Jump to content

paul

Admin
  • Content Count

    5598
  • Joined

  • Last visited

  • Days Won

    6

Posts posted by paul


  1. Security issues were identified and fixed in firefox:

     

    Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that

    the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are

    vulnerable to XSS attacks due to some characters being converted to

    angle brackets when displayed by the rendering engine. Sites using

    these character encodings would thus be potentially vulnerable to

    script injection attacks if their script filtering code fails to

    strip out these specific characters (CVE-2010-3770).

     

    Google security researcher Michal Zalewski reported that when a

    window was opened to a site resulting in a network or certificate

    error page, the opening site could access the document inside the

    opened window and inject arbitrary content. An attacker could use

    this bug to spoof the location bar and trick a user into thinking

    they were on a different site than they actually were (CVE-2010-3774).

     

    Mozilla security researcher moz_bug_r_a4 reported that the fix for

    CVE-2010-0179 could be circumvented permitting the execution of

    arbitrary JavaScript with chrome privileges (CVE-2010-3773).

     

    Security researcher regenrecht reported via TippingPoint's Zero

    Day Initiative that JavaScript arrays were vulnerable to an integer

    overflow vulnerability. The report demonstrated that an array could

    be constructed containing a very large number of items such that when

    memory was allocated to store the array items, the integer value used

    to calculate the buffer size would overflow resulting in too small a

    buffer being allocated. Subsequent use of the array object could then

    result in data being written past the end of the buffer and causing

    memory corruption (CVE-2010-3767).

     

    Security researcher regenrecht reported via TippingPoint's Zero Day

    Initiative that a nsDOMAttribute node can be modified without informing

    the iterator object responsible for various DOM traversals. This

    flaw could lead to a inconsistent state where the iterator points

    to an object it believes is part of the DOM but actually points to

    some other object. If such an object had been deleted and its memory

    reclaimed by the system, then the iterator could be used to call into

    attacker-controlled memory (CVE-2010-3766).

     

    Security researcher Gregory Fleischer reported that when a Java

    LiveConnect script was loaded via a data: URL which redirects via a

    meta refresh, then the resulting plugin object was created with the

    wrong security principal and thus received elevated privileges such

    as the abilities to read local files, launch processes, and create

    network connections (CVE-2010-3775).

     

    Mozilla added the OTS font sanitizing library to prevent downloadable

    fonts from exposing vulnerabilities in the underlying OS font

    code. This library mitigates against several issues independently

    reported by Red Hat Security Response Team member Marc Schoenefeld

    and Mozilla security researcher Christoph Diehl (CVE-2010-3768).

     

    Security researcher wushi of team509 reported that when a XUL

    tree had an HTML <div> element nested inside a

    element then code attempting to display content in the XUL tree would

    incorrectly treat the <div> element as a parent node to tree content

    underneath it resulting in incorrect indexes being calculated for the

    child content. These incorrect indexes were used in subsequent array

    operations which resulted in writing data past the end of an allocated

    buffer. An attacker could use this issue to crash a victim's browser

    and run arbitrary code on their machine (CVE-2010-3772).

     

    Security researcher echo reported that a web page could open a window

    with an about:blank location and then inject an element

    into that page which upon submission would redirect to a chrome:

    document. The effect of this defect was that the original page would

    wind up with a reference to a chrome-privileged object, the opened

    window, which could be leveraged for privilege escalation attacks

    (CVE-2010-3771).

     

    Dirk Heinrich reported that on Windows platforms when document.write()

    was called with a very long string a buffer overflow was caused in line

    breaking routines attempting to process the string for display. Such

    cases triggered an invalid read past the end of an array causing a

    crash which an attacker could potentially use to run arbitrary code

    on a victim's computer (CVE-2010-3769).

     

    Mozilla developers identified and fixed several memory safety

    bugs in the browser engine used in Firefox and other Mozilla-based

    products. Some of these bugs showed evidence of memory corruption

    under certain circumstances, and we presume that with enough effort

    at least some of these could be exploited to run arbitrary code

    (CVE-2010-3776, CVE-2010-3777).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.

     

    Update:

     

    A mistake was done with the MDVSA-2010:251 advisory where the actual

    firefox software was NOT updated to the 3.6.13 version which in

    turn lead to that some packages wasn't rebuilt against the correct

    version. The secteam wishes to apologise for the misfortunate mistake

    and also wishes everyone a great christmas.

     

    Regards // Santa Claus


  2. A null pointer dereference due to receiving a short packet for a direct

    connection in the MSN code could potentially cause a denial of service.

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    This update provides pidgin 2.7.8 that has been patched to address

    this flaw.


  3. Security issues were identified and fixed in firefox:

     

    Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that

    the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are

    vulnerable to XSS attacks due to some characters being converted to

    angle brackets when displayed by the rendering engine. Sites using

    these character encodings would thus be potentially vulnerable to

    script injection attacks if their script filtering code fails to

    strip out these specific characters (CVE-2010-3770).

     

    Google security researcher Michal Zalewski reported that when a

    window was opened to a site resulting in a network or certificate

    error page, the opening site could access the document inside the

    opened window and inject arbitrary content. An attacker could use

    this bug to spoof the location bar and trick a user into thinking

    they were on a different site than they actually were (CVE-2010-3774).

     

    Mozilla security researcher moz_bug_r_a4 reported that the fix for

    CVE-2010-0179 could be circumvented permitting the execution of

    arbitrary JavaScript with chrome privileges (CVE-2010-3773).

     

    Security researcher regenrecht reported via TippingPoint's Zero

    Day Initiative that JavaScript arrays were vulnerable to an integer

    overflow vulnerability. The report demonstrated that an array could

    be constructed containing a very large number of items such that when

    memory was allocated to store the array items, the integer value used

    to calculate the buffer size would overflow resulting in too small a

    buffer being allocated. Subsequent use of the array object could then

    result in data being written past the end of the buffer and causing

    memory corruption (CVE-2010-3767).

     

    Security researcher regenrecht reported via TippingPoint's Zero Day

    Initiative that a nsDOMAttribute node can be modified without informing

    the iterator object responsible for various DOM traversals. This

    flaw could lead to a inconsistent state where the iterator points

    to an object it believes is part of the DOM but actually points to

    some other object. If such an object had been deleted and its memory

    reclaimed by the system, then the iterator could be used to call into

    attacker-controlled memory (CVE-2010-3766).

     

    Security researcher Gregory Fleischer reported that when a Java

    LiveConnect script was loaded via a data: URL which redirects via a

    meta refresh, then the resulting plugin object was created with the

    wrong security principal and thus received elevated privileges such

    as the abilities to read local files, launch processes, and create

    network connections (CVE-2010-3775).

     

    Mozilla added the OTS font sanitizing library to prevent downloadable

    fonts from exposing vulnerabilities in the underlying OS font

    code. This library mitigates against several issues independently

    reported by Red Hat Security Response Team member Marc Schoenefeld

    and Mozilla security researcher Christoph Diehl (CVE-2010-3768).

     

    Security researcher wushi of team509 reported that when a XUL

    tree had an HTML <div> element nested inside a

    element then code attempting to display content in the XUL tree would

    incorrectly treat the <div> element as a parent node to tree content

    underneath it resulting in incorrect indexes being calculated for the

    child content. These incorrect indexes were used in subsequent array

    operations which resulted in writing data past the end of an allocated

    buffer. An attacker could use this issue to crash a victim's browser

    and run arbitrary code on their machine (CVE-2010-3772).

     

    Security researcher echo reported that a web page could open a window

    with an about:blank location and then inject an element

    into that page which upon submission would redirect to a chrome:

    document. The effect of this defect was that the original page would

    wind up with a reference to a chrome-privileged object, the opened

    window, which could be leveraged for privilege escalation attacks

    (CVE-2010-3771).

     

    Dirk Heinrich reported that on Windows platforms when document.write()

    was called with a very long string a buffer overflow was caused in line

    breaking routines attempting to process the string for display. Such

    cases triggered an invalid read past the end of an array causing a

    crash which an attacker could potentially use to run arbitrary code

    on a victim's computer (CVE-2010-3769).

     

    Mozilla developers identified and fixed several memory safety

    bugs in the browser engine used in Firefox and other Mozilla-based

    products. Some of these bugs showed evidence of memory corruption

    under certain circumstances, and we presume that with enough effort

    at least some of these could be exploited to run arbitrary code

    (CVE-2010-3776, CVE-2010-3777).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.

     

    Update:

     

    A mistake was done with the MDVSA-2010:251 and the MDVSA-2010:251-1

    advisories where the localization files for firefox software was NOT

    updated to the 3.6.13 version. The secteam wishes to apologise for

    the unfortunate mistake and also wishes everyone a great christmas.

     

    Regards // Santa Claus


  4. A vulnerability was discovered and corrected in libxml2:

     

    A double free vulnerability in libxml2 (xpath.c) allows remote

    attackers to cause a denial of service or possibly have unspecified

    other impact via vectors related to XPath handling (CVE-2010-4494).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  5. This is a maintenance update that upgrades php to 5.2.15 for

    CS4/MES5/2009.0.

     

    Key enhancements in PHP 5.2.15 include:

     

    * Fixed bug #47643 (array_diff() takes over 3000 times longer than

    php 5.2.4).

    * Fixed bug #44248 (RFC2616 transgression while HTTPS request through

    proxy with SoapClient object).

     

    Additional post 5.2.15 fixes:

     

    * Fixed bug #53516 (Regression in open_basedir handling).

    * Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres

    is down).

     

    Additionally some of the PECL extensions has been upgraded and/or

    rebuilt for the new php version.

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490


  6. A vulnerability was discovered and corrected in perl-CGI-Simple:

     

    CRLF injection vulnerability in the header function in (1) CGI.pm

    before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows

    remote attackers to inject arbitrary HTTP headers and conduct HTTP

    response splitting attacks via vectors related to non-whitespace

    characters preceded by newline characters, a different vulnerability

    than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410).

     

    The updated packages have been patched to correct this issue.


  7. Multiple vulnerabilities were discovered and corrected in bind:

     

    named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3,

    and 9.7.x before 9.7.2-P3 does not properly handle the combination

    of signed negative responses and corresponding RRSIG records in the

    cache, which allows remote attackers to cause a denial of service

    (daemon crash) via a query for cached data (CVE-2010-3613).

     

    named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3,

    9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not

    properly determine the security status of an NS RRset during a DNSKEY

    algorithm rollover, which might allow remote attackers to cause a

    denial of service (DNSSEC validation error) by triggering a rollover

    (CVE-2010-3614).

     

    ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does

    not properly handle certain bad signatures if multiple trust anchors

    exist for a single zone, which allows remote attackers to cause a

    denial of service (daemon crash) via a DNS query (CVE-2010-3762).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages for Corporate Server 4.0 has been patched to

    address these issues.

     

    The updated packages for Mandriva Linux 2009.0, 2010.0 and Mandriva

    Linux Enterprise Server 5.1 has been upgraded to bind-9.6.2-P3 and

    patched to address the CVE-2010-3762 security issue.

     

    The updated packages for Mandriva Linux 2010.1 has been upgraded to

    bind-9.7.2-P3 which is not vulnerable to these issues.


  8. ....

     

    Ok, you're right, it's boring. I tried to communicate, all I received was a hurt ego. Never mind, will not bother you any more.

     

    .....

     

    no you didn't try to communicate .. ****removed expletives ****

    you're damn right I feel hurt.

     

    this is not a ****removed expletives **** , its a handful people around the world trying to contribute in ways they can.

    stop ****removed expletives **** (discouraging) all over my attempts.

     

    edit: I might be pissed off with wobo, but I need not post it publicly

     

     

     

     


  9. ...

    But:

    1. "Founders of Mandrivausers.org"? Not true, it was founded by Tom, you took over.

    2. "other success stories"? Which ones, my I ask?

    3. "largest Mageia support forum"? Of couse, because no other is there yet. :)

     

    Don't you care how this sounds to others who know the facts? I do not want to insult you but rather help by pointing at such things. If constructive criticism equals insult for you, then it is ok with me. I can live with that although I am disappointed.

     

    wobo

     

    well maybe I'm reading things into it .. but the crew has always been willing to build the community, it REALLY feels like you're trying to "split" a community. that's what insults me.

     

    but I'll engage with you, until I get bored of this.

     

    1. Very true. in 2002 mandrakeusers.org was first registered by me. It was a blank forum with no users. over time members from another forum that was owned by an absent Tom Berger moved to mandrakeusers.org. In April 2005 mandrivausers.org was first registered by me. we still pay credence to Tom's efforts on our front page, and have a complete copy his original website https://mandrivausers...cs/index-2.html

     

    2. you're kidding right? I personally (with no other help) run NZ's largest jabber server. A former admin here now runs a successful linux web hosting company in the UK. there are tons of success stories from the people here.

     

    3. yep ! and I reckon with the enormous amount of experience here at MUB, mageiausers.org could very well continue to be the largest English speaking mageia support forum in the world. We've got some quite determined and talented senior members here; and even better we have some enthusiastic younger members. 20,000 members is quite a resource that you seem to not be interested in?

     

    how about rather than being so negative, and trying to make people look bad, you contribute positively?

    you're criticism is not at all constructive.

     

    the mission statement for this community has almost always been:

    by the community, for the community


  10. To address your points

     

    1. One day I had a domain name pointed to my server and was setting up a forum, the next it was gone. Just like magic, no communication nothing it just evaporated.

     

    2. It was the truth. Not interested in the MUB community. Wanted to start their own ( so I set up a blank forum)

     

    3. What would you know? You were not part of the communication that evaporated. And why do you even care? An odd and rather uninformed accusation.

     

    4. I don't like the tone of your post. We here at MUB have tried really hard to be inclusive and helpful. You've got this exclusive tone in your post; if you're not interested in helping a forum start then thats fine, but don't try and make yourself look important by dragging others down.

     

    The people here who are interested in starting another forum will start another forum, and I will help with what I can; this site is a success story, and some of us here are interested in starting a support forum for mageia, how is that laughable? And why can you not help rather than offend?

     

    I find your post rather insulting to be honest.


  11. Security issues were identified and fixed in firefox:

     

    Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that

    the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are

    vulnerable to XSS attacks due to some characters being converted to

    angle brackets when displayed by the rendering engine. Sites using

    these character encodings would thus be potentially vulnerable to

    script injection attacks if their script filtering code fails to

    strip out these specific characters (CVE-2010-3770).

     

    Google security researcher Michal Zalewski reported that when a

    window was opened to a site resulting in a network or certificate

    error page, the opening site could access the document inside the

    opened window and inject arbitrary content. An attacker could use

    this bug to spoof the location bar and trick a user into thinking

    they were on a different site than they actually were (CVE-2010-3774).

     

    Mozilla security researcher moz_bug_r_a4 reported that the fix for

    CVE-2010-0179 could be circumvented permitting the execution of

    arbitrary JavaScript with chrome privileges (CVE-2010-3773).

     

    Security researcher regenrecht reported via TippingPoint's Zero

    Day Initiative that JavaScript arrays were vulnerable to an integer

    overflow vulnerability. The report demonstrated that an array could

    be constructed containing a very large number of items such that when

    memory was allocated to store the array items, the integer value used

    to calculate the buffer size would overflow resulting in too small a

    buffer being allocated. Subsequent use of the array object could then

    result in data being written past the end of the buffer and causing

    memory corruption (CVE-2010-3767).

     

    Security researcher regenrecht reported via TippingPoint's Zero Day

    Initiative that a nsDOMAttribute node can be modified without informing

    the iterator object responsible for various DOM traversals. This

    flaw could lead to a inconsistent state where the iterator points

    to an object it believes is part of the DOM but actually points to

    some other object. If such an object had been deleted and its memory

    reclaimed by the system, then the iterator could be used to call into

    attacker-controlled memory (CVE-2010-3766).

     

    Security researcher Gregory Fleischer reported that when a Java

    LiveConnect script was loaded via a data: URL which redirects via a

    meta refresh, then the resulting plugin object was created with the

    wrong security principal and thus received elevated privileges such

    as the abilities to read local files, launch processes, and create

    network connections (CVE-2010-3775).

     

    Mozilla added the OTS font sanitizing library to prevent downloadable

    fonts from exposing vulnerabilities in the underlying OS font

    code. This library mitigates against several issues independently

    reported by Red Hat Security Response Team member Marc Schoenefeld

    and Mozilla security researcher Christoph Diehl (CVE-2010-3768).

     

    Security researcher wushi of team509 reported that when a XUL

    tree had an HTML <div> element nested inside a

    element then code attempting to display content in the XUL tree would

    incorrectly treat the <div> element as a parent node to tree content

    underneath it resulting in incorrect indexes being calculated for the

    child content. These incorrect indexes were used in subsequent array

    operations which resulted in writing data past the end of an allocated

    buffer. An attacker could use this issue to crash a victim's browser

    and run arbitrary code on their machine (CVE-2010-3772).

     

    Security researcher echo reported that a web page could open a window

    with an about:blank location and then inject an element

    into that page which upon submission would redirect to a chrome:

    document. The effect of this defect was that the original page would

    wind up with a reference to a chrome-privileged object, the opened

    window, which could be leveraged for privilege escalation attacks

    (CVE-2010-3771).

     

    Dirk Heinrich reported that on Windows platforms when document.write()

    was called with a very long string a buffer overflow was caused in line

    breaking routines attempting to process the string for display. Such

    cases triggered an invalid read past the end of an array causing a

    crash which an attacker could potentially use to run arbitrary code

    on a victim's computer (CVE-2010-3769).

     

    Mozilla developers identified and fixed several memory safety

    bugs in the browser engine used in Firefox and other Mozilla-based

    products. Some of these bugs showed evidence of memory corruption

    under certain circumstances, and we presume that with enough effort

    at least some of these could be exploited to run arbitrary code

    (CVE-2010-3776, CVE-2010-3777).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.


  12. Security issues were identified and fixed in firefox:

     

    Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that

    the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are

    vulnerable to XSS attacks due to some characters being converted to

    angle brackets when displayed by the rendering engine. Sites using

    these character encodings would thus be potentially vulnerable to

    script injection attacks if their script filtering code fails to

    strip out these specific characters (CVE-2010-3770).

     

    Google security researcher Michal Zalewski reported that when a

    window was opened to a site resulting in a network or certificate

    error page, the opening site could access the document inside the

    opened window and inject arbitrary content. An attacker could use

    this bug to spoof the location bar and trick a user into thinking

    they were on a different site than they actually were (CVE-2010-3774).

     

    Mozilla security researcher moz_bug_r_a4 reported that the fix for

    CVE-2010-0179 could be circumvented permitting the execution of

    arbitrary JavaScript with chrome privileges (CVE-2010-3773).

     

    Security researcher regenrecht reported via TippingPoint's Zero

    Day Initiative that JavaScript arrays were vulnerable to an integer

    overflow vulnerability. The report demonstrated that an array could

    be constructed containing a very large number of items such that when

    memory was allocated to store the array items, the integer value used

    to calculate the buffer size would overflow resulting in too small a

    buffer being allocated. Subsequent use of the array object could then

    result in data being written past the end of the buffer and causing

    memory corruption (CVE-2010-3767).

     

    Security researcher regenrecht reported via TippingPoint's Zero Day

    Initiative that a nsDOMAttribute node can be modified without informing

    the iterator object responsible for various DOM traversals. This

    flaw could lead to a inconsistent state where the iterator points

    to an object it believes is part of the DOM but actually points to

    some other object. If such an object had been deleted and its memory

    reclaimed by the system, then the iterator could be used to call into

    attacker-controlled memory (CVE-2010-3766).

     

    Security researcher Gregory Fleischer reported that when a Java

    LiveConnect script was loaded via a data: URL which redirects via a

    meta refresh, then the resulting plugin object was created with the

    wrong security principal and thus received elevated privileges such

    as the abilities to read local files, launch processes, and create

    network connections (CVE-2010-3775).

     

    Mozilla added the OTS font sanitizing library to prevent downloadable

    fonts from exposing vulnerabilities in the underlying OS font

    code. This library mitigates against several issues independently

    reported by Red Hat Security Response Team member Marc Schoenefeld

    and Mozilla security researcher Christoph Diehl (CVE-2010-3768).

     

    Security researcher wushi of team509 reported that when a XUL tree

    had an HTML <div> element nested inside a element then

    code attempting to display content in the XUL tree would incorrectly

    treat the <div> element as a parent node to tree content underneath

    it resulting in incorrect indexes being calculated for the child

    content. These incorrect indexes were used in subsequent array

    operations which resulted in writing data past the end of an allocated

    buffer. An attacker could use this issue to crash a victim's browser

    and run arbitrary code on their machine (CVE-2010-3772).

     

    Security researcher echo reported that a web page could open a window

    with an about:blank location and then inject an element

    into that page which upon submission would redirect to a chrome:

    document. The effect of this defect was that the original page would

    wind up with a reference to a chrome-privileged object, the opened

    window, which could be leveraged for privilege escalation attacks

    (CVE-2010-3771).

     

    Dirk Heinrich reported that on Windows platforms when document.write()

    was called with a very long string a buffer overflow was caused in line

    breaking routines attempting to process the string for display. Such

    cases triggered an invalid read past the end of an array causing a

    crash which an attacker could potentially use to run arbitrary code

    on a victim's computer (CVE-2010-3769).

     

    Mozilla developers identified and fixed several memory safety

    bugs in the browser engine used in Firefox and other Mozilla-based

    products. Some of these bugs showed evidence of memory corruption

    under certain circumstances, and we presume that with enough effort

    at least some of these could be exploited to run arbitrary code

    (CVE-2010-3776, CVE-2010-3777).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.


  13. A vulnerability was discovered and corrected in perl-CGI-Simple:

     

    The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm

    in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME

    boundary string in multipart/x-mixed-replace content, which allows

    remote attackers to inject arbitrary HTTP headers and conduct HTTP

    response splitting attacks via crafted input that contains this value,

    a different vulnerability than CVE-2010-3172 (CVE-2010-2761).

     

    The updated packages have been patched to correct this issue.


  14. Due to a bug in the keychain package the '--noask' option wasn't always

    used, this caused the Qt4 ssh-askpass dialogue to get loaded before a

    window manager was fully-started, preventing the user from entering the

    passphrase as the dialogue never gets focus without a window manager

    running. This update fixes this issue by insuring the '--noask'

    option is used when logging into a DE (the Qt4 ssh-askpass dialogue

    is only shown when the user opens a new terminal emulator window).


  15. Multiple vulnerabilities were discovered and corrected in clamav:

     

    Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV

    before 0.96.5 allow remote attackers to cause a denial of service

    (application crash) or possibly execute arbitrary code via a crafted

    PDF document (CVE-2010-4260, (CVE-2010-4479).

     

    Off-by-one error in the icon_cb function in pe_icons.c in libclamav

    in ClamAV before 0.96.5 allows remote attackers to cause a denial of

    service (memory corruption and application crash) or possibly execute

    arbitrary code via unspecified vectors. NOTE: some of these details

    are obtained from third party information (CVE-2010-4261).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated clamav packages have been upgraded to the 0.96.5 version

    that is not vulnerable to these issues.


  16. A vulnerability was discovered and corrected in openssl:

     

    OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when

    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly

    prevent modification of the ciphersuite in the session cache, which

    allows remote attackers to force the use of an unintended cipher

    via vectors involving sniffing network traffic to discover a session

    identifier (CVE-2010-4180).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  17. A vulnerability was discovered and corrected in the Linux 2.6 kernel:

     

    The compat_alloc_user_space functions in include/asm/compat.h files

    in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do

    not properly allocate the userspace memory required for the 32-bit

    compatibility layer, which allows local users to gain privileges by

    leveraging the ability of the compat_mc_getsockopt function (aka the

    MCAST_MSFILTER getsockopt support) to control a certain length value,

    related to a stack pointer underflow issue, as exploited in the wild

    in September 2010. (CVE-2010-3081)

     

    The IA32 system call emulation functionality in

    arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2

    on the x86_64 platform does not zero extend the %eax register after

    the 32-bit entry path to ptrace is used, which allows local users to

    gain privileges by triggering an out-of-bounds access to the system

    call table using the %rax register. NOTE: this vulnerability exists

    because of a CVE-2007-4573 regression. (CVE-2010-3301)

     

    Integer overflow in the ext4_ext_get_blocks function in

    fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local

    users to cause a denial of service (BUG and system crash) via a

    write operation on the last block of a large file, followed by a sync

    operation. (CVE-2010-3015)

     

    Additionally, the kernel has been updated to the stable version

    2.6.31.14. A timeout bug in bnx2 has been fixed. Muting and unmuting

    on VT1812/VT2002P now should work correctly. A fix for ACL decoding

    on NFS was added. Rebooting on Dell Precision WorkStation T7400 was

    corrected. Read balancing with RAID0 and RAID1 on drives larger then

    2TB was also fixed. A more detailed description is available in the

    package changelog and related tickets.

     

    Thanks to Thomas Backlund and Herton Ronaldo Krzesinski for

    contributions in this update.

     

    To update your kernel, please follow the directions located at:

     

    http://www.mandriva.com/en/security/kernelupdate

×
×
  • Create New...