Mandriva Linux Security Advisory 2012-061 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.
6c937a56998bb864b9de64f9b4c8402abef0fa2c6c10daab783db4ac0f50a28f-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:061
http://www.mandriva.com/security/
_______________________________________________________________________
Package : raptor
Date : April 21, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
An XML External Entity expansion flaw was found in the way Raptor
processed RDF files. If an application linked against Raptor were to
open a specially-crafted RDF file, it could possibly allow a remote
attacker to obtain a copy of an arbitrary local file that the user
running the application had access to. A bug in the way Raptor handled
external entities could cause that application to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application (CVE-2012-0037).
The updated packages have been patched to correct this issue.
raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version
which is not vulnerable to this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037
http://www.libreoffice.org/advisories/CVE-2012-0037/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
24ec3d87dd77462b556f86859840eae1 2010.1/i586/libraptor1-1.4.21-5.1mdv2010.2.i586.rpm
85d61e2cd9d054d9da9211f4fa342f69 2010.1/i586/libraptor-devel-1.4.21-5.1mdv2010.2.i586.rpm
e8b11b034af2de18b785e82cb4a30660 2010.1/i586/raptor-1.4.21-5.1mdv2010.2.i586.rpm
4379f2bfca9cfc03d297058d9635156a 2010.1/SRPMS/raptor-1.4.21-5.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
44aa890dd881c56e92f2b3983f4bc686 2010.1/x86_64/lib64raptor1-1.4.21-5.1mdv2010.2.x86_64.rpm
068c7d529fb465a3238f51179651ba2f 2010.1/x86_64/lib64raptor-devel-1.4.21-5.1mdv2010.2.x86_64.rpm
76bf6ce10c21fcc1c5f27e39d08b260d 2010.1/x86_64/raptor-1.4.21-5.1mdv2010.2.x86_64.rpm
4379f2bfca9cfc03d297058d9635156a 2010.1/SRPMS/raptor-1.4.21-5.1mdv2010.2.src.rpm
Mandriva Linux 2011:
e94c657f023e62cd238ea2f83ae0d88a 2011/i586/libraptor1-1.4.21-5.1-mdv2011.0.i586.rpm
79e92a9a81648805e7ae4cb28eb888f2 2011/i586/libraptor2_0-2.0.7-0.1-mdv2011.0.i586.rpm
11eef49d485d71baf0a11b66b48db345 2011/i586/libraptor2-devel-2.0.7-0.1-mdv2011.0.i586.rpm
ae76f3b8f48824daa66675f4fc007235 2011/i586/libraptor-devel-1.4.21-5.1-mdv2011.0.i586.rpm
9a42145d50101d1b3f8348808638240a 2011/i586/raptor-1.4.21-5.1-mdv2011.0.i586.rpm
6c528626b8a2602fdcb1761eac68e25e 2011/i586/raptor2-2.0.7-0.1-mdv2011.0.i586.rpm
7adcdbaed9ca771c734765e9ed92e8c4 2011/SRPMS/raptor-1.4.21-5.1.src.rpm
404f1edc446a93566026bbee0fbc8210 2011/SRPMS/raptor2-2.0.7-0.1.src.rpm
Mandriva Linux 2011/X86_64:
c4c7ac5bf156c0d3f9bb1fd5740f347f 2011/x86_64/lib64raptor1-1.4.21-5.1-mdv2011.0.x86_64.rpm
83b05b1707a083e7cf76c67d5f646320 2011/x86_64/lib64raptor2_0-2.0.7-0.1-mdv2011.0.x86_64.rpm
f6c697b5e8ee115eb4e318a886105c35 2011/x86_64/lib64raptor2-devel-2.0.7-0.1-mdv2011.0.x86_64.rpm
aba11394c42aed7d4f99200900723837 2011/x86_64/lib64raptor-devel-1.4.21-5.1-mdv2011.0.x86_64.rpm
f557b8057cb4b8aa371f48626d8e2c11 2011/x86_64/raptor-1.4.21-5.1-mdv2011.0.x86_64.rpm
f7b4e5e149fb3d338c85eef948e16b27 2011/x86_64/raptor2-2.0.7-0.1-mdv2011.0.x86_64.rpm
7adcdbaed9ca771c734765e9ed92e8c4 2011/SRPMS/raptor-1.4.21-5.1.src.rpm
404f1edc446a93566026bbee0fbc8210 2011/SRPMS/raptor2-2.0.7-0.1.src.rpm
Mandriva Enterprise Server 5:
5d0221fba67389461f2808a8c1cf93fd mes5/i586/libraptor1-1.4.18-3.1mdvmes5.2.i586.rpm
777bcd9d7035fcec459c2b0848ccb660 mes5/i586/libraptor-devel-1.4.18-3.1mdvmes5.2.i586.rpm
56c867304527d1b6ba5980b7d5c6e354 mes5/i586/raptor-1.4.18-3.1mdvmes5.2.i586.rpm
5d90acb0be0fd63e90a5dec62a19dfdc mes5/SRPMS/raptor-1.4.18-3.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
4680f20036dc383367955faab0ffb028 mes5/x86_64/lib64raptor1-1.4.18-3.1mdvmes5.2.x86_64.rpm
f40ea3da4964474fcf1acab58511d59b mes5/x86_64/lib64raptor-devel-1.4.18-3.1mdvmes5.2.x86_64.rpm
593bb4d51e183ea45d416ff90ff4cb07 mes5/x86_64/raptor-1.4.18-3.1mdvmes5.2.x86_64.rpm
5d90acb0be0fd63e90a5dec62a19dfdc mes5/SRPMS/raptor-1.4.18-3.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPkp0nmqjQ0CJFipgRAvUfAKCOqVsQF5ZKvywfrhq83Sa0vBo7TwCfTD7R
M+UaIWCajC9axOQi1nshPRA=
=Sy3/
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed