Jump to content

paul

Admin
  • Posts

    5611
  • Joined

  • Last visited

  • Days Won

    8

Posts posted by paul

  1. A vulnerability has been found and corrected in lvm2:

     

    The cluster logical volume manager daemon (clvmd) in lvm2-cluster

    in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)

    and other products, does not verify client credentials upon a socket

    connection, which allows local users to cause a denial of service

    (daemon exit or logical-volume change) or possibly have unspecified

    other impact via crafted control commands (CVE-2010-2526).

     

    The updated packages have been patched to correct this issue.

  2. A vulnerability has been found and corrected in wget:

     

    GNU Wget 1.12 and earlier uses a server-provided filename instead of

    the original URL to determine the destination filename of a download,

    which allows remote servers to create or overwrite arbitrary files

    via a 3xx redirect to a URL with a .wgetrc filename followed by a

    3xx redirect to a URL with a crafted filename, and possibly execute

    arbitrary code as a consequence of writing to a dotfile in a home

    directory (CVE-2010-2252).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

  3. Multiple vulnerabilities has been found and corrected in

    mozilla-thunderbird:

     

    dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11

    and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x

    before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress

    a script's URL in certain circumstances involving a redirect and an

    error message, which allows remote attackers to obtain sensitive

    information about script parameters via a crafted HTML document,

    related to the window.onerror handler (CVE-2010-2754).

     

    Mozilla Firefox permits cross-origin loading of CSS stylesheets

    even when the stylesheet download has an incorrect MIME type and the

    stylesheet document is malformed, which allows remote HTTP servers

    to obtain sensitive information via a crafted document (CVE-2010-0654).

     

    The importScripts Web Worker method in Mozilla Firefox 3.5.x before

    3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and

    3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that

    content is valid JavaScript code, which allows remote attackers to

    bypass the Same Origin Policy and obtain sensitive information via

    a crafted HTML document (CVE-2010-1213).

     

    Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x

    before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before

    3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute

    arbitrary code via a large selection attribute in a XUL tree element

    (CVE-2010-2753).

     

    Integer overflow in an array class in Mozilla Firefox 3.5.x before

    3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x

    before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to

    execute arbitrary code by placing many Cascading Style Sheets (CSS)

    values in an array (CVE-2010-2752).

     

    Multiple unspecified vulnerabilities in the browser engine in Mozilla

    Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x

    before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow

    remote attackers to cause a denial of service (memory corruption and

    application crash) or possibly execute arbitrary code via unknown

    vectors (CVE-2010-1211).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.

  4. A vulnerability has been found and corrected in openssl:

     

    Double free vulnerability in the ssl3_get_key_exchange function in

    the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7,

    and possibly other versions, when using ECDH, allows context-dependent

    attackers to cause a denial of service (crash) and possibly execute

    arbitrary code via a crafted private key with an invalid prime. NOTE:

    some sources refer to this as a use-after-free issue (CVE-2010-2939).

     

    The updated packages have been patched to correct this issue.

  5. A vulnerability has been found and corrected in perl-libwww-perl:

     

    lwp-download in libwww-perl before 5.835 does not reject downloads to

    filenames that begin with a . (dot) character, which allows remote

    servers to create or overwrite files via (1) a 3xx redirect to a

    URL with a crafted filename or (2) a Content-Disposition header

    that suggests a crafted filename, and possibly execute arbitrary

    code as a consequence of writing to a dotfile in a home directory

    (CVE-2010-2253).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

  6. A vulnerability has been found and corrected in libgdiplus:

     

    Multiple integer overflows in libgdiplus 2.6.7, as used in Mono,

    allow attackers to execute arbitrary code via (1) a crafted TIFF

    file, related to the gdip_load_tiff_image function in tiffcodec.c;

    (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal

    function in jpegcodec.c; or (3) a crafted BMP file, related to the

    gdip_read_bmp_image function in bmpcodec.c, leading to heap-based

    buffer overflows (CVE-2010-1526).

     

    The updated packages have been patched to correct this issue.

  7. A vulnerability has been found and corrected in libHX:

     

    Heap-based buffer overflow in the HX_split function in string.c in

    libHX before 3.6 allows remote attackers to execute arbitrary code

    or cause a denial of service (application crash) via a string that

    is inconsistent with the expected number of fields (CVE-2010-2947).

     

    The updated packages have been patched to correct this issue.

  8. Multiple vulnerabilities has been found and corrected in phpmyadmin:

     

    The setup script used to generate configuration can be fooled using

    a crafted POST request to include arbitrary PHP code in generated

    configuration file. Combined with the ability to save files on the

    server, this can allow unauthenticated users to execute arbitrary

    PHP code (CVE-2010-3055).

     

    It was possible to conduct a XSS attack using crafted URLs or POST

    parameters on several pages (CVE-2010-3056).

     

    This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable

    for these security issues.

  9. A vulnerability has been found and corrected in vte:

     

    The vte_sequence_handler_window_manipulation function in vteseq.c

    in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in

    gnome-terminal, does not properly handle escape sequences, which

    allows remote attackers to execute arbitrary commands or obtain

    potentially sensitive information via a (1) window title or (2) icon

    title sequence. NOTE: this issue exists because of a CVE-2003-0070

    regression (CVE-2010-2713).

     

    The updated packages have been patched to correct this issue.

  10. Multiple vulnerabilities has been found and corrected in cacti:

     

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti before

    0.8.7f, allow remote attackers to inject arbitrary web script or

    HTML via the (1) hostname or (2) description parameter to host.php,

    or (3) the host_id parameter to data_sources.php (CVE-2010-1644).

     

    Cacti before 0.8.7f, allows remote authenticated administrators to

    execute arbitrary commands via shell metacharacters in (1) the FQDN

    field of a Device or (2) the Vertical Label field of a Graph Template

    (CVE-2010-1645).

     

    Cross-site scripting (XSS) vulnerability in

    include/top_graph_header.php in Cacti before 0.8.7g allows remote

    attackers to inject arbitrary web script or HTML via the graph_start

    parameter to graph.php. NOTE: this vulnerability exists because of

    an incorrect fix for CVE-2009-4032.2.b (CVE-2010-2543).

     

    Cross-site scripting (XSS) vulnerability in utilities.php in Cacti

    before 0.8.7g, allows remote attackers to inject arbitrary web script

    or HTML via the filter parameter (CVE-2010-2544).

     

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti before

    0.8.7g, allow remote attackers to inject arbitrary web script or HTML

    via (1) the name element in an XML template to templates_import.php;

    and allow remote authenticated administrators to inject arbitrary web

    script or HTML via vectors related to (2) cdef.php, (3) data_input.php,

    (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7)

    gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php,

    (11) graph_templates_inputs.php, (12) graph_templates_items.php,

    (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16)

    host_templates.php, (17) lib/functions.php, (18) lib/html_form.php,

    (19) lib/html_form_template.php, (20) lib/html.php, (21)

    lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php,

    and (25) user_admin.php (CVE-2010-2545).

     

    This update provides cacti 0.8.7f, which is not vulnerable to these

    issues.

  11. A vulnerability has been found and corrected in squirrelmail:

     

    functions/imap_general.php in SquirrelMail before 1.4.21 does not

    properly handle 8-bit characters in passwords, which allows remote

    attackers to cause a denial of service (disk consumption) by making

    many IMAP login attempts with different usernames, leading to the

    creation of many preferences files (CVE-2010-2813).

     

    This update provides squirrelmail 1.4.21, which is not vulnerable to

    this issue.

  12. Multiple vulnerabilities has been found and corrected in freetype2:

     

    The FT_Stream_EnterFrame function in base/ftstream.c in FreeType

    before 2.4.2 does not properly validate certain position values, which

    allows remote attackers to cause a denial of service (application

    crash) or possibly execute arbitrary code via a crafted font file

    (CVE-2010-2805).

     

    Array index error in the t42_parse_sfnts function in type42/t42parse.c

    in FreeType before 2.4.2 allows remote attackers to cause a denial of

    service (application crash) or possibly execute arbitrary code via

    negative size values for certain strings in FontType42 font files,

    leading to a heap-based buffer overflow (CVE-2010-2806).

     

    FreeType before 2.4.2 uses incorrect integer data types during bounds

    checking, which allows remote attackers to cause a denial of service

    (application crash) or possibly execute arbitrary code via a crafted

    font file (CVE-2010-2807).

     

    Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c

    in FreeType before 2.4.2 allows remote attackers to cause a denial of

    service (memory corruption and application crash) or possibly execute

    arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)

    font (CVE-2010-2808).

     

    bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause

    a denial of service (application crash) via a crafted BDF font file,

    related to an attempted modification of a value in a static string

    (CVE-2010-3053).

     

    The updated packages have been patched to correct these issues.

  13. Multiple vulnerabilities has been found and corrected in freetype2:

     

    The FT_Stream_EnterFrame function in base/ftstream.c in FreeType

    before 2.4.2 does not properly validate certain position values, which

    allows remote attackers to cause a denial of service (application

    crash) or possibly execute arbitrary code via a crafted font file

    (CVE-2010-2805).

     

    Array index error in the t42_parse_sfnts function in type42/t42parse.c

    in FreeType before 2.4.2 allows remote attackers to cause a denial of

    service (application crash) or possibly execute arbitrary code via

    negative size values for certain strings in FontType42 font files,

    leading to a heap-based buffer overflow (CVE-2010-2806).

     

    FreeType before 2.4.2 uses incorrect integer data types during bounds

    checking, which allows remote attackers to cause a denial of service

    (application crash) or possibly execute arbitrary code via a crafted

    font file (CVE-2010-2807).

     

    Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c

    in FreeType before 2.4.2 allows remote attackers to cause a denial of

    service (memory corruption and application crash) or possibly execute

    arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)

    font (CVE-2010-2808).

     

    bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause

    a denial of service (application crash) via a crafted BDF font file,

    related to an attempted modification of a value in a static string

    (CVE-2010-3053).

     

    Unspecified vulnerability in FreeType 2.3.9, and other versions

    before 2.4.2, allows remote attackers to cause a denial of service

    via vectors involving nested Standard Encoding Accented Character

    (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and

    t1decode.c (CVE-2010-3054).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  14. Multiple vulnerabilities has been found and corrected in mysql:

     

    MySQL before 5.1.48 allows remote authenticated users with alter

    database privileges to cause a denial of service (server crash

    and database loss) via an ALTER DATABASE command with a #mysql50#

    string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or

    similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which

    causes MySQL to move certain directories to the server data directory

    (CVE-2010-2008).

     

    Additionally many security issues noted in the 5.1.49 release notes

    has been addressed with this advisory as well, such as:

     

    * LOAD DATA INFILE did not check for SQL errors and sent an OK packet

    even when errors were already reported. Also, an assert related to

    client-server protocol checking in debug servers sometimes was raised

    when it should not have been. (Bug#52512)

     

    * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY

    (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)

     

    * The server could crash if there were alternate reads from two

    indexes on a table using the HANDLER interface. (Bug#54007)

     

    * A malformed argument to the BINLOG statement could result in Valgrind

    warnings or a server crash. (Bug#54393)

     

    * Incorrect handling of NULL arguments could lead to a crash for IN()

    or CASE operations when NULL arguments were either passed explicitly

    as arguments (for IN()) or implicitly generated by the WITH ROLLUP

    modifier (for IN() and CASE). (Bug#54477)

     

    * Joins involving a table with with a unique SET column could cause

    a server crash. (Bug#54575)

     

    * Use of TEMPORARY InnoDB tables with nullable columns could cause

    a server crash. (Bug#54044)

     

    The updated packages have been patched to correct these issues.

  15. Various packages of old unix utilities (rsh, rlogin, telnet,

    ...) available in mandriva used to be paralleously installable, though

    usage of setup-alternative utility. In 2010.1, the MIT-kerberized

    versions from krb5-appl package ceased to use this setup, for sake of

    simplicity, and was made conflicting with other packages. However,

    the netkit version of rsh wasn't modified accordingly, and still

    install its binaries as {rsh,rlogin,telnet}.netkit, making their

    usage impractical.

  16. Multiple vulnerabilities has been found and corrected in apache:

     

    The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x

    before 2.2.16 allow remote attackers to cause a denial of service

    (process crash) via a request that lacks a path (CVE-2010-1452).

     

    mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,

    does not close the backend connection if a timeout occurs when reading

    a response from a persistent connection, which allows remote attackers

    to obtain a potentially sensitive response intended for a different

    client in opportunistic circumstances via a normal HTTP request.

    NOTE: this is the same issue as CVE-2010-2068, but for a different

    OS and set of affected versions (CVE-2010-2791).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  17. Multiple vulnerabilities has been found and corrected in cabextract:

     

    The MS-ZIP decompressor in cabextract before 1.3 allows remote

    attackers to cause a denial of service (infinite loop) via a malformed

    MSZIP archive in a .cab file during a test or extract action, related

    to the libmspack library (CVE-2010-2800).

     

    Integer signedness error in the Quantum decompressor in cabextract

    before 1.3, when archive test mode is used, allows user-assisted

    remote attackers to cause a denial of service (application crash)

    or possibly execute arbitrary code via a crafted Quantum archive in

    a .cab file, related to the libmspack library (CVE-2010-2801).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages provides cabextract 1.3 which is not vulnerable

    to these issues.

  18. A vulnerabilitiy has been found and corrected in apache:

     

    The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x

    before 2.2.16 allow remote attackers to cause a denial of service

    (process crash) via a request that lacks a path (CVE-2010-1452).

     

    Packages for 2008.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

  19. A vulnerability has been discovered and corrected in libmikmod:

     

    Multiple heap-based buffer overflows might allow remote attackers

    to execute arbitrary code via (1) crafted samples or (2) crafted

    instrument definitions in an Impulse Tracker file (CVE-2009-3995).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

×
×
  • Create New...