-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:203 http://www.mandriva.com/security/ _______________________________________________________________________ Package : texinfo Date : November 8, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: cc1879d0392af708f7c37bca15dd9879 2006.0/i586/info-4.8-1.2.20060mdk.i586.rpm 4c80a4e06e04e28ae6bc9d34d0ce6b9c 2006.0/i586/info-install-4.8-1.2.20060mdk.i586.rpm 84e851c4c094d8259debe9a92da97efd 2006.0/i586/texinfo-4.8-1.2.20060mdk.i586.rpm f63eeab2e5fd19d6df4d794cc9a0556d 2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: b37fd6f8393fe1a997da4dfcf24e0c6c 2006.0/x86_64/info-4.8-1.2.20060mdk.x86_64.rpm d3e5f5d3df7464226e370d18d2040d78 2006.0/x86_64/info-install-4.8-1.2.20060mdk.x86_64.rpm 94ad72f47a76488f8fe3000187217e9d 2006.0/x86_64/texinfo-4.8-1.2.20060mdk.x86_64.rpm f63eeab2e5fd19d6df4d794cc9a0556d 2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm Mandriva Linux 2007.0: 841f25fd2ae052fa135f347d1a321a61 2007.0/i586/info-4.8-4.1mdv2007.0.i586.rpm d0ba0f48503167816581c5f4166949ad 2007.0/i586/info-install-4.8-4.1mdv2007.0.i586.rpm c731ee9865530fdbafc445b56b67e5ad 2007.0/i586/texinfo-4.8-4.1mdv2007.0.i586.rpm b8bf1a5838ac82d4910e9a5e5ea612b4 2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 054058a5ef065bc25d0bb87b36ad3622 2007.0/x86_64/info-4.8-4.1mdv2007.0.x86_64.rpm 5b63631e0cd60e201e14332faf3e30d8 2007.0/x86_64/info-install-4.8-4.1mdv2007.0.x86_64.rpm cbdda90e9cce0abc9de7fdfab70f593e 2007.0/x86_64/texinfo-4.8-4.1mdv2007.0.x86_64.rpm b8bf1a5838ac82d4910e9a5e5ea612b4 2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm Corporate 3.0: 81b5711c0afe51a12aa4458ab0b680c3 corporate/3.0/i586/info-4.6-1.2.C30mdk.i586.rpm 65e67c1be9ca13d7320218e60fab855c corporate/3.0/i586/info-install-4.6-1.2.C30mdk.i586.rpm fc7f021455259a97412c95b3939ede98 corporate/3.0/i586/texinfo-4.6-1.2.C30mdk.i586.rpm 13d484c70a47aa50038c1f59b514aaaa corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm Corporate 3.0/X86_64: 942bc82c461a5bd53799978b7c7d37ac corporate/3.0/x86_64/info-4.6-1.2.C30mdk.x86_64.rpm 616999400ddebcfc8593bfb47f7a8835 corporate/3.0/x86_64/info-install-4.6-1.2.C30mdk.x86_64.rpm ad900d22f4e1402ef303aa211109845a corporate/3.0/x86_64/texinfo-4.6-1.2.C30mdk.x86_64.rpm 13d484c70a47aa50038c1f59b514aaaa corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm Corporate 4.0: cc0ef9a317302dc40c14d90bbc10200d corporate/4.0/i586/info-4.8-1.2.20060mlcs4.i586.rpm db1c66093560e85561313346c9e8d110 corporate/4.0/i586/info-install-4.8-1.2.20060mlcs4.i586.rpm cacd6c6cc8e1f1199d3bfc9efafe53f7 corporate/4.0/i586/texinfo-4.8-1.2.20060mlcs4.i586.rpm 915e8d5f747b0ed558491ed474f3ca4f corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0016ff4dfe7b413ef3dff74d6d5037e2 corporate/4.0/x86_64/info-4.8-1.2.20060mlcs4.x86_64.rpm 4d4b71acc580a419fbb2a8654324a8b7 corporate/4.0/x86_64/info-install-4.8-1.2.20060mlcs4.x86_64.rpm 09f9fcfe879baa6a4296bde478e536c5 corporate/4.0/x86_64/texinfo-4.8-1.2.20060mlcs4.x86_64.rpm 915e8d5f747b0ed558491ed474f3ca4f corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFUckhmqjQ0CJFipgRAq1PAJ4w4mL8uDnDkRGrZYQ7/Mz/8B98kwCggUQo uHTmSaCDpMEUjAqWp9zkmOM= =SLd6 -----END PGP SIGNATURE-----
