-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:209 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsmi Date : October 22, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitraty code execution (CVE-2010-2891). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2891 http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 230070b589c65215e5c2462463cb7280 2009.0/i586/libsmi2-0.4.8-2.1mdv2009.0.i586.rpm 27ef87b85757b01b77be1cda5a198b34 2009.0/i586/libsmi-devel-0.4.8-2.1mdv2009.0.i586.rpm c48898a4d4e851a11978caf4b8395035 2009.0/i586/libsmi-mibs-ext-0.4.8-2.1mdv2009.0.i586.rpm ae5df441f158148e1e57347ef68cd886 2009.0/i586/libsmi-mibs-std-0.4.8-2.1mdv2009.0.i586.rpm d01c84bbc5e6d56bb7396471c551084c 2009.0/i586/smi-tools-0.4.8-2.1mdv2009.0.i586.rpm fdeeda9fd49068794ee90be9d3dddc0b 2009.0/SRPMS/libsmi-0.4.8-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: bf768c77731e82ecb9a7c4a45d27975a 2009.0/x86_64/lib64smi2-0.4.8-2.1mdv2009.0.x86_64.rpm b09420d25560cc97549d084886bb340b 2009.0/x86_64/lib64smi-devel-0.4.8-2.1mdv2009.0.x86_64.rpm b08a913fefdf57efe581099998677fab 2009.0/x86_64/libsmi-mibs-ext-0.4.8-2.1mdv2009.0.x86_64.rpm 4025d3e79d863b2dfb7a40caa32e6697 2009.0/x86_64/libsmi-mibs-std-0.4.8-2.1mdv2009.0.x86_64.rpm 3370c7c4b7aa20513c9a0a54ed67c6b2 2009.0/x86_64/smi-tools-0.4.8-2.1mdv2009.0.x86_64.rpm fdeeda9fd49068794ee90be9d3dddc0b 2009.0/SRPMS/libsmi-0.4.8-2.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 23bcdfc5e4ee3ce28137594d9eb65ce9 2009.1/i586/libsmi2-0.4.8-2.1mdv2009.1.i586.rpm 6599eda64457ef7b1cf29fa3dcdb5ce6 2009.1/i586/libsmi-devel-0.4.8-2.1mdv2009.1.i586.rpm d468ad3f6273e03436a365149c362769 2009.1/i586/libsmi-mibs-ext-0.4.8-2.1mdv2009.1.i586.rpm 6f6c526d5c644f291503c26e2587c9bf 2009.1/i586/libsmi-mibs-std-0.4.8-2.1mdv2009.1.i586.rpm a8d8658729676ed8b580c3ec7d10a20b 2009.1/i586/smi-tools-0.4.8-2.1mdv2009.1.i586.rpm 105620bf63d91960d4b7f37ebfe3ac20 2009.1/SRPMS/libsmi-0.4.8-2.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: bb8f235d85d96d3d62c0e9c8fa9eb627 2009.1/x86_64/lib64smi2-0.4.8-2.1mdv2009.1.x86_64.rpm 52b773ca8e2357b8f431a7d5bdfac23f 2009.1/x86_64/lib64smi-devel-0.4.8-2.1mdv2009.1.x86_64.rpm 3ce3f55a6a0ffc31533a74dfee891529 2009.1/x86_64/libsmi-mibs-ext-0.4.8-2.1mdv2009.1.x86_64.rpm a32b5ea9bf1696e153a7e4458ad9af23 2009.1/x86_64/libsmi-mibs-std-0.4.8-2.1mdv2009.1.x86_64.rpm 98d7fdce1fba4411d53ecf7ea27d9cfc 2009.1/x86_64/smi-tools-0.4.8-2.1mdv2009.1.x86_64.rpm 105620bf63d91960d4b7f37ebfe3ac20 2009.1/SRPMS/libsmi-0.4.8-2.1mdv2009.1.src.rpm Mandriva Linux 2010.0: d13a39dcf5ee9be9fb667f7692491063 2010.0/i586/libsmi2-0.4.8-4.1mdv2010.0.i586.rpm beffc6933095ee39d9c3c3cf6c54b1e9 2010.0/i586/libsmi-devel-0.4.8-4.1mdv2010.0.i586.rpm 21dce9fd5be4444edafd5987c818a443 2010.0/i586/libsmi-mibs-ext-0.4.8-4.1mdv2010.0.i586.rpm 82192daea352c5a59fbb360244ce75de 2010.0/i586/libsmi-mibs-std-0.4.8-4.1mdv2010.0.i586.rpm 4e2f59c6cff179e2d99feb43e99f1b99 2010.0/i586/smi-tools-0.4.8-4.1mdv2010.0.i586.rpm ffd1804f2ebdebcd9e2782e54a9b5ff7 2010.0/SRPMS/libsmi-0.4.8-4.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 7e6a22aff548103c54dd9bb8c52af3d7 2010.0/x86_64/lib64smi2-0.4.8-4.1mdv2010.0.x86_64.rpm 0c8fe479f949478c854bb2b3bb7124c2 2010.0/x86_64/lib64smi-devel-0.4.8-4.1mdv2010.0.x86_64.rpm 871fdd4f8067444f07d3b4a93877035e 2010.0/x86_64/libsmi-mibs-ext-0.4.8-4.1mdv2010.0.x86_64.rpm ace6aa0ec8efc29c5d5394bca4162b5d 2010.0/x86_64/libsmi-mibs-std-0.4.8-4.1mdv2010.0.x86_64.rpm 0b1486fe89a86d57a4d8d7f80935f91b 2010.0/x86_64/smi-tools-0.4.8-4.1mdv2010.0.x86_64.rpm ffd1804f2ebdebcd9e2782e54a9b5ff7 2010.0/SRPMS/libsmi-0.4.8-4.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 1bd1d0260b4c3430cea874710de69c76 2010.1/i586/libsmi2-0.4.8-5.1mdv2010.1.i586.rpm 17836a29f1e41c7550d4f006dc6e21f7 2010.1/i586/libsmi-devel-0.4.8-5.1mdv2010.1.i586.rpm 741e23825bd87ea4add768ae88bd67b4 2010.1/i586/libsmi-mibs-ext-0.4.8-5.1mdv2010.1.i586.rpm 84c3ef577b615a2828bc644b3f1d9d98 2010.1/i586/libsmi-mibs-std-0.4.8-5.1mdv2010.1.i586.rpm 5c23ffa2845da3fcc9d59ba41a22c269 2010.1/i586/smi-tools-0.4.8-5.1mdv2010.1.i586.rpm c9588e965aefaa2e5ddc39d6e7f7713c 2010.1/SRPMS/libsmi-0.4.8-5.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: c6777ab02c60d4549d74c15015d93e02 2010.1/x86_64/lib64smi2-0.4.8-5.1mdv2010.1.x86_64.rpm 00b30d703b73842652fbf0758f991281 2010.1/x86_64/lib64smi-devel-0.4.8-5.1mdv2010.1.x86_64.rpm d6cf003e92a76144cf497586a1ec5b59 2010.1/x86_64/libsmi-mibs-ext-0.4.8-5.1mdv2010.1.x86_64.rpm 00d65925c8b3b1e2a21cb7231e04b27c 2010.1/x86_64/libsmi-mibs-std-0.4.8-5.1mdv2010.1.x86_64.rpm c44af803b1cb2fce19f455f1230da5ef 2010.1/x86_64/smi-tools-0.4.8-5.1mdv2010.1.x86_64.rpm c9588e965aefaa2e5ddc39d6e7f7713c 2010.1/SRPMS/libsmi-0.4.8-5.1mdv2010.1.src.rpm Corporate 4.0: 1f8a73696ff4766dd4a0cf53c79bd09c corporate/4.0/i586/libsmi2-0.4.5-2.3.20060mlcs4.i586.rpm 83ab7c05d9cf4422b3f9a22aedafd1bf corporate/4.0/i586/libsmi2-devel-0.4.5-2.3.20060mlcs4.i586.rpm 9ebd6ecd1dd8c5aa323c93be1c0859b3 corporate/4.0/i586/libsmi-mibs-ext-0.4.5-2.3.20060mlcs4.i586.rpm bcb4ff461a4eee3cf85843bcaf3fc6f7 corporate/4.0/i586/libsmi-mibs-std-0.4.5-2.3.20060mlcs4.i586.rpm e0dd2baeb56cc48e3143070861ae6d43 corporate/4.0/i586/smi-tools-0.4.5-2.3.20060mlcs4.i586.rpm ca58a4a14d8875aae2d7534de788cc2a corporate/4.0/SRPMS/libsmi-0.4.5-2.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: e330dbcba0b5b2f1354a94153ac59370 corporate/4.0/x86_64/lib64smi2-0.4.5-2.3.20060mlcs4.x86_64.rpm 9f5464d76dc8aaf14f3c24c8ee5e6d93 corporate/4.0/x86_64/lib64smi2-devel-0.4.5-2.3.20060mlcs4.x86_64.rpm 280aade34924d98e4aebf24227ed18fd corporate/4.0/x86_64/libsmi-mibs-ext-0.4.5-2.3.20060mlcs4.x86_64.rpm e1e9fad149d72362c9600d5b891fc672 corporate/4.0/x86_64/libsmi-mibs-std-0.4.5-2.3.20060mlcs4.x86_64.rpm 19557315a433d0e634e18d71b1f5cd72 corporate/4.0/x86_64/smi-tools-0.4.5-2.3.20060mlcs4.x86_64.rpm ca58a4a14d8875aae2d7534de788cc2a corporate/4.0/SRPMS/libsmi-0.4.5-2.3.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 233d105ea7b62413f87ad041358af3eb mes5/i586/libsmi2-0.4.8-2.1mdvmes5.1.i586.rpm 1c4a556840f3befebaa79433e82348d1 mes5/i586/libsmi-devel-0.4.8-2.1mdvmes5.1.i586.rpm ae5c75fe6184527c54da68d606b31c50 mes5/i586/libsmi-mibs-ext-0.4.8-2.1mdvmes5.1.i586.rpm 5c8efd8d61c5e20ac2958975c53d426a mes5/i586/libsmi-mibs-std-0.4.8-2.1mdvmes5.1.i586.rpm 64749e85dc86d9380efec8de71df0680 mes5/i586/smi-tools-0.4.8-2.1mdvmes5.1.i586.rpm 78f0ce7101f8496a42bcec21d82f1134 mes5/SRPMS/libsmi-0.4.8-2.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 87a1f1574fb1171dc4626b5e7f011bc4 mes5/x86_64/lib64smi2-0.4.8-2.1mdvmes5.1.x86_64.rpm 91167084826ef9ebba5704c13965a2c1 mes5/x86_64/lib64smi-devel-0.4.8-2.1mdvmes5.1.x86_64.rpm 80ce7cb5dca99b590c0af17ae65b725f mes5/x86_64/libsmi-mibs-ext-0.4.8-2.1mdvmes5.1.x86_64.rpm 077cd357800bcac35820bf037d313222 mes5/x86_64/libsmi-mibs-std-0.4.8-2.1mdvmes5.1.x86_64.rpm 20aedc7ef1dac2ad6e53838ccc6399dc mes5/x86_64/smi-tools-0.4.8-2.1mdvmes5.1.x86_64.rpm 78f0ce7101f8496a42bcec21d82f1134 mes5/SRPMS/libsmi-0.4.8-2.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMwaGpmqjQ0CJFipgRAp3EAJ9X4+XfMgi77RfFLgsFkxq/WbRyhgCg4Uz3 BGAY2RaRcg1L8jzy7OyN/+w= =XAf1 -----END PGP SIGNATURE-----