paul

A vulnerability has been identified and corrected in proftpd:

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as

used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl

in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,

GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)

3.12.4 and earlier, and other products, does not properly associate

renegotiation handshakes with an existing connection, which allows

man-in-the-middle attackers to insert data into HTTPS sessions,

and possibly other types of sessions protected by TLS or SSL, by

sending an unauthenticated request that is processed retroactively

by a server in a post-renegotiation context, related to a plaintext

injection attack, aka the Project Mogul issue (CVE-2009-3555).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

This update fixes this vulnerability.

There was a problem with inversion in the detection of network cards

between the moment when the system is being installed and the state

of the installed system.

This update solves the problem.

Security issues were identified and fixed in firefox 3.0.x:

Multiple unspecified vulnerabilities in the browser engine in Mozilla

Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1,

and Thunderbird allow remote attackers to cause a denial of service

(memory corruption and application crash) or possibly execute arbitrary

code via unknown vectors (CVE-2009-3979).

Multiple unspecified vulnerabilities in the browser engine in Mozilla

Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird

allow remote attackers to cause a denial of service (memory corruption

and application crash) or possibly execute arbitrary code via unknown

vectors (CVE-2009-3980).

Unspecified vulnerability in the browser engine in Mozilla Firefox

before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows

remote attackers to cause a denial of service (memory corruption and

application crash) or possibly execute arbitrary code via unknown

vectors (CVE-2009-3981).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey

before 2.0.1, allows remote attackers to send authenticated requests

to arbitrary applications by replaying the NTLM credentials of a

browser user (CVE-2009-3983).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey

before 2.0.1, allows remote attackers to spoof an SSL indicator for

an http URL or a file URL by setting document.location to an https

URL corresponding to a site that responds with a No Content (aka 204)

status code and an empty body (CVE-2009-3984).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey

before 2.0.1, allows remote attackers to associate spoofed content

with an invalid URL by setting document.location to this URL, and then

writing arbitrary web script or HTML to the associated blank document,

a related issue to CVE-2009-2654 (CVE-2009-3985).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey

before 2.0.1, allows remote attackers to execute arbitrary JavaScript

with chrome privileges by leveraging a reference to a chrome

window from a content window, related to the window.opener property

(CVE-2009-3986).

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and

3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different

exception messages depending on whether the referenced COM object

is listed in the registry, which allows remote attackers to obtain

potentially sensitive information about installed software by making

multiple calls that specify the ProgID values of different COM objects

(CVE-2009-3987).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

Additionally, some packages which require so, have been rebuilt and

are being provided as updates.

Security vulnerabilities have been discovered and fixed in pdf

processing code embedded in koffice package (CVE-2009-3606 and

CVE-2009-3609).

This update fixes these vulnerabilities.

Packages for 2008.0 are being provided due to extended support for

Corporate products.

This update improves the Polish translation used in KDE4 splash

screens.

In Mandriva 2010.0, because of a regression, the KTimetracker menu

was missing many options, which made it unusable.

Also in Mandriva 2010.0, when using Knotes inside Kontact the note

title was left-cutted when using a long title.

This update fixes these issues.

A vulnerability was discovered and corrected in ffmpeg:

MPlayer allows remote attackers to cause a denial of service

(application crash) via (1) a malformed AAC file, as demonstrated

by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as

demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718

(CVE-2008-4610).

Packages for 2008.0 are being provided due to extended support for

Corporate products.

This update provides a solution to this vulnerability.

In Mandriva 2010.0, when using an old X server without support for

the XrandR extension, the Gnome settings daemon would crash. This

update resolves the issue by adding a check before using the extension.

MDVA-2009:258 introduced a regression which made the libwebkitgtk

devel packages uninstallable.

This update fixes this issue.

MDVA-2009:252 introduced a regression with the newer version of the

webkit package, which made the Mandriva Control Center crash.

This update reverts the webkit package to the previous version.

Also this update reintroduces the issue fixed by MDVA-2009-252.

Multiple vulnerabilities was discovered and corrected in postgresql:

NULL Bytes in SSL Certificates can be used to falsify client or server

authentication. This only affects users who have SSL enabled, perform

certificate name validation or client certificate authentication,

and where the Certificate Authority (CA) has been tricked into

issuing invalid certificates. The use of a CA that can be trusted to

always issue valid certificates is recommended to ensure you are not

vulnerable to this issue (CVE-2009-4034).

Privilege escalation via changing session state in an index

function. This closes a corner case related to vulnerabilities

CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136).

Packages for 2008.0 are being provided due to extended support for

Corporate products.

This update provides a solution to these vulnerabilities.

In kde4-firstsetup.sh from Mandriva 2010.0 there was still some

references to plasma which have been renamed to plasma-desktop on

KDE 4.3.

This update fixes this issue.

Multiple vulnerabilities has been found and corrected in kdegraphics:

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2

and earlier allow remote attackers to cause a denial of service

(crash) via a crafted PDF file, related to (1) setBitmap and (2)

readSymbolDictSeg (CVE-2009-0146).

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and

earlier allow remote attackers to cause a denial of service (crash)

via a crafted PDF file (CVE-2009-0147).

The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers

to cause a denial of service (crash) via a crafted PDF file that

triggers a free of uninitialized memory (CVE-2009-0166).

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,

1.1.22, and 1.3.7 allow remote attackers to cause a denial of service

(application crash) or possibly execute arbitrary code via a crafted

PDF file that triggers a heap-based buffer overflow, possibly

related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)

JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the

JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791).

Use-after-free vulnerability in the garbage-collection implementation

in WebCore in WebKit in Apple Safari before 4.0 allows remote

attackers to execute arbitrary code or cause a denial of service

(heap corruption and application crash) via an SVG animation element,

related to SVG set objects, SVG marker elements, the targetElement

attribute, and unspecified caches. (CVE-2009-1709).

WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple

Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote

attackers to execute arbitrary code via a crafted SVGList object that

triggers memory corruption (CVE-2009-0945).

This update provides a solution to this vulnerability.

This update brings the new stable version 1.1.15.4 of webkitgtk, and

solves the problem with processors without the SSE2 instruction set.

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not

properly identify packet fragments that have dissimilar TTL values,

which allows remote attackers to bypass detection rules by using a

different TTL for each fragment. (CVE-2008-1804)

The updated packages have been patched to prevent this.

Additionally there were problems with two rules in the snort-rules

package for 2008.0 that is also fixed with this update.

Update:

Packages for 2008.0 are being provided due to extended support for

Corporate products.

A vulnerability was discovered and corrected in gimp:

Integer overflow in the ReadImage function in

plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers

to execute arbitrary code via a BMP file with crafted width and height

values that trigger a heap-based buffer overflow (CVE-2009-1570).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for

Corporate products.

A vulnerability was discovered and corrected in gimp:

Integer overflow in the read_channel_data function in

plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers

to execute arbitrary code via a crafted PSD file that triggers a

heap-based buffer overflow (CVE-2009-3909).

Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was

incomplete, this update corrects this as well.

This update provides a solution to this vulnerability.

This update fixes several issues regarding the live upgrade to a more

recent distribution, notably:

- new distributions are now only presented after all updates were

applied.

- if current distribution is no more supported, we will warn about

it and offer to upgrade to a newer release

- makes the new config tool backported from 2010.0 to work on 2009.0

too (due to older drakxtools API)

- update the authentication scheme for MES5

It also fix a couple crashes:

- a rare crash (bug #55346)

- gracefully handle (rare) server issues (bugs #51299 & #51548)

Now passwords with special caracters are properly managed.

For security, we now access api.mandriva.com through the https

protocol.

The applet now offer to configure a couple settings.

It has now more efficient system power usage.

Update:

Packages for MES5 was not provided earlier, this update addresses

the problem.

A regression was found and fixed for mpg123 while attempting to

load the mpg123 modules. This regression stems from MDVSA-2009:307

(libtool ltdl).

This update fixes an issue with graphviz:

* graphviz isn't properly upgraded to a newer version when upgrading

from a 2009.0 system

A bug in fontconfig language cache was generating invalid cache which

would cause crashes or freeze when upgrading previous Mandriva Linux

release to Mandriva Linux 2010 using live update feature. This updates

fixes this issue.

In Mandriva 2010.0, with Ktimetracker embedded in Kontact, the shortcut

to create a new task didn't work, another bug is that the shortcut ctrl

+ shift + W would make Kontact crash. This update fixes these issues.

Some vulnerabilities were discovered and corrected in the Linux

2.6 kernel:

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x

through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and

ipddp modules are loaded but the ipddpN device is not found, allows

remote attackers to cause a denial of service (memory consumption)

via IP-DDP datagrams. (CVE-2009-2903)

Multiple race conditions in fs/pipe.c in the Linux kernel before

2.6.32-rc6 allow local users to cause a denial of service (NULL pointer

dereference and system crash) or gain privileges by attempting to

open an anonymous pipe via a /proc/*/fd/ pathname. (CVE-2009-3547)

The tcf_fill_node function in net/sched/cls_api.c in the netlink

subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6

and earlier, does not initialize a certain tcm__pad2 structure member,

which might allow local users to obtain sensitive information from

kernel memory via unspecified vectors. NOTE: this issue exists

because of an incomplete fix for CVE-2005-4881. (CVE-2009-3612)

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows

local users to cause a denial of service (system hang) by creating an

abstract-namespace AF_UNIX listening socket, performing a shutdown

operation on this socket, and then performing a series of connect

operations to this socket. (CVE-2009-3621)

Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function

in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel

before 2.6.31.4 allows local users to have an unspecified impact

via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl

function. (CVE-2009-3638)

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in

the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause

a denial of service (NULL pointer dereference and panic) by sending a

certain response containing incorrect file attributes, which trigger

attempted use of an open file that lacks NFSv4 state. (CVE-2009-3726)

The ip_frag_reasm function in ipv4/ip_fragment.c in Linux kernel

2.6.32-rc8, and possibly earlier versions, calls IP_INC_STATS_BH with

an incorrect argument, which allows remote attackers to cause a denial

of service (NULL pointer dereference and hang) via long IP packets,

possibly related to the ip_defrag function. (CVE-2009-1298)

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

A vulnerability has been found and corrected in ntp:

Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd

handled certain malformed NTP packets. ntpd logged information about

all such packets and replied with an NTP packet that was treated as

malformed when received by another ntpd. A remote attacker could use

this flaw to create an NTP packet reply loop between two ntpd servers

via a malformed packet with a spoofed source IP address and port,

causing ntpd on those servers to use excessive amounts of CPU time

and fill disk space with log messages (CVE-2009-3563).

This update provides a solution to this vulnerability.

Multiple vulnerabilities has been found and corrected in python-django:

The Admin media handler in core/servers/basehttp.py in Django 1.0

and 0.96 does not properly map URL requests to expected static media

files, which allows remote attackers to conduct directory traversal

attacks and read arbitrary files via a crafted URL (CVE-2009-2659).

Algorithmic complexity vulnerability in the forms library in Django

1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause

a denial of service (CPU consumption) via a crafted (1) EmailField

(email address) or (2) URLField (URL) that triggers a large amount

of backtracking in a regular expression (CVE-2009-3695).

The versions of Django shipping with Mandriva Linux have been updated

to the latest patched version that include the fix for this issue.

In addition, they provide other bug fixes.

Update:

Packages for 2008.0 are being provided due to extended support for

Corporate products.