---

Home Security

Advisories, June 21, 2006

By

Mandriva Linux Security Advisory MDKSA-2006:107
http://www.mandriva.com/security/

Package : arts
Date : June 20, 2006
Affected: 2006.0, Corporate 3.0

Problem Description:

A vulnerability in the artswrapper program, when installed
setuid root, could enable a local user to elevate their privileges
to that of root.

By default, Mandriva Linux does not ship artswrapper setuid
root, however if a user or system administrator enables the setuid
bit on artswrapper, their system could be at risk,

The updated packages have been patched to correct these
issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916

Updated Packages:

Mandriva Linux 2006.0:
e339aeda7d29179cd1cccf4733d2ea5b
2006.0/RPMS/arts-1.4.2-2.1.20060mdk.i586.rpm
14e035c5433c17569f4c5a75da34fc46
2006.0/RPMS/libarts1-1.4.2-2.1.20060mdk.i586.rpm
885d2af8b77254f40864647597d3c18c
2006.0/RPMS/libarts1-devel-1.4.2-2.1.20060mdk.i586.rpm
3e874718f3d7b2a3bdf2e643552328a8
2006.0/SRPMS/arts-1.4.2-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
0b7bb98d6daca9786a6c9992b5ad1eef
x86_64/2006.0/RPMS/arts-1.4.2-2.1.20060mdk.x86_64.rpm
c8b93580c689da29229596b927b6c936
x86_64/2006.0/RPMS/lib64arts1-1.4.2-2.1.20060mdk.x86_64.rpm
ce00bbf335ff2dbe72440a9bb78eaa7a
x86_64/2006.0/RPMS/lib64arts1-devel-1.4.2-2.1.20060mdk.x86_64.rpm

3e874718f3d7b2a3bdf2e643552328a8
x86_64/2006.0/SRPMS/arts-1.4.2-2.1.20060mdk.src.rpm

Corporate 3.0:
3efc2cfa891604328401a3e53bd9727a
corporate/3.0/RPMS/arts-1.2-3.2.C30mdk.i586.rpm
a531b00e63a0d34045334c2d1645ca3f
corporate/3.0/RPMS/libarts1-1.2-3.2.C30mdk.i586.rpm
0317b8018843410946c4baaece545dff
corporate/3.0/RPMS/libarts1-devel-1.2-3.2.C30mdk.i586.rpm
cb18544a65b1569fce30b44f8bf39a8e
corporate/3.0/SRPMS/arts-1.2-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
0760ea71b7ec135405845cc198b0f381
x86_64/corporate/3.0/RPMS/arts-1.2-3.2.C30mdk.x86_64.rpm
d5aaa5ae052accc669a1f407ee29e822
x86_64/corporate/3.0/RPMS/lib64arts1-1.2-3.2.C30mdk.x86_64.rpm
28b7737a8a3fea6aee46eda6c0cdd6d8
x86_64/corporate/3.0/RPMS/lib64arts1-devel-1.2-3.2.C30mdk.x86_64.rpm

cb18544a65b1569fce30b44f8bf39a8e
x86_64/corporate/3.0/SRPMS/arts-1.2-3.2.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:108
http://www.mandriva.com/security/

Package : xine-lib
Date : June 20, 2006
Affected: 10.2, 2006.0, Corporate 3.0

Problem Description:

A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for
xine-lib 1.1.1 allows remote attackers to cause a denial of service
(application crash) via a long reply from an HTTP server, as
demonstrated using gxine 0.5.6. (CVE-2006-2802)

In addition, a possible buffer overflow exists in the AVI
demuxer, similar in nature to CVE-2006-1502 for MPlayer. The
Corporate 3 release of xine-lib does not have this issue.

The updated packages have been patched to correct these
issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802

Updated Packages:

Mandriva Linux 10.2:
d681a8b19b18a2dc5452e7df07e83e3f
10.2/RPMS/libxine1-1.0-8.3.102mdk.i586.rpm
fff9e7c0837d2231a6e3b2654f383e9d
10.2/RPMS/libxine1-devel-1.0-8.3.102mdk.i586.rpm
7e92134803618e43514f24b3709b4c55
10.2/RPMS/xine-aa-1.0-8.3.102mdk.i586.rpm
0ced315ae520ab8530e577d80b618bf3
10.2/RPMS/xine-arts-1.0-8.3.102mdk.i586.rpm
7e5c2fe58c56877e0b58e77c61f7a600
10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.i586.rpm
2c16e0b8e7bb0d481f834fcf90749c66
10.2/RPMS/xine-esd-1.0-8.3.102mdk.i586.rpm
473b446c63ea1a698f82465925161c63
10.2/RPMS/xine-flac-1.0-8.3.102mdk.i586.rpm
07709eec2ca1e86350f966122752c175
10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.i586.rpm
63a0d2f3244334e66e36b267100bd7b5
10.2/RPMS/xine-plugins-1.0-8.3.102mdk.i586.rpm
17c00929f7ae10ba2c7ebe8460396c6b
10.2/RPMS/xine-polyp-1.0-8.3.102mdk.i586.rpm
6d8bda0b35bb615d458053a5489f4e8e
10.2/RPMS/xine-smb-1.0-8.3.102mdk.i586.rpm
5efc378a2f15f33f080d938d27100861
10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
4d21ed79acf486e861842133747594ae
x86_64/10.2/RPMS/lib64xine1-1.0-8.3.102mdk.x86_64.rpm
20132d26d3a57c55992fe580333f74fe
x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.3.102mdk.x86_64.rpm
13bf0e99dbb3e4ec88848dfd59e6961f
x86_64/10.2/RPMS/xine-aa-1.0-8.3.102mdk.x86_64.rpm
78cf2f4087c17f330499b5448e502865
x86_64/10.2/RPMS/xine-arts-1.0-8.3.102mdk.x86_64.rpm
c1c17f1c4373837dff5d22b3cf2391ce
x86_64/10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.x86_64.rpm
3aa27fd3bd5817d1fc75410dd0508aef
x86_64/10.2/RPMS/xine-esd-1.0-8.3.102mdk.x86_64.rpm
6156eb751055ec1b6f2f6a578d7dff12
x86_64/10.2/RPMS/xine-flac-1.0-8.3.102mdk.x86_64.rpm
0e8c7357b1ab03f5f117e4033b4e5d77
x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.x86_64.rpm
6f9cf73474c200b3d50e48b53a3fd5f6
x86_64/10.2/RPMS/xine-plugins-1.0-8.3.102mdk.x86_64.rpm
3a8520e98e7acdf6f30dda1b12f76664
x86_64/10.2/RPMS/xine-polyp-1.0-8.3.102mdk.x86_64.rpm
8de73b5ea3c73607138581175e0670c1
x86_64/10.2/RPMS/xine-smb-1.0-8.3.102mdk.x86_64.rpm
5efc378a2f15f33f080d938d27100861
x86_64/10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm

Mandriva Linux 2006.0:
904b1e86d75ee4bfa8281502b8d8dd60
2006.0/RPMS/libxine1-1.1.0-9.3.20060mdk.i586.rpm
ddae938ae14b61dc19311e3b1c43c732
2006.0/RPMS/libxine1-devel-1.1.0-9.3.20060mdk.i586.rpm
52d14f097de9909ae7fa7cb4cc079a69
2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.i586.rpm
723156ddabd5ee3f88693e578d96e56d
2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.i586.rpm
5f28c1bc6bf0688c6ecb260e00531846
2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.i586.rpm
84dd3acde96126f2b6f0146a0a24dade
2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.i586.rpm
3d216fdcc4bd0c0e768b6d779a0e1d49
2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.i586.rpm
3a62513a70e360c38f3c82ea2d3e7310
2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.i586.rpm
7e044bd1b04ee2531f5f5cd4fe7daad3
2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.i586.rpm
d75c1fcc21a53f88c5abe88497968421
2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.i586.rpm
dabedf3272f152fb60bb5a413050c7e0
2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.i586.rpm
e1885c8818bafdd885f96eaf8c12ef7f
2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.i586.rpm
ff8503a1b8087bc9181f07678438553d
2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
bfe9c3b5b5df347001df5cfd0bb2f644
x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.3.20060mdk.x86_64.rpm
94d8aa7a860ba4aa93f655c09ad1c366
x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.3.20060mdk.x86_64.rpm

0a4c15b7e94af988af673273e8258328
x86_64/2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.x86_64.rpm
299d73e1d222b28c1c2901896e2507ed
x86_64/2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.x86_64.rpm
26add5380db72a42ef9bd67508f48dad
x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.x86_64.rpm
51cb6ba50f28b1868691460376639a6c
x86_64/2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.x86_64.rpm
e970668f572b7e7a62530b778b3fb493
x86_64/2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.x86_64.rpm
f5293bf40bd328e14c1291c68237b1d8
x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.x86_64.rpm
537a00c6c9509a99d9112440dd49e7d1
x86_64/2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.x86_64.rpm
8b752a25e5220b0a846a44f16789b7c9
x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.x86_64.rpm
b66deaeca87b2e72508e1ca72024f59e
x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.x86_64.rpm
e89abe16a92fc7fa2cafc9e0ab031ac5
x86_64/2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.x86_64.rpm
ff8503a1b8087bc9181f07678438553d
x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm

Corporate 3.0:
66d0662ba00565b4476925a9902d0f9a
corporate/3.0/RPMS/libxine1-1-0.rc3.6.9.C30mdk.i586.rpm
2a084d80fe44d600fe0e609cde830539
corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.9.C30mdk.i586.rpm
b57f175e35f525f6b6b753823fc325d2
corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.i586.rpm
e0d664e3fc1a2b8d99102e24c496a272
corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.i586.rpm
38c038ef6e7d075308c4a2611b3f584c
corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.9.C30mdk.i586.rpm
6afecd5f975522201bec5646fbd2ae21
corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.i586.rpm
c8895ac5be58e07ed8cd15cd81e350e6
corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.i586.rpm
c255ed0880402fe216f217056c9672ea
corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.i586.rpm
b61bb1c61c95522f1dd5757fa3bd4a71
corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.i586.rpm
d0a1c45466bb122ec7e4fb9caefa2cad
corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
6b61bb4adaf12bcbf3b0a499321eaad0
x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.9.C30mdk.x86_64.rpm

de9ab25205ea761b93a80167a580f833
x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.9.C30mdk.x86_64.rpm

21cff9416555046fbb635597c21488ee
x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.x86_64.rpm
ae45767a2cec62c5bd4881cfd6128679
x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.x86_64.rpm

b936148403fc056d0c6427de93dd43e9
x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.x86_64.rpm

077ef2b064905109f8dc9f0473fb92e2
x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.x86_64.rpm

0524630808f7398834e8234ddcbef63e
x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.x86_64.rpm

438c3ca4e2050d253d6d0108db150811
x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.x86_64.rpm

d0a1c45466bb122ec7e4fb9caefa2cad
x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:109
http://www.mandriva.com/security/

Package : wv2
Date : June 20, 2006
Affected: 2006.0, Corporate 3.0

Problem Description:

A boundary checking error was discovered in the wv2 library,
used for accessing Microsoft Word documents. This error can lead to
an integer overflow induced by processing certain Word files.

The updated packages have been patched to correct these
issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2197

Updated Packages:

Mandriva Linux 2006.0:
de94c8e865cf5c1b1a018d9e99be1a2f
2006.0/RPMS/libwv2_1-0.2.2-3.1.20060mdk.i586.rpm
25a43e0933dc84a8328db4c29bfab8f2
2006.0/RPMS/libwv2_1-devel-0.2.2-3.1.20060mdk.i586.rpm
2a6d2bf2a9d22f208ec24aa1f447606b
2006.0/SRPMS/wv2-0.2.2-3.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
fa5f63d79ee02b7f35ca0c0c9e959817
x86_64/2006.0/RPMS/lib64wv2_1-0.2.2-3.1.20060mdk.x86_64.rpm
3aeae3be8616d1ab888a26e8d0e5fbf8
x86_64/2006.0/RPMS/lib64wv2_1-devel-0.2.2-3.1.20060mdk.x86_64.rpm

2a6d2bf2a9d22f208ec24aa1f447606b
x86_64/2006.0/SRPMS/wv2-0.2.2-3.1.20060mdk.src.rpm

Corporate 3.0:
145d276e1cb06b5ffe6bc9a79666e64b
corporate/3.0/RPMS/libwv2_1-0.2.1-1.1.C30mdk.i586.rpm
148f83cdc9b06a767b47419193a21800
corporate/3.0/RPMS/libwv2_1-devel-0.2.1-1.1.C30mdk.i586.rpm
1ab35d6fc18115a6a3c2cdf1a81fd7dc
corporate/3.0/SRPMS/wv2-0.2.1-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
15fcfb9ca05c8e319d6357c4a05d8899
x86_64/corporate/3.0/RPMS/lib64wv2_1-0.2.1-1.1.C30mdk.x86_64.rpm

d717c6ba6190d0f1ce5c92432a7b97f5
x86_64/corporate/3.0/RPMS/lib64wv2_1-devel-0.2.1-1.1.C30mdk.x86_64.rpm

1ab35d6fc18115a6a3c2cdf1a81fd7dc
x86_64/corporate/3.0/SRPMS/wv2-0.2.1-1.1.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:110
http://www.mandriva.com/security/

Package : gnupg
Date : June 20, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall
2.0

Problem Description:

A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and
earlier) that could allow a remote attacker to cause gpg to crash
and possibly overwrite memory via a message packet with a large
length.

The updated packages have been patched to correct these
issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082

Updated Packages:

Mandriva Linux 10.2:
d3a12d93b7bbe542458348cc51dcead8
10.2/RPMS/gnupg-1.4.2.2-0.2.102mdk.i586.rpm
731dc939288445076650464d2e00ac87
10.2/SRPMS/gnupg-1.4.2.2-0.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
0e39c1d095a27e35a6e8f76899e27628
x86_64/10.2/RPMS/gnupg-1.4.2.2-0.2.102mdk.x86_64.rpm
731dc939288445076650464d2e00ac87
x86_64/10.2/SRPMS/gnupg-1.4.2.2-0.2.102mdk.src.rpm

Mandriva Linux 2006.0:
a58b87cc4962c958d2b5ab8ce6ff2af0
2006.0/RPMS/gnupg-1.4.2.2-0.2.20060mdk.i586.rpm
629ccc307a6b0ba7a6b20e4e0c293594
2006.0/RPMS/gnupg2-1.9.16-4.1.20060mdk.i586.rpm
c4e6a135b2a74c3b753636fdb7459183
2006.0/SRPMS/gnupg-1.4.2.2-0.2.20060mdk.src.rpm
f81f714630d5ea3516f619e532bdf407
2006.0/SRPMS/gnupg2-1.9.16-4.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
600e6b7de637676c066f716ad8927acc
x86_64/2006.0/RPMS/gnupg-1.4.2.2-0.2.20060mdk.x86_64.rpm
947ef9f61b86dc0e53b926545da1dc5c
x86_64/2006.0/RPMS/gnupg2-1.9.16-4.1.20060mdk.x86_64.rpm
c4e6a135b2a74c3b753636fdb7459183
x86_64/2006.0/SRPMS/gnupg-1.4.2.2-0.2.20060mdk.src.rpm
f81f714630d5ea3516f619e532bdf407
x86_64/2006.0/SRPMS/gnupg2-1.9.16-4.1.20060mdk.src.rpm

Corporate 3.0:
b6749396abd547f862babb262b20a6a0
corporate/3.0/RPMS/gnupg-1.4.2.2-0.2.C30mdk.i586.rpm
d1562a6ce6f3f1e995cbceb39e4d4760
corporate/3.0/SRPMS/gnupg-1.4.2.2-0.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
d5d73bc8f01dab03beba0b305d5d1ecb
x86_64/corporate/3.0/RPMS/gnupg-1.4.2.2-0.2.C30mdk.x86_64.rpm
d1562a6ce6f3f1e995cbceb39e4d4760
x86_64/corporate/3.0/SRPMS/gnupg-1.4.2.2-0.2.C30mdk.src.rpm

Multi Network Firewall 2.0:
610a0a00957c503172904a054cc98a2a
mnf/2.0/RPMS/gnupg-1.4.2.2-0.2.M20mdk.i586.rpm
3291b35f3c2c2fdafc42d8fc8f7062da
mnf/2.0/SRPMS/gnupg-1.4.2.2-0.2.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.