Jump to content

paul

Admin
 View Profile  See their activity

  • Posts

    5611

  • Joined

  • Last visited

  • Days Won

    8

 Content Type 

Posts posted by paul

  1. Advisories MDVSA-2010:150: libsndfile

    in Mandriva Security Advisories

    Posted

    A vulnerability has been discovered and corrected in libsndfile:

     

    The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init,

    (5) float32_init, and (6) sds_read_header functions in libsndfile

    1.0.20 allow context-dependent attackers to cause a denial of service

    (divide-by-zero error and application crash) via a crafted audio file

    (CVE-2009-4835).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

  2. Advisories MDVA-2010:185: nfs-utils

    in Mandriva Security Advisories

    Posted

    A bug in nfs-server init script incorrectly reload rpc.idmapd after

    rpc.nfsd start, preventing proper communication between the two

    processes. As a result, all files are considered owned by nobody

    uid/gid on client side. This update fix this issue.

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

  3. Advisories MDVSA-2010:149: freetype2

    in Mandriva Security Advisories

    Posted

    A vulnerability has been discovered and corrected in freetype2:

     

    Multiple stack overflow flaws have been reported in the way FreeType

    font rendering engine processed certain CFF opcodes. An attacker

    could use these flaws to create a specially-crafted font file that,

    when opened, would cause an application linked against libfreetype

    to crash, or, possibly execute arbitrary code (CVE-2010-1797).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

  4. Advisories MDVSA-2010:148: pidgin

    in Mandriva Security Advisories

    Posted

    A security vulnerability has been identified and fixed in pidgin:

     

    The clientautoresp function in family_icbm.c in the oscar protocol

    plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated

    users to cause a denial of service (NULL pointer dereference and

    application crash) via an X-Status message that lacks the expected

    end tag for a (1) desc or (2) title element (CVE-2010-2528).

     

    Packages for 2008.0 and 2009.0 are provided due to the Extended

    Maintenance Program for those products.

     

    This update provides pidgin 2.7.3, which is not vulnerable to this

    issue.

  5. Advisories MDVSA-2010:147: firefox

    in Mandriva Security Advisories

    Posted

    Security issues were identified and fixed in firefox:

     

    layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not

    properly free memory in the parameter array of a plugin instance,

    which allows remote attackers to cause a denial of service (memory

    corruption) or possibly execute arbitrary code via a crafted

    HTML document, related to the DATA and SRC attributes of an OBJECT

    element. NOTE: this vulnerability exists because of an incorrect fix

    for CVE-2010-1214 (CVE-2010-2755).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates. The python packages contained a small

    dependency problem on 2008.0/2009.0/MES5 that is addressed as well

    with this advisory.

  7. Advisories MDVSA-2010:146: libtiff

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been discovered and corrected in libtiff:

     

    The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in

    ImageMagick, does not properly handle invalid ReferenceBlackWhite

    values, which allows remote attackers to cause a denial of service

    (application crash) via a crafted TIFF image that triggers an array

    index error, related to downsampled OJPEG input. (CVE-2010-2595)

     

    Multiple integer overflows in the Fax3SetupState function in tif_fax3.c

    in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to

    execute arbitrary code or cause a denial of service (application crash)

    via a crafted TIFF file that triggers a heap-based buffer overflow

    (CVE-2010-1411).

     

    Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3

    allows remote attackers to cause a denial of service (application

    crash) or possibly execute arbitrary code via a crafted TIFF file

    that triggers a buffer overflow (CVE-2010-2065).

     

    The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers

    to cause a denial of service (out-of-bounds read and application crash)

    via a TIFF file with an invalid combination of SamplesPerPixel and

    Photometric values (CVE-2010-2483).

     

    The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2

    makes incorrect calls to the TIFFGetField function, which allows

    remote attackers to cause a denial of service (application crash) via

    a crafted TIFF image, related to downsampled OJPEG input and possibly

    related to a compiler optimization that triggers a divide-by-zero error

    (CVE-2010-2597).

     

    The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly

    handle unknown tag types in TIFF directory entries, which allows

    remote attackers to cause a denial of service (out-of-bounds read

    and application crash) via a crafted TIFF file (CVE-2010-248).

     

    Stack-based buffer overflow in the TIFFFetchSubjectDistance function

    in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to

    cause a denial of service (application crash) or possibly execute

    arbitrary code via a long EXIF SubjectDistance field in a TIFF file

    (CVE-2010-2067).

     

    tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as

    used in ImageMagick, does not properly perform vertical flips, which

    allows remote attackers to cause a denial of service (application

    crash) or possibly execute arbitrary code via a crafted TIFF image,

    related to downsampled OJPEG input. (CVE-2010-2233).

     

    LibTIFF 3.9.4 and earlier does not properly handle an invalid

    td_stripbytecount field, which allows remote attackers to cause a

    denial of service (NULL pointer dereference and application crash)

    via a crafted TIFF file, a different vulnerability than CVE-2010-2443

    (CVE-2010-2482).

     

    The updated packages have been patched to correct these issues.

  8. Advisories MDVSA-2010:145: libtiff

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been discovered and corrected in libtiff:

     

    The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in

    ImageMagick, does not properly handle invalid ReferenceBlackWhite

    values, which allows remote attackers to cause a denial of service

    (application crash) via a crafted TIFF image that triggers an array

    index error, related to downsampled OJPEG input. (CVE-2010-2595)

     

    Multiple integer overflows in the Fax3SetupState function in tif_fax3.c

    in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to

    execute arbitrary code or cause a denial of service (application crash)

    via a crafted TIFF file that triggers a heap-based buffer overflow

    (CVE-2010-1411).

     

    Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3

    allows remote attackers to cause a denial of service (application

    crash) or possibly execute arbitrary code via a crafted TIFF file

    that triggers a buffer overflow (CVE-2010-2065).

     

    The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers

    to cause a denial of service (out-of-bounds read and application crash)

    via a TIFF file with an invalid combination of SamplesPerPixel and

    Photometric values (CVE-2010-2483).

     

    The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2

    makes incorrect calls to the TIFFGetField function, which allows

    remote attackers to cause a denial of service (application crash) via

    a crafted TIFF image, related to downsampled OJPEG input and possibly

    related to a compiler optimization that triggers a divide-by-zero error

    (CVE-2010-2597).

     

    The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly

    handle unknown tag types in TIFF directory entries, which allows

    remote attackers to cause a denial of service (out-of-bounds read

    and application crash) via a crafted TIFF file (CVE-2010-248).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  10. Advisories MDVSA-2010:144: wireshark

    in Mandriva Security Advisories

    Posted

    This advisory updates wireshark to the latest version(s), fixing

    several security issues:

     

    Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through

    1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack

    vectors (CVE-2010-2284).

     

    Buffer overflow in the SigComp Universal Decompressor Virtual Machine

    dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8

    has unknown impact and remote attack vectors (CVE-2010-2287).

  11. Advisories MDVSA-2010:143: gnupg2

    in Mandriva Security Advisories

    Posted

    A vulnerability has been discovered and corrected in gnupg2:

     

    Importing a certificate with more than 98 Subject Alternate Names

    via GPGSM's import command or implicitly while verifying a signature

    causes GPGSM to reallocate an array with the names. The bug is that

    the reallocation code misses assigning the reallocated array to the old

    array variable and thus the old and freed array will be used. Usually

    this leads to a segv (CVE-2010-2547).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

  12. Advisories MDVSA-2010:142: openldap

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been discovered and corrected in openldap:

     

    The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not

    check the return value of a call to the smr_normalize function, which

    allows remote attackers to cause a denial of service (segmentation

    fault) and possibly execute arbitrary code via a modrdn call with an

    RDN string containing invalid UTF-8 sequences, which triggers a free

    of an invalid, uninitialized pointer in the slap_mods_free function, as

    demonstrated using the Codenomicon LDAPv3 test suite (CVE-2010-0211).

     

    OpenLDAP 2.4.22 allows remote attackers to cause a denial of service

    (crash) via a modrdn call with a zero-length RDN destination string,

    which is not properly handled by the smr_normalize function and

    triggers a NULL pointer dereference in the IA5StringNormalize function

    in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test

    suite (CVE-2010-0212).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  13. Advisories MDVSA-2010:141: samba

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been discovered and corrected in samba:

     

    The chain_reply function in process.c in smbd in Samba before 3.4.8 and

    3.5.x before 3.5.2 allows remote attackers to cause a denial of service

    (NULL pointer dereference and process crash) via a Negotiate Protocol

    request with a certain 0x0003 field value followed by a Session Setup

    AndX request with a certain 0x8003 field value (CVE-2010-1635).

     

    The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in

    Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to

    trigger an out-of-bounds read, and cause a denial of service (process

    crash), via a xffxff security blob length in a Session Setup AndX

    request (CVE-2010-1642).

     

    The updated packages provides samba 3.4.8 which is not vulnerable to

    these issues.

  15. Advisories MDVSA-2010:140: php

    in Mandriva Security Advisories

    Posted

    This is a maintenance and security update that upgrades php to 5.3.3

    for 2010.0/2010.1.

     

    Security Enhancements and Fixes in PHP 5.3.3:

     

    * Rewrote var_export() to use smart_str rather than output buffering,

    prevents data disclosure if a fatal error occurs (CVE-2010-2531).

    * Fixed a possible resource destruction issues in shm_put_var().

    * Fixed a possible information leak because of interruption of

    XOR operator.

    * Fixed a possible memory corruption because of unexpected call-time

    pass by refernce and following memory clobbering through callbacks.

    * Fixed a possible memory corruption in ArrayObject::uasort().

    * Fixed a possible memory corruption in parse_str().

    * Fixed a possible memory corruption in pack().

    * Fixed a possible memory corruption in substr_replace().

    * Fixed a possible memory corruption in addcslashes().

    * Fixed a possible stack exhaustion inside fnmatch().

    * Fixed a possible dechunking filter buffer overflow.

    * Fixed a possible arbitrary memory access inside sqlite extension.

    * Fixed string format validation inside phar extension.

    * Fixed handling of session variable serialization on certain prefix

    characters.

    * Fixed a NULL pointer dereference when processing invalid XML-RPC

    requests (Fixes CVE-2010-0397, bug #51288).

    * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).

    * Fixed possible buffer overflows in mysqlnd_list_fields,

    mysqlnd_change_user.

    * Fixed possible buffer overflows when handling error packets

    in mysqlnd.

     

    Additionally some of the third party extensions and required

    dependencies has been upgraded and/or rebuilt for the new php version.

  16. Advisories MDVSA-2010:139: php

    in Mandriva Security Advisories

    Posted

    This is a maintenance and security update that upgrades php to 5.2.14

    for CS4/MES5/2008.0/2009.0/2009.1.

     

    Security Enhancements and Fixes in PHP 5.2.14:

     

    * Rewrote var_export() to use smart_str rather than output buffering,

    prevents data disclosure if a fatal error occurs (CVE-2010-2531).

    * Fixed a possible interruption array leak in

    strrchr().(CVE-2010-2484)

    * Fixed a possible interruption array leak in strchr(), strstr(),

    substr(), chunk_split(), strtok(), addcslashes(), str_repeat(),

    trim().

    * Fixed a possible memory corruption in substr_replace().

    * Fixed SplObjectStorage unserialization problems (CVE-2010-2225).

    * Fixed a possible stack exaustion inside fnmatch().

    * Fixed a NULL pointer dereference when processing invalid XML-RPC

    requests (Fixes CVE-2010-0397, bug #51288).

    * Fixed handling of session variable serialization on certain prefix

    characters.

    * Fixed a possible arbitrary memory access inside sqlite

    extension. Reported by Mateusz Kocielski.

     

    Additionally some of the third party extensions has been upgraded

    and/or rebuilt for the new php version.

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

  18. Advisories MDVSA-2010:134: ghostscript

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been found and corrected in ghostscript:

     

    Stack-based buffer overflow in the errprintf function in base/gsmisc.c

    in ghostscript 8.64 through 8.70 allows remote attackers to cause a

    denial of service (crash) and possibly execute arbitrary code via a

    crafted PDF file, as originally reported for debug logging code in

    gdevcups.c in the CUPS output driver (CVE-2009-4270).

     

    Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier

    allows remote attackers to execute arbitrary code or cause a denial

    of service (memory corruption) via a crafted PDF document containing

    a long name (CVE-2009-4897).

     

    Ghostscript 8.64, 8.70, and possibly other versions allows

    context-dependent attackers to execute arbitrary code via a

    PostScript file containing unlimited recursive procedure invocations,

    which trigger memory corruption in the stack of the interpreter

    (CVE-2010-1628).

     

    As a precaution ghostscript has been rebuilt to link against the

    system libpng library which was fixed with MDVSA-2010:133

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  19. Advisories MDVSA-2010:135: ghostscript

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been found and corrected in ghostscript:

     

    Stack-based buffer overflow in the errprintf function in base/gsmisc.c

    in ghostscript 8.64 through 8.70 allows remote attackers to cause a

    denial of service (crash) and possibly execute arbitrary code via a

    crafted PDF file, as originally reported for debug logging code in

    gdevcups.c in the CUPS output driver (CVE-2009-4270).

     

    Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier

    allows remote attackers to execute arbitrary code or cause a denial

    of service (memory corruption) via a crafted PDF document containing

    a long name (CVE-2009-4897).

     

    The updated packages have been patched to correct these issues.

  20. Advisories MDVSA-2010:136: ghostscript

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been found and corrected in ghostscript:

     

    Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier

    allows remote attackers to execute arbitrary code or cause a denial

    of service (memory corruption) via a crafted PDF document containing

    a long name (CVE-2009-4897).

     

    Ghostscript 8.64, 8.70, and possibly other versions allows

    context-dependent attackers to execute arbitrary code via a

    PostScript file containing unlimited recursive procedure invocations,

    which trigger memory corruption in the stack of the interpreter

    (CVE-2010-1628).

     

    As a precaution ghostscriptc has been rebuilt to link against the

    system libpng library which was fixed with MDVSA-2010:133

     

    The updated packages have been patched to correct these issues.

  22. Advisories MDVSA-2010:137: freetype2

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been found and corrected in freetype2:

     

    Multiple integer underflows/overflows and heap buffer overflows was

    discovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,

    CVE-2010-2500, CVE-2010-2519).

     

    A heap buffer overflow was discovered in the bytecode support. The

    bytecode support is NOT enabled per default in Mandriva due to previous

    patent claims, but packages by PLF is affected (CVE-2010-2520).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  23. Advisories MDVSA-2010:135: ghostscript

    in Mandriva Security Advisories

    Posted

    A vulnerability has been found and corrected in ghostscript:

     

    Stack-based buffer overflow in the errprintf function in base/gsmisc.c

    in ghostscript 8.64 through 8.70 allows remote attackers to cause a

    denial of service (crash) and possibly execute arbitrary code via a

    crafted PDF file, as originally reported for debug logging code in

    gdevcups.c in the CUPS output driver (CVE-2009-4270).

     

    The updated packages have been patched to correct this issue.

  24. Advisories MDVSA-2010:136: ghostscript

    in Mandriva Security Advisories

    Posted

    A vulnerability has been found and corrected in ghostscript:

     

    Ghostscript 8.64, 8.70, and possibly other versions allows

    context-dependent attackers to execute arbitrary code via a

    PostScript file containing unlimited recursive procedure invocations,

    which trigger memory corruption in the stack of the interpreter

    (CVE-2010-1628).

     

    As a precaution ghostscriptc has been rebuilt to link against the

    system libpng library which was fixed with MDVSA-2010:133

     

    The updated packages have been patched to correct this issue.

  25. Advisories MDVSA-2010:134: ghostscript

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities has been found and corrected in ghostscript:

     

    Stack-based buffer overflow in the errprintf function in base/gsmisc.c

    in ghostscript 8.64 through 8.70 allows remote attackers to cause a

    denial of service (crash) and possibly execute arbitrary code via a

    crafted PDF file, as originally reported for debug logging code in

    gdevcups.c in the CUPS output driver (CVE-2009-4270).

     

    Ghostscript 8.64, 8.70, and possibly other versions allows

    context-dependent attackers to execute arbitrary code via a

    PostScript file containing unlimited recursive procedure invocations,

    which trigger memory corruption in the stack of the interpreter

    (CVE-2010-1628).

     

    As a precaution ghostscriptc has been rebuilt to link against the

    system libpng library which was fixed with MDVSA-2010:133

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

×
×
  • Create New...