Advisories

Mandriva Advisories

Package name	xli
Date	April 20th, 2005
Advisory ID	MDKSA-2005:076
Affected versions	10.1, CS2.1, CS3.0, 10.2
Synopsis	Updated xli packages fix multiple vulnerabilities

Problem Description

A number of vulnerabilities have been found in the xli image viewer.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw
in the handling of compressed images where shell meta-characters are
not properly escaped (CAN-2005-0638). It was also found that
insufficient validation of image properties could potentially result
in buffer management errors (CAN-2005-0639).

The updated packages have been patched to correct these problems.

Updated Packages

Mandrakelinux 10.1

 f5ad03e5bb1c8b93fc1ebca1d7e2e111  10.1/RPMS/xli-1.17.0-8.1.101mdk.i586.rpm
757220d489a0cbafd393140ea7d5e205  10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 e798f226cabe865cd3b0a8f3f9292b6d  x86_64/10.1/RPMS/xli-1.17.0-8.1.101mdk.x86_64.rpm
757220d489a0cbafd393140ea7d5e205  x86_64/10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm

Corporate Server 2.1

 c89d695075c7117381d50301745bc82e  corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.i586.rpm
c219935cd3fb090af95d6467919faff1  corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 8b4a39d741f4eb8fde469411359cad5b  x86_64/corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.x86_64.rpm
c219935cd3fb090af95d6467919faff1  x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm

Corporate Server 3.0

 fdbf0745aeb6733d6894afa089ac7dd2  corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.i586.rpm
88043776962e4a8bed6b538ae8d28824  corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 ac33b6d6d9475104bb25c2bde9dfe0c7  x86_64/corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.x86_64.rpm
88043776962e4a8bed6b538ae8d28824  x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm

Mandriva Linux LE2005

 5e5bbac4a40ffc0f7156e671eb920ea0  10.2/RPMS/xli-1.17.0-8.1.102mdk.i586.rpm
d6ee5ee583d8415f0028b2854ed19b3b  10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 b49c19725cbc2850ead82731758fe8d8  x86_64/10.2/RPMS/xli-1.17.0-8.1.102mdk.x86_64.rpm
d6ee5ee583d8415f0028b2854ed19b3b  x86_64/10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0639

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer