Updated wv packages fix vulnerability

[mystified]

Mandrakesoft Security Advisories

 

Package name wv

Date July 29th, 2004

Advisory ID MDKSA-2004:077

Affected versions 9.2, 10.0

Synopsis Updated wv packages fix vulnerability

 

 

Problem Description

 

iDefense discovered a buffer overflow vulnerability in the wv package which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application.

 

The updated packages are patched to protect against this problem.

 

 

Updated Packages

 

 

Mandrakelinux 9.2

 

dcf67ddd72cc96ea526d4189dce93edb 9.2/RPMS/libwv-1.0_0-1.0.0-1.1.92mdk.i586.rpm

d9c0629e2c8921a93290aede1b5158f9 9.2/RPMS/libwv-1.0_0-devel-1.0.0-1.1.92mdk.i586.rpm

fa6f235b5934c40af8cb087394bcdefc 9.2/RPMS/wv-1.0.0-1.1.92mdk.i586.rpm

ef345c688ddb57bdbadba00a5b924c79 9.2/SRPMS/wv-1.0.0-1.1.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

a23f13d265c1916c45c514798a37aaad amd64/9.2/RPMS/lib64wv-1.0_0-1.0.0-1.1.92mdk.amd64.rpm

9ca5b4da978fb5c7908cd52018f6e191 amd64/9.2/RPMS/lib64wv-1.0_0-devel-1.0.0-1.1.92mdk.amd64.rpm

568e4b5933ceed44a7c7b30dfff15f80 amd64/9.2/RPMS/wv-1.0.0-1.1.92mdk.amd64.rpm

ef345c688ddb57bdbadba00a5b924c79 amd64/9.2/SRPMS/wv-1.0.0-1.1.92mdk.src.rpm

 

Mandrakelinux 10.0

 

7bc8b712dbb5ca6592de05341b6d1489 10.0/RPMS/libwv-1.0_0-1.0.0-1.1.100mdk.i586.rpm

bec8e09ab3be99e622bd62cf6c0cf3df 10.0/RPMS/libwv-1.0_0-devel-1.0.0-1.1.100mdk.i586.rpm

e9795464f2baa0bb36ea2f15d7e420c6 10.0/RPMS/wv-1.0.0-1.1.100mdk.i586.rpm

10a630945f35b4a90f36a6270d98d241 10.0/SRPMS/wv-1.0.0-1.1.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

e3072c5942b032b547b04dd10a442826 amd64/10.0/RPMS/lib64wv-1.0_0-1.0.0-1.1.100mdk.amd64.rpm

8b369ac8db42130442c003cb7229a7d1 amd64/10.0/RPMS/lib64wv-1.0_0-devel-1.0.0-1.1.100mdk.amd64.rpm

98c5fa468e3815501058461213bb7da7 amd64/10.0/RPMS/wv-1.0.0-1.1.100mdk.amd64.rpm

10a630945f35b4a90f36a6270d98d241 amd64/10.0/SRPMS/wv-1.0.0-1.1.100mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645

http://www.idefense.com/application/poi/di...lashstatus=true

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.