[Security Announce] [ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability
Posted on: 12/11/2006 09:10 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:227
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdegraphics
Date : December 11, 2006
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3,
as used by konqueror, digikam, and other KDE image browsers, allows
remote attackers to cause a denial of service (stack consumption) via a
crafted EXIF section in a JPEG file, which results in an infinite
recursion.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6297
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
6e89f3874a96540fa1d4031dcc37a17b 2007.0/i586/kdegraphics-3.5.4-7.1mdv2007.0.i586.rpm
fd7cf5ecd552b43c4b05be3e275fbe9e 2007.0/i586/kdegraphics-common-3.5.4-7.1mdv2007.0.i586.rpm
1fdacd36d0c735b99de188b35262739a 2007.0/i586/kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0.i586.rpm
3810fcfd704c735fdb599d03ccbcf051 2007.0/i586/kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0.i586.rpm
27d179e50c2a4181685df61b9d4831df 2007.0/i586/kdegraphics-kdvi-3.5.4-7.1mdv2007.0.i586.rpm
6ccd33d46c803152086e86efcb891421 2007.0/i586/kdegraphics-kfax-3.5.4-7.1mdv2007.0.i586.rpm
245d01f1f3202d7c15a076d2e0791abd 2007.0/i586/kdegraphics-kghostview-3.5.4-7.1mdv2007.0.i586.rpm
769d98df9e182b949a05120e94d4fbe1 2007.0/i586/kdegraphics-kiconedit-3.5.4-7.1mdv2007.0.i586.rpm
cd41454a7f01fc9ade690a6382267927 2007.0/i586/kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0.i586.rpm
de89292ad4c14021c5ee348c21fac260 2007.0/i586/kdegraphics-kooka-3.5.4-7.1mdv2007.0.i586.rpm
9c3ff4d37861a31d585483fd6fa7ab26 2007.0/i586/kdegraphics-kpdf-3.5.4-7.1mdv2007.0.i586.rpm
e7fb905b1acf999f25b1000f8cd3d6d6 2007.0/i586/kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0.i586.rpm
fd4a51c696a549ca050104e279c65ca2 2007.0/i586/kdegraphics-kruler-3.5.4-7.1mdv2007.0.i586.rpm
b3db1362303e456fcc34aee34e422614 2007.0/i586/kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0.i586.rpm
4d9acb96ddd3f13f3ad5dea86601c595 2007.0/i586/kdegraphics-ksvg-3.5.4-7.1mdv2007.0.i586.rpm
aad7047bd2c78070bd98a141144aa19b 2007.0/i586/kdegraphics-kuickshow-3.5.4-7.1mdv2007.0.i586.rpm
a5183761af7d80c95901b08bc2254513 2007.0/i586/kdegraphics-kview-3.5.4-7.1mdv2007.0.i586.rpm
d71c990067396203ebe90b15a890aaa0 2007.0/i586/kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0.i586.rpm
ac22d45901705b7bea1c55c2dfafaf8d 2007.0/i586/libkdegraphics0-common-3.5.4-7.1mdv2007.0.i586.rpm
60e221b46f5af9d4d11de18e7470a777 2007.0/i586/libkdegraphics0-common-devel-3.5.4-7.1mdv2007.0.i586.rpm
0a42a68e4f7085e7b52b455d02d3e5fc 2007.0/i586/libkdegraphics0-kghostview-3.5.4-7.1mdv2007.0.i586.rpm
c66f95121d95719b8929ea8383373a1a 2007.0/i586/libkdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0.i586.rpm
af3eb8e08afb4e93713f69be96e3a429 2007.0/i586/libkdegraphics0-kooka-3.5.4-7.1mdv2007.0.i586.rpm
d9142070b0b91c15749e8fd9252c3db0 2007.0/i586/libkdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0.i586.rpm
aebc94e07a8a77c3a99ad3a22bef8246 2007.0/i586/libkdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0.i586.rpm
7619c56e202bca1e34b28867dc0ad0e8 2007.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0.i586.rpm
b0395010aa1c01d1001c9543d5f17911 2007.0/i586/libkdegraphics0-ksvg-3.5.4-7.1mdv2007.0.i586.rpm
8ce4847dd75c97724a979299947948bf 2007.0/i586/libkdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0.i586.rpm
bbff80ead5c4dca8723c4c6369303d54 2007.0/i586/libkdegraphics0-kview-3.5.4-7.1mdv2007.0.i586.rpm
6be2fed4e62ac8a1539eea25fb208edc 2007.0/i586/libkdegraphics0-kview-devel-3.5.4-7.1mdv2007.0.i586.rpm
c35cf358df91e4d224a684d63b69c4f3 2007.0/SRPMS/kdegraphics-3.5.4-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
e79cfa9037fd4c26a5b79217a3d79497 2007.0/x86_64/kdegraphics-3.5.4-7.1mdv2007.0.x86_64.rpm
87b00c4fd7fbbac63ed82077caacd2cb 2007.0/x86_64/kdegraphics-common-3.5.4-7.1mdv2007.0.x86_64.rpm
6436ecb6465173e4c06f5f1c296ccbe9 2007.0/x86_64/kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0.x86_64.rpm
a01eb9cc427030f253a40a53e9d84d2c 2007.0/x86_64/kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0.x86_64.rpm
ec5ddf068cdbb6616ea05c714958e1ea 2007.0/x86_64/kdegraphics-kdvi-3.5.4-7.1mdv2007.0.x86_64.rpm
f1b9e09ad9e0cb6a9307dcf9241994b8 2007.0/x86_64/kdegraphics-kfax-3.5.4-7.1mdv2007.0.x86_64.rpm
74ea3d6f6650a01c5cb424b2926b16cb 2007.0/x86_64/kdegraphics-kghostview-3.5.4-7.1mdv2007.0.x86_64.rpm
415180a978a851df625224cdd7c13f77 2007.0/x86_64/kdegraphics-kiconedit-3.5.4-7.1mdv2007.0.x86_64.rpm
88c511450eaaeba69bdf510e277fc4e7 2007.0/x86_64/kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0.x86_64.rpm
230e339f6b524c7c8f93a7a86a3fe30e 2007.0/x86_64/kdegraphics-kooka-3.5.4-7.1mdv2007.0.x86_64.rpm
7e765122e5473f9750a13c2a89f70df1 2007.0/x86_64/kdegraphics-kpdf-3.5.4-7.1mdv2007.0.x86_64.rpm
eb721c17dc6f8dffbf8c3e8ab6dfae0a 2007.0/x86_64/kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0.x86_64.rpm
236129966f43709d4ae891f4c912d62c 2007.0/x86_64/kdegraphics-kruler-3.5.4-7.1mdv2007.0.x86_64.rpm
f2826041cde62e9a4f64d08d97dfee10 2007.0/x86_64/kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0.x86_64.rpm
4a7ec071aa6fbdf97d5909657580edf1 2007.0/x86_64/kdegraphics-ksvg-3.5.4-7.1mdv2007.0.x86_64.rpm
b578717af98f91c6cf025273a409ac8d 2007.0/x86_64/kdegraphics-kuickshow-3.5.4-7.1mdv2007.0.x86_64.rpm
7b62ddadb8cd518d5e8e60b7b5e14ce2 2007.0/x86_64/kdegraphics-kview-3.5.4-7.1mdv2007.0.x86_64.rpm
0b22ef36963b31051dd29d6659a9c7b9 2007.0/x86_64/kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0.x86_64.rpm
d2b5df8246590f1af9958094ccf160d7 2007.0/x86_64/lib64kdegraphics0-common-3.5.4-7.1mdv2007.0.x86_64.rpm
f940f76bd3f6d8a2ed4623f1f4320119 2007.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
b5ee5fd8c6e32a366874f9751f41d87b 2007.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-7.1mdv2007.0.x86_64.rpm
9271721cc1fb1a62f54e46a4d0ff359c 2007.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
679c511a383bcf6f49000b298a1bc284 2007.0/x86_64/lib64kdegraphics0-kooka-3.5.4-7.1mdv2007.0.x86_64.rpm
75ca0c4062caabc331d67ea677c616ee 2007.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
24e3dafdb8cf72305f3fc6232722d557 2007.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0.x86_64.rpm
5122b14c05d93aa5ae1b8184a6ec5680 2007.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
9af5412789b2686795cb70227101c576 2007.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-7.1mdv2007.0.x86_64.rpm
fa830aeb8ef9cee113fc411a8420b461 2007.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
0255428daec795631f0cbe2e7288262d 2007.0/x86_64/lib64kdegraphics0-kview-3.5.4-7.1mdv2007.0.x86_64.rpm
5b35c10c58b1434cd1a8bc0e252580a0 2007.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-7.1mdv2007.0.x86_64.rpm
c35cf358df91e4d224a684d63b69c4f3 2007.0/SRPMS/kdegraphics-3.5.4-7.1mdv2007.0.src.rpm

Corporate 3.0:
2fc94fe9cb1603d382452210242e7d77 corporate/3.0/i586/kdegraphics-3.2-15.13.C30mdk.i586.rpm
25f3a02decd96f02979b6e9d5dfb5b21 corporate/3.0/i586/kdegraphics-common-3.2-15.13.C30mdk.i586.rpm
ffca8e258ced134c3d5b209bd361d390 corporate/3.0/i586/kdegraphics-kdvi-3.2-15.13.C30mdk.i586.rpm
35e9d39b5bb214090f24137092d997c3 corporate/3.0/i586/kdegraphics-kfax-3.2-15.13.C30mdk.i586.rpm
29b648144b6811a07f4c76837be95f32 corporate/3.0/i586/kdegraphics-kghostview-3.2-15.13.C30mdk.i586.rpm
130e18e47bffccd5abdd44b08d0eb3f4 corporate/3.0/i586/kdegraphics-kiconedit-3.2-15.13.C30mdk.i586.rpm
090e96550a552c714e05d807a9af3b55 corporate/3.0/i586/kdegraphics-kooka-3.2-15.13.C30mdk.i586.rpm
6f49e3dad0a816fbbe53e72bdfaccc94 corporate/3.0/i586/kdegraphics-kpaint-3.2-15.13.C30mdk.i586.rpm
ebf5f34644cb198cb2f2f20d1fb09308 corporate/3.0/i586/kdegraphics-kpdf-3.2-15.13.C30mdk.i586.rpm
88347612742492086ae2a06294a42d0a corporate/3.0/i586/kdegraphics-kpovmodeler-3.2-15.13.C30mdk.i586.rpm
80de2293b4e7c0a9ae849b175b391198 corporate/3.0/i586/kdegraphics-kruler-3.2-15.13.C30mdk.i586.rpm
3641f635fd16be1c464f89efadca7b09 corporate/3.0/i586/kdegraphics-ksnapshot-3.2-15.13.C30mdk.i586.rpm
634a386d2ac542dcbc2da7fb06726733 corporate/3.0/i586/kdegraphics-ksvg-3.2-15.13.C30mdk.i586.rpm
31179f3561568e582e3fef1ec551cdcb corporate/3.0/i586/kdegraphics-kuickshow-3.2-15.13.C30mdk.i586.rpm
ebf206a03879f0cf7dacf606f870da16 corporate/3.0/i586/kdegraphics-kview-3.2-15.13.C30mdk.i586.rpm
15fb87595432138f486bd78b2da41a49 corporate/3.0/i586/kdegraphics-mrmlsearch-3.2-15.13.C30mdk.i586.rpm
34e6718386e6e6e57e80fb1096f843f8 corporate/3.0/i586/libkdegraphics0-common-3.2-15.13.C30mdk.i586.rpm
c3a1a3e06996647838452c428bb557f2 corporate/3.0/i586/libkdegraphics0-common-devel-3.2-15.13.C30mdk.i586.rpm
dbc772da3012bf55d2f1939f66ae5af6 corporate/3.0/i586/libkdegraphics0-kooka-3.2-15.13.C30mdk.i586.rpm
829beca412e89f2afef07504cfc32a3d corporate/3.0/i586/libkdegraphics0-kooka-devel-3.2-15.13.C30mdk.i586.rpm
c616454fded8ae32ed7c30b713763b7d corporate/3.0/i586/libkdegraphics0-kpovmodeler-3.2-15.13.C30mdk.i586.rpm
4fc6d8b358f75c67e67f454c479a3db7 corporate/3.0/i586/libkdegraphics0-kpovmodeler-devel-3.2-15.13.C30mdk.i586.rpm
418b0e06965439536f57c3aa65461a33 corporate/3.0/i586/libkdegraphics0-ksvg-3.2-15.13.C30mdk.i586.rpm
8254f0ed01d54eec133b863f860d2fb3 corporate/3.0/i586/libkdegraphics0-ksvg-devel-3.2-15.13.C30mdk.i586.rpm
f1f70eb5c715d9b430474dab0047ca84 corporate/3.0/i586/libkdegraphics0-kuickshow-3.2-15.13.C30mdk.i586.rpm
a40e3ba70707158be862d3eeb7ebc1ad corporate/3.0/i586/libkdegraphics0-kview-3.2-15.13.C30mdk.i586.rpm
34b573701e057adf47be21c8c26a77bf corporate/3.0/i586/libkdegraphics0-kview-devel-3.2-15.13.C30mdk.i586.rpm
82af2d9ecd3c94bb2bb9bb384e363175 corporate/3.0/i586/libkdegraphics0-mrmlsearch-3.2-15.13.C30mdk.i586.rpm
118616d1fbbc2a288b0c845b530ab5ba corporate/3.0/SRPMS/kdegraphics-3.2-15.13.C30mdk.src.rpm

Corporate 3.0/X86_64:
e56f8e1452788a6682c63bf12d89c4dc corporate/3.0/x86_64/kdegraphics-3.2-15.13.C30mdk.x86_64.rpm
ea747244ce018b9f7f0fe9e7acda73a2 corporate/3.0/x86_64/kdegraphics-common-3.2-15.13.C30mdk.x86_64.rpm
43f7612469f0530dca0ea13735d7fb21 corporate/3.0/x86_64/kdegraphics-kdvi-3.2-15.13.C30mdk.x86_64.rpm
ce8dccbcf4db264f3dab9bf12e876506 corporate/3.0/x86_64/kdegraphics-kfax-3.2-15.13.C30mdk.x86_64.rpm
605b6cd01214f45dd9472765acd69f1e corporate/3.0/x86_64/kdegraphics-kghostview-3.2-15.13.C30mdk.x86_64.rpm
14eec91200f15fceaf0a7f6e62cb2e52 corporate/3.0/x86_64/kdegraphics-kiconedit-3.2-15.13.C30mdk.x86_64.rpm
a481acd62448ca88e0826d3566609f98 corporate/3.0/x86_64/kdegraphics-kooka-3.2-15.13.C30mdk.x86_64.rpm
3ceb16e8055e9777fd38c91f3e11706a corporate/3.0/x86_64/kdegraphics-kpaint-3.2-15.13.C30mdk.x86_64.rpm
c0c2e035673223cd8602a0838b0598fb corporate/3.0/x86_64/kdegraphics-kpdf-3.2-15.13.C30mdk.x86_64.rpm
df8c5c7111271082ad50fca8ffdf055d corporate/3.0/x86_64/kdegraphics-kpovmodeler-3.2-15.13.C30mdk.x86_64.rpm
79e3e14d8dd7fa7e6349e97f1d9d7b5a corporate/3.0/x86_64/kdegraphics-kruler-3.2-15.13.C30mdk.x86_64.rpm
c09dec0e9b5df4f3d2a2f69cd72c77f2 corporate/3.0/x86_64/kdegraphics-ksnapshot-3.2-15.13.C30mdk.x86_64.rpm
7758c9ebab956ac41e9f3a2d2a6c8a7c corporate/3.0/x86_64/kdegraphics-ksvg-3.2-15.13.C30mdk.x86_64.rpm
702873b7683ebd5043bba05d38a93656 corporate/3.0/x86_64/kdegraphics-kuickshow-3.2-15.13.C30mdk.x86_64.rpm
ac5a46b1098454f4489496e4166c8b5f corporate/3.0/x86_64/kdegraphics-kview-3.2-15.13.C30mdk.x86_64.rpm
56150fe2c88109c86bead8cf09ba04ac corporate/3.0/x86_64/kdegraphics-mrmlsearch-3.2-15.13.C30mdk.x86_64.rpm
8f3a68bb43ef4525eb8c3a6e6117a182 corporate/3.0/x86_64/lib64kdegraphics0-common-3.2-15.13.C30mdk.x86_64.rpm
534eb8871b8983f86d8e63d46df30e10 corporate/3.0/x86_64/lib64kdegraphics0-common-devel-3.2-15.13.C30mdk.x86_64.rpm
cd981a050f0e0c6ae91acced2e52394b corporate/3.0/x86_64/lib64kdegraphics0-kooka-3.2-15.13.C30mdk.x86_64.rpm
c1d1f2d8bcae49bedf6646798cb29453 corporate/3.0/x86_64/lib64kdegraphics0-kooka-devel-3.2-15.13.C30mdk.x86_64.rpm
4aa97e98fa26ddf8ef93f1fd4d1c22e2 corporate/3.0/x86_64/lib64kdegraphics0-kpovmodeler-3.2-15.13.C30mdk.x86_64.rpm
31702c7761c465b7d78177c865fcef2b corporate/3.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.2-15.13.C30mdk.x86_64.rpm
4b50916440138d3ad18af03515eebdf5 corporate/3.0/x86_64/lib64kdegraphics0-ksvg-3.2-15.13.C30mdk.x86_64.rpm
f3be5478fcba1b48a41645859b65b373 corporate/3.0/x86_64/lib64kdegraphics0-ksvg-devel-3.2-15.13.C30mdk.x86_64.rpm
6a2d1c240d284bc741f72a283c990062 corporate/3.0/x86_64/lib64kdegraphics0-kuickshow-3.2-15.13.C30mdk.x86_64.rpm
7590b48293cf62557ff41d1a53896357 corporate/3.0/x86_64/lib64kdegraphics0-kview-3.2-15.13.C30mdk.x86_64.rpm
d39a534a98bc5751f6bcc0d1af3ae408 corporate/3.0/x86_64/lib64kdegraphics0-kview-devel-3.2-15.13.C30mdk.x86_64.rpm
c5f531f3c2798796b7fe5261c1af3c56 corporate/3.0/x86_64/lib64kdegraphics0-mrmlsearch-3.2-15.13.C30mdk.x86_64.rpm
118616d1fbbc2a288b0c845b530ab5ba corporate/3.0/SRPMS/kdegraphics-3.2-15.13.C30mdk.src.rpm

Corporate 4.0:
400b776273133c15a27b3cd0bc7d492a corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.2.20060mlcs4.i586.rpm
43c5da552e05179a7065f19f6153dc21 corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.i586.rpm
fdcff6a1e1770cc4eac9e25028bd427e corporate/4.0/SRPMS/kdegraphics-3.5.4-0.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0d9fe775f62e6cd137875c52a24b5999 corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.2.20060mlcs4.x86_64.rpm
89ac83dc22519c9dc7d2729251dc90c1 corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.x86_64.rpm
fdcff6a1e1770cc4eac9e25028bd427e corporate/4.0/SRPMS/kdegraphics-3.5.4-0.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFfYCCmqjQ0CJFipgRAqW6AKCHKd4zvoi9MG19M4OxqHjS8rp+7gCgpe3y
v/MH2AeKoaHaa/pOOkrTlig=
=eQAa
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006227__updated_kdegraphics_packages_fix_exif_vulnerability.html)