Jump to content

paul

Admin
  • Posts

    5611
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by paul

  1. update bacula version (from 3.0.2 to 3.0.3) and add Bweb interface. Add the new dependency javascript-libs-extjs (needed for bweb).
  2. This is a maintenance and bugfix release of firefox that upgrades firefox to the 3.6.12 version and adds missing localization packages for the Georgian, Kurdish, Occitan and Serbian languages. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates.
  3. paul

    mageiausers.org

    ur naow teh adminz
  4. paul

    mageiausers.org

    you poor bastard .. you're a glutton for punishment aren't you? go register, and I can tick the box to make you admin .. don't say I didn't warn you
  5. paul

    mageiausers.org

    1. Correct; no release means nothing to support, but it *might* happen :) 2. Final conclusion was: Conversation evaporated, never continued, and whoever is in control of the dns removed forum.mageia.org (or pointed it elsewhere) 3.Not so far; and keep a legible user database, but I'll keep my eye out. Dexter and SilverSurfer .. I'm trying to drum up support, been here before (starting a support forum) it takes more than one person; takes a team
  6. paul

    mageiausers.org

    Right . .who's in? and what is there to do?
  7. This advisory fixes the gpg keys parsing, which were resulting in some warnings (bug 61636).
  8. A possible double free flaw was found in the imap extension for php (CVE-2010-4150). A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could cause a segmention fault (crash). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
  9. This is a bugfix and maintenance update bundle that addresses various issues in a number of packages. * Some thread-related problems were found in the libalsa2 library that could cause segmentation faults in some audio applications (one example being phonon when used with gstreamer output and accessing pulseaudio via ALSA plugin). The updated libalsa2 package contains an upstream fix to correct this problem. On a related note the PulseAudio package has also been updated to include several important upstream bugfixes including: * Much improved handling of capture stream latencies and timing * Client side XCB implementation to replace Xlib (and thus solve some thread-related issues). * Support for the a52 alsa plugin when combined with an appropriate ~/.asoundrc file. * Several bugs in the pulseaudio plugin for the GStreamer audio framework could lead to application crashes, for instance in pidgin. This update contains fixes for memory allocation and lock handling of the pulseaudio plugin.
  10. A possible double free flaw was found in the imap extension for php (CVE-2010-4150). A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could case a segmention fault (crash). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
  11. A vulnerability was discovered in openssl that causes a race condition within the TLS extension parsing code and which can be exploited to cause a heap-based buffer overflow (CVE-2010-3864). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue.
  12. A new version of the CGI Perl module has been released to CPAN, which fixes several security bugs which directly affect Bugzilla (these two security bugs where first discovered as affecting Bugzilla, then identified as being bugs in CGI.pm itself). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to perl-CGI 3.50 to solve these security issues.
  13. Multiple vulnerabilities were discovered and corrected in freetype2: An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c when handling the "SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font (CVE-2010-3814). An error exists in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font (CVE-2010-3855). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
  14. Multiple vulnerabilities were discovered and corrected in freetype2: An error exists in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font (CVE-2010-3855). The updated packages have been patched to correct these issues.
  15. Multiple vulnerabilities were discovered and corrected in cups: Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file (CVE-2010-0542). The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors (CVE-2010-1748). The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file (CVE-2010-2431). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). The updated packages have been upgraded to cups 1.3.10 and patched to correct these issues.
  16. Multiple vulnerabilities were discovered and corrected in cups: Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file (CVE-2010-0542). The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors (CVE-2010-1748). The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file (CVE-2010-2431). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
  17. Multiple vulnerabilities were discovered and corrected in cups: Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings (CVE-2010-0540). ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request (CVE-2010-2941). The updated packages have been patched to correct these issues.
  18. This updates fixes one bug: In file /usr/lib/perl5/vendor_perl/5.10.0/Ocsinventory/LoggerBackend/Syslog.pm the third argument ({'USER'}) doesn't respect the syslog protocol RFC 5424. It should be one listed in http://perldoc.perl.org/Sys/Syslog.html#Facilities, in our case LOG_USER.
  19. Multiple vulnerabilities were discovered and corrected in poppler: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference (CVE-2010-3703). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). The updated packages have been patched to correct these issues.
  20. Multiple vulnerabilities were discovered and corrected in poppler: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
  21. Multiple vulnerabilities were discovered and corrected in kdegraphics: The Gfx::getPos function in the PDF parser in kdegraphics, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in kdegraphics, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). The updated packages have been patched to correct these issues.
  22. Multiple vulnerabilities were discovered and corrected in xpdf: The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
  23. Due to bug in nss_updatedb package old BDB transaction logs were not removed from /var/lib/misc directory, possibly filling the /var filesystem. The fixed package corrects this bug, and will also remove all leftover transaction logs from the system.
  24. Thus is a bug and maintenance release of snort that fixes numerous of issues such as: * Fix installer packages to include correct version of sensitive data preprocessor for linux and Windows * Eliminate false positives when using fast_pattern:only and having only one http content in the pattern matcher. * Address false positives in FTP preprocessor with string format verification. This advisory provides snort v2.8.6.1 where these problems has been resolved.
  25. This updates fixes two major bugs: - applog subcription/unsubscription needed to get a thread safe usage of applog were buggy and not thread safe themselves. - disabling slog usage form printout level > error was not respected.
×
×
  • Create New...