-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
jpeg2yuv (from the mjpegtools package) segfaulted when linked against
libjpeg v7/8 (#55450).
The provided packages has been patched to address this issue.
-
A vulnerability were discovered and corrected in coreutils:
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through
8.1 allows local users to gain privileges via a symlink attack on a
file in a directory tree under /tmp (CVE-2009-4135).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
-
Some vulnerabilities were discovered and corrected in bind:
The original fix for CVE-2009-4022 was found to be incomplete. BIND
was incorrectly caching certain responses without performing proper
DNSSEC validation. CNAME and DNAME records could be cached, without
proper DNSSEC validation, when received from processing recursive
client queries that requested DNSSEC records but indicated that
checking should be disabled. A remote attacker could use this flaw
to bypass the DNSSEC validation check and perform a cache poisoning
attack if the target BIND server was receiving such client queries
(CVE-2010-0290).
There was an error in the DNSSEC NSEC/NSEC3 validation code that
could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses
for records proven by NSEC or NSEC3 to exist) to be cached as if they
had validated correctly, so that future queries to the resolver would
return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097).
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2,
9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data
accompanying a secure response without re-fetching from the original
source, which allows remote attackers to have an unspecified impact
via a crafted response, aka Bug 20819. NOTE: this vulnerability
exists because of a regression during the fix for CVE-2009-4022
(CVE-2010-0382).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
Additionally BIND has been upgraded to the latest patch release
version.
-
This update has fixes for pccard 3G modem detection and accumulated
fix for handling hdX/sdX devices (#53107)
Update:
This update remove conflicts on drakfirsttime caused by the last
update of drakxtools.
-
A vulnerability has been found and corrected in phpldapadmin:
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5
allows remote attackers to include and execute arbitrary local files
via a .. (dot dot) in the cmd parameter (CVE-2009-4427).
The updated packages have been patched to correct thies issue.
-
A dependency problem was discovered with roundcube. The
php-pear-MDB2_Driver_sqlite dependency was added for mmc-wizard to
address this problem.
-
The dbus-glib package was built without a symbol that is needed by
the latest versions of tracker. This update adds the missing functions
(#57068).
-
The libxrender library contained a bug where it could crash
applications on x86_64 bit machines when the XRenderSetPictureFilter
function was called (#56721).
-
Some vulnerabilities were discovered and corrected in openssl:
Memory leak in the zlib_stateful_finish function in
crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta
through Beta 4 allows remote attackers to cause a denial of service
(memory consumption) via vectors that trigger incorrect calls to the
CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3
and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678
(CVE-2009-4355).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct thies issue.
-
Multiple vulnerabilities has been found and corrected in gzip:
A missing input sanitation flaw was found in the way gzip used to
decompress data blocks for dynamic Huffman codes. A remote attacker
could provide a specially-crafted gzip compressed data archive,
which once opened by a local, unsuspecting user would lead to denial
of service (gzip crash) or, potentially, to arbitrary code execution
with the privileges of the user running gzip (CVE-2009-2624).
An integer underflow leading to array index error was found in the
way gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially-crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of
the user running gzip (CVE-2010-0001).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct these issues.
-
The xinit manpage in 2010.0 was not reflecting the real application
behavior, which could confuse users. This update fixes the xinit
manpage to reflect its real behavior.
-
Some vulnerabilities were discovered and corrected in bind:
The original fix for CVE-2009-4022 was found to be incomplete. BIND
was incorrectly caching certain responses without performing proper
DNSSEC validation. CNAME and DNAME records could be cached, without
proper DNSSEC validation, when received from processing recursive
client queries that requested DNSSEC records but indicated that
checking should be disabled. A remote attacker could use this flaw
to bypass the DNSSEC validation check and perform a cache poisoning
attack if the target BIND server was receiving such client queries
(CVE-2010-0290).
There was an error in the DNSSEC NSEC/NSEC3 validation code that
could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses
for records proven by NSEC or NSEC3 to exist) to be cached as if they
had validated correctly, so that future queries to the resolver would
return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
Additionally BIND has been upgraded to the latest patch release
version.
-
Multiple vulnerabilities has been found and corrected in gzip:
A missing input sanitation flaw was found in the way gzip used to
decompress data blocks for dynamic Huffman codes. A remote attacker
could provide a specially-crafted gzip compressed data archive,
which once opened by a local, unsuspecting user would lead to denial
of service (gzip crash) or, potentially, to arbitrary code execution
with the privileges of the user running gzip (CVE-2009-26244).
An integer underflow leading to array index error was found in the
way gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially-crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of
the user running gzip (CVE-2010-0001).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct these issues.
-
A vulnerability has been found and corrected in gzip:
An integer underflow leading to array index error was found in the
way gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially-crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of
the user running gzip (CVE-2010-0001).
The updated packages have been patched to correct thies issue.
-
The network detection routine could not detect the network connection
properly in some cases, resulting in premature termination with
incorrect return code. This could result in failure on startup for
services which depend on network to be up, such as apache2 server. This
update fixes this issue.
-
This advisory updates wireshark to the latest 1.2.5 version, fixing
several bugs and two security issues:
- The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through
1.2.4 allow remote attackers to cause a denial of service (crash)
via a crafted packet (CVE-2009-4377)
- Buffer overflow in the daintree_sna_read function in the Daintree SNA
file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via a crafted packet (CVE-2009-4376)
-
Multiple vulnerabilities has been found and corrected in phpMyAdmin:
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates
a temporary directory with 0777 permissions, which has unknown impact
and attack vectors (CVE-2008-7251).
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses
predictable filenames for temporary files, which has unknown impact
and attack vectors (CVE-2008-7252).
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before
2.11.10 calls the unserialize function on the values of the (1)
configuration and (2) v[0] parameters, which might allow remote
attackers to conduct cross-site request forgery (CSRF) attacks via
unspecified vectors (CVE-2009-4605).
This update provides phpMyAdmin 2.11.10, which is not vulnerable to
these issues.
-
This update has fixes for pccard 3G modem detection and accumulated
fix for handling hdX/sdX devices (#53107)
-
A vulnerability has been found and corrected in ruby:
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through
patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev
writes data to a log file without sanitizing non-printable characters,
which might allow remote attackers to modify a window's title,
or possibly execute arbitrary commands or overwrite files, via an
HTTP request containing an escape sequence for a terminal emulator
(CVE-2009-4492).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
-
Multiple vulnerabilities has been found and corrected in transmission:
A number of dependency probles were discovered and has been corrected
with this release (#56006).
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail
0.2.2 and earlier allows remote attackers to hijack the authentication
of unspecified users for requests that modify user information via
unspecified vectors, a different vulnerability than CVE-2009-4077
(CVE-2009-4076).
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail
0.2.2 and earlier allows remote attackers to hijack the authentication
of unspecified users for requests that send arbitrary emails via
unspecified vectors, a different vulnerability than CVE-2009-4076
(CVE-2009-4077).
The updated packages have been patched to correct these
issues. Additionally roundcubemail has been upgraded to 0.2.2 that
also fixes a number of upstream bugs.
-
Multiple vulnerabilities has been found and corrected in transmission:
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5
before 1.53 and 1.6 before 1.61 allows remote attackers to hijack
the authentication of unspecified victims via unknown vectors
(CVE-2009-1757).
Directory traversal vulnerability in libtransmission/metainfo.c in
Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to
overwrite arbitrary files via a .. (dot dot) in a pathname within a
.torrent file (CVE-2010-0012).
The updated packages have been patched to correct these issues.
-
A vulnerability has been found and corrected in transmission:
Directory traversal vulnerability in libtransmission/metainfo.c in
Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to
overwrite arbitrary files via a .. (dot dot) in a pathname within a
.torrent file (CVE-2010-0012).
The updated packages have been patched to correct this issue.
-
The package phonon-gstreamer (MDVA-2010:003) issued in main/updates
has a new dependency added, gstreamer0.10-plugins-ugly, this new
dependencie also depends on some other packages only available on the
/main/release media, this updates pushes the gstreamer0.10-plugins-ugly
dependecies to the /Main/Updates media making MandrivaUpdate issue
the phonon-gstreamer update without problems.
-
A packaging mistake lead to that the gpg-agent was not started by
default. The updated packages addresses this problem.
Advisories MDVSA-2010:025: php-pear-Mail
in Mandriva Security Advisories
Posted
Multiple vulnerabilities were discovered and corrected in php-pear
(Mail):
Argument injection vulnerability in the sendmail implementation of
the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14
for PEAR allows remote attackers to read and write arbitrary files
via a crafted parameter, a different vector than CVE-2009-4111
(CVE-2009-4023).
Argument injection vulnerability in Mail/sendmail.php in the Mail
package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows
remote attackers to read and write arbitrary files via a crafted
parameter, and possibly other parameters, a different vulnerability
than CVE-2009-4023 (CVE-2009-4111).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct these issues.