paul

This is a maintenance update that upgrades php to the latest upstream version(s) for CS4/MES5/2008.0/2009.0/2009.1/2010.0. Additionally some of the third party extensions and required dependencies has been upgraded. Corporate Server 4.0 with php-5.1.6 had the old Hardening-Patch 0.4.14 applied statically. The updated packages for Corporate Server 4.0 brings the successor of the Hardening-Patch named Suhosin which loads the hardening features as a normal extension (suhosin.so), and as such can be unloaded. Suhosin is enabled by default for all Mandriva Linux products. For Mandriva Linux 2010.0 the FPM SAPI has been added and will probably appear in the next stable php-5.3.x version. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Multiple vulnerabilities was discovered and fixed in glibc: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880). Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391 (CVE-2009-4881). nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function (CVE-2010-0015). The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request (CVE-2010-0296). Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header (CVE-2010-0830). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.

Multiple vulnerabilities was discovered and fixed in glibc: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880). nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function (CVE-2010-0015). The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request (CVE-2010-0296). Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header (CVE-2010-0830). The updated packages have been patched to correct these issues.

The latest update to openssh application caused it to display bogus FAILED status when shutting down or restarting, when no clients are connected to the ssh server. This update fixes this issue.

The find utility in Mandriva Linux 2010.0 could give bogus 'No such file or directory' messages, when run from msec application. This advisory updates the find application to the latest available version, fixing this issue.

The heartbeat package in the 2010.0 release had wrong permissions and ownership for /usr/bin/cl_status this prevented it from working correctly. Also when peers were outdated heartbeat didn't failover gracefully. This update fixes both these issues.

Tighten required packages versions on mmc.

This updates gdcm to version 20.0.14 and corrects some packaging issues that rendered the python interface non functional.

The Gnome Settings Daemon would crash when the multimedia volume keys were used when the mouse pointer is on the secondary screen. This updates gtk+ to a new version that also has fixes for crashes in empathy, eog and other applications.

Multiple vulnerabilities was discovered and fixed in clamav: The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length (CVE-2010-1639). Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling (CVE-2010-1640). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides clamav 0.96.1 which is not vulnerable to these issues.

A vulnerability was discovered and fixed in gtk+2.0: gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times (CVE-2010-0732). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update fixes this issue.

A vulnerability was discovered and fixed in kolab-horde-framework: Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an image upload form. (CVE-2009-4824). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update fixes this issue.

Multiple vulnerabilities has been found and corrected in mysql: The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table-level grants by providing a specially crafted table name argument to COM_FIELD_LIST (CVE-2010-1848). The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet CVE-2010-1849). The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code (CVE-2010-1850). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.

A vulnerability was discovered in aria2 which allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file (CVE-2010-1512). This update fixes this issue. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow: An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow (CVE-2009-0200). A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing (CVE-2009-0201). A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file (CVE-2009-2139). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Addittionaly this update provides following bug fixes: OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195). Template desktop icons are not properly set up then they are not presented under the context menu of applications like Dolphin (#56439). libia_ora-gnome is added as suggest as long as that package is needed for a better look (#57385#c28). It is enabled a fallback logic to properly select an OpenOffice.org style whenever one is set up but that is not installed (#57530#c1, #53284, #45133, #39043) It is enabled the Firefox plugin for viewing OpenOffice.org documents inside browser. Further packages were provided to supply OpenOffice.org. 3.1.1 dependencies.

This updates digikam and all it's dependencies, fixing some bugs, notably #56078, and introducing functionalities and boosting up stability.

A vulnerability was discovered and corrected in dovecot: Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message (CVE-2010-0745). This update provides dovecot 1.2.11 which is not vulnerable to this issue and also holds many bugfixes as well.

Multiple vulnerabilities was discovered and corrected in postgresql: The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an overflow. (CVE-2010-0442). A flaw was found in the way the PostgreSQL server process enforced permission checks on scripts written in PL/Perl. A remote, authenticated user, running a specially-crafted PL/Perl script, could use this flaw to bypass PL/Perl trusted mode restrictions, allowing them to obtain sensitive information; execute arbitrary Perl scripts; or cause a denial of service (remove protected, sensitive data) (CVE-2010-1169). The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script (CVE-2010-1170). PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement (CVE-2010-1975). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides a solution to these vulnerabilities.

mono as shipped with Mandriva 2010.0 was built with wrong compiler optimizations that made some applications freeze. The updated package uses safe compiler flags that prevents the freeze.

Multiple vulnerabilities has been found and corrected in clamav: ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities (CVE-2010-0098). The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information (CVE-2010-1311). This update provides clamav 0.96, which is not vulnerable to these issues. Update: Packages for 2009.0 are provided due to the Extended Maintenance Program.

A vulnerability has been found and corrected in ghostscript: Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file (CVE-2010-1869). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in mysql: It was possible for DROP TABLE of one MyISAM table to remove the data and index files of a different MyISAM table (CVE-2010-1626). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in krb5: Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library (CVE-2010-1321). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been discovered and fixed in kget (kdenetwork4): Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file (CVE-2010-1000). KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file (CVE-2010-1511). Packages for 2009.0 are provided due to the Extended Maintenance Program. The corrected packages solves these problems.