paul

A vulnerability has been found and corrected in ruby: WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator (CVE-2009-4492). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

This update has fixes for pccard 3G modem detection and accumulated fix for handling hdX/sdX devices (#53107)

Multiple vulnerabilities has been found and corrected in transmission: A number of dependency probles were discovered and has been corrected with this release (#56006). Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077 (CVE-2009-4076). Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076 (CVE-2009-4077). The updated packages have been patched to correct these issues. Additionally roundcubemail has been upgraded to 0.2.2 that also fixes a number of upstream bugs.

A vulnerability has been found and corrected in transmission: Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file (CVE-2010-0012). The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in transmission: Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors (CVE-2009-1757). Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file (CVE-2010-0012). The updated packages have been patched to correct these issues.

The package phonon-gstreamer (MDVA-2010:003) issued in main/updates has a new dependency added, gstreamer0.10-plugins-ugly, this new dependencie also depends on some other packages only available on the /main/release media, this updates pushes the gstreamer0.10-plugins-ugly dependecies to the /Main/Updates media making MandrivaUpdate issue the phonon-gstreamer update without problems.

A packaging mistake lead to that the gpg-agent was not started by default. The updated packages addresses this problem.

Multiple vulnerabilities has been found and corrected in mysql: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019). The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028). MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030). The updated packages have been patched to correct these issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded to the latest stable 5.1 release (5.1.42).

Multiple vulnerabilities has been found and corrected in mysql: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019). The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028). MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. Additionally for 2009.0 and MES5 mysql has also been upgraded to the last stable 5.0 release (5.0.89).

Multiple vulnerabilities has been found and corrected in libthai: Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string (CVE-2009-4012). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

When a system uses dmraid, mkinitrd now calls dmraid command with the option --rm_partitions. This option is only available in new dmraid package, so boot will fail if, during an upgrade, initrd is generated with new mkinitrd and old dmraid (#55427). This updated package adds this dependency. Additionally, two bug were fixed about drm modules inclusion (#55676). First, when a drm module was loaded at the time mkinitrd is run, it would be included even if it not in DRM_WHITELIST. Then, when a module was whitelisted, all the drm modules for this hardware where included, including proprietary ones).

Perl scripts shipped in the freeradius-web sub package use File::Temp perl module incorrectly, preventing to execute them correctly. In these perl scripts, a change was made to replace the line "use File::Temp ;" by "use File::Tempqw(tempfile tempdir);".

This update adds a feature to msec to save the log message that would be sent by email into /var/log/security/ to allow consulting it without relying on email system.

A vulnerability has been found and corrected in php: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in php: The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable (CVE-2009-2626). The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in php: The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465 (CVE-2007-5898). The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable (CVE-2009-2626). The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). The updated packages have been patched to correct these issues.

This is a minor bugfix release for virt-manager: Because of default configuration that may leads to misunderstanding, README.urpmi has been added in virt-manager package so that relocation server option is clear. It explains also how modify this default option. The packages provided with this update addresses this problem.

This is a minor bugfix release for logcheck: - wrong permission on configuration file - rebuilt package with correct version of docbook-to-man to fix man pages build The packages provided with this update addresses this problem.

This is a minor bugfix release for net-snmp: The /etc/snmp/snmp.local.conf file contains a line that enable quickprinting features that breaks the output from snmpget for the nagios plugins using it. The packages provided with this update addresses this problem.

This is a minor bugfix release for openssh: The openssl and makedev packages is needed at install time from cdrom medias in %post for the openssh-server sub package in order to be able to generate the ssh keys files (fixes #55951) The packages provided with this update addresses this problem.

A vulnerability has been found and corrected in krb5: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid (CVE-2009-4212). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in krb5: The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer (CVE-2009-0846). The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic (CVE-2009-0847). The updated packages have been patched to correct these issues.

A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences (CVE-2010-0002). This update fixes the issue by disabling the display of control characters by default. Additionally, this update fixes the unsafe file creation in bash-doc sample scripts (CVE-2008-5374). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

- In Mandriva 2009 Spring, plasma crashes when moving a plasmoid from the taskbar to the desktop. This Update fixes this issue. - In mandriva 2009 Spring, we used a specific kde certificate file. This update allows KDE to use rootcert certificate bundle.

The last iaora update introduced a litlle regression in some IaOra color schemes, like Iaora-Gray, this new package is correcting this. Also in iaora, the application's name in the titlebar wasn't correctly centered.