[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 425/05 - Four Mandriva Linux Update Advisories:
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 425/05 dated 02.06.05 Time: 14:50
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Four Mandriva Linux Update Advisories:
1. MDKA-2005:028-1 - kdenetwork
2. MDKA-2005:030 - lsb-release
3. MDKSA-2005:093 - postgresql
4. MDKSA-2005:094 - xine-lib
Detail
======
1. The MSN protocol has changed and as a result the MSN support in kopete
no longer worked.
2. The lsb-release package wasn't returning properly formatted information
which is required to meet LSB requirements.
3. A number of vulnerabilities were found and corrected in the PostgreSQL
DBMS:
Two serious security errors have been found in PostgreSQL 7.3 and newer
releases. These errors at least allow an unprivileged database user to
crash the backend process, and may make it possible for an unprivileged
user to gain the privileges of a database superuser.
4. Two buffer overflow vulnerabilities were discovered in the MMS and
Real RTSP stream handlers in the Xine libraries. If an attacker can
trick a user to connect to a malicious MMS or RTSP video/audio stream
source with any application using this library, they could crash the
client and possibly even execute arbitrary code with the privileges of
the user running the player program.
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: kdenetwork
Advisory ID: MDKA-2005:028-1
Date: June 1st, 2005
Original Advisory Date: May 24th, 2005
Affected versions: 10.1
______________________________________________________________________
Problem Description:
The MSN protocol has changed and as a result the MSN support in kopete
no longer worked. This update fixes the issue.
Update:
Packages for Mandriva Linux 10.1 are now available.
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
8cb4965e61be5584e5af0d1e347bfd87 10.1/RPMS/kdenetwork-3.2.3-19.4.101mdk.i586.rpm
1cf79d6dc5811f8d2ca388f1eff89188 10.1/RPMS/kdenetwork-common-3.2.3-19.4.101mdk.i586.rpm
18cd61ace4dfe89a4fb2c34bf0e8f6c6 10.1/RPMS/kdenetwork-kdict-3.2.3-19.4.101mdk.i586.rpm
58050895359e5bcb6f0477df6ceeeed9 10.1/RPMS/kdenetwork-kget-3.2.3-19.4.101mdk.i586.rpm
5bd8586cbb99bf2545f935ac54df0efd 10.1/RPMS/kdenetwork-knewsticker-3.2.3-19.4.101mdk.i586.rpm
35b4f0e3ace7d6989223a0b47c74d8de 10.1/RPMS/kdenetwork-kopete-3.2.3-19.4.101mdk.i586.rpm
4f2debc6f418dd642033359f6d0c3bd0 10.1/RPMS/kdenetwork-kppp-3.2.3-19.4.101mdk.i586.rpm
858b29aceb31a669c82ebc4ce8b01b5d 10.1/RPMS/kdenetwork-kppp-provider-3.2.3-19.4.101mdk.i586.rpm
3d2b123a5a3b82d29cef697a8d40754c 10.1/RPMS/kdenetwork-krfb-3.2.3-19.4.101mdk.i586.rpm
d7a7dd5feefed7253a947573d4b33fb6 10.1/RPMS/kdenetwork-ksirc-3.2.3-19.4.101mdk.i586.rpm
19392a6b73491c1f82fcdf0bf4c96de7 10.1/RPMS/kdenetwork-ktalk-3.2.3-19.4.101mdk.i586.rpm
06021404c26bd3abd9308658714e51b1 10.1/RPMS/kdenetwork-kwifimanager-3.2.3-19.4.101mdk.i586.rpm
b37c4158f9dbdaeea72e600a620d1bd0 10.1/RPMS/libkdenetwork2-common-3.2.3-19.4.101mdk.i586.rpm
40e0f64ff974fc9dad557218f615114f 10.1/RPMS/libkdenetwork2-common-devel-3.2.3-19.4.101mdk.i586.rpm
5510c53727d88a0c5df19262b265778f 10.1/RPMS/libkdenetwork2-knewsticker-3.2.3-19.4.101mdk.i586.rpm
1d8f2c24aeda0acdfd28d1bae22581d0 10.1/RPMS/libkdenetwork2-kopete-3.2.3-19.4.101mdk.i586.rpm
4b6df1e2a85269311bd4a82cc4c081e3 10.1/RPMS/libkdenetwork2-kopete-devel-3.2.3-19.4.101mdk.i586.rpm
24f02c3b009bd7290558ce806c92689a 10.1/RPMS/libkdenetwork2-ksirc-3.2.3-19.4.101mdk.i586.rpm
376afc70ad1a51e39f6da8ad853e915b 10.1/RPMS/libkdenetwork2-kwifimanager-3.2.3-19.4.101mdk.i586.rpm
80e344927ca81be0242ee34976953a0f 10.1/RPMS/lisa-3.2.3-19.4.101mdk.i586.rpm
555d2bf517bfc57b47878f588df7ebe7 10.1/SRPMS/kdenetwork-3.2.3-19.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
22ac4c048cfe5194b3c12de6575d18f8 x86_64/10.1/RPMS/kdenetwork-3.2.3-19.4.101mdk.x86_64.rpm
96ddec74296722a2eb534e50e86cb012 x86_64/10.1/RPMS/kdenetwork-common-3.2.3-19.4.101mdk.x86_64.rpm
9c9bb9b16e7ddbfa034c8e91620b712d x86_64/10.1/RPMS/kdenetwork-kdict-3.2.3-19.4.101mdk.x86_64.rpm
5d3df6d230ee7c3e952e7d2382022bd7 x86_64/10.1/RPMS/kdenetwork-kget-3.2.3-19.4.101mdk.x86_64.rpm
da3afa31f79819cf8df23c183545606b x86_64/10.1/RPMS/kdenetwork-knewsticker-3.2.3-19.4.101mdk.x86_64.rpm
5352c99ff3a1778c896bebcb1e055f1c x86_64/10.1/RPMS/kdenetwork-kopete-3.2.3-19.4.101mdk.x86_64.rpm
59f909a1e7ca8a3bedfe26486edb3855 x86_64/10.1/RPMS/kdenetwork-kppp-3.2.3-19.4.101mdk.x86_64.rpm
a969b134c7ddc2348f8c48b43650e04f x86_64/10.1/RPMS/kdenetwork-kppp-provider-3.2.3-19.4.101mdk.x86_64.rpm
c539e602822cdaf8912a0369ef1746d6 x86_64/10.1/RPMS/kdenetwork-krfb-3.2.3-19.4.101mdk.x86_64.rpm
4124b7659665159676e3a62dabf4ed24 x86_64/10.1/RPMS/kdenetwork-ksirc-3.2.3-19.4.101mdk.x86_64.rpm
778655c74a7d8d29e75fd082c5df1b6a x86_64/10.1/RPMS/kdenetwork-ktalk-3.2.3-19.4.101mdk.x86_64.rpm
6a145a0c176880634113fbd1a98fc6ac x86_64/10.1/RPMS/kdenetwork-kwifimanager-3.2.3-19.4.101mdk.x86_64.rpm
2d045707e6320d3c03039abbaf630ddf x86_64/10.1/RPMS/lib64kdenetwork2-common-3.2.3-19.4.101mdk.x86_64.rpm
e5c3a555d57c969ae91e933ed0f302c7 x86_64/10.1/RPMS/lib64kdenetwork2-common-devel-3.2.3-19.4.101mdk.x86_64.rpm
cab9387422f5ff72e115b83d904aab8c x86_64/10.1/RPMS/lib64kdenetwork2-knewsticker-3.2.3-19.4.101mdk.x86_64.rpm
b1395a4f437f126869c60cd775f9aa51 x86_64/10.1/RPMS/lib64kdenetwork2-kopete-3.2.3-19.4.101mdk.x86_64.rpm
507b3f1b834ed0f82e97ea3e3f7fced6 x86_64/10.1/RPMS/lib64kdenetwork2-kopete-devel-3.2.3-19.4.101mdk.x86_64.rpm
41de6b23124ffe23f9748b91acbc55df x86_64/10.1/RPMS/lib64kdenetwork2-ksirc-3.2.3-19.4.101mdk.x86_64.rpm
3670b320265ff68a90ddcb0f34ffcb6d x86_64/10.1/RPMS/lib64kdenetwork2-kwifimanager-3.2.3-19.4.101mdk.x86_64.rpm
b37c4158f9dbdaeea72e600a620d1bd0 x86_64/10.1/RPMS/libkdenetwork2-common-3.2.3-19.4.101mdk.i586.rpm
5510c53727d88a0c5df19262b265778f x86_64/10.1/RPMS/libkdenetwork2-knewsticker-3.2.3-19.4.101mdk.i586.rpm
1d8f2c24aeda0acdfd28d1bae22581d0 x86_64/10.1/RPMS/libkdenetwork2-kopete-3.2.3-19.4.101mdk.i586.rpm
24f02c3b009bd7290558ce806c92689a x86_64/10.1/RPMS/libkdenetwork2-ksirc-3.2.3-19.4.101mdk.i586.rpm
376afc70ad1a51e39f6da8ad853e915b x86_64/10.1/RPMS/libkdenetwork2-kwifimanager-3.2.3-19.4.101mdk.i586.rpm
97dbd4af3b6cfb1871a596c1517dc534 x86_64/10.1/RPMS/lisa-3.2.3-19.4.101mdk.x86_64.rpm
555d2bf517bfc57b47878f588df7ebe7 x86_64/10.1/SRPMS/kdenetwork-3.2.3-19.4.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCnjBTmqjQ0CJFipgRAiexAKCOa3ljzeIyLbIgWGA/fnD2v/A5fACfRmxQ
DkZyBGd2YxNZUBrjvrGK51Y=
=NMov
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: lsb-release
Advisory ID: MDKA-2005:030
Date: June 1st, 2005
Affected versions: Corporate 3.0
______________________________________________________________________
Problem Description:
The lsb-release package wasn't returning properly formatted information
which is required to meet LSB requirements. The updated packages fix
this.
______________________________________________________________________
Updated Packages:
Corporate 3.0:
7a602843f0534bc521896309a1aca3b6 corporate/3.0/RPMS/lsb-release-2.0-1.1.C30mdk.i586.rpm
5f4b462a777ef9fb55ff28b568b767fd corporate/3.0/SRPMS/lsb-release-2.0-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
a6f2750a5945a80500ba4cefbbf9f17c x86_64/corporate/3.0/RPMS/lsb-release-2.0-1.1.C30mdk.x86_64.rpm
5f4b462a777ef9fb55ff28b568b767fd x86_64/corporate/3.0/SRPMS/lsb-release-2.0-1.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCnjE3mqjQ0CJFipgRAqy6AKCXYRZ48hxEJV+aCz/quQDMOVMaqwCgvJWW
OGrF+tZTtnEJGdtsk3rsGjo=
=VUSo
- -----END PGP SIGNATURE-----
3.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: postgresql
Advisory ID: MDKSA-2005:093
Date: May 26th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A number of vulnerabilities were found and corrected in the PostgreSQL
DBMS:
Two serious security errors have been found in PostgreSQL 7.3 and newer
releases. These errors at least allow an unprivileged database user to
crash the backend process, and may make it possible for an unprivileged
user to gain the privileges of a database superuser.
Functions that support client-to-server character set conversion can
be called from SQL commands by unprivileged users, but these functions
are not designed to be safe against malicious choices of argument values.
(CAN-2005-1409)
The contrib/tsearch2 module misdeclares several functions as returning
type "internal" when they do not have any "internal" argument. This
breaks the type safety of "internal" by allowing users to construct SQL
commands that invoke other functions accepting "internal" arguments.
(CAN-2005-1410)
These vulnerabilities must also be fixed in all existing databases
when upgrading. The post-installation script of the updated
postgresql-server package attempts to do this automatically.
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1410
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
aeedc1072185c106fcafe2797a52302b 10.0/RPMS/libecpg3-7.4.1-2.5.100mdk.i586.rpm
d81d17fb9e13e0bb887f4663624c52e0 10.0/RPMS/libecpg3-devel-7.4.1-2.5.100mdk.i586.rpm
ec386e33401e002a09ac6c54aec9eaeb 10.0/RPMS/libpgtcl2-7.4.1-2.5.100mdk.i586.rpm
bafb74ea7dc4cd80996b249e2ce0a532 10.0/RPMS/libpgtcl2-devel-7.4.1-2.5.100mdk.i586.rpm
58ce2d043358b14d9f09cc2b5e952940 10.0/RPMS/libpq3-7.4.1-2.5.100mdk.i586.rpm
3d036161d3d50e02147a4f84b4d9200c 10.0/RPMS/libpq3-devel-7.4.1-2.5.100mdk.i586.rpm
bae8fa690bc501efddfda5f182981c7e 10.0/RPMS/postgresql-7.4.1-2.5.100mdk.i586.rpm
ab74642e890a5824208be7e0cb05352f 10.0/RPMS/postgresql-contrib-7.4.1-2.5.100mdk.i586.rpm
35fd0d594e8fab8822bfb7620877f919 10.0/RPMS/postgresql-devel-7.4.1-2.5.100mdk.i586.rpm
3f9c657ce179b9546789255b65f6c977 10.0/RPMS/postgresql-docs-7.4.1-2.5.100mdk.i586.rpm
02f3a3878d2fbf0666cc8aa5979064e6 10.0/RPMS/postgresql-jdbc-7.4.1-2.5.100mdk.i586.rpm
3ebe274bcb0914335abad73e246f36bb 10.0/RPMS/postgresql-pl-7.4.1-2.5.100mdk.i586.rpm
4b6bd61c9d7b9ce663a88f0c2e0d915a 10.0/RPMS/postgresql-server-7.4.1-2.5.100mdk.i586.rpm
79a2686235e0465f7dba8999ad177ec8 10.0/RPMS/postgresql-tcl-7.4.1-2.5.100mdk.i586.rpm
e18521d0a723f63f75864195618a540a 10.0/RPMS/postgresql-test-7.4.1-2.5.100mdk.i586.rpm
378f0e512dd7f333b587453755882383 10.0/SRPMS/postgresql-7.4.1-2.5.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
a03225fe2348b3c94b69a0cf024a72b4 amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.5.100mdk.amd64.rpm
b844f646558df72e9066e0dda8293ad0 amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.5.100mdk.amd64.rpm
4abf07522176fab45e3cedfa4ea486ab amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.5.100mdk.amd64.rpm
edadf59a66119ea2053cdaf1b706bae0 amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.5.100mdk.amd64.rpm
cacc38a0324383c5b5c1a7ede85e893a amd64/10.0/RPMS/lib64pq3-7.4.1-2.5.100mdk.amd64.rpm
781bd584c08364468c468e1f20ac024b amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.5.100mdk.amd64.rpm
01cc41dd346dbd97f902669aceadcbc1 amd64/10.0/RPMS/postgresql-7.4.1-2.5.100mdk.amd64.rpm
9e31560671ab5f98e667cc0ffef509ff amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.5.100mdk.amd64.rpm
d68cd3987e1fb07c85e8677a922aea57 amd64/10.0/RPMS/postgresql-devel-7.4.1-2.5.100mdk.amd64.rpm
66454d5034e732ef7d2cc6b0b86ff67b amd64/10.0/RPMS/postgresql-docs-7.4.1-2.5.100mdk.amd64.rpm
f1d6651b86cf725df5350b0152ca6a56 amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.5.100mdk.amd64.rpm
fb10823047b3ff5b55867c60dccb75fc amd64/10.0/RPMS/postgresql-pl-7.4.1-2.5.100mdk.amd64.rpm
33617c7b030b95f0665782ff6e66abaf amd64/10.0/RPMS/postgresql-server-7.4.1-2.5.100mdk.amd64.rpm
55f7443460141b83b1af9db28b3ed613 amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.5.100mdk.amd64.rpm
db4eaf039b41a3b72f4d2e634269ceb7 amd64/10.0/RPMS/postgresql-test-7.4.1-2.5.100mdk.amd64.rpm
378f0e512dd7f333b587453755882383 amd64/10.0/SRPMS/postgresql-7.4.1-2.5.100mdk.src.rpm
Mandrakelinux 10.1:
09606474acc279cf257c232276a80f6d 10.1/RPMS/libecpg3-7.4.5-4.3.101mdk.i586.rpm
8e4a27778ba55f2b2713c4ff03147b91 10.1/RPMS/libecpg3-devel-7.4.5-4.3.101mdk.i586.rpm
a8351c0abe59c0f668e73ddea0414b90 10.1/RPMS/libpgtcl2-7.4.5-4.3.101mdk.i586.rpm
b0821e8cd84d21680b99ef1d0f59e93b 10.1/RPMS/libpgtcl2-devel-7.4.5-4.3.101mdk.i586.rpm
c248b5409ec28142da7dd2c42b82bf7e 10.1/RPMS/libpq3-7.4.5-4.3.101mdk.i586.rpm
cc865b79edf26e5959e2d2c4f3303bdf 10.1/RPMS/libpq3-devel-7.4.5-4.3.101mdk.i586.rpm
b86715d30a1760abf186492dceedcd0b 10.1/RPMS/postgresql-7.4.5-4.3.101mdk.i586.rpm
02a611cfb25fa10b342d4c4e99166fb1 10.1/RPMS/postgresql-contrib-7.4.5-4.3.101mdk.i586.rpm
bc2d9475031ca568de4c523d5a732d0a 10.1/RPMS/postgresql-devel-7.4.5-4.3.101mdk.i586.rpm
63839ede6a4b8baa70a441567c42443f 10.1/RPMS/postgresql-docs-7.4.5-4.3.101mdk.i586.rpm
fe1ef871c021672de9fc5c0deaea3368 10.1/RPMS/postgresql-jdbc-7.4.5-4.3.101mdk.i586.rpm
c9a8be14fbf5a3a76aca31b6f13d9fc4 10.1/RPMS/postgresql-pl-7.4.5-4.3.101mdk.i586.rpm
a906c3ef7edb6c69b8da32b32857e64b 10.1/RPMS/postgresql-server-7.4.5-4.3.101mdk.i586.rpm
474ad52e73e70c6a68b6ba2d61f53b3c 10.1/RPMS/postgresql-tcl-7.4.5-4.3.101mdk.i586.rpm
2ffc7c3402f23607ec0d2178bfec0926 10.1/RPMS/postgresql-test-7.4.5-4.3.101mdk.i586.rpm
8241f1ad851b1ab1e6325f972db24d43 10.1/SRPMS/postgresql-7.4.5-4.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
5a60b5d1caa1a8d24d52bd1d64b9e6d7 x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.3.101mdk.x86_64.rpm
0938c879ccdc1385796005ab2697fc38 x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.3.101mdk.x86_64.rpm
40bbe3d1f9d72cb2b4a71f2345a9bf56 x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.3.101mdk.x86_64.rpm
26ea7696e0f3416e53fc5747f4bd38d6 x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.3.101mdk.x86_64.rpm
1ff13822321bfc41c82ee7b903c10958 x86_64/10.1/RPMS/lib64pq3-7.4.5-4.3.101mdk.x86_64.rpm
c76722085f68d98e442534ed52fc7b16 x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.3.101mdk.x86_64.rpm
b07617ff5b49437f34a54ddfea917d2c x86_64/10.1/RPMS/postgresql-7.4.5-4.3.101mdk.x86_64.rpm
d576aebbff57bdfaf4ecca953f6333b4 x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.3.101mdk.x86_64.rpm
a09f7ea1b574465a9c078e20aa876451 x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.3.101mdk.x86_64.rpm
5679dc9d250bfa18ce8822633dde80fc x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.3.101mdk.x86_64.rpm
272f98ec19d1762bcd1b9f4728a331a1 x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.3.101mdk.x86_64.rpm
5cbad6ef4166de69de826fe3b3ba0efc x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.3.101mdk.x86_64.rpm
16ecc03b01dccf331e4bb7be51f44fbf x86_64/10.1/RPMS/postgresql-server-7.4.5-4.3.101mdk.x86_64.rpm
3fdcab04553bb9120ba4b7d4993224fe x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.3.101mdk.x86_64.rpm
0584d593511c3ac5fb8a268d5e7ab83a x86_64/10.1/RPMS/postgresql-test-7.4.5-4.3.101mdk.x86_64.rpm
8241f1ad851b1ab1e6325f972db24d43 x86_64/10.1/SRPMS/postgresql-7.4.5-4.3.101mdk.src.rpm
Mandrakelinux 10.2:
61c64c9b20bb80fe6757a0e4c7894b63 10.2/RPMS/libecpg3-8.0.1-6.1.102mdk.i586.rpm
4de064827bb13edf67e412a4294bd533 10.2/RPMS/libecpg3-devel-8.0.1-6.1.102mdk.i586.rpm
0f45c58fc5230b807fbbd8ca6f5f2725 10.2/RPMS/libpq3-8.0.1-6.1.102mdk.i586.rpm
19a908b24da05da597f6b86203d872e7 10.2/RPMS/libpq3-devel-8.0.1-6.1.102mdk.i586.rpm
41d5f625312105ee64dd2befe0b70d7b 10.2/RPMS/postgresql-8.0.1-6.1.102mdk.i586.rpm
9dffbcad7032dfba00d12147e909b086 10.2/RPMS/postgresql-contrib-8.0.1-6.1.102mdk.i586.rpm
fd5ce05efcb9d7ddc11db907b4025424 10.2/RPMS/postgresql-devel-8.0.1-6.1.102mdk.i586.rpm
aca7525d2ecc366460634e9d8fb3fa42 10.2/RPMS/postgresql-docs-8.0.1-6.1.102mdk.i586.rpm
3fd2312905f4f176cc09772c54db330f 10.2/RPMS/postgresql-jdbc-8.0.1-6.1.102mdk.i586.rpm
9ad8301e937e88763788a025b4dfcead 10.2/RPMS/postgresql-pl-8.0.1-6.1.102mdk.i586.rpm
798f14f65e655b5bbb5b931a2a89faef 10.2/RPMS/postgresql-plperl-8.0.1-6.1.102mdk.i586.rpm
2b16d3bb6c09c87b07be760b5235f209 10.2/RPMS/postgresql-plpgsql-8.0.1-6.1.102mdk.i586.rpm
08fbc6c56c8f1c98b32a75c91615651d 10.2/RPMS/postgresql-plpython-8.0.1-6.1.102mdk.i586.rpm
5efe64db2293f1a2f2c000b16862a462 10.2/RPMS/postgresql-pltcl-8.0.1-6.1.102mdk.i586.rpm
392d86d0de31b2ac369db079d18e91d2 10.2/RPMS/postgresql-server-8.0.1-6.1.102mdk.i586.rpm
983ffbe5df3072aa1600192e0ad957fa 10.2/RPMS/postgresql-test-8.0.1-6.1.102mdk.i586.rpm
e0448322820d9d84bcb5b9634dd71f7a 10.2/SRPMS/postgresql-8.0.1-6.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
bb236f6a074b84ec758ab6e46d3265ef x86_64/10.2/RPMS/lib64ecpg3-8.0.1-6.1.102mdk.x86_64.rpm
90625e7c22b561141a1047b1d7c43529 x86_64/10.2/RPMS/lib64ecpg3-devel-8.0.1-6.1.102mdk.x86_64.rpm
12e0df06b9dbaeb2a937434f1b199b6a x86_64/10.2/RPMS/lib64pq3-8.0.1-6.1.102mdk.x86_64.rpm
51481227bf7a9e408179af112166813b x86_64/10.2/RPMS/lib64pq3-devel-8.0.1-6.1.102mdk.x86_64.rpm
eb8ff843ef146fc9695e71019c4c21e5 x86_64/10.2/RPMS/postgresql-8.0.1-6.1.102mdk.x86_64.rpm
eb81533aa4ceb19b2ad7f2625dccf711 x86_64/10.2/RPMS/postgresql-contrib-8.0.1-6.1.102mdk.x86_64.rpm
a3253f9558f17d3f774619fc64e6ab24 x86_64/10.2/RPMS/postgresql-devel-8.0.1-6.1.102mdk.x86_64.rpm
7199380968ebbac84c607d6be752bf7a x86_64/10.2/RPMS/postgresql-docs-8.0.1-6.1.102mdk.x86_64.rpm
2c20a3d479e0209932937566a17082a0 x86_64/10.2/RPMS/postgresql-jdbc-8.0.1-6.1.102mdk.x86_64.rpm
067014855679381323083143793d3e2b x86_64/10.2/RPMS/postgresql-pl-8.0.1-6.1.102mdk.x86_64.rpm
da9b74b4d0d1e9c838256fe37fa8de6b x86_64/10.2/RPMS/postgresql-plperl-8.0.1-6.1.102mdk.x86_64.rpm
06083864d339c8c01d3e7c025872b5bb x86_64/10.2/RPMS/postgresql-plpgsql-8.0.1-6.1.102mdk.x86_64.rpm
8104f8e470d2d5a727a23f0c14e17b23 x86_64/10.2/RPMS/postgresql-plpython-8.0.1-6.1.102mdk.x86_64.rpm
cc5ad304dfe9afdf37db8e52977c9c2a x86_64/10.2/RPMS/postgresql-pltcl-8.0.1-6.1.102mdk.x86_64.rpm
071540a64c49a0f683b7b01702ab8e2c x86_64/10.2/RPMS/postgresql-server-8.0.1-6.1.102mdk.x86_64.rpm
0284882f4a617159335d61d5ad5d9305 x86_64/10.2/RPMS/postgresql-test-8.0.1-6.1.102mdk.x86_64.rpm
e0448322820d9d84bcb5b9634dd71f7a x86_64/10.2/SRPMS/postgresql-8.0.1-6.1.102mdk.src.rpm
Corporate 3.0:
1084cc1f3a3da18bd773e6a54de4038f corporate/3.0/RPMS/libecpg3-7.4.1-2.5.C30mdk.i586.rpm
9baf7e49e166581c3c0e0b17c42b2c61 corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.5.C30mdk.i586.rpm
3653201f8d29ad836e1ee8a3f6171575 corporate/3.0/RPMS/libpgtcl2-7.4.1-2.5.C30mdk.i586.rpm
17dcd61c96b56c741114fab9ca780c3e corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.5.C30mdk.i586.rpm
2eb7ad8e0f230b038cb9046a80ddc299 corporate/3.0/RPMS/libpq3-7.4.1-2.5.C30mdk.i586.rpm
320aa6315ae8bacc4379b1404346ae44 corporate/3.0/RPMS/libpq3-devel-7.4.1-2.5.C30mdk.i586.rpm
5784c53a7932abda8d8343adcf08d350 corporate/3.0/RPMS/postgresql-7.4.1-2.5.C30mdk.i586.rpm
8a8c0a27c10485d7905946f9d87450aa corporate/3.0/RPMS/postgresql-devel-7.4.1-2.5.C30mdk.i586.rpm
6c5c1595e1e44818c46d2d3591b0b3bc corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.5.C30mdk.i586.rpm
59a9a365b643025a1165af9d392f5bbf corporate/3.0/RPMS/postgresql-server-7.4.1-2.5.C30mdk.i586.rpm
42f850d67cb9eabd30c72639d199d15c corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.5.C30mdk.i586.rpm
2c1a549736575e2ea17e8bc677a60d6b corporate/3.0/RPMS/postgresql-test-7.4.1-2.5.C30mdk.i586.rpm
1a5d1e1335c762cffdae8ef99f9ee8b0 corporate/3.0/SRPMS/postgresql-7.4.1-2.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
61cf52dae208a64c9d9a86f7f84e4715 x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.5.C30mdk.x86_64.rpm
4650e70174d13b7532bd2e3ce34bc7d2 x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.5.C30mdk.x86_64.rpm
75f69e6e12e87aea7f26d70fc98bd41a x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.5.C30mdk.x86_64.rpm
46a0b82d33e6c3039edc97df1e7c101d x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.5.C30mdk.x86_64.rpm
0e3f53f79b8c8a2ac40fd8a74c3e22ed x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.5.C30mdk.x86_64.rpm
8eb7832db36961e35882f7a6968285eb x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.5.C30mdk.x86_64.rpm
d2333ac12f0da54186d9d7cbad4cf0a8 x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.5.C30mdk.x86_64.rpm
86d61ab130fe5fc1a2eb4ac8a34e458d x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.5.C30mdk.x86_64.rpm
b3f04130766368997f072ad35d96fb05 x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.5.C30mdk.x86_64.rpm
18cf866bcff3fb0de49c96beb564023e x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.5.C30mdk.x86_64.rpm
5393b957bc89d366e87bd16c68dd828c x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.5.C30mdk.x86_64.rpm
31809ff793c8e22bfd8323e16b85580f x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.5.C30mdk.x86_64.rpm
1a5d1e1335c762cffdae8ef99f9ee8b0 x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.5.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCnjZTmqjQ0CJFipgRAnf4AKCT8aSpLcH/C6IJa6zZZs1LPs9SlwCfe0IP
tqGfwjWDWN7be9wNSOhgvx4=
=OoL4
- -----END PGP SIGNATURE-----
4.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: xine-lib
Advisory ID: MDKSA-2005:094
Date: May 26th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Two buffer overflow vulnerabilities were discovered in the MMS and
Real RTSP stream handlers in the Xine libraries. If an attacker can
trick a user to connect to a malicious MMS or RTSP video/audio stream
source with any application using this library, they could crash the
client and possibly even execute arbitrary code with the privileges of
the user running the player program.
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1195
http://xinehq.de/index.php/security/XSA-2004-8
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
550971e0c9533747e55b9c0615113318 10.1/RPMS/libxine1-1-0.rc5.9.2.101mdk.i586.rpm
94b15aaa55c4e1d0f64eaca7b92ea796 10.1/RPMS/libxine1-devel-1-0.rc5.9.2.101mdk.i586.rpm
de1841e813240ced01c32d442a34b438 10.1/RPMS/xine-aa-1-0.rc5.9.2.101mdk.i586.rpm
11e3fb3498c3e48b59ecf8b9c5b91763 10.1/RPMS/xine-arts-1-0.rc5.9.2.101mdk.i586.rpm
511cc370bfb927bfd2a779b46f45eff1 10.1/RPMS/xine-dxr3-1-0.rc5.9.2.101mdk.i586.rpm
399dbca3192848a831b016d485ec3712 10.1/RPMS/xine-esd-1-0.rc5.9.2.101mdk.i586.rpm
5144e03cc71cae5a3000d2a16479656b 10.1/RPMS/xine-flac-1-0.rc5.9.2.101mdk.i586.rpm
87b7393df91d513a4f26983709f055bc 10.1/RPMS/xine-gnomevfs-1-0.rc5.9.2.101mdk.i586.rpm
b8c494c6287c4386885c39f1d313cbb2 10.1/RPMS/xine-plugins-1-0.rc5.9.2.101mdk.i586.rpm
a42d3f1faaf62a6305560085bd4f28ff 10.1/SRPMS/xine-lib-1-0.rc5.9.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
582cb1e8064eddeccc161c52cab94c81 x86_64/10.1/RPMS/lib64xine1-1-0.rc5.9.2.101mdk.x86_64.rpm
cd0e88ba513858e3f42d744628489da3 x86_64/10.1/RPMS/lib64xine1-devel-1-0.rc5.9.2.101mdk.x86_64.rpm
835f21902bb1178c4759a0a606331561 x86_64/10.1/RPMS/xine-aa-1-0.rc5.9.2.101mdk.x86_64.rpm
e0d6de701af47189b3f77e36b02ed039 x86_64/10.1/RPMS/xine-arts-1-0.rc5.9.2.101mdk.x86_64.rpm
52aa63a93484875ba4742ac5f79eefd8 x86_64/10.1/RPMS/xine-dxr3-1-0.rc5.9.2.101mdk.x86_64.rpm
98d6c89b038fe484578485d04bc00e31 x86_64/10.1/RPMS/xine-esd-1-0.rc5.9.2.101mdk.x86_64.rpm
4d732b3c0b110493b2525a7c8e5c3248 x86_64/10.1/RPMS/xine-flac-1-0.rc5.9.2.101mdk.x86_64.rpm
7701b26552a780e7d6ebecfcd3fea3f5 x86_64/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.2.101mdk.x86_64.rpm
ca981d9b388e4c8cf94510a8efb87acd x86_64/10.1/RPMS/xine-plugins-1-0.rc5.9.2.101mdk.x86_64.rpm
a42d3f1faaf62a6305560085bd4f28ff x86_64/10.1/SRPMS/xine-lib-1-0.rc5.9.2.101mdk.src.rpm
Mandrakelinux 10.2:
430c8823bb13725c84054f53c225db85 10.2/RPMS/libxine1-1.0-8.1.102mdk.i586.rpm
b1381fe50275119d25a28dac339f7272 10.2/RPMS/libxine1-devel-1.0-8.1.102mdk.i586.rpm
5b58c4c78584519bf0b19fc9661aada7 10.2/RPMS/xine-aa-1.0-8.1.102mdk.i586.rpm
de7f073c74dfd0fb3d628d3964631e4e 10.2/RPMS/xine-arts-1.0-8.1.102mdk.i586.rpm
ff972b033b522c32e25193428677a2d2 10.2/RPMS/xine-dxr3-1.0-8.1.102mdk.i586.rpm
17d12fb16e3f58beb0c69ade3034712d 10.2/RPMS/xine-esd-1.0-8.1.102mdk.i586.rpm
0aaae60a3bc0037e3268f8b78cd2bb5e 10.2/RPMS/xine-flac-1.0-8.1.102mdk.i586.rpm
90b8ad60771a03730e228ee44ae24578 10.2/RPMS/xine-gnomevfs-1.0-8.1.102mdk.i586.rpm
740d9b80e2b79ded5700d9cdaec347a4 10.2/RPMS/xine-plugins-1.0-8.1.102mdk.i586.rpm
18023362e073c89066f60cbd81426b09 10.2/RPMS/xine-polyp-1.0-8.1.102mdk.i586.rpm
61ffb443bb979976ec77b82ffd4fe842 10.2/RPMS/xine-smb-1.0-8.1.102mdk.i586.rpm
a5eea7f704a81f23517ae7a719bc0fe6 10.2/SRPMS/xine-lib-1.0-8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
3a53fc0bb164f341f9c48f10439bb914 x86_64/10.2/RPMS/lib64xine1-1.0-8.1.102mdk.x86_64.rpm
f644048646b981c918231edba554c425 x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.1.102mdk.x86_64.rpm
9c015a898a61d8e62d667b595708c4c5 x86_64/10.2/RPMS/xine-aa-1.0-8.1.102mdk.x86_64.rpm
327101ebfd1c13965040cb137a5adca5 x86_64/10.2/RPMS/xine-arts-1.0-8.1.102mdk.x86_64.rpm
2256180be6b611f77b31b157db13dc0a x86_64/10.2/RPMS/xine-dxr3-1.0-8.1.102mdk.x86_64.rpm
9b51c2821a74b4033c5ef5e01459054d x86_64/10.2/RPMS/xine-esd-1.0-8.1.102mdk.x86_64.rpm
96be9cbb1ca7cab59be7cd6423a1d983 x86_64/10.2/RPMS/xine-flac-1.0-8.1.102mdk.x86_64.rpm
a9fb22f91a888a3f11a1ae0072d27b39 x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.1.102mdk.x86_64.rpm
14211f1b9e951174b2b5e7f9fdac4cc8 x86_64/10.2/RPMS/xine-plugins-1.0-8.1.102mdk.x86_64.rpm
ca4006966fca3ce833c726cbe8507644 x86_64/10.2/RPMS/xine-polyp-1.0-8.1.102mdk.x86_64.rpm
69b8fea875be5d2c85e0dd20659c533c x86_64/10.2/RPMS/xine-smb-1.0-8.1.102mdk.x86_64.rpm
a5eea7f704a81f23517ae7a719bc0fe6 x86_64/10.2/SRPMS/xine-lib-1.0-8.1.102mdk.src.rpm
Corporate 3.0:
69f5d7c07314875c6a01418d5c2b69db corporate/3.0/RPMS/libxine1-1-0.rc3.6.4.C30mdk.i586.rpm
bca6392f86326b3fc1eabc56d937313b corporate/3.0/RPMS/xine-arts-1-0.rc3.6.4.C30mdk.i586.rpm
2915ce6db2655d7e352bd01568b211c7 corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.4.C30mdk.i586.rpm
7074a85157522b6dcb445cd2c8ce2776 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
e5d09fd1ddfb8402f2421b0e0c497d7b x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.4.C30mdk.x86_64.rpm
96533a024652ac48d8889a112dd44d21 x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.4.C30mdk.x86_64.rpm
2b0e14bf23b4d796db5e891fd4deeb0c x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.4.C30mdk.x86_64.rpm
7074a85157522b6dcb445cd2c8ce2776 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.4.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCnjg3mqjQ0CJFipgRAhfeAJ9E5nnKdmvhGAN11fLprknyCVl22wCeN7xC
B8E4i95XoPO2GVFSFAFP+bw=
=ua7N
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQCVAwUBQp8N5Ipao72zK539AQEMkgP/VOK+ZoygJzhMXNtyLWxeKns0eHTslUQh
xA5xY9/2uuR+dj3IsmlMopXMsQVh25YL+PNurOd5YFHCipKsJN7LdZKl6L33tbbg
3Xlj2WjJP9N+bHR2vsbZzOGPo65talYWA+ddQTGu0aLV8PJllZUA9MOvOIBEtuji
FpkiOozI/20=
=kX8Z
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________