Updated xli packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: xli
Advisory ID: MDKSA-2005:076
Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CAN-2005-0638). It was also found that insufficient validation of image properties could potentially result in buffer management errors (CAN-2005-0639).
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0639
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
f5ad03e5bb1c8b93fc1ebca1d7e2e111 10.1/RPMS/xli-1.17.0-8.1.101mdk.i586.rpm
757220d489a0cbafd393140ea7d5e205 10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
e798f226cabe865cd3b0a8f3f9292b6d x86_64/10.1/RPMS/xli-1.17.0-8.1.101mdk.x86_64.rpm
757220d489a0cbafd393140ea7d5e205 x86_64/10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm
Mandrakelinux 10.2:
5e5bbac4a40ffc0f7156e671eb920ea0 10.2/RPMS/xli-1.17.0-8.1.102mdk.i586.rpm
d6ee5ee583d8415f0028b2854ed19b3b 10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
b49c19725cbc2850ead82731758fe8d8 x86_64/10.2/RPMS/xli-1.17.0-8.1.102mdk.x86_64.rpm
d6ee5ee583d8415f0028b2854ed19b3b x86_64/10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm
Corporate Server 2.1:
c89d695075c7117381d50301745bc82e corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.i586.rpm
c219935cd3fb090af95d6467919faff1 corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
8b4a39d741f4eb8fde469411359cad5b x86_64/corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.x86_64.rpm
c219935cd3fb090af95d6467919faff1 x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm
Corporate 3.0:
fdbf0745aeb6733d6894afa089ac7dd2 corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.i586.rpm
88043776962e4a8bed6b538ae8d28824 corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
ac33b6d6d9475104bb25c2bde9dfe0c7 x86_64/corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.x86_64.rpm
88043776962e4a8bed6b538ae8d28824 x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: xli
Advisory ID: MDKSA-2005:076
Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CAN-2005-0638). It was also found that insufficient validation of image properties could potentially result in buffer management errors (CAN-2005-0639).
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0639
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
f5ad03e5bb1c8b93fc1ebca1d7e2e111 10.1/RPMS/xli-1.17.0-8.1.101mdk.i586.rpm
757220d489a0cbafd393140ea7d5e205 10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
e798f226cabe865cd3b0a8f3f9292b6d x86_64/10.1/RPMS/xli-1.17.0-8.1.101mdk.x86_64.rpm
757220d489a0cbafd393140ea7d5e205 x86_64/10.1/SRPMS/xli-1.17.0-8.1.101mdk.src.rpm
Mandrakelinux 10.2:
5e5bbac4a40ffc0f7156e671eb920ea0 10.2/RPMS/xli-1.17.0-8.1.102mdk.i586.rpm
d6ee5ee583d8415f0028b2854ed19b3b 10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
b49c19725cbc2850ead82731758fe8d8 x86_64/10.2/RPMS/xli-1.17.0-8.1.102mdk.x86_64.rpm
d6ee5ee583d8415f0028b2854ed19b3b x86_64/10.2/SRPMS/xli-1.17.0-8.1.102mdk.src.rpm
Corporate Server 2.1:
c89d695075c7117381d50301745bc82e corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.i586.rpm
c219935cd3fb090af95d6467919faff1 corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
8b4a39d741f4eb8fde469411359cad5b x86_64/corporate/2.1/RPMS/xli-1.17.0-4.1.C21mdk.x86_64.rpm
c219935cd3fb090af95d6467919faff1 x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.1.C21mdk.src.rpm
Corporate 3.0:
fdbf0745aeb6733d6894afa089ac7dd2 corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.i586.rpm
88043776962e4a8bed6b538ae8d28824 corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
ac33b6d6d9475104bb25c2bde9dfe0c7 x86_64/corporate/3.0/RPMS/xli-1.17.0-8.2.C30mdk.x86_64.rpm
88043776962e4a8bed6b538ae8d28824 x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com