securitymandriva.com
Date: Tue Jun 27 2006 - 20:33:00 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory MDKSA-2006:113
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tetex
 Date : June 27, 2006
 Affected: 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Integer overflows were reported in the GD Graphics Library (libgd)
 2.0.28, and possibly other versions. These overflows allow remote
 attackers to cause a denial of service and possibly execute arbitrary
 code via PNG image files with large image rows values that lead to a
 heap-based buffer overflow in the gdImageCreateFromPngCtx() function.
 Tetex contains an embedded copy of the GD library code. (CAN-2004-0941)
 
 The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
 Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers
 to cause a denial of service (CPU consumption) via malformed GIF data that
 causes an infinite loop. Tetex contains an embedded copy of the GD library
 code. (CVE-2006-2906)
 
 Updated packages have been patched to address both issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 5bcf729ccb4caca85d8d2142293b2d77 10.2/RPMS/jadetex-3.12-106.2.102mdk.i586.rpm
 bc31e31b117e2a751da7849907df917c 10.2/RPMS/tetex-3.0-8.2.102mdk.i586.rpm
 0910bcc1bce95b11963262c3b722fc47 10.2/RPMS/tetex-afm-3.0-8.2.102mdk.i586.rpm
 a3eac32b19e1c212c6ec8bf5ba6ca34a 10.2/RPMS/tetex-context-3.0-8.2.102mdk.i586.rpm
 b4a7db5b9c127e2399afdaf478f1141f 10.2/RPMS/tetex-devel-3.0-8.2.102mdk.i586.rpm
 9679b875893e7a5d283802472cf784eb 10.2/RPMS/tetex-doc-3.0-8.2.102mdk.i586.rpm
 3b250dbb1aa85b427f149eeb7b93bee5 10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.i586.rpm
 2af97694741d1589b9d4f4e9e2fff794 10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.i586.rpm
 713efa8fa744a3cb344ec016c7892be3 10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.i586.rpm
 8646db9366788d889c03333975a58fb3 10.2/RPMS/tetex-latex-3.0-8.2.102mdk.i586.rpm
 4b2bb6743bdda9afc4acaa5e9886eaf5 10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.i586.rpm
 b2f6632e88505d5449369f352bd3defe 10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.i586.rpm
 4c6665db413bc2763e671368c594b96d 10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.i586.rpm
 95689eb1cd6a82f24063af60dd6f6427 10.2/RPMS/xmltex-1.9-54.2.102mdk.i586.rpm
 73dffa296703ab7de146d3fbe811ab10 10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 e67d983720943369fde6b38fadae015a x86_64/10.2/RPMS/jadetex-3.12-106.2.102mdk.x86_64.rpm
 75416081cfc3cdf6a8ccfe689618cae8 x86_64/10.2/RPMS/tetex-3.0-8.2.102mdk.x86_64.rpm
 81ad797551550873a29f408bd0740ac7 x86_64/10.2/RPMS/tetex-afm-3.0-8.2.102mdk.x86_64.rpm
 37f969186982784662e8ea84acd93713 x86_64/10.2/RPMS/tetex-context-3.0-8.2.102mdk.x86_64.rpm
 d20f39d3ef368502677cb5e137c41831 x86_64/10.2/RPMS/tetex-devel-3.0-8.2.102mdk.x86_64.rpm
 29717e89753a6566846d77c38d0ea661 x86_64/10.2/RPMS/tetex-doc-3.0-8.2.102mdk.x86_64.rpm
 ed84f2352218a281b3e926a00be8503c x86_64/10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.x86_64.rpm
 09c946780c1bee9c2c66fbc0456d3225 x86_64/10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.x86_64.rpm
 dbd732fc3fbd6b95d4cdf819ce5229a2 x86_64/10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.x86_64.rpm
 b0c55dba84cf1c9be4f3e04d2ce53e41 x86_64/10.2/RPMS/tetex-latex-3.0-8.2.102mdk.x86_64.rpm
 73dcdebb1514d70b2bba997ce3562453 x86_64/10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.x86_64.rpm
 95f4fa468924bd6be520da4dde69d379 x86_64/10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.x86_64.rpm
 54cfa5d726e5b53a2811e601c351b8c9 x86_64/10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.x86_64.rpm
 1ed4d39c162d2153a7741effdedcd7ad x86_64/10.2/RPMS/xmltex-1.9-54.2.102mdk.x86_64.rpm
 73dffa296703ab7de146d3fbe811ab10 x86_64/10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 c0cc16cb92ca140fa0cd77ab3082334c 2006.0/RPMS/jadetex-3.12-110.2.20060mdk.i586.rpm
 2a599e06878cfd913ee2460352d18833 2006.0/RPMS/tetex-3.0-12.2.20060mdk.i586.rpm
 80577accadf3ccede359d1c305e3cb62 2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.i586.rpm
 b1e27b6283a17194ef4feead5033b939 2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.i586.rpm
 e735ccd87def0f4a8bf1262aa3d92ca6 2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.i586.rpm
 dbd71f3daf27a1bafba42eb0051f2fab 2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.i586.rpm
 eea80943eaef26d2d0d40d4ef7e183aa 2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.i586.rpm
 05ce22c18eb82c10a6306cbe8d2446fa 2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.i586.rpm
 0d1270c9b9f940d3206aaa1be682b1cf 2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.i586.rpm
 962a78f23d0607544ffa35045b7af955 2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.i586.rpm
 4e823ca61b25f0285c75dc1886947e73 2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.i586.rpm
 44df21439b36aa5e9b60055b4f77936d 2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.i586.rpm
 8eab912c43ee68f35cdd1f9480d5951c 2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.i586.rpm
 6d8ba515e52f4abfd54dd306174462c7 2006.0/RPMS/xmltex-1.9-58.2.20060mdk.i586.rpm
 81d035449228282e7a72419f4b260e7a 2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 0466f60289f9ce688130e6d0a508e8bc x86_64/2006.0/RPMS/jadetex-3.12-110.2.20060mdk.x86_64.rpm
 faf6465bf63a2f6719def5d3fb17ef17 x86_64/2006.0/RPMS/tetex-3.0-12.2.20060mdk.x86_64.rpm
 32f99226647319d5347d19077788bd5b x86_64/2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.x86_64.rpm
 1d1aaee40dad532423173ccea3849e75 x86_64/2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.x86_64.rpm
 10d68d89752022e5bdf74ff0b07f1884 x86_64/2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.x86_64.rpm
 309c4b8d26fd7b6531b9ab183256191c x86_64/2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.x86_64.rpm
 1afd5620adaad5e7a43a5f5b08aec37d x86_64/2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.x86_64.rpm
 db2d9cc973c213cc3abe78bdf919c4bc x86_64/2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.x86_64.rpm
 e1dffcb652dc8d246d0da1ec6620bd05 x86_64/2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.x86_64.rpm
 e792f17a436aae19883b979f32c08a33 x86_64/2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.x86_64.rpm
 b992bf51cb291e396a4a7f5d75bd2e84 x86_64/2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.x86_64.rpm
 eade7aa0e9665969c8d73bb7909da672 x86_64/2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.x86_64.rpm
 f1e9462e7213c74bcc59c27242b8d03b x86_64/2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.x86_64.rpm
 4d1ade13bb2ffed71cb2f6d45165a672 x86_64/2006.0/RPMS/xmltex-1.9-58.2.20060mdk.x86_64.rpm
 81d035449228282e7a72419f4b260e7a x86_64/2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEoa+vmqjQ0CJFipgRAmsqAKCDUHSEmHsPgDtQw43QlcPkN0HbnACfQrNM
aLENiehuiJNvmKyOFy6DVuo=
=7QK6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]