Advisories
Mandriva Advisories
|
 |
| Problem Description |
A buffer overflow bug was found by Joseph VanAndel in the way that grip
handles data returned by CDDB servers. If a user connected to a
malicious CDDB server, an attacker could execute arbitrary code on the
user's machine.
The updated packages have been patched to correct these issues.
| Updated Packages |
Mandrakelinux 10.0
125e28ae9091cfa5852f89a025a9a886 10.0/RPMS/grip-3.1.4-1.1.100mdk.i586.rpm b37da3355866e7bcd6dcc99b46b08085 10.0/SRPMS/grip-3.1.4-1.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
dee617d6a08a063365e2e3486e534ded amd64/10.0/RPMS/grip-3.1.4-1.1.100mdk.amd64.rpm b37da3355866e7bcd6dcc99b46b08085 amd64/10.0/SRPMS/grip-3.1.4-1.1.100mdk.src.rpm
Mandrakelinux 10.1
53c482bf56570e86946894e50193a869 10.1/RPMS/grip-3.2.0-3.1.101mdk.i586.rpm 051f5840fbc226370bdc6933bdc7de23 10.1/SRPMS/grip-3.2.0-3.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
58ca3a87c97206fe8d0567e3e4660e07 x86_64/10.1/RPMS/grip-3.2.0-3.1.101mdk.x86_64.rpm 051f5840fbc226370bdc6933bdc7de23 x86_64/10.1/SRPMS/grip-3.2.0-3.1.101mdk.src.rpm
Corporate Server 3.0
d98c1c3843113b7870da3a78bb13085b corporate/3.0/RPMS/grip-3.1.4-1.1.C30mdk.i586.rpm cc1f10dd7b4f31e1091cfce12602baa8 corporate/3.0/SRPMS/grip-3.1.4-1.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
bfc65d100286a4fed5c69a5ba2776b95 x86_64/corporate/3.0/RPMS/grip-3.1.4-1.1.C30mdk.x86_64.rpm cc1f10dd7b4f31e1091cfce12602baa8 x86_64/corporate/3.0/SRPMS/grip-3.1.4-1.1.C30mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.