.rpm
 fa4378e2fa62fdc3ccb14c8c8e24f267  amd64/10.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.2.100mdk.amd64.rpm
 9c6b2a5890ca2b0c16b1821b31bf612f  amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.2.100mdk.amd64.rpm
 7b6306d97f7e36baa7099e02682f3730  amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.2.100mdk.amd64.rpm
 2e762585ccef621055d509fa353e1e7d  amd64/10.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.2.100mdk.amd64.rpm
 4fec49765fbc8f6d88dd6c1960f2a2aa  amd64/10.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.2.100mdk.amd64.rpm
 bea91129fe97457e6585b3e83c28319f  amd64/10.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.2.100mdk.amd64.rpm
 0ccafa6f2645f8a1a1df72432150d49a  amd64/10.0/RPMS/lib64kdegraphics0-kview-3.2-15.2.100mdk.amd64.rpm
 b9ae2f1ec754c18dac81ed546a47b2f7  amd64/10.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.2.100mdk.amd64.rpm
 b97aacf4697f053d74003e058783dc88  amd64/10.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.2.100mdk.amd64.rpm
 3f22b2bdc5c9e388f8d2e264722b7d2a  amd64/10.0/SRPMS/kdegraphics-3.2-15.2.100mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBeHermqjQ0CJFipgRAibgAKDMppRzbVvPKcAOEbOlCz6fhmZumgCfWmaS
CLJ4+/cDxfVnKg5QPIZ29l8=
=M9bh
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:115 - Updated kdegraphics packages fix DoS vulnerability Mandrake Linux Security Team (Oct 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]