-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:225 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libmbfl Date : November 9, 2010 Affected: 2010.0, 2010.1 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in libmbfl (php): * Fix bug #53273 (mb_strcut() returns garbage with the excessive length parameter) (CVE-2010-4156). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156 http://bugs.php.net/bug.php?id=49354 http://bugs.php.net/bug.php?id=53273 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: a3ff784ac8c403e09c3aaa8e05eb5d11 2010.0/i586/libmbfl1-1.1.0-0.2mdv2010.0.i586.rpm 349a58108b4f8e771417806e47d3abf8 2010.0/i586/libmbfl-devel-1.1.0-0.2mdv2010.0.i586.rpm 46a3d7535bbcabf299a10fc0b5611967 2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 84a2522e5d9f99c8757b264fc1ccf8bd 2010.0/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.0.x86_64.rpm 858a213d457bc91cfb14bac8f0fca6ae 2010.0/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.0.x86_64.rpm 46a3d7535bbcabf299a10fc0b5611967 2010.0/SRPMS/libmbfl-1.1.0-0.2mdv2010.0.src.rpm Mandriva Linux 2010.1: c2a6706a1a63f23422de732317c875b2 2010.1/i586/libmbfl1-1.1.0-0.2mdv2010.1.i586.rpm e61cd276bbbb67224682e0be0f518765 2010.1/i586/libmbfl-devel-1.1.0-0.2mdv2010.1.i586.rpm 529952ef37422e1b695da38e8ab6e77a 2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: a9df4c7d21e3f8219207f6964d3b5204 2010.1/x86_64/lib64mbfl1-1.1.0-0.2mdv2010.1.x86_64.rpm 48c2d18fa8e20f25675ceedf051a9cea 2010.1/x86_64/lib64mbfl-devel-1.1.0-0.2mdv2010.1.x86_64.rpm 529952ef37422e1b695da38e8ab6e77a 2010.1/SRPMS/libmbfl-1.1.0-0.2mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM2ZuOmqjQ0CJFipgRAlIeAJ459YXySExGECX+EYkPzRXQOQSyrACgzTrQ 3ax4hSV/YDfaKxuixKkGBR8= =KCQC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/