paul

A vulnerability has been discovered and corrected in fastjar:

Directory traversal vulnerability in the extract_jar function

in jartool.c in FastJar 0.98 allows remote attackers to create

or overwrite arbitrary files via a .. (dot dot) in a non-initial

pathname component in a filename within a .jar archive, a related

issue to CVE-2005-1080. NOTE: this vulnerability exists because of

an incomplete fix for CVE-2006-3619 (CVE-2010-0831).

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

This update contains an important fix for YouTube video parsing,

fixing a problem which was introduced when YouTube introduced new

rating elements.

A vulnerability has been discovered and corrected in pango:

Array index error in the hb_ot_layout_build_glyph_classes function

in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows

context-dependent attackers to cause a denial of service (application

crash) via a crafted font file, related to building a synthetic

Glyph Definition (aka GDEF) table by using this font's charmap and

the Unicode property database (CVE-2010-0421).

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

A vulnerability was reported in the SquirrelMail Mail Fetch plugin,

wherein (when the plugin is activated by the administrator) a user

is allowed to specify (without restriction) any port number for their

external POP account settings. While the intention is to allow users

to access POP3 servers using non-standard ports, this also allows

malicious users to effectively port-scan any server through their

SquirrelMail service (especially note that when a SquirrelMail server

resides on a network behind a firewall, it may allow the user to

explore the network topography (DNS scan) and services available

(port scan) on the inside of (behind) that firewall). As this

vulnerability is only exploitable post-authentication, and better

more specific port scanning tools are freely available, we consider

this vulnerability to be of very low severity. It has been fixed by

restricting the allowable POP port numbers (with an administrator

configuration override available) (CVE-2010-1637).

The updated packages have been patched to correct this issue.

Fix typo in initscript headers of mmc-agent

Update:

The MDVA-2010:165 advisory provided the wrong set of packages that

is now resolved.

A vulnerability has been discovered and corrected in samba:

Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory

corruption vulnerability. Code dealing with the chaining of SMB1

packets did not correctly validate an input field provided by the

client, making it possible for a specially crafted packet to crash

the server or potentially cause the server to execute arbitrary code

(CVE-2010-2063).

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

A vulnerability has been discovered and corrected in sudo:

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and

1.7.0 through 1.7.2p6 does not properly handle an environment that

contains multiple PATH variables, which might allow local users

to gain privileges via a crafted value of the last PATH variable

(CVE-2010-1646).

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

A vulnerability has been discovered and corrected in cacti:

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier

allows remote attackers to execute arbitrary SQL commands via the

rra_id parameter in a GET request in conjunction with a valid rra_id

value in a POST request or a cookie, which bypasses the validation

routine (CVE-2010-2092).

The updated packages have been patched to correct this issue.

A problem was discovered with the perl-base package during certain

conditions and which could prevent it from being installed correctly,

related to a dependency problem. The fixed packages resolves this

problem.

It was discovered php-xdebug-2.0.5 did not work properly for

php-5.3.2. This advisory upgrades php-xdebug to 2.1.0 RC1 which solves

this problem.

Development packages for i586 and x86_64 could not be installed at

the same time due to file conflicts on documentation. This update

moves documentation files into a separate package to fix that.

Additionally python-celementtree has been added to this advisory to

solve added dependancies.

Espeak as shipped with Mandriva 2010.0 had no support for

pulseaudio. An updated package was provided that added pulseaudio

support, but didn't work anymore for systems that had pulseaudio

disabled. This update makes espeak work in both scenarios.

Additional packages has been added to this advisory to solve dependency

problems.

It was discovered php-eaccelerator-0.9.6 did not work properly with

open_basedir for php-5.3.2. This advisory upgrades php-eaccelerator

to 0.9.6.1 which solves this problem.

This advisory updates wireshark to the latest version(s), fixing

several security issues:

The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0

through 1.2.8 allows remote attackers to cause a denial of service

(NULL pointer dereference) via unknown vectors (CVE-2010-2283).

Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through

1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack

vectors (CVE-2010-2284).

The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0

through 1.2.8 allows remote attackers to cause a denial of service

(NULL pointer dereference) via unknown vectors (CVE-2010-2285).

The SigComp Universal Decompressor Virtual Machine dissector in

Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote

attackers to cause a denial of service (infinite loop) via unknown

vectors (CVE-2010-2286).

Buffer overflow in the SigComp Universal Decompressor Virtual Machine

dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8

has unknown impact and remote attack vectors (CVE-2010-2287).

Multiple vulnerabilities has been discovered and corrected in

Safe.pm which could lead to escalated privilegies (CVE-2010-1168,

CVE-2010-1447). The updated packages have been patched to correct

these issues.

Multiple vulnerabilities has been discovered and corrected in Path.pm

and Safe.pm which could lead to escalated privilegies (CVE-2008-5302,

CVE-2008-5303, CVE-2010-1168, CVE-2010-1447). The updated packages

have been patched to correct these issues.

A vulnerability has been found and corrected in dhcp:

ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote

attackers to cause a denial of service (server exit) via a zero-length

client ID (CVE-2010-2156).

The updated packages have been patched to correct this issue.

Fix typo in initscript headers of mmc-agent

This advisory updates wireshark to the latest version(s), fixing

several security issues:

* The SMB dissector could dereference a NULL pointer. (Bug 4734)

* J. Oquendo discovered that the ASN.1 BER dissector could overrun

the stack.

* The SMB PIPE dissector could dereference a NULL pointer on some

platforms.

* The SigComp Universal Decompressor Virtual Machine could go into

an infinite loop. (Bug 4826)

* The SigComp Universal Decompressor Virtual Machine could overrun

a buffer. (Bug 4837)

Changes on the ICQ servers made the login impossible if the clientLogin

and SSL options were enabled. This update adds patches to restore

these options. Also add xdg patch from cooker.

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This is a maintenance update that upgrades php to the latest upstream

version(s) for CS4/MES5/2008.0/2009.0/2009.1/2010.0.

Additionally some of the third party extensions and required

dependencies has been upgraded.

Corporate Server 4.0 with php-5.1.6 had the old Hardening-Patch

0.4.14 applied statically. The updated packages for Corporate Server

4.0 brings the successor of the Hardening-Patch named Suhosin which

loads the hardening features as a normal extension (suhosin.so),

and as such can be unloaded.

Suhosin is enabled by default for all Mandriva Linux products.

For Mandriva Linux 2010.0 the FPM SAPI has been added and will probably

appear in the next stable php-5.3.x version.

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Multiple vulnerabilities was discovered and fixed in glibc:

Multiple integer overflows in the strfmon implementation in

the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow

context-dependent attackers to cause a denial of service (memory

consumption or application crash) via a crafted format string, as

demonstrated by a crafted first argument to the money_format function

in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).

Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c

in the strfmon implementation in the GNU C Library (aka glibc or

libc6) before 2.10.1 allows context-dependent attackers to cause a

denial of service (application crash) via a crafted format string,

as demonstrated by the %99999999999999999999n string, a related issue

to CVE-2008-1391 (CVE-2009-4881).

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)

2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the

passwd.adjunct.byname map to entries in the passwd map, which allows

remote attackers to obtain the encrypted passwords of NIS accounts

by calling the getpwnam function (CVE-2010-0015).

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka

glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,

does not properly handle newline characters in mountpoint names, which

allows local users to cause a denial of service (mtab corruption),

or possibly modify mount options and gain privileges, via a crafted

mount request (CVE-2010-0296).

Integer signedness error in the elf_get_dynamic_info function

in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or

libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows

user-assisted remote attackers to execute arbitrary code via a crafted

ELF program with a negative value for a certain d_tag structure member

in the ELF header (CVE-2010-0830).

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Multiple vulnerabilities was discovered and fixed in glibc:

Multiple integer overflows in the strfmon implementation in

the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow

context-dependent attackers to cause a denial of service (memory

consumption or application crash) via a crafted format string, as

demonstrated by a crafted first argument to the money_format function

in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).

nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)

2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the

passwd.adjunct.byname map to entries in the passwd map, which allows

remote attackers to obtain the encrypted passwords of NIS accounts

by calling the getpwnam function (CVE-2010-0015).

The encode_name macro in misc/mntent_r.c in the GNU C Library (aka

glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,

does not properly handle newline characters in mountpoint names, which

allows local users to cause a denial of service (mtab corruption),

or possibly modify mount options and gain privileges, via a crafted

mount request (CVE-2010-0296).

Integer signedness error in the elf_get_dynamic_info function

in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or

libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows

user-assisted remote attackers to execute arbitrary code via a crafted

ELF program with a negative value for a certain d_tag structure member

in the ELF header (CVE-2010-0830).

The updated packages have been patched to correct these issues.

The latest update to openssh application caused it to display bogus

FAILED status when shutting down or restarting, when no clients are

connected to the ssh server. This update fixes this issue.

The find utility in Mandriva Linux 2010.0 could give bogus 'No such

file or directory' messages, when run from msec application. This

advisory updates the find application to the latest available version,

fixing this issue.