From security@mandriva.com Wed Aug 17 23:59:57 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Wed, 17 Aug 2005 21:55:16 -0600 Subject: [Full-disclosure] MDKSA-2005:143 - Updated kdegraphics packages fix kfax vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: kdegraphics Advisory ID: MDKSA-2005:143 Date: August 17th, 2005 Affected versions: 10.1, Corporate 3.0 ______________________________________________________________________ Problem Description: Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the "YCbCr subsampling" value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash. Kdegraphics < 3.3 uses an embedded libtiff source tree for kfax, and as such has the same vulnerability. The updated packages are patched to protect against this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: 0850bfa59d9b425a426dbbfa7c10aea9 10.1/RPMS/kdegraphics-3.2.3-17.7.101mdk.i586.rpm 82e3aa0f7be63a61c5348b4fe9de4974 10.1/RPMS/kdegraphics-common-3.2.3-17.7.101mdk.i586.rpm ded0d09d3df21b41962e0345a90123c6 10.1/RPMS/kdegraphics-kdvi-3.2.3-17.7.101mdk.i586.rpm f6220dcfa73e1b4e90d4e8515a6f9d6b 10.1/RPMS/kdegraphics-kfax-3.2.3-17.7.101mdk.i586.rpm f994ba55e98a1b9d674a68a92b459af4 10.1/RPMS/kdegraphics-kghostview-3.2.3-17.7.101mdk.i586.rpm 235ad8b039ac3a9a6d592e719e84df96 10.1/RPMS/kdegraphics-kiconedit-3.2.3-17.7.101mdk.i586.rpm ec254712e8752f47305ccbd51a6bf395 10.1/RPMS/kdegraphics-kooka-3.2.3-17.7.101mdk.i586.rpm 7061f9804f43a5c40ff6fee08f33bab6 10.1/RPMS/kdegraphics-kpaint-3.2.3-17.7.101mdk.i586.rpm de9ab6f1dd0606e29e54673819423996 10.1/RPMS/kdegraphics-kpdf-3.2.3-17.7.101mdk.i586.rpm 52fd4c3a9a5d0e388672f8eff75db2e0 10.1/RPMS/kdegraphics-kpovmodeler-3.2.3-17.7.101mdk.i586.rpm 76dd522b0af559c1c7523ddbb1620675 10.1/RPMS/kdegraphics-kruler-3.2.3-17.7.101mdk.i586.rpm 1a8685e1b62a6fe144ad9758fe6368bc 10.1/RPMS/kdegraphics-ksnapshot-3.2.3-17.7.101mdk.i586.rpm 5d97c623ff9ae968212e092c333bf54b 10.1/RPMS/kdegraphics-ksvg-3.2.3-17.7.101mdk.i586.rpm de2644bbbbec4555aaf4eacf074327e4 10.1/RPMS/kdegraphics-kuickshow-3.2.3-17.7.101mdk.i586.rpm ae96efd29a5678212601733d956e16f4 10.1/RPMS/kdegraphics-kview-3.2.3-17.7.101mdk.i586.rpm 59cc7110bcefb6958f172f42e446865f 10.1/RPMS/kdegraphics-mrmlsearch-3.2.3-17.7.101mdk.i586.rpm 5a418834ff6fbb4f931d17de36414b67 10.1/RPMS/libkdegraphics0-common-3.2.3-17.7.101mdk.i586.rpm c01f67d93db43c5afdddb257e6ce4821 10.1/RPMS/libkdegraphics0-common-devel-3.2.3-17.7.101mdk.i586.rpm d66f05c391671c93ec76d90db2a93603 10.1/RPMS/libkdegraphics0-kghostview-3.2.3-17.7.101mdk.i586.rpm 33b87413d96b0fbc422b475e3228fefb 10.1/RPMS/libkdegraphics0-kghostview-devel-3.2.3-17.7.101mdk.i586.rpm ad5396358769c63743f172c5a0239bee 10.1/RPMS/libkdegraphics0-kooka-3.2.3-17.7.101mdk.i586.rpm 4fb4d7d4da80d219b85d480b45bc19c1 10.1/RPMS/libkdegraphics0-kooka-devel-3.2.3-17.7.101mdk.i586.rpm 09a96310e8facb018fec10a100d9ae6c 10.1/RPMS/libkdegraphics0-kpovmodeler-3.2.3-17.7.101mdk.i586.rpm 22eae16ec3a4e12aa851896e7e8e1cc1 10.1/RPMS/libkdegraphics0-kpovmodeler-devel-3.2.3-17.7.101mdk.i586.rpm 04fc3af9ba6408d1d8d8f5b0764f4ac9 10.1/RPMS/libkdegraphics0-ksvg-3.2.3-17.7.101mdk.i586.rpm 4692c9605404fb145263bc102d64a06d 10.1/RPMS/libkdegraphics0-ksvg-devel-3.2.3-17.7.101mdk.i586.rpm 4108c77923931946d307a7131dd2508a 10.1/RPMS/libkdegraphics0-kuickshow-3.2.3-17.7.101mdk.i586.rpm 99fdb4a5f62fb3040c151742f279d7c1 10.1/RPMS/libkdegraphics0-kview-3.2.3-17.7.101mdk.i586.rpm c094b92f775e50f2f7b28a97b57bc5c9 10.1/RPMS/libkdegraphics0-kview-devel-3.2.3-17.7.101mdk.i586.rpm 3a198ce8fa7ac425434e6f77af326651 10.1/RPMS/libkdegraphics0-mrmlsearch-3.2.3-17.7.101mdk.i586.rpm 0d46d0c06d8d7a4da2c314c221f93af8 10.1/SRPMS/kdegraphics-3.2.3-17.7.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 84574d9f8c7e9eebe97527cf34977bb0 x86_64/10.1/RPMS/kdegraphics-3.2.3-17.7.101mdk.x86_64.rpm 94a1a9754e31c6b049f6b02cde039829 x86_64/10.1/RPMS/kdegraphics-common-3.2.3-17.7.101mdk.x86_64.rpm 9260ea1b515833a64bd9bfb65860de6a x86_64/10.1/RPMS/kdegraphics-kdvi-3.2.3-17.7.101mdk.x86_64.rpm 91b3b2ea85d8d44a03cb6db209754ab7 x86_64/10.1/RPMS/kdegraphics-kfax-3.2.3-17.7.101mdk.x86_64.rpm b3be4aabf6740cc50aad3718fb18174c x86_64/10.1/RPMS/kdegraphics-kghostview-3.2.3-17.7.101mdk.x86_64.rpm dfa9cbe05ea54befcb1f3728f9fc09f6 x86_64/10.1/RPMS/kdegraphics-kiconedit-3.2.3-17.7.101mdk.x86_64.rpm d154c85c3bc548c99743747907ae4e9e x86_64/10.1/RPMS/kdegraphics-kooka-3.2.3-17.7.101mdk.x86_64.rpm a2f5e201da86e32196d316d1ba81ec89 x86_64/10.1/RPMS/kdegraphics-kpaint-3.2.3-17.7.101mdk.x86_64.rpm e96e85bef409684900ee61b2a60fa614 x86_64/10.1/RPMS/kdegraphics-kpdf-3.2.3-17.7.101mdk.x86_64.rpm 8c94ab2aaf6fd5edda8a5d9c0353c707 x86_64/10.1/RPMS/kdegraphics-kpovmodeler-3.2.3-17.7.101mdk.x86_64.rpm ae68b58ea2359e626c578aebd33e63df x86_64/10.1/RPMS/kdegraphics-kruler-3.2.3-17.7.101mdk.x86_64.rpm 1a19e163584345a0fee7db21271ed56d x86_64/10.1/RPMS/kdegraphics-ksnapshot-3.2.3-17.7.101mdk.x86_64.rpm b3c614b3cf8d2e28fcbc4437ac7eedb0 x86_64/10.1/RPMS/kdegraphics-ksvg-3.2.3-17.7.101mdk.x86_64.rpm 6c3b1f8a5575e1db8d2f1bf6167d2e76 x86_64/10.1/RPMS/kdegraphics-kuickshow-3.2.3-17.7.101mdk.x86_64.rpm a98c4171cdc3857f545b454206fea60f x86_64/10.1/RPMS/kdegraphics-kview-3.2.3-17.7.101mdk.x86_64.rpm 9ddfb247c1ac9b571e042607af438d2e x86_64/10.1/RPMS/kdegraphics-mrmlsearch-3.2.3-17.7.101mdk.x86_64.rpm 2daf7814f31ea861af1adf6d6958f619 x86_64/10.1/RPMS/lib64kdegraphics0-common-3.2.3-17.7.101mdk.x86_64.rpm 1aa254cb176543f2386e7987b5854b86 x86_64/10.1/RPMS/lib64kdegraphics0-common-devel-3.2.3-17.7.101mdk.x86_64.rpm 24995ac257c8e1e7d34288a1503af153 x86_64/10.1/RPMS/lib64kdegraphics0-kghostview-3.2.3-17.7.101mdk.x86_64.rpm 3a11f2fc88a7bb271e787c12e11ed85b x86_64/10.1/RPMS/lib64kdegraphics0-kghostview-devel-3.2.3-17.7.101mdk.x86_64.rpm ced64b650693e51ab53dbbbbbdd837de x86_64/10.1/RPMS/lib64kdegraphics0-kooka-3.2.3-17.7.101mdk.x86_64.rpm 10785e95b782da9da52262506526dbd0 x86_64/10.1/RPMS/lib64kdegraphics0-kooka-devel-3.2.3-17.7.101mdk.x86_64.rpm 1a8a8339cc85cef90c54e0c467eff94c x86_64/10.1/RPMS/lib64kdegraphics0-kpovmodeler-3.2.3-17.7.101mdk.x86_64.rpm 498116650efb396f2f38dc8c1c3b677c x86_64/10.1/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2.3-17.7.101mdk.x86_64.rpm 0f80fd46eea48815eab39170a0f2583d x86_64/10.1/RPMS/lib64kdegraphics0-ksvg-3.2.3-17.7.101mdk.x86_64.rpm 04dff57a88777fb2f0258611989889b0 x86_64/10.1/RPMS/lib64kdegraphics0-ksvg-devel-3.2.3-17.7.101mdk.x86_64.rpm e18c8a96af23b872e53e613fc09559d9 x86_64/10.1/RPMS/lib64kdegraphics0-kuickshow-3.2.3-17.7.101mdk.x86_64.rpm d4811a449e5db4cc23b720076d02be31 x86_64/10.1/RPMS/lib64kdegraphics0-kview-3.2.3-17.7.101mdk.x86_64.rpm 0432fec2093827d74334b64c004a7dc0 x86_64/10.1/RPMS/lib64kdegraphics0-kview-devel-3.2.3-17.7.101mdk.x86_64.rpm cf427e9c6f75bc83e2366f2ddf7c10b8 x86_64/10.1/RPMS/lib64kdegraphics0-mrmlsearch-3.2.3-17.7.101mdk.x86_64.rpm 5a418834ff6fbb4f931d17de36414b67 x86_64/10.1/RPMS/libkdegraphics0-common-3.2.3-17.7.101mdk.i586.rpm d66f05c391671c93ec76d90db2a93603 x86_64/10.1/RPMS/libkdegraphics0-kghostview-3.2.3-17.7.101mdk.i586.rpm ad5396358769c63743f172c5a0239bee x86_64/10.1/RPMS/libkdegraphics0-kooka-3.2.3-17.7.101mdk.i586.rpm 09a96310e8facb018fec10a100d9ae6c x86_64/10.1/RPMS/libkdegraphics0-kpovmodeler-3.2.3-17.7.101mdk.i586.rpm 04fc3af9ba6408d1d8d8f5b0764f4ac9 x86_64/10.1/RPMS/libkdegraphics0-ksvg-3.2.3-17.7.101mdk.i586.rpm 4108c77923931946d307a7131dd2508a x86_64/10.1/RPMS/libkdegraphics0-kuickshow-3.2.3-17.7.101mdk.i586.rpm 99fdb4a5f62fb3040c151742f279d7c1 x86_64/10.1/RPMS/libkdegraphics0-kview-3.2.3-17.7.101mdk.i586.rpm 3a198ce8fa7ac425434e6f77af326651 x86_64/10.1/RPMS/libkdegraphics0-mrmlsearch-3.2.3-17.7.101mdk.i586.rpm 0d46d0c06d8d7a4da2c314c221f93af8 x86_64/10.1/SRPMS/kdegraphics-3.2.3-17.7.101mdk.src.rpm Corporate 3.0: 8fb89b5d573b2f0e18960c2c57d88049 corporate/3.0/RPMS/kdegraphics-3.2-15.8.C30mdk.i586.rpm 74ade0ef32148e47c97e437fdbe31c55 corporate/3.0/RPMS/kdegraphics-common-3.2-15.8.C30mdk.i586.rpm f7a1c996410e6f8240fce3df69662ee7 corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.8.C30mdk.i586.rpm 498fcc2706f13a37151d26d795cb8af5 corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.8.C30mdk.i586.rpm 968f93bacc172e8bf750e61f55ad6c2d corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.8.C30mdk.i586.rpm ebc0351557377d13d6e6d6e04b727d35 corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.8.C30mdk.i586.rpm f78738e6cbe3a828ed8ba99af929afbb corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.8.C30mdk.i586.rpm 515a6a3bc02d351e072a3c1661236970 corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.8.C30mdk.i586.rpm a8f6098bc65955510f05d52aea3016b3 corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.8.C30mdk.i586.rpm c2eb7c48b3a38357a3f3d37986717f09 corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.8.C30mdk.i586.rpm 0806d05001e5fc2dddbd7bb8a5f8c67b corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.8.C30mdk.i586.rpm 3120cf1cad9f5e2b9e96d27ce9b93b57 corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.8.C30mdk.i586.rpm ca5c6a6a167fff2ba75e545379198b25 corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.8.C30mdk.i586.rpm 0b4972ab74f2b0c95cd8a5bd2b489552 corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.8.C30mdk.i586.rpm 542cb3c43077d50445f4c40bd2de560e corporate/3.0/RPMS/kdegraphics-kview-3.2-15.8.C30mdk.i586.rpm aa9cf4d1aada39adc8b78a3f2ccbf666 corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.8.C30mdk.i586.rpm 6d469c11e303ecd30c245a93635acd54 corporate/3.0/RPMS/libkdegraphics0-common-3.2-15.8.C30mdk.i586.rpm 7956586a648f4c7fd84d211e04e03cba corporate/3.0/RPMS/libkdegraphics0-common-devel-3.2-15.8.C30mdk.i586.rpm 3acb74778ef80840f40d4ccca953bd71 corporate/3.0/RPMS/libkdegraphics0-kooka-3.2-15.8.C30mdk.i586.rpm 8878ff3d6852fd7305062c687de8ba5d corporate/3.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.8.C30mdk.i586.rpm 31580d68bf2c35d02b77317bb3343122 corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.8.C30mdk.i586.rpm 8f258b355815e2e81e2f23021c3f97b0 corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.8.C30mdk.i586.rpm 441dd9fd4991501bb5f576affdcef69a corporate/3.0/RPMS/libkdegraphics0-ksvg-3.2-15.8.C30mdk.i586.rpm 6539132604ac8215b8fa39e1610b61a2 corporate/3.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.8.C30mdk.i586.rpm e6886553c073befbfb1fdfbfa25bc63e corporate/3.0/RPMS/libkdegraphics0-kuickshow-3.2-15.8.C30mdk.i586.rpm d9155b7767bf9be9a58210759496823c corporate/3.0/RPMS/libkdegraphics0-kview-3.2-15.8.C30mdk.i586.rpm a312b9c911fc787699fc39af5a40c79a corporate/3.0/RPMS/libkdegraphics0-kview-devel-3.2-15.8.C30mdk.i586.rpm c2f40fe2b48b35fed2dbc4c7d19882b9 corporate/3.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.8.C30mdk.i586.rpm c94be1d83e8c46ae7c15891aa4205848 corporate/3.0/SRPMS/kdegraphics-3.2-15.8.C30mdk.src.rpm Corporate 3.0/X86_64: b024b0c6a79b417692112bf348cd95fc x86_64/corporate/3.0/RPMS/kdegraphics-3.2-15.8.C30mdk.x86_64.rpm e6276cf1aa395686bd7b91249011aa38 x86_64/corporate/3.0/RPMS/kdegraphics-common-3.2-15.8.C30mdk.x86_64.rpm 81a8878ced363c5b99d083a6514e6e96 x86_64/corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.8.C30mdk.x86_64.rpm 0b1d51fcb1e04376bdc098c4e2f171d7 x86_64/corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.8.C30mdk.x86_64.rpm 4744070e1a0396e7179ccf53fe2d85c2 x86_64/corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.8.C30mdk.x86_64.rpm 774d87525915ceebeab373db882d2366 x86_64/corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.8.C30mdk.x86_64.rpm ccead5ed0b52b61c7e0345d1ce73a915 x86_64/corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.8.C30mdk.x86_64.rpm ce557d2ec486433984f573ed5b80de33 x86_64/corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.8.C30mdk.x86_64.rpm a6ffb9c6ab2d9c0b5f0f19457791b4ba x86_64/corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.8.C30mdk.x86_64.rpm bec4700cc12ae61ff2cb7314ae5a0ddb x86_64/corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.8.C30mdk.x86_64.rpm fec0575377007aa825ac15e13e576b99 x86_64/corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.8.C30mdk.x86_64.rpm 530a5ac17809959f2445478ea7adab50 x86_64/corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.8.C30mdk.x86_64.rpm ea55b0e94fbcf6c53a56f4b83ff97eb6 x86_64/corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.8.C30mdk.x86_64.rpm 12b743469cdf6cd8350fa58a7c3a36c3 x86_64/corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.8.C30mdk.x86_64.rpm 224f5a552036aa61542990c69710bb6a x86_64/corporate/3.0/RPMS/kdegraphics-kview-3.2-15.8.C30mdk.x86_64.rpm b1be434f8e14b274507b1ae4044099c8 x86_64/corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.8.C30mdk.x86_64.rpm acfd72cf7010e702def1ed4a178b8d2c x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-3.2-15.8.C30mdk.x86_64.rpm dc64e7bb63705ba72cd4f483c404561b x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.8.C30mdk.x86_64.rpm 2a4bb857f31aa164f4c8d8f258187aa7 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-3.2-15.8.C30mdk.x86_64.rpm 9156bfefed30fd5253b4c499242aa7a0 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.8.C30mdk.x86_64.rpm 36a5e60f7c4677f47aff7701850ea0d7 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.8.C30mdk.x86_64.rpm 03f94e3422b4c384b047dbf560e1d05d x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.8.C30mdk.x86_64.rpm 07bf10276d704a430713b651df3b2169 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.8.C30mdk.x86_64.rpm 65d07b28c3bb6de94a87958683f083b0 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.8.C30mdk.x86_64.rpm ae2bed52c58fb043d19bb336e18d0dad x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.8.C30mdk.x86_64.rpm d54929663a71f898299f2784af91face x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-3.2-15.8.C30mdk.x86_64.rpm 6cb1d6616411007e5368b3193f6481bf x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.8.C30mdk.x86_64.rpm 68df49480edbbe07a1068eb686e1ab4c x86_64/corporate/3.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.8.C30mdk.x86_64.rpm c94be1d83e8c46ae7c15891aa4205848 x86_64/corporate/3.0/SRPMS/kdegraphics-3.2-15.8.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDBAakmqjQ0CJFipgRAhavAKCaTdeoeoW8kPv9IeIDM0RohcKkqgCfYPqf ru2zgRvhBrXOeNpFP8ppG9M= =kLMi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/