paul

Add the extended maintainance access support for 2008.0

The predrawn figure library in xfig could not be accessed by

non-root users because of incorrect permissions making the contents

of /usr/lib/X11/xfig/Libraries readable only by root. This update

corrects the problematic permissions.

The youtube plugin in totem has stopped working. This was caused by

changes on the youtube web site. This new version updates to those

changes to make youtube playback in totem work again.

Allow to use ddf1 raid and to manage unpartitionned dmraid. It also

offers to install onto dmraid or existing lvm without using manual

partitionning.

The previous update of openoffice.org missed openoffice.org-voikko,

causing upgrade problems for Finnish users. This update provides

openoffice.org-voikko for openoffice.org 3.1.1.

msec in Mandriva Linux 2009.1 and 2010.0 would not carry out the

chkrootkit check correctly if the chkrootkit package was uninstalled

after the test has been run at least once. This update fixes the issue.

This advisory updates webmin to the latest version 1.500, fixing

several bugs and a cross-site scripting issue which allows remote

attackers to inject arbitrary web script or HTML via unspecified

vectors (CVE-2009-4568).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

Update for mandriva-release for 5.1 release of Mandriva Enterprise

Server 5.

Update to new version. Fix many bugs and add functionalities for

nuface interface.

This updates provides a new OpenOffice.org version 3.1.1. It holds

security and bug fixes described as follow:

An integer underflow might allow remote attackers to execute arbitrary

code via crafted records in the document table of a Word document,

leading to a heap-based buffer overflow (CVE-2009-0200).

A heap-based buffer overflow might allow remote attackers to execute

arbitrary code via unspecified records in a crafted Word document,

related to table parsing (CVE-2009-0201).

A heap-based buffer overflow allows remote attackers to execute

arbitrary code via a crafted EMF file (CVE-2009-2139).

Multiple heap-based buffer overflows allow remote attackers to execute

arbitrary code via a crafted EMF+ file (CVE-2009-2140).

OpenOffice's xmlsec uses a bundled Libtool which might load .la

file in the current working directory allowing local users to gain

privileges via a Trojan horse file. For enabling such vulnerability

xmlsec has to use --enable-crypto_dl building flag however it does

not, although the fix keeps protected against this threat whenever

that flag had been enabled (CVE-2009-3736).

Further this update provides following bug fixes:

OpenOffice.org is not properly configure to use the xdg-email

functionality of the FreeDesktop standard (#52195).

As the template desktop icons are not properly set, it's not presented

under the context menu of applications like Dolphin (#56439).

The Firefox plugin which enables viewing of OpenOffice documents

inside the browser was not enabled.

This is a maintenance update of samba in order to support Windows 7

hosts integration in Samba domain.

Additionally on 2009.0 and MES5 samba has been upgraded from 3.2.15

to 3.3.10 which brings many upstream fixes besides those that mainly

conserns Windows 7 interoperabilities.

This advisory updates virt-manager to 0.8 version, fixing many bugs

and adding new useful functionalities. Therefore, libvirt was also

upgraded to a more recent version.

Additionally, python-virtinst was updated to include Mandriva Linux

in OS list for virt-manager, and dnsmasq was updated to not start

service by default to prevent conflict with virt-manager.

This update fixes several bugs in existing package:

- fix rights on configuration file

- fix path for logs

- fix path for rra files

- add new version for rrdtools in cacti wizard

Remove 64bit templates as mmc packages are noarch now. The updated

packages have been patched to correct this issue.

gtk+ 2.0 was not handling correctly input method in client-side

window mode. This could lead to applications crash, inkscape is a

good example of crash. This updates fixes this issues and upgrades

gtk+2.0 to latest stable release (2.18.6), which includes stability

fixes for various applications, including gnome-panel.

Some vulnerabilities were discovered and corrected in the Linux

2.6 kernel:

Array index error in the gdth_read_event function in

drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows

local users to cause a denial of service or possibly gain privileges

via a negative event index in an IOCTL request. (CVE-2009-3080)

The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the

Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified

impact via a crafted HDLC packet that arrives over ISDN and triggers

a buffer under-read. (CVE-2009-4005)

An issue was discovered in 2.6.32.x kernels, which sets unsecure

permission for devtmpfs file system by default. (CVE-2010-0299)

Additionally, it was added support for Atheros AR2427 Wireless

Network Adapter.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

It was discovered that the mailcap package needed by firefox wasn't

provided with MDVA-2010:015.

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

This advisory addresses these problems.

microcode_ctl is now providing a script to allow updates to retreive

the latest versions of microcodes.

This update removes the disclaimer which incorrectly appears on

initial MMC web page.

MMC web interface allows to create isos for user's homes and

shares. With this update, mkisofs has been added as a requirement of

the package.

A vulnerability have been discovered and corrected in Squid 2.x,

3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows

remote attackers to cause a denial of service (assertion failure)

via a crafted DNS packet that only contains a header (CVE-2010-0308).

This update provides a fix to this vulnerability.

It was brought to our attention by Ludwig Nussel at SUSE the md5

collision certificate should not be included. This update removes

the offending certificate.

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The mozilla nss library has consequently been rebuilt to pickup these

changes and are also being provided.

This advisory updates Wireshark to the version 1.0.11, which fixes

the following vulnerabilities:

The SMB and SMB2 dissectors could crash (CVE-2009-4377).

The Infiniband dissector could crash on some platforms (CVE-2009-2563).

Several buffer overflows were discovered and fixed in the LWRES

dissector.

Some vulnerabilities were discovered and corrected in the Linux

2.6 kernel:

Array index error in the gdth_read_event function in

drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows

local users to cause a denial of service or possibly gain privileges

via a negative event index in an IOCTL request. (CVE-2009-3080)

The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the

Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified

impact via a crafted HDLC packet that arrives over ISDN and triggers

a buffer under-read. (CVE-2009-4005)

Additionally, the Linux kernel was updated to the stable release

2.6.27.45.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

that's pretty fun :)