LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated kdegraphics packages fixes heap-based buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:031
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdegraphics
 Date    : February 2, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
 cause a denial of service and possibly execute arbitrary code via
 crafted splash images that produce certain values that exceed the width
 or height of the associated bitmap.
 
 Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same
 issues.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 05cc9d9192609e6947a23751b6fb21b1  2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.i586.rpm
 708cbdb3e41c7108db265490e5779cd3  2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.i586.rpm
 6c96fdbb9db6927eba1c1fe6f4f5cf12  2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.i586.rpm
 d04355d153efa6c3274c106ffdb23776  2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.i586.rpm
 377ab151f92b3ef1d02dd280010491b2  2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.i586.rpm
 db0ba637603ff299b83b789db9acf98f  2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.i586.rpm
 314122999fcee0d62e79db850fe0876c  2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.i586.rpm
 bad7784d58903a1d7d76aa9b3ae56345  2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.i586.rpm
 e530e96917b2296cfb289f5123a042ac  2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.i586.rpm
 3adf08e61864ebf9b1da4916bf4aa5b3  2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.i586.rpm
 92a9d22e62ca1dc95b16ba5b192881f6  2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm
 6dfe5233ca18b1c1780505c203e0bb7e  2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.i586.rpm
 926a91082443f7cf04adcf3126be09ab  2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.i586.rpm
 e502164d57e4e28cdf5f6bf7ddfd3fea  2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.i586.rpm
 f6274a326d1234b5cdbbe6ea6ee5074e  2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.i586.rpm
 b627c6d89626522c7ac0b1db1aff60d5  2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.i586.rpm
 51f6043b09660216cf3b58183ae4c0e9  2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm
 c729f766472b88783c1e7ed01c278102  2006.0/RPMS/libkdegraphics0-common-3.4.2-11.5.20060mdk.i586.rpm
 31cb7fb149f7b5c9ef8d72864daa8862  2006.0/RPMS/libkdegraphics0-common-devel-3.4.2-11.5.20060mdk.i586.rpm
 386c0569e197451fea5a4e397dfacec4  2006.0/RPMS/libkdegraphics0-kghostview-3.4.2-11.5.20060mdk.i586.rpm
 3c4d500b7bcd7d100e50f1076feca5c6  2006.0/RPMS/libkdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.i586.rpm
 6d4bea12f029996bfcfded04875479c3  2006.0/RPMS/libkdegraphics0-kooka-3.4.2-11.5.20060mdk.i586.rpm
 04eb92287e1d099f8aac20796b55a22b  2006.0/RPMS/libkdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.i586.rpm
 838aacb3a057a7f5a6d7d8cc11458761  2006.0/RPMS/libkdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm
 acf180efd104a8296558223d6eb8d863  2006.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.i586.rpm
 7b05741f85f1e3136435e8beb0507019  2006.0/RPMS/libkdegraphics0-ksvg-3.4.2-11.5.20060mdk.i586.rpm
 6b9fed5002103f7a5b5a7018f0334cee  2006.0/RPMS/libkdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.i586.rpm
 c0c2f0e7110b22b38bb5c3b84c860f09  2006.0/RPMS/libkdegraphics0-kuickshow-3.4.2-11.5.20060mdk.i586.rpm
 d90c7ff03a87f7c8df35f9005671d16b  2006.0/RPMS/libkdegraphics0-kview-3.4.2-11.5.20060mdk.i586.rpm
 7f09c2c76e06d81090c4a646fa602b4a  2006.0/RPMS/libkdegraphics0-kview-devel-3.4.2-11.5.20060mdk.i586.rpm
 24762cf35a4cb099b04da82ed33d746f  2006.0/RPMS/libkdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm
 1a2d59d9479691a3ccc608e37fa26e04  2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c369e1bd017e812362140e73ad38cf62  x86_64/2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.x86_64.rpm
 0716ba07a943676453db8eb61dd392f4  x86_64/2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.x86_64.rpm
 160a394b89558f0b09585748c868472b  x86_64/2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.x86_64.rpm
 736c45f562adfcc7136e33e945b29be5  x86_64/2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.x86_64.rpm
 a5bc85d02768c18ddeb0c147c4677d15  x86_64/2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm
 2b90ae6915d37dc13362ef33b0915cb1  x86_64/2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.x86_64.rpm
 165c3a2e8b33be77152296874655444e  x86_64/2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.x86_64.rpm
 fd5aaa8b3888807d0ec5a7dd192e671c  x86_64/2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.x86_64.rpm
 e9b0276671716cd811cdacb18b492830  x86_64/2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.x86_64.rpm
 0d73da118e80bec6d3d1791bb34a9bc6  x86_64/2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.x86_64.rpm
 a2e8103a0fd161932b99ca8f7eb517f4  x86_64/2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm
 7378fab60dc020eedb221cb4d25ed995  x86_64/2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.x86_64.rpm
 db7c0db8972d74c6353f1084c2dc4d9e  x86_64/2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.x86_64.rpm
 3e1746013811890a9a0343f4e8e677f6  x86_64/2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm
 642d97e4d5a1d580374126599a9c181e  x86_64/2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm
 1d994fa4335d071200eba9f8122166bb  x86_64/2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.x86_64.rpm
 71663aeaa0e4eaa2d7d9dc0252e8de6a  x86_64/2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm
 2f4c23ad97a4c6c4153f0b3ca70074ae  x86_64/2006.0/RPMS/lib64kdegraphics0-common-3.4.2-11.5.20060mdk.x86_64.rpm
 30be8ac0103fccab32ed6b50c6ff134e  x86_64/2006.0/RPMS/lib64kdegraphics0-common-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 06084720cd58adc260ae65fb2c23440c  x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm
 817dfe2a4ab8d3abcb593e9532b884c8  x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 788e0915c0069225f2b023da2977bc79  x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-3.4.2-11.5.20060mdk.x86_64.rpm
 0b95a7b54b2356b9123eddf6acec89e7  x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 219da1cd37be7e8264f8a56b286e01d3  x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm
 d7d1e8e2154d17caf6a9073969da8368  x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 82438b1c5d006f1fc2aa16fe2d1a61a9  x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm
 74214cc1a30a890dd293b9b7ce719528  x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 bb9f9ae2fb0975bfd1269e02cd3d4ce8  x86_64/2006.0/RPMS/lib64kdegraphics0-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm
 4512e36dfa5f7bb9172a9b2fcf3e4618  x86_64/2006.0/RPMS/lib64kdegraphics0-kview-3.4.2-11.5.20060mdk.x86_64.rpm
 40d4fb84716f36eb4e1c8b4d67d4c6b1  x86_64/2006.0/RPMS/lib64kdegraphics0-kview-devel-3.4.2-11.5.20060mdk.x86_64.rpm
 3ab99c3335f68457bb0896abfc407892  x86_64/2006.0/RPMS/lib64kdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm
 1a2d59d9479691a3ccc608e37fa26e04  x86_64/2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.