Libmcrypt Multiple Buffer Overrun Vulnerabilities

Threat level definition

Libmcrypt Multiple Buffer Overrun Vulnerabilities

Solution:
The vendor has identified the issues and has released an updated version which addresses the vulnerabilities. Users are advised to upgrade their library as soon as possible.

Gentoo Linux has released an advisory. Users who have installed dev-libs/libmcrypt-2.5.1-r4 or earlier are advised to update their systems by issuing the following commands:

emerge rsync
emerge libmcrypt
emerge clean

Conectiva has released a security advisory (CLA-2003:567) containing fixes. Users are advised to upgrade their mcrypt package as soon as possible.

Fix:

Mcrypt libmcrypt 2.4.10

SuSE libmcrypt-2.4.10-59.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/libmcrypt-2.4.10-59.i 386.rpm

SuSE libmcrypt-devel-2.4.10-59.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/libmcrypt-devel-2.4.1 0-59.i386.rpm

Mcrypt libmcrypt 2.4.15

SuSE libmcrypt-2.4.15-53.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/libmcrypt-2.4.15-53. sparc.rpm

SuSE libmcrypt-2.4.15-89.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/libmcrypt-2.4.15-89.pp c.rpm

SuSE libmcrypt-2.4.15-98.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/libmcrypt-2.4.15-98.i 386.rpm

SuSE libmcrypt-devel-2.4.15-53.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/libmcrypt-devel-2.4. 15-53.sparc.rpm

SuSE libmcrypt-devel-2.4.15-89.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/libmcrypt-devel-2.4.15 -89.ppc.rpm

SuSE libmcrypt-devel-2.4.15-98.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/libmcrypt-devel-2.4.1 5-98.i386.rpm

Mcrypt libmcrypt 2.4.18

Conectiva mcrypt-2.4.18-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mcrypt-2.4.18-3U80_1cl.i386 .rpm

Conectiva mcrypt-devel-2.4.18-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mcrypt-devel-2.4.18-3U80_1c l.i386.rpm

Conectiva mcrypt-devel-static-2.4.18-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mcrypt-devel-static-2.4.18- 3U80_1cl.i386.rpm

Mcrypt libmcrypt 2.4.20

SuSE libmcrypt-2.4.20-114.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec2/libmcrypt-2.4.20-114. i386.patch.rpm

SuSE libmcrypt-2.4.20-114.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec2/libmcrypt-2.4.20-114. i386.rpm

SuSE libmcrypt-devel-2.4.20-114.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/libmcrypt-devel-2.4.20- 114.i386.patch.rpm

SuSE libmcrypt-devel-2.4.20-114.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/libmcrypt-devel-2.4.20- 114.i386.rpm

Mcrypt libmcrypt 2.4.7

SuSE libmcrypt-2.4.7-19.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/sec2/libmcrypt-2.4.7-19.i3 86.rpm

SuSE libmcrypt-2.4.7-23.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sec2/libmcrypt-2.4.7-23.ppc .rpm

SuSE libmcrypt-2.4.7-26.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/sec2/libmcrypt-2.4.7-26.alp ha.rpm

SuSE libmcrypt-devel-2.4.7-19.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/sec2/libmcrypt-devel-2.4.7 -19.i386.rpm

SuSE libmcrypt-devel-2.4.7-23.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sec2/libmcrypt-devel-2.4.7- 23.ppc.rpm

SuSE libmcrypt-devel-2.4.7-26.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/sec2/libmcrypt-devel-2.4.7- 26.alpha.rpm

Mcrypt libmcrypt 2.4.9

Conectiva mcrypt-2.4.9-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mcrypt-2.4.9-3U70_1cl.i38 6.rpm

Conectiva mcrypt-devel-2.4.9-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mcrypt-devel-2.4.9-3U70_1 cl.i386.rpm

Conectiva mcrypt-devel-static-2.4.9-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mcrypt-devel-static-2.4.9 -3U70_1cl.i386.rpm

Mcrypt libmcrypt 2.5 .0

Debian libmcrypt-dev_2.5.0-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_alpha.deb

Debian libmcrypt-dev_2.5.0-1woody1_arm.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_arm.deb

Debian libmcrypt-dev_2.5.0-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_hppa.deb

Debian libmcrypt-dev_2.5.0-1woody1_i386.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_i386.deb

Debian libmcrypt-dev_2.5.0-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_ia64.deb

Debian libmcrypt-dev_2.5.0-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_m68k.deb

Debian libmcrypt-dev_2.5.0-1woody1_mips.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_mips.deb

Debian libmcrypt-dev_2.5.0-1woody1_mipsel.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_mipsel.deb

Debian libmcrypt-dev_2.5.0-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_powerpc.deb

Debian libmcrypt-dev_2.5.0-1woody1_s390.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_s390.deb

Debian libmcrypt-dev_2.5.0-1woody1_sparc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt- dev_2.5.0-1woody1_sparc.deb

Debian libmcrypt4_2.5.0-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_alpha.deb

Debian libmcrypt4_2.5.0-1woody1_arm.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_arm.deb

Debian libmcrypt4_2.5.0-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_hppa.deb

Debian libmcrypt4_2.5.0-1woody1_i386.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_i386.deb

Debian libmcrypt4_2.5.0-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_ia64.deb

Debian libmcrypt4_2.5.0-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_m68k.deb

Debian libmcrypt4_2.5.0-1woody1_mips.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_mips.deb

Debian libmcrypt4_2.5.0-1woody1_mipsel.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_mipsel.deb

Debian libmcrypt4_2.5.0-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_powerpc.deb

Debian libmcrypt4_2.5.0-1woody1_s390.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_s390.deb

Debian libmcrypt4_2.5.0-1woody1_sparc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4 _2.5.0-1woody1_sparc.deb

Mcrypt libmcrypt 2.5.2

Conectiva libmcrypt-2.5.2-48.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/i386/RPMS.core/libmcrypt-2.5.2-4 8.i586.rpm

Conectiva libmcrypt-devel-2.5.2-48.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/i386/RPMS.core/libmcrypt-devel-2 .5.2-48.i586.rpm

Mcrypt libmcrypt 2.5.5
http://mcrypt.hellug.gr/lib/index.html

SuSE libmcrypt-2.5.2-48.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libmcrypt-2.5.2-4 8.i586.patch.rpm

SuSE libmcrypt-2.5.2-48.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libmcrypt-2.5.2-4 8.i586.rpm

SuSE libmcrypt-devel-2.5.2-48.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libmcrypt-devel-2 .5.2-48.i586.patch.rpm

SuSE libmcrypt-devel-2.5.2-48.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/libmcrypt-devel-2 .5.2-48.i586.rpm

Mcrypt libmcrypt 2.5.3

Mcrypt libmcrypt 2.5.5
http://mcrypt.hellug.gr/lib/index.html

Privacy Statement
Copyright 2008, SecurityFocus