-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: wxPythonGTK
Advisory ID: MDKSA-2005:144
Date: August 18th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the "YCbCr subsampling" value in TIFF image headers. Decoding
a malicious image with a zero value resulted in an arithmetic exception,
which can cause a program that uses the TIFF library to crash.
wxPythonGTK uses an embedded libtiff source tree, and as such has the
same vulnerability.
The updated packages have been rebuilt using the system libraries and
should now incorporate all the updates to libjpeg, libpng, libtiff and
zlib.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
1792bef2b7c38d434f5c580885918fa9 10.1/RPMS/libwxPythonGTK2.5_2-2.5.2.7-3.1.101mdk.i586.rpm
e74ecbc67fb44bc41c211c9c48d99bf2 10.1/RPMS/libwxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk.i586.rpm
cbc0ab1e5ff4890e6ca773bc106a22ba 10.1/RPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.i586.rpm
b9a21a161373a223927041bfb59e9daa 10.1/SRPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
58a22e1baf7b89f5cba1904cc385a62d x86_64/10.1/RPMS/lib64wxPythonGTK2.5_2-2.5.2.7-3.1.101mdk.x86_64.rpm
3416e43ec121b43dd0fa320ced1a1692 x86_64/10.1/RPMS/lib64wxPythonGTK2.5_2-devel-2.5.2.7-3.1.101mdk.x86_64.rpm
04420e8c6fa31ae8266bf1646442665b x86_64/10.1/RPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.x86_64.rpm
b9a21a161373a223927041bfb59e9daa x86_64/10.1/SRPMS/wxPythonGTK-2.5.2.7-3.1.101mdk.src.rpm
Mandrakelinux 10.2:
8deaae175c40b0b2aae1c0a9260e6c5e 10.2/RPMS/libwxPythonGTK2.5_3-2.5.3.1-3.1.102mdk.i586.rpm
b240df592e137d2b429118a51561475f 10.2/RPMS/libwxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk.i586.rpm
142a95ae853496fa62488898a8e22a5c 10.2/RPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.i586.rpm
8a04fcd0d0d70bc22549b20374aa2fc4 10.2/SRPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
3641fdd53027c69755b2026f9868bcd4 x86_64/10.2/RPMS/lib64wxPythonGTK2.5_3-2.5.3.1-3.1.102mdk.x86_64.rpm
a84597c3db0f2f38f493693d0cfbf0d6 x86_64/10.2/RPMS/lib64wxPythonGTK2.5_3-devel-2.5.3.1-3.1.102mdk.x86_64.rpm
f453d626b50c9f8e5fd7b801f06a53c6 x86_64/10.2/RPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.x86_64.rpm
8a04fcd0d0d70bc22549b20374aa2fc4 x86_64/10.2/SRPMS/wxPythonGTK-2.5.3.1-3.1.102mdk.src.rpm
Corporate 3.0:
30310777699ba2bc43269fea791785a6 corporate/3.0/RPMS/libwxPythonGTK2.4-2.4.2.4-2.1.C30mdk.i586.rpm
2ab1c06543b33f2304caa2f75c234a74 corporate/3.0/RPMS/libwxPythonGTK2.4-devel-2.4.2.4-2.1.C30mdk.i586.rpm
1ff251baed6af07e5604521ae8390f06 corporate/3.0/RPMS/wxPythonGTK-2.4.2.4-2.1.C30mdk.i586.rpm
fbf97259f8e496bf20af99c1cacb08b1 corporate/3.0/SRPMS/wxPythonGTK-2.4.2.4-2.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDBOsjmqjQ0CJFipgRAi91AJwOyfuUHD4/Zr5KsndSbEJqAzI7MgCfRb2r
wUXPRILQAr0ZQlQMXBFxZT4=
=6Vnf
-----END PGP SIGNATURE-----
