_______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:031 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdegraphics Date : February 2, 2006 Affected: 2006.0 _______________________________________________________________________ Problem Description: Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 05cc9d9192609e6947a23751b6fb21b1 2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.i586.rpm 708cbdb3e41c7108db265490e5779cd3 2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.i586.rpm 6c96fdbb9db6927eba1c1fe6f4f5cf12 2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.i586.rpm d04355d153efa6c3274c106ffdb23776 2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.i586.rpm 377ab151f92b3ef1d02dd280010491b2 2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.i586.rpm db0ba637603ff299b83b789db9acf98f 2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.i586.rpm 314122999fcee0d62e79db850fe0876c 2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.i586.rpm bad7784d58903a1d7d76aa9b3ae56345 2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.i586.rpm e530e96917b2296cfb289f5123a042ac 2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.i586.rpm 3adf08e61864ebf9b1da4916bf4aa5b3 2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.i586.rpm 92a9d22e62ca1dc95b16ba5b192881f6 2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm 6dfe5233ca18b1c1780505c203e0bb7e 2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.i586.rpm 926a91082443f7cf04adcf3126be09ab 2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.i586.rpm e502164d57e4e28cdf5f6bf7ddfd3fea 2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.i586.rpm f6274a326d1234b5cdbbe6ea6ee5074e 2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.i586.rpm b627c6d89626522c7ac0b1db1aff60d5 2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.i586.rpm 51f6043b09660216cf3b58183ae4c0e9 2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm c729f766472b88783c1e7ed01c278102 2006.0/RPMS/libkdegraphics0-common-3.4.2-11.5.20060mdk.i586.rpm 31cb7fb149f7b5c9ef8d72864daa8862 2006.0/RPMS/libkdegraphics0-common-devel-3.4.2-11.5.20060mdk.i586.rpm 386c0569e197451fea5a4e397dfacec4 2006.0/RPMS/libkdegraphics0-kghostview-3.4.2-11.5.20060mdk.i586.rpm 3c4d500b7bcd7d100e50f1076feca5c6 2006.0/RPMS/libkdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.i586.rpm 6d4bea12f029996bfcfded04875479c3 2006.0/RPMS/libkdegraphics0-kooka-3.4.2-11.5.20060mdk.i586.rpm 04eb92287e1d099f8aac20796b55a22b 2006.0/RPMS/libkdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.i586.rpm 838aacb3a057a7f5a6d7d8cc11458761 2006.0/RPMS/libkdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm acf180efd104a8296558223d6eb8d863 2006.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.i586.rpm 7b05741f85f1e3136435e8beb0507019 2006.0/RPMS/libkdegraphics0-ksvg-3.4.2-11.5.20060mdk.i586.rpm 6b9fed5002103f7a5b5a7018f0334cee 2006.0/RPMS/libkdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.i586.rpm c0c2f0e7110b22b38bb5c3b84c860f09 2006.0/RPMS/libkdegraphics0-kuickshow-3.4.2-11.5.20060mdk.i586.rpm d90c7ff03a87f7c8df35f9005671d16b 2006.0/RPMS/libkdegraphics0-kview-3.4.2-11.5.20060mdk.i586.rpm 7f09c2c76e06d81090c4a646fa602b4a 2006.0/RPMS/libkdegraphics0-kview-devel-3.4.2-11.5.20060mdk.i586.rpm 24762cf35a4cb099b04da82ed33d746f 2006.0/RPMS/libkdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm 1a2d59d9479691a3ccc608e37fa26e04 2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c369e1bd017e812362140e73ad38cf62 x86_64/2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.x86_64.rpm 0716ba07a943676453db8eb61dd392f4 x86_64/2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.x86_64.rpm 160a394b89558f0b09585748c868472b x86_64/2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.x86_64.rpm 736c45f562adfcc7136e33e945b29be5 x86_64/2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.x86_64.rpm a5bc85d02768c18ddeb0c147c4677d15 x86_64/2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm 2b90ae6915d37dc13362ef33b0915cb1 x86_64/2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.x86_64.rpm 165c3a2e8b33be77152296874655444e x86_64/2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.x86_64.rpm fd5aaa8b3888807d0ec5a7dd192e671c x86_64/2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.x86_64.rpm e9b0276671716cd811cdacb18b492830 x86_64/2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.x86_64.rpm 0d73da118e80bec6d3d1791bb34a9bc6 x86_64/2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.x86_64.rpm a2e8103a0fd161932b99ca8f7eb517f4 x86_64/2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm 7378fab60dc020eedb221cb4d25ed995 x86_64/2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.x86_64.rpm db7c0db8972d74c6353f1084c2dc4d9e x86_64/2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.x86_64.rpm 3e1746013811890a9a0343f4e8e677f6 x86_64/2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm 642d97e4d5a1d580374126599a9c181e x86_64/2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm 1d994fa4335d071200eba9f8122166bb x86_64/2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.x86_64.rpm 71663aeaa0e4eaa2d7d9dc0252e8de6a x86_64/2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm 2f4c23ad97a4c6c4153f0b3ca70074ae x86_64/2006.0/RPMS/lib64kdegraphics0-common-3.4.2-11.5.20060mdk.x86_64.rpm 30be8ac0103fccab32ed6b50c6ff134e x86_64/2006.0/RPMS/lib64kdegraphics0-common-devel-3.4.2-11.5.20060mdk.x86_64.rpm 06084720cd58adc260ae65fb2c23440c x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm 817dfe2a4ab8d3abcb593e9532b884c8 x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.x86_64.rpm 788e0915c0069225f2b023da2977bc79 x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-3.4.2-11.5.20060mdk.x86_64.rpm 0b95a7b54b2356b9123eddf6acec89e7 x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.x86_64.rpm 219da1cd37be7e8264f8a56b286e01d3 x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm d7d1e8e2154d17caf6a9073969da8368 x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.x86_64.rpm 82438b1c5d006f1fc2aa16fe2d1a61a9 x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm 74214cc1a30a890dd293b9b7ce719528 x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.x86_64.rpm bb9f9ae2fb0975bfd1269e02cd3d4ce8 x86_64/2006.0/RPMS/lib64kdegraphics0-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm 4512e36dfa5f7bb9172a9b2fcf3e4618 x86_64/2006.0/RPMS/lib64kdegraphics0-kview-3.4.2-11.5.20060mdk.x86_64.rpm 40d4fb84716f36eb4e1c8b4d67d4c6b1 x86_64/2006.0/RPMS/lib64kdegraphics0-kview-devel-3.4.2-11.5.20060mdk.x86_64.rpm 3ab99c3335f68457bb0896abfc407892 x86_64/2006.0/RPMS/lib64kdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm 1a2d59d9479691a3ccc608e37fa26e04 x86_64/2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD4kysmqjQ0CJFipgRAldwAJ9IobL7u0BVhftYu8MlhhTFtkndxwCfYwUG jSS53IzJNnwolOx3YygtQMs= =m98j -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/