Wiki » Support/Advisories/MGASA-2012-0220

MGASA-2012-0220

Date:	August 18th, 2012
Affected releases:	1, 2

Description:
Updated arora and psi packages fix security vulnerability:

Arora, possibly 0.11 and other versions, does not use a certain font
when rendering certificate fields in a security dialog, which allows
remote attackers to spoof the common name (CN) of a certificate via
rich text (CVE-2011-3367).

Psi is also affected by this vulnerability and has been patched as well.

Finally, qca2 in Mageia 2 has been fixed so that Psi will build with it.

Updated Packages:
Mageia 1:
arora-0.11.0-2.1.mga1
psi-0.14-8.1.mga1
psi-iconsets-0.14-8.1.mga1
psi-lang-pack-cs-0.14-8.1.mga1
psi-lang-pack-be-0.14-8.1.mga1
psi-lang-pack-de-0.14-8.1.mga1
psi-lang-pack-en-0.14-8.1.mga1
psi-lang-pack-es-0.14-8.1.mga1
psi-lang-pack-fr-0.14-8.1.mga1
psi-lang-pack-it-0.14-8.1.mga1
psi-lang-pack-ja-0.14-8.1.mga1
psi-lang-pack-mk-0.14-8.1.mga1
psi-lang-pack-pl-0.14-8.1.mga1
psi-lang-pack-pt_br-0.14-8.1.mga1
psi-lang-pack-ru-0.14-8.1.mga1
psi-lang-pack-sl-0.14-8.1.mga1
psi-lang-pack-sv-0.14-8.1.mga1
psi-lang-pack-ur_PK-0.14-8.1.mga1
psi-lang-pack-zh-0.14-8.1.mga1
psi-smileysets-0.14-8.1.mga1

Mageia 2:
arora-0.11.0-5.1.mga2
psi-0.14-9.1.mga2
psi-iconsets-0.14-9.1.mga2
psi-lang-pack-be-0.14-9.1.mga2
psi-lang-pack-cs-0.14-9.1.mga2
psi-lang-pack-de-0.14-9.1.mga2
psi-lang-pack-en-0.14-9.1.mga2
psi-lang-pack-es-0.14-9.1.mga2
psi-lang-pack-fr-0.14-9.1.mga2
psi-lang-pack-mk-0.14-9.1.mga2
psi-lang-pack-it-0.14-9.1.mga2
psi-lang-pack-ja-0.14-9.1.mga2
psi-lang-pack-pl-0.14-9.1.mga2
psi-lang-pack-pt_br-0.14-9.1.mga2
psi-lang-pack-ru-0.14-9.1.mga2
psi-lang-pack-sl-0.14-9.1.mga2
psi-lang-pack-sv-0.14-9.1.mga2
psi-lang-pack-ur_PK-0.14-9.1.mga2
psi-lang-pack-zh-0.14-9.1.mga2
psi-smileysets-0.14-9.1.mga2
qca2-2.0.3-2.1.mga2
qca2-plugin-cyrus-sasl-2.0.3-2.1.mga2
qca2-plugin-gcrypt-2.0.3-2.1.mga2
qca2-plugin-gnupg-2.0.3-2.1.mga2
qca2-plugin-logger-2.0.3-2.1.mga2
qca2-plugin-nss-2.0.3-2.1.mga2
qca2-plugin-openssl-2.0.3-2.1.mga2
qca2-plugin-pkcs11-2.0.3-2.1.mga2
qca2-plugin-softstore-2.0.3-2.1.mga2
lib(64)qca2-2.0.3-2.1.mga2
lib(64)qca-devel-2.0.3-2.1.mga2

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3367
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070892.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070582.html
https://bugs.mageia.org/show_bug.cgi?id=7002

Wiki » Support/Advisories/MGASA-2012-0220

MGASA-2012-0220

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools