MDKSA-2006:220

Package name

libgsf

Date

2006-11-30

Advisory ID

MDKSA-2006:220

Affected versions

CS3.0 i586 , CS3.0 x86_64 , 2007.0 x86_64 , 2007.0 i586

Problem description

"infamous41md" discovered a heap buffer overflow vulnerability in
libgsf, a GNOME library for reading and writing structured file
formats, which could lead to the execution of arbitrary code.

The updated packages have been patched to correct this problem.

Updated packages

CS3.0 i586

 c059f972836144253da330f8db5387a3  corporate/3.0/i586/libgsf-1_1-1.8.2-1.1.C30mdk.i586.rpm
 9f9fd3e74c9ec2ee6a79937d4740321c  corporate/3.0/i586/libgsf-1_1-devel-1.8.2-1.1.C30mdk.i586.rpm 
 36f8c30001d414877e819c439143a696  corporate/3.0/SRPMS/libgsf-1.8.2-1.1.C30mdk.src.rpm

CS3.0 x86_64

 1a2bef3524a009d553419b159d80f781  corporate/3.0/x86_64/lib64gsf-1_1-1.8.2-1.1.C30mdk.x86_64.rpm
 f2e48664350fd62e2b12dc77abe11a46  corporate/3.0/x86_64/lib64gsf-1_1-devel-1.8.2-1.1.C30mdk.x86_64.rpm 
 36f8c30001d414877e819c439143a696  corporate/3.0/SRPMS/libgsf-1.8.2-1.1.C30mdk.src.rpm

2007.0 x86_64

 003d7db8087dc2e8b1773011e6d4847a  2007.0/x86_64/lib64gsf-1_114-1.14.1-2.1mdv2007.0.x86_64.rpm
 583a7f1fdd9b0c92b2ff6d64b18b08b4  2007.0/x86_64/lib64gsf-1_114-devel-1.14.1-2.1mdv2007.0.x86_64.rpm
 1e676f26116db9f4a392d2719db228d5  2007.0/x86_64/libgsf-1.14.1-2.1mdv2007.0.x86_64.rpm 
 029b6965cd0d3c6ea198e9ac601fb972  2007.0/SRPMS/libgsf-1.14.1-2.1mdv2007.0.src.rpm

2007.0 i586

 e2a8d38173f4d4eaf630779b212b9ecf  2007.0/i586/libgsf-1_114-1.14.1-2.1mdv2007.0.i586.rpm
 0874198afe21dd57b297614d0451416c  2007.0/i586/libgsf-1_114-devel-1.14.1-2.1mdv2007.0.i586.rpm
 5d46cfd87b088be65ac564b4208d3780  2007.0/i586/libgsf-1.14.1-2.1mdv2007.0.i586.rpm 
 029b6965cd0d3c6ea198e9ac601fb972  2007.0/SRPMS/libgsf-1.14.1-2.1mdv2007.0.src.rpm

References

• http://www.debian.org/security/2006/dsa-1221
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4514