-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:213-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wxgtk Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 (CVE-2009-3720). This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 https://bugs.gentoo.org/show_bug.cgi?id=280615 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: c9debad43de2a2c609d5a3c9ad4aaf34 2008.0/i586/libwxgtk2.6-2.6.4-13.1mdv2008.0.i586.rpm 491857bb1aad3f767ae0a35a520042b5 2008.0/i586/libwxgtk2.6-devel-2.6.4-13.1mdv2008.0.i586.rpm 690203005f06910fdfc31c574a17995e 2008.0/i586/libwxgtk2.8-2.8.4-3.1mdv2008.0.i586.rpm 0c8f966ccc7acc4b273be05638f2c9dd 2008.0/i586/libwxgtk2.8-devel-2.8.4-3.1mdv2008.0.i586.rpm dda489d2d549b7060cbc141933d09366 2008.0/i586/libwxgtkgl2.6-2.6.4-13.1mdv2008.0.i586.rpm b1d340906398d68456781d021a05b119 2008.0/i586/libwxgtkgl2.8-2.8.4-3.1mdv2008.0.i586.rpm 7386ef8e1b19838621bc268e80bf2abf 2008.0/i586/libwxgtkglu2.6-2.6.4-13.1mdv2008.0.i586.rpm 9b4af47cb5dc5e4a10a3ca3cdfbfc084 2008.0/i586/libwxgtkglu2.8-2.8.4-3.1mdv2008.0.i586.rpm 54bdfb189c7ab70e1629958030ba8d34 2008.0/i586/libwxgtku2.6-2.6.4-13.1mdv2008.0.i586.rpm bf2b2694cd8c99dd213c08f06dd923ce 2008.0/i586/libwxgtku2.6-devel-2.6.4-13.1mdv2008.0.i586.rpm b4416dee9d8bfa5e1d65771843f4e9e7 2008.0/i586/libwxgtku2.8-2.8.4-3.1mdv2008.0.i586.rpm b715314accdddc8c012ac3b2ced2e7b7 2008.0/i586/libwxgtku2.8-devel-2.8.4-3.1mdv2008.0.i586.rpm d95938c1c8dbd4ff1e08587c4a75dc38 2008.0/i586/wxGTK2.6-2.6.4-13.1mdv2008.0.i586.rpm 9a351f86e1706c23445fcff5231abb8e 2008.0/i586/wxgtk2.8-2.8.4-3.1mdv2008.0.i586.rpm f2947e0187a27f7c570d313ec4fb2411 2008.0/SRPMS/wxGTK2.6-2.6.4-13.1mdv2008.0.src.rpm 8a65fa3754ca2129eeae76231cc562b0 2008.0/SRPMS/wxgtk2.8-2.8.4-3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 412be44c2d4376c1b1296e976d3aa688 2008.0/x86_64/lib64wxgtk2.6-2.6.4-13.1mdv2008.0.x86_64.rpm f1c13be1aefcb16711252b373ccf48b0 2008.0/x86_64/lib64wxgtk2.6-devel-2.6.4-13.1mdv2008.0.x86_64.rpm b0ddb173a329771c54e7fc7c9b6b6743 2008.0/x86_64/lib64wxgtk2.8-2.8.4-3.1mdv2008.0.x86_64.rpm af4405937400de5419440c74dac5c5b9 2008.0/x86_64/lib64wxgtk2.8-devel-2.8.4-3.1mdv2008.0.x86_64.rpm 8d57420c4a5490ad9d9d35eb808b9979 2008.0/x86_64/lib64wxgtkgl2.6-2.6.4-13.1mdv2008.0.x86_64.rpm d37432dc3d9c812a7db68e321e08e5d6 2008.0/x86_64/lib64wxgtkgl2.8-2.8.4-3.1mdv2008.0.x86_64.rpm c8cfba5e929c3aa0961063ba4b7adf83 2008.0/x86_64/lib64wxgtkglu2.6-2.6.4-13.1mdv2008.0.x86_64.rpm e8738253d90108918ea44b386a590782 2008.0/x86_64/lib64wxgtkglu2.8-2.8.4-3.1mdv2008.0.x86_64.rpm 0c1971f51c8de5eee74584cc91da9c9d 2008.0/x86_64/lib64wxgtku2.6-2.6.4-13.1mdv2008.0.x86_64.rpm 39e4a8eb50a0bfad249492b9bc1b3ef9 2008.0/x86_64/lib64wxgtku2.6-devel-2.6.4-13.1mdv2008.0.x86_64.rpm b71011075bf441c0d09fca612376dd28 2008.0/x86_64/lib64wxgtku2.8-2.8.4-3.1mdv2008.0.x86_64.rpm e3ef0474af6e94653b1291fbedd50ef5 2008.0/x86_64/lib64wxgtku2.8-devel-2.8.4-3.1mdv2008.0.x86_64.rpm e37ac1c0f99af42ac9641d786ffc30f8 2008.0/x86_64/wxGTK2.6-2.6.4-13.1mdv2008.0.x86_64.rpm 42dbbaef3787bd36c087cdb67deca94b 2008.0/x86_64/wxgtk2.8-2.8.4-3.1mdv2008.0.x86_64.rpm f2947e0187a27f7c570d313ec4fb2411 2008.0/SRPMS/wxGTK2.6-2.6.4-13.1mdv2008.0.src.rpm 8a65fa3754ca2129eeae76231cc562b0 2008.0/SRPMS/wxgtk2.8-2.8.4-3.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGOkvmqjQ0CJFipgRAql9AJ0cNi0pwAEKmSh3C95G6A4sVfwWpgCg5yii zkLvSyTr5e+d1LO84/F9sq4= =gj94 -----END PGP SIGNATURE-----