-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
A vulnerabilitiy has been found and corrected in apache:
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not
sent after request headers indicate a request body is incoming;
this is not a case of HTTP_INTERNAL_SERVER_ERROR (CVE-2010-0408).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
-
A vulnerabilitiy has been found and corrected in sudo:
sudo 1.6.x before 1.6.9p21, when the runas_default option is used,
does not properly set group memberships, which allows local users to
gain privileges via a sudo command (CVE-2010-0427).
The updated packages have been patched to correct this issue.
-
Fix version file and README.urpmi for MES 5.1
-
Rsnapshot will automatically add --exclude=xxxx to the rsync
options for backups of the filesystem on which the snapshot-root
is located. This will be added to the rsync command-line AFTER the
rsync_short_args and rsync_long_args, but BEFORE any backup-specific
options. This means that the --exclude=xxxx will override whatever
backup-specific excludes are defined. This can be a problem if the
name of your snapshot-root is something which is common in many file
names. This version resolves this problems.
-
This new release fix several bug in packaging: default rights on
/etc/cacti.conf, removal of temporary file, fix for cacti.conf
configuration, creation of cacti.log file.
-
A vulnerabilitiy has been found and corrected in mozilla-thunderbird:
Security researcher Alin Rad Pop of Secunia Research reported that
the HTML parser incorrectly freed used memory when insufficient space
was available to process remaining input. Under such circumstances,
memory occupied by in-use objects was freed and could later be filled
with attacker-controlled text. These conditions could result in the
execution or arbitrary code if methods on the freed objects were
subsequently called (CVE-2009-1571).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
-
This update fixes a bug in irqbalance that makes it to fail to spread
IRQs in a SMP or a muli core machine (#57523)
-
Dhcp-server package shipped with Mandriva Linux 2009.1 and 2010.0 was
using incorrect SV_LDAP definitions during the build, which resulted
in ldap support being non-functional. This update fixes the issue.
-
There was a bug in the ATI X1200 driver, making it show very frequent
screen corruption. This update fixes the issue.
-
Add a loop around SIGCONT to resume all SIGSTOP'ed process to be able
to process SIGTERM. It will not run SIGKILL if there's no process left
and avoid Sending all processes the KILL signal... [FAILED] message.
-
This release fixes several important issues to help prevent a detection
bypass and denial of service attacks against ModSecurity. Quite a few
small but notable bugs were fixed. The latest Core Ruleset (2.0.5)
is included.
This update provides mod_security 2.5.12, which is not vulnerable to
these issues.
-
When LDAP authentication is configured using the drakauth application,
it could result in several bogus error messages related to
'/var/lib/misc/group.db: file not found'. This update fixes this issue.
-
A vulnerabilitiy has been found and corrected in sudo:
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a
pseudo-command is enabled, permits a match between the name of the
pseudo-command and the name of an executable file in an arbitrary
directory, which allows local users to gain privileges via a crafted
executable file, as demonstrated by a file named sudoedit in a user's
home directory (CVE-2010-0426).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
-
glibc 2.10.1 on Mandriva 2010.0 can't resolve names with some buggy
routers. This update includes upstream fixes post glibc 2.10.1 release
that fixes the issue (Mandriva bug #57698). Other glibc resolver fixes
are included too, which addresses also some other upstream opened bugs.
-
This update allows msec to properly set special file permissions
when changing security levels (bug #57793). Additionally, this update
configures msec to enable sulogin in single user mode by default on
High security level (bug #51517).
-
python-qt4 packages released for Mandriva 2009.0 as update are
in a higher version than python-qt4 released in Mandriva 2009
Spring. This breaks the kde-python part on a 2009.0 to 2009 Spring
system upgrade. This fixes it by releasing updated python packages
with a higher release number on Mandriva 2009 Spring.
-
This update allows msec to properly set special file permissions
(such as SUID bits) when changing security levels (bug #57793).
-
Roundcube 0.3.1 and earlier does not request that the web browser
avoid DNS prefetching of domain names contained in e-mail messages,
which makes it easier for remote attackers to determine the network
location of the webmail user by logging DNS requests (CVE-2010-0464).
The updated packages have been patched to correct this issue.
-
Updated timezone packages are being provided for older Mandriva Linux
systems that do not contain new Daylight Savings Time information
and Time Zone information for some locations. These updated packages
contain the new information.
Update:
The MDVA-2010:006 advisory did not provide updated timezone packages
for MNF2, CS4 and 2008.0. This advisory provides the missing packages.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
-
MMC web interface allows to create isos for user's homes and
shares. With this update, mkisofs has been added as a requirement of
the package.
Update:
It was discovered the cdrkit-genisoimage package was missing with
the MDVA-2010:050 advisory. This advisory provides the missing
dependancies.
-
In some cases aria2 would crash with a segmentation fault when
encountering file not found errors. This could particularly happen
when installing updates with urpmi.
-
The rsh package in 2010.0 has several bugs that prevented it from
working correctly, the updated packages fix all those issues.
-
A vulnerability has been found in ncpfs which can be exploited by
local users to disclose potentially sensitive information, cause a
DoS (Denial of Service), and potentially gain escalated privileges
(CVE-2009-3297).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
-
A race condition has been found in fuse that could escalate privileges
for local users and lead to a DoS (Denial of Service) (CVE-2009-3297).
The updated packages have been patched to correct this issue.
archive old distros
in Software
Posted
dd if=/dev/cdrom of=~/my-old-distro.iso
yes works in all of your cases