paul
-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
Multiple vulnerabilities has been discovered and fixed in tetex:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via a long
.bib bibliography file (CVE-2009-1284).
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted virtual font
(VF) file associated with a DVI file (CVE-2010-0827).
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and
teTeX, allow remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a malformed DVI file
(CVE-2010-0829).
Integer overflow in the predospecial function in dospecial.c in
dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote
attackers to execute arbitrary code via a crafted DVI file that
triggers a heap-based buffer overflow. NOTE: some of these details
are obtained from third party information (CVE-2010-0739).
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live
2009 and earlier, and teTeX, allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via
a special command in a DVI file, related to the (1) predospecial and
(2) bbdospecial functions, a different vulnerability than CVE-2010-0739
(CVE-2010-1440).
The corrected packages solves these problems.
-
This updates fixes issues with k3b when ripping CDs with external
encoder such as FLAC.
-
Updated libSDL packages are being provided for Mandriva Linux 2010.0
which fixes random crackling occurring when playing sound in SDL-based
applications via PulseAudio.
-
This update fixes a number of issues in msec:
- this update fixes incorrect German localization for msecperms
messages (bug #51005)
- this update allows to import legacy perm.local permissions
configuration file, which could be installed by third-party
applications
- this update fixes a crash when pam_unix is used together with msec
(bug #58018). Note that this configuration is not used by Mandriva
Linux usually, but can be employed in some custom environments.
- this update adds a IGNORE_PID_CHANGES variable to filter changes
in process PIDs when reporting changes in network configuration (bug
#56744). To use this functionality, add a IGNORE_PID_CHANGES=yes into
/etc/security/msec/security.conf, and changes in listening network
ports will be ignored during periodic checks.
- this update fixes an issue when chkrootkit results were not properly
excluded by the exceptions list (bug #58076)
-
A vulnerability has been discovered and fixed in libxext:
There's a race condition in libXext that causes apps that use the X
shared memory extensions to occasionally crash.
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
The corrected packages solves this problem.
-
Multiple vulnerabilities has been discovered and fixed in tetex:
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via a long
.bib bibliography file (CVE-2009-1284).
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted virtual font
(VF) file associated with a DVI file (CVE-2010-0827).
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and
teTeX, allow remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a malformed DVI file
(CVE-2010-0829).
Integer overflow in the predospecial function in dospecial.c in
dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote
attackers to execute arbitrary code via a crafted DVI file that
triggers a heap-based buffer overflow. NOTE: some of these details
are obtained from third party information (CVE-2010-0739).
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live
2009 and earlier, and teTeX, allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via
a special command in a DVI file, related to the (1) predospecial and
(2) bbdospecial functions, a different vulnerability than CVE-2010-0739
(CVE-2010-1440).
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
The corrected packages solves these problems.
-
let me expand on my previous comment.
The article suggested Mandriva may shut down after a couple of months if they cannot secure a purchaser.
that's sad
New owners may be excellent. They maybe just what Mandriva needs
-
sad !!!
-
x11-server contains a memory leak that is triggered when cursors
are changed, which might lead to high memory consumption over a long
period of time. This update fixes the problem.
-
Multiple vulnerabilies has been found and corrected in samba:
client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify
that the (1) device name and (2) mountpoint strings are composed of
valid characters, which allows local users to cause a denial of service
(mtab corruption) via a crafted string (CVE-2010-0547).
client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users
to mount a CIFS share on an arbitrary mountpoint, and gain privileges,
via a symlink attack on the mountpoint directory file (CVE-2010-0787).
The updated packages have been patched to correct these issues.
Update:
It was discovered that the previous Samba update required libtalloc
from Samba4 package. Therefore, this update provides the required
packages in order to fix the issue.
-
A vulnerability was discovered in mysql which would permit mysql users
without any kind of privileges to use the UNINSTALL PLUGIN function
(CVE-2010-1621).
A problem was discovered in the mysqld init script which under certain
circumstances could cause the service to exit too quickly, giving the [
OK ] status and before the mysql server was really started and bound
to the mysql socket or IP address. This caused a problem for products
like Pulse2.
The corrected packages solves these problems.
-
A vulnerability was discovered in mysql which would permit mysql users
without any kind of privileges to use the UNINSTALL PLUGIN function.
A problem was discovered in the mysqld init script which under certain
circumstances could cause the service to exit too quickly, giving the [
OK ] status and before the mysql server was really started and bound
to the mysql socket or IP address. This caused a problem for products
like Pulse2.
The corrected packages solves these problems.
-
A problem was discovered in the mysqld init script which under certain
circumstances could cause the service to exit too quickly, giving the [
OK ] status and before the mysql server was really started and bound
to the mysql socket or IP address. This caused a problem for products
like Pulse2. The corrected packages solves this problem.
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
-
It was not possible to load the lirc_atiusb and lirc_bt829 LIRC
infrared drivers due to an Unknown symbol error. The updated packages
fix this issue.
-
A vulnerability has been found and corrected in cacti:
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e
and earlier allows remote attackers to execute arbitrary SQL commands
via the export_item_id parameter (CVE-2010-1431).
Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4.
The updated packages have been patched to correct this issue.
-
Multiple vulnerabilies has been found and corrected in samba:
client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify
that the (1) device name and (2) mountpoint strings are composed of
valid characters, which allows local users to cause a denial of service
(mtab corruption) via a crafted string (CVE-2010-0547).
client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users
to mount a CIFS share on an arbitrary mountpoint, and gain privileges,
via a symlink attack on the mountpoint directory file (CVE-2010-0787).
The updated packages have been patched to correct these issues.
-
This update package contains a fix for Philco OEM systems, and does
not offer to upgrade them to latest distribution versions.
-
The LIRC infrared support in xine-ui program didn't work. This update
fixes the issue.
-
This updates provides a new OpenOffice.org version 3.1.1. It holds
security and bug fixes described as follow:
An integer underflow might allow remote attackers to execute arbitrary
code via crafted records in the document table of a Word document,
leading to a heap-based buffer overflow (CVE-2009-0200).
A heap-based buffer overflow might allow remote attackers to execute
arbitrary code via unspecified records in a crafted Word document,
related to table parsing (CVE-2009-0201).
A heap-based buffer overflow allows remote attackers to execute
arbitrary code via a crafted EMF file (CVE-2009-2139).
Multiple heap-based buffer overflows allow remote attackers to execute
arbitrary code via a crafted EMF+ file (CVE-2009-2140).
OpenOffice's xmlsec uses a bundled Libtool which might load .la
file in the current working directory allowing local users to gain
privileges via a Trojan horse file. For enabling such vulnerability
xmlsec has to use --enable-crypto_dl building flag however it does
not, although the fix keeps protected against this threat whenever
that flag had been enabled (CVE-2009-3736).
Addittionaly this update provides following bug fixes:
OpenOffice.org is not properly configure to use the xdg-email
functionality of the FreeDesktop standard (#52195).
Template desktop icons are not properly set up then they are not
presented under the context menu of applications like Dolphin (#56439).
libia_ora-gnome is added as suggest as long as that package is needed
for a better look (#57385#c28).
It is enabled a fallback logic to properly select an OpenOffice.org
style whenever one is set up but that is not installed (#57530#c1,
#53284, #45133, #39043)
It is enabled the Firefox plugin for viewing OpenOffice.org documents
inside browser.
Further packages were provided to supply OpenOffice.org. 3.1.1
dependencies.
-
This is bug fix release for MDS components. It comes also with some
new functionnalities like quotas management, public SSH keys management
in LDAP, massive import for users management...
-
Multiple vulnerabilies has been found and corrected in samba:
client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify
that the (1) device name and (2) mountpoint strings are composed of
valid characters, which allows local users to cause a denial of service
(mtab corruption) via a crafted string (CVE-2010-0547).
client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users
to mount a CIFS share on an arbitrary mountpoint, and gain privileges,
via a symlink attack on the mountpoint directory file (CVE-2010-0747).
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities has been found and corrected in gnutls:
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
3.12.4 and earlier, and other products, does not properly associate
renegotiation handshakes with an existing connection, which allows
man-in-the-middle attackers to insert data into HTTPS sessions,
and possibly other types of sessions protected by TLS or SSL, by
sending an unauthenticated request that is processed retroactively
by a server in a post-renegotiation context, related to a plaintext
injection attack, aka the Project Mogul issue (CVE-2009-3555).
The gnutls_x509_crt_get_serial function in the GnuTLS library before
1.2.1, when running on big-endian, 64-bit platforms, calls the
asn1_read_value with a pointer to the wrong data type and the wrong
length value, which allows remote attackers to bypass the certificate
revocation list (CRL) check and cause a stack-based buffer overflow
via a crafted X.509 certificate, related to extraction of a serial
number (CVE-2010-0731).
The updated packages have been patched to correct these issues.
-
Kdevelop provided with Mandriva 2010.0 could crash at startup. This
updates kdevelop to it's final version 4.0, fixing the reported bug
and adding many new functionalities as you can see on the official
kdevelop 4.0 release announcement:
http://www.kdevelop.org/mediawiki/index.php/KDevelop_4/4.0_Release_Announcement
-
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
state initialization, which allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly gain
privileges via unspecified ioctl calls. (CVE-2009-3620)
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always
follow NFS automount symlinks, which allows attackers to have an
unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)
The wake_futex_pi function in kernel/futex.c in the Linux kernel
before 2.6.33-rc7 does not properly handle certain unlock operations
for a Priority Inheritance (PI) futex, which allows local users to
cause a denial of service (OOPS) and possibly have unspecified other
impact via vectors involving modification of the futex value from
user space. (CVE-2010-0622)
drivers/connector/connector.c in the Linux kernel before 2.6.32.8
allows local users to cause a denial of service (memory consumption
and system crash) by sending the kernel many NETLINK_CONNECTOR
messages. (CVE-2010-0410)
The futex_lock_pi function in kernel/futex.c in the Linux kernel before
2.6.33-rc7 does not properly manage a certain reference count, which
allows local users to cause a denial of service (OOPS) via vectors
involving an unmount of an ext3 filesystem. (CVE-2010-0623)
Aditionally, the kernel was updated to the 2.6.31.13 stable release,
it was added support for Cirrus Logic CS420x HDA codec, Wacom driver
was updated to version 0.8.5-12 and there is a fix in the driver for
backlight on Eee PC 1201HA.
To update your kernel, please follow the directions located at:
Advisories MDVSA-2010:097: pidgin
in Mandriva Security Advisories
Posted
A security vulnerability has been identified and fixed in pidgin:
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in
libpurple in Pidgin before 2.7.0 allows remote attackers to cause
a denial of service (application crash) via a custom emoticon in a
malformed SLP message (CVE-2010-1624).
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
The updated packages have been patched to correct this issue.