Mandriva 1274 Published by

Updated wxGTK2 packages are available for Mandrakelinux 10.0
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: wxGTK2
Advisory ID: MDKSA-2004:111
Date: October 21st, 2004

Affected versions: 10.0
______________________________________________________________________

Problem Description:

Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities:

Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CAN-2004-0803)

Matthias Clasen discovered a division by zero through an integer overflow. (CAN-2004-0804)

Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CAN-2004-0886)



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
89c1cb672d4c3b10f82028015bc70561 10.0/RPMS/libwxgtk2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
cfce0a6e9ee754001a23ffd3c50c11db 10.0/RPMS/libwxgtk2.5-devel-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
dd3cb6919ca0611c97c462acdb67b799 10.0/RPMS/libwxgtkgl2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
162cbe607fe645bd9cbc65d5ef7095ef 10.0/RPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.i586.rpm
757b3b2aca258ecaedef0f16a8ea85da 10.0/SRPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0a871df7bb36c375d779304c453f521c amd64/10.0/RPMS/lib64wxgtk2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
696c530bbd3fc68174a75231e68d2cee amd64/10.0/RPMS/lib64wxgtk2.5-devel-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
ae7d9e51d3a93ba6581db43b26e6b626 amd64/10.0/RPMS/lib64wxgtkgl2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
f93e1b508deaa09b4ea82a272a691371 amd64/10.0/RPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.amd64.rpm
757b3b2aca258ecaedef0f16a8ea85da amd64/10.0/SRPMS/wxGTK2.5-2.5.0-0.cvs20030817.1.3.100mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com