LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: [ MDVSA-2009:080 ] glib2.0 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input (CVE-2008-4316).
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:080
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : glib2.0
 Date    : March 26, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 Multiple integer overflows in GLib's Base64 encoding and decoding
 functions enable attackers (possibly remote ones, depending on
 the applications glib2 is linked against with - mostly GNOME ones)
 either to cause denial of service and to execute arbitrary code via
 an untrusted input (CVE-2008-4316).
 
 This update provide the fix for that security issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 ec6549c72d1fb6125ab8d398586ea4fb  2008.0/i586/glib2.0-common-2.14.1-2.1mdv2008.0.i586.rpm
 af169954484c24fb30888317ae22b408  2008.0/i586/glib-gettextize-2.14.1-2.1mdv2008.0.i586.rpm
 f933fbb158f4a94311ea0adb0267abfd  2008.0/i586/libglib2.0_0-2.14.1-2.1mdv2008.0.i586.rpm
 36f304c0aec1f7989146364acaf8c0b2  2008.0/i586/libglib2.0_0-devel-2.14.1-2.1mdv2008.0.i586.rpm 
 1786bde9976bce5014db73d0801b38ac  2008.0/SRPMS/glib2.0-2.14.1-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 9cf29b7dbebf5048084b6b1f35e0f4cb  2008.0/x86_64/glib2.0-common-2.14.1-2.1mdv2008.0.x86_64.rpm
 270bcf8ba069c5ac6b6e6cf89987b807  2008.0/x86_64/glib-gettextize-2.14.1-2.1mdv2008.0.x86_64.rpm
 31031ac78ab9d873a29fa369ff30e610  2008.0/x86_64/lib64glib2.0_0-2.14.1-2.1mdv2008.0.x86_64.rpm
 9c1d61a59e7c60092e1c0e3908bb6a65  2008.0/x86_64/lib64glib2.0_0-devel-2.14.1-2.1mdv2008.0.x86_64.rpm 
 1786bde9976bce5014db73d0801b38ac  2008.0/SRPMS/glib2.0-2.14.1-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 1baba5d7eb9f0c432bf73fd88b4ed7b2  2008.1/i586/glib2.0-common-2.16.2-1.1mdv2008.1.i586.rpm
 25195a507ab1cb4c83821ec13b73c2de  2008.1/i586/glib-gettextize-2.16.2-1.1mdv2008.1.i586.rpm
 0842c6fcbc536211ccf2a0a4d87e3546  2008.1/i586/libgio2.0_0-2.16.2-1.1mdv2008.1.i586.rpm
 0e8cf91144c192f2bb5f35baf83f962c  2008.1/i586/libglib2.0_0-2.16.2-1.1mdv2008.1.i586.rpm
 6323a69186cb517ae2863d7a76781048  2008.1/i586/libglib2.0-devel-2.16.2-1.1mdv2008.1.i586.rpm 
 7ae19c9ab3b92c24968805d227a59016  2008.1/SRPMS/glib2.0-2.16.2-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 1589cb70c3243cef09da4d50c15b09b1  2008.1/x86_64/glib2.0-common-2.16.2-1.1mdv2008.1.x86_64.rpm
 6c2579e55949fbe1835adf31ea5131bd  2008.1/x86_64/glib-gettextize-2.16.2-1.1mdv2008.1.x86_64.rpm
 194712afcd7513be076a6759525f12f9  2008.1/x86_64/lib64gio2.0_0-2.16.2-1.1mdv2008.1.x86_64.rpm
 3da1dd0e0141705c2c0e31499dd75608  2008.1/x86_64/lib64glib2.0_0-2.16.2-1.1mdv2008.1.x86_64.rpm
 36eed7d79a1e42f832db1e45fba41e7c  2008.1/x86_64/lib64glib2.0-devel-2.16.2-1.1mdv2008.1.x86_64.rpm 
 7ae19c9ab3b92c24968805d227a59016  2008.1/SRPMS/glib2.0-2.16.2-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 690e5195cc87714bdc3cc0fbd5d1e443  2009.0/i586/glib2.0-common-2.18.1-1.1mdv2009.0.i586.rpm
 d9ca28417fae46f7fb2623a12d43ae0a  2009.0/i586/glib-gettextize-2.18.1-1.1mdv2009.0.i586.rpm
 515b3c6e02aaa3d2323b2205b77e4f60  2009.0/i586/libgio2.0_0-2.18.1-1.1mdv2009.0.i586.rpm
 05ef65b0189ed3df27459b0357e84156  2009.0/i586/libglib2.0_0-2.18.1-1.1mdv2009.0.i586.rpm
 7433775a074a0631631f9a36c38cb603  2009.0/i586/libglib2.0-devel-2.18.1-1.1mdv2009.0.i586.rpm 
 dc74fa4eccc0e8a4fe016d6e48efd7c2  2009.0/SRPMS/glib2.0-2.18.1-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 a354c7986fc2d17ea31679d5c9c3c32c  2009.0/x86_64/glib2.0-common-2.18.1-1.1mdv2009.0.x86_64.rpm
 c696c96b510cc0d983c3f4449208109d  2009.0/x86_64/glib-gettextize-2.18.1-1.1mdv2009.0.x86_64.rpm
 fc5eb4080df3b6670b53952c82f0df47  2009.0/x86_64/lib64gio2.0_0-2.18.1-1.1mdv2009.0.x86_64.rpm
 29fc292f7f40bcf4a64b889694141d5e  2009.0/x86_64/lib64glib2.0_0-2.18.1-1.1mdv2009.0.x86_64.rpm
 479553db25caae6550ab085986b88801  2009.0/x86_64/lib64glib2.0-devel-2.18.1-1.1mdv2009.0.x86_64.rpm 
 dc74fa4eccc0e8a4fe016d6e48efd7c2  2009.0/SRPMS/glib2.0-2.18.1-1.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.