Jump to content

paul

Admin
  • Content Count

    5598
  • Joined

  • Last visited

  • Days Won

    6

Everything posted by paul

  1. * Some applications that use libXaw were printing error messages when started. Their appearance was also slightly different from the expected. This update stops the error messages and fixes their appearance. * The libXaw package had a poor description. This updates improves the package description and summary.
  2. nautilus-sendto would crash on startup. This update was rebuilt with the right linking flags corrects the problem.
  3. Multiple vulnerabilities were discovered and corrected in krb5: An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism token. An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. Few application protocols use KRB-SAFE messages (CVE-2010-1323). An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted pre-existing application session uses a DES session key. An authenticated remote attacker can forge PACs if using a KDC that does not filter client-provided PAC data. This can result in privilege escalation against a service that relies on PAC contents to make authorization decisions. An unauthenticated remote attacker has a 1/256 chance of swapping a client-issued KrbFastReq into a different KDC-REQ, if the armor key is RC4. The consequences are believed to be minor (CVE-2010-1324). An authenticated remote attacker that controls a legitimate service principal has a 1/256 chance of forging the AD-SIGNEDPATH signature if the TGT key is RC4, allowing it to use self-generated evidence tickets for S4U2Proxy, instead of tickets obtained from the user or with S4U2Self. Configurations using RC4 for the TGT key are believed to be rare. An authenticated remote attacker has a 1/256 chance of forging AD-KDC-ISSUED signatures on authdata elements in tickets having an RC4 service key, resulting in privilege escalation against a service that relies on these signatures. There are no known uses of the KDC-ISSUED authdata container at this time (CVE-2010-4020. An authenticated remote attacker that controls a legitimate service principal could obtain a valid service ticket to itself containing valid KDC-generated authorization data for a client whose TGS-REQ it has intercepted. The attacker could then use this ticket for S4U2Proxy to impersonate the targeted client even if the client never authenticated to the subverted service. The vulnerable configuration is believed to be rare (CVE-2010-4021). The updated packages have been patched to correct this issue.
  4. A vulnerability was discovered and corrected in krb5: An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism token. An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. Few application protocols use KRB-SAFE messages (CVE-2010-1323). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue.
  5. I'm a big fan of XBMC .. I have one in my lounge .. it's awesome :)
  6. A vulnerability has been found and corrected in phpmyadmin: It was possible to conduct a XSS attack using spoofed request on the db search script (CVE-2010-4329). This upgrade provides the latest phpmyadmin versions which is not vulnerable to this security issue.
  7. is nearly finished uni for the year

  8. wow .. quite a hub-bub of activity. Looks good ... interesting considering the controversial Mageia Linux split, and Russian buy out.
  9. A vulnerability was discovered and corrected in libxml2: libxml2 before 2.7.8 reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document (CVE-2010-4008). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
  10. This advisory updates wireshark to the latest version (1.2.13), fixing one security issue: Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption (CVE-2010-4300).
  11. This is a bugfix and maintenance advisory that upgrades pidgin to the latest version (2.7.7) that addresses various issues with upstream service providers (icq, msn). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
  12. The evtouch Xorg driver was not working because its ABI (Application Binary Interface) was too old. The new version contains the necessary ABI updates, so the driver can now work correctly.
  13. A vulnerability was discovered and corrected in gnucash: gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3999). The affected /usr/bin/gnc-test-env file has been removed to mitigate the CVE-2010-3999 vulnerability as gnc-test-env is only used for tests and while building gnucash. Additionally for Mandriva 2010.1 gnucash-2.2.9 was not compatible with guile. This update adapts gnucash to the new API of guile.
  14. A vulnerability was discovered and corrected in mono: Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-4159). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue.
  15. Normal users lacks permission to change their own personal information on kolab web interface, this update fixes this issue.
  16. update bacula version (from 3.0.2 to 3.0.3) and add Bweb interface. Add the new dependency javascript-libs-extjs (needed for bweb).
  17. This is a maintenance and bugfix release of firefox that upgrades firefox to the 3.6.12 version and adds missing localization packages for the Georgian, Kurdish, Occitan and Serbian languages. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates.
  18. paul

    mageiausers.org

    ur naow teh adminz
  19. paul

    mageiausers.org

    you poor bastard .. you're a glutton for punishment aren't you? go register, and I can tick the box to make you admin .. don't say I didn't warn you
  20. paul

    mageiausers.org

    1. Correct; no release means nothing to support, but it *might* happen :) 2. Final conclusion was: Conversation evaporated, never continued, and whoever is in control of the dns removed forum.mageia.org (or pointed it elsewhere) 3.Not so far; and keep a legible user database, but I'll keep my eye out. Dexter and SilverSurfer .. I'm trying to drum up support, been here before (starting a support forum) it takes more than one person; takes a team
  21. paul

    mageiausers.org

    Right . .who's in? and what is there to do?
  22. This advisory fixes the gpg keys parsing, which were resulting in some warnings (bug 61636).
  23. A possible double free flaw was found in the imap extension for php (CVE-2010-4150). A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could cause a segmention fault (crash). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
  24. This is a bugfix and maintenance update bundle that addresses various issues in a number of packages. * Some thread-related problems were found in the libalsa2 library that could cause segmentation faults in some audio applications (one example being phonon when used with gstreamer output and accessing pulseaudio via ALSA plugin). The updated libalsa2 package contains an upstream fix to correct this problem. On a related note the PulseAudio package has also been updated to include several important upstream bugfixes including: * Much improved handling of capture stream latencies and timing * Client side XCB implementation to replace Xlib (and thus solve some thread-related issues). * Support for the a52 alsa plugin when combined with an appropriate ~/.asoundrc file. * Several bugs in the pulseaudio plugin for the GStreamer audio framework could lead to application crashes, for instance in pidgin. This update contains fixes for memory allocation and lock handling of the pulseaudio plugin.
  25. A possible double free flaw was found in the imap extension for php (CVE-2010-4150). A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could case a segmention fault (crash). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues.
×
×
  • Create New...