-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:227 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdegraphics Date : December 11, 2006 Affected: 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6297 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 6e89f3874a96540fa1d4031dcc37a17b 2007.0/i586/kdegraphics-3.5.4-7.1mdv2007.0.i586.rpm fd7cf5ecd552b43c4b05be3e275fbe9e 2007.0/i586/kdegraphics-common-3.5.4-7.1mdv2007.0.i586.rpm 1fdacd36d0c735b99de188b35262739a 2007.0/i586/kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0.i586.rpm 3810fcfd704c735fdb599d03ccbcf051 2007.0/i586/kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0.i586.rpm 27d179e50c2a4181685df61b9d4831df 2007.0/i586/kdegraphics-kdvi-3.5.4-7.1mdv2007.0.i586.rpm 6ccd33d46c803152086e86efcb891421 2007.0/i586/kdegraphics-kfax-3.5.4-7.1mdv2007.0.i586.rpm 245d01f1f3202d7c15a076d2e0791abd 2007.0/i586/kdegraphics-kghostview-3.5.4-7.1mdv2007.0.i586.rpm 769d98df9e182b949a05120e94d4fbe1 2007.0/i586/kdegraphics-kiconedit-3.5.4-7.1mdv2007.0.i586.rpm cd41454a7f01fc9ade690a6382267927 2007.0/i586/kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0.i586.rpm de89292ad4c14021c5ee348c21fac260 2007.0/i586/kdegraphics-kooka-3.5.4-7.1mdv2007.0.i586.rpm 9c3ff4d37861a31d585483fd6fa7ab26 2007.0/i586/kdegraphics-kpdf-3.5.4-7.1mdv2007.0.i586.rpm e7fb905b1acf999f25b1000f8cd3d6d6 2007.0/i586/kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0.i586.rpm fd4a51c696a549ca050104e279c65ca2 2007.0/i586/kdegraphics-kruler-3.5.4-7.1mdv2007.0.i586.rpm b3db1362303e456fcc34aee34e422614 2007.0/i586/kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0.i586.rpm 4d9acb96ddd3f13f3ad5dea86601c595 2007.0/i586/kdegraphics-ksvg-3.5.4-7.1mdv2007.0.i586.rpm aad7047bd2c78070bd98a141144aa19b 2007.0/i586/kdegraphics-kuickshow-3.5.4-7.1mdv2007.0.i586.rpm a5183761af7d80c95901b08bc2254513 2007.0/i586/kdegraphics-kview-3.5.4-7.1mdv2007.0.i586.rpm d71c990067396203ebe90b15a890aaa0 2007.0/i586/kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0.i586.rpm ac22d45901705b7bea1c55c2dfafaf8d 2007.0/i586/libkdegraphics0-common-3.5.4-7.1mdv2007.0.i586.rpm 60e221b46f5af9d4d11de18e7470a777 2007.0/i586/libkdegraphics0-common-devel-3.5.4-7.1mdv2007.0.i586.rpm 0a42a68e4f7085e7b52b455d02d3e5fc 2007.0/i586/libkdegraphics0-kghostview-3.5.4-7.1mdv2007.0.i586.rpm c66f95121d95719b8929ea8383373a1a 2007.0/i586/libkdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0.i586.rpm af3eb8e08afb4e93713f69be96e3a429 2007.0/i586/libkdegraphics0-kooka-3.5.4-7.1mdv2007.0.i586.rpm d9142070b0b91c15749e8fd9252c3db0 2007.0/i586/libkdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0.i586.rpm aebc94e07a8a77c3a99ad3a22bef8246 2007.0/i586/libkdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0.i586.rpm 7619c56e202bca1e34b28867dc0ad0e8 2007.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0.i586.rpm b0395010aa1c01d1001c9543d5f17911 2007.0/i586/libkdegraphics0-ksvg-3.5.4-7.1mdv2007.0.i586.rpm 8ce4847dd75c97724a979299947948bf 2007.0/i586/libkdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0.i586.rpm bbff80ead5c4dca8723c4c6369303d54 2007.0/i586/libkdegraphics0-kview-3.5.4-7.1mdv2007.0.i586.rpm 6be2fed4e62ac8a1539eea25fb208edc 2007.0/i586/libkdegraphics0-kview-devel-3.5.4-7.1mdv2007.0.i586.rpm c35cf358df91e4d224a684d63b69c4f3 2007.0/SRPMS/kdegraphics-3.5.4-7.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: e79cfa9037fd4c26a5b79217a3d79497 2007.0/x86_64/kdegraphics-3.5.4-7.1mdv2007.0.x86_64.rpm 87b00c4fd7fbbac63ed82077caacd2cb 2007.0/x86_64/kdegraphics-common-3.5.4-7.1mdv2007.0.x86_64.rpm 6436ecb6465173e4c06f5f1c296ccbe9 2007.0/x86_64/kdegraphics-kcolorchooser-3.5.4-7.1mdv2007.0.x86_64.rpm a01eb9cc427030f253a40a53e9d84d2c 2007.0/x86_64/kdegraphics-kcoloredit-3.5.4-7.1mdv2007.0.x86_64.rpm ec5ddf068cdbb6616ea05c714958e1ea 2007.0/x86_64/kdegraphics-kdvi-3.5.4-7.1mdv2007.0.x86_64.rpm f1b9e09ad9e0cb6a9307dcf9241994b8 2007.0/x86_64/kdegraphics-kfax-3.5.4-7.1mdv2007.0.x86_64.rpm 74ea3d6f6650a01c5cb424b2926b16cb 2007.0/x86_64/kdegraphics-kghostview-3.5.4-7.1mdv2007.0.x86_64.rpm 415180a978a851df625224cdd7c13f77 2007.0/x86_64/kdegraphics-kiconedit-3.5.4-7.1mdv2007.0.x86_64.rpm 88c511450eaaeba69bdf510e277fc4e7 2007.0/x86_64/kdegraphics-kolourpaint-3.5.4-7.1mdv2007.0.x86_64.rpm 230e339f6b524c7c8f93a7a86a3fe30e 2007.0/x86_64/kdegraphics-kooka-3.5.4-7.1mdv2007.0.x86_64.rpm 7e765122e5473f9750a13c2a89f70df1 2007.0/x86_64/kdegraphics-kpdf-3.5.4-7.1mdv2007.0.x86_64.rpm eb721c17dc6f8dffbf8c3e8ab6dfae0a 2007.0/x86_64/kdegraphics-kpovmodeler-3.5.4-7.1mdv2007.0.x86_64.rpm 236129966f43709d4ae891f4c912d62c 2007.0/x86_64/kdegraphics-kruler-3.5.4-7.1mdv2007.0.x86_64.rpm f2826041cde62e9a4f64d08d97dfee10 2007.0/x86_64/kdegraphics-ksnapshot-3.5.4-7.1mdv2007.0.x86_64.rpm 4a7ec071aa6fbdf97d5909657580edf1 2007.0/x86_64/kdegraphics-ksvg-3.5.4-7.1mdv2007.0.x86_64.rpm b578717af98f91c6cf025273a409ac8d 2007.0/x86_64/kdegraphics-kuickshow-3.5.4-7.1mdv2007.0.x86_64.rpm 7b62ddadb8cd518d5e8e60b7b5e14ce2 2007.0/x86_64/kdegraphics-kview-3.5.4-7.1mdv2007.0.x86_64.rpm 0b22ef36963b31051dd29d6659a9c7b9 2007.0/x86_64/kdegraphics-mrmlsearch-3.5.4-7.1mdv2007.0.x86_64.rpm d2b5df8246590f1af9958094ccf160d7 2007.0/x86_64/lib64kdegraphics0-common-3.5.4-7.1mdv2007.0.x86_64.rpm f940f76bd3f6d8a2ed4623f1f4320119 2007.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-7.1mdv2007.0.x86_64.rpm b5ee5fd8c6e32a366874f9751f41d87b 2007.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-7.1mdv2007.0.x86_64.rpm 9271721cc1fb1a62f54e46a4d0ff359c 2007.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-7.1mdv2007.0.x86_64.rpm 679c511a383bcf6f49000b298a1bc284 2007.0/x86_64/lib64kdegraphics0-kooka-3.5.4-7.1mdv2007.0.x86_64.rpm 75ca0c4062caabc331d67ea677c616ee 2007.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-7.1mdv2007.0.x86_64.rpm 24e3dafdb8cf72305f3fc6232722d557 2007.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-7.1mdv2007.0.x86_64.rpm 5122b14c05d93aa5ae1b8184a6ec5680 2007.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-7.1mdv2007.0.x86_64.rpm 9af5412789b2686795cb70227101c576 2007.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-7.1mdv2007.0.x86_64.rpm fa830aeb8ef9cee113fc411a8420b461 2007.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-7.1mdv2007.0.x86_64.rpm 0255428daec795631f0cbe2e7288262d 2007.0/x86_64/lib64kdegraphics0-kview-3.5.4-7.1mdv2007.0.x86_64.rpm 5b35c10c58b1434cd1a8bc0e252580a0 2007.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-7.1mdv2007.0.x86_64.rpm c35cf358df91e4d224a684d63b69c4f3 2007.0/SRPMS/kdegraphics-3.5.4-7.1mdv2007.0.src.rpm Corporate 3.0: 2fc94fe9cb1603d382452210242e7d77 corporate/3.0/i586/kdegraphics-3.2-15.13.C30mdk.i586.rpm 25f3a02decd96f02979b6e9d5dfb5b21 corporate/3.0/i586/kdegraphics-common-3.2-15.13.C30mdk.i586.rpm ffca8e258ced134c3d5b209bd361d390 corporate/3.0/i586/kdegraphics-kdvi-3.2-15.13.C30mdk.i586.rpm 35e9d39b5bb214090f24137092d997c3 corporate/3.0/i586/kdegraphics-kfax-3.2-15.13.C30mdk.i586.rpm 29b648144b6811a07f4c76837be95f32 corporate/3.0/i586/kdegraphics-kghostview-3.2-15.13.C30mdk.i586.rpm 130e18e47bffccd5abdd44b08d0eb3f4 corporate/3.0/i586/kdegraphics-kiconedit-3.2-15.13.C30mdk.i586.rpm 090e96550a552c714e05d807a9af3b55 corporate/3.0/i586/kdegraphics-kooka-3.2-15.13.C30mdk.i586.rpm 6f49e3dad0a816fbbe53e72bdfaccc94 corporate/3.0/i586/kdegraphics-kpaint-3.2-15.13.C30mdk.i586.rpm ebf5f34644cb198cb2f2f20d1fb09308 corporate/3.0/i586/kdegraphics-kpdf-3.2-15.13.C30mdk.i586.rpm 88347612742492086ae2a06294a42d0a corporate/3.0/i586/kdegraphics-kpovmodeler-3.2-15.13.C30mdk.i586.rpm 80de2293b4e7c0a9ae849b175b391198 corporate/3.0/i586/kdegraphics-kruler-3.2-15.13.C30mdk.i586.rpm 3641f635fd16be1c464f89efadca7b09 corporate/3.0/i586/kdegraphics-ksnapshot-3.2-15.13.C30mdk.i586.rpm 634a386d2ac542dcbc2da7fb06726733 corporate/3.0/i586/kdegraphics-ksvg-3.2-15.13.C30mdk.i586.rpm 31179f3561568e582e3fef1ec551cdcb corporate/3.0/i586/kdegraphics-kuickshow-3.2-15.13.C30mdk.i586.rpm ebf206a03879f0cf7dacf606f870da16 corporate/3.0/i586/kdegraphics-kview-3.2-15.13.C30mdk.i586.rpm 15fb87595432138f486bd78b2da41a49 corporate/3.0/i586/kdegraphics-mrmlsearch-3.2-15.13.C30mdk.i586.rpm 34e6718386e6e6e57e80fb1096f843f8 corporate/3.0/i586/libkdegraphics0-common-3.2-15.13.C30mdk.i586.rpm c3a1a3e06996647838452c428bb557f2 corporate/3.0/i586/libkdegraphics0-common-devel-3.2-15.13.C30mdk.i586.rpm dbc772da3012bf55d2f1939f66ae5af6 corporate/3.0/i586/libkdegraphics0-kooka-3.2-15.13.C30mdk.i586.rpm 829beca412e89f2afef07504cfc32a3d corporate/3.0/i586/libkdegraphics0-kooka-devel-3.2-15.13.C30mdk.i586.rpm c616454fded8ae32ed7c30b713763b7d corporate/3.0/i586/libkdegraphics0-kpovmodeler-3.2-15.13.C30mdk.i586.rpm 4fc6d8b358f75c67e67f454c479a3db7 corporate/3.0/i586/libkdegraphics0-kpovmodeler-devel-3.2-15.13.C30mdk.i586.rpm 418b0e06965439536f57c3aa65461a33 corporate/3.0/i586/libkdegraphics0-ksvg-3.2-15.13.C30mdk.i586.rpm 8254f0ed01d54eec133b863f860d2fb3 corporate/3.0/i586/libkdegraphics0-ksvg-devel-3.2-15.13.C30mdk.i586.rpm f1f70eb5c715d9b430474dab0047ca84 corporate/3.0/i586/libkdegraphics0-kuickshow-3.2-15.13.C30mdk.i586.rpm a40e3ba70707158be862d3eeb7ebc1ad corporate/3.0/i586/libkdegraphics0-kview-3.2-15.13.C30mdk.i586.rpm 34b573701e057adf47be21c8c26a77bf corporate/3.0/i586/libkdegraphics0-kview-devel-3.2-15.13.C30mdk.i586.rpm 82af2d9ecd3c94bb2bb9bb384e363175 corporate/3.0/i586/libkdegraphics0-mrmlsearch-3.2-15.13.C30mdk.i586.rpm 118616d1fbbc2a288b0c845b530ab5ba corporate/3.0/SRPMS/kdegraphics-3.2-15.13.C30mdk.src.rpm Corporate 3.0/X86_64: e56f8e1452788a6682c63bf12d89c4dc corporate/3.0/x86_64/kdegraphics-3.2-15.13.C30mdk.x86_64.rpm ea747244ce018b9f7f0fe9e7acda73a2 corporate/3.0/x86_64/kdegraphics-common-3.2-15.13.C30mdk.x86_64.rpm 43f7612469f0530dca0ea13735d7fb21 corporate/3.0/x86_64/kdegraphics-kdvi-3.2-15.13.C30mdk.x86_64.rpm ce8dccbcf4db264f3dab9bf12e876506 corporate/3.0/x86_64/kdegraphics-kfax-3.2-15.13.C30mdk.x86_64.rpm 605b6cd01214f45dd9472765acd69f1e corporate/3.0/x86_64/kdegraphics-kghostview-3.2-15.13.C30mdk.x86_64.rpm 14eec91200f15fceaf0a7f6e62cb2e52 corporate/3.0/x86_64/kdegraphics-kiconedit-3.2-15.13.C30mdk.x86_64.rpm a481acd62448ca88e0826d3566609f98 corporate/3.0/x86_64/kdegraphics-kooka-3.2-15.13.C30mdk.x86_64.rpm 3ceb16e8055e9777fd38c91f3e11706a corporate/3.0/x86_64/kdegraphics-kpaint-3.2-15.13.C30mdk.x86_64.rpm c0c2e035673223cd8602a0838b0598fb corporate/3.0/x86_64/kdegraphics-kpdf-3.2-15.13.C30mdk.x86_64.rpm df8c5c7111271082ad50fca8ffdf055d corporate/3.0/x86_64/kdegraphics-kpovmodeler-3.2-15.13.C30mdk.x86_64.rpm 79e3e14d8dd7fa7e6349e97f1d9d7b5a corporate/3.0/x86_64/kdegraphics-kruler-3.2-15.13.C30mdk.x86_64.rpm c09dec0e9b5df4f3d2a2f69cd72c77f2 corporate/3.0/x86_64/kdegraphics-ksnapshot-3.2-15.13.C30mdk.x86_64.rpm 7758c9ebab956ac41e9f3a2d2a6c8a7c corporate/3.0/x86_64/kdegraphics-ksvg-3.2-15.13.C30mdk.x86_64.rpm 702873b7683ebd5043bba05d38a93656 corporate/3.0/x86_64/kdegraphics-kuickshow-3.2-15.13.C30mdk.x86_64.rpm ac5a46b1098454f4489496e4166c8b5f corporate/3.0/x86_64/kdegraphics-kview-3.2-15.13.C30mdk.x86_64.rpm 56150fe2c88109c86bead8cf09ba04ac corporate/3.0/x86_64/kdegraphics-mrmlsearch-3.2-15.13.C30mdk.x86_64.rpm 8f3a68bb43ef4525eb8c3a6e6117a182 corporate/3.0/x86_64/lib64kdegraphics0-common-3.2-15.13.C30mdk.x86_64.rpm 534eb8871b8983f86d8e63d46df30e10 corporate/3.0/x86_64/lib64kdegraphics0-common-devel-3.2-15.13.C30mdk.x86_64.rpm cd981a050f0e0c6ae91acced2e52394b corporate/3.0/x86_64/lib64kdegraphics0-kooka-3.2-15.13.C30mdk.x86_64.rpm c1d1f2d8bcae49bedf6646798cb29453 corporate/3.0/x86_64/lib64kdegraphics0-kooka-devel-3.2-15.13.C30mdk.x86_64.rpm 4aa97e98fa26ddf8ef93f1fd4d1c22e2 corporate/3.0/x86_64/lib64kdegraphics0-kpovmodeler-3.2-15.13.C30mdk.x86_64.rpm 31702c7761c465b7d78177c865fcef2b corporate/3.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.2-15.13.C30mdk.x86_64.rpm 4b50916440138d3ad18af03515eebdf5 corporate/3.0/x86_64/lib64kdegraphics0-ksvg-3.2-15.13.C30mdk.x86_64.rpm f3be5478fcba1b48a41645859b65b373 corporate/3.0/x86_64/lib64kdegraphics0-ksvg-devel-3.2-15.13.C30mdk.x86_64.rpm 6a2d1c240d284bc741f72a283c990062 corporate/3.0/x86_64/lib64kdegraphics0-kuickshow-3.2-15.13.C30mdk.x86_64.rpm 7590b48293cf62557ff41d1a53896357 corporate/3.0/x86_64/lib64kdegraphics0-kview-3.2-15.13.C30mdk.x86_64.rpm d39a534a98bc5751f6bcc0d1af3ae408 corporate/3.0/x86_64/lib64kdegraphics0-kview-devel-3.2-15.13.C30mdk.x86_64.rpm c5f531f3c2798796b7fe5261c1af3c56 corporate/3.0/x86_64/lib64kdegraphics0-mrmlsearch-3.2-15.13.C30mdk.x86_64.rpm 118616d1fbbc2a288b0c845b530ab5ba corporate/3.0/SRPMS/kdegraphics-3.2-15.13.C30mdk.src.rpm Corporate 4.0: 400b776273133c15a27b3cd0bc7d492a corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.2.20060mlcs4.i586.rpm 43c5da552e05179a7065f19f6153dc21 corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.i586.rpm fdcff6a1e1770cc4eac9e25028bd427e corporate/4.0/SRPMS/kdegraphics-3.5.4-0.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0d9fe775f62e6cd137875c52a24b5999 corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.2.20060mlcs4.x86_64.rpm 89ac83dc22519c9dc7d2729251dc90c1 corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.x86_64.rpm fdcff6a1e1770cc4eac9e25028bd427e corporate/4.0/SRPMS/kdegraphics-3.5.4-0.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFfYCCmqjQ0CJFipgRAqW6AKCHKd4zvoi9MG19M4OxqHjS8rp+7gCgpe3y v/MH2AeKoaHaa/pOOkrTlig= =eQAa -----END PGP SIGNATURE-----