---

Advisories, November 7, 2006

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200611-03


http://security.gentoo.org/


Severity: High
Title: NVIDIA binary graphics driver: Privilege escalation
vulnerability
Date: November 07, 2006
Bugs: #151635
ID: 200611-03


Synopsis

The NVIDIA binary graphics driver is vulnerable to a local
privilege escalation through an X session.

Background

The NVIDIA binary graphics driver from NVIDIA Corporation
provides the kernel module and the GL modules for graphic
acceleration on the NVIDIA based graphic cards.

Affected packages


     Package                     /  Vulnerable  /           Unaffected


1 x11-drivers/nvidia-drivers < 1.0.8776 >= 1.0.8776 < 1.0-8762

Description

Rapid7 reported a boundary error in the NVIDIA binary graphics
driver that leads to a buffer overflow in the accelerated rendering
functionality.

Impact

An X client could trigger the buffer overflow with a maliciously
crafted series of glyphs. A remote attacker could also entice a
user to open a specially crafted web page, document or X client
that will trigger the buffer overflow. This could result in the
execution of arbitrary code with root privileges or at least in the
crash of the X server.

Workaround

Disable the accelerated rendering functionality in the Device
section of xorg.conf :

Option “RenderAccel” “false”

Resolution

NVIDIA binary graphics driver users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-1.0.8776"

References

[ 1 ] CVE-2006-5379

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5379

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:198
http://www.mandriva.com/security/


Package : imlib2
Date : November 6, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

M Joonas Pihlaja discovered several vulnerabilities in the
Imlib2 graphics library.

The load() function of several of the Imlib2 image loaders does
not check the width and height of an image before allocating
memory. As a result, a carefully crafted image file can trigger a
segfault when an application using Imlib2 attempts to view the
image. (CVE-2006-4806)

The tga loader fails to bounds check input data to make sure the
input data doesn’t load outside the memory mapped region.
(CVE-2006-4807)

The RLE decoding loops of the load() function in the tga loader
does not check that the count byte of an RLE packet doesn’t cause a
heap overflow of the pixel buffer. (CVE-2006-4808)

The load() function of the pnm loader writes arbitrary length
user data into a fixed size stack allocated buffer buf[] without
bounds checking. (CVE-2006-4809) Updated packages have been patched
to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4806

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4807

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4808

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4809


Updated Packages:

Mandriva Linux 2006.0:
61a92ac496821d914751fe183b099263
2006.0/i586/imlib2-data-1.2.1-1.2.20060mdk.i586.rpm
a0a74f3117aa9702068aae1c6e1f0215
2006.0/i586/libimlib2_1-1.2.1-1.2.20060mdk.i586.rpm
971783221a16e7afbd9b6142aab4de35
2006.0/i586/libimlib2_1-devel-1.2.1-1.2.20060mdk.i586.rpm
41b4415dfb63f51b6f5f980ef58f685f
2006.0/i586/libimlib2_1-filters-1.2.1-1.2.20060mdk.i586.rpm
69ad32ff42eeef614c23bb419a0eaf3e
2006.0/i586/libimlib2_1-loaders-1.2.1-1.2.20060mdk.i586.rpm
1188a1e19ae5d8563ae2a325d3ea987f
2006.0/SRPMS/imlib2-1.2.1-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
5a4980871ffe61c3882c41533c13b97a
2006.0/x86_64/imlib2-data-1.2.1-1.2.20060mdk.x86_64.rpm
c4531cab09bd2e5d6653df5969f7981c
2006.0/x86_64/lib64imlib2_1-1.2.1-1.2.20060mdk.x86_64.rpm
d7531e7c9c3620fa35b05d5415a9676b
2006.0/x86_64/lib64imlib2_1-devel-1.2.1-1.2.20060mdk.x86_64.rpm
ff216ddb7de205c49faf18b9e435821c
2006.0/x86_64/lib64imlib2_1-filters-1.2.1-1.2.20060mdk.x86_64.rpm

e669ec08c9fce8a583e28f29b28d9e66
2006.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.2.20060mdk.x86_64.rpm

1188a1e19ae5d8563ae2a325d3ea987f
2006.0/SRPMS/imlib2-1.2.1-1.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
adf7ed6fccaddac90171085ece7daf20
2007.0/i586/imlib2-data-1.2.2-3.1mdv2007.0.i586.rpm
b03291bafed20868ba340925ff9ecef2
2007.0/i586/libimlib2_1-1.2.2-3.1mdv2007.0.i586.rpm
4cfd43e98f2866b5d57750f4f6c45663
2007.0/i586/libimlib2_1-devel-1.2.2-3.1mdv2007.0.i586.rpm
99231eaa46f95b43fbef8be44ee36193
2007.0/i586/libimlib2_1-filters-1.2.2-3.1mdv2007.0.i586.rpm
5ff7de44c82d49ebf5be654bf0effe50
2007.0/i586/libimlib2_1-loaders-1.2.2-3.1mdv2007.0.i586.rpm
99ad9ff6aaddce3d73bc8a47d2bb73ea
2007.0/SRPMS/imlib2-1.2.2-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
604bf6917fd4413a204695fb65c15110
2007.0/x86_64/imlib2-data-1.2.2-3.1mdv2007.0.x86_64.rpm
b3f8bb8fc561b4d0d48fb6b7640a3b84
2007.0/x86_64/lib64imlib2_1-1.2.2-3.1mdv2007.0.x86_64.rpm
af12fa122091d2ccdafdd21416df3309
2007.0/x86_64/lib64imlib2_1-devel-1.2.2-3.1mdv2007.0.x86_64.rpm
85e4911818f812c2ddc99d3cf62f3df0
2007.0/x86_64/lib64imlib2_1-filters-1.2.2-3.1mdv2007.0.x86_64.rpm

0ed6d6cfe90315ca12405027f8031958
2007.0/x86_64/lib64imlib2_1-loaders-1.2.2-3.1mdv2007.0.x86_64.rpm

99ad9ff6aaddce3d73bc8a47d2bb73ea
2007.0/SRPMS/imlib2-1.2.2-3.1mdv2007.0.src.rpm

Corporate 3.0:
610276f332b6ce30ea2ada19b80bdb1f
corporate/3.0/i586/libimlib2_1-1.0.6-4.3.C30mdk.i586.rpm
ce31f301a4cec25ba6a86732d6600805
corporate/3.0/i586/libimlib2_1-devel-1.0.6-4.3.C30mdk.i586.rpm
f178557deeda2fa53f08481985aeee99
corporate/3.0/i586/libimlib2_1-filters-1.0.6-4.3.C30mdk.i586.rpm

b9165cc9a103e80e13cd4835c5874a54
corporate/3.0/i586/libimlib2_1-loaders-1.0.6-4.3.C30mdk.i586.rpm

4b5f84a49162012ca7cee030566c0461
corporate/3.0/SRPMS/imlib2-1.0.6-4.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
a37ad5a95f5a3519e2f3090b71f9de99
corporate/3.0/x86_64/lib64imlib2_1-1.0.6-4.3.C30mdk.x86_64.rpm
148ab2ef27ed87405a29b0a394827887
corporate/3.0/x86_64/lib64imlib2_1-devel-1.0.6-4.3.C30mdk.x86_64.rpm

ef6ffbe6ea2ec16d714a6a4261e9bce6
corporate/3.0/x86_64/lib64imlib2_1-filters-1.0.6-4.3.C30mdk.x86_64.rpm

9a7d3ee335ba971731ef1230927fad88
corporate/3.0/x86_64/lib64imlib2_1-loaders-1.0.6-4.3.C30mdk.x86_64.rpm

4b5f84a49162012ca7cee030566c0461
corporate/3.0/SRPMS/imlib2-1.0.6-4.3.C30mdk.src.rpm

Corporate 4.0:
dd7675dc08d6ed462d9f9fee4450815e
corporate/4.0/i586/imlib2-data-1.2.1-1.2.20060mlcs4.i586.rpm
8285e3db5134485c0cfacbcebfa21389
corporate/4.0/i586/libimlib2_1-1.2.1-1.2.20060mlcs4.i586.rpm
2baef0ec63ad09924239a67e9d5baf35
corporate/4.0/i586/libimlib2_1-devel-1.2.1-1.2.20060mlcs4.i586.rpm

a30ffb7bcdaba5cec2d7cd1723c71a1a
corporate/4.0/i586/libimlib2_1-filters-1.2.1-1.2.20060mlcs4.i586.rpm

b4ec86646ebf5aa73311ad7aeb2117c2
corporate/4.0/i586/libimlib2_1-loaders-1.2.1-1.2.20060mlcs4.i586.rpm

f324a900203b4ba24b4e098f2cd15f69
corporate/4.0/SRPMS/imlib2-1.2.1-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
a7f9c11f9cf129e153877dd7a9456b3e
corporate/4.0/x86_64/imlib2-data-1.2.1-1.2.20060mlcs4.x86_64.rpm

aa3126674dc6a3570de937e94bc51943
corporate/4.0/x86_64/lib64imlib2_1-1.2.1-1.2.20060mlcs4.x86_64.rpm

187f51f0f84ba40258da7646992a38df
corporate/4.0/x86_64/lib64imlib2_1-devel-1.2.1-1.2.20060mlcs4.x86_64.rpm

7e8303c8b70fcc89e1c88e5d3fb61233
corporate/4.0/x86_64/lib64imlib2_1-filters-1.2.1-1.2.20060mlcs4.x86_64.rpm

c888c645504811b52b240d473ad4e23f
corporate/4.0/x86_64/lib64imlib2_1-loaders-1.2.1-1.2.20060mlcs4.x86_64.rpm

f324a900203b4ba24b4e098f2cd15f69
corporate/4.0/SRPMS/imlib2-1.2.1-1.2.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:199
http://www.mandriva.com/security/


Package : libx11
Date : November 6, 2006
Affected: 2007.0


Problem Description:

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11
1.0.2 and 1.0.3 opens a file for reading twice using the same file
descriptor, which causes a file descriptor leak that allows local
users to read files specified by the XCOMPOSEFILE environment
variable via the duplicate file descriptor.

Updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397


Updated Packages:

Mandriva Linux 2007.0:
ed3642c63b1640928ebd8e997da0fd1e
2007.0/i586/libx11_6-1.0.3-2.1mdv2007.0.i586.rpm
9bf6292e8d6c030b0304efc06912cb5c
2007.0/i586/libx11_6-devel-1.0.3-2.1mdv2007.0.i586.rpm
095b10889206e2c6b012eca03547e6c0
2007.0/i586/libx11_6-static-devel-1.0.3-2.1mdv2007.0.i586.rpm
fa6548ef7176c5a6e460ef9fffe077cd
2007.0/i586/libx11-common-1.0.3-2.1mdv2007.0.i586.rpm
968b2c951219986d64411b8c893463af
2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
d32213d0ffd578d1bcc559557ce9a56d
2007.0/x86_64/lib64x11_6-1.0.3-2.1mdv2007.0.x86_64.rpm
a93c8ea58f95f84d339f84a71476cf52
2007.0/x86_64/lib64x11_6-devel-1.0.3-2.1mdv2007.0.x86_64.rpm
0209595d4383b158efd2156f92f3fa89
2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.1mdv2007.0.x86_64.rpm

498a8fb81c8f94b708467b112deae6be
2007.0/x86_64/libx11-common-1.0.3-2.1mdv2007.0.x86_64.rpm
968b2c951219986d64411b8c893463af
2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:200
http://www.mandriva.com/security/


Package : rpm
Date : November 7, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi
Network Firewall 2.0


Problem Description:

A heap-based buffer overflow was discovered in librpm when the
LANG or LC_ALL environment variable is set to ru_RU.UTF-8 (and
possibly other locales), which could allow for user-assisted
attackers to execute arbitrary code via crafted RPM packages.

Updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212833


Updated Packages:

Mandriva Linux 2006.0:
b3fe19c583086bcbe6fe1adf8ebd67f9
2006.0/i586/libpopt0-1.10.2-4.1.20060mdk.i586.rpm
a299990527f43947f04ee849b6ccfe8a
2006.0/i586/libpopt0-devel-1.10.2-4.1.20060mdk.i586.rpm
530ffd2b719a8a9565ddbd33c73ddc58
2006.0/i586/librpm4.4-4.4.2-4.1.20060mdk.i586.rpm
52cfd81dc7b1edf2a37a2f473281a456
2006.0/i586/librpm4.4-devel-4.4.2-4.1.20060mdk.i586.rpm
263429da4f90f2404c7d45f4ed9ab469
2006.0/i586/popt-data-1.10.2-4.1.20060mdk.i586.rpm
32f2ab6511b34c2483fe08ca510ee185
2006.0/i586/python-rpm-4.4.2-4.1.20060mdk.i586.rpm
0e1f62683fbc9233fb155e66e50cd405
2006.0/i586/rpm-4.4.2-4.1.20060mdk.i586.rpm
f8dee8f612d28cdc5a9587289ddbbdd9
2006.0/i586/rpm-build-4.4.2-4.1.20060mdk.i586.rpm
5f7eb369ce3e98bf38200249f49ebc51
2006.0/SRPMS/rpm-4.4.2-4.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
bb14640ab8713c5b3f44cd15a6cbfd72
2006.0/x86_64/lib64popt0-1.10.2-4.1.20060mdk.x86_64.rpm
5d4bd203f9844115a53fee6de190dabd
2006.0/x86_64/lib64popt0-devel-1.10.2-4.1.20060mdk.x86_64.rpm
f242a162132559012189d600c38e21f3
2006.0/x86_64/lib64rpm4.4-4.4.2-4.1.20060mdk.x86_64.rpm
4a17a2fd93eb74a639c58138396e8b89
2006.0/x86_64/lib64rpm4.4-devel-4.4.2-4.1.20060mdk.x86_64.rpm
aac88e00af81aafbda4b0170c87871af
2006.0/x86_64/popt-data-1.10.2-4.1.20060mdk.x86_64.rpm
3b03bfdd11a0d85fe2a8371b41047672
2006.0/x86_64/python-rpm-4.4.2-4.1.20060mdk.x86_64.rpm
2f13fe1a05869bbc014872ba94adc651
2006.0/x86_64/rpm-4.4.2-4.1.20060mdk.x86_64.rpm
ab18d859a504eb187f75c1b4485a2faa
2006.0/x86_64/rpm-build-4.4.2-4.1.20060mdk.x86_64.rpm
5f7eb369ce3e98bf38200249f49ebc51
2006.0/SRPMS/rpm-4.4.2-4.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
a75aec8f4db96e061788e150c3fbd3f3
2007.0/i586/libpopt0-1.10.6-10.1mdv2007.0.i586.rpm
54633d6a05bafe5a2c6d94849810ac75
2007.0/i586/libpopt0-devel-1.10.6-10.1mdv2007.0.i586.rpm
5aa3a3c773dd1524e28af4a45d6d6e5c
2007.0/i586/librpm4.4-4.4.6-10.1mdv2007.0.i586.rpm
ac7d8b20b6e3054b062b6ffe3b652b9d
2007.0/i586/librpm4.4-devel-4.4.6-10.1mdv2007.0.i586.rpm
76a3d169fa999f3a2051152e875b0808
2007.0/i586/perl-RPM-0.66-16.1mdv2007.0.i586.rpm
edce96423e51a56fe6803d9722a764d6
2007.0/i586/popt-data-1.10.6-10.1mdv2007.0.i586.rpm
7245317fdbb0e3d8773a75e5da71d796
2007.0/i586/python-rpm-4.4.6-10.1mdv2007.0.i586.rpm
d52b92cd397740be24a610fb44bea279
2007.0/i586/rpm-4.4.6-10.1mdv2007.0.i586.rpm
b149eab9008351135d615b4e69d88d78
2007.0/i586/rpm-build-4.4.6-10.1mdv2007.0.i586.rpm
0104fb281a097447faca48e642821df7
2007.0/SRPMS/rpm-4.4.6-10.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
fff2a71466af9a6e23583a4ea854258c
2007.0/x86_64/lib64popt0-1.10.6-10.1mdv2007.0.x86_64.rpm
97602d4b17422835e55cafad1883cca5
2007.0/x86_64/lib64popt0-devel-1.10.6-10.1mdv2007.0.x86_64.rpm
a5d31e5202cee164878500d00134eb3d
2007.0/x86_64/lib64rpm4.4-4.4.6-10.1mdv2007.0.x86_64.rpm
88c90b1670b128e784fda4290973351d
2007.0/x86_64/lib64rpm4.4-devel-4.4.6-10.1mdv2007.0.x86_64.rpm
bd74199394643d4ef13829fcd4fb27ab
2007.0/x86_64/perl-RPM-0.66-16.1mdv2007.0.x86_64.rpm
d73e492a7290a6c12f500aff926c22b2
2007.0/x86_64/popt-data-1.10.6-10.1mdv2007.0.x86_64.rpm
45dc5f66d45a6f4574f9e59d690e711c
2007.0/x86_64/python-rpm-4.4.6-10.1mdv2007.0.x86_64.rpm
08b83d32b1eddc88dc39ee095ea15a9b
2007.0/x86_64/rpm-4.4.6-10.1mdv2007.0.x86_64.rpm
18137bb3a65c0685a013f61f8b8aa173
2007.0/x86_64/rpm-build-4.4.6-10.1mdv2007.0.x86_64.rpm
0104fb281a097447faca48e642821df7
2007.0/SRPMS/rpm-4.4.6-10.1mdv2007.0.src.rpm

Corporate 3.0:
2f46b029bb818d93841b37d554d98475
corporate/3.0/i586/popt-1.8.2-10.1.C30mdk.i586.rpm
52b641b4a54c58524fd8f57f01f5423b
corporate/3.0/i586/popt-devel-1.8.2-10.1.C30mdk.i586.rpm
c78959edbe4de59934f77d41d050823e
corporate/3.0/i586/rpm-4.2.2-10.1.C30mdk.i586.rpm
5c6e0c9d68bff54ab4ca8bff92c70f72
corporate/3.0/i586/rpm-build-4.2.2-10.1.C30mdk.i586.rpm
5740c2383e15dc9fe63c9a39a8f886af
corporate/3.0/i586/rpm-devel-4.2.2-10.1.C30mdk.i586.rpm
2da1896a1365e8397093cc4a4a315a17
corporate/3.0/i586/rpm-python-4.2.2-10.1.C30mdk.i586.rpm
0c7c6512006a56dcf99f667eb28fadb0
corporate/3.0/SRPMS/rpm-4.2.2-10.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
c7f732b381ff418753de9ba382f42a38
corporate/3.0/x86_64/popt-1.8.2-10.1.C30mdk.x86_64.rpm
9f343b17fa43f66baeb93f44ac8bd3d9
corporate/3.0/x86_64/popt-devel-1.8.2-10.1.C30mdk.x86_64.rpm
71f374527714fc2e0be45609d7c9e956
corporate/3.0/x86_64/rpm-4.2.2-10.1.C30mdk.x86_64.rpm
9ca03a9feb16989ee767450a2cedfad3
corporate/3.0/x86_64/rpm-build-4.2.2-10.1.C30mdk.x86_64.rpm
988521e1ba9007e3e88d7271a2bcc574
corporate/3.0/x86_64/rpm-devel-4.2.2-10.1.C30mdk.x86_64.rpm
d6071284bb55b081419470a199f92f27
corporate/3.0/x86_64/rpm-python-4.2.2-10.1.C30mdk.x86_64.rpm
0c7c6512006a56dcf99f667eb28fadb0
corporate/3.0/SRPMS/rpm-4.2.2-10.1.C30mdk.src.rpm

Corporate 4.0:
60b65100c5078653e358b29b3a70b151
corporate/4.0/i586/libpopt0-1.10.2-4.1.20060mlcs4.i586.rpm
ab3e365a2f7b6b42e841f265d5c68df8
corporate/4.0/i586/libpopt0-devel-1.10.2-4.1.20060mlcs4.i586.rpm

e3c3b28c10ae1f448e4f092d7b77b9e5
corporate/4.0/i586/librpm4.4-4.4.2-4.1.20060mlcs4.i586.rpm
bd659e36ab98b5c97841a82991e42893
corporate/4.0/i586/librpm4.4-devel-4.4.2-4.1.20060mlcs4.i586.rpm

8a00b925fd10cda6046cac3816efd244
corporate/4.0/i586/popt-data-1.10.2-4.1.20060mlcs4.i586.rpm
a5af248a596e144895bc57abab04d3ed
corporate/4.0/i586/python-rpm-4.4.2-4.1.20060mlcs4.i586.rpm
47fdc7ecf5027824b7964c5f5595947e
corporate/4.0/i586/rpm-4.4.2-4.1.20060mlcs4.i586.rpm
4d3313d1f7d9f5cd5361d344631179a3
corporate/4.0/i586/rpm-build-4.4.2-4.1.20060mlcs4.i586.rpm
1270301a80dba2b81e4a0c320fbfbe1c
corporate/4.0/SRPMS/rpm-4.4.2-4.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
548bfdd47ad60fca2c30ab19d4bab7b1
corporate/4.0/x86_64/lib64popt0-1.10.2-4.1.20060mlcs4.x86_64.rpm

98306a9c291d77934c03d7e42e33f0b6
corporate/4.0/x86_64/lib64popt0-devel-1.10.2-4.1.20060mlcs4.x86_64.rpm

e09894f0501d95e5357e09afc3713a93
corporate/4.0/x86_64/lib64rpm4.4-4.4.2-4.1.20060mlcs4.x86_64.rpm

c6143376c0afc117022e6a5b83ac9e70
corporate/4.0/x86_64/lib64rpm4.4-devel-4.4.2-4.1.20060mlcs4.x86_64.rpm

d83c5d8652dbf5e53f98fb1513cda7ca
corporate/4.0/x86_64/popt-data-1.10.2-4.1.20060mlcs4.x86_64.rpm
acf21af1fb2b3604f3b88bd37615bbd4
corporate/4.0/x86_64/python-rpm-4.4.2-4.1.20060mlcs4.x86_64.rpm
f2d402a53ebff90949a4b6dc94ec0e0b
corporate/4.0/x86_64/rpm-4.4.2-4.1.20060mlcs4.x86_64.rpm
40c08ef5cd6a733e8db92f483bc8e119
corporate/4.0/x86_64/rpm-build-4.4.2-4.1.20060mlcs4.x86_64.rpm
1270301a80dba2b81e4a0c320fbfbe1c
corporate/4.0/SRPMS/rpm-4.4.2-4.1.20060mlcs4.src.rpm

Multi Network Firewall Unsaved Document 12.0:
9e79dfbf56472d3c8dc0ab385484845b
mnf/2.0/i586/popt-1.8.2-7.1.M20mdk.i586.rpm
54eb886096865de5dde3e16a19107d73
mnf/2.0/i586/popt-devel-1.8.2-7.1.M20mdk.i586.rpm
9f0096674b5fd8f0d4b31606bb72699a
mnf/2.0/i586/rpm-4.2.2-7.1.M20mdk.i586.rpm
fa1f75f9f0ba9d54adde6aaa1034cab8
mnf/2.0/i586/rpm-build-4.2.2-7.1.M20mdk.i586.rpm
f9259895086c858a718611b5c34ae452
mnf/2.0/i586/rpm-devel-4.2.2-7.1.M20mdk.i586.rpm
f4665775866409e8d1aae83cd9feaf9b
mnf/2.0/i586/rpm-python-4.2.2-7.1.M20mdk.i586.rpm
d0314a43421e91d5955d8bca0f3d35e0
mnf/2.0/SRPMS/rpm-4.2.2-7.1.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Ubuntu


Ubuntu Security Notice USN-376-2 November 06, 2006 imlib2
regression fix
https://launchpad.net/bugs/70278


A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
libimlib2 1.2.0-2.2ubuntu2.2

Ubuntu 6.06 LTS:
libimlib2 1.2.1-2ubuntu0.2

Ubuntu 6.10:
libimlib2 1.2.1-2ubuntu1.2

In general, a standard system upgrade is sufficient to effect
the necessary changes.

Details follow:

USN-376-1 provided an update to imlib2 to fix several security
vulnerabilities. Unfortunately the update broke JPG file handling
in certain situations. This update corrects this problem. We
apologize for the inconvenience.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0-2.2ubuntu2.2.diff.gz

      Size/MD5: 100818
e8dff95caa549ea2fd1af7d2de9aee58
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0-2.2ubuntu2.2.dsc

      Size/MD5: 749
f9049d9ca97993d4cd056e6c2c86bb63
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0.orig.tar.gz

      Size/MD5: 891164
dfc6d3cc270354af22ef9b5e3b312003

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.2_amd64.deb

      Size/MD5: 343112
3fb67561e36117ed6d99d7e8e42ac6aa
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.2_amd64.deb

      Size/MD5: 206720
f88f40f4418e06026eccac8eca559548

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.2_i386.deb

      Size/MD5: 300406
20d1688b9bbf22d33e5c6d77df6dca4e
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.2_i386.deb

      Size/MD5: 193222
17875024cb41610c963083e40646a0d2

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.2_powerpc.deb

      Size/MD5: 341300
96cf4ecab8533b81e33f563ef278a06b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.2_powerpc.deb

      Size/MD5: 213404
7b70d0c52f571934d204859ee4d96d63

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.2_sparc.deb

      Size/MD5: 320952
f38291aa97591734498e2ba98a73c9d7
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.2_sparc.deb

      Size/MD5: 197394
4005474dbfcdc9d4f44acc2a885c7e14

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.2.diff.gz

      Size/MD5: 104753
4e1e182e906e259dc9a2586fa0174f29
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.2.dsc

      Size/MD5: 745
fe3d81e99a36ed39794e503cdbdd10f3
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz

      Size/MD5: 911360
deb3c9713339fe9ca964e100cce42cd1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.2_amd64.deb

      Size/MD5: 351960
b5c0beb546499b2e514f4ad9c839c5c5
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.2_amd64.deb

      Size/MD5: 214428
7d279f8b198dbb91dd7a12a1b00b9000

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.2_i386.deb

      Size/MD5: 302276
945559a74bcbbd2ebcf70b4f66a6d5ce
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.2_i386.deb

      Size/MD5: 193240
200c49dce9e76b1bda7a04dbc91feef0

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.2_powerpc.deb

      Size/MD5: 341740
17c3a1a0df09b9adb1c0d96e72198139
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.2_powerpc.deb

      Size/MD5: 212664
8725b495a363c158b0c0635bf62037e8

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.2_sparc.deb

      Size/MD5: 317986
db59965eb6b628176cad489c36e65387
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.2_sparc.deb

      Size/MD5: 193972
24e908087ce009babc6f09c5a674ee68

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu1.2.diff.gz

      Size/MD5: 104781
90169057fab62f3b75a76b3c28448c85
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu1.2.dsc

      Size/MD5: 745
ec9d548c0b036b28e4dcd18befb6d85a
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz

      Size/MD5: 911360
deb3c9713339fe9ca964e100cce42cd1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.2_amd64.deb

      Size/MD5: 354252
847ee621197a9bf5d770ea3fb017bd80
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.2_amd64.deb

      Size/MD5: 218454
f9d16f6228524c9d0f60e82a0e6b1a80

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.2_i386.deb

      Size/MD5: 318144
f6d02165ee217cb302ef5ff673eff5f6
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.2_i386.deb

      Size/MD5: 202868
1ce98d7ade3518e4bcb1fe39dc01a700

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.2_powerpc.deb

      Size/MD5: 345836
27a9c89433973b6087fd43c2810ca95b
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.2_powerpc.deb

      Size/MD5: 218072
b0f9911799c1a06577a2f2dc4e0baa36

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.2_sparc.deb

      Size/MD5: 324238
58c0100339f7439c1276e8855dce9dac
    http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.2_sparc.deb

      Size/MD5: 198208
2d2cf4ba67afa01c918d90405589828a

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis