Home > Security > Advisories


Mandriva Advisories

Package name eog
Date April 16th, 2003
Advisory ID MDKSA-2003:048
Affected versions 9.0, 9.1, CS2.1
Synopsis Updated eog packages fix arbitrary command execution

Problem Description

A vulnerability was discovered in the Eye of GNOME (EOG) program,
version 2.2.0 and earlier, that is used for displaying graphics. A
carefully crafted filename passed to eog could lead to the execution
of arbitrary code as the user executing eog.

Updated Packages

Mandrakelinux 9.0

 c2b6f3e1b6dc4676795d82fbb5d03270  9.0/RPMS/eog-1.0.2-1.1mdk.i586.rpm
3929458c9f13ccd8d102316b5180364f  9.0/SRPMS/eog-1.0.2-1.1mdk.src.rpm

Mandrakelinux 9.1

 4e46d00b4bc623843e626890983dcb7d  9.1/RPMS/eog-2.2.0-1.1mdk.i586.rpm
b2c35125798f3bfef1b43bb9e34e3869  9.1/SRPMS/eog-2.2.0-1.1mdk.src.rpm

Mandrakelinux 9.1/PPC

 0e88dac227e691a431192c7005d78fc4  ppc/9.1/RPMS/eog-2.2.0-1.1mdk.ppc.rpm
b2c35125798f3bfef1b43bb9e34e3869  ppc/9.1/SRPMS/eog-2.2.0-1.1mdk.src.rpm

Corporate Server 2.1

 c2b6f3e1b6dc4676795d82fbb5d03270  corporate/2.1/RPMS/eog-1.0.2-1.1mdk.i586.rpm
3929458c9f13ccd8d102316b5180364f  corporate/2.1/SRPMS/eog-1.0.2-1.1mdk.src.rpm




To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.