-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:023 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libgtop2 Date : January 18, 2007 Affected: 2007.0 _______________________________________________________________________ Problem Description: Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. The updated packages have been patched to correct this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0235 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 9a42ece573e6285e548d3611d905962b 2007.0/i586/libgtop2-2.14.3-1.1mdv2007.0.i586.rpm 015d57a79518ea22832f6fbda39271a2 2007.0/i586/libgtop2.0_7-2.14.3-1.1mdv2007.0.i586.rpm 90c71d829f0ecf9a190cd6f883d7641d 2007.0/i586/libgtop2.0_7-devel-2.14.3-1.1mdv2007.0.i586.rpm d814d8ae476947ff129624b4bbf3c468 2007.0/SRPMS/libgtop2-2.14.3-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 6c29e33986f8edcb030c51c2a3f11284 2007.0/x86_64/lib64gtop2.0_7-2.14.3-1.1mdv2007.0.x86_64.rpm 7686a3045392d92d1f8a0e3e481b2172 2007.0/x86_64/lib64gtop2.0_7-devel-2.14.3-1.1mdv2007.0.x86_64.rpm fd1b70ddc81ee08e70661710883255d5 2007.0/x86_64/libgtop2-2.14.3-1.1mdv2007.0.x86_64.rpm d814d8ae476947ff129624b4bbf3c468 2007.0/SRPMS/libgtop2-2.14.3-1.1mdv2007.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFr8rTmqjQ0CJFipgRAgD7AJ9B68ksXN1Igw3gbiANW6EiWs/UxwCgsCUs 6JCAEa4WflSQgpWuMNP3x48= =0z2K -----END PGP SIGNATURE-----
