From security@linux-mandrake.com Fri Oct 22 04:12:14 2004 From: Mandrake Linux Security Team To: full-disclosure@lists.netsys.com Date: 22 Oct 2004 02:59:55 -0000 Subject: [Full-Disclosure] MDKSA-2004:115 - Updated kdegraphics packages fix DoS vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: kdegraphics Advisory ID: MDKSA-2004:115 Date: October 21st, 2004 Affected versions: 10.0 ______________________________________________________________________ Problem Description: Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as kpdf: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like kpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. The updated packages are patched to protect against these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 54d34901667194a884990df8fceda44c 10.0/RPMS/kdegraphics-3.2-15.2.100mdk.i586.rpm c4393b2bef8977690eccc8ed51a8efca 10.0/RPMS/kdegraphics-common-3.2-15.2.100mdk.i586.rpm edbbe2c21d81f8677f16c2956a06009c 10.0/RPMS/kdegraphics-kdvi-3.2-15.2.100mdk.i586.rpm b69407bdd8d350da7173f517f2f7d51e 10.0/RPMS/kdegraphics-kfax-3.2-15.2.100mdk.i586.rpm cd077849e2865034b3610c9235d53819 10.0/RPMS/kdegraphics-kghostview-3.2-15.2.100mdk.i586.rpm 3de0a548d73689a892d48a85406b8367 10.0/RPMS/kdegraphics-kiconedit-3.2-15.2.100mdk.i586.rpm 1d4eaaa7b4a47343b05004d4fc023988 10.0/RPMS/kdegraphics-kooka-3.2-15.2.100mdk.i586.rpm 60f70cd8d5980f74ca000903a1d71771 10.0/RPMS/kdegraphics-kpaint-3.2-15.2.100mdk.i586.rpm 7176f1ebb79391b5fcc3d68941dccb35 10.0/RPMS/kdegraphics-kpdf-3.2-15.2.100mdk.i586.rpm 2133d2d63704206192910570b6bc742d 10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.2.100mdk.i586.rpm 6b21f6fea34206888c47b89d5a0536af 10.0/RPMS/kdegraphics-kruler-3.2-15.2.100mdk.i586.rpm 86612aea584598abec93481389525095 10.0/RPMS/kdegraphics-ksnapshot-3.2-15.2.100mdk.i586.rpm 1f87a0f8ee2de982a58ad24491fc6b1e 10.0/RPMS/kdegraphics-ksvg-3.2-15.2.100mdk.i586.rpm e09d7392164b04b3209f6ef5f197325e 10.0/RPMS/kdegraphics-kuickshow-3.2-15.2.100mdk.i586.rpm 0681dd5bd8be3c6eaef7d26bbfd338aa 10.0/RPMS/kdegraphics-kview-3.2-15.2.100mdk.i586.rpm cc6e2ea22232cd78ac6563e636ba2b22 10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.2.100mdk.i586.rpm cb5026e54d040308243b9644dff42bae 10.0/RPMS/libkdegraphics0-common-3.2-15.2.100mdk.i586.rpm 6bec482da4b14188d860853db62228b5 10.0/RPMS/libkdegraphics0-common-devel-3.2-15.2.100mdk.i586.rpm 73cc1c8d2165273320375df5dc29e7c2 10.0/RPMS/libkdegraphics0-kooka-3.2-15.2.100mdk.i586.rpm c64f9cd73ab00e9e52338e03b29cb2f4 10.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.2.100mdk.i586.rpm 425f38c7c3cc3fab66ff43d4f554c7d2 10.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.2.100mdk.i586.rpm c33cf1d0feb1d82cc196e677a5efc758 10.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.2.100mdk.i586.rpm a8c9c5d367d4f85cd4f9fcc61a8a0d2d 10.0/RPMS/libkdegraphics0-ksvg-3.2-15.2.100mdk.i586.rpm 974b2c6f93cdc7dfd06ea67ff9f02164 10.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.2.100mdk.i586.rpm c5977ef7a743dfd00240bbc3043d8e56 10.0/RPMS/libkdegraphics0-kuickshow-3.2-15.2.100mdk.i586.rpm e820d02b9fb85f24ac1a6fda9de70661 10.0/RPMS/libkdegraphics0-kview-3.2-15.2.100mdk.i586.rpm fb591c6cfe29caf42f8ae5a224138f3a 10.0/RPMS/libkdegraphics0-kview-devel-3.2-15.2.100mdk.i586.rpm f430452370cab160119df86eb2b2b63e 10.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.2.100mdk.i586.rpm 3f22b2bdc5c9e388f8d2e264722b7d2a 10.0/SRPMS/kdegraphics-3.2-15.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: ee02e1458dcf080047edabfdd7047e3c amd64/10.0/RPMS/kdegraphics-3.2-15.2.100mdk.amd64.rpm 65c92d7d9c5288662bdba996bf3f6d2f amd64/10.0/RPMS/kdegraphics-common-3.2-15.2.100mdk.amd64.rpm 64d471c8e414f14fa16d74f251fc3584 amd64/10.0/RPMS/kdegraphics-kdvi-3.2-15.2.100mdk.amd64.rpm b5749f135d53171d3eb100f0052198c4 amd64/10.0/RPMS/kdegraphics-kfax-3.2-15.2.100mdk.amd64.rpm 9b392ea47cf0f9aa4c2a7eb04289e0fe amd64/10.0/RPMS/kdegraphics-kghostview-3.2-15.2.100mdk.amd64.rpm 31eed9dd801faa37e97ec9e5a9e71992 amd64/10.0/RPMS/kdegraphics-kiconedit-3.2-15.2.100mdk.amd64.rpm 11653b00fe1fea148bb07bb1675fc01d amd64/10.0/RPMS/kdegraphics-kooka-3.2-15.2.100mdk.amd64.rpm 870d1f006b04602c41a816355c9769eb amd64/10.0/RPMS/kdegraphics-kpaint-3.2-15.2.100mdk.amd64.rpm 99b640d366d4f629ee18cd55df4ba37f amd64/10.0/RPMS/kdegraphics-kpdf-3.2-15.2.100mdk.amd64.rpm 87b282af64223971d10f003c8c717714 amd64/10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.2.100mdk.amd64.rpm d6e2df5e9cbe67781712cc3220db4d14 amd64/10.0/RPMS/kdegraphics-kruler-3.2-15.2.100mdk.amd64.rpm f68a79ffd407b44a75b3d8c83448d8c3 amd64/10.0/RPMS/kdegraphics-ksnapshot-3.2-15.2.100mdk.amd64.rpm ab67b16558cbd39eb2f6ce960f55aac8 amd64/10.0/RPMS/kdegraphics-ksvg-3.2-15.2.100mdk.amd64.rpm df749af5048d222370e41c91aff26353 amd64/10.0/RPMS/kdegraphics-kuickshow-3.2-15.2.100mdk.amd64.rpm a63255ee573e2f414c8bdc8a6ea7dbc4 amd64/10.0/RPMS/kdegraphics-kview-3.2-15.2.100mdk.amd64.rpm e025d51bea713a40a0d227094bb7392f amd64/10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.2.100mdk.amd64.rpm 8d49246916b1f89ddf1af50f804c7ee9 amd64/10.0/RPMS/lib64kdegraphics0-common-3.2-15.2.100mdk.amd64.rpm f3ff0d16d3c9a9af87cb5c67c8888e01 amd64/10.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.2.100mdk.amd64.rpm f240739fdae68158779b796773e9c503 amd64/10.0/RPMS/lib64kdegraphics0-kooka-3.2-15.2.100mdk.amd64.rpm fa4378e2fa62fdc3ccb14c8c8e24f267 amd64/10.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.2.100mdk.amd64.rpm 9c6b2a5890ca2b0c16b1821b31bf612f amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.2.100mdk.amd64.rpm 7b6306d97f7e36baa7099e02682f3730 amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.2.100mdk.amd64.rpm 2e762585ccef621055d509fa353e1e7d amd64/10.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.2.100mdk.amd64.rpm 4fec49765fbc8f6d88dd6c1960f2a2aa amd64/10.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.2.100mdk.amd64.rpm bea91129fe97457e6585b3e83c28319f amd64/10.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.2.100mdk.amd64.rpm 0ccafa6f2645f8a1a1df72432150d49a amd64/10.0/RPMS/lib64kdegraphics0-kview-3.2-15.2.100mdk.amd64.rpm b9ae2f1ec754c18dac81ed546a47b2f7 amd64/10.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.2.100mdk.amd64.rpm b97aacf4697f053d74003e058783dc88 amd64/10.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.2.100mdk.amd64.rpm 3f22b2bdc5c9e388f8d2e264722b7d2a amd64/10.0/SRPMS/kdegraphics-3.2-15.2.100mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBeHermqjQ0CJFipgRAibgAKDMppRzbVvPKcAOEbOlCz6fhmZumgCfWmaS CLJ4+/cDxfVnKg5QPIZ29l8= =M9bh -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html