paul

Multiple vulnerabilities has been found and corrected in mysql:

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does

not (1) properly handle errors during execution of certain SELECT

statements with subqueries, and does not (2) preserve certain

null_value flags during execution of statements that use the

GeomFromWKB function, which allows remote authenticated users to

cause a denial of service (daemon crash) via a crafted statement

(CVE-2009-4019).

The vio_verify_callback function in viosslfactories.c in MySQL

5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,

accepts a value of zero for the depth of X.509 certificates, which

allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL

servers via a crafted certificate, as demonstrated by a certificate

presented by a server linked against the yaSSL library (CVE-2009-4028).

MySQL 5.1.x before 5.1.41 allows local users to bypass certain

privilege checks by calling CREATE TABLE on a MyISAM table with

modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments

that are originally associated with pathnames without symlinks,

and that can point to tables created at a future time at which a

pathname is modified to contain a symlink to a subdirectory of the

MySQL data home directory, related to incorrect calculation of the

mysql_unpacked_real_data_home value. NOTE: this vulnerability exists

because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079

(CVE-2009-4030).

The updated packages have been patched to correct these

issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded

to the latest stable 5.1 release (5.1.42).

Multiple vulnerabilities has been found and corrected in mysql:

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does

not (1) properly handle errors during execution of certain SELECT

statements with subqueries, and does not (2) preserve certain

null_value flags during execution of statements that use the

GeomFromWKB function, which allows remote authenticated users to

cause a denial of service (daemon crash) via a crafted statement

(CVE-2009-4019).

The vio_verify_callback function in viosslfactories.c in MySQL

5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,

accepts a value of zero for the depth of X.509 certificates, which

allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL

servers via a crafted certificate, as demonstrated by a certificate

presented by a server linked against the yaSSL library (CVE-2009-4028).

MySQL 5.1.x before 5.1.41 allows local users to bypass certain

privilege checks by calling CREATE TABLE on a MyISAM table with

modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments

that are originally associated with pathnames without symlinks,

and that can point to tables created at a future time at which a

pathname is modified to contain a symlink to a subdirectory of the

MySQL data home directory, related to incorrect calculation of the

mysql_unpacked_real_data_home value. NOTE: this vulnerability exists

because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079

(CVE-2009-4030).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct these

issues. Additionally for 2009.0 and MES5 mysql has also been upgraded

to the last stable 5.0 release (5.0.89).

Multiple vulnerabilities has been found and corrected in libthai:

Tim Starling discovered that libthai, a set of Thai language support

routines, is vulnerable of integer/heap overflow. This vulnerability

could allow an attacker to run arbitrary code by sending a very long

string (CVE-2009-4012).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct these issues.

Perl scripts shipped in the freeradius-web sub package use File::Temp

perl module incorrectly, preventing to execute them correctly. In these

perl scripts, a change was made to replace the line "use File::Temp

;" by "use File::Tempqw(tempfile tempdir);".

When a system uses dmraid, mkinitrd now calls dmraid command with the

option --rm_partitions. This option is only available in new dmraid

package, so boot will fail if, during an upgrade, initrd is generated

with new mkinitrd and old dmraid (#55427). This updated package adds

this dependency.

Additionally, two bug were fixed about drm modules inclusion

(#55676). First, when a drm module was loaded at the time mkinitrd

is run, it would be included even if it not in DRM_WHITELIST. Then,

when a module was whitelisted, all the drm modules for this hardware

where included, including proprietary ones).

This update adds a feature to msec to save the log message that

would be sent by email into /var/log/security/ to allow consulting

it without relying on email system.

Multiple vulnerabilities has been found and corrected in php:

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0,

5.2.10, and earlier versions allows context-specific attackers to

obtain sensitive information (memory contents) and cause a PHP crash

by using the ini_set function to declare a variable, then using the

ini_restore function to restore the variable (CVE-2009-2626).

The htmlspecialchars function in PHP before 5.2.12 does not properly

handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences,

and (3) invalid EUC-JP sequences, which allows remote attackers to

conduct cross-site scripting (XSS) attacks by placing a crafted byte

sequence before a special character (CVE-2009-4142).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct these issues.

A vulnerability has been found and corrected in php:

The htmlspecialchars function in PHP before 5.2.12 does not properly

handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences,

and (3) invalid EUC-JP sequences, which allows remote attackers to

conduct cross-site scripting (XSS) attacks by placing a crafted byte

sequence before a special character (CVE-2009-4142).

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in php:

The (1) htmlentities and (2) htmlspecialchars functions in PHP before

5.2.5 accept partial multibyte sequences, which has unknown impact and

attack vectors, a different issue than CVE-2006-5465 (CVE-2007-5898).

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0,

5.2.10, and earlier versions allows context-specific attackers to

obtain sensitive information (memory contents) and cause a PHP crash

by using the ini_set function to declare a variable, then using the

ini_restore function to restore the variable (CVE-2009-2626).

The htmlspecialchars function in PHP before 5.2.12 does not properly

handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences,

and (3) invalid EUC-JP sequences, which allows remote attackers to

conduct cross-site scripting (XSS) attacks by placing a crafted byte

sequence before a special character (CVE-2009-4142).

The updated packages have been patched to correct these issues.

This is a minor bugfix release for virt-manager:

Because of default configuration that may leads to misunderstanding,

README.urpmi has been added in virt-manager package so that relocation

server option is clear. It explains also how modify this default

option.

The packages provided with this update addresses this problem.

This is a minor bugfix release for net-snmp:

The /etc/snmp/snmp.local.conf file contains a line that enable

quickprinting features that breaks the output from snmpget for the

nagios plugins using it.

The packages provided with this update addresses this problem.

This is a minor bugfix release for logcheck:

- wrong permission on configuration file

- rebuilt package with correct version of docbook-to-man to fix man

pages build

The packages provided with this update addresses this problem.

This is a minor bugfix release for openssh:

The openssl and makedev packages is needed at install time from cdrom

medias in %post for the openssh-server sub package in order to be

able to generate the ssh keys files (fixes #55951)

The packages provided with this update addresses this problem.

A new script has been added in documentation. It can be used to manage

nameservers when /etc/resolv.conf is handled by resolvconf.

The default pam.d/system-auth file contains references to the

pam_ccreds.so library.When I added pam_ldap.so to my system-auth file,

pam bombed out because it could not find pam_ccreds.so

This update addresses that issue.

A programming error in the Python bindings for GObject would make

programs like eliza and Moodvida take up all CPU resources for

unnecessary operations while running.

This update fixes the problem.

This updates the specific rpmsrate and compsUser.pl files for MES5.

The last iaora update introduced a litlle regression in some IaOra

color schemes, like Iaora-Gray, this new package is correcting

this. Also in iaora, the application's name in the titlebar wasn't

correctly centered.

A vulnerability have been discovered in Mandriva bash package, which

could allow a malicious user to hide files from the ls command,

or garble its output by crafting files or directories which contain

special characters or escape sequences (CVE-2010-0002). This update

fixes the issue by disabling the display of control characters

by default.

Additionally, this update fixes the unsafe file creation in bash-doc

sample scripts (CVE-2008-5374).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

- In Mandriva 2009 Spring, plasma crashes when moving a plasmoid from

the taskbar to the desktop. This Update fixes this issue.

- In mandriva 2009 Spring, we used a specific kde certificate

file. This update allows KDE to use rootcert certificate bundle.

Multiple vulnerabilities has been found and corrected in krb5:

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in

the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before

1.6.4 allows remote attackers to cause a denial of service (daemon

crash) or possibly execute arbitrary code via vectors involving an

invalid DER encoding that triggers a free of an uninitialized pointer

(CVE-2009-0846).

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5

(aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to

cause a denial of service (application crash) via a crafted length

value that triggers an erroneous malloc call, related to incorrect

calculations with pointer arithmetic (CVE-2009-0847).

The updated packages have been patched to correct these issues.

A vulnerability has been found and corrected in krb5:

Multiple integer underflows in the (1) AES and (2) RC4 decryption

functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3

through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause

a denial of service (daemon crash) or possibly execute arbitrary code

by providing ciphertext with a length that is too short to be valid

(CVE-2009-4212).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

The updated packages have been patched to correct this issue.

Programs like hplip that use polkit to authorize privileged operations

fail in desktop environments that don't start their own polkit-agent.

This update starts the polkit-agent for GNOME in all desktop

environments.

A regression was discovered in fetchmail 6.3.12

The multiline SMTP error fix in release 6.3.12 caused fetchmail

to lose message codes 400..599 and treat all of these as temporary

error. This would cause messages to be left on the server even if

softbounce was turned off. Reported by Thomas Jarosch.

This update provides fetchmail 6.3.13, which addresses this problem.

Security vulnerabilities has been identified and fixed in pidgin:

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium

before 1.3.7 allows remote attackers to cause a denial of service

(application crash) via crafted contact-list data for (1) ICQ and

possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615).

Directory traversal vulnerability in slp.c in the MSN protocol

plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows

remote attackers to read arbitrary files via a .. (dot dot) in an

application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,

a related issue to CVE-2004-0122. NOTE: it could be argued that

this is resultant from a vulnerability in which an emoticon download

request is processed even without a preceding text/x-mms-emoticon

message that announced availability of the emoticon (CVE-2010-0013).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

This update provides pidgin 2.6.5, which is not vulnerable to these

issues.