paul
-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
Multiple vulnerabilities has been found and corrected in kpdf
(kdegraphics):
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).
Integer overflow in the ImageStream::ImageStream function in Stream.cc
in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,
kdegraphics KPDF, and CUPS pdftops, allows remote attackers to
cause a denial of service (application crash) via a crafted PDF
document that triggers a NULL pointer dereference or buffer over-read
(CVE-2009-3609).
The updated packages have been patched to correct thess issues.
-
gtkspell would consume much memory when several instances were
used. This affected pidgin. This update changes the way gtkspell
loads the dictionaries to use less memory.
-
Updated timezone packages for PHP are being provided for older Mandriva
Linux systems that do not contain new Daylight Savings Time information
and Time Zone information for some locations. These updated packages
contain the new information.
Packages for 2008.0 are provided due to the Extended Maintenance
Program.
-
man .. that looks trippy as !!! :)
-
A vulnerability was discovered and corrected in gimp:
Integer overflow in the read_channel_data function in
plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a crafted PSD file that triggers a
heap-based buffer overflow (CVE-2009-3909).
Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was
incomplete, this update corrects this as well.
This update provides a solution to this vulnerability.
Update:
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
-
Security vulnerabilities has been identified and fixed in pidgin:
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium
before 1.3.7 allows remote attackers to cause a denial of service
(application crash) via crafted contact-list data for (1) ICQ and
possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615).
Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).
Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).
Certain malformed SLP messages can trigger a crash because the MSN
protocol plugin fails to check that all pieces of the message are
set correctly (CVE-2010-0277).
In a user in a multi-user chat room has a nickname containing '
'
then libpurple ends up having two users with username ' ' in the room,
and Finch crashes in this situation. We do not believe there is a
possibility of remote code execution (CVE-2010-0420).
oCERT notified us about a problem in Pidgin, where a large amount of
processing time will be used when inserting many smileys into an IM
or chat window. This should not cause a crash, but Pidgin can become
unusable slow (CVE-2010-0423).
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
This update provides pidgin 2.6.6, which is not vulnerable to these
issues.
-
A vulnerability has been found and corrected in sudo:
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
not properly handle when a file in the current working directory has
the same name as a pseudo-command in the sudoers file and the PATH
contains an entry for ., which allows local users to execute arbitrary
commands via a Trojan horse executable, as demonstrated using sudoedit,
a different vulnerability than CVE-2010-0426 (CVE-2010-1163).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
Update:
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
-
Updated timezone packages are being provided for older Mandriva Linux
systems that do not contain new Daylight Savings Time information
and Time Zone information for some locations. These updated packages
contain the new information.
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
-
This new release fixes various issues in the PHP Pear MDB2 modules:
- Can't save any identity (mdb2 problem)
- When editing identities inside roundcube's preferences panel (ie:
to change my display name), saving always return the error SERVICE
CURRENTLY NOT AVAILABLE! Error No. [0x01F4]
- _skipDelimitedStrings() fails on empty strings
-
Update for iproute2 package which is for now quite old. Fix inet
prefix bug.
-
Multiple Java OpenJDK security vulnerabilities has been identified
and fixed:
- TLS: MITM attacks via session renegotiation (CVE-2009-3555).
- Loader-constraint table allows arrays instead of only the b
ase-classes (CVE-2010-0082).
- Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
- File TOCTOU deserialization vulnerability (CVE-2010-0085).
- Inflater/Deflater clone issues (CVE-2010-0088).
- Unsigned applet can retrieve the dragged information before drop
action occurs (CVE-2010-0091).
- AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
(CVE-2010-0092).
- System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes (CVE-2010-0093).
- Deserialization of RMIConnectionImpl objects should enforce stricter
checks (CVE-2010-0094).
- Subclasses of InetAddress may incorrectly interpret network addresses
(CVE-2010-0095).
- JAR unpack200 must verify input parameters (CVE-2010-0837).
- CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).
- Applet Trusted Methods Chaining Privilege Escalation Vulner ability
(CVE-2010-0840).
- No ClassCastException for HashAttributeSet constructors if run with
-Xcomp (CVE-2010-0845)
- ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).
- AWT Library Invalid Index Vulnerability (CVE-2010-0848).
Additional security issues that was fixed with IcedTea6 1.6.2:
- deprecate MD2 in SSL cert validation (CVE-2009-2409).
- ICC_Profile file existence detection information leak
(CVE-2009-3728).
- JRE AWT setDifflCM stack overflow (CVE-2009-3869).
- JRE AWT setBytePixels heap overflow (CVE-2009-3871).
- JPEG Image Writer quantization problem (CVE-2009-3873).
- ImageI/O JPEG heap overflow (CVE-2009-3874).
- MessageDigest.isEqual introduces timing attack vulnerabilities
(CVE-2009-3875).
- OpenJDK ASN.1/DER input stream parser denial of service
(CVE-2009-3876, CVE-2009-3877)
- GraphicsConfiguration information leak (CVE-2009-3879).
- UI logging information leakage (CVE-2009-3880).
- resurrected classloaders can still have children (CVE-2009-3881).
- Numerous static security flaws in Swing (findbugs) (CVE-2009-3882).
- Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883).
- zoneinfo file existence information leak (CVE-2009-3884).
- BMP parsing DoS with UNC ICC links (CVE-2009-3885).
Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found
and fixed a bug in IcedTea6 1.8 that is also applied to the provided
packages:
* plugin/icedteanp/IcedTeaNPPlugin.cc
(plugin_filter_environment): Increment malloc size by one to
account for
NULL terminator. Bug# 474.
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
-
xvt script was not detecting KDE4 properly and was forking KDE4
terminal, which could break some scripts. This updates fixes this
issue and also disable some unwanted sound events when using Firefox
3.6.x under GNOME.
-
gdm was not configuring properly dpi value to use for its graphical
greeter, which could lead to unreadable text on HD resolution with
some graphical chipset. This package update fixes this issue.
-
Sane wasn't compiled with V4L (video4linux) support. This packages
update fixes this issue.
Additional packages is being provided to satisfy the added
dependencies.
-
Plymouth verbose mode at shutdown was not displaying logs
properly. This update fixes this issue.
-
It was discovered that yelp stopped working correctly on Mandriva
Linux with latest xulrunner. This update addresses this problem.
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
-
This update fixes an issue with rpm filetriggers : when several
file triggers are ran in parallel and try to read from stdin, a pipe
filedescriptor leak leads to a deadlock and rpm freezing.
-
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19
process e-mail attachments with a parser that performs casts and
line termination incorrectly, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted message, related to message indexing
(CVE-2009-0689).
Integer overflow in a base64 decoding function in Mozilla Firefox
before 3.0.12 and Thunderbird allows remote attackers to cause a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unspecified vectors (CVE-2009-2463).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2009-3072).
Multiple unspecified vulnerabilities in the JavaScript engine
in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2009-3075).
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not
properly manage pointers for the columns (aka TreeColumns) of a XUL
tree element, which allows remote attackers to execute arbitrary
code via a crafted HTML document, related to a dangling pointer
vulnerability. (CVE-2009-3077)
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey
before 2.0, does not properly handle a right-to-left override (aka
RLO or U+202E) Unicode character in a download filename, which allows
remote attackers to spoof file extensions via a crafted filename,
as demonstrated by displaying a non-executable extension for an
executable file (CVE-2009-3376).
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey
before 2.0.1, allows remote attackers to send authenticated requests
to arbitrary applications by replaying the NTLM credentials of a
browser user (CVE-2009-3983).
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19
process e-mail attachments with a parser that performs casts and
line termination incorrectly, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted message, related to message indexing
(CVE-2010-0163).
This update provides the latest version of Thunderbird which are not
vulnerable to these issues.
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
This updates fixes a wrong Obsoletes: tag on netcdf package which
would break upgrades to 2010.1.
-
It was discovered that epiphany stopped working correctly on Mandriva
Linux 2009.0 and 2009.1 with latest xulrunner. This update addresses
this problem.
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
Update:
The packages for Mandriva Linux 2009.0 had the wrong release number
which prevented an upgrade. The update packages addresses the problem.
-
It was discovered that epiphany stopped working correctly on Mandriva
Linux 2009.0 and 2009.1 with latest xulrunner. This update addresses
this problem.
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
-
This is the latest IaOra package, with fixes for some issues:
- ability to align window titles to left (bug #57056)
- Date field on kontact calendar - New event is too small #55699
- Two bugs on IaOra colors on lists #56883 and #57079
-
A change on the youtube web page has stopped the youtube plugin from
working. This update adapts totem to these changes.
-
Security issues were identified and fixed in firefox:
Security researcher regenrecht reported (via TippingPoint's Zero Day
Initiative) a potential reuse of a deleted image frame in Firefox 3.6's
handling of multipart/x-mixed-replace images. Although no exploit was
shown, re-use of freed memory has led to exploitable vulnerabilities
in the past (CVE-2010-0164).
Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some
of these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some
of these could be exploited to run arbitrary code (CVE-2010-0165,
CVE-2010-0167).
Mozilla developer Josh Soref of Nokia reported that documents
failed to call certain security checks when attempting to preload
images. Although the image content is not available to the page, it
is possible to specify protocols that are normally not allowed in a
web page such as file:. This includes internal schemes implemented
by add-ons that might perform privileged actions resulting in
something like a Cross-Site Request Forgery (CSRF) attack against
the add-on. Potential severity would depend on the add-ons installed
(CVE-2010-0168).
Mozilla developer Blake Kaplan reported that the window.location object
was made a normal overridable JavaScript object in the Firefox 3.6
browser engine (Gecko 1.9.2) because new mechanisms were developed
to enforce the same-origin policy between windows and frames. This
object is unfortunately also used by some plugins to determine the page
origin used for access restrictions. A malicious page could override
this object to fool a plugin into granting access to data on another
site or the local file system. The behavior of older Firefox versions
has been restored (CVE-2010-0170).
Mozilla developer Justin Dolske reported that the new asynchronous
Authorization Prompt (HTTP username and password) was not always
attached to the correct window. Although we have not demonstrated
this, it may be possible for a malicious page to convince a user
to open a new tab or popup to a trusted service and then have the
HTTP authorization prompt from the malicious page appear to be the
login prompt for the trusted page. This potential attack is greatly
mitigated by the fact that very few web sites use HTTP authorization,
preferring instead to use web forms and cookies (CVE-2010-0172).
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows
remote attackers to cause a denial of service (memory corruption and
application crash) and possibly have unknown other impact via vectors
that might involve compressed data, a different vulnerability than
CVE-2010-1028 (CVE-2010-1122).
Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some
of these crashes showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some
of these could be exploited to run arbitrary code (CVE-2010-0173,
CVE-2010-0174)
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a select event handler for XUL tree items could be
called after the tree item was deleted. This results in the execution
of previously freed memory which an attacker could use to crash a
victim's browser and run arbitrary code on the victim's computer
(CVE-2010-0175).
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative an error in the way elements are inserted into
a XUL tree . In certain cases, the number of references
to an element is under-counted so that when the element is
deleted, a live pointer to its old location is kept around and may
later be used. An attacker could potentially use these conditions to
run arbitrary code on a victim's computer (CVE-2010-0176).
Security researcher regenrecht reported via TippingPoint's
Zero Day Initiative an error in the implementation of the
window.navigator.plugins object. When a page reloads, the plugins array
would reallocate all of its members without checking for existing
references to each member. This could result in the deletion of
objects for which valid pointers still exist. An attacker could use
this vulnerability to crash a victim's browser and run arbitrary code
on the victim's machine (CVE-2010-0177).
Security researcher Paul Stone reported that a browser applet could
be used to turn a simple mouse click into a drag-and-drop action,
potentially resulting in the unintended loading of resources in a
user's browser. This behavior could be used twice in succession to
first load a privileged chrome: URL in a victim's browser, then load
a malicious javascript: URL on top of the same document resulting in
arbitrary script execution with chrome privileges (CVE-2010-0178).
Mozilla security researcher moz_bug_r_a4 reported that the
XMLHttpRequestSpy module in the Firebug add-on was exposing
an underlying chrome privilege escalation vulnerability. When
the XMLHttpRequestSpy object was created, it would attach various
properties of itself to objects defined in web content, which were not
being properly wrapped to prevent their exposure to chrome privileged
objects. This could result in an attacker running arbitrary JavaScript
on a victim's machine, though it required the victim to have Firebug
installed, so the overall severity of the issue was determined to be
High (CVE-2010-0179).
phpBB developer Henry Sudhof reported that when an image tag points to
a resource that redirects to a mailto: URL, the external mail handler
application is launched. This issue poses no security threat to users
but could create an annoyance when browsing a site that allows users
to post arbitrary images (CVE-2010-0181).
Mozilla community member Wladimir Palant reported that XML documents
were failing to call certain security checks when loading new
content. This could result in certain resources being loaded that
would otherwise violate security policies set by the browser or
installed add-ons (CVE-2010-0182).
Note that to benefit from the fix for CVE-2009-3555 added
in nss-3.12.6, Firefox 3.6 users will need to set their
security.ssl.require_safe_negotiation preference to true. In Mandriva
the default setting is false due to problems with some common sites.
Since firefox-3.0.19 is the last 3.0.x release Mandriva
opted to provide the latest 3.6.3 version for Mandriva Linux
2008.0/2009.0/2009.1/MES5/2010.0.
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
Update:
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
Advisories MDVSA-2010:087: poppler
in Mandriva Security Advisories
Posted
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9,
and probably other products, allows remote attackers to execute
arbitrary code via a PDF file with crafted JBIG2 symbol dictionary
segments (CVE-2009-0195).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers an out-of-bounds read (CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to execute arbitrary code via a
crafted PDF file (CVE-2009-0800).
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier
allows remote attackers to execute arbitrary code via a crafted PDF
file (CVE-2009-1179).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to execute arbitrary code via a crafted PDF file that triggers a free
of invalid data (CVE-2009-1180).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a NULL pointer dereference (CVE-2009-1181).
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2
and earlier allow remote attackers to execute arbitrary code via a
crafted PDF file (CVE-2009-1182).
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier allows remote
attackers to cause a denial of service (infinite loop and hang)
via a crafted PDF file (CVE-2009-1183).
Integer overflow in the JBIG2 decoding feature in Poppler before
0.10.6 allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via vectors related to CairoOutputDev
(CairoOutputDev.cc) (CVE-2009-1187).
Integer overflow in the JBIG2 decoding feature in Poppler before
0.10.6 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via vectors related to SplashBitmap
(splash/SplashBitmap.cc) (CVE-2009-1188).
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
does not properly allocate memory, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PDF document that triggers a NULL pointer
dereference or a heap-based buffer overflow (CVE-2009-3604).
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf
before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might
allow remote attackers to execute arbitrary code via a crafted PDF
document that triggers a heap-based buffer overflow (CVE-2009-3606).
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
Additionally the kdegraphics package was rebuild to make
kdegraphics-kpdf link correctly to the new poppler libraries and are
also provided.
The updated poppler packages have upgraded to 0.5.4 and have been
patched to correct these issues.