Jump to content

paul

Admin
  • Posts

    5611
  • Joined

  • Last visited

  • Days Won

    8

Posts posted by paul

  1. Multiple vulnerabilities has been found and corrected in libpng:

     

    Memory leak in the png_handle_tEXt function in pngrutil.c in libpng

    before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers

    to cause a denial of service (memory exhaustion) via a crafted PNG file

    (CVE-2008-6218.

     

    Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x

    before 1.4.3, as used in progressive applications, might allow remote

    attackers to execute arbitrary code via a PNG image that triggers an

    additional data row (CVE-2010-1205).

     

    Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before

    1.4.3, allows remote attackers to cause a denial of service (memory

    consumption and application crash) via a PNG image containing malformed

    Physical Scale (aka sCAL) chunks (CVE-2010-2249).

     

    As a precaution htmldoc has been rebuilt to link against the

    system libpng library for CS4 and 2008.0. Latest xulrunner and

    mozilla-thunderbird has been patched as a precaution for 2008.0 wheres

    on 2009.0 and up the the system libpng library is used instead of the

    bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is

    therefore also being provided with this advisory.

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  2. Multiple vulnerabilities has been found and corrected in python:

     

    Multiple integer overflows in audioop.c in the audioop module in

    Ptthon allow context-dependent attackers to cause a denial of service

    (application crash) via a large fragment, as demonstrated by a call

    to audioop.lin2lin with a long string in the first argument, leading

    to a buffer overflow. NOTE: this vulnerability exists because of an

    incorrect fix for CVE-2008-3143.5 (CVE-2010-1634).

     

    The audioop module in Python does not verify the relationships between

    size arguments and byte string lengths, which allows context-dependent

    attackers to cause a denial of service (memory corruption and

    application crash) via crafted arguments, as demonstrated by a call

    to audioop.reverse with a one-byte string, a different vulnerability

    than CVE-2010-1634 (CVE-2010-2089).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  3. Multiple vulnerabilities has been found and corrected in heimdal:

     

    The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5)

    up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and

    (B) Heimdal 0.7.2 and earlier, do not check return codes for setuid

    calls, which allows local users to gain privileges by causing setuid

    to fail to drop privileges using attacks such as resource exhaustion

    (CVE-2006-3083).

     

    The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to

    1.5, and 1.4.x before 1.4.4, and (B) Heimdal 0.7.2 and earlier, do not

    check return codes for setuid calls, which might allow local users to

    gain privileges by causing setuid to fail to drop privileges. NOTE:

    as of 20060808, it is not known whether an exploitable attack scenario

    exists for these issues (CVE-2006-3084).

     

    Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)

    to crash due to a null pointer dereference in the GSS-API library

    (CVE-2010-1321).

     

    The updated packages have been patched to correct these issues.

  4. A vulnerability has been found and corrected in lftp:

     

    The get1 command, as used by lftpget, in LFTP before 4.0.6 does not

    properly validate a server-provided filename before determining the

    destination filename of a download, which allows remote servers to

    create or overwrite arbitrary files via a Content-Disposition header

    that suggests a crafted filename, and possibly execute arbitrary

    code as a consequence of writing to a dotfile in a home directory

    (CVE-2010-2251).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally on 2008.0 lftp has been upgraded to 3.7.4.

     

    The updated packages have been patched to correct this issue.

  5. A vulnerability has been found and corrected in imlib2:

     

    imlib2 before 1.4.2 allows context-dependent attackers to have

    an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG,

    (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several

    heap and stack based buffer overflows - partly due to integer

    overflows. (CVE-2008-6079).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

  6. Firefox 3.6.6 modifies the crash protection feature to increase the

    amount of time that plugins are allowed to be non-responsive before

    being terminated.

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.

  7. Multiple vulnerabilities has been found and corrected in

    mozilla-thunderbird:

     

    Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers

    to execute arbitrary code via unknown vectors that trigger memory

    corruption, as demonstrated by Nils during a Pwn2Own competition at

    CanSecWest 2010 (CVE-2010-1121).

     

    Integer overflow in the nsGenericDOMDataNode::SetTextInternal function

    in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,

    Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote

    attackers to execute arbitrary code via a DOM node with a long text

    value that triggers a heap-based buffer overflow (CVE-2010-1196).

     

    Integer overflow in the XSLT node sorting implementation in Mozilla

    Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before

    3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute

    arbitrary code via a large text value for a node (CVE-2010-1199).

     

    Multiple unspecified vulnerabilities in the browser engine in Mozilla

    Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird

    before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to

    cause a denial of service (memory corruption and application crash)

    or possibly execute arbitrary code via unknown vectors (CVE-2010-1200).

     

    Multiple unspecified vulnerabilities in the JavaScript engine in

    Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird

    before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to

    cause a denial of service (memory corruption and application crash)

    or possibly execute arbitrary code via unknown vectors (CVE-2010-1202).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.

  8. Security issues were identified and fixed in firefox:

     

    An unspecified function in the JavaScript implementation in Mozilla

    Firefox creates and exposes a temporary footprint when there is

    a current login to a web site, which makes it easier for remote

    attackers to trick a user into acting upon a spoofed pop-up message,

    aka an in-session phishing attack. (CVE-2008-5913).

     

    The JavaScript implementation in Mozilla Firefox 3.x allows remote

    attackers to send selected keystrokes to a form field in a hidden

    frame, instead of the intended form field in a visible frame, via

    certain calls to the focus method (CVE-2010-1125).

     

    Integer overflow in the nsGenericDOMDataNode::SetTextInternal function

    in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,

    Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote

    attackers to execute arbitrary code via a DOM node with a long text

    value that triggers a heap-based buffer overflow (CVE-2010-1196).

     

    Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and

    SeaMonkey before 2.0.5, does not properly handle situations in which

    both Content-Disposition: attachment and Content-Type: multipart are

    present in HTTP headers, which allows remote attackers to conduct

    cross-site scripting (XSS) attacks via an uploaded HTML document

    (CVE-2010-1197).

     

    Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10

    and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote

    attackers to execute arbitrary code via vectors involving multiple

    plugin instances (CVE-2010-1198).

     

    Integer overflow in the XSLT node sorting implementation in Mozilla

    Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before

    3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute

    arbitrary code via a large text value for a node (CVE-2010-1199).

     

    Multiple unspecified vulnerabilities in the browser engine in Mozilla

    Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird

    before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to

    cause a denial of service (memory corruption and application crash)

    or possibly execute arbitrary code via unknown vectors (CVE-2010-1200).

     

    Multiple unspecified vulnerabilities in the JavaScript engine in

    Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird

    before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to

    cause a denial of service (memory corruption and application crash)

    or possibly execute arbitrary code via unknown vectors (CVE-2010-1202).

     

    Multiple unspecified vulnerabilities in the JavaScript engine in

    Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause

    a denial of service (memory corruption and application crash) or

    possibly execute arbitrary code via unknown vectors (CVE-2010-1203).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.

×
×
  • Create New...