From security@mandriva.com Tue Nov 1 18:22:42 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Tue, 01 Nov 2005 16:21:48 -0700 Subject: [Full-disclosure] MDKSA-2005:203 - Updated gda2.0 packages fix string format vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2005:203 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gda2.0 Date : November 1, 2005 Affected: 10.2, 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2958 _______________________________________________________________________ Updated Packages: Corporate 3.0: c2bee0812a3911016f32406c7e6b98c6 corporate/3.0/RPMS/gda2.0-1.0.3-3.2.C30mdk.i586.rpm 1c60c3861756e5f2ebec25810d698319 corporate/3.0/RPMS/gda2.0-ldap-1.0.3-3.2.C30mdk.i586.rpm 76329346f822881c283f1d80eccf0321 corporate/3.0/RPMS/gda2.0-mysql-1.0.3-3.2.C30mdk.i586.rpm 9366a1dfd24862ba1c2e785c880f42b1 corporate/3.0/RPMS/gda2.0-odbc-1.0.3-3.2.C30mdk.i586.rpm d2eaf777cbc85fa050ea15d9483e8530 corporate/3.0/RPMS/gda2.0-postgres-1.0.3-3.2.C30mdk.i586.rpm efb6dcf8757552aca5a2afad5e214afa corporate/3.0/RPMS/gda2.0-sqlite-1.0.3-3.2.C30mdk.i586.rpm d19b0dc56ecc6645735e5ba4df226ea5 corporate/3.0/RPMS/libgda2.0_1-1.0.3-3.2.C30mdk.i586.rpm 04904635f832181f5f4bc13defbd2404 corporate/3.0/RPMS/libgda2.0_1-devel-1.0.3-3.2.C30mdk.i586.rpm 4ded9fd88d06c155f3fadd5438855b49 corporate/3.0/SRPMS/gda2.0-1.0.3-3.2.C30mdk.src.rpm Corporate 3.0/X86_64: 6db35535deba7751a627682f1ba77ace x86_64/corporate/3.0/RPMS/gda2.0-1.0.3-3.2.C30mdk.x86_64.rpm f3cc7763718da0f76c3c1e9131e1b9f5 x86_64/corporate/3.0/RPMS/gda2.0-ldap-1.0.3-3.2.C30mdk.x86_64.rpm 7f01b17e60477e916f6a390b4e4b7222 x86_64/corporate/3.0/RPMS/gda2.0-mysql-1.0.3-3.2.C30mdk.x86_64.rpm 3c93f0b8fe2f90ad54c505a813a3ea4f x86_64/corporate/3.0/RPMS/gda2.0-odbc-1.0.3-3.2.C30mdk.x86_64.rpm 527ff7ccbd2af3ea24ac3f572b050de3 x86_64/corporate/3.0/RPMS/gda2.0-postgres-1.0.3-3.2.C30mdk.x86_64.rpm cc2aead64a14a2fa99c34a572024adbe x86_64/corporate/3.0/RPMS/gda2.0-sqlite-1.0.3-3.2.C30mdk.x86_64.rpm 0eb6f8c613088bbcbb0205eec0e7374d x86_64/corporate/3.0/RPMS/lib64gda2.0_1-1.0.3-3.2.C30mdk.x86_64.rpm c4c5b62e45e95c0142fc823e2db49b4c x86_64/corporate/3.0/RPMS/lib64gda2.0_1-devel-1.0.3-3.2.C30mdk.x86_64.rpm 4ded9fd88d06c155f3fadd5438855b49 x86_64/corporate/3.0/SRPMS/gda2.0-1.0.3-3.2.C30mdk.src.rpm Mandriva Linux 10.2: 8581951dac7e2e51d0e583355f0c4fdf 10.2/RPMS/gda2.0-1.2.1-1.2.102mdk.i586.rpm 6df29b76c68f2dac41511f0047844a6c 10.2/RPMS/gda2.0-bdb-1.2.1-1.2.102mdk.i586.rpm ab2a54b37f5d3a5903c13b5caf0884f1 10.2/RPMS/gda2.0-ldap-1.2.1-1.2.102mdk.i586.rpm a46e61c38f33d3590255b349371e5dd2 10.2/RPMS/gda2.0-mysql-1.2.1-1.2.102mdk.i586.rpm 5f82b737ad1df0f5e367554a6af57d25 10.2/RPMS/gda2.0-odbc-1.2.1-1.2.102mdk.i586.rpm 9c15f2853a50a9b8ce21c99b7c357d69 10.2/RPMS/gda2.0-postgres-1.2.1-1.2.102mdk.i586.rpm 2a99984e0d3f0ed0bb77e1df0781a745 10.2/RPMS/gda2.0-sqlite-1.2.1-1.2.102mdk.i586.rpm ac79f03faefae3d12b25a692d84aa09c 10.2/RPMS/gda2.0-xbase-1.2.1-1.2.102mdk.i586.rpm c246c62a8b6a44bdf517fc13ab5a9629 10.2/RPMS/libgda2.0_3-1.2.1-1.2.102mdk.i586.rpm 33244d3790d14e77cf83e297d105a0e5 10.2/RPMS/libgda2.0_3-devel-1.2.1-1.2.102mdk.i586.rpm 2ae1d69e77d265b6a45701dede9187b6 10.2/SRPMS/gda2.0-1.2.1-1.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: a22c56a701d4b323cd58199bd330d358 x86_64/10.2/RPMS/gda2.0-1.2.1-1.2.102mdk.x86_64.rpm ab86e362890a87d588c6180df048d380 x86_64/10.2/RPMS/gda2.0-bdb-1.2.1-1.2.102mdk.x86_64.rpm e68a0231c0ed2d16c71330ab2ec0bc02 x86_64/10.2/RPMS/gda2.0-ldap-1.2.1-1.2.102mdk.x86_64.rpm 561b6118c3f60507bd1d39a61ae1d1ef x86_64/10.2/RPMS/gda2.0-mysql-1.2.1-1.2.102mdk.x86_64.rpm 9c09bdaed784668cf9326aaa25fe045e x86_64/10.2/RPMS/gda2.0-odbc-1.2.1-1.2.102mdk.x86_64.rpm 9c05d405913600ab83af41a5c43012f1 x86_64/10.2/RPMS/gda2.0-postgres-1.2.1-1.2.102mdk.x86_64.rpm 678405e55c25c6be5fd1bc7282918dab x86_64/10.2/RPMS/gda2.0-sqlite-1.2.1-1.2.102mdk.x86_64.rpm dd2b4c22b66bfdd9e7d079fceb8052bc x86_64/10.2/RPMS/gda2.0-xbase-1.2.1-1.2.102mdk.x86_64.rpm 3ad48b3adeb00a9f9a3ea7a1c987b735 x86_64/10.2/RPMS/lib64gda2.0_3-1.2.1-1.2.102mdk.x86_64.rpm e4d9fb39922d57f56902b721b80d7c9f x86_64/10.2/RPMS/lib64gda2.0_3-devel-1.2.1-1.2.102mdk.x86_64.rpm 2ae1d69e77d265b6a45701dede9187b6 x86_64/10.2/SRPMS/gda2.0-1.2.1-1.2.102mdk.src.rpm Mandriva Linux 2006.0: 291823a3cf2fbd1321fafd6d465b9fbc 2006.0/RPMS/gda2.0-1.2.2-2.2.20060mdk.i586.rpm f8c350c51a5847e02e391507f1052867 2006.0/RPMS/gda2.0-bdb-1.2.2-2.2.20060mdk.i586.rpm dd0126df1e10c2f127ebecc5e0a1c26c 2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.i586.rpm 47e6a607eaa3738b4d07adb619232eb1 2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.i586.rpm 4d1f9d08c55ed0a195ca001996f239e3 2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.i586.rpm e9dc80d837f6932969c3601f03707c59 2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.i586.rpm 0ec62e103852325ee70769fe2eadb6c4 2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.i586.rpm a5d3d090e83d080ebf6a1c210aa113f1 2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.i586.rpm a4a8ae72f7cd866183c2e8a4a2e16bd3 2006.0/RPMS/libgda2.0_3-1.2.2-2.2.20060mdk.i586.rpm 2b4c20ea0a38bf22c5aa31da3cd8884f 2006.0/RPMS/libgda2.0_3-devel-1.2.2-2.2.20060mdk.i586.rpm 16c1de82d2b1996adeb4577b1ff9cdcd 2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 36a04443e670524ae0c4d93bf0752e9f x86_64/2006.0/RPMS/gda2.0-1.2.2-2.2.20060mdk.x86_64.rpm d2fecb3c702f5c764c6a67c85e36e448 x86_64/2006.0/RPMS/gda2.0-bdb-1.2.2-2.2.20060mdk.x86_64.rpm 44171de894c358c5bd3d4301b488170e x86_64/2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.x86_64.rpm 863aacd7318479757dc2d2e1ed238418 x86_64/2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.x86_64.rpm a82c2fceef36372b1fc17086b6237293 x86_64/2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.x86_64.rpm 067f1f9a633b3e2dbe8ca08591d48642 x86_64/2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.x86_64.rpm 4b257c7716b6eefcfb0fec95732975a0 x86_64/2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.x86_64.rpm 9fef9fad9b8d98708c30c87b4bfdbece x86_64/2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.x86_64.rpm 84787803035a7d1ee2bb7b12775ea9f0 x86_64/2006.0/RPMS/lib64gda2.0_3-1.2.2-2.2.20060mdk.x86_64.rpm 3037e49d4a6f17e6b752fcff37f05986 x86_64/2006.0/RPMS/lib64gda2.0_3-devel-1.2.2-2.2.20060mdk.x86_64.rpm 16c1de82d2b1996adeb4577b1ff9cdcd x86_64/2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZ/iMmqjQ0CJFipgRAsECAJ9a/c0Go4Yy9/+4hY/DWo72IrpRSgCgnX3g zDqRFrxHNRzw/J1onPK4fc0= =NhHM -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/