-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:113 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tetex Date : June 27, 2006 Affected: 10.2, 2006.0 _______________________________________________________________________ Problem Description: Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Tetex contains an embedded copy of the GD library code. (CAN-2004-0941) The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. Tetex contains an embedded copy of the GD library code. (CVE-2006-2906) Updated packages have been patched to address both issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: 5bcf729ccb4caca85d8d2142293b2d77 10.2/RPMS/jadetex-3.12-106.2.102mdk.i586.rpm bc31e31b117e2a751da7849907df917c 10.2/RPMS/tetex-3.0-8.2.102mdk.i586.rpm 0910bcc1bce95b11963262c3b722fc47 10.2/RPMS/tetex-afm-3.0-8.2.102mdk.i586.rpm a3eac32b19e1c212c6ec8bf5ba6ca34a 10.2/RPMS/tetex-context-3.0-8.2.102mdk.i586.rpm b4a7db5b9c127e2399afdaf478f1141f 10.2/RPMS/tetex-devel-3.0-8.2.102mdk.i586.rpm 9679b875893e7a5d283802472cf784eb 10.2/RPMS/tetex-doc-3.0-8.2.102mdk.i586.rpm 3b250dbb1aa85b427f149eeb7b93bee5 10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.i586.rpm 2af97694741d1589b9d4f4e9e2fff794 10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.i586.rpm 713efa8fa744a3cb344ec016c7892be3 10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.i586.rpm 8646db9366788d889c03333975a58fb3 10.2/RPMS/tetex-latex-3.0-8.2.102mdk.i586.rpm 4b2bb6743bdda9afc4acaa5e9886eaf5 10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.i586.rpm b2f6632e88505d5449369f352bd3defe 10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.i586.rpm 4c6665db413bc2763e671368c594b96d 10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.i586.rpm 95689eb1cd6a82f24063af60dd6f6427 10.2/RPMS/xmltex-1.9-54.2.102mdk.i586.rpm 73dffa296703ab7de146d3fbe811ab10 10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: e67d983720943369fde6b38fadae015a x86_64/10.2/RPMS/jadetex-3.12-106.2.102mdk.x86_64.rpm 75416081cfc3cdf6a8ccfe689618cae8 x86_64/10.2/RPMS/tetex-3.0-8.2.102mdk.x86_64.rpm 81ad797551550873a29f408bd0740ac7 x86_64/10.2/RPMS/tetex-afm-3.0-8.2.102mdk.x86_64.rpm 37f969186982784662e8ea84acd93713 x86_64/10.2/RPMS/tetex-context-3.0-8.2.102mdk.x86_64.rpm d20f39d3ef368502677cb5e137c41831 x86_64/10.2/RPMS/tetex-devel-3.0-8.2.102mdk.x86_64.rpm 29717e89753a6566846d77c38d0ea661 x86_64/10.2/RPMS/tetex-doc-3.0-8.2.102mdk.x86_64.rpm ed84f2352218a281b3e926a00be8503c x86_64/10.2/RPMS/tetex-dvilj-3.0-8.2.102mdk.x86_64.rpm 09c946780c1bee9c2c66fbc0456d3225 x86_64/10.2/RPMS/tetex-dvipdfm-3.0-8.2.102mdk.x86_64.rpm dbd732fc3fbd6b95d4cdf819ce5229a2 x86_64/10.2/RPMS/tetex-dvips-3.0-8.2.102mdk.x86_64.rpm b0c55dba84cf1c9be4f3e04d2ce53e41 x86_64/10.2/RPMS/tetex-latex-3.0-8.2.102mdk.x86_64.rpm 73dcdebb1514d70b2bba997ce3562453 x86_64/10.2/RPMS/tetex-mfwin-3.0-8.2.102mdk.x86_64.rpm 95f4fa468924bd6be520da4dde69d379 x86_64/10.2/RPMS/tetex-texi2html-3.0-8.2.102mdk.x86_64.rpm 54cfa5d726e5b53a2811e601c351b8c9 x86_64/10.2/RPMS/tetex-xdvi-3.0-8.2.102mdk.x86_64.rpm 1ed4d39c162d2153a7741effdedcd7ad x86_64/10.2/RPMS/xmltex-1.9-54.2.102mdk.x86_64.rpm 73dffa296703ab7de146d3fbe811ab10 x86_64/10.2/SRPMS/tetex-3.0-8.2.102mdk.src.rpm Mandriva Linux 2006.0: c0cc16cb92ca140fa0cd77ab3082334c 2006.0/RPMS/jadetex-3.12-110.2.20060mdk.i586.rpm 2a599e06878cfd913ee2460352d18833 2006.0/RPMS/tetex-3.0-12.2.20060mdk.i586.rpm 80577accadf3ccede359d1c305e3cb62 2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.i586.rpm b1e27b6283a17194ef4feead5033b939 2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.i586.rpm e735ccd87def0f4a8bf1262aa3d92ca6 2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.i586.rpm dbd71f3daf27a1bafba42eb0051f2fab 2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.i586.rpm eea80943eaef26d2d0d40d4ef7e183aa 2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.i586.rpm 05ce22c18eb82c10a6306cbe8d2446fa 2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.i586.rpm 0d1270c9b9f940d3206aaa1be682b1cf 2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.i586.rpm 962a78f23d0607544ffa35045b7af955 2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.i586.rpm 4e823ca61b25f0285c75dc1886947e73 2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.i586.rpm 44df21439b36aa5e9b60055b4f77936d 2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.i586.rpm 8eab912c43ee68f35cdd1f9480d5951c 2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.i586.rpm 6d8ba515e52f4abfd54dd306174462c7 2006.0/RPMS/xmltex-1.9-58.2.20060mdk.i586.rpm 81d035449228282e7a72419f4b260e7a 2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 0466f60289f9ce688130e6d0a508e8bc x86_64/2006.0/RPMS/jadetex-3.12-110.2.20060mdk.x86_64.rpm faf6465bf63a2f6719def5d3fb17ef17 x86_64/2006.0/RPMS/tetex-3.0-12.2.20060mdk.x86_64.rpm 32f99226647319d5347d19077788bd5b x86_64/2006.0/RPMS/tetex-afm-3.0-12.2.20060mdk.x86_64.rpm 1d1aaee40dad532423173ccea3849e75 x86_64/2006.0/RPMS/tetex-context-3.0-12.2.20060mdk.x86_64.rpm 10d68d89752022e5bdf74ff0b07f1884 x86_64/2006.0/RPMS/tetex-devel-3.0-12.2.20060mdk.x86_64.rpm 309c4b8d26fd7b6531b9ab183256191c x86_64/2006.0/RPMS/tetex-doc-3.0-12.2.20060mdk.x86_64.rpm 1afd5620adaad5e7a43a5f5b08aec37d x86_64/2006.0/RPMS/tetex-dvilj-3.0-12.2.20060mdk.x86_64.rpm db2d9cc973c213cc3abe78bdf919c4bc x86_64/2006.0/RPMS/tetex-dvipdfm-3.0-12.2.20060mdk.x86_64.rpm e1dffcb652dc8d246d0da1ec6620bd05 x86_64/2006.0/RPMS/tetex-dvips-3.0-12.2.20060mdk.x86_64.rpm e792f17a436aae19883b979f32c08a33 x86_64/2006.0/RPMS/tetex-latex-3.0-12.2.20060mdk.x86_64.rpm b992bf51cb291e396a4a7f5d75bd2e84 x86_64/2006.0/RPMS/tetex-mfwin-3.0-12.2.20060mdk.x86_64.rpm eade7aa0e9665969c8d73bb7909da672 x86_64/2006.0/RPMS/tetex-texi2html-3.0-12.2.20060mdk.x86_64.rpm f1e9462e7213c74bcc59c27242b8d03b x86_64/2006.0/RPMS/tetex-xdvi-3.0-12.2.20060mdk.x86_64.rpm 4d1ade13bb2ffed71cb2f6d45165a672 x86_64/2006.0/RPMS/xmltex-1.9-58.2.20060mdk.x86_64.rpm 81d035449228282e7a72419f4b260e7a x86_64/2006.0/SRPMS/tetex-3.0-12.2.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEoa+vmqjQ0CJFipgRAmsqAKCDUHSEmHsPgDtQw43QlcPkN0HbnACfQrNM aLENiehuiJNvmKyOFy6DVuo= =7QK6 -----END PGP SIGNATURE-----
