Advisories

Mandriva Advisories

Package name	libgsf
Date	November 30th, 2006
Advisory ID	MDKSA-2006:220
Affected versions	CS3.0, 2007.0
Synopsis	Updated libgsf packages fix heap buffer overflow vulnerability

Problem Description

"infamous41md" discovered a heap buffer overflow vulnerability in
libgsf, a GNOME library for reading and writing structured file
formats, which could lead to the execution of arbitrary code.

The updated packages have been patched to correct this problem.

Updated Packages

Corporate Server 3.0

 c059f972836144253da330f8db5387a3  corporate/3.0/i586/libgsf-1_1-1.8.2-1.1.C30mdk.i586.rpm
 9f9fd3e74c9ec2ee6a79937d4740321c  corporate/3.0/i586/libgsf-1_1-devel-1.8.2-1.1.C30mdk.i586.rpm 
 36f8c30001d414877e819c439143a696  corporate/3.0/SRPMS/libgsf-1.8.2-1.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 1a2bef3524a009d553419b159d80f781  corporate/3.0/x86_64/lib64gsf-1_1-1.8.2-1.1.C30mdk.x86_64.rpm
 f2e48664350fd62e2b12dc77abe11a46  corporate/3.0/x86_64/lib64gsf-1_1-devel-1.8.2-1.1.C30mdk.x86_64.rpm 
 36f8c30001d414877e819c439143a696  corporate/3.0/SRPMS/libgsf-1.8.2-1.1.C30mdk.src.rpm

Mandriva Linux 2007

 e2a8d38173f4d4eaf630779b212b9ecf  2007.0/i586/libgsf-1_114-1.14.1-2.1mdv2007.0.i586.rpm
 0874198afe21dd57b297614d0451416c  2007.0/i586/libgsf-1_114-devel-1.14.1-2.1mdv2007.0.i586.rpm
 5d46cfd87b088be65ac564b4208d3780  2007.0/i586/libgsf-1.14.1-2.1mdv2007.0.i586.rpm 
 029b6965cd0d3c6ea198e9ac601fb972  2007.0/SRPMS/libgsf-1.14.1-2.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 003d7db8087dc2e8b1773011e6d4847a  2007.0/x86_64/lib64gsf-1_114-1.14.1-2.1mdv2007.0.x86_64.rpm
 583a7f1fdd9b0c92b2ff6d64b18b08b4  2007.0/x86_64/lib64gsf-1_114-devel-1.14.1-2.1mdv2007.0.x86_64.rpm
 1e676f26116db9f4a392d2719db228d5  2007.0/x86_64/libgsf-1.14.1-2.1mdv2007.0.x86_64.rpm 
 029b6965cd0d3c6ea198e9ac601fb972  2007.0/SRPMS/libgsf-1.14.1-2.1mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4514
http://www.debian.org/security/2006/dsa-1221

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer