MDVSA-2010:225

Package name

libmbfl

Date

2010-11-09

Advisory ID

MDVSA-2010:225

Affected versions

2010.1 x86_64 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586

Problem description

A vulnerability was discovered and corrected in libmbfl (php):

* Fix bug #53273 (mb_strcut() returns garbage with the excessive
length parameter) (CVE-2010-4156).

The updated packages have been patched to correct these issues.

Updated packages

2010.1 x86_64

 a9df4c7d21e3f8219207f6964d3b5204  2010.1/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.1.x86_64.rpm
 48c2d18fa8e20f25675ceedf051a9cea  2010.1/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.1.x86_64.rpm 
 529952ef37422e1b695da38e8ab6e77a  2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm

2010.1 i586

 c2a6706a1a63f23422de732317c875b2  2010.1/i586/libmbfl1-1.1.0-0.2mdv2010.1.i586.rpm
 e61cd276bbbb67224682e0be0f518765  2010.1/i586/libmbfl-devel-1.1.0-0.2mdv2010.1.i586.rpm 
 529952ef37422e1b695da38e8ab6e77a  2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm

2010.0 x86_64

 84a2522e5d9f99c8757b264fc1ccf8bd  2010.0/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.0.x86_64.rpm
 858a213d457bc91cfb14bac8f0fca6ae  2010.0/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.0.x86_64.rpm 
 46a3d7535bbcabf299a10fc0b5611967  2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm

2010.0 i586

 a3ff784ac8c403e09c3aaa8e05eb5d11  2010.0/i586/libmbfl1-1.1.0-0.2mdv2010.0.i586.rpm
 349a58108b4f8e771417806e47d3abf8  2010.0/i586/libmbfl-devel-1.1.0-0.2mdv2010.0.i586.rpm 
 46a3d7535bbcabf299a10fc0b5611967  2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm

References

• http://bugs.php.net/bug.php?id=53273
• http://bugs.php.net/bug.php?id=49354
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156