paul

This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow: An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow (CVE-2009-0200). A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing (CVE-2009-0201). A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file (CVE-2009-2139). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Addittionaly this update provides following bug fixes: OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195). Template desktop icons are not properly set up then they are not presented under the context menu of applications like Dolphin (#56439). libia_ora-gnome is added as suggest as long as that package is needed for a better look (#57385#c28). It is enabled a fallback logic to properly select an OpenOffice.org style whenever one is set up but that is not installed (#57530#c1, #53284, #45133, #39043) It is enabled the Firefox plugin for viewing OpenOffice.org documents inside browser. Further packages were provided to supply OpenOffice.org. 3.1.1 dependencies.

This is bug fix release for MDS components. It comes also with some new functionnalities like quotas management, public SSH keys management in LDAP, massive import for users management...

Multiple vulnerabilies has been found and corrected in samba: client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string (CVE-2010-0547). client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file (CVE-2010-0747). The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in gnutls: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue (CVE-2009-3555). The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number (CVE-2010-0731). The updated packages have been patched to correct these issues.

Kdevelop provided with Mandriva 2010.0 could crash at startup. This updates kdevelop to it's final version 4.0, fixing the reported bug and adding many new functionalities as you can see on the official kdevelop 4.0 release announcement: http://www.kdevelop.org/mediawiki/index.php/KDevelop_4/4.0_Release_Announcement

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. (CVE-2009-3620) fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount symlinks, which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088) The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622) drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. (CVE-2010-0410) The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. (CVE-2010-0623) Aditionally, the kernel was updated to the 2.6.31.13 stable release, it was added support for Cirrus Logic CS420x HDA codec, Wacom driver was updated to version 0.8.5-12 and there is a fix in the driver for backlight on Eee PC 1201HA. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate

Multiple vulnerabilities has been found and corrected in poppler: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) setBitmap and (2) readSymbolDictSeg (CVE-2009-0146). Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier allow remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0147). The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory (CVE-2009-0166). Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments (CVE-2009-0195). The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read (CVE-2009-0799). Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-0800). Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-1179). The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data (CVE-2009-1180). The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference (CVE-2009-1181). Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-1182). The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file (CVE-2009-1183). Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc) (CVE-2009-1187). Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to SplashBitmap (splash/SplashBitmap.cc) (CVE-2009-1188). The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow (CVE-2009-3604). Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3606). Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603). Additionally the kdegraphics package was rebuild to make kdegraphics-kpdf link correctly to the new poppler libraries and are also provided. The updated poppler packages have upgraded to 0.5.4 and have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in kpdf (kdegraphics): Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read (CVE-2009-3609). The updated packages have been patched to correct thess issues.

gtkspell would consume much memory when several instances were used. This affected pidgin. This update changes the way gtkspell loads the dictionaries to use less memory.

Updated timezone packages for PHP are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. Packages for 2008.0 are provided due to the Extended Maintenance Program.

man .. that looks trippy as !!! :)

A vulnerability was discovered and corrected in gimp: Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow (CVE-2009-3909). Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability. Update: Packages for 2009.0 are provided due to the Extended Maintenance Program.

Security vulnerabilities has been identified and fixed in pidgin: The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing ' ' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution (CVE-2010-0420). oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow (CVE-2010-0423). Packages for 2009.0 are provided due to the Extended Maintenance Program. This update provides pidgin 2.6.6, which is not vulnerable to these issues.

A vulnerability has been found and corrected in sudo: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426 (CVE-2010-1163). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Update: Packages for 2009.0 are provided due to the Extended Maintenance Program.

Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.

Update for iproute2 package which is for now quite old. Fix inet prefix bug.

This new release fixes various issues in the PHP Pear MDB2 modules: - Can't save any identity (mdb2 problem) - When editing identities inside roundcube's preferences panel (ie: to change my display name), saving always return the error SERVICE CURRENTLY NOT AVAILABLE! Error No. [0x01F4] - _skipDelimitedStrings() fails on empty strings

Multiple Java OpenJDK security vulnerabilities has been identified and fixed: - TLS: MITM attacks via session renegotiation (CVE-2009-3555). - Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082). - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). - File TOCTOU deserialization vulnerability (CVE-2010-0085). - Inflater/Deflater clone issues (CVE-2010-0088). - Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091). - AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092). - System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093). - Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094). - Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095). - JAR unpack200 must verify input parameters (CVE-2010-0837). - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). - Applet Trusted Methods Chaining Privilege Escalation Vulner ability (CVE-2010-0840). - No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845) - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). - AWT Library Invalid Index Vulnerability (CVE-2010-0848). Additional security issues that was fixed with IcedTea6 1.6.2: - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885). Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages: * plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474. Packages for 2009.0 are provided due to the Extended Maintenance Program.

xvt script was not detecting KDE4 properly and was forking KDE4 terminal, which could break some scripts. This updates fixes this issue and also disable some unwanted sound events when using Firefox 3.6.x under GNOME.

Sane wasn't compiled with V4L (video4linux) support. This packages update fixes this issue. Additional packages is being provided to satisfy the added dependencies.

gdm was not configuring properly dpi value to use for its graphical greeter, which could lead to unreadable text on HD resolution with some graphical chipset. This package update fixes this issue.

Plymouth verbose mode at shutdown was not displaying logs properly. This update fixes this issue.

It was discovered that yelp stopped working correctly on Mandriva Linux with latest xulrunner. This update addresses this problem. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.

This update fixes an issue with rpm filetriggers : when several file triggers are ran in parallel and try to read from stdin, a pipe filedescriptor leak leads to a deadlock and rpm freezing.

Multiple vulnerabilities has been found and corrected in mozilla-thunderbird: Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2009-0689). Integer overflow in a base64 decoding function in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-2463). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3072). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3075). Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability. (CVE-2009-3077) Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file (CVE-2009-3376). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2010-0163). This update provides the latest version of Thunderbird which are not vulnerable to these issues. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Additionally, some packages which require so, have been rebuilt and are being provided as updates.