-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
Multiple vulnerabilities has been found and corrected in python:
Multiple integer overflows in audioop.c in the audioop module in
Ptthon allow context-dependent attackers to cause a denial of service
(application crash) via a large fragment, as demonstrated by a call
to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2008-3143.5 (CVE-2010-1634).
The audioop module in Python does not verify the relationships between
size arguments and byte string lengths, which allows context-dependent
attackers to cause a denial of service (memory corruption and
application crash) via crafted arguments, as demonstrated by a call
to audioop.reverse with a one-byte string, a different vulnerability
than CVE-2010-1634 (CVE-2010-2089).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
This is maintenance and bugfix release bringing php-xdebug-2.1.0
(final) that addreses some php-5.3.x specific issues.
Update:
Updated packages for Mandriva Linux 2010.1 is also provided.
-
Multiple format string and buffer overflow vulnerabilities has been
found and corrected in iscsitarget (CVE-2010-0743, CVE-2010-2221).
The updated packages have been patched to correct these issues.
-
It was discovered php-eaccelerator-0.9.6 did not work properly with
open_basedir for php-5.3.2. This advisory upgrades php-eaccelerator
to 0.9.6.1 which solves this problem.
Update:
It was discovered php-eaccelerator-0.9.6 did not work properly with
open_basedir for php-5.2.13. This advisory upgrades php-eaccelerator
to 0.9.6.1 which solves this problem.
-
This is maintenance and bugfix release bringing php-xdebug-2.1.0
(final) that addreses some php-5.3.x specific issues.
-
Multiple vulnerabilities has been found and corrected in heimdal:
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5)
up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and
(B) Heimdal 0.7.2 and earlier, do not check return codes for setuid
calls, which allows local users to gain privileges by causing setuid
to fail to drop privileges using attacks such as resource exhaustion
(CVE-2006-3083).
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to
1.5, and 1.4.x before 1.4.4, and (B) Heimdal 0.7.2 and earlier, do not
check return codes for setuid calls, which might allow local users to
gain privileges by causing setuid to fail to drop privileges. NOTE:
as of 20060808, it is not known whether an exploitable attack scenario
exists for these issues (CVE-2006-3084).
Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
to crash due to a null pointer dereference in the GSS-API library
(CVE-2010-1321).
The updated packages have been patched to correct these issues.
-
A vulnerability has been found and corrected in heimdal:
Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
to crash due to a null pointer dereference in the GSS-API library
(CVE-2010-1321).
The updated packages have been patched to correct this issue.
-
A vulnerability has been found and corrected in lftp:
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not
properly validate a server-provided filename before determining the
destination filename of a download, which allows remote servers to
create or overwrite arbitrary files via a Content-Disposition header
that suggests a crafted filename, and possibly execute arbitrary
code as a consequence of writing to a dotfile in a home directory
(CVE-2010-2251).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally on 2008.0 lftp has been upgraded to 3.7.4.
The updated packages have been patched to correct this issue.
-
This is a maintenance release that upgrades krb5 to 1.8.1 that adds
extended functionnalities.
Update:
The krb5-appl suite was missing with the previous update. This advisory
provides the ftp and telnet server/client applications.
-
nss_ldap is now provided with krb5_ccname as compilation option.
-
This is a maintenance upgrade for ISC BIND that fixes some upstream
bugs.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
-
This update provides:
- Fix for bug #59541: Empty fields in media helpers not allowing the
addition of enterprise/restricted medias
- New feature: Offers powerpack media to Free/One users, and
re-subscription to Flash/Powerpack users.
-
A vulnerability has been found and corrected in imlib2:
imlib2 before 1.4.2 allows context-dependent attackers to have
an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG,
(4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several
heap and stack based buffer overflows - partly due to integer
overflows. (CVE-2008-6079).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
This is a maintenance release that upgrades krb5 to 1.8.1 that adds
extended functionnalities.
-
A bug in the x11-driver-input-evdev package could lead to crashes
in the Xorg server after read errors in input devices. This update
fixes this problem.
-
Firefox 3.6.6 modifies the crash protection feature to increase the
amount of time that plugins are allowed to be non-responsive before
being terminated.
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
This new mkinitrd release fixes hotplug command and thus firmware
loading inside nash, addressing failure with modules loaded inside
initrd which requests firmware.
-
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers
to execute arbitrary code via unknown vectors that trigger memory
corruption, as demonstrated by Nils during a Pwn2Own competition at
CanSecWest 2010 (CVE-2010-1121).
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).
Integer overflow in the XSLT node sorting implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute
arbitrary code via a large text value for a node (CVE-2010-1199).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1200).
Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1202).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
Security issues were identified and fixed in firefox:
An unspecified function in the JavaScript implementation in Mozilla
Firefox creates and exposes a temporary footprint when there is
a current login to a web site, which makes it easier for remote
attackers to trick a user into acting upon a spoofed pop-up message,
aka an in-session phishing attack. (CVE-2008-5913).
The JavaScript implementation in Mozilla Firefox 3.x allows remote
attackers to send selected keystrokes to a form field in a hidden
frame, instead of the intended form field in a visible frame, via
certain calls to the focus method (CVE-2010-1125).
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and
SeaMonkey before 2.0.5, does not properly handle situations in which
both Content-Disposition: attachment and Content-Type: multipart are
present in HTTP headers, which allows remote attackers to conduct
cross-site scripting (XSS) attacks via an uploaded HTML document
(CVE-2010-1197).
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10
and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote
attackers to execute arbitrary code via vectors involving multiple
plugin instances (CVE-2010-1198).
Integer overflow in the XSLT node sorting implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute
arbitrary code via a large text value for a node (CVE-2010-1199).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1200).
Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1202).
Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2010-1203).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10
and 0.9.19 allows local users to change the ownership and permissions
of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary
file (CVE-2009-1299).
This update fixes this issue.
-
This update fixes a reported buffer overflow found with ntlm
authentication (MDV #59779).
Update:
This advisory is obsoleted by
http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:123
-
This update fixes a reported buffer overflow found with ntlm
authentication (MDV #59779).
This advisory obsoletes MDVA-2010:172
-
This update fixes a reported buffer overflow found with ntlm
authentication (MDV #59779).
-
The file /etc/profile.d/gpg-agent.sh uses the source statement which
is not valid in sh or ksh. The source statement for sh, ksh, and
bash should be . rather than source. This update fixes this issue.
Advisories MDVSA-2010:133: libpng
in Mandriva Security Advisories
Posted
Multiple vulnerabilities has been found and corrected in libpng:
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng
before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers
to cause a denial of service (memory exhaustion) via a crafted PNG file
(CVE-2008-6218.
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x
before 1.4.3, as used in progressive applications, might allow remote
attackers to execute arbitrary code via a PNG image that triggers an
additional data row (CVE-2010-1205).
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
1.4.3, allows remote attackers to cause a denial of service (memory
consumption and application crash) via a PNG image containing malformed
Physical Scale (aka sCAL) chunks (CVE-2010-2249).
As a precaution htmldoc has been rebuilt to link against the
system libpng library for CS4 and 2008.0. Latest xulrunner and
mozilla-thunderbird has been patched as a precaution for 2008.0 wheres
on 2009.0 and up the the system libpng library is used instead of the
bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is
therefore also being provided with this advisory.
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.