Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2006 > Mandriva - Six Security Advisories

September 2006

Mandriva - Six Security Advisories

ID: 00663
Ref: 635/06
Date: 29 September 2006:15:07:21
Version: 1
Title: Mandriva - Six Security Advisories
Abstract: Updates for openldap, openssl, ffmpeg, gstreamer- ffmpeg, mplayer, xine-lib
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

Title
=====

Mandriva - Six Security Advisories:
1. Updated openldap packages fixes ACL vulnerability [MDKSA-2006:171]
2. Updated openssl packages fix vulnerabilities [MDKSA-2006:172]
3. Updated ffmpeg packages fix buffer overflow vulnerabilities [MDKSA-2006:173]
4. Update gstreamer-ffmpeg packages fix buffer overflow vulnerabilities [MDKSA-2006:174]
5. Updated mplayer packages fix buffer overflow vulnerabilities [MDKSA-2006:175]
6. Updated xine-lib packages fix buffer overflow vulnerabilities [MDKSA-2006:176]


Detail
======

Security advisory summaries:

1. slapd in OpenLDAP before 2.3.25 allows remote authenticated users with
selfwrite Access Control List (ACL) privileges to modify arbitrary
Distinguished Names (DN).

2. Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).
When the test suite was run against OpenSSL two denial of service
vulnerabilities were discovered.

3. Multiple buffer overflows in libavcodec in ffmpeg before
0.4.9_p20060530 allow remote attackers to cause a denial of service or
possibly execute arbitrary code via multiple unspecified vectors.

4. Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been
updated to address the following issue: Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vector

5. Mplayer uses an embedded copy of ffmpeg and as such has been updated to
address the following issue: Multiple buffer overflows in libavcodec
in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a
denial of service or possibly execute arbitrary code via multiple
unspecified vectors.

6. Xine-lib uses an embedded copy of ffmpeg and as such has been updated
to address the following issue: Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vectors.


Security advisory content follows:


1.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:171
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openldap
Date : September 28, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with
selfwrite Access Control List (ACL) privileges to modify arbitrary
Distinguished Names (DN).

Packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
c706d14413946af2519c7c6d94a01abf 2006.0/i586/libldap2.3_0-2.3.6-4.2.20060mdk.i586.rpm
3965f77fd18143cfc633c1c99df5bf1a 2006.0/i586/libldap2.3_0-devel-2.3.6-4.2.20060mdk.i586.rpm
113f7420a055bd5ca3a96831a9cc9278 2006.0/i586/libldap2.3_0-static-devel-2.3.6-4.2.20060mdk.i586.rpm
5f5faaba51ab019a3c9f63f2f8a8f744 2006.0/i586/openldap-2.3.6-4.2.20060mdk.i586.rpm
2ad7ac18504abec70360d98eb16ee6c7 2006.0/i586/openldap-clients-2.3.6-4.2.20060mdk.i586.rpm
627931509c00600752d92f8aaa05f885 2006.0/i586/openldap-doc-2.3.6-4.2.20060mdk.i586.rpm
294b5514bfcedbcffb4bf5f9836049d6 2006.0/i586/openldap-servers-2.3.6-4.2.20060mdk.i586.rpm
52f284965fe7f122a7bcf096a047bcbc 2006.0/SRPMS/openldap-2.3.6-4.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
f4edce61b93bf08c449a1b5a4daa7a43 2006.0/x86_64/lib64ldap2.3_0-2.3.6-4.2.20060mdk.x86_64.rpm
b3c6032b3e9158f6a18fd6bd80fe0622 2006.0/x86_64/lib64ldap2.3_0-devel-2.3.6-4.2.20060mdk.x86_64.rpm
8e9d02346e203604002b2412629b91d8 2006.0/x86_64/lib64ldap2.3_0-static-devel-2.3.6-4.2.20060mdk.x86_64.rpm
c706d14413946af2519c7c6d94a01abf 2006.0/x86_64/libldap2.3_0-2.3.6-4.2.20060mdk.i586.rpm
3965f77fd18143cfc633c1c99df5bf1a 2006.0/x86_64/libldap2.3_0-devel-2.3.6-4.2.20060mdk.i586.rpm
113f7420a055bd5ca3a96831a9cc9278 2006.0/x86_64/libldap2.3_0-static-devel-2.3.6-4.2.20060mdk.i586.rpm
60f55f26379d16ebe85f91fb7a003e6f 2006.0/x86_64/openldap-2.3.6-4.2.20060mdk.x86_64.rpm
cb4b4754e31b2a719fc12d560756bda7 2006.0/x86_64/openldap-clients-2.3.6-4.2.20060mdk.x86_64.rpm
0e91c088d674caf27ac83608d634e266 2006.0/x86_64/openldap-doc-2.3.6-4.2.20060mdk.x86_64.rpm
ef405896401993b3fc7a866deaccfb02 2006.0/x86_64/openldap-servers-2.3.6-4.2.20060mdk.x86_64.rpm
52f284965fe7f122a7bcf096a047bcbc 2006.0/SRPMS/openldap-2.3.6-4.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHAxWmqjQ0CJFipgRAplIAJ4w2ikINUxE7djt4Fvz0iumvkFKCgCgprdl
heJNWCZc4PhXpxHnrOU8Clg=
=7wcp
- -----END PGP SIGNATURE-----


2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:172
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openssl
Date : September 28, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).
When the test suite was run against OpenSSL two denial of service
vulnerabilities were discovered.

During the parsing of certain invalid ASN1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory. (CVE-2006-2937)

Certain types of public key can take disproportionate amounts of time
to process. This could be used by an attacker in a denial of service
attack. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers utility function, used by
some applications such as exim and mysql. An attacker could send a
list of ciphers that would overrun a buffer. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
possible DoS in the sslv2 client code. Where a client application uses
OpenSSL to make a SSLv2 connection to a malicious server that server
could cause the client to crash. (CVE-2006-4343)

Updated packages are patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm
8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm
3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm
8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm
52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm
f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm
7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm
17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm
8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm
3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm
6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm
52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

Mandriva Linux 2007.0:
1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm
1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm
59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm
3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm
aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm
d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm
5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm
9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm
aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

Corporate 3.0:
c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm
98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm
151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm
82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm
a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm
30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm
e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm
c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm
83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm
a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

Corporate 4.0:
6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm
22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm
679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm
d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm
b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm
a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm
47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm
6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm
22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm
679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm
1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm
b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm
abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm
92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm
847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm
b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0
wB09L3fylyiHgrXvSV6VL7A=
=/+dm
- -----END PGP SIGNATURE-----


3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:173
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : September 28, 2006
Affected: 2006.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple buffer overflows in libavcodec in ffmpeg before
0.4.9_p20060530 allow remote attackers to cause a denial of service or
possibly execute arbitrary code via multiple unspecified vectors in (1)
dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6)
tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11)
smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is
a different vulnerability than CVE-2005-4048 and CVE-2006-2802.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
70f951cfb00bd1a976ffd682f71c23ef 2006.0/i586/ffmpeg-0.4.9-0.pre1.5.2.20060mdk.i586.rpm
0de2a4efb5beb153e13a46ef160076b3 2006.0/i586/libffmpeg0-0.4.9-0.pre1.5.2.20060mdk.i586.rpm
80a876fead4c2f1fda335964b84407fd 2006.0/i586/libffmpeg0-devel-0.4.9-0.pre1.5.2.20060mdk.i586.rpm
8a22beb958201500862541f9cc18c399 2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
dc1aed466f6b4064765a1a333c7c4710 2006.0/x86_64/ffmpeg-0.4.9-0.pre1.5.2.20060mdk.x86_64.rpm
299a9fcfdce014cc13b906df6fe133f6 2006.0/x86_64/lib64ffmpeg0-0.4.9-0.pre1.5.2.20060mdk.x86_64.rpm
9b2483e5edb8cf196b0df877706c315f 2006.0/x86_64/lib64ffmpeg0-devel-0.4.9-0.pre1.5.2.20060mdk.x86_64.rpm
8a22beb958201500862541f9cc18c399 2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.2.20060mdk.src.rpm

Corporate 3.0:
ebebfa31e3817060e6f1862e7bb673a2 corporate/3.0/i586/ffmpeg-0.4.8-7.3.C30mdk.i586.rpm
51e303559d0d07ff86af703906065e19 corporate/3.0/i586/libffmpeg0-0.4.8-7.3.C30mdk.i586.rpm
6375f7c63d7c53d18d5ea16c8d96e9c1 corporate/3.0/i586/libffmpeg0-devel-0.4.8-7.3.C30mdk.i586.rpm
b089b6a12c6390aed83c5dd412e35da7 corporate/3.0/SRPMS/ffmpeg-0.4.8-7.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
85c5aa0a8021680bfa987a652f94cde5 corporate/3.0/x86_64/ffmpeg-0.4.8-7.3.C30mdk.x86_64.rpm
e26a80cc7d31cdcccda6e4d69eb13722 corporate/3.0/x86_64/lib64ffmpeg0-0.4.8-7.3.C30mdk.x86_64.rpm
35194873a8a53e71950d5c042245b03a corporate/3.0/x86_64/lib64ffmpeg0-devel-0.4.8-7.3.C30mdk.x86_64.rpm
b089b6a12c6390aed83c5dd412e35da7 corporate/3.0/SRPMS/ffmpeg-0.4.8-7.3.C30mdk.src.rpm

Corporate 4.0:
064b1663a622879bf77f6f565b83cb96 corporate/4.0/i586/libffmpeg0-0.4.9-0.pre1.5.2.20060mlcs4.i586.rpm
c558365bbaf260429be0a6f51a5f3875 corporate/4.0/i586/libffmpeg0-devel-0.4.9-0.pre1.5.2.20060mlcs4.i586.rpm
91d0e04a3df240ecd67c74b64a48bb62 corporate/4.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
5563813e75db69e560e32729f872a2a8 corporate/4.0/x86_64/lib64ffmpeg0-0.4.9-0.pre1.5.2.20060mlcs4.x86_64.rpm
7f5c2f384e711027ad1e9fd76f4abe3f corporate/4.0/x86_64/lib64ffmpeg0-devel-0.4.9-0.pre1.5.2.20060mlcs4.x86_64.rpm
91d0e04a3df240ecd67c74b64a48bb62 corporate/4.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHDkFmqjQ0CJFipgRAqM1AKC4uTKc3eu/7jJ+J0jpAHI2rPf0dACg9mkv
YsCd0RplOBS5ZhbV/ZQM6yo=
=/I1x
- -----END PGP SIGNATURE-----


4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:174
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gstreamer-ffmpeg
Date : September 28, 2006
Affected: 2006.0, 2007.0
_______________________________________________________________________

Problem Description:

Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been
updated to address the following issue: Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
NOTE: it is likely that this is a different vulnerability than
CVE-2005-4048 and CVE-2006-2802.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
c49b397719d1143231cb030f9e9cd003 2006.0/i586/gstreamer-ffmpeg-0.8.6-1.2.20060mdk.i586.rpm
a0afe9ef876a409ca594b4fdb75921ad 2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
03003e5d2ee3f613a7ccd9552fdc7124 2006.0/x86_64/gstreamer-ffmpeg-0.8.6-1.2.20060mdk.x86_64.rpm
a0afe9ef876a409ca594b4fdb75921ad 2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
884a134c1ded68502a461754b51dce85 2007.0/i586/gstreamer-ffmpeg-0.8.7-3.1mdv2007.0.i586.rpm
d30f67740f6f6b9769609e613fd44b59 2007.0/SRPMS/gstreamer-ffmpeg-0.8.7-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
90b711e579e72a96441b16b5e38bb5ff 2007.0/x86_64/gstreamer-ffmpeg-0.8.7-3.1mdv2007.0.x86_64.rpm
d30f67740f6f6b9769609e613fd44b59 2007.0/SRPMS/gstreamer-ffmpeg-0.8.7-3.1mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHDlsmqjQ0CJFipgRAvzDAKCLNJTShpo5gUmU47eX99C4lX18KACg1c/S
uPADHsplQtv2PiYZTnQu428=
=RWZE
- -----END PGP SIGNATURE-----


5.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:175
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mplayer
Date : September 28, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

Mplayer uses an embedded copy of ffmpeg and as such has been updated to
address the following issue: Multiple buffer overflows in libavcodec
in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a
denial of service or possibly execute arbitrary code via multiple
unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
NOTE: it is likely that this is a different vulnerability than
CVE-2005-4048 and CVE-2006-2802.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
ba2fe0a33637c9b56c18b42ddd1f5baa 2006.0/i586/libdha1.0-1.0-1.pre7.12.4.20060mdk.i586.rpm
b0ff5a0592dd789ead011359a14d232c 2006.0/i586/libpostproc0-1.0-1.pre7.12.4.20060mdk.i586.rpm
a9f6f27f005603ad305933a593d52c6c 2006.0/i586/libpostproc0-devel-1.0-1.pre7.12.4.20060mdk.i586.rpm
a327015bb156971a727dc6b08f3c6205 2006.0/i586/mencoder-1.0-1.pre7.12.4.20060mdk.i586.rpm
fbdcb5720e94ebe5d48f9bde3943629c 2006.0/i586/mplayer-1.0-1.pre7.12.4.20060mdk.i586.rpm
e5ade5cfbefe54bb8db5f6ec55c3e703 2006.0/i586/mplayer-gui-1.0-1.pre7.12.4.20060mdk.i586.rpm
15261692bbcc0c8326c99f9404b021be 2006.0/SRPMS/mplayer-1.0-1.pre7.12.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a1b2195873fc74dee070f8f1dd7c7972 2006.0/x86_64/lib64postproc0-1.0-1.pre7.12.4.20060mdk.x86_64.rpm
48630b15e0d33eb51566783a55c29561 2006.0/x86_64/lib64postproc0-devel-1.0-1.pre7.12.4.20060mdk.x86_64.rpm
ba2fe0a33637c9b56c18b42ddd1f5baa 2006.0/x86_64/libdha1.0-1.0-1.pre7.12.4.20060mdk.i586.rpm
b0ff5a0592dd789ead011359a14d232c 2006.0/x86_64/libpostproc0-1.0-1.pre7.12.4.20060mdk.i586.rpm
a9f6f27f005603ad305933a593d52c6c 2006.0/x86_64/libpostproc0-devel-1.0-1.pre7.12.4.20060mdk.i586.rpm
1b1d5655127cb355a650b63fb2ccf786 2006.0/x86_64/mencoder-1.0-1.pre7.12.4.20060mdk.x86_64.rpm
53762878ca52dfad5fece2de9fc29f65 2006.0/x86_64/mplayer-1.0-1.pre7.12.4.20060mdk.x86_64.rpm
d31df33d4302b4d5cf26023b98fd0c81 2006.0/x86_64/mplayer-gui-1.0-1.pre7.12.4.20060mdk.x86_64.rpm
15261692bbcc0c8326c99f9404b021be 2006.0/SRPMS/mplayer-1.0-1.pre7.12.4.20060mdk.src.rpm

Corporate 3.0:
02b7f6e1857e6ae3a76c07f920d6e5bd corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.8.C30mdk.i586.rpm
9e4143278ddbaf5c70d176bb4c1b667b corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.8.C30mdk.i586.rpm
e71a9a7f0e94da16514a603d938056f6 corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.8.C30mdk.i586.rpm
dfef3b8b7cafc375899e79b2dcdf47f2 corporate/3.0/i586/mencoder-1.0-0.pre3.14.8.C30mdk.i586.rpm
9376a4a0722299939af1e9ae3c5a64fb corporate/3.0/i586/mplayer-1.0-0.pre3.14.8.C30mdk.i586.rpm
d652bf069c11e14b833bd6762d88f0df corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.8.C30mdk.i586.rpm
9a8bc9de93590ea3201f93ccda4eaaba corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
861a282d1a5b84ab71f36345ce5b9e33 corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.8.C30mdk.x86_64.rpm
c69aa30c18e2e8ed16f1450f8a8c1ac1 corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.8.C30mdk.x86_64.rpm
b36fe1a309c347181db187aa8ca2fa1b corporate/3.0/x86_64/mencoder-1.0-0.pre3.14.8.C30mdk.x86_64.rpm
42b26792d504dd654d43a017e2df186d corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.8.C30mdk.x86_64.rpm
6d7036670a76d50d2ef4a942fad171f6 corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.8.C30mdk.x86_64.rpm
9a8bc9de93590ea3201f93ccda4eaaba corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.8.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHDnEmqjQ0CJFipgRAko3AJsFolB7JIz+JzIaA3eOL0mEVDSjLQCeN3QF
x3RT+ttV+fhm1mYI2Ghtu4o=
=KgHo
- -----END PGP SIGNATURE-----


6.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:176
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xine-lib
Date : September 28, 2006
Affected: 2006.0, 2007.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

Xine-lib uses an embedded copy of ffmpeg and as such has been updated
to address the following issue: Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
NOTE: it is likely that this is a different vulnerability than
CVE-2005-4048 and CVE-2006-2802.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
d1f80d9b93a76660d51ad5df0c8c2e19 2006.0/i586/libxine1-1.1.0-9.7.20060mdk.i586.rpm
f671d0176cf054d166c1e16e874aaaa2 2006.0/i586/libxine1-devel-1.1.0-9.7.20060mdk.i586.rpm
6f0953a17f812a39f95e3b9287b9e069 2006.0/i586/xine-aa-1.1.0-9.7.20060mdk.i586.rpm
42d3d3fb0dacc20837ce9b29e63ee7b4 2006.0/i586/xine-arts-1.1.0-9.7.20060mdk.i586.rpm
730747a34c5c0b257b491c444e8e5d84 2006.0/i586/xine-dxr3-1.1.0-9.7.20060mdk.i586.rpm
15e53a29ac2538c42ac127004d1ace0a 2006.0/i586/xine-esd-1.1.0-9.7.20060mdk.i586.rpm
9a70a80f3a1bc3cd3d58c21ff84a60bb 2006.0/i586/xine-flac-1.1.0-9.7.20060mdk.i586.rpm
c587a6f90f1e0dae31fd2c168f46f7e0 2006.0/i586/xine-gnomevfs-1.1.0-9.7.20060mdk.i586.rpm
bf556f57f35ae3a70157c925cceeadce 2006.0/i586/xine-image-1.1.0-9.7.20060mdk.i586.rpm
6b902ec1c26032f86733e50c0576db20 2006.0/i586/xine-plugins-1.1.0-9.7.20060mdk.i586.rpm
dc86818eeda6ebe99f4c4736aa26915d 2006.0/i586/xine-polyp-1.1.0-9.7.20060mdk.i586.rpm
0f2d148a0b52157e8598ec42c8f2a3c5 2006.0/i586/xine-smb-1.1.0-9.7.20060mdk.i586.rpm
a1727cb46b7790690d8970371538a767 2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
d2072c8ed9dc58f785afa6f091368540 2006.0/x86_64/lib64xine1-1.1.0-9.7.20060mdk.x86_64.rpm
4e89998dece0c89eb08e70ff1c463839 2006.0/x86_64/lib64xine1-devel-1.1.0-9.7.20060mdk.x86_64.rpm
8a85f46ca8642413d262a10ccf9d83f5 2006.0/x86_64/xine-aa-1.1.0-9.7.20060mdk.x86_64.rpm
8d5cf41e362c82ff439ac7f016133e3b 2006.0/x86_64/xine-arts-1.1.0-9.7.20060mdk.x86_64.rpm
59d13f29dce4010c44b7ded12bf72b0c 2006.0/x86_64/xine-dxr3-1.1.0-9.7.20060mdk.x86_64.rpm
ff0e3b94866e27e16c0879466edfe8ad 2006.0/x86_64/xine-esd-1.1.0-9.7.20060mdk.x86_64.rpm
dbe2fc276bb83ebadcd60ffe65695600 2006.0/x86_64/xine-flac-1.1.0-9.7.20060mdk.x86_64.rpm
399b3cf66525e55b29efdd7ab2d16f4e 2006.0/x86_64/xine-gnomevfs-1.1.0-9.7.20060mdk.x86_64.rpm
585d0753c5465c3be61374c633b9a849 2006.0/x86_64/xine-image-1.1.0-9.7.20060mdk.x86_64.rpm
caa986167205f61d3b2cd332de8f9ea9 2006.0/x86_64/xine-plugins-1.1.0-9.7.20060mdk.x86_64.rpm
4c8105732f02c99499743baf3a8bee82 2006.0/x86_64/xine-polyp-1.1.0-9.7.20060mdk.x86_64.rpm
92849a576e00179b379d46ad09ef69c6 2006.0/x86_64/xine-smb-1.1.0-9.7.20060mdk.x86_64.rpm
a1727cb46b7790690d8970371538a767 2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm

Mandriva Linux 2007.0:
d404c25c046cb8a33c8ad0e2b2072754 2007.0/i586/libxine1-1.1.2-3.1mdv2007.0.i586.rpm
5cc4212e46690c5910f11bb574e073d3 2007.0/i586/libxine1-devel-1.1.2-3.1mdv2007.0.i586.rpm
ac59fa02078f3989ceb189b96cdef41f 2007.0/i586/xine-aa-1.1.2-3.1mdv2007.0.i586.rpm
86efab30b6c71cb3847b5229ca1067ca 2007.0/i586/xine-arts-1.1.2-3.1mdv2007.0.i586.rpm
3d731488c545b27e1295e758e3f674ac 2007.0/i586/xine-dxr3-1.1.2-3.1mdv2007.0.i586.rpm
c85c713e002fe6009eef3a8ce191ca73 2007.0/i586/xine-esd-1.1.2-3.1mdv2007.0.i586.rpm
af8bf9bd553334e8bce2dbc257fb2ce9 2007.0/i586/xine-flac-1.1.2-3.1mdv2007.0.i586.rpm
8da4facf9142237c874da9790f44e014 2007.0/i586/xine-gnomevfs-1.1.2-3.1mdv2007.0.i586.rpm
da7022eb9498f9dba321893fc35378a4 2007.0/i586/xine-image-1.1.2-3.1mdv2007.0.i586.rpm
6dfe4067a98de2e9344752ec369149bb 2007.0/i586/xine-plugins-1.1.2-3.1mdv2007.0.i586.rpm
89a7386ed3c2b821f9dd2715d23699c2 2007.0/i586/xine-sdl-1.1.2-3.1mdv2007.0.i586.rpm
6a8c17bd9d98744c57ddb5b12d78d197 2007.0/i586/xine-smb-1.1.2-3.1mdv2007.0.i586.rpm
eb3473147c0d7cdfa3b0d48ff37dc61a 2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
bdd79df2e0097f84a2f5772c4ca6136f 2007.0/x86_64/lib64xine1-1.1.2-3.1mdv2007.0.x86_64.rpm
6ba8f3c17541fd13ac77d55120758042 2007.0/x86_64/lib64xine1-devel-1.1.2-3.1mdv2007.0.x86_64.rpm
d71799253d4c012e1e3f64d3bc58d7cc 2007.0/x86_64/xine-aa-1.1.2-3.1mdv2007.0.x86_64.rpm
9d39171f79b30e7eb4c8ca2370e483b5 2007.0/x86_64/xine-arts-1.1.2-3.1mdv2007.0.x86_64.rpm
246c0799945641ea013cc41b5409deea 2007.0/x86_64/xine-dxr3-1.1.2-3.1mdv2007.0.x86_64.rpm
dcc81b8d0ba73799019e2d8638d5ec20 2007.0/x86_64/xine-esd-1.1.2-3.1mdv2007.0.x86_64.rpm
f3d6cf4c186265c72b235bf20817de9d 2007.0/x86_64/xine-flac-1.1.2-3.1mdv2007.0.x86_64.rpm
57684a9c46601d685fb2a00bdc01eddd 2007.0/x86_64/xine-gnomevfs-1.1.2-3.1mdv2007.0.x86_64.rpm
fdf75b1bcaecb2f49fddd40d96a75ea7 2007.0/x86_64/xine-image-1.1.2-3.1mdv2007.0.x86_64.rpm
3c8f9ab5f54574b6c1ac04e494597631 2007.0/x86_64/xine-plugins-1.1.2-3.1mdv2007.0.x86_64.rpm
fa5133b6f2543e6de6425efcbd7cd435 2007.0/x86_64/xine-sdl-1.1.2-3.1mdv2007.0.x86_64.rpm
fd42d77bf716df6f53fb3dd4093bdafc 2007.0/x86_64/xine-smb-1.1.2-3.1mdv2007.0.x86_64.rpm
eb3473147c0d7cdfa3b0d48ff37dc61a 2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm

Corporate 3.0:
db41592447e7e73730797aa9bf498ad5 corporate/3.0/i586/libxine1-1-0.rc3.6.13.C30mdk.i586.rpm
84b3f62d20a29c48e8e910b6316bcfb5 corporate/3.0/i586/libxine1-devel-1-0.rc3.6.13.C30mdk.i586.rpm
f805b3d9402c19ab772f80b2e8b1eafc corporate/3.0/i586/xine-aa-1-0.rc3.6.13.C30mdk.i586.rpm
8825c4a718b38706da515ec6c35ccaba corporate/3.0/i586/xine-arts-1-0.rc3.6.13.C30mdk.i586.rpm
261649da7010f98bff6a83e690f9c7cc corporate/3.0/i586/xine-dxr3-1-0.rc3.6.13.C30mdk.i586.rpm
f38a295e8a8fb8c61d7dfd607498c0ad corporate/3.0/i586/xine-esd-1-0.rc3.6.13.C30mdk.i586.rpm
5a06155242921b82936a1e727ae0f95d corporate/3.0/i586/xine-flac-1-0.rc3.6.13.C30mdk.i586.rpm
e50866249d9ceacc9a487ea9d7ae42d6 corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.13.C30mdk.i586.rpm
9c9ddb6cbd1c57cb8f31a29214666b78 corporate/3.0/i586/xine-plugins-1-0.rc3.6.13.C30mdk.i586.rpm
6c87980235f4aaeedb8671384c8542a7 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm

Corporate 3.0/X86_64:
3f2792ec38f9f9327a8de63d0d0fa675 corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.13.C30mdk.x86_64.rpm
6c9491f30d6ba186d65e287bc86ad48f corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.13.C30mdk.x86_64.rpm
83629afd6aa2e9abeb479e7bf8abd969 corporate/3.0/x86_64/xine-aa-1-0.rc3.6.13.C30mdk.x86_64.rpm
bcd60c934b0c514a0e3f877c616b1582 corporate/3.0/x86_64/xine-arts-1-0.rc3.6.13.C30mdk.x86_64.rpm
1ba79beb8e795aefa83a5033e78cd5a8 corporate/3.0/x86_64/xine-esd-1-0.rc3.6.13.C30mdk.x86_64.rpm
43c80a0e726695afe9e9e22fb11e7ceb corporate/3.0/x86_64/xine-flac-1-0.rc3.6.13.C30mdk.x86_64.rpm
f20e49f4a5b8ee79172b2c2b153f7d9b corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.13.C30mdk.x86_64.rpm
bea5d059056a9771172fc3b25c04ac5a corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.13.C30mdk.x86_64.rpm
6c87980235f4aaeedb8671384c8542a7 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHDosmqjQ0CJFipgRAvIwAJ9ksuDWipI2eiizX1c1z63pikV6ZgCglg46
5adSZ8Y+mHDBnF10FxZxh6Q=
=Eqae
- -----END PGP SIGNATURE-----


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |