-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:033 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ruby-gnome2 Date : February 1, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: A format string vulnerability in Ruby-GNOME 2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6183 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 8d9b3509f96a3461738224c17c1bd27a 2007.1/i586/ruby-atk-0.16.0-2.1mdv2007.1.i586.rpm 3a072a39a5bfafbd69074186bfeba886 2007.1/i586/ruby-gconf2-0.16.0-2.1mdv2007.1.i586.rpm 8dc250b8d2dba8bbb528edb5bfb049b1 2007.1/i586/ruby-gdkpixbuf2-0.16.0-2.1mdv2007.1.i586.rpm 351217998c27dd3438296bf09bdb23c8 2007.1/i586/ruby-glib2-0.16.0-2.1mdv2007.1.i586.rpm bd1f01c6cb835cce182d446811c1ebdb 2007.1/i586/ruby-gnome2-0.16.0-2.1mdv2007.1.i586.rpm 415b8f4ab7b6bf1917f33f1462322f75 2007.1/i586/ruby-gnome2-devel-0.16.0-2.1mdv2007.1.i586.rpm 8c2170d7ab383640b0e967fc7d57f294 2007.1/i586/ruby-gnomecanvas2-0.16.0-2.1mdv2007.1.i586.rpm 92172ccc8d65303cf93cfa41b5efff5e 2007.1/i586/ruby-gnomeprint2-0.16.0-2.1mdv2007.1.i586.rpm 2111cd9707313863766dd2c1b74e36f2 2007.1/i586/ruby-gnomeprintui2-0.16.0-2.1mdv2007.1.i586.rpm edf0aab0f5a89b5e8e28246396815415 2007.1/i586/ruby-gnomevfs2-0.16.0-2.1mdv2007.1.i586.rpm dc83948dfc0a1d7f416f3e42efbbfb43 2007.1/i586/ruby-gtk2-0.16.0-2.1mdv2007.1.i586.rpm 76091b3b0e477d3417bd718f69a69797 2007.1/i586/ruby-gtkglext-0.16.0-2.1mdv2007.1.i586.rpm 1190afad40daba0b01709adb8e2d2138 2007.1/i586/ruby-gtkhtml2-0.16.0-2.1mdv2007.1.i586.rpm 434e7bccc392ba94168d46118dbdeedc 2007.1/i586/ruby-gtkmozembed-0.16.0-2.1mdv2007.1.i586.rpm 98e15cc9bee4fff03ea0d91803158420 2007.1/i586/ruby-gtksourceview-0.16.0-2.1mdv2007.1.i586.rpm 33f73da45a85653a02ab3eee9d4f920a 2007.1/i586/ruby-libart2-0.16.0-2.1mdv2007.1.i586.rpm 756088dd657a3a49f214e40953343fcb 2007.1/i586/ruby-libglade2-0.16.0-2.1mdv2007.1.i586.rpm 9c758d58dcbbf5d2d06775c2bb371f04 2007.1/i586/ruby-panelapplet2-0.16.0-2.1mdv2007.1.i586.rpm 8a3778c105d24a9419423c213bd5b488 2007.1/i586/ruby-pango-0.16.0-2.1mdv2007.1.i586.rpm 822079051a8600a0f92c67eb81cca1ce 2007.1/i586/ruby-poppler-0.16.0-2.1mdv2007.1.i586.rpm 16a45b8fbe47d39ed6ab9f5036edfb4b 2007.1/i586/ruby-rsvg2-0.16.0-2.1mdv2007.1.i586.rpm 3447bb03c4c687245b804c6772ee23c0 2007.1/i586/ruby-vte-0.16.0-2.1mdv2007.1.i586.rpm 316fffbb8ae34ab33d1466e53162d9cb 2007.1/SRPMS/ruby-gnome2-0.16.0-2.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 6b0e32102841662bf5839873c9d73410 2007.1/x86_64/ruby-atk-0.16.0-2.1mdv2007.1.x86_64.rpm 60ac413ae03fe7089afe63eee87e1a8e 2007.1/x86_64/ruby-gconf2-0.16.0-2.1mdv2007.1.x86_64.rpm 8dec4401c84e50482e705f1529d1c762 2007.1/x86_64/ruby-gdkpixbuf2-0.16.0-2.1mdv2007.1.x86_64.rpm 5f34499daabdc2046e1abf77a958efe2 2007.1/x86_64/ruby-glib2-0.16.0-2.1mdv2007.1.x86_64.rpm 9f4b0565ee905d750084b3cb1739ee44 2007.1/x86_64/ruby-gnome2-0.16.0-2.1mdv2007.1.x86_64.rpm 8bdacb4c30a0831af066d9bbf6de0f37 2007.1/x86_64/ruby-gnome2-devel-0.16.0-2.1mdv2007.1.x86_64.rpm 096c7a4da1bdb5c92a13ec25d16ed123 2007.1/x86_64/ruby-gnomecanvas2-0.16.0-2.1mdv2007.1.x86_64.rpm 8cc4dcea3e798918d43a705dcb3cf715 2007.1/x86_64/ruby-gnomeprint2-0.16.0-2.1mdv2007.1.x86_64.rpm bcf1a516343c192e1aa888bda84918c2 2007.1/x86_64/ruby-gnomeprintui2-0.16.0-2.1mdv2007.1.x86_64.rpm e0f2ac6e61c0f49cf0cea241542db6af 2007.1/x86_64/ruby-gnomevfs2-0.16.0-2.1mdv2007.1.x86_64.rpm 413453661c97ffef74a7cd002d68ef8c 2007.1/x86_64/ruby-gtk2-0.16.0-2.1mdv2007.1.x86_64.rpm 91b5a56fecf908eb741ae906b9a5fd53 2007.1/x86_64/ruby-gtkglext-0.16.0-2.1mdv2007.1.x86_64.rpm eca80921ff0260244a5d9419b9f44a77 2007.1/x86_64/ruby-gtkhtml2-0.16.0-2.1mdv2007.1.x86_64.rpm 053fb91f3e23642527ff49ad662b52bc 2007.1/x86_64/ruby-gtkmozembed-0.16.0-2.1mdv2007.1.x86_64.rpm 2678231063f53e22127e05e5fbfd276f 2007.1/x86_64/ruby-gtksourceview-0.16.0-2.1mdv2007.1.x86_64.rpm 9feab2c5af54a7f44e2163b82d64032e 2007.1/x86_64/ruby-libart2-0.16.0-2.1mdv2007.1.x86_64.rpm 5364298efb07553a27555160db0dd249 2007.1/x86_64/ruby-libglade2-0.16.0-2.1mdv2007.1.x86_64.rpm eb7d1481852b3538dd0e9c4c0fa10b0c 2007.1/x86_64/ruby-panelapplet2-0.16.0-2.1mdv2007.1.x86_64.rpm 140949b575299e5a0db4c779872e843b 2007.1/x86_64/ruby-pango-0.16.0-2.1mdv2007.1.x86_64.rpm e4d0011c09d27226108b5ded5736c668 2007.1/x86_64/ruby-poppler-0.16.0-2.1mdv2007.1.x86_64.rpm e22ad59b1ddb3da7365a5bfe5fab05c3 2007.1/x86_64/ruby-rsvg2-0.16.0-2.1mdv2007.1.x86_64.rpm cd0596a1c344e2b7fd4f77fddbd1350c 2007.1/x86_64/ruby-vte-0.16.0-2.1mdv2007.1.x86_64.rpm 316fffbb8ae34ab33d1466e53162d9cb 2007.1/SRPMS/ruby-gnome2-0.16.0-2.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 8307750bd147672c60eea024629b3f2f 2008.0/i586/ruby-atk-0.16.0-3.1mdv2008.0.i586.rpm 4ede1f2646c69713f70e31cc12412fb1 2008.0/i586/ruby-gconf2-0.16.0-3.1mdv2008.0.i586.rpm 49da66f60cabd54e56fd6c5b1785689f 2008.0/i586/ruby-gdkpixbuf2-0.16.0-3.1mdv2008.0.i586.rpm 59a96dc934dfe93152ec491ad626183a 2008.0/i586/ruby-glib2-0.16.0-3.1mdv2008.0.i586.rpm 88dd3349f5d87eb514473d7d7ff04393 2008.0/i586/ruby-gnome2-0.16.0-3.1mdv2008.0.i586.rpm 6f61c8b4630791f6a2385cd64898f3d9 2008.0/i586/ruby-gnome2-devel-0.16.0-3.1mdv2008.0.i586.rpm 53ad3fcf39a69b734354c3869edc43c6 2008.0/i586/ruby-gnomecanvas2-0.16.0-3.1mdv2008.0.i586.rpm 56e31a8e492e5ed4cd62309addf3b393 2008.0/i586/ruby-gnomeprint2-0.16.0-3.1mdv2008.0.i586.rpm 8cf2869ae0851f923656de566a8d7d10 2008.0/i586/ruby-gnomeprintui2-0.16.0-3.1mdv2008.0.i586.rpm 78117f7fc39b38fc2493876f9ed9258e 2008.0/i586/ruby-gnomevfs2-0.16.0-3.1mdv2008.0.i586.rpm edeabe7eef8a91a66654314dc116a67a 2008.0/i586/ruby-gtk2-0.16.0-3.1mdv2008.0.i586.rpm 8bea81137fae5d017bda7b5643f977df 2008.0/i586/ruby-gtkglext-0.16.0-3.1mdv2008.0.i586.rpm f1733e1ce8b042a7a653015a71765f17 2008.0/i586/ruby-gtkhtml2-0.16.0-3.1mdv2008.0.i586.rpm 02e73422c69226f0b8365ccd1434630f 2008.0/i586/ruby-gtkmozembed-0.16.0-3.1mdv2008.0.i586.rpm f41c6f51ada9ab5c662edd5e86fdc3fc 2008.0/i586/ruby-gtksourceview-0.16.0-3.1mdv2008.0.i586.rpm 412809b7df4bf120821d847acf784f31 2008.0/i586/ruby-libart2-0.16.0-3.1mdv2008.0.i586.rpm d790e25de85766d985a00e3296ababbc 2008.0/i586/ruby-libglade2-0.16.0-3.1mdv2008.0.i586.rpm 9b4b2cd7a0fe9ccc71c23fe79696316c 2008.0/i586/ruby-panelapplet2-0.16.0-3.1mdv2008.0.i586.rpm 62847d04d24d38a3f524ce2d4750e92e 2008.0/i586/ruby-pango-0.16.0-3.1mdv2008.0.i586.rpm 568d13371026bd18b7a7de8e5a1b6790 2008.0/i586/ruby-poppler-0.16.0-3.1mdv2008.0.i586.rpm 9b7bb617c47787c1768ce6e41dfff985 2008.0/i586/ruby-rsvg2-0.16.0-3.1mdv2008.0.i586.rpm 70bb27ffb7ee95fec71c84408210adce 2008.0/i586/ruby-vte-0.16.0-3.1mdv2008.0.i586.rpm 0df7cde4331837fb6862c9b5a97be8f5 2008.0/SRPMS/ruby-gnome2-0.16.0-3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f994bb06d1aeea684703e4632dc83514 2008.0/x86_64/ruby-atk-0.16.0-3.1mdv2008.0.x86_64.rpm aa09b9d481302f67ceb70212331a404d 2008.0/x86_64/ruby-gconf2-0.16.0-3.1mdv2008.0.x86_64.rpm e2095aad322140ca87c2abaa36383bf6 2008.0/x86_64/ruby-gdkpixbuf2-0.16.0-3.1mdv2008.0.x86_64.rpm 8599aa977cce023e95e3d4013081bd46 2008.0/x86_64/ruby-glib2-0.16.0-3.1mdv2008.0.x86_64.rpm e842e5a9cd8f4ddf65adc3ca537a23e2 2008.0/x86_64/ruby-gnome2-0.16.0-3.1mdv2008.0.x86_64.rpm 7df090f82bc32da5d71e5b1a01a936da 2008.0/x86_64/ruby-gnome2-devel-0.16.0-3.1mdv2008.0.x86_64.rpm e009fc40831dcb1266168475e3f7a7ce 2008.0/x86_64/ruby-gnomecanvas2-0.16.0-3.1mdv2008.0.x86_64.rpm dbcf26f9d25b208cda61be393420249a 2008.0/x86_64/ruby-gnomeprint2-0.16.0-3.1mdv2008.0.x86_64.rpm 39b325ee6548bdace767db805bf2c8b2 2008.0/x86_64/ruby-gnomeprintui2-0.16.0-3.1mdv2008.0.x86_64.rpm 7071eb94ac3c55e18d70519e6c8eca86 2008.0/x86_64/ruby-gnomevfs2-0.16.0-3.1mdv2008.0.x86_64.rpm e2804b2ea0e09a9ceb10a301b588dc16 2008.0/x86_64/ruby-gtk2-0.16.0-3.1mdv2008.0.x86_64.rpm 9de7b27a7af2a97858712ecc85556c23 2008.0/x86_64/ruby-gtkglext-0.16.0-3.1mdv2008.0.x86_64.rpm 707ef739d27ff5e0dac19ddb1ef6eb0c 2008.0/x86_64/ruby-gtkhtml2-0.16.0-3.1mdv2008.0.x86_64.rpm 8a93344a6ce2757ef2a9c69f80ab38cc 2008.0/x86_64/ruby-gtkmozembed-0.16.0-3.1mdv2008.0.x86_64.rpm 0d56132f28b59eb54e915d215934d668 2008.0/x86_64/ruby-gtksourceview-0.16.0-3.1mdv2008.0.x86_64.rpm 0757a4b6ecf07630d45e508cd623f562 2008.0/x86_64/ruby-libart2-0.16.0-3.1mdv2008.0.x86_64.rpm a959f2d58f667ab56874fe974cbdb38a 2008.0/x86_64/ruby-libglade2-0.16.0-3.1mdv2008.0.x86_64.rpm 93dff79288e4e248f7ff42d9574dcb6b 2008.0/x86_64/ruby-panelapplet2-0.16.0-3.1mdv2008.0.x86_64.rpm ab701b2b9942d6834bef8f6e4723a27b 2008.0/x86_64/ruby-pango-0.16.0-3.1mdv2008.0.x86_64.rpm 17580801211d70f93579bfa6b36f10d8 2008.0/x86_64/ruby-poppler-0.16.0-3.1mdv2008.0.x86_64.rpm 21e8b9751a77135296f537e33006bc5a 2008.0/x86_64/ruby-rsvg2-0.16.0-3.1mdv2008.0.x86_64.rpm 91f4b51df125d5c184a2272cb2561d3c 2008.0/x86_64/ruby-vte-0.16.0-3.1mdv2008.0.x86_64.rpm 0df7cde4331837fb6862c9b5a97be8f5 2008.0/SRPMS/ruby-gnome2-0.16.0-3.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHo38WmqjQ0CJFipgRAuQ1AJkB4lvv5eqDT1xFB+zuFDSNT5dicwCfX5fT tvrLJzPSQ/JsXO2WAEf6QSY= =D1lc -----END PGP SIGNATURE-----