paul

Update of ldetect-lst to add the support of new Intel GPU: Atom

Pineview G, Atom Pineview GM, Intel B43 and Intel Core i3/i5 IGP. Also

update the monitor DB to add two new Samsung SyncMaster devices.

A vulnerability has been found and corrected in emacs:

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to

read, modify, or delete arbitrary mailbox files via a symlink attack,

related to improper file-permission checks (CVE-2010-0825).

Packages for 2008.0 and 2009.0 are provided due to the Extended

Maintenance Program for those products.

The updated packages have been patched to correct this issue.

The provided packages activates the Extended Maintenance Program

for 2009.0.

The tcsh package has some broken basic features due to a wrong

patch. In a tcsh shell executing 'echo [1-]' should return 0 and be

silent, instead it returns an error message argv: Subscript out of

range. This update fixes this issue.

This update fixes several security issues in openssl:

- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f

through 0.9.8m allows remote attackers to cause a denial of service

(crash) via a malformed record in a TLS connection (CVE-2010-0740)

- OpenSSL before 0.9.8m does not check for a NULL return value

from bn_wexpand function calls which has unspecified impact and

context-dependent attack vectors (CVE-2009-3245)

- The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL

before 0.9.8n, when Kerberos is enabled but Kerberos configuration

files cannot be opened, could allow remote attackers to cause a denial

of service (NULL pointer dereference and daemon crash) (CVE-2010-0433)

- Finally, this update provides support for secure renegotiation,

preventing men-in-the-middle attacks (CVE-2009-3555).

Packages for 2008.0 and 2009.0 are provided due to the Extended

Maintenance Program for those products.

Update:

Packages for 2009.0 are provided due to the Extended Maintenance

Program.

Multiple vulnerabilities has been found and corrected in clamav:

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file

formats, which allows remote attackers to bypass virus detection via

a crafted archive that is compatible with standard archive utilities

(CVE-2010-0098).

The qtm_decompress function in libclamav/mspack.c in ClamAV before

0.96 allows remote attackers to cause a denial of service (memory

corruption and application crash) via a crafted CAB archive that uses

the Quantum (aka .Q) compression format. NOTE: some of these details

are obtained from third party information (CVE-2010-1311).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides clamav 0.96, which is not vulnerable to these

issues.

A vulnerability has been found and corrected in apache-mod_auth_shadow:

A race condition was found in the way mod_auth_shadow used an external

helper binary to validate user credentials (username / password

pairs). A remote attacker could use this flaw to bypass intended

access restrictions, resulting in ability to view and potentially

alter resources, which should be otherwise protected by authentication

(CVE-2010-1151).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in brltty:

Untrusted search path vulnerability in libbrlttybba.so in brltty

3.7.2 allows local users to gain privileges via a crafted library,

related to an incorrect RPATH setting (CVE-2008-3279).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in irssi:

Irssi before 0.8.15, when SSL is used, does not verify that the server

hostname matches a domain name in the subject's Common Name (CN)

field or a Subject Alternative Name field of the X.509 certificate,

which allows man-in-the-middle attackers to spoof IRC servers via an

arbitrary certificate (CVE-2010-1155).

core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause

a denial of service (NULL pointer dereference and application crash)

via vectors related to an attempted fuzzy nick match at the instant

that a victim leaves a channel (CVE-2010-1156).

Additionally the updated packages disables the SSLv2 protocol and

enables the SSLv3 and TLSv1 protocols for added security.

The updated packages have been patched to correct these issues.

This update fixes several security issues in openssl:

- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f

through 0.9.8m allows remote attackers to cause a denial of service

(crash) via a malformed record in a TLS connection (CVE-2010-0740)

- OpenSSL before 0.9.8m does not check for a NULL return value

from bn_wexpand function calls which has unspecified impact and

context-dependent attack vectors (CVE-2009-3245)

- The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL

before 0.9.8n, when Kerberos is enabled but Kerberos configuration

files cannot be opened, could allow remote attackers to cause a denial

of service (NULL pointer dereference and daemon crash) (CVE-2010-0433)

- Finally, this update provides support for secure renegotiation,

preventing men-in-the-middle attacks (CVE-2009-3555).

Packages for 2008.0 and 2009.0 are provided due to the Extended

Maintenance Program for those products.

The xulrunner and firefox packages sent with the MDVSA-2010:070

advisory did not require the version of sqlite3 they were built

against which prevented firefox from starting. The fixed packages

addresses this problem.

In mandriva 2010.0, k3b didn't had menu icons on Gnome, LXDE, XFCE

menus. This update fixes this issue.

A vulnerability has been found and corrected in nss_db:

The Free Software Foundation (FSF) Berkeley DB NSS module (aka

libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working

directory, which allows local users to obtain sensitive information

via a symlink attack involving a setgid or setuid application that

uses this module (CVE-2010-0826).

The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in sudo:

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does

not properly handle when a file in the current working directory has

the same name as a pseudo-command in the sudoers file and the PATH

contains an entry for ., which allows local users to execute arbitrary

commands via a Trojan horse executable, as demonstrated using sudoedit,

a different vulnerability than CVE-2010-0426 (CVE-2010-1163).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct this issue.

MMC-Wizard create an insecure sqlite.db file for roundcubemail. This

update addresses that issue.

This update provides openoffice.org-voikko package for the last

OpenOffice.org 3.1.1 update.

This updates provides a security update to the OpenOffice.org described

as follow:

OpenOffice's xmlsec uses a bundled Libtool which might load .la

file in the current working directory allowing local users to gain

privileges via a Trojan horse file. For enabling such vulnerability

xmlsec has to use --enable-crypto_dl building flag however it does

not, although the fix keeps protected against this threat whenever

that flag had been enabled (CVE-2009-3736).

Addittionaly this update provides following bug fixes:

OpenOffice.org is not properly configure to use the xdg-email

functionality of the FreeDesktop standard (#52195).

Template desktop icons are not properly set up then they are not

presented under the context menu of applications like Dolphin (#56439).

libia_ora-gnome is added as suggest as long as that package is needed

for a better look (#57385#c28).

It is enabled a fallback logic to properly select an OpenOffice.org

style whenever one is set up but that is not installed (#57530#c1,

#53284, #45133, #39043)

It is enabled the Firefox plugin for viewing OpenOffice.org documents

inside browser.

A vulnerability has been found and corrected in kdm

(kdebase/kdebase4-workspace):

KDM contains a race condition that allows local attackers to make

arbitrary files on the system world-writeable. This can happen

while KDM tries to create its control socket during user login. This

vulnerability has been discovered by Sebastian Krahmer from the SUSE

Security Team (CVE-2010-0436).

It is adviced to reboot the computer after applying the updated

packages in order to the security fix to take full effect.

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in cups:

CUPS in does not properly handle (1) HTTP headers and (2) HTML

templates, which allows remote attackers to conduct cross-site

scripting (XSS) attacks and HTTP response splitting attacks via vectors

related to (a) the product's web interface, (B) the configuration of

the print system, and © the titles of printed jobs (CVE-2009-2820).

Use-after-free vulnerability in the abstract file-descriptor handling

interface in the cupsdDoSelect function in scheduler/select.c in the

scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers

to cause a denial of service (daemon crash or hang) via a client

disconnection during listing of a large number of print jobs, related

to improperly maintaining a reference count. NOTE: some of these

details are obtained from third party information (CVE-2009-3553).

Use-after-free vulnerability in the abstract file-descriptor handling

interface in the cupsdDoSelect function in scheduler/select.c in the

scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue

or epoll is used, allows remote attackers to cause a denial of service

(daemon crash or hang) via a client disconnection during listing

of a large number of print jobs, related to improperly maintaining

a reference count. NOTE: some of these details are obtained from

third party information. NOTE: this vulnerability exists because of

an incomplete fix for CVE-2009-3553 (CVE-2010-0302).

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS

1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable

to determine the file that provides localized message strings, which

allows local users to gain privileges via a file that contains crafted

localization data with format string specifiers (CVE-2010-0393).

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in cups:

CUPS in does not properly handle (1) HTTP headers and (2) HTML

templates, which allows remote attackers to conduct cross-site

scripting (XSS) attacks and HTTP response splitting attacks via vectors

related to (a) the product's web interface, (B) the configuration of

the print system, and © the titles of printed jobs (CVE-2009-2820).

Use-after-free vulnerability in the abstract file-descriptor handling

interface in the cupsdDoSelect function in scheduler/select.c in the

scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers

to cause a denial of service (daemon crash or hang) via a client

disconnection during listing of a large number of print jobs, related

to improperly maintaining a reference count. NOTE: some of these

details are obtained from third party information (CVE-2009-3553).

Use-after-free vulnerability in the abstract file-descriptor handling

interface in the cupsdDoSelect function in scheduler/select.c in the

scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue

or epoll is used, allows remote attackers to cause a denial of service

(daemon crash or hang) via a client disconnection during listing

of a large number of print jobs, related to improperly maintaining

a reference count. NOTE: some of these details are obtained from

third party information. NOTE: this vulnerability exists because of

an incomplete fix for CVE-2009-3553 (CVE-2010-0302).

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS

1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable

to determine the file that provides localized message strings, which

allows local users to gain privileges via a file that contains crafted

localization data with format string specifiers (CVE-2010-0393).

The updated packages have been patched to correct these issues.

Update:

Packages for Mandriva Linux 2010.0 was missing with

MDVSA-2010:073. This advisory provides packages for 2010.0 as well.

Multiple vulnerabilities has been found and corrected in cups:

CUPS in does not properly handle (1) HTTP headers and (2) HTML

templates, which allows remote attackers to conduct cross-site

scripting (XSS) attacks and HTTP response splitting attacks via vectors

related to (a) the product's web interface, (B) the configuration of

the print system, and © the titles of printed jobs (CVE-2009-2820).

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS

1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable

to determine the file that provides localized message strings, which

allows local users to gain privileges via a file that contains crafted

localization data with format string specifiers (CVE-2010-0393).

The updated packages have been patched to correct these issues.

It was discovered that firefox-ext-plasmanotify-0.3.0 did not

work with firefox-3.6 (MDVSA-2010:070). This update provides

firefox-ext-plasmanotify-0.3.1 that brings it alive again.

Dependency problems was discovered on Mandriva Linux 2009.0 Powerpack

x86_64 which prevented the flashplayer and libsmbclient0 packages

to install smoothly using MandrivaUpdate. This advisory provides the

missing packages.

Updated timezone packages are being provided for older Mandriva Linux

systems that do not contain new Daylight Savings Time information

and Time Zone information for some locations. These updated packages

contain the new information.

A vulnerability has been found and corrected in krb5:

Use-after-free vulnerability in kadmin/server/server_stubs.c in

kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote

authenticated users to cause a denial of service (daemon crash) via a

request from a kadmin client that sends an invalid API version number

(CVE-2010-0629).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct this issue.