Debian Security Advisory DSA 1258-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
February 7th, 2007 http://www.debian.org/security/faq
Package : mozilla-firefox
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501
CVE-2006-6502 CVE-2006-6503
CERT advisories: VU#263412 VU#405092 VU#427972 VU#428500 VU#447772
VU#606260
BugTraq ID : 21668
Debian Bug :
Several security related problems have been discovered in
Mozilla and derived products such as Mozilla Firefox. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:
CVE-2006-6497
Several vulnerabilities in the layout engine allow remote
attackers to cause a denial of service and possibly permit them to
execute arbitrary code. [MFSA 2006-68]
CVE-2006-6498
Several vulnerabilities in the JavaScript engine allow remote
attackers to cause a denial of service and possibly permit them to
execute arbitrary code. [MFSA 2006-68]
CVE-2006-6499
A bug in the js_dtoa function allows remote attackers to cause a
denial of service. [MFSA 2006-68]
CVE-2006-6501
“shutdown” discovered a vulnerability that allows remote
attackers to gain privileges and install malicious code via the
watch JavaScript function. [MFSA 2006-70]
CVE-2006-6502
Steven Michaud discovered a programming bug that allows remote
attackers to cause a denial of service. [MFSA 2006-71]
CVE-2006-6503
“moz_bug_r_a4” reported that the src attribute of an IMG element
could be used to inject JavaScript code. [MFSA 2006-72]
For the stable distribution (sarge) these problems have been
fixed in version 1.0.2-2.sarge1.0.8e.2.
For the testing (etch) and unstable (sid) distribution these
problems have been fixed in version 1.5.0.9.dfsg1-1 of icedove.
We recommend that you upgrade your Mozilla Thunderbird and
Icedove packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
Size/MD5 checksum: 1003
98589a4dcffac076c95e1d3aa3aebadf
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2.diff.gz
Size/MD5 checksum: 565274
897aa9e909e426a86d23314b34979440
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
Size/MD5 checksum: 33288906
806175393a226670aa66060452d31df4
Alpha architecture:
Size/MD5 checksum: 12887452
7fae4782cf5821d6d95ccde5d6649ccb
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_alpha.deb
Size/MD5 checksum: 3519306
849e410705ca14e5f295b345083f70f0
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_alpha.deb
Size/MD5 checksum: 154092
e3018444e2cb9d14f95c79c77a854281
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_alpha.deb
Size/MD5 checksum: 35098
153cb6752ca559a48eda9f330137a11a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_alpha.deb
Size/MD5 checksum: 91436
362b189e0b8020bc4a1d97c78e8d83ab
AMD64 architecture:
Size/MD5 checksum: 12273698
114e74f8fa22b052605343d805363a0a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_amd64.deb
Size/MD5 checksum: 3285226
00c01353f18b817960c1bb69e4d8184c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_amd64.deb
Size/MD5 checksum: 152186
2699607eb92737a5b199642562dc245a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_amd64.deb
Size/MD5 checksum: 34622
1884509c2052b9410bfcc2edc0889b4b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_amd64.deb
Size/MD5 checksum: 90410
ae62e9342e916565d5c61e10f5726d6b
ARM architecture:
Size/MD5 checksum: 10353110
f16deab7a50d4825ed607e6e288f2fae
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_arm.deb
Size/MD5 checksum: 3277278
b6012b40deb470e8997a8a8b4bed63c3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_arm.deb
Size/MD5 checksum: 144322
e9f1a4f97dcdc2500f11893df4a83090
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_arm.deb
Size/MD5 checksum: 34634
f6097688447e83bb89e32f43f02bbe76
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_arm.deb
Size/MD5 checksum: 82372
d548ef5e6c5168dea0ebcfd487bf538a
HP Precision architecture:
Size/MD5 checksum: 13585836
22bf188382e0b9eeab3e8668a7829313
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_hppa.deb
Size/MD5 checksum: 3288674
1b5ec46286ea477290c18e168a6275ef
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_hppa.deb
Size/MD5 checksum: 154352
c6729cc890884a0eca77f05ccd6bab0b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_hppa.deb
Size/MD5 checksum: 34628
3f84dfddd9efddaaa4f21d58a3653df4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_hppa.deb
Size/MD5 checksum: 98454
6e6decf81bddd8ea00c1368fa2b5e723
Intel IA-32 architecture:
Size/MD5 checksum: 11586880
f38dd2061ea093c4b6cbc0a080d1c40e
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_i386.deb
Size/MD5 checksum: 3512118
61c00c5bccc32bd011e274249d921696
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_i386.deb
Size/MD5 checksum: 147880
80d5872d2028eb50208cf8eea839abe7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_i386.deb
Size/MD5 checksum: 34624
3338dcfb4c556496ac4a4ca7d3ab2a2d
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_i386.deb
Size/MD5 checksum: 89148
9ebbc2a0746e072cdeab95fd5c89f09d
Intel IA-64 architecture:
Size/MD5 checksum: 14647370
452343151d070c164e7974fe2ee7a5c2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_ia64.deb
Size/MD5 checksum: 3294046
088221d0e1a94ab9ff9a85abf0c9dce0
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_ia64.deb
Size/MD5 checksum: 156478
c1f0352991dda272adc4e98a01f6da04
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_ia64.deb
Size/MD5 checksum: 34622
01497338dcbd76afba7b6f92ab600218
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_ia64.deb
Size/MD5 checksum: 108286
5e996c3ce7ebb544fce21ee4a0b3be3e
Motorola 680×0 architecture:
Size/MD5 checksum: 10805538
1cd3d59f940e597ae5ea9db2b500b397
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_m68k.deb
Size/MD5 checksum: 3276902
3b842492ea6b0510d0f866a1f6cd35c5
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_m68k.deb
Size/MD5 checksum: 146114
fa6030acf9a09eaa56642dcd0a83d168
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_m68k.deb
Size/MD5 checksum: 34644
3e8274232a5009226ecd918b5109dd9a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_m68k.deb
Size/MD5 checksum: 83626
90453c4ceba1fef2d6606114d86baf7e
Big endian MIPS architecture:
Size/MD5 checksum: 11964534
d8d5e25f49f281f37dee2bdab77ff4fa
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_mips.deb
Size/MD5 checksum: 3284032
92daac0ef32ad9b1eebfb991c7e106b7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_mips.deb
Size/MD5 checksum: 149104
d27168040c767a4769cae0cbebd1e724
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_mips.deb
Size/MD5 checksum: 34628
96b3a511bde2f35bd66af2aa1ec26591
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_mips.deb
Size/MD5 checksum: 85876
48c7aed4c0150b96e6ef362c695d16ef
Little endian MIPS architecture:
Size/MD5 checksum: 11828974
24d07d5a509ca53e118a3fac51038100
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_mipsel.deb
Size/MD5 checksum: 3284932
1bcabe31b86be5d62ba10f5b61b32e2f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_mipsel.deb
Size/MD5 checksum: 148662
4cef87b6244040b75c319209f1ee6b41
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_mipsel.deb
Size/MD5 checksum: 34632
7e3347013b497d60b00732831412a6b6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_mipsel.deb
Size/MD5 checksum: 85756
246a85ef8a1f4757524bacd1c3f0a8ad
PowerPC architecture:
Size/MD5 checksum: 10925170
b65fa19b09ee136eae77143c5375809e
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_powerpc.deb
Size/MD5 checksum: 3274902
9fd696884a285d20aca2042e652d2c03
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_powerpc.deb
Size/MD5 checksum: 146098
72c75a293110e574660fc29ccfac63d7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_powerpc.deb
Size/MD5 checksum: 34622
3010036628ed737082f983a4fc94c766
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_powerpc.deb
Size/MD5 checksum: 82550
bf8330d7bce0096b4fe2e34f8d820b80
IBM S/390 architecture:
Size/MD5 checksum: 12716512
c5657cead6d10fe6234e5887853859c5
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_s390.deb
Size/MD5 checksum: 3284924
3b6f541bebc35dcf3e840496bd3f04d4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_s390.deb
Size/MD5 checksum: 152464
7036fdf6dbf83b7b746c6cb63b33371c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_s390.deb
Size/MD5 checksum: 34616
2ac4013bd1c1bc9c6fd95b20acb482d8
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_s390.deb
Size/MD5 checksum: 90350
f1609d45f781904ef39c22524c1c5f89
Sun Sparc architecture:
Size/MD5 checksum: 11189638
da0895ee2088ec6f98968a316cc97900
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_sparc.deb
Size/MD5 checksum: 3280572
c7f2f6fe78c799311b859104ec50eb85
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_sparc.deb
Size/MD5 checksum: 145772
c58173582e57d067196cec38f08ce9a4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_sparc.deb
Size/MD5 checksum: 34630
4b01decb81ef2a3834a8ac38205c4d74
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_sparc.deb
Size/MD5 checksum: 84174
07a7408437bf4a4049dcc1edf35937a5
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Fedora Update Notification
FEDORA-2007-207
2007-02-06
Product : Fedora Core 5
Name : wireshark
Version : 0.99.5
Release : 1.fc5
Summary : Network traffic analyzer
Description : Wireshark is a network traffic analyzer for Unix-ish
operating systems.
This package lays base for libpcap, a packet capture and
filtering library, contains command-line utilities, contains
plugins and documentation for wireshark. A graphical user interface
is packaged separately to GTK+ package.
Update Information:
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
d47c9073007904d43c852880b68050a90cdbee29
SRPMS/wireshark-0.99.5-1.fc5.src.rpm
d47c9073007904d43c852880b68050a90cdbee29
noarch/wireshark-0.99.5-1.fc5.src.rpm
e0106642b608752314e390fd63f694206a7d40ca
ppc/debug/wireshark-debuginfo-0.99.5-1.fc5.ppc.rpm
e598f274c7291478ac9d2e1db16c402dfe0192d0
ppc/wireshark-0.99.5-1.fc5.ppc.rpm
afdb854f38f4629cd346c5e44582b1abd8cc6999
ppc/wireshark-gnome-0.99.5-1.fc5.ppc.rpm
f9db362d081a40c08fe089c6f09c588ba3911f7f
x86_64/wireshark-0.99.5-1.fc5.x86_64.rpm
b2426e3ababe0bd30f8dcf8bd931a99920c528ee
x86_64/wireshark-gnome-0.99.5-1.fc5.x86_64.rpm
44a9179cbbd6efe531a6e9fb643354ca10fc69e2
x86_64/debug/wireshark-debuginfo-0.99.5-1.fc5.x86_64.rpm
24e9c722719305b4b4a1c55bc75b617a0691665a
i386/debug/wireshark-debuginfo-0.99.5-1.fc5.i386.rpm
c2ae37004d933a1d4cf9ae2ce0fc0e5a71ae7e2c
i386/wireshark-gnome-0.99.5-1.fc5.i386.rpm
4fa778c631268a2c21017279a24979c5b795c46a
i386/wireshark-0.99.5-1.fc5.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Mandriva Linux Security Advisory MDKSA-2007:035
http://www.mandriva.com/security/
Package : gd
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
Problem Description:
Buffer overflow in the gdImageStringFTEx function in gdft.c in
the GD Graphics Library 2.0.33 and earlier allows remote attackers
to cause a denial of service (application crash) and possibly
execute arbitrary code via a crafted string with a JIS encoded
font.
Packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
Updated Packages:
Mandriva Linux 2006.0:
bb5df1fd9874cb4538bd24ba722849c3
2006.0/i586/gd-utils-2.0.33-3.2.20060mdk.i586.rpm
311dbbc55d0d4d80d47305b397dccdfa
2006.0/i586/libgd2-2.0.33-3.2.20060mdk.i586.rpm
6d9f985a8266df26f4642dd985afd3c8
2006.0/i586/libgd2-devel-2.0.33-3.2.20060mdk.i586.rpm
cb18cfd4467243366179b50f60877683
2006.0/i586/libgd2-static-devel-2.0.33-3.2.20060mdk.i586.rpm
f4ed9e9a93903a69682da9f898127575
2006.0/SRPMS/gd-2.0.33-3.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
ffe7cb2190e4d347f82b477b4b90617f
2006.0/x86_64/gd-utils-2.0.33-3.2.20060mdk.x86_64.rpm
92e96a8d5004b396aab5acc4cc853d8e
2006.0/x86_64/lib64gd2-2.0.33-3.2.20060mdk.x86_64.rpm
6a7247cbd5dfd03e51181711404f8dc5
2006.0/x86_64/lib64gd2-devel-2.0.33-3.2.20060mdk.x86_64.rpm
cedc398df2eae9a72c4c967b421ceb32
2006.0/x86_64/lib64gd2-static-devel-2.0.33-3.2.20060mdk.x86_64.rpm
f4ed9e9a93903a69682da9f898127575
2006.0/SRPMS/gd-2.0.33-3.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
efddec174f28af4832a9fb488292a9ab
2007.0/i586/gd-utils-2.0.33-5.1mdv2007.0.i586.rpm
4f97206e59ac7f365c458a825a0548f6
2007.0/i586/libgd2-2.0.33-5.1mdv2007.0.i586.rpm
466025b4339876efbfee2a7466a46fa2
2007.0/i586/libgd2-devel-2.0.33-5.1mdv2007.0.i586.rpm
8a662acf86e0dc6ef7ef6207f8e1ec5d
2007.0/i586/libgd2-static-devel-2.0.33-5.1mdv2007.0.i586.rpm
c9690844ec1145ed47053e1194fe9dc3
2007.0/SRPMS/gd-2.0.33-5.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
0442cd89cc1fc63d34afc1d7e05576fa
2007.0/x86_64/gd-utils-2.0.33-5.1mdv2007.0.x86_64.rpm
10cdbd6617bfef0029cafdc7a9650761
2007.0/x86_64/lib64gd2-2.0.33-5.1mdv2007.0.x86_64.rpm
3d02da82cf6e5a9885126709b0318c1a
2007.0/x86_64/lib64gd2-devel-2.0.33-5.1mdv2007.0.x86_64.rpm
b696d03707bee9f0c107e88de26f0bf5
2007.0/x86_64/lib64gd2-static-devel-2.0.33-5.1mdv2007.0.x86_64.rpm
c9690844ec1145ed47053e1194fe9dc3
2007.0/SRPMS/gd-2.0.33-5.1mdv2007.0.src.rpm
Corporate 3.0:
47ba42ab82d3d625626a00c65e79effc
corporate/3.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm
02256e730c508cff7acee1204f761512
corporate/3.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm
082545ff3f1596c9ae30d5842442f29e
corporate/3.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm
371c86bd9b0eecc7331dfbf72cd0ddd5
corporate/3.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm
50b89a63317d23b8712efea59d6fd121
corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
9786831c164719c081bf7d56c276a157
corporate/3.0/x86_64/gd-utils-2.0.15-4.3.C30mdk.x86_64.rpm
141d9ff878b727046f2484e931f662f7
corporate/3.0/x86_64/lib64gd2-2.0.15-4.3.C30mdk.x86_64.rpm
84823810c9c592e0505862cc5882b131
corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.3.C30mdk.x86_64.rpm
c53cef0bf475c4eeeb59bf4e5c4a11aa
corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.3.C30mdk.x86_64.rpm
50b89a63317d23b8712efea59d6fd121
corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm
Corporate 4.0:
58ca4f9b316790c648400059a73e53cd
corporate/4.0/i586/gd-utils-2.0.33-3.2.20060mlcs4.i586.rpm
57f262fc41dc138a2b01b513e7a6977d
corporate/4.0/i586/libgd2-2.0.33-3.2.20060mlcs4.i586.rpm
dfeb2d6e537bcd39e8c4f4dc3cc97782
corporate/4.0/i586/libgd2-devel-2.0.33-3.2.20060mlcs4.i586.rpm
fdd201797572fc130767b6dfa3aaefa5
corporate/4.0/i586/libgd2-static-devel-2.0.33-3.2.20060mlcs4.i586.rpm
91e6169527be92d0a4e1ef4a62bc4dd4
corporate/4.0/SRPMS/gd-2.0.33-3.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
572ae62589b39a2bf9d4dd5b7c34e827
corporate/4.0/x86_64/gd-utils-2.0.33-3.2.20060mlcs4.x86_64.rpm
ca43f6e9a811f49cf442b73c845c8d64
corporate/4.0/x86_64/lib64gd2-2.0.33-3.2.20060mlcs4.x86_64.rpm
8111cbbe7d7fc966fdb8f3c310cf6653
corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.2.20060mlcs4.x86_64.rpm
32e355162f4e68f339cf98f1c1baf53d
corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.2.20060mlcs4.x86_64.rpm
91e6169527be92d0a4e1ef4a62bc4dd4
corporate/4.0/SRPMS/gd-2.0.33-3.2.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2007:036
http://www.mandriva.com/security/
Package : libwmf
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
Problem Description:
Buffer overflow in the gdImageStringFTEx function in gdft.c in
the GD Graphics Library 2.0.33 and earlier allows remote attackers
to cause a denial of service (application crash) and possibly
execute arbitrary code via a crafted string with a JIS encoded
font.
Libwmf uses an embedded copy of the gd source and may also be
affected by this issue.
Packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
Updated Packages:
Mandriva Linux 2006.0:
e20256e67b230fb391ecc25b462eeab2
2006.0/i586/libwmf-0.2.8.3-6.4.20060mdk.i586.rpm
d0d0c26789f2e17e5b86cf4ecb4e0f38
2006.0/i586/libwmf0.2_7-0.2.8.3-6.4.20060mdk.i586.rpm
ed27e474fc154203677111795fbb8d55
2006.0/i586/libwmf0.2_7-devel-0.2.8.3-6.4.20060mdk.i586.rpm
1e51660d73213b67ba80967c945d0d49
2006.0/SRPMS/libwmf-0.2.8.3-6.4.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
d2fbbdf43ce91c6d347e381be6b81d74
2006.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.4.20060mdk.x86_64.rpm
c4f2e16dd585c2d3d3418e965baf4f7f
2006.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.4.20060mdk.x86_64.rpm
ec618bd5ddaf3abf11736ba6f7bb312e
2006.0/x86_64/libwmf-0.2.8.3-6.4.20060mdk.x86_64.rpm
1e51660d73213b67ba80967c945d0d49
2006.0/SRPMS/libwmf-0.2.8.3-6.4.20060mdk.src.rpm
Mandriva Linux 2007.0:
6ddcf6fa9d07430b6506c6e539750490
2007.0/i586/libwmf-0.2.8.4-6.1mdv2007.0.i586.rpm
bca845804d4da48c5945a558d88991ba
2007.0/i586/libwmf0.2_7-0.2.8.4-6.1mdv2007.0.i586.rpm
e88b4e66f7ba43445578922a77c0af0a
2007.0/i586/libwmf0.2_7-devel-0.2.8.4-6.1mdv2007.0.i586.rpm
b6fc7246891a9635e260061666f8d1bc
2007.0/SRPMS/libwmf-0.2.8.4-6.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
9b6632e5918d5984abc3cdc1c3659e47
2007.0/x86_64/lib64wmf0.2_7-0.2.8.4-6.1mdv2007.0.x86_64.rpm
476cae147f1eefc4cff0d328cc235cfb
2007.0/x86_64/lib64wmf0.2_7-devel-0.2.8.4-6.1mdv2007.0.x86_64.rpm
b16363e12139fc6786d22a6cfc549bab
2007.0/x86_64/libwmf-0.2.8.4-6.1mdv2007.0.x86_64.rpm
b6fc7246891a9635e260061666f8d1bc
2007.0/SRPMS/libwmf-0.2.8.4-6.1mdv2007.0.src.rpm
Corporate 3.0:
8ab58c9932da307fc45301d4c43952d0
corporate/3.0/i586/libwmf-0.2.8-6.4.C30mdk.i586.rpm
8e7d0ab58e3c307b6bb723545d378d1d
corporate/3.0/i586/libwmf0.2_7-0.2.8-6.4.C30mdk.i586.rpm
c82ea507536b900652218a7ab9d3d69c
corporate/3.0/i586/libwmf0.2_7-devel-0.2.8-6.4.C30mdk.i586.rpm
e390b914857d4d67bdb2ef45545a82fd
corporate/3.0/SRPMS/libwmf-0.2.8-6.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
ef2f38e688ac821550a8cef7e5ccc48e
corporate/3.0/x86_64/lib64wmf0.2_7-0.2.8-6.4.C30mdk.x86_64.rpm
440c29e0dac1fd3e980c270e18f53f0f
corporate/3.0/x86_64/lib64wmf0.2_7-devel-0.2.8-6.4.C30mdk.x86_64.rpm
3125547bd6cdc7eb6fde1a768d9ce771
corporate/3.0/x86_64/libwmf-0.2.8-6.4.C30mdk.x86_64.rpm
e390b914857d4d67bdb2ef45545a82fd
corporate/3.0/SRPMS/libwmf-0.2.8-6.4.C30mdk.src.rpm
Corporate 4.0:
01ea7b987e96e79f3246cec473e44415
corporate/4.0/i586/libwmf-0.2.8.3-6.4.20060mlcs4.i586.rpm
82a459c50db3e1042eb489d13c036871
corporate/4.0/i586/libwmf0.2_7-0.2.8.3-6.4.20060mlcs4.i586.rpm
aef7018051548a36066c65ef59de1571
corporate/4.0/i586/libwmf0.2_7-devel-0.2.8.3-6.4.20060mlcs4.i586.rpm
5a04c278fdcb28320aac0cc08e802f14
corporate/4.0/SRPMS/libwmf-0.2.8.3-6.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
32bf6a4902c45c2d18de1a025f6cadcc
corporate/4.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
db7d2b330c682d23bff9dd852bd6a7ef
corporate/4.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
ffb6e68cde364f02cf11f15889fca672
corporate/4.0/x86_64/libwmf-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
5a04c278fdcb28320aac0cc08e802f14
corporate/4.0/SRPMS/libwmf-0.2.8.3-6.4.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2007:037
http://www.mandriva.com/security/
Package : postgresql
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
Problem Description:
Jeff Trout discovered that the PostgreSQL server did not
sufficiently check data types of SQL function arguments in some
cases. A user could then exploit this to crash the database server
or read out arbitrary locations of the server’s memory, which could
be used to retrieve database contents that the user should not be
able to see. Note that a user must be authenticated in order to
exploit this (CVE-2007-0555).
As well, Jeff Trout also discovered that the query planner did
not verify that a table was still compatible with a
previously-generated query plan, which could be exploted to read
out arbitrary locations of the server’s memory by using ALTER
COLUMN TYPE during query execution. Again, a user must be
authenticated in order to exploit this (CVE-2007-0556).
Updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
Updated Packages:
Mandriva Linux 2006.0:
e60813d14a97195111e2f441c035c0a4
2006.0/i586/libecpg5-8.0.11-0.1.20060mdk.i586.rpm
98471eae4a56f506629b7b78858df05b
2006.0/i586/libecpg5-devel-8.0.11-0.1.20060mdk.i586.rpm
649d620612706f772506250aa074f105
2006.0/i586/libpq4-8.0.11-0.1.20060mdk.i586.rpm
33be3c14364154f423ef63d1bbef52ed
2006.0/i586/libpq4-devel-8.0.11-0.1.20060mdk.i586.rpm
4c9ed409c90110a0b22d6faf3a3c0fcd
2006.0/i586/postgresql-8.0.11-0.1.20060mdk.i586.rpm
072d1dc81f3a430c76b0a2e2c9f2b9bc
2006.0/i586/postgresql-contrib-8.0.11-0.1.20060mdk.i586.rpm
ecc54ed5ec7bdab8fdbfc19eff109703
2006.0/i586/postgresql-devel-8.0.11-0.1.20060mdk.i586.rpm
c46c90969f5322c37ecb58fce0aadaac
2006.0/i586/postgresql-docs-8.0.11-0.1.20060mdk.i586.rpm
e788e7e5036e49ff126ef0dd1264f72c
2006.0/i586/postgresql-jdbc-8.0.11-0.1.20060mdk.i586.rpm
da908fc8bea59bdab1ec5bd75bc71aa3
2006.0/i586/postgresql-pl-8.0.11-0.1.20060mdk.i586.rpm
3689716149fd60406f71ce6371c4994a
2006.0/i586/postgresql-plperl-8.0.11-0.1.20060mdk.i586.rpm
cd28d3b208ad2fd90ccb0ee7b26acd73
2006.0/i586/postgresql-plpgsql-8.0.11-0.1.20060mdk.i586.rpm
85fe6864b2ab743023a0b3f9ef055dba
2006.0/i586/postgresql-plpython-8.0.11-0.1.20060mdk.i586.rpm
b09b01ee09433cb2276694c1a7769a58
2006.0/i586/postgresql-pltcl-8.0.11-0.1.20060mdk.i586.rpm
3ee91ea236e04f2a911ad69868bf3f29
2006.0/i586/postgresql-server-8.0.11-0.1.20060mdk.i586.rpm
d5d9d33f248cadef71bff48dd1f7c81a
2006.0/i586/postgresql-test-8.0.11-0.1.20060mdk.i586.rpm
2f456c000cba2ac5f98ab05bb1c8b400
2006.0/SRPMS/postgresql-8.0.11-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
04e172cf72fef2efc12d43d4906f2408
2006.0/x86_64/lib64ecpg5-8.0.11-0.1.20060mdk.x86_64.rpm
623fed2a8d785d71658705abd7d5d1f4
2006.0/x86_64/lib64ecpg5-devel-8.0.11-0.1.20060mdk.x86_64.rpm
ad035cd1c9c11346a683febb2cc56783
2006.0/x86_64/lib64pq4-8.0.11-0.1.20060mdk.x86_64.rpm
3762497183d1b702f6f4f9683e871c88
2006.0/x86_64/lib64pq4-devel-8.0.11-0.1.20060mdk.x86_64.rpm
ab263a98ce0b7179bfb834889c9facb0
2006.0/x86_64/postgresql-8.0.11-0.1.20060mdk.x86_64.rpm
af4b6e09c92f53d6541390c04e922f4d
2006.0/x86_64/postgresql-contrib-8.0.11-0.1.20060mdk.x86_64.rpm
9f2a34e6162f77dddcc185552e9cb619
2006.0/x86_64/postgresql-devel-8.0.11-0.1.20060mdk.x86_64.rpm
8ce393a46d3eff9c5ea7d632d139c8e2
2006.0/x86_64/postgresql-docs-8.0.11-0.1.20060mdk.x86_64.rpm
eee613b2b2df9565bc34dd70b4f4af3e
2006.0/x86_64/postgresql-jdbc-8.0.11-0.1.20060mdk.x86_64.rpm
6fbf3a35951d64936597a16e6aef59c5
2006.0/x86_64/postgresql-pl-8.0.11-0.1.20060mdk.x86_64.rpm
610fc142482dc119816bc37edbd16427
2006.0/x86_64/postgresql-plperl-8.0.11-0.1.20060mdk.x86_64.rpm
e63db598dd5c07c9abe67834c242cec4
2006.0/x86_64/postgresql-plpgsql-8.0.11-0.1.20060mdk.x86_64.rpm
f1398990db7f8fc80f31938c69f64153
2006.0/x86_64/postgresql-plpython-8.0.11-0.1.20060mdk.x86_64.rpm
612afa01e019d0da5b3fdd7e9c5579f0
2006.0/x86_64/postgresql-pltcl-8.0.11-0.1.20060mdk.x86_64.rpm
730a1ce6785ca112c63ee6367999e491
2006.0/x86_64/postgresql-server-8.0.11-0.1.20060mdk.x86_64.rpm
dd5931e07b71f7d39147061bef39d177
2006.0/x86_64/postgresql-test-8.0.11-0.1.20060mdk.x86_64.rpm
2f456c000cba2ac5f98ab05bb1c8b400
2006.0/SRPMS/postgresql-8.0.11-0.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
d077be222aa54f1bf37f55a2b426a487
2007.0/i586/libecpg5-8.1.7-1.1mdv2007.0.i586.rpm
39c5c0d8ccfe2b16e04c71f63ca676dd
2007.0/i586/libecpg5-devel-8.1.7-1.1mdv2007.0.i586.rpm
b5509203ec7f9ef453341117305dcdb9
2007.0/i586/libpq4-8.1.7-1.1mdv2007.0.i586.rpm
1c9a4e7f08038413cc0f4ec7885a42a7
2007.0/i586/libpq4-devel-8.1.7-1.1mdv2007.0.i586.rpm
2dc5c3369f280892ce430f4cd64281ab
2007.0/i586/postgresql-8.1.7-1.1mdv2007.0.i586.rpm
7f32f50497435ec064c3aec25551a0af
2007.0/i586/postgresql-contrib-8.1.7-1.1mdv2007.0.i586.rpm
f5f3ac5638eea527abb3f945585cece7
2007.0/i586/postgresql-devel-8.1.7-1.1mdv2007.0.i586.rpm
3ab61d16063667f699326a6604303b50
2007.0/i586/postgresql-docs-8.1.7-1.1mdv2007.0.i586.rpm
dbc683ac58c893ffef301545ae5091ea
2007.0/i586/postgresql-pl-8.1.7-1.1mdv2007.0.i586.rpm
c34d1891abe81af46de910bd9d8c7a2d
2007.0/i586/postgresql-plperl-8.1.7-1.1mdv2007.0.i586.rpm
520adbe4ed1a43d0aa88f89bcd3a90e2
2007.0/i586/postgresql-plpgsql-8.1.7-1.1mdv2007.0.i586.rpm
6eca2470426328ebcdf83e6bd6acaf0a
2007.0/i586/postgresql-plpython-8.1.7-1.1mdv2007.0.i586.rpm
2cad17701ab6467d6bea6b95ed39b0d2
2007.0/i586/postgresql-pltcl-8.1.7-1.1mdv2007.0.i586.rpm
5c3166ca9b13c992aa3460899291a728
2007.0/i586/postgresql-server-8.1.7-1.1mdv2007.0.i586.rpm
52dc82a5c745e1f46a76ebf32ac3e2e5
2007.0/i586/postgresql-test-8.1.7-1.1mdv2007.0.i586.rpm
b8229227cba3278c0e40a99f6ef39883
2007.0/SRPMS/postgresql-8.1.7-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
5315b2c35a453b577ee7847e019a846a
2007.0/x86_64/lib64ecpg5-8.1.7-1.1mdv2007.0.x86_64.rpm
2fe21dd9a0498b7001c9138cd9218159
2007.0/x86_64/lib64ecpg5-devel-8.1.7-1.1mdv2007.0.x86_64.rpm
dc4e1420d0d36ebcd56c196989fb6694
2007.0/x86_64/lib64pq4-8.1.7-1.1mdv2007.0.x86_64.rpm
e2efe03361910444fe6d684b4648876f
2007.0/x86_64/lib64pq4-devel-8.1.7-1.1mdv2007.0.x86_64.rpm
9b44f853f77f48a0088eb7943756b64e
2007.0/x86_64/postgresql-8.1.7-1.1mdv2007.0.x86_64.rpm
02a87ed9b62c4dd6206de8021755dea0
2007.0/x86_64/postgresql-contrib-8.1.7-1.1mdv2007.0.x86_64.rpm
82ade12fa019f039c989740b6484baee
2007.0/x86_64/postgresql-devel-8.1.7-1.1mdv2007.0.x86_64.rpm
d6a5eb5f86263626f4f7d94d145bb108
2007.0/x86_64/postgresql-docs-8.1.7-1.1mdv2007.0.x86_64.rpm
b7bad9fbe23450fb07c94ffa4135fed7
2007.0/x86_64/postgresql-pl-8.1.7-1.1mdv2007.0.x86_64.rpm
79a363334dba592ca80cac1017a45b1c
2007.0/x86_64/postgresql-plperl-8.1.7-1.1mdv2007.0.x86_64.rpm
38ea142b1a812fa734947a629e740151
2007.0/x86_64/postgresql-plpgsql-8.1.7-1.1mdv2007.0.x86_64.rpm
a623495f6bfc957139669a29ee13fb58
2007.0/x86_64/postgresql-plpython-8.1.7-1.1mdv2007.0.x86_64.rpm
e777974b7b49296dae095363b5448cc5
2007.0/x86_64/postgresql-pltcl-8.1.7-1.1mdv2007.0.x86_64.rpm
90e65a9ac76430df828265d6ea1d4c23
2007.0/x86_64/postgresql-server-8.1.7-1.1mdv2007.0.x86_64.rpm
eb7e03b7a74491f60bc4e4dd0ba9aff2
2007.0/x86_64/postgresql-test-8.1.7-1.1mdv2007.0.x86_64.rpm
b8229227cba3278c0e40a99f6ef39883
2007.0/SRPMS/postgresql-8.1.7-1.1mdv2007.0.src.rpm
Corporate 3.0:
25505c19ece576fefeba90b64caacfad
corporate/3.0/i586/libecpg3-7.4.1-2.8.C30mdk.i586.rpm
ef8a317c21785512de3144da1c9edff0
corporate/3.0/i586/libecpg3-devel-7.4.1-2.8.C30mdk.i586.rpm
45906f492059f08e3b5e0aa2595b5888
corporate/3.0/i586/libpgtcl2-7.4.1-2.8.C30mdk.i586.rpm
c44595a37d655f17c8f97e5a2e5cc5fa
corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.8.C30mdk.i586.rpm
3b962bc41a1bbddfee5eef2fc554c7fb
corporate/3.0/i586/libpq3-7.4.1-2.8.C30mdk.i586.rpm
d8daf6f07762ff1a041761fe13591828
corporate/3.0/i586/libpq3-devel-7.4.1-2.8.C30mdk.i586.rpm
30c7d21119850ba8d84eb169c369723c
corporate/3.0/i586/postgresql-7.4.1-2.8.C30mdk.i586.rpm
a1a5653a3199fa56ce05d58a43636627
corporate/3.0/i586/postgresql-contrib-7.4.1-2.8.C30mdk.i586.rpm
aa51e081c03b40018ab21d0821c71fea
corporate/3.0/i586/postgresql-devel-7.4.1-2.8.C30mdk.i586.rpm
b13e32723f494af7bf0d28e6fab484a2
corporate/3.0/i586/postgresql-docs-7.4.1-2.8.C30mdk.i586.rpm
b64b66c52913c251fd920b7c932ede54
corporate/3.0/i586/postgresql-jdbc-7.4.1-2.8.C30mdk.i586.rpm
1fa995965d510d83b49ef5adb7d0fb30
corporate/3.0/i586/postgresql-pl-7.4.1-2.8.C30mdk.i586.rpm
b76e6848ef3e48239e9fadce93d4cf1e
corporate/3.0/i586/postgresql-server-7.4.1-2.8.C30mdk.i586.rpm
830a2abbba11c2a3888bb207ce1f2657
corporate/3.0/i586/postgresql-tcl-7.4.1-2.8.C30mdk.i586.rpm
6de4c509e8f30449de71ee847a72cc0b
corporate/3.0/i586/postgresql-test-7.4.1-2.8.C30mdk.i586.rpm
cb9f633aa33f20592c22d808d243e7f4
corporate/3.0/SRPMS/postgresql-7.4.1-2.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
b96b64db68a43bd86803a7f625d98c2e
corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.8.C30mdk.x86_64.rpm
37b035c411b06a3d4fbfd2479ded71cf
corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.8.C30mdk.x86_64.rpm
37f965d055dfc9b9243a667f876b3799
corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.8.C30mdk.x86_64.rpm
b127a439b633f1af2bb6a20475185f54
corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.8.C30mdk.x86_64.rpm
3b2f7f2ada985794e9489f9049b00eb8
corporate/3.0/x86_64/lib64pq3-7.4.1-2.8.C30mdk.x86_64.rpm
0cf784d8f003c5956f19446032d97e29
corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.8.C30mdk.x86_64.rpm
bcd4e668928ab31ab0333dbd1212149f
corporate/3.0/x86_64/postgresql-7.4.1-2.8.C30mdk.x86_64.rpm
fee8199f9dff5f0d6a4a38e39f5b0777
corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.8.C30mdk.x86_64.rpm
158768a27c1c8294e778599533d7a3c6
corporate/3.0/x86_64/postgresql-devel-7.4.1-2.8.C30mdk.x86_64.rpm
667ca4ec5ac29289c920af54a5f0cdeb
corporate/3.0/x86_64/postgresql-docs-7.4.1-2.8.C30mdk.x86_64.rpm
617d2d2cba98ad6079057f9262db16db
corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.8.C30mdk.x86_64.rpm
e849e37ba7648ba47b00bfeef98e2bdf
corporate/3.0/x86_64/postgresql-pl-7.4.1-2.8.C30mdk.x86_64.rpm
5d834d6bb8a0736fafdde2ba4ced93a0
corporate/3.0/x86_64/postgresql-server-7.4.1-2.8.C30mdk.x86_64.rpm
9744b6d4b67486a1319605f8738de97d
corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.8.C30mdk.x86_64.rpm
836a7ab39147cbbde85473848756c2ea
corporate/3.0/x86_64/postgresql-test-7.4.1-2.8.C30mdk.x86_64.rpm
cb9f633aa33f20592c22d808d243e7f4
corporate/3.0/SRPMS/postgresql-7.4.1-2.8.C30mdk.src.rpm
Corporate 4.0:
457ceff22a6c29fe8f7bb0b4a4cc3df5
corporate/4.0/i586/libecpg5-8.1.7-0.1.20060mlcs4.i586.rpm
2dee4d9b77250de0f5d79c9037ce4848
corporate/4.0/i586/libecpg5-devel-8.1.7-0.1.20060mlcs4.i586.rpm
4f1911b331aff03b1eedcc2967057f9f
corporate/4.0/i586/libpq4-8.1.7-0.1.20060mlcs4.i586.rpm
2d5d829588b7a2ff81f6f364fb194618
corporate/4.0/i586/libpq4-devel-8.1.7-0.1.20060mlcs4.i586.rpm
3077227d7bee4836cabfc94113a39128
corporate/4.0/i586/postgresql-8.1.7-0.1.20060mlcs4.i586.rpm
a4612b1ef4e8142e9f41c4760b8df2ec
corporate/4.0/i586/postgresql-contrib-8.1.7-0.1.20060mlcs4.i586.rpm
6389bd557862c884c037300230f1d31c
corporate/4.0/i586/postgresql-devel-8.1.7-0.1.20060mlcs4.i586.rpm
494f2995b8596943902d78796d25c2f4
corporate/4.0/i586/postgresql-docs-8.1.7-0.1.20060mlcs4.i586.rpm
9d85c833eb5881d97934f8a40cee08a5
corporate/4.0/i586/postgresql-pl-8.1.7-0.1.20060mlcs4.i586.rpm
3faa914bb1127a5eff6fc61630e790ba
corporate/4.0/i586/postgresql-plperl-8.1.7-0.1.20060mlcs4.i586.rpm
accb18c13908b0dc72ade4f40ebf2d45
corporate/4.0/i586/postgresql-plpgsql-8.1.7-0.1.20060mlcs4.i586.rpm
e11f6aeb959c6567433706a07cc353f0
corporate/4.0/i586/postgresql-plpython-8.1.7-0.1.20060mlcs4.i586.rpm
3e899419b6b6fb47a9e1820db71c15b0
corporate/4.0/i586/postgresql-pltcl-8.1.7-0.1.20060mlcs4.i586.rpm
875f0e29feb28ba52b70d73979c3d429
corporate/4.0/i586/postgresql-server-8.1.7-0.1.20060mlcs4.i586.rpm
0fe3ea03a120de6624f186bf5cac455c
corporate/4.0/i586/postgresql-test-8.1.7-0.1.20060mlcs4.i586.rpm
fbb03a99b9795af2ebb6dde46545326d
corporate/4.0/SRPMS/postgresql-8.1.7-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
626c0bfcc24162f9f29081ba1c605d13
corporate/4.0/x86_64/lib64ecpg5-8.1.7-0.1.20060mlcs4.x86_64.rpm
32e767d1264b2d6fbfaf659f0f98d02e
corporate/4.0/x86_64/lib64ecpg5-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm
3ae4b9b8ad30f358d486cbaa3c6d489d
corporate/4.0/x86_64/lib64pq4-8.1.7-0.1.20060mlcs4.x86_64.rpm
87b7ebb3f9ce5c9bd62f5738c3b0b1b6
corporate/4.0/x86_64/lib64pq4-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm
f2337cb010b7e1d2f75867fb6e909a9f
corporate/4.0/x86_64/postgresql-8.1.7-0.1.20060mlcs4.x86_64.rpm
428d3b26f7700141a7772e42395c8e36
corporate/4.0/x86_64/postgresql-contrib-8.1.7-0.1.20060mlcs4.x86_64.rpm
a064cf7e03d4b1d42b3b3738d5cc08bb
corporate/4.0/x86_64/postgresql-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm
d33e4335306ac9bc001f52365c22906c
corporate/4.0/x86_64/postgresql-docs-8.1.7-0.1.20060mlcs4.x86_64.rpm
644e77f4587a6123609888e127b00c40
corporate/4.0/x86_64/postgresql-pl-8.1.7-0.1.20060mlcs4.x86_64.rpm
bffedbcd41eebb83c2752184a5eebc21
corporate/4.0/x86_64/postgresql-plperl-8.1.7-0.1.20060mlcs4.x86_64.rpm
8ab83c15fa0513cbe7c13b8b101a37c6
corporate/4.0/x86_64/postgresql-plpgsql-8.1.7-0.1.20060mlcs4.x86_64.rpm
bf7f711a4b5d444bd625829e61bd385e
corporate/4.0/x86_64/postgresql-plpython-8.1.7-0.1.20060mlcs4.x86_64.rpm
d3951b5e225842f185ed14e2c381ea9f
corporate/4.0/x86_64/postgresql-pltcl-8.1.7-0.1.20060mlcs4.x86_64.rpm
3ba6e069c883bb138a4eb0d1ece4c31f
corporate/4.0/x86_64/postgresql-server-8.1.7-0.1.20060mlcs4.x86_64.rpm
de212c2885533ddd6d011589e5701a2b
corporate/4.0/x86_64/postgresql-test-8.1.7-0.1.20060mlcs4.x86_64.rpm
fbb03a99b9795af2ebb6dde46545326d
corporate/4.0/SRPMS/postgresql-8.1.7-0.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2007:038
http://www.mandriva.com/security/
Package : php
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
Problem Description:
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
open_basedir restrictions via a malicious path and a null byte
before a “;” in a session_save_path argument, followed by an
allowed path, which causes a parsing inconsistency in which PHP
validates the allowed path but sets session.save_path to the
malicious path. (CVE-2006-6383)
Buffer overflow in the gdImageStringFTEx function in gdft.c in
GD Graphics Library 2.0.33 and earlier allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted string with a JIS encoded font. PHP
uses an embedded copy of GD and may be susceptible to the same
issue. (CVE-2007-0455)
Updated packages have been patched to correct these issues.
Users must restart Apache for the changes to take effect.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
Updated Packages:
Mandriva Linux 2006.0:
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.