Mandriva Linux Security Advisory 2010-225 - A vulnerability was discovered and corrected in libmbfl (php). The updated packages have been patched to correct these issues. The MDVSA-2010:225 advisory used the wrong patch to address the problem, however it did fix the issue. This advisory provides the correct upstream patch.
2203cef88168e2a77c3c7b7ba0c8963ffdbbd9e4cd234e5ebd370f2a7b74d1ad-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:225-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libmbfl
Date : November 10, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in libmbfl (php):
* Fix bug #53273 (mb_strcut() returns garbage with the excessive
length parameter) (CVE-2010-4156).
The updated packages have been patched to correct these issues.
Update:
The MDVSA-2010:225 advisory used the wrong patch to address the
problem, however it did fix the issue. This advisory provides the
correct upstream patch.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156
http://bugs.php.net/bug.php?id=49354
http://bugs.php.net/bug.php?id=53273
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
78dd51cd031e9ec143e4bbe8461b4bd5 2010.0/i586/libmbfl1-1.1.0-0.3mdv2010.0.i586.rpm
9d563d63a8e1718c5c8fd9cd6157aec6 2010.0/i586/libmbfl-devel-1.1.0-0.3mdv2010.0.i586.rpm
6d64c52b17d268a7361b4e2b84ba68dd 2010.0/SRPMS/libmbfl-1.1.0-0.3mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
5cc948f64a74d0be4e1c93d19f4699eb 2010.0/x86_64/lib64mbfl1-1.1.0-0.3mdv2010.0.x86_64.rpm
85bc8266cbb3594ae01d8dfe7698dc85 2010.0/x86_64/lib64mbfl-devel-1.1.0-0.3mdv2010.0.x86_64.rpm
6d64c52b17d268a7361b4e2b84ba68dd 2010.0/SRPMS/libmbfl-1.1.0-0.3mdv2010.0.src.rpm
Mandriva Linux 2010.1:
46e5a0ede89a00c1d853d83f8b3e4cd9 2010.1/i586/libmbfl1-1.1.0-0.3mdv2010.1.i586.rpm
3697bab667857726176e305ccfe67af9 2010.1/i586/libmbfl-devel-1.1.0-0.3mdv2010.1.i586.rpm
d2342d41d387636e4279f21375afad9d 2010.1/SRPMS/libmbfl-1.1.0-0.3mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
d94a733a8caa5d715037f7520a9bcf6c 2010.1/x86_64/lib64mbfl1-1.1.0-0.3mdv2010.1.x86_64.rpm
a20db60b6211f97d0c49b4f00f7c9222 2010.1/x86_64/lib64mbfl-devel-1.1.0-0.3mdv2010.1.x86_64.rpm
d2342d41d387636e4279f21375afad9d 2010.1/SRPMS/libmbfl-1.1.0-0.3mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM2mgxmqjQ0CJFipgRAmprAKCxBRbVtysXteKNnAh8JEDH0tMHbACg10yB
JZw5hP5+6Qxq3Ttwe6w4/rk=
=bK+b
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed