paul

Multiple vulnerabilities were discovered and corrected in php-pear

(Mail):

Argument injection vulnerability in the sendmail implementation of

the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14

for PEAR allows remote attackers to read and write arbitrary files

via a crafted parameter, a different vector than CVE-2009-4111

(CVE-2009-4023).

Argument injection vulnerability in Mail/sendmail.php in the Mail

package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows

remote attackers to read and write arbitrary files via a crafted

parameter, and possibly other parameters, a different vulnerability

than CVE-2009-4023 (CVE-2009-4111).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct these issues.

jpeg2yuv (from the mjpegtools package) segfaulted when linked against

libjpeg v7/8 (#55450).

The provided packages has been patched to address this issue.

A vulnerability were discovered and corrected in coreutils:

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through

8.1 allows local users to gain privileges via a symlink attack on a

file in a directory tree under /tmp (CVE-2009-4135).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct this issue.

Some vulnerabilities were discovered and corrected in bind:

The original fix for CVE-2009-4022 was found to be incomplete. BIND

was incorrectly caching certain responses without performing proper

DNSSEC validation. CNAME and DNAME records could be cached, without

proper DNSSEC validation, when received from processing recursive

client queries that requested DNSSEC records but indicated that

checking should be disabled. A remote attacker could use this flaw

to bypass the DNSSEC validation check and perform a cache poisoning

attack if the target BIND server was receiving such client queries

(CVE-2010-0290).

There was an error in the DNSSEC NSEC/NSEC3 validation code that

could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses

for records proven by NSEC or NSEC3 to exist) to be cached as if they

had validated correctly, so that future queries to the resolver would

return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097).

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2,

9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data

accompanying a secure response without re-fetching from the original

source, which allows remote attackers to have an unspecified impact

via a crafted response, aka Bug 20819. NOTE: this vulnerability

exists because of a regression during the fix for CVE-2009-4022

(CVE-2010-0382).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

Additionally BIND has been upgraded to the latest patch release

version.

This update has fixes for pccard 3G modem detection and accumulated

fix for handling hdX/sdX devices (#53107)

Update:

This update remove conflicts on drakfirsttime caused by the last

update of drakxtools.

A vulnerability has been found and corrected in phpldapadmin:

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5

allows remote attackers to include and execute arbitrary local files

via a .. (dot dot) in the cmd parameter (CVE-2009-4427).

The updated packages have been patched to correct thies issue.

A dependency problem was discovered with roundcube. The

php-pear-MDB2_Driver_sqlite dependency was added for mmc-wizard to

address this problem.

The dbus-glib package was built without a symbol that is needed by

the latest versions of tracker. This update adds the missing functions

(#57068).

The libxrender library contained a bug where it could crash

applications on x86_64 bit machines when the XRenderSetPictureFilter

function was called (#56721).

Some vulnerabilities were discovered and corrected in openssl:

Memory leak in the zlib_stateful_finish function in

crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta

through Beta 4 allows remote attackers to cause a denial of service

(memory consumption) via vectors that trigger incorrect calls to the

CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3

and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678

(CVE-2009-4355).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct thies issue.

Multiple vulnerabilities has been found and corrected in gzip:

A missing input sanitation flaw was found in the way gzip used to

decompress data blocks for dynamic Huffman codes. A remote attacker

could provide a specially-crafted gzip compressed data archive,

which once opened by a local, unsuspecting user would lead to denial

of service (gzip crash) or, potentially, to arbitrary code execution

with the privileges of the user running gzip (CVE-2009-2624).

An integer underflow leading to array index error was found in the

way gzip used to decompress files / archives, compressed with the

Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could

provide a specially-crafted LZW compressed gzip archive, which once

decompressed by a local, unsuspecting user would lead to gzip crash,

or, potentially to arbitrary code execution with the privileges of

the user running gzip (CVE-2010-0001).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct these issues.

The xinit manpage in 2010.0 was not reflecting the real application

behavior, which could confuse users. This update fixes the xinit

manpage to reflect its real behavior.

Some vulnerabilities were discovered and corrected in bind:

The original fix for CVE-2009-4022 was found to be incomplete. BIND

was incorrectly caching certain responses without performing proper

DNSSEC validation. CNAME and DNAME records could be cached, without

proper DNSSEC validation, when received from processing recursive

client queries that requested DNSSEC records but indicated that

checking should be disabled. A remote attacker could use this flaw

to bypass the DNSSEC validation check and perform a cache poisoning

attack if the target BIND server was receiving such client queries

(CVE-2010-0290).

There was an error in the DNSSEC NSEC/NSEC3 validation code that

could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses

for records proven by NSEC or NSEC3 to exist) to be cached as if they

had validated correctly, so that future queries to the resolver would

return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

Additionally BIND has been upgraded to the latest patch release

version.

Multiple vulnerabilities has been found and corrected in gzip:

A missing input sanitation flaw was found in the way gzip used to

decompress data blocks for dynamic Huffman codes. A remote attacker

could provide a specially-crafted gzip compressed data archive,

which once opened by a local, unsuspecting user would lead to denial

of service (gzip crash) or, potentially, to arbitrary code execution

with the privileges of the user running gzip (CVE-2009-26244).

An integer underflow leading to array index error was found in the

way gzip used to decompress files / archives, compressed with the

Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could

provide a specially-crafted LZW compressed gzip archive, which once

decompressed by a local, unsuspecting user would lead to gzip crash,

or, potentially to arbitrary code execution with the privileges of

the user running gzip (CVE-2010-0001).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct these issues.

A vulnerability has been found and corrected in gzip:

An integer underflow leading to array index error was found in the

way gzip used to decompress files / archives, compressed with the

Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could

provide a specially-crafted LZW compressed gzip archive, which once

decompressed by a local, unsuspecting user would lead to gzip crash,

or, potentially to arbitrary code execution with the privileges of

the user running gzip (CVE-2010-0001).

The updated packages have been patched to correct thies issue.

The network detection routine could not detect the network connection

properly in some cases, resulting in premature termination with

incorrect return code. This could result in failure on startup for

services which depend on network to be up, such as apache2 server. This

update fixes this issue.

This advisory updates wireshark to the latest 1.2.5 version, fixing

several bugs and two security issues:

- The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through

1.2.4 allow remote attackers to cause a denial of service (crash)

via a crafted packet (CVE-2009-4377)

- Buffer overflow in the daintree_sna_read function in the Daintree SNA

file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers

to cause a denial of service (crash) and possibly execute arbitrary

code via a crafted packet (CVE-2009-4376)

Multiple vulnerabilities has been found and corrected in phpMyAdmin:

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates

a temporary directory with 0777 permissions, which has unknown impact

and attack vectors (CVE-2008-7251).

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses

predictable filenames for temporary files, which has unknown impact

and attack vectors (CVE-2008-7252).

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before

2.11.10 calls the unserialize function on the values of the (1)

configuration and (2) v[0] parameters, which might allow remote

attackers to conduct cross-site request forgery (CSRF) attacks via

unspecified vectors (CVE-2009-4605).

This update provides phpMyAdmin 2.11.10, which is not vulnerable to

these issues.

This update has fixes for pccard 3G modem detection and accumulated

fix for handling hdX/sdX devices (#53107)

A vulnerability has been found and corrected in ruby:

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through

patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev

writes data to a log file without sanitizing non-printable characters,

which might allow remote attackers to modify a window's title,

or possibly execute arbitrary commands or overwrite files, via an

HTTP request containing an escape sequence for a terminal emulator

(CVE-2009-4492).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in transmission:

A number of dependency probles were discovered and has been corrected

with this release (#56006).

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail

0.2.2 and earlier allows remote attackers to hijack the authentication

of unspecified users for requests that modify user information via

unspecified vectors, a different vulnerability than CVE-2009-4077

(CVE-2009-4076).

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail

0.2.2 and earlier allows remote attackers to hijack the authentication

of unspecified users for requests that send arbitrary emails via

unspecified vectors, a different vulnerability than CVE-2009-4076

(CVE-2009-4077).

The updated packages have been patched to correct these

issues. Additionally roundcubemail has been upgraded to 0.2.2 that

also fixes a number of upstream bugs.

Multiple vulnerabilities has been found and corrected in transmission:

Cross-site request forgery (CSRF) vulnerability in Transmission 1.5

before 1.53 and 1.6 before 1.61 allows remote attackers to hijack

the authentication of unspecified victims via unknown vectors

(CVE-2009-1757).

Directory traversal vulnerability in libtransmission/metainfo.c in

Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to

overwrite arbitrary files via a .. (dot dot) in a pathname within a

.torrent file (CVE-2010-0012).

The updated packages have been patched to correct these issues.

A vulnerability has been found and corrected in transmission:

Directory traversal vulnerability in libtransmission/metainfo.c in

Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to

overwrite arbitrary files via a .. (dot dot) in a pathname within a

.torrent file (CVE-2010-0012).

The updated packages have been patched to correct this issue.

The package phonon-gstreamer (MDVA-2010:003) issued in main/updates

has a new dependency added, gstreamer0.10-plugins-ugly, this new

dependencie also depends on some other packages only available on the

/main/release media, this updates pushes the gstreamer0.10-plugins-ugly

dependecies to the /Main/Updates media making MandrivaUpdate issue

the phonon-gstreamer update without problems.

A packaging mistake lead to that the gpg-agent was not started by

default. The updated packages addresses this problem.