[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] [ MDVSA-2010:086 ] kdegraphics
From: security () mandriva ! com
Date: 2010-04-29 16:46:00
Message-ID: E1O7WsC-0003Kr-To () titan ! mandriva ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:086
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdegraphics
Date : April 29, 2010
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in kpdf
(kdegraphics):
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).
Integer overflow in the ImageStream::ImageStream function in Stream.cc
in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,
kdegraphics KPDF, and CUPS pdftops, allows remote attackers to
cause a denial of service (application crash) via a crafted PDF
document that triggers a NULL pointer dereference or buffer over-read
(CVE-2009-3609).
The updated packages have been patched to correct thess issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
7516e0848c44df457c66023cfbf3f048 \
corporate/4.0/i586/kdegraphics-3.5.4-0.10.20060mlcs4.i586.rpm 5666b09e7ef5d88203838cedfd2d88db \
corporate/4.0/i586/kdegraphics-common-3.5.4-0.10.20060mlcs4.i586.rpm \
14d1ff62b2465f331d3788b4dd22de44 \
corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.10.20060mlcs4.i586.rpm \
ecc2646cb08368bbd1d49d694aeb1fe0 \
corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.10.20060mlcs4.i586.rpm \
05cba25393b6f1e73e0c55b285ae2cd2 \
corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.10.20060mlcs4.i586.rpm \
14749a2f8ef91bb9713b76989a877a5b \
corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.10.20060mlcs4.i586.rpm \
f42381d02628bc4d85cf94d91dd1a8a5 \
corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.10.20060mlcs4.i586.rpm \
5ace96332c25f47211f6fa705f56062a \
corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.10.20060mlcs4.i586.rpm \
a8ae05e70d377d9405e3ccf06a908594 \
corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.10.20060mlcs4.i586.rpm \
89536a64bc03ad30c63f82a81431f5bb \
corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.10.20060mlcs4.i586.rpm \
244e14fccc2a7ea483b8e4357a557491 \
corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.10.20060mlcs4.i586.rpm \
76931963215fb01fa089ed50d128518a \
corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.10.20060mlcs4.i586.rpm \
41f035901a6e7d02f6660e09b6f2f8c0 \
corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.10.20060mlcs4.i586.rpm \
0d5e9b194010d337d9f06197b7c95639 \
corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.10.20060mlcs4.i586.rpm \
8b3b75436fd4f114d7f9378b8105e754 \
corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.10.20060mlcs4.i586.rpm \
93fa032cd655c86d2abc28c665627e45 \
corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.10.20060mlcs4.i586.rpm \
081be1ecf29eebddb7d1845090385f2b \
corporate/4.0/i586/kdegraphics-kview-3.5.4-0.10.20060mlcs4.i586.rpm \
310e5eccf7262ad58b04ee10800faad9 \
corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.10.20060mlcs4.i586.rpm \
1602d66732dad9cb52af63b2449e0688 \
corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.10.20060mlcs4.i586.rpm \
c144c11eb352c641b148b0457b8ac88e \
corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.10.20060mlcs4.i586.rpm \
1d08d1b3b0b900bcd023283d2d3bba0e \
corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.10.20060mlcs4.i586.rpm \
ff7c5a34313338e5520c18742701385c \
corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.10.20060mlcs4.i586.rpm \
49e8588a43b70a872301c62ce268689d \
corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.10.20060mlcs4.i586.rpm \
0727264310abaca4cfd6ae70d467d213 \
corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.10.20060mlcs4.i586.rpm \
3040cf98cf5ea8d2933e04bcb3a1738c \
corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.10.20060mlcs4.i586.rpm \
61df87395f4995d5ccd054dd4f0cc61b \
corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.10.20060mlcs4.i586.rpm \
c207428db466c818a241052da5ebe15e \
corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.10.20060mlcs4.i586.rpm \
0fcaba44ef4744e80eed3d8957933c12 \
corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.10.20060mlcs4.i586.rpm \
64161ef73c7ab9601992a7b69f21208c \
corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.10.20060mlcs4.i586.rpm \
844cc5ff9aec1ca35d4a435609ec378c \
corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.10.20060mlcs4.i586.rpm \
a99ada16ebe8dd729a7436114473541c corporate/4.0/SRPMS/kdegraphics-3.5.4-0.10.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
bbb1c07b3d9159a0991d5de6e09c4199 \
corporate/4.0/x86_64/kdegraphics-3.5.4-0.10.20060mlcs4.x86_64.rpm \
ed82d92515188e06e40c6c362670b6dd \
corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.10.20060mlcs4.x86_64.rpm \
803388ff4694f3d9169b57b47cdc6f16 \
corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.10.20060mlcs4.x86_64.rpm \
a9e93ed018155df72ee7a9d1c0f67779 \
corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.10.20060mlcs4.x86_64.rpm \
177fcf15e008414133fd8a3223ceab05 \
corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.10.20060mlcs4.x86_64.rpm \
9891401861d9950555b7eb3eb63931a5 \
corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.10.20060mlcs4.x86_64.rpm \
eb73cce056dfdddd36ea01c0ef112135 \
corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.10.20060mlcs4.x86_64.rpm \
6725fcf246421d294623a8fc6202096c \
corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.10.20060mlcs4.x86_64.rpm \
9c14ce7c4a0dfd70b0ee0a159a9527fd \
corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.10.20060mlcs4.x86_64.rpm \
3ca4e634b68a4877b3df2f2730976940 \
corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.10.20060mlcs4.x86_64.rpm \
34fc8e9f069ce0b6393fa9e2aa3f1806 \
corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.10.20060mlcs4.x86_64.rpm \
5a575ad44307deea5f446f8b63205b71 \
corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.10.20060mlcs4.x86_64.rpm \
16fa8b617ac527b6c4f74682343317b1 \
corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.10.20060mlcs4.x86_64.rpm \
2624df0e89cb3bd2e492ec6959edb4ea \
corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.10.20060mlcs4.x86_64.rpm \
cab961c9b77b093686747485b14ae9fa \
corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.10.20060mlcs4.x86_64.rpm \
42b639392697adb880bc654884365fad \
corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.10.20060mlcs4.x86_64.rpm \
c6ca4dbfd287f10e51c7128b271524c6 \
corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.10.20060mlcs4.x86_64.rpm \
c6c69f09f7082aceedae257b17e0a432 \
corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.10.20060mlcs4.x86_64.rpm \
aebcc4ad4b384bb11a16e6f66d65bb56 \
corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.10.20060mlcs4.x86_64.rpm \
ed598af746edfd78849974f9e97fd84e \
corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.10.20060mlcs4.x86_64.rpm \
df4dd77012321a622497aaa49b786a47 \
corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.10.20060mlcs4.x86_64.rpm \
a5c79df665d130309205e095be03fe9d \
corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.10.20060mlcs4.x86_64.rpm \
28571cddd5faa49bfcfa420f8ad44b26 \
corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.10.20060mlcs4.x86_64.rpm \
6f7283e22c108f1abe06c33731968915 \
corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.10.20060mlcs4.x86_64.rpm \
ec7d87bff7470fdc2d2a1a6c4647b22b \
corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.10.20060mlcs4.x86_64.rpm \
0f5b689a6c9f53869fe782586d3dd2c1 \
corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.10.20060mlcs4.x86_64.rpm \
d25ecd2371ae49fa56de4697bb7176ea \
corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.10.20060mlcs4.x86_64.rpm \
1d591dde477bf4eab3a006c1000e292e \
corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.10.20060mlcs4.x86_64.rpm \
483f9188ac42cd2471acabdb032382b3 \
corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.10.20060mlcs4.x86_64.rpm \
7dc98dd9fa9c6e3c4cd9468ab81d8223 \
corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.10.20060mlcs4.x86_64.rpm \
a99ada16ebe8dd729a7436114473541c corporate/4.0/SRPMS/kdegraphics-3.5.4-0.10.20060mlcs4.src.rpm \
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL2akVmqjQ0CJFipgRAlCbAJ9RRBe8PvRpCUYLUFB/Ei83uyCc6ACgihkT
XlGTaX5htk16A28W5+kVAc0=
=sboC
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic