-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
This update contains an important fix for YouTube video parsing,
fixing a problem which was introduced when YouTube introduced new
rating elements.
-
A vulnerability has been discovered and corrected in pango:
Array index error in the hb_ot_layout_build_glyph_classes function
in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows
context-dependent attackers to cause a denial of service (application
crash) via a crafted font file, related to building a synthetic
Glyph Definition (aka GDEF) table by using this font's charmap and
the Unicode property database (CVE-2010-0421).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A vulnerability was reported in the SquirrelMail Mail Fetch plugin,
wherein (when the plugin is activated by the administrator) a user
is allowed to specify (without restriction) any port number for their
external POP account settings. While the intention is to allow users
to access POP3 servers using non-standard ports, this also allows
malicious users to effectively port-scan any server through their
SquirrelMail service (especially note that when a SquirrelMail server
resides on a network behind a firewall, it may allow the user to
explore the network topography (DNS scan) and services available
(port scan) on the inside of (behind) that firewall). As this
vulnerability is only exploitable post-authentication, and better
more specific port scanning tools are freely available, we consider
this vulnerability to be of very low severity. It has been fixed by
restricting the allowable POP port numbers (with an administrator
configuration override available) (CVE-2010-1637).
The updated packages have been patched to correct this issue.
-
Fix typo in initscript headers of mmc-agent
Update:
The MDVA-2010:165 advisory provided the wrong set of packages that
is now resolved.
-
A vulnerability has been discovered and corrected in samba:
Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory
corruption vulnerability. Code dealing with the chaining of SMB1
packets did not correctly validate an input field provided by the
client, making it possible for a specially crafted packet to crash
the server or potentially cause the server to execute arbitrary code
(CVE-2010-2063).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A vulnerability has been discovered and corrected in sudo:
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and
1.7.0 through 1.7.2p6 does not properly handle an environment that
contains multiple PATH variables, which might allow local users
to gain privileges via a crafted value of the last PATH variable
(CVE-2010-1646).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A vulnerability has been discovered and corrected in cacti:
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier
allows remote attackers to execute arbitrary SQL commands via the
rra_id parameter in a GET request in conjunction with a valid rra_id
value in a POST request or a cookie, which bypasses the validation
routine (CVE-2010-2092).
The updated packages have been patched to correct this issue.
-
A problem was discovered with the perl-base package during certain
conditions and which could prevent it from being installed correctly,
related to a dependency problem. The fixed packages resolves this
problem.
-
It was discovered php-xdebug-2.0.5 did not work properly for
php-5.3.2. This advisory upgrades php-xdebug to 2.1.0 RC1 which solves
this problem.
-
Development packages for i586 and x86_64 could not be installed at
the same time due to file conflicts on documentation. This update
moves documentation files into a separate package to fix that.
Additionally python-celementtree has been added to this advisory to
solve added dependancies.
-
Espeak as shipped with Mandriva 2010.0 had no support for
pulseaudio. An updated package was provided that added pulseaudio
support, but didn't work anymore for systems that had pulseaudio
disabled. This update makes espeak work in both scenarios.
Additional packages has been added to this advisory to solve dependency
problems.
-
It was discovered php-eaccelerator-0.9.6 did not work properly with
open_basedir for php-5.3.2. This advisory upgrades php-eaccelerator
to 0.9.6.1 which solves this problem.
-
This advisory updates wireshark to the latest version(s), fixing
several security issues:
The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0
through 1.2.8 allows remote attackers to cause a denial of service
(NULL pointer dereference) via unknown vectors (CVE-2010-2283).
Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through
1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack
vectors (CVE-2010-2284).
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0
through 1.2.8 allows remote attackers to cause a denial of service
(NULL pointer dereference) via unknown vectors (CVE-2010-2285).
The SigComp Universal Decompressor Virtual Machine dissector in
Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote
attackers to cause a denial of service (infinite loop) via unknown
vectors (CVE-2010-2286).
Buffer overflow in the SigComp Universal Decompressor Virtual Machine
dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8
has unknown impact and remote attack vectors (CVE-2010-2287).
-
Multiple vulnerabilities has been discovered and corrected in
Safe.pm which could lead to escalated privilegies (CVE-2010-1168,
CVE-2010-1447). The updated packages have been patched to correct
these issues.
-
Multiple vulnerabilities has been discovered and corrected in Path.pm
and Safe.pm which could lead to escalated privilegies (CVE-2008-5302,
CVE-2008-5303, CVE-2010-1168, CVE-2010-1447). The updated packages
have been patched to correct these issues.
-
A vulnerability has been found and corrected in dhcp:
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote
attackers to cause a denial of service (server exit) via a zero-length
client ID (CVE-2010-2156).
The updated packages have been patched to correct this issue.
-
Fix typo in initscript headers of mmc-agent
-
This advisory updates wireshark to the latest version(s), fixing
several security issues:
* The SMB dissector could dereference a NULL pointer. (Bug 4734)
* J. Oquendo discovered that the ASN.1 BER dissector could overrun
the stack.
* The SMB PIPE dissector could dereference a NULL pointer on some
platforms.
* The SigComp Universal Decompressor Virtual Machine could go into
an infinite loop. (Bug 4826)
* The SigComp Universal Decompressor Virtual Machine could overrun
a buffer. (Bug 4837)
-
Changes on the ICQ servers made the login impossible if the clientLogin
and SSL options were enabled. This update adds patches to restore
these options. Also add xdg patch from cooker.
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
-
This is a maintenance update that upgrades php to the latest upstream
version(s) for CS4/MES5/2008.0/2009.0/2009.1/2010.0.
Additionally some of the third party extensions and required
dependencies has been upgraded.
Corporate Server 4.0 with php-5.1.6 had the old Hardening-Patch
0.4.14 applied statically. The updated packages for Corporate Server
4.0 brings the successor of the Hardening-Patch named Suhosin which
loads the hardening features as a normal extension (suhosin.so),
and as such can be unloaded.
Suhosin is enabled by default for all Mandriva Linux products.
For Mandriva Linux 2010.0 the FPM SAPI has been added and will probably
appear in the next stable php-5.3.x version.
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
-
Multiple vulnerabilities was discovered and fixed in glibc:
Multiple integer overflows in the strfmon implementation in
the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow
context-dependent attackers to cause a denial of service (memory
consumption or application crash) via a crafted format string, as
demonstrated by a crafted first argument to the money_format function
in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c
in the strfmon implementation in the GNU C Library (aka glibc or
libc6) before 2.10.1 allows context-dependent attackers to cause a
denial of service (application crash) via a crafted format string,
as demonstrated by the %99999999999999999999n string, a related issue
to CVE-2008-1391 (CVE-2009-4881).
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)
2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the
passwd.adjunct.byname map to entries in the passwd map, which allows
remote attackers to obtain the encrypted passwords of NIS accounts
by calling the getpwnam function (CVE-2010-0015).
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka
glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,
does not properly handle newline characters in mountpoint names, which
allows local users to cause a denial of service (mtab corruption),
or possibly modify mount options and gain privileges, via a crafted
mount request (CVE-2010-0296).
Integer signedness error in the elf_get_dynamic_info function
in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or
libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows
user-assisted remote attackers to execute arbitrary code via a crafted
ELF program with a negative value for a certain d_tag structure member
in the ELF header (CVE-2010-0830).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities was discovered and fixed in glibc:
Multiple integer overflows in the strfmon implementation in
the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow
context-dependent attackers to cause a denial of service (memory
consumption or application crash) via a crafted format string, as
demonstrated by a crafted first argument to the money_format function
in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)
2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the
passwd.adjunct.byname map to entries in the passwd map, which allows
remote attackers to obtain the encrypted passwords of NIS accounts
by calling the getpwnam function (CVE-2010-0015).
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka
glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,
does not properly handle newline characters in mountpoint names, which
allows local users to cause a denial of service (mtab corruption),
or possibly modify mount options and gain privileges, via a crafted
mount request (CVE-2010-0296).
Integer signedness error in the elf_get_dynamic_info function
in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or
libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows
user-assisted remote attackers to execute arbitrary code via a crafted
ELF program with a negative value for a certain d_tag structure member
in the ELF header (CVE-2010-0830).
The updated packages have been patched to correct these issues.
-
The latest update to openssh application caused it to display bogus
FAILED status when shutting down or restarting, when no clients are
connected to the ssh server. This update fixes this issue.
-
The find utility in Mandriva Linux 2010.0 could give bogus 'No such
file or directory' messages, when run from msec application. This
advisory updates the find application to the latest available version,
fixing this issue.
Advisories MDVSA-2010:122: fastjar
in Mandriva Security Advisories
Posted
A vulnerability has been discovered and corrected in fastjar:
Directory traversal vulnerability in the extract_jar function
in jartool.c in FastJar 0.98 allows remote attackers to create
or overwrite arbitrary files via a .. (dot dot) in a non-initial
pathname component in a filename within a .jar archive, a related
issue to CVE-2005-1080. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2006-3619 (CVE-2010-0831).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.