BugTraq
[ MDVSA-2010:225 ] libmbfl Nov 09 2010 10:15PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:225
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libmbfl
Date : November 9, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in libmbfl (php):

* Fix bug #53273 (mb_strcut() returns garbage with the excessive
length parameter) (CVE-2010-4156).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156
http://bugs.php.net/bug.php?id=49354
http://bugs.php.net/bug.php?id=53273
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
a3ff784ac8c403e09c3aaa8e05eb5d11 2010.0/i586/libmbfl1-1.1.0-0.2mdv2010.0.i586.rpm
349a58108b4f8e771417806e47d3abf8 2010.0/i586/libmbfl-devel-1.1.0-0.2mdv2010.0.i586.rpm
46a3d7535bbcabf299a10fc0b5611967 2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
84a2522e5d9f99c8757b264fc1ccf8bd 2010.0/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.0.x86_64.rpm
858a213d457bc91cfb14bac8f0fca6ae 2010.0/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.0.x86_64.rpm
46a3d7535bbcabf299a10fc0b5611967 2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm

Mandriva Linux 2010.1:
c2a6706a1a63f23422de732317c875b2 2010.1/i586/libmbfl1-1.1.0-0.2mdv2010.1.i586.rpm
e61cd276bbbb67224682e0be0f518765 2010.1/i586/libmbfl-devel-1.1.0-0.2mdv2010.1.i586.rpm
529952ef37422e1b695da38e8ab6e77a 2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64:
a9df4c7d21e3f8219207f6964d3b5204 2010.1/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.1.x86_64.rpm
48c2d18fa8e20f25675ceedf051a9cea 2010.1/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.1.x86_64.rpm
529952ef37422e1b695da38e8ab6e77a 2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM2ZuOmqjQ0CJFipgRAlIeAJ459YXySExGECX+EYkPzRXQOQSyrACgzTrQ
3ax4hSV/YDfaKxuixKkGBR8=
=KCQC
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus