Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > August 2005 > Mandriva - Four Security Update Advisories

August 2005

Mandriva - Four Security Update Advisories

ID: 00705
Ref: 652/05
Date: 19 August 2005:16:30:59
Version: 1
Title: Mandriva - Four Security Update Advisories
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

Title
=====

Mandriva - Four Security Update Advisories:
1. Updated evolution packages fixes format string vulnerabilities [MDKSA-2005:141]
2. Updated libtiff packages fixes vulnerability [MDKSA-2005:142]
3. Updated kdegraphics packages fix kfax vulnerability [MDKSA-2005:143]
4. Updated wxPythonGTK packages several vulnerabilities [MDKSA-2005:144]


Detail
======

Security update advisory summaries:

1. Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1
allow remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via (1) full vCard data, (2) contact data from
remote LDAP servers, or (3) task list data from remote servers. (CAN-2005-2549)

2. Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the "YCbCr subsampling" value in TIFF image headers. Decoding
a malicious image with a zero value resulted in an arithmetic exception,
which can cause a program that uses the TIFF library to crash.

3. Kdegraphics < 3.3 uses an embedded libtiff source tree for kfax, and
as such has the same vulnerability as the above.

4. wxPythonGTK uses an embedded libtiff source tree, and as such has the
same vulnerability as the above.


Security update advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: evolution
Advisory ID: MDKSA-2005:141
Date: August 17th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1
allow remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via (1) full vCard data, (2) contact data from
remote LDAP servers, or (3) task list data from remote servers.
(CAN-2005-2549)

A format string vulnerability in Evolution 1.4 through 2.3.6.1 allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the calendar entries such as task lists,
which are not properly handled when the user selects the Calendars tab.
(CAN-2005-2550)
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
c86139b16f34105eb0fb2bfb3ecc4bdf 10.1/RPMS/evolution-2.0.3-1.4.101mdk.i586.rpm
3f7164577e567be0f7ee93ed12d3de13 10.1/RPMS/evolution-devel-2.0.3-1.4.101mdk.i586.rpm
7005876e3443b028a65258b25b1eeadf 10.1/RPMS/evolution-pilot-2.0.3-1.4.101mdk.i586.rpm
29601b950c1fb806f48275da174a0721 10.1/SRPMS/evolution-2.0.3-1.4.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
7fbb271d2c863d2ae1623c434157bed2 x86_64/10.1/RPMS/evolution-2.0.3-1.4.101mdk.x86_64.rpm
99d8f4c56967e45c2d5e6a8ed11c5f0c x86_64/10.1/RPMS/evolution-devel-2.0.3-1.4.101mdk.x86_64.rpm
52bfc378433fe224a0aa8ac4784a5ab1 x86_64/10.1/RPMS/evolution-pilot-2.0.3-1.4.101mdk.x86_64.rpm
29601b950c1fb806f48275da174a0721 x86_64/10.1/SRPMS/evolution-2.0.3-1.4.101mdk.src.rpm

Mandrakelinux 10.2:
5a37a9c724ff1d5eae934f6f45aaf607 10.2/RPMS/evolution-2.0.4-3.1.102mdk.i586.rpm
a6822e000c563fb6c025b3aa5cf24a76 10.2/RPMS/evolution-devel-2.0.4-3.1.102mdk.i586.rpm
9476496c8d82bb59be375b93315fd1be 10.2/RPMS/evolution-pilot-2.0.4-3.1.102mdk.i586.rpm
b306dba4c9525c4be261903f5bca83e0 10.2/SRPMS/evolution-2.0.4-3.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
a6072f366802d6e983312850d3048579 x86_64/10.2/RPMS/evolution-2.0.4-3.1.102mdk.x86_64.rpm
90fb55af1fc3a40cac030a63156b2a31 x86_64/10.2/RPMS/evolution-devel-2.0.4-3.1.102mdk.x86_64.rpm
a07bade72ae8bc6c82d46680937f0bf5 x86_64/10.2/RPMS/evolution-pilot-2.0.4-3.1.102mdk.x86_64.rpm
b306dba4c9525c4be261903f5bca83e0 x86_64/10.2/SRPMS/evolution-2.0.4-3.1.102mdk.src.rpm

Corporate 3.0:
b4fe8df7fe51f54129606ed4e81a2a33 corporate/3.0/RPMS/evolution-1.4.6-5.2.C30mdk.i586.rpm
b1596ec712f2f3bde7b0e7c4a9e1409f corporate/3.0/RPMS/evolution-devel-1.4.6-5.2.C30mdk.i586.rpm
60068cc6987dccb19f6586cbd5e74949 corporate/3.0/RPMS/evolution-pilot-1.4.6-5.2.C30mdk.i586.rpm
736e517b243c4a3b9d57970b7e6a2e71 corporate/3.0/SRPMS/evolution-1.4.6-5.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
cd590782c6bba4a33fb55ed231ec940b x86_64/corporate/3.0/RPMS/evolution-1.4.6-5.2.C30mdk.x86_64.rpm
197aca690c2e893732ed72d6298a46b0 x86_64/corporate/3.0/RPMS/evolution-devel-1.4.6-5.2.C30mdk.x86_64.rpm
4c734a5c04be55664fb086fa6a56a5d2 x86_64/corporate/3.0/RPMS/evolution-pilot-1.4.6-5.2.C30mdk.x86_64.rpm
736e517b243c4a3b9d57970b7e6a2e71 x86_64/corporate/3.0/SRPMS/evolution-1.4.6-5.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDBAXZmqjQ0CJFipgRAobfAJ0cdWHj65EXJ5LacGvHgVfZyPRKOwCeNrsr
i92EJnRTyl8UmcKSntPrgqU=
=eD6K
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: libtiff
Advisory ID: MDKSA-2005:142
Date: August 17th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________

Problem Description:

Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the "YCbCr subsampling" value in TIFF image headers. Decoding
a malicious image with a zero value resulted in an arithmetic exception,
which can cause a program that uses the TIFF library to crash.

The updated packages are patched to protect against this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
cc0fa1b1b5fd12c4083cc9eb98a5458f 10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.i586.rpm
8fb0219e7d642d2fdc241d8927421d48 10.0/RPMS/libtiff3-3.5.7-11.7.100mdk.i586.rpm
cbfd4d23c8ac8562c92e55a035d80a67 10.0/RPMS/libtiff3-devel-3.5.7-11.7.100mdk.i586.rpm
e74038d540e7d00a1b050f7b26cd56a9 10.0/RPMS/libtiff3-static-devel-3.5.7-11.7.100mdk.i586.rpm
f7d3fce17d5e63a28f9438a29e640aa4 10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
a3b989bdce7af31d4886466ff1441526 amd64/10.0/RPMS/lib64tiff3-3.5.7-11.7.100mdk.amd64.rpm
97d58685556a85cb2ab884f7ebadb536 amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.7.100mdk.amd64.rpm
8b8ddac45016f59118a7779ff6d027c6 amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.100mdk.amd64.rpm
30c99b6bb385cd3dfc98d50c8a3c9196 amd64/10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.amd64.rpm
f7d3fce17d5e63a28f9438a29e640aa4 amd64/10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm

Mandrakelinux 10.1:
c76c200a605c1f0584782fb49518e29d 10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.i586.rpm
773afaac9d2ed45b124216a7b8059f55 10.1/RPMS/libtiff3-3.6.1-4.4.101mdk.i586.rpm
bcc744f04a6a8b772fa3c63ad5e5bda3 10.1/RPMS/libtiff3-devel-3.6.1-4.4.101mdk.i586.rpm
c2f0a831fc371041221c54f288e99bb2 10.1/RPMS/libtiff3-static-devel-3.6.1-4.4.101mdk.i586.rpm
835e5009fabee9050f055d951a3d0f8a 10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
d2cec129a11f6c1181c486eed8a024ab x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.4.101mdk.x86_64.rpm
73321d2e2a109f6993c8e44879284139 x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.4.101mdk.x86_64.rpm
28f7ea7a0ee1954a64e0c9d1ca17f224 x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.4.101mdk.x86_64.rpm
f2c2b82c083d035f32e105437c00ef40 x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.x86_64.rpm
835e5009fabee9050f055d951a3d0f8a x86_64/10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm

Mandrakelinux 10.2:
ddfec22eb079ad3e3c3e181581a32515 10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.i586.rpm
85002ad26c89bd5f00f49aa7848914ed 10.2/RPMS/libtiff3-3.6.1-11.1.102mdk.i586.rpm
1680f0094d4a1f4d7783a63536992342 10.2/RPMS/libtiff3-devel-3.6.1-11.1.102mdk.i586.rpm
ab5d56da0e46e583d7d5559b460c015b 10.2/RPMS/libtiff3-static-devel-3.6.1-11.1.102mdk.i586.rpm
60bd2c3885e06f49e97ed114ea22c260 10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
b19a75b4230c1a67febfbbd1d7e3bd0b x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.1.102mdk.x86_64.rpm
dd11b518706b082c138aa4a7a427235d x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.1.102mdk.x86_64.rpm
78da0140db6312a7813e21da700cc129 x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.1.102mdk.x86_64.rpm
1a3d856456e521653f3f94b29b561b1d x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.x86_64.rpm
60bd2c3885e06f49e97ed114ea22c260 x86_64/10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm

Multi Network Firewall 2.0:
29096b79d63f19c6e6602b6fe8859bae mnf/2.0/RPMS/libtiff3-3.5.7-11.7.M20mdk.i586.rpm
6983f0e032014df1ffeeb14306e5d410 mnf/2.0/SRPMS/libtiff-3.5.7-11.7.M20mdk.src.rpm

Corporate Server 2.1:
e17fd0f6fdf37c67d7cc94223806b652 corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.i586.rpm
ae1dee85cddb636fa9126fd14e5c9384 corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.i586.rpm
659cc8d21c830f379ebf92d45fe92b0c corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.i586.rpm
473e992205374da87b91cb8fdd9b6d65 corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.i586.rpm
261d009314678a8e54d903234e53f2d5 corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
b9a3c705853bfc458adbbe7b9b35292c x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.x86_64.rpm
ccb61469627ec442bbb1606e2c5493fe x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.x86_64.rpm
ed0414cff8b668737b401b3874295fb0 x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.x86_64.rpm
2cb106b7e639a4adbf866fcf0bcb95a2 x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.x86_64.rpm
261d009314678a8e54d903234e53f2d5 x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm

Corporate 3.0:
5d467dc33e472e58f78111bef860b052 corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.i586.rpm
c6e92b32bb20db8d058299b3da175a55 corporate/3.0/RPMS/libtiff3-3.5.7-11.7.C30mdk.i586.rpm
e104fdfdfc2e3df51e459a5e56169c41 corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.7.C30mdk.i586.rpm
e725905e66036c32093aaa4b478e5c6a corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.7.C30mdk.i586.rpm
6bd7338ff5198c5f9edd77b31ecf7190 corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
3c87ea4b94f226decf5a8e751ec9ad17 x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.7.C30mdk.x86_64.rpm
5b5663889c26d6c52de85dc300bcab18 x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.7.C30mdk.x86_64.rpm
aa63bf920d4c74f6ce6cabc896846241 x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.C30mdk.x86_64.rpm
022ac2f20e0c349d7dcce42e6cbe7a6c x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.x86_64.rpm
6bd7338ff5198c5f9edd77b31ecf7190 x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDBAZEmqjQ0CJFipgRAmp9AJkBTO4Jn7u56BUqf/sIe1zuaQTBggCfdb/8
To/G8qtCJOu5vcXbCtCA68w=
=8pu+
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: kdegraphics
Advisory ID: MDKSA-2005:143
Date: August 17th, 2005

Affected versions: 10.1, Corporate 3.0
______________________________________________________________________

Problem Description:

Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the "YCbCr subsampling" value in TIFF image headers. Decoding
a malicious image with a zero value resulted in an arithmetic exception,
which can cause a program that uses the TIFF library to crash.

Kdegraphics < 3.3 uses an embedded libtiff source tree for kfax, and
as such has the same vulnerability.

The updated packages are patched to protect against this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
0850bfa59d9b425a426dbbfa7c10aea9 10.1/RPMS/kdegraphics-3.2.3-17.7.101mdk.i586.rpm
82e3aa0f7be63a61c5348b4fe9de4974 10.1/RPMS/kdegraphics-common-3.2.3-17.7.101mdk.i586.rpm
ded0d09d3df21b41962e0345a90123c6 10.1/RPMS/kdegraphics-kdvi-3.2.3-17.7.101mdk.i586.rpm
f6220dcfa73e1b4e90d4e8515a6f9d6b 10.1/RPMS/kdegraphics-kfax-3.2.3-17.7.101mdk.i586.rpm
f994ba55e98a1b9d674a68a92b459af4 10.1/RPMS/kdegraphics-kghostview-3.2.3-17.7.101mdk.i586.rpm
235ad8b039ac3a9a6d592e719e84df96 10.1/RPMS/kdegraphics-kiconedit-3.2.3-17.7.101mdk.i586.rpm
ec254712e8752f47305ccbd51a6bf395 10.1/RPMS/kdegraphics-kooka-3.2.3-17.7.101mdk.i586.rpm
7061f9804f43a5c40ff6fee08f33bab6 10.1/RPMS/kdegraphics-kpaint-3.2.3-17.7.101mdk.i586.rpm
de9ab6f1dd0606e29e54673819423996 10.1/RPMS/kdegraphics-kpdf-3.2.3-17.7.101mdk.i586.rpm
52fd4c3a9a5d0e388672f8eff75db2e0 10.1/RPMS/kdegraphics-kpovmodeler-3.2.3-17.7.101mdk.i586.rpm
76dd522b0af559c1c7523ddbb1620675 10.1/RPMS/kdegraphics-kruler-3.2.3-17.7.101mdk.i586.rpm
1a8685e1b62a6fe144ad9758fe6368bc 10.1/RPMS/kdegraphics-ksnapshot-3.2.3-17.7.101mdk.i586.rpm
5d97c623ff9ae968212e092c333bf54b 10.1/RPMS/kdegraphics-ksvg-3.2.3-17.7.101mdk.i586.rpm
de2644bbbbec4555aaf4eacf074327e4 10.1/RPMS/kdegraphics-kuickshow-3.2.3-17.7.101mdk.i586.rpm
ae96efd29a5678212601733d956e16f4 10.1/RPMS/kdegraphics-kview-3.2.3-17.7.101mdk.i586.rpm
59cc7110bcefb6958f172f42e446865f 10.1/RPMS/kdegraphics-mrmlsearch-3.2.3-17.7.101mdk.i586.rpm
5a418834ff6fbb4f931d17de36414b67 10.1/RPMS/libkdegraphics0-common-3.2.3-17.7.101mdk.i586.rpm
c01f67d93db43c5afdddb257e6ce4821 10.1/RPMS/libkdegraphics0-common-devel-3.2.3-17.7.101mdk.i586.rpm
d66f05c391671c93ec76d90db2a93603 10.1/RPMS/libkdegraphics0-kghostview-3.2.3-17.7.101mdk.i586.rpm
33b87413d96b0fbc422b475e3228fefb 10.1/RPMS/libkdegraphics0-kghostview-devel-3.2.3-17.7.101mdk.i586.rpm
ad5396358769c63743f172c5a0239bee 10.1/RPMS/libkdegraphics0-kooka-3.2.3-17.7.101mdk.i586.rpm
4fb4d7d4da80d219b85d480b45bc19c1 10.1/RPMS/libkdegraphics0-kooka-devel-3.2.3-17.7.101mdk.i586.rpm
09a96310e8facb018fec10a100d9ae6c 10.1/RPMS/libkdegraphics0-kpovmodeler-3.2.3-17.7.101mdk.i586.rpm
22eae16ec3a4e12aa851896e7e8e1cc1 10.1/RPMS/libkdegraphics0-kpovmodeler-devel-3.2.3-17.7.101mdk.i586.rpm
04fc3af9ba6408d1d8d8f5b0764f4ac9 10.1/RPMS/libkdegraphics0-ksvg-3.2.3-17.7.101mdk.i586.rpm
4692c9605404fb145263bc102d64a06d 10.1/RPMS/libkdegraphics0-ksvg-devel-3.2.3-17.7.101mdk.i586.rpm
4108c77923931946d307a7131dd2508a 10.1/RPMS/libkdegraphics0-kuickshow-3.2.3-17.7.101mdk.i586.rpm
99fdb4a5f62fb3040c151742f279d7c1 10.1/RPMS/libkdegraphics0-kview-3.2.3-17.7.101mdk.i586.rpm
c094b92f775e50f2f7b28a97b57bc5c9 10.1/RPMS/libkdegraphics0-kview-devel-3.2.3-17.7.101mdk.i586.rpm
3a198ce8fa7ac425434e6f77af326651 10.1/RPMS/libkdegraphics0-mrmlsearch-3.2.3-17.7.101mdk.i586.rpm
0d46d0c06d8d7a4da2c314c221f93af8 10.1/SRPMS/kdegraphics-3.2.3-17.7.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
84574d9f8c7e9eebe97527cf34977bb0 x86_64/10.1/RPMS/kdegraphics-3.2.3-17.7.101mdk.x86_64.rpm
94a1a9754e31c6b049f6b02cde039829 x86_64/10.1/RPMS/kdegraphics-common-3.2.3-17.7.101mdk.x86_64.rpm
9260ea1b515833a64bd9bfb65860de6a x86_64/10.1/RPMS/kdegraphics-kdvi-3.2.3-17.7.101mdk.x86_64.rpm
91b3b2ea85d8d44a03cb6db209754ab7 x86_64/10.1/RPMS/kdegraphics-kfax-3.2.3-17.7.101mdk.x86_64.rpm
b3be4aabf6740cc50aad3718fb18174c x86_64/10.1/RPMS/kdegraphics-kghostview-3.2.3-17.7.101mdk.x86_64.rpm
dfa9cbe05ea54befcb1f3728f9fc09f6 x86_64/10.1/RPMS/kdegraphics-kiconedit-3.2.3-17.7.101mdk.x86_64.rpm
d154c85c3bc548c99743747907ae4e9e x86_64/10.1/RPMS/kdegraphics-kooka-3.2.3-17.7.101mdk.x86_64.rpm
a2f5e201da86e32196d316d1ba81ec89 x86_64/10.1/RPMS/kdegraphics-kpaint-3.2.3-17.7.101mdk.x86_64.rpm
e96e85bef409684900ee61b2a60fa614 x86_64/10.1/RPMS/kdegraphics-kpdf-3.2.3-17.7.101mdk.x86_64.rpm
8c94ab2aaf6fd5edda8a5d9c0353c707 x86_64/10.1/RPMS/kdegraphics-kpovmodeler-3.2.3-17.7.101mdk.x86_64.rpm
ae68b58ea2359e626c578aebd33e63df x86_64/10.1/RPMS/kdegraphics-kruler-3.2.3-17.7.101mdk.x86_64.rpm
1a19e163584345a0fee7db21271ed56d x86_64/10.1/RPMS/kdegraphics-ksnapshot-3.2.3-17.7.101mdk.x86_64.rpm
b3c614b3cf8d2e28fcbc4437ac7eedb0 x86_64/10.1/RPMS/kdegraphics-ksvg-3.2.3-17.7.101mdk.x86_64.rpm
6c3b1f8a5575e1db8d2f1bf6167d2e76 x86_64/10.1/RPMS/kdegraphics-kuickshow-3.2.3-17.7.101mdk.x86_64.rpm
a98c4171cdc3857f545b454206fea60f x86_64/10.1/RPMS/kdegraphics-kview-3.2.3-17.7.101mdk.x86_64.rpm
9ddfb247c1ac9b571e042607af438d2e x86_64/10.1/RPMS/kdegraphics-mrmlsearch-3.2.3-17.7.101mdk.x86_64.rpm
2daf7814f31ea861af1adf6d6958f619 x86_64/10.1/RPMS/lib64kdegraphics0-common-3.2.3-17.7.101mdk.x86_64.rpm
1aa254cb176543f2386e7987b5854b86 x86_64/10.1/RPMS/lib64kdegraphics0-common-devel-3.2.3-17.7.101mdk.x86_64.rpm
24995ac257c8e1e7d34288a1503af153 x86_64/10.1/RPMS/lib64kdegraphics0-kghostview-3.2.3-17.7.101mdk.x86_64.rpm
3a11f2fc88a7bb271e787c12e11ed85b x86_64/10.1/RPMS/lib64kdegraphics0-kghostview-devel-3.2.3-17.7.101mdk.x86_64.rpm
ced64b650693e51ab53dbbbbbdd837de x86_64/10.1/RPMS/lib64kdegraphics0-kooka-3.2.3-17.7.101mdk.x86_64.rpm
10785e95b782da9da52262506526dbd0 x86_64/10.1/RPMS/lib64kdegraphics0-kooka-devel-3.2.3-17.7.101mdk.x86_64.rpm
1a8a8339cc85cef90c54e0c467eff94c x86_64/10.1/RPMS/lib64kdegraphics0-kpovmodeler-3.2.3-17.7.101mdk.x86_64.rpm
498116650efb396f2f38dc8c1c3b677c x86_64/10.1/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2.3-17.7.101mdk.x86_64.rpm
0f80fd46eea48815eab39170a0f2583d x86_64/10.1/RPMS/lib64kdegraphics0-ksvg-3.2.3-17.7.101mdk.x86_64.rpm
04dff57a88777fb2f0258611989889b0 x86_64/10.1/RPMS/lib64kdegraphics0-ksvg-devel-3.2.3-17.7.101mdk.x86_64.rpm
e18c8a96af23b872e53e613fc09559d9 x86_64/10.1/RPMS/lib64kdegraphics0-kuickshow-3.2.3-17.7.101mdk.x86_64.rpm
d4811a449e5db4cc23b720076d02be31 x86_64/10.1/RPMS/lib64kdegraphics0-kview-3.2.3-17.7.101mdk.x86_64.rpm
0432fec2093827d74334b64c004a7dc0 x86_64/10.1/RPMS/lib64kdegraphics0-kview-devel-3.2.3-17.7.101mdk.x86_64.rpm
cf427e9c6f75bc83e2366f2ddf7c10b8 x86_64/10.1/RPMS/lib64kdegraphics0-mrmlsearch-3.2.3-17.7.101mdk.x86_64.rpm
5a418834ff6fbb4f931d17de36414b67 x86_64/10.1/RPMS/libkdegraphics0-common-3.2.3-17.7.101mdk.i586.rpm
d66f05c391671c93ec76d90db2a93603 x86_64/10.1/RPMS/libkdegraphics0-kghostview-3.2.3-17.7.101mdk.i586.rpm
ad5396358769c63743f172c5a0239bee x86_64/10.1/RPMS/libkdegraphics0-kooka-3.2.3-17.7.101mdk.i586.rpm
09a96310e8facb018fec10a100d9ae6c x86_64/10.1/RPMS/libkdegraphics0-kpovmodeler-3.2.3-17.7.101mdk.i586.rpm
04fc3af9ba6408d1d8d8f5b0764f4ac9 x86_64/10.1/RPMS/libkdegraphics0-ksvg-3.2.3-17.7.101mdk.i586.rpm
4108c77923931946d307a7131dd2508a x86_64/10.1/RPMS/libkdegraphics0-kuickshow-3.2.3-17.7.101mdk.i586.rpm
99fdb4a5f62fb3040c151742f279d7c1 x86_64/10.1/RPMS/libkdegraphics0-kview-3.2.3-17.7.101mdk.i586.rpm
3a198ce8fa7ac425434e6f77af326651 x86_64/10.1/RPMS/libkdegraphics0-mrmlsearch-3.2.3-17.7.101mdk.i586.rpm
0d46d0c06d8d7a4da2c314c221f93af8 x86_64/10.1/SRPMS/kdegraphics-3.2.3-17.7.101mdk.src.rpm

Corporate 3.0:
8fb89b5d573b2f0e18960c2c57d88049 corporate/3.0/RPMS/kdegraphics-3.2-15.8.C30mdk.i586.rpm
74ade0ef32148e47c97e437fdbe31c55 corporate/3.0/RPMS/kdegraphics-common-3.2-15.8.C30mdk.i586.rpm
f7a1c996410e6f8240fce3df69662ee7 corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.8.C30mdk.i586.rpm
498fcc2706f13a37151d26d795cb8af5 corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.8.C30mdk.i586.rpm
968f93bacc172e8bf750e61f55ad6c2d corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.8.C30mdk.i586.rpm
ebc0351557377d13d6e6d6e04b727d35 corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.8.C30mdk.i586.rpm
f78738e6cbe3a828ed8ba99af929afbb corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.8.C30mdk.i586.rpm
515a6a3bc02d351e072a3c1661236970 corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.8.C30mdk.i586.rpm
a8f6098bc65955510f05d52aea3016b3 corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.8.C30mdk.i586.rpm
c2eb7c48b3a38357a3f3d37986717f09 corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.8.C30mdk.i586.rpm
0806d05001e5fc2dddbd7bb8a5f8c67b corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.8.C30mdk.i586.rpm
3120cf1cad9f5e2b9e96d27ce9b93b57 corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.8.C30mdk.i586.rpm
ca5c6a6a167fff2ba75e545379198b25 corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.8.C30mdk.i586.rpm
0b4972ab74f2b0c95cd8a5bd2b489552 corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.8.C30mdk.i586.rpm
542cb3c43077d50445f4c40bd2de560e corporate/3.0/RPMS/kdegraphics-kview-3.2-15.8.C30mdk.i586.rpm
aa9cf4d1aada39adc8b78a3f2ccbf666 corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.8.C30mdk.i586.rpm
6d469c11e303ecd30c245a93635acd54 corporate/3.0/RPMS/libkdegraphics0-common-3.2-15.8.C30mdk.i586.rpm
7956586a648f4c7fd84d211e04e03cba corporate/3.0/RPMS/libkdegraphics0-common-devel-3.2-15.8.C30mdk.i586.rpm
3acb74778ef80840f40d4ccca953bd71 corporate/3.0/RPMS/libkdegraphics0-kooka-3.2-15.8.C30mdk.i586.rpm
8878ff3d6852fd7305062c687de8ba5d corporate/3.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.8.C30mdk.i586.rpm
31580d68bf2c35d02b77317bb3343122 corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.8.C30mdk.i586.rpm
8f258b355815e2e81e2f23021c3f97b0 corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.8.C30mdk.i586.rpm
441dd9fd4991501bb5f576affdcef69a corporate/3.0/RPMS/libkdegraphics0-ksvg-3.2-15.8.C30mdk.i586.rpm
6539132604ac8215b8fa39e1610b61a2 corporate/3.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.8.C30mdk.i586.rpm
e6886553c073befbfb1fdfbfa25bc63e corporate/3.0/RPMS/libkdegraphics0-kuickshow-3.2-15.8.C30mdk.i586.rpm
d9155b7767bf9be9a58210759496823c corporate/3.0/RPMS/libkdegraphics0-kview-3.2-15.8.C30mdk.i586.rpm
a312b9c911fc787699fc39af5a40c79a corporate/3.0/RPMS/libkdegraphics0-kview-devel-3.2-15.8.C30mdk.i586.rpm
c2f40fe2b48b35fed2dbc4c7d19882b9 corporate/3.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.8.C30mdk.i586.rpm
c94be1d83e8c46ae7c15891aa4205848 corporate/3.0/SRPMS/kdegraphics-3.2-15.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
b024b0c6a79b417692112bf348cd95fc x86_64/corporate/3.0/RPMS/kdegraphics-3.2-15.8.C30mdk.x86_64.rpm
e6276cf1aa395686bd7b91249011aa38 x86_64/corporate/3.0/RPMS/kdegraphics-common-3.2-15.8.C30mdk.x86_64.rpm
81a8878ced363c5b99d083a6514e6e96 x86_64/corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.8.C30mdk.x86_64.rpm
0b1d51fcb1e04376bdc098c4e2f171d7 x86_64/corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.8.C30mdk.x86_64.rpm
4744070e1a0396e7179ccf53fe2d85c2 x86_64/corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.8.C30mdk.x86_64.rpm
774d87525915ceebeab373db882d2366 x86_64/corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.8.C30mdk.x86_64.rpm
ccead5ed0b52b61c7e0345d1ce73a915 x86_64/corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.8.C30mdk.x86_64.rpm
ce557d2ec486433984f573ed5b80de33 x86_64/corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.8.C30mdk.x86_64.rpm
a6ffb9c6ab2d9c0b5f0f19457791b4ba x86_64/corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.8.C30mdk.x86_64.rpm
bec4700cc12ae61ff2cb7314ae5a0ddb x86_64/corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.8.C30mdk.x86_64.rpm
fec0575377007aa825ac15e13e576b99 x86_64/corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.8.C30mdk.x86_64.rpm
530a5ac17809959f2445478ea7adab50 x86_64/corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.8.C30mdk.x86_64.rpm
ea55b0e94fbcf6c53a56f4b83ff97eb6 x86_64/corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.8.C30mdk.x86_64.rpm
12b743469cdf6cd8350fa58a7c3a36c3 x86_64/corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.8.C30mdk.x86_64.rpm
224f5a552036aa61542990c69710bb6a x86_64/corporate/3.0/RPMS/kdegraphics-kview-3.2-15.8.C30mdk.x86_64.rpm
b1be434f8e14b274507b1ae4044099c8 x86_64/corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.8.C30mdk.x86_64.rpm
acfd72cf7010e702def1ed4a178b8d2c x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-3.2-15.8.C30mdk.x86_64.rpm
dc64e7bb63705ba72cd4f483c404561b x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.8.C30mdk.x86_64.rpm
2a4bb857f31aa164f4c8d8f258187aa7 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-3.2-15.8.C30mdk.x86_64.rpm
9156bfefed30fd5253b4c499242aa7a0 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.8.C30mdk.x86_64.rpm
36a5e60f7c4677f47aff7701850ea0d7 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.8.C30mdk.x86_64.rpm
03f94e3422b4c384b047dbf560e1d05d x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.8.C30mdk.x86_64.rpm
07bf10276d704a430713b651df3b2169 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.8.C30mdk.x86_64.rpm
65d07b28c3bb6de94a87958683f083b0 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.8.C30mdk.x86_64.rpm
ae2bed52c58fb043d19bb336e18d0dad x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.8.C30mdk.x86_64.rpm
d54929663a71f898299f2784af91face x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-3.2-15.8.C30mdk.x86_64.rpm
6cb1d6616411007e5368b3193f6481bf x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.8.C30mdk.x86_64.rpm
68df49480edbbe07a1068eb686e1ab4c x86_64/corporate/3.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.8.C30mdk.x86_64.rpm
c94be1d83e8c46ae7c15891aa4205848 x86_64/corporate/3.0/SRPMS/kdegraphics-3.2-15.8.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDBAakmqjQ0CJFipgRAhavAKCaTdeoeoW8kPv9IeIDM0RohcKkqgCfYPqf
ru2zgRvhBrXOeNpFP8ppG9M=
=kLMi
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: wxPythonGTK
Advisory ID: MDKSA-2005:144
Date: August 18th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the "YCbCr subsampling" value in TIFF image headers. Decoding
a malicious image with a zero value resulted in an arithmetic exception,
which can cause a program that uses the TIFF library to crash.

wxPythonGTK uses an embedded libtiff source tree, and as such has the
same vulnerability.

The updated packages have been rebuilt using the system libraries and
should now incorporate all the updates to libjpeg, libpng, libtiff and
zlib.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
1792bef2b7c38d434f5c580885918fa9 10.1/RPMS/libwxPythonGTK2.5_2-2.5.2.7-3.1.101mdk.i586.rpm
e74ecbc67fb44bc41c211c9c48d99bf2 10.1/RPMS/libwxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk.i586.rpm
cbc0ab1e5ff4890e6ca773bc106a22ba 10.1/RPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.i586.rpm
b9a21a161373a223927041bfb59e9daa 10.1/SRPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
58a22e1baf7b89f5cba1904cc385a62d x86_64/10.1/RPMS/lib64wxPythonGTK2.5_2-2.5.2.7-3.1.101mdk.x86_64.rpm
3416e43ec121b43dd0fa320ced1a1692 x86_64/10.1/RPMS/lib64wxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk.x86_64.rpm
04420e8c6fa31ae8266bf1646442665b x86_64/10.1/RPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.x86_64.rpm
b9a21a161373a223927041bfb59e9daa x86_64/10.1/SRPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.src.rpm

Mandrakelinux 10.2:
8deaae175c40b0b2aae1c0a9260e6c5e 10.2/RPMS/libwxPythonGTK2.5_3-2.5.3.1-3.1.102mdk.i586.rpm
b240df592e137d2b429118a51561475f 10.2/RPMS/libwxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk.i586.rpm
142a95ae853496fa62488898a8e22a5c 10.2/RPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.i586.rpm
8a04fcd0d0d70bc22549b20374aa2fc4 10.2/SRPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
3641fdd53027c69755b2026f9868bcd4 x86_64/10.2/RPMS/lib64wxPythonGTK2.5_3-2.5.3.1-3.1.102mdk.x86_64.rpm
a84597c3db0f2f38f493693d0cfbf0d6 x86_64/10.2/RPMS/lib64wxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk.x86_64.rpm
f453d626b50c9f8e5fd7b801f06a53c6 x86_64/10.2/RPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.x86_64.rpm
8a04fcd0d0d70bc22549b20374aa2fc4 x86_64/10.2/SRPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.src.rpm

Corporate 3.0:
30310777699ba2bc43269fea791785a6 corporate/3.0/RPMS/libwxPythonGTK2.4-2.4.2.4-2.1.C30mdk.i586.rpm
2ab1c06543b33f2304caa2f75c234a74 corporate/3.0/RPMS/libwxPythonGTK2.4-devel-2.4.2.4-2.1.C30mdk.i586.rpm
1ff251baed6af07e5604521ae8390f06 corporate/3.0/RPMS/wxPythonGTK-2.4.2.4-2.1.C30mdk.i586.rpm
fbf97259f8e496bf20af99c1cacb08b1 corporate/3.0/SRPMS/wxPythonGTK-2.4.2.4-2.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDBOsjmqjQ0CJFipgRAi91AJwOyfuUHD4/Zr5KsndSbEJqAzI7MgCfRb2r
wUXPRILQAr0ZQlQMXBFxZT4=
=6Vnf
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |