Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Mandriva » Gda 2.0 arbitrary code execution

Gda 2.0 arbitrary code execution

Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library.

  • Vendor: Mandriva
  • Vendor ID: MDKSA-2005:203
  • Date: November 01, 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:203
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gda2.0
Date : November 1, 2005
Affected: 10.2, 2006.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

Steve Kemp discovered two format string vulnerabilities in libgda2,
the GNOME Data Access library for GNOME2, which may lead to the
execution of arbitrary code in programs that use this library.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2958
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
c2bee0812a3911016f32406c7e6b98c6 corporate/3.0/RPMS/gda2.0-1.0.3-3.2.C30mdk.i586.rpm
1c60c3861756e5f2ebec25810d698319 corporate/3.0/RPMS/gda2.0-ldap-1.0.3-3.2.C30mdk.i586.rpm
76329346f822881c283f1d80eccf0321 corporate/3.0/RPMS/gda2.0-mysql-1.0.3-3.2.C30mdk.i586.rpm
9366a1dfd24862ba1c2e785c880f42b1 corporate/3.0/RPMS/gda2.0-odbc-1.0.3-3.2.C30mdk.i586.rpm
d2eaf777cbc85fa050ea15d9483e8530 corporate/3.0/RPMS/gda2.0-postgres-1.0.3-3.2.C30mdk.i586.rpm
efb6dcf8757552aca5a2afad5e214afa corporate/3.0/RPMS/gda2.0-sqlite-1.0.3-3.2.C30mdk.i586.rpm
d19b0dc56ecc6645735e5ba4df226ea5 corporate/3.0/RPMS/libgda2.0_1-1.0.3-3.2.C30mdk.i586.rpm
04904635f832181f5f4bc13defbd2404 corporate/3.0/RPMS/libgda2.0_1-devel-1.0.3-3.2.C30mdk.i586.rpm
4ded9fd88d06c155f3fadd5438855b49 corporate/3.0/SRPMS/gda2.0-1.0.3-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
6db35535deba7751a627682f1ba77ace x86_64/corporate/3.0/RPMS/gda2.0-1.0.3-3.2.C30mdk.x86_64.rpm
f3cc7763718da0f76c3c1e9131e1b9f5 x86_64/corporate/3.0/RPMS/gda2.0-ldap-1.0.3-3.2.C30mdk.x86_64.rpm
7f01b17e60477e916f6a390b4e4b7222 x86_64/corporate/3.0/RPMS/gda2.0-mysql-1.0.3-3.2.C30mdk.x86_64.rpm
3c93f0b8fe2f90ad54c505a813a3ea4f x86_64/corporate/3.0/RPMS/gda2.0-odbc-1.0.3-3.2.C30mdk.x86_64.rpm
527ff7ccbd2af3ea24ac3f572b050de3 x86_64/corporate/3.0/RPMS/gda2.0-postgres-1.0.3-3.2.C30mdk.x86_64.rpm
cc2aead64a14a2fa99c34a572024adbe x86_64/corporate/3.0/RPMS/gda2.0-sqlite-1.0.3-3.2.C30mdk.x86_64.rpm
0eb6f8c613088bbcbb0205eec0e7374d x86_64/corporate/3.0/RPMS/lib64gda2.0_1-1.0.3-3.2.C30mdk.x86_64.rpm
c4c5b62e45e95c0142fc823e2db49b4c x86_64/corporate/3.0/RPMS/lib64gda2.0_1-devel-1.0.3-3.2.C30mdk.x86_64.rpm
4ded9fd88d06c155f3fadd5438855b49 x86_64/corporate/3.0/SRPMS/gda2.0-1.0.3-3.2.C30mdk.src.rpm

Mandriva Linux 10.2:
8581951dac7e2e51d0e583355f0c4fdf 10.2/RPMS/gda2.0-1.2.1-1.2.102mdk.i586.rpm
6df29b76c68f2dac41511f0047844a6c 10.2/RPMS/gda2.0-bdb-1.2.1-1.2.102mdk.i586.rpm
ab2a54b37f5d3a5903c13b5caf0884f1 10.2/RPMS/gda2.0-ldap-1.2.1-1.2.102mdk.i586.rpm
a46e61c38f33d3590255b349371e5dd2 10.2/RPMS/gda2.0-mysql-1.2.1-1.2.102mdk.i586.rpm
5f82b737ad1df0f5e367554a6af57d25 10.2/RPMS/gda2.0-odbc-1.2.1-1.2.102mdk.i586.rpm
9c15f2853a50a9b8ce21c99b7c357d69 10.2/RPMS/gda2.0-postgres-1.2.1-1.2.102mdk.i586.rpm
2a99984e0d3f0ed0bb77e1df0781a745 10.2/RPMS/gda2.0-sqlite-1.2.1-1.2.102mdk.i586.rpm
ac79f03faefae3d12b25a692d84aa09c 10.2/RPMS/gda2.0-xbase-1.2.1-1.2.102mdk.i586.rpm
c246c62a8b6a44bdf517fc13ab5a9629 10.2/RPMS/libgda2.0_3-1.2.1-1.2.102mdk.i586.rpm
33244d3790d14e77cf83e297d105a0e5 10.2/RPMS/libgda2.0_3-devel-1.2.1-1.2.102mdk.i586.rpm
2ae1d69e77d265b6a45701dede9187b6 10.2/SRPMS/gda2.0-1.2.1-1.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
a22c56a701d4b323cd58199bd330d358 x86_64/10.2/RPMS/gda2.0-1.2.1-1.2.102mdk.x86_64.rpm
ab86e362890a87d588c6180df048d380 x86_64/10.2/RPMS/gda2.0-bdb-1.2.1-1.2.102mdk.x86_64.rpm
e68a0231c0ed2d16c71330ab2ec0bc02 x86_64/10.2/RPMS/gda2.0-ldap-1.2.1-1.2.102mdk.x86_64.rpm
561b6118c3f60507bd1d39a61ae1d1ef x86_64/10.2/RPMS/gda2.0-mysql-1.2.1-1.2.102mdk.x86_64.rpm
9c09bdaed784668cf9326aaa25fe045e x86_64/10.2/RPMS/gda2.0-odbc-1.2.1-1.2.102mdk.x86_64.rpm
9c05d405913600ab83af41a5c43012f1 x86_64/10.2/RPMS/gda2.0-postgres-1.2.1-1.2.102mdk.x86_64.rpm
678405e55c25c6be5fd1bc7282918dab x86_64/10.2/RPMS/gda2.0-sqlite-1.2.1-1.2.102mdk.x86_64.rpm
dd2b4c22b66bfdd9e7d079fceb8052bc x86_64/10.2/RPMS/gda2.0-xbase-1.2.1-1.2.102mdk.x86_64.rpm
3ad48b3adeb00a9f9a3ea7a1c987b735 x86_64/10.2/RPMS/lib64gda2.0_3-1.2.1-1.2.102mdk.x86_64.rpm
e4d9fb39922d57f56902b721b80d7c9f x86_64/10.2/RPMS/lib64gda2.0_3-devel-1.2.1-1.2.102mdk.x86_64.rpm
2ae1d69e77d265b6a45701dede9187b6 x86_64/10.2/SRPMS/gda2.0-1.2.1-1.2.102mdk.src.rpm

Mandriva Linux 2006.0:
291823a3cf2fbd1321fafd6d465b9fbc 2006.0/RPMS/gda2.0-1.2.2-2.2.20060mdk.i586.rpm
f8c350c51a5847e02e391507f1052867 2006.0/RPMS/gda2.0-bdb-1.2.2-2.2.20060mdk.i586.rpm
dd0126df1e10c2f127ebecc5e0a1c26c 2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.i586.rpm
47e6a607eaa3738b4d07adb619232eb1 2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.i586.rpm
4d1f9d08c55ed0a195ca001996f239e3 2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.i586.rpm
e9dc80d837f6932969c3601f03707c59 2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.i586.rpm
0ec62e103852325ee70769fe2eadb6c4 2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.i586.rpm
a5d3d090e83d080ebf6a1c210aa113f1 2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.i586.rpm
a4a8ae72f7cd866183c2e8a4a2e16bd3 2006.0/RPMS/libgda2.0_3-1.2.2-2.2.20060mdk.i586.rpm
2b4c20ea0a38bf22c5aa31da3cd8884f 2006.0/RPMS/libgda2.0_3-devel-1.2.2-2.2.20060mdk.i586.rpm
16c1de82d2b1996adeb4577b1ff9cdcd 2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
36a04443e670524ae0c4d93bf0752e9f x86_64/2006.0/RPMS/gda2.0-1.2.2-2.2.20060mdk.x86_64.rpm
d2fecb3c702f5c764c6a67c85e36e448 x86_64/2006.0/RPMS/gda2.0-bdb-1.2.2-2.2.20060mdk.x86_64.rpm
44171de894c358c5bd3d4301b488170e x86_64/2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.x86_64.rpm
863aacd7318479757dc2d2e1ed238418 x86_64/2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.x86_64.rpm
a82c2fceef36372b1fc17086b6237293 x86_64/2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.x86_64.rpm
067f1f9a633b3e2dbe8ca08591d48642 x86_64/2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.x86_64.rpm
4b257c7716b6eefcfb0fec95732975a0 x86_64/2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.x86_64.rpm
9fef9fad9b8d98708c30c87b4bfdbece x86_64/2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.x86_64.rpm
84787803035a7d1ee2bb7b12775ea9f0 x86_64/2006.0/RPMS/lib64gda2.0_3-1.2.2-2.2.20060mdk.x86_64.rpm
3037e49d4a6f17e6b752fcff37f05986 x86_64/2006.0/RPMS/lib64gda2.0_3-devel-1.2.2-2.2.20060mdk.x86_64.rpm
16c1de82d2b1996adeb4577b1ff9cdcd x86_64/2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDZ/iMmqjQ0CJFipgRAsECAJ9a/c0Go4Yy9/+4hY/DWo72IrpRSgCgnX3g
zDqRFrxHNRzw/J1onPK4fc0=
=NhHM
-----END PGP SIGNATURE-----

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »