[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2010:225 ] libmbfl
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [ MDVSA-2010:225 ] libmbfl
- From: security@xxxxxxxxxxxx
- Date: Tue, 09 Nov 2010 23:15:01 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:225
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libmbfl
Date : November 9, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in libmbfl (php):
* Fix bug #53273 (mb_strcut() returns garbage with the excessive
length parameter) (CVE-2010-4156).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156
http://bugs.php.net/bug.php?id=49354
http://bugs.php.net/bug.php?id=53273
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
a3ff784ac8c403e09c3aaa8e05eb5d11
2010.0/i586/libmbfl1-1.1.0-0.2mdv2010.0.i586.rpm
349a58108b4f8e771417806e47d3abf8
2010.0/i586/libmbfl-devel-1.1.0-0.2mdv2010.0.i586.rpm
46a3d7535bbcabf299a10fc0b5611967
2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
84a2522e5d9f99c8757b264fc1ccf8bd
2010.0/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.0.x86_64.rpm
858a213d457bc91cfb14bac8f0fca6ae
2010.0/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.0.x86_64.rpm
46a3d7535bbcabf299a10fc0b5611967
2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.1:
c2a6706a1a63f23422de732317c875b2
2010.1/i586/libmbfl1-1.1.0-0.2mdv2010.1.i586.rpm
e61cd276bbbb67224682e0be0f518765
2010.1/i586/libmbfl-devel-1.1.0-0.2mdv2010.1.i586.rpm
529952ef37422e1b695da38e8ab6e77a
2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
a9df4c7d21e3f8219207f6964d3b5204
2010.1/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.1.x86_64.rpm
48c2d18fa8e20f25675ceedf051a9cea
2010.1/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.1.x86_64.rpm
529952ef37422e1b695da38e8ab6e77a
2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM2ZuOmqjQ0CJFipgRAlIeAJ459YXySExGECX+EYkPzRXQOQSyrACgzTrQ
3ax4hSV/YDfaKxuixKkGBR8=
=KCQC
-----END PGP SIGNATURE-----