|
|
| Problem Description |
Stack-based buffer overflow in the glibtop_get_proc_map_s function in
libgtop before 2.14.6 (libgtop2) allows local users to cause a denial
of service (crash) and possibly execute arbitrary code via a process
with a long filename that is mapped in its address space, which
triggers the overflow in gnome-system-monitor.
The updated packages have been patched to correct this problem.
| Updated Packages |
Mandriva Linux 2007
9a42ece573e6285e548d3611d905962b 2007.0/i586/libgtop2-2.14.3-1.1mdv2007.0.i586.rpm 015d57a79518ea22832f6fbda39271a2 2007.0/i586/libgtop2.0_7-2.14.3-1.1mdv2007.0.i586.rpm 90c71d829f0ecf9a190cd6f883d7641d 2007.0/i586/libgtop2.0_7-devel-2.14.3-1.1mdv2007.0.i586.rpm d814d8ae476947ff129624b4bbf3c468 2007.0/SRPMS/libgtop2-2.14.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
6c29e33986f8edcb030c51c2a3f11284 2007.0/x86_64/lib64gtop2.0_7-2.14.3-1.1mdv2007.0.x86_64.rpm 7686a3045392d92d1f8a0e3e481b2172 2007.0/x86_64/lib64gtop2.0_7-devel-2.14.3-1.1mdv2007.0.x86_64.rpm fd1b70ddc81ee08e70661710883255d5 2007.0/x86_64/libgtop2-2.14.3-1.1mdv2007.0.x86_64.rpm d814d8ae476947ff129624b4bbf3c468 2007.0/SRPMS/libgtop2-2.14.3-1.1mdv2007.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0235
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.