[Security Announce] [ MDKSA-2006:109 ] - Updated wv2 packages fix vulnerability
Posted on: 06/21/2006 02:32 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:109
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wv2
Date : June 20, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

A boundary checking error was discovered in the wv2 library, used for
accessing Microsoft Word documents. This error can lead to an integer
overflow induced by processing certain Word files.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2197
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
de94c8e865cf5c1b1a018d9e99be1a2f 2006.0/RPMS/libwv2_1-0.2.2-3.1.20060mdk.i586.rpm
25a43e0933dc84a8328db4c29bfab8f2 2006.0/RPMS/libwv2_1-devel-0.2.2-3.1.20060mdk.i586.rpm
2a6d2bf2a9d22f208ec24aa1f447606b 2006.0/SRPMS/wv2-0.2.2-3.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
fa5f63d79ee02b7f35ca0c0c9e959817 x86_64/2006.0/RPMS/lib64wv2_1-0.2.2-3.1.20060mdk.x86_64.rpm
3aeae3be8616d1ab888a26e8d0e5fbf8 x86_64/2006.0/RPMS/lib64wv2_1-devel-0.2.2-3.1.20060mdk.x86_64.rpm
2a6d2bf2a9d22f208ec24aa1f447606b x86_64/2006.0/SRPMS/wv2-0.2.2-3.1.20060mdk.src.rpm

Corporate 3.0:
145d276e1cb06b5ffe6bc9a79666e64b corporate/3.0/RPMS/libwv2_1-0.2.1-1.1.C30mdk.i586.rpm
148f83cdc9b06a767b47419193a21800 corporate/3.0/RPMS/libwv2_1-devel-0.2.1-1.1.C30mdk.i586.rpm
1ab35d6fc18115a6a3c2cdf1a81fd7dc corporate/3.0/SRPMS/wv2-0.2.1-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
15fcfb9ca05c8e319d6357c4a05d8899 x86_64/corporate/3.0/RPMS/lib64wv2_1-0.2.1-1.1.C30mdk.x86_64.rpm
d717c6ba6190d0f1ce5c92432a7b97f5 x86_64/corporate/3.0/RPMS/lib64wv2_1-devel-0.2.1-1.1.C30mdk.x86_64.rpm
1ab35d6fc18115a6a3c2cdf1a81fd7dc x86_64/corporate/3.0/SRPMS/wv2-0.2.1-1.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEmHDWmqjQ0CJFipgRAos2AJ4ru9DFXgaIKCuhEAmpzU81Xe9tIQCgq/75
BnaT3jkudnBRQOyvNfkFfk4=
=9nFU
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006109__updated_wv2_packages_fix_vulnerability.html)