U radu programske biblioteke T1lib uočen je novi sigurnosni nedostatak. Spomenuta biblioteka sadrži funkcije koje su potrebne za stvaranje slikovnih datoteka iz Adobe Type 1 stila slova. Dolazi do pojave prepisivanja gomile u AFM analizatoru fontova u komponenti dvi-backend. Iskorištavanje propusta može dovesti do izvođenja DoS napada ili potencijalnog pokretanja proizvoljnog programskog koda. Korisnici se upućuju na primjenu poboljšane programske nadogradnje kako bi se zaštitili od opisanog problema.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:016
http://www.mandriva.com/security/
_______________________________________________________________________
Package : t1lib
Date : January 21, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
It was discovered that t1lib suffered from the same vulnerability as
previousely addressed in Evince with MDVSA-2011:005 (CVE-2010-2642). As
a precaution t1lib has been patched to address this flaw.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
599f783a0eb68c6ee4df2b55fd4b9f7a
2009.0/i586/libt1lib5-5.1.2-4.1mdv2009.0.i586.rpm
93faa44fb6e5451b26b06cf8266b2bda
2009.0/i586/libt1lib-devel-5.1.2-4.1mdv2009.0.i586.rpm
10055f8139aa5323998a5827b694b2d7
2009.0/i586/libt1lib-static-devel-5.1.2-4.1mdv2009.0.i586.rpm
6f299e29dd23f5d6e77d9b99ede98942
2009.0/i586/t1lib-config-5.1.2-4.1mdv2009.0.i586.rpm
a56fbccbcc28ba1dfb17081922779ad1
2009.0/i586/t1lib-progs-5.1.2-4.1mdv2009.0.i586.rpm
c7ec8ded98a8116e3415671c9eb637ad
2009.0/SRPMS/t1lib-5.1.2-4.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
59b16d03c66d1fedb111c9eaf998ef56
2009.0/x86_64/lib64t1lib5-5.1.2-4.1mdv2009.0.x86_64.rpm
afcfc7c1f1d5b8844ddd7190a1fcb1e8
2009.0/x86_64/lib64t1lib-devel-5.1.2-4.1mdv2009.0.x86_64.rpm
e526862e479b174d71016301e4ce3fc0
2009.0/x86_64/lib64t1lib-static-devel-5.1.2-4.1mdv2009.0.x86_64.rpm
32e982c2d44afb35aaa2d9e3caa2b3be
2009.0/x86_64/t1lib-config-5.1.2-4.1mdv2009.0.x86_64.rpm
07b649d8dc61d692f1716d72a07da71e
2009.0/x86_64/t1lib-progs-5.1.2-4.1mdv2009.0.x86_64.rpm
c7ec8ded98a8116e3415671c9eb637ad
2009.0/SRPMS/t1lib-5.1.2-4.1mdv2009.0.src.rpm
Mandriva Linux 2010.0:
310ee7d65a7f634e87222bd780915644
2010.0/i586/libt1lib5-5.1.2-7.1mdv2010.0.i586.rpm
cbe429ffc363b10d0fffbefb3a33bac0
2010.0/i586/libt1lib-devel-5.1.2-7.1mdv2010.0.i586.rpm
0f02f514f59824332aa6e0665204e7da
2010.0/i586/libt1lib-static-devel-5.1.2-7.1mdv2010.0.i586.rpm
4252c52406dbc2051a31adeb5e6f5e50
2010.0/i586/t1lib-config-5.1.2-7.1mdv2010.0.i586.rpm
22f75861e3c41ff701c503c6014fd83e
2010.0/i586/t1lib-progs-5.1.2-7.1mdv2010.0.i586.rpm
b5d4e91778fc56d97e27e39d47f755e3
2010.0/SRPMS/t1lib-5.1.2-7.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
2dd5b2f8aa27ecc59deebfa085839db1
2010.0/x86_64/lib64t1lib5-5.1.2-7.1mdv2010.0.x86_64.rpm
992e43be6aaa8f5d287ba329d1d37307
2010.0/x86_64/lib64t1lib-devel-5.1.2-7.1mdv2010.0.x86_64.rpm
877785d712b325c487266876aaa783d6
2010.0/x86_64/lib64t1lib-static-devel-5.1.2-7.1mdv2010.0.x86_64.rpm
24018e3a1b1a9cf281343dbe4bdb8d89
2010.0/x86_64/t1lib-config-5.1.2-7.1mdv2010.0.x86_64.rpm
3fca959f045cc1f452f603dac0284f59
2010.0/x86_64/t1lib-progs-5.1.2-7.1mdv2010.0.x86_64.rpm
b5d4e91778fc56d97e27e39d47f755e3
2010.0/SRPMS/t1lib-5.1.2-7.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
c696d917eb2a4be454a27c70f598e3b3
2010.1/i586/libt1lib5-5.1.2-8.1mdv2010.2.i586.rpm
da4a03bea147aac19ae8d8a1bf5cdd6e
2010.1/i586/libt1lib-devel-5.1.2-8.1mdv2010.2.i586.rpm
b9290b2bea03423459fc77e3e4893676
2010.1/i586/libt1lib-static-devel-5.1.2-8.1mdv2010.2.i586.rpm
57ccda81a0a3ef35f8326e6db90a7164
2010.1/i586/t1lib-config-5.1.2-8.1mdv2010.2.i586.rpm
e5fb29d4f198656a97c0b7aad2c17f00
2010.1/i586/t1lib-progs-5.1.2-8.1mdv2010.2.i586.rpm
ff89cfdbcc43583b8b4cebd60ecbcf3c
2010.1/SRPMS/t1lib-5.1.2-8.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
ff59dd6e16a77d55f32c579c1cbbb359
2010.1/x86_64/lib64t1lib5-5.1.2-8.1mdv2010.2.x86_64.rpm
326d6b627607199d1ed2b777791337b0
2010.1/x86_64/lib64t1lib-devel-5.1.2-8.1mdv2010.2.x86_64.rpm
c0070fd18a3952b478b5e09d87c4f4a3
2010.1/x86_64/lib64t1lib-static-devel-5.1.2-8.1mdv2010.2.x86_64.rpm
0456d64f5393c75d128a1395ca1e9690
2010.1/x86_64/t1lib-config-5.1.2-8.1mdv2010.2.x86_64.rpm
cd7f49fc46abbb60adcce436d56f61d5
2010.1/x86_64/t1lib-progs-5.1.2-8.1mdv2010.2.x86_64.rpm
ff89cfdbcc43583b8b4cebd60ecbcf3c
2010.1/SRPMS/t1lib-5.1.2-8.1mdv2010.2.src.rpm
Corporate 4.0:
6a10f64eaea14c2a1819bee558a60692
corporate/4.0/i586/libt1lib5-5.1.0-1.2.20060mlcs4.i586.rpm
ac13127bdfa766289c2bcacfb59c9dc8
corporate/4.0/i586/libt1lib5-devel-5.1.0-1.2.20060mlcs4.i586.rpm
a4326eac69f1aea59bf4ba90b3f2beaf
corporate/4.0/i586/libt1lib5-static-devel-5.1.0-1.2.20060mlcs4.i586.rpm
93368d9f3679037c313f3b7cb87879f9
corporate/4.0/i586/t1lib-config-5.1.0-1.2.20060mlcs4.i586.rpm
17f413268c5603bc59c06aa14f10c630
corporate/4.0/i586/t1lib-progs-5.1.0-1.2.20060mlcs4.i586.rpm
632a92b73f526d4e489649878637b52a
corporate/4.0/SRPMS/t1lib-5.1.0-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ac41414be04a827740e92cf088ec76af
corporate/4.0/x86_64/lib64t1lib5-5.1.0-1.2.20060mlcs4.x86_64.rpm
028849ff6151626dbdc1a66faa4e6398
corporate/4.0/x86_64/lib64t1lib5-devel-5.1.0-1.2.20060mlcs4.x86_64.rpm
8d361af76b0cc51a020a07c0a07275f9
corporate/4.0/x86_64/lib64t1lib5-static-devel-5.1.0-1.2.20060mlcs4.x86_64.rpm
af1d3a27219d99c99a059046538b495b
corporate/4.0/x86_64/t1lib-config-5.1.0-1.2.20060mlcs4.x86_64.rpm
0f88c1f82c0aeb8fe2c923f99b2aa631
corporate/4.0/x86_64/t1lib-progs-5.1.0-1.2.20060mlcs4.x86_64.rpm
632a92b73f526d4e489649878637b52a
corporate/4.0/SRPMS/t1lib-5.1.0-1.2.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
5792d67c70cb189421fabf15db01a487
mes5/i586/libt1lib5-5.1.2-4.1mdvmes5.1.i586.rpm
37dd107b006b3c1606c5e217a204a222
mes5/i586/libt1lib-devel-5.1.2-4.1mdvmes5.1.i586.rpm
df0376ecd2890dc805a8770a0e1226c5
mes5/i586/libt1lib-static-devel-5.1.2-4.1mdvmes5.1.i586.rpm
df13d1c8d4efbab824e2d479090025d7
mes5/i586/t1lib-config-5.1.2-4.1mdvmes5.1.i586.rpm
ed682fa1868be45bc7dc01233d1516b5
mes5/i586/t1lib-progs-5.1.2-4.1mdvmes5.1.i586.rpm
1cb11ed251082b9a682015897bf02da7 mes5/SRPMS/t1lib-5.1.2-4.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
82188362954955216dbee7d4ef833d5e
mes5/x86_64/lib64t1lib5-5.1.2-4.1mdvmes5.1.x86_64.rpm
3b91c137bedefe1e91dee24086e99f08
mes5/x86_64/lib64t1lib-devel-5.1.2-4.1mdvmes5.1.x86_64.rpm
2da40b9cd2d63e9fa2f5129401649886
mes5/x86_64/lib64t1lib-static-devel-5.1.2-4.1mdvmes5.1.x86_64.rpm
47a5419367768a2c02bb19c7b1f4d409
mes5/x86_64/t1lib-config-5.1.2-4.1mdvmes5.1.x86_64.rpm
ace11c96025b1d021d7df91959016885
mes5/x86_64/t1lib-progs-5.1.2-4.1mdvmes5.1.x86_64.rpm
1cb11ed251082b9a682015897bf02da7 mes5/SRPMS/t1lib-5.1.2-4.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNOX/AmqjQ0CJFipgRAr7qAJ4pu1ydJ+n75VjQcxncqlnWuRToLACfVKEx
uK1FcFu8qb2ncTkzdYh+O6M=
=fc9e
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke