-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:010 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xfig Date : January 15, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in xfig: Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information (CVE-2009-4227). Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c (CVE-2009-4228). Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition (CVE-2010-4262). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4262 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: e39602fc8ee985c8b9a53872593a0f81 2009.0/i586/xfig-3.2.5-4.1mdv2009.0.i586.rpm 1939fb7dc9bea4407c6ef8fac24ed8cf 2009.0/SRPMS/xfig-3.2.5-4.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 2d23d023c54c3e97e0785a4c132e6920 2009.0/x86_64/xfig-3.2.5-4.1mdv2009.0.x86_64.rpm 1939fb7dc9bea4407c6ef8fac24ed8cf 2009.0/SRPMS/xfig-3.2.5-4.1mdv2009.0.src.rpm Mandriva Linux 2010.0: fa216772dd4e5cce2646af8e3fdab037 2010.0/i586/xfig-3.2.5b-1.3mdv2010.0.i586.rpm a5d6698dd7015208f7c2bdaa94eaded8 2010.0/SRPMS/xfig-3.2.5b-1.3mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 41a861a853686f15faf79ac78d23f01b 2010.0/x86_64/xfig-3.2.5b-1.3mdv2010.0.x86_64.rpm a5d6698dd7015208f7c2bdaa94eaded8 2010.0/SRPMS/xfig-3.2.5b-1.3mdv2010.0.src.rpm Mandriva Linux 2010.1: 6246b2d654ecc3208eb6a1484e656680 2010.1/i586/xfig-3.2.5b-3.1mdv2010.2.i586.rpm 1d0ca214e51934ffe9d52e7a4ed9b589 2010.1/SRPMS/xfig-3.2.5b-3.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: e967afae295de665073e0c9ef751e86d 2010.1/x86_64/xfig-3.2.5b-3.1mdv2010.2.x86_64.rpm 1d0ca214e51934ffe9d52e7a4ed9b589 2010.1/SRPMS/xfig-3.2.5b-3.1mdv2010.2.src.rpm Corporate 4.0: 66396295f199c85cdba5b7c83efd82c6 corporate/4.0/i586/xfig-3.2.5-0.4.20060mlcs4.i586.rpm 047a3ee6ff83f35c6c7a167f442af9b8 corporate/4.0/SRPMS/xfig-3.2.5-0.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0089a3e8d5436d7ea3a72afad505a39b corporate/4.0/x86_64/xfig-3.2.5-0.4.20060mlcs4.x86_64.rpm 047a3ee6ff83f35c6c7a167f442af9b8 corporate/4.0/SRPMS/xfig-3.2.5-0.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNMfMSmqjQ0CJFipgRAuy4AJ9cJPnx510QGOr4rS0WWSd98c105gCgwS0l 51YvC5zhkNyiQiTTb57njsA= =bct3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/