-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
A incorrect initialisation in consolekit daemon could prevent automount
of removable media under GNOME or KDE environment. This package update
fixes this issue (it requires restarting the system to take effect).
-
It was dicovered that the kde4ff theme for firefox 3.5
(firefox-theme-kde4ff) did not work, to address this problem the
kfirefox theme (firefox-theme-kfirefox) is provided as a drop in
replacement.
It was discovered that the beagle extension for firefox
(firefox-ext-beagle) had the wrong release number which prevented it
from being upgraded.
This advisory addresses these problems.
-
A vulnerability was discovered and corrected in squid:
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7
allows remote attackers to cause a denial of service via a crafted
auth header with certain comma delimiters that trigger an infinite
loop of calls to the strcspn function (CVE-2009-2855).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
-
Multiple vulnerabilities has been found and corrected in squidGuard:
Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
attackers to cause a denial of service (application hang or loss of
blocking functionality) via a long URL with many / (slash) characters,
related to emergency mode. (CVE-2009-3700).
Multiple buffer overflows in squidGuard 1.4 allow remote attackers
to bypass intended URL blocking via a long URL, related to (1)
the relationship between a certain buffer size in squidGuard and a
certain buffer size in Squid and (2) a redirect URL that contains
information about the originally requested URL (CVE-2009-3826).
squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional
upstream security and bug fixes patches applied.
This update fixes these vulnerabilities.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
-
A vulnerability has been found and corrected in freeradius:
The rad_decode function in FreeRADIUS before 1.1.8 allows remote
attackers to cause a denial of service (radiusd crash) via zero-length
Tunnel-Password attributes. NOTE: this is a regression error related
to CVE-2003-0967 (CVE-2009-3111).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
-
Security issues were identified and fixed in firefox 3.5.x:
The nsObserverList::FillObserverArray function in
xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows
remote attackers to cause a denial of service (application crash)
via a crafted web site that triggers memory consumption and an
accompanying Low Memory alert dialog, and also triggers attempted
removal of an observer from an empty observers array (CVE-2010-0220).
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
A regression was discovered with 3.0.16 when using NTLM authentication.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
A bug was discovered in the FH_DATE_PAST_20XX rules that affects
vanilla spamassassin 3.2 installations after the first of January 2010
(aka. the y2k10 rule bug).
This update fixes this issue.
-
A vulnerability has been found and corrected in expat:
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
Update:
The previous (MDVSA-2009:316-2) updates provided packages for
2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased
release number which prevented the packages from hitting the mirrors.
-
A vulnerability has been found and corrected in expat:
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
Update:
SUSE discovered a regression with the previous patch fixing
CVE-2009-3560. This regression is now being addressed with this update.
-
In kde4.3 this is not possible to execute a bash script when double
clicking on it.
This update fixes this issue.
-
In mandriva 2010.0, there was a layout pb in the Kontact Planner
plugin.
In Korganizer, in the TODO Mode, the first line of text wasn't viewable
in non rich text mode.
This update fixes these issues.
-
A vulnerability has been found and corrected in expat:
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c,
a different vulnerability than CVE-2009-2625 and CVE-2009-3720
(CVE-2009-3560).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
This update provides a solution to these vulnerabilities.
Update:
This vulnerability was discovered in the bundled expat code in
various softwares besides expat itself. As a precaution the affected
softwares has preemptively been patched to prevent presumptive future
exploitations of this issue.
-
This is a maintenance and bugfix release of apache-conf that mainly
fixes so that the httpd service is handled more gracefully when
reloading the apache server (#56857).
Other fixes (where appliable):
- fix #53887 (obsolete favicon.ico file in Apache default www pages)
- workaround #47992 (apache does not start occasionally)
- added logic to make it possible to set limits from the init
script in an attempt to address #30849 and similar problems
- added logic to easy debugging with gdb in the initscript
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
-
-In mandriva 2010.0 under KDE, the scrollbar was too small to be used
in some cases, this update adds a minimum size to 21 for the scrollbar
(bug #56018).
-In mandriva 2010.0 under KDE, Quassel could crash when highlighting
links.
-This update fixes the titlebar colors to make it friendly with ia
ora specs.
-
A vulnerability was discovered and corrected in apache-conf:
The Apache HTTP Server enables the HTTP TRACE method per default
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via unspecified web client software (CVE-2009-2823).
This update provides a solution to this vulnerability.
Update:
The wrong package was uploaded for 2009.1. This update addresses
that problem.
-
A vulnerability was discovered and corrected in apache-conf:
The Apache HTTP Server enables the HTTP TRACE method per default
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via unspecified web client software (CVE-2009-2823).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
-
This update provides a newer version of run-parts as current version
in MES5 is very old and options are missing such as --list required
by logcheck
-
Fix man pages build for broken man pages.
-
In mandriva 2010.0 there was some missing translations.
This update fixes this issue.
-
Updated timezone packages are being provided for older Mandriva Linux
systems that do not contain new Daylight Savings Time information
and Time Zone information for some locations. These updated packages
contain the new information.
-
This update fixes two issues with msec:
- some error messages could result in msec trowing an exception
instead of logging the corresponding text (bug #56180)
- security report about group-writable files belonging to gdm user
was silenced by default (bug #56064)
-
This update only reverts two testing patches, fixing some font issues
in the folderview-applet.
-
In mandriva 2010.0, when listening to a web stream while you lose
your internet connection can make Amarok to crash. This update fixes
this bug.
Advisories MDVSA-2010:002: pidgin
in Mandriva Security Advisories
Posted
A security vulnerability has been identified and fixed in pidgin:
Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).
This update provides pidgin 2.6.5, which is not vulnerable to this
issue.