I really wonder if they even read the lists they spam
2013/4/19 l3thal <[email protected]> > looks like you are still at it heh... > > > On Fri, Apr 19, 2013 at 11:12 AM, <[email protected]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> _______________________________________________________________________ >> >> Mandriva Linux Security Advisory MDVSA-2013:147 >> http://www.mandriva.com/en/support/security/ >> _______________________________________________________________________ >> >> Package : libarchive >> Date : April 19, 2013 >> Affected: Business Server 1.0, Enterprise Server 5.0 >> _______________________________________________________________________ >> >> Problem Description: >> >> A vulnerability has been found and corrected in libarchive: >> >> Fabian Yamaguchi reported a read buffer overflow flaw in >> libarchive on 64-bit systems where sizeof(size_t) is equal >> to 8. In the archive_write_zip_data() function in libarchive/ >> archive_write_set_format_zip.c, the "s" parameter is of type >> size_t >> (64 bit, unsigned) and is cast to a 64 bit signed integer. If >> "s" is >> larger than MAX_INT, it will not be set to >> "zip->remaining_data_bytes" >> even though it is larger than "zip->remaining_data_bytes", >> which >> leads to a buffer overflow when calling deflate(). This can lead to a >> segfault in an application that uses libarchive to create ZIP archives >> (CVE-2013-0211). >> >> The updated packages have been patched to correct this issue. >> _______________________________________________________________________ >> >> References: >> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211 >> https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0119 >> _______________________________________________________________________ >> >> Updated Packages: >> >> Mandriva Enterprise Server 5: >> db7909eb958a090af3abeec3e4427f20 >> mes5/i586/bsdtar-2.5.5-1.2mdvmes5.2.i586.rpm >> 8ce2a7ce2501bb7bd6a53e3dffd8fd31 >> mes5/i586/libarchive2-2.5.5-1.2mdvmes5.2.i586.rpm >> ba4c4e8717271abf9f2228886617409c >> mes5/i586/libarchive-devel-2.5.5-1.2mdvmes5.2.i586.rpm >> 52d76a6e66d3e63c981b947dc8d58f50 >> mes5/SRPMS/libarchive-2.5.5-1.2mdvmes5.2.src.rpm >> >> Mandriva Enterprise Server 5/X86_64: >> f922a9da676ae2d2de2f717bd5841c73 >> mes5/x86_64/bsdtar-2.5.5-1.2mdvmes5.2.x86_64.rpm >> 4218a2812e89dc233b1e1eeb6f407e44 >> mes5/x86_64/lib64archive2-2.5.5-1.2mdvmes5.2.x86_64.rpm >> a928fa095d7cf3f3ef5c4338b1fba506 >> mes5/x86_64/lib64archive-devel-2.5.5-1.2mdvmes5.2.x86_64.rpm >> 52d76a6e66d3e63c981b947dc8d58f50 >> mes5/SRPMS/libarchive-2.5.5-1.2mdvmes5.2.src.rpm >> >> Mandriva Business Server 1/X86_64: >> 05b377385a447c33cd6e85efeeaa4fd0 >> mbs1/x86_64/bsdcpio-3.0.3-2.1.mbs1.x86_64.rpm >> 3ff28cd1ce2047a8dfed99a978d238a2 >> mbs1/x86_64/bsdtar-3.0.3-2.1.mbs1.x86_64.rpm >> 4adb27059351ae756462e9e25c87e11e >> mbs1/x86_64/lib64archive12-3.0.3-2.1.mbs1.x86_64.rpm >> 52850e175df3b0b48a307d87c7b5f3ea >> mbs1/x86_64/lib64archive-devel-3.0.3-2.1.mbs1.x86_64.rpm >> 890acf6fa9dafa2303be49bc1d42bdf1 >> mbs1/SRPMS/libarchive-3.0.3-2.1.mbs1.src.rpm >> _______________________________________________________________________ >> >> To upgrade automatically use MandrivaUpdate or urpmi. The verification >> of md5 checksums and GPG signatures is performed automatically for you. >> >> All packages are signed by Mandriva for security. You can obtain the >> GPG public key of the Mandriva Security Team by executing: >> >> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 >> >> You can view other update advisories for Mandriva Linux at: >> >> http://www.mandriva.com/en/support/security/advisories/ >> >> If you want to report vulnerabilities, please contact >> >> security_(at)_mandriva.com >> _______________________________________________________________________ >> >> Type Bits/KeyID Date User ID >> pub 1024D/22458A98 2000-07-10 Mandriva Security Team >> <security*mandriva.com> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.12 (GNU/Linux) >> >> iD8DBQFRcTdymqjQ0CJFipgRAs/4AKC3K7COuqRwVL6Ecq8yZ8chXthyWQCg04Q5 >> PRlg9lwbUt4q80+7fmRJ8Kk= >> =jL85 >> -----END PGP SIGNATURE----- >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > > > -- > l3thal - SmashTheStack <http://smashthestack.org> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
