[Security Announce] [ MDKSA-2006:203 ] - Updated texinfo packages fix vulnerability
Posted on: 11/08/2006 04:35 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:203
http://www.mandriva.com/security/
_______________________________________________________________________

Package : texinfo
Date : November 8, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Miloslav Trmac discovered a buffer overflow in texinfo. This issue can
cause texi2dvi or texindex to crash when processing a carefully crafted
file.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
cc1879d0392af708f7c37bca15dd9879 2006.0/i586/info-4.8-1.2.20060mdk.i586.rpm
4c80a4e06e04e28ae6bc9d34d0ce6b9c 2006.0/i586/info-install-4.8-1.2.20060mdk.i586.rpm
84e851c4c094d8259debe9a92da97efd 2006.0/i586/texinfo-4.8-1.2.20060mdk.i586.rpm
f63eeab2e5fd19d6df4d794cc9a0556d 2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
b37fd6f8393fe1a997da4dfcf24e0c6c 2006.0/x86_64/info-4.8-1.2.20060mdk.x86_64.rpm
d3e5f5d3df7464226e370d18d2040d78 2006.0/x86_64/info-install-4.8-1.2.20060mdk.x86_64.rpm
94ad72f47a76488f8fe3000187217e9d 2006.0/x86_64/texinfo-4.8-1.2.20060mdk.x86_64.rpm
f63eeab2e5fd19d6df4d794cc9a0556d 2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
841f25fd2ae052fa135f347d1a321a61 2007.0/i586/info-4.8-4.1mdv2007.0.i586.rpm
d0ba0f48503167816581c5f4166949ad 2007.0/i586/info-install-4.8-4.1mdv2007.0.i586.rpm
c731ee9865530fdbafc445b56b67e5ad 2007.0/i586/texinfo-4.8-4.1mdv2007.0.i586.rpm
b8bf1a5838ac82d4910e9a5e5ea612b4 2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
054058a5ef065bc25d0bb87b36ad3622 2007.0/x86_64/info-4.8-4.1mdv2007.0.x86_64.rpm
5b63631e0cd60e201e14332faf3e30d8 2007.0/x86_64/info-install-4.8-4.1mdv2007.0.x86_64.rpm
cbdda90e9cce0abc9de7fdfab70f593e 2007.0/x86_64/texinfo-4.8-4.1mdv2007.0.x86_64.rpm
b8bf1a5838ac82d4910e9a5e5ea612b4 2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm

Corporate 3.0:
81b5711c0afe51a12aa4458ab0b680c3 corporate/3.0/i586/info-4.6-1.2.C30mdk.i586.rpm
65e67c1be9ca13d7320218e60fab855c corporate/3.0/i586/info-install-4.6-1.2.C30mdk.i586.rpm
fc7f021455259a97412c95b3939ede98 corporate/3.0/i586/texinfo-4.6-1.2.C30mdk.i586.rpm
13d484c70a47aa50038c1f59b514aaaa corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
942bc82c461a5bd53799978b7c7d37ac corporate/3.0/x86_64/info-4.6-1.2.C30mdk.x86_64.rpm
616999400ddebcfc8593bfb47f7a8835 corporate/3.0/x86_64/info-install-4.6-1.2.C30mdk.x86_64.rpm
ad900d22f4e1402ef303aa211109845a corporate/3.0/x86_64/texinfo-4.6-1.2.C30mdk.x86_64.rpm
13d484c70a47aa50038c1f59b514aaaa corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm

Corporate 4.0:
cc0ef9a317302dc40c14d90bbc10200d corporate/4.0/i586/info-4.8-1.2.20060mlcs4.i586.rpm
db1c66093560e85561313346c9e8d110 corporate/4.0/i586/info-install-4.8-1.2.20060mlcs4.i586.rpm
cacd6c6cc8e1f1199d3bfc9efafe53f7 corporate/4.0/i586/texinfo-4.8-1.2.20060mlcs4.i586.rpm
915e8d5f747b0ed558491ed474f3ca4f corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0016ff4dfe7b413ef3dff74d6d5037e2 corporate/4.0/x86_64/info-4.8-1.2.20060mlcs4.x86_64.rpm
4d4b71acc580a419fbb2a8654324a8b7 corporate/4.0/x86_64/info-install-4.8-1.2.20060mlcs4.x86_64.rpm
09f9fcfe879baa6a4296bde478e536c5 corporate/4.0/x86_64/texinfo-4.8-1.2.20060mlcs4.x86_64.rpm
915e8d5f747b0ed558491ed474f3ca4f corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFUckhmqjQ0CJFipgRAq1PAJ4w4mL8uDnDkRGrZYQ7/Mz/8B98kwCggUQo
uHTmSaCDpMEUjAqWp9zkmOM=
=SLd6
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006203__updated_texinfo_packages_fix_vulnerability.html)