Jump to content

paul

Admin
  • Content Count

    5598
  • Joined

  • Last visited

  • Days Won

    6

Posts posted by paul


  1. Multiple vulnerabilities were discovered and corrected in freetype2:

     

    An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c

    when handling the "SHZ" bytecode instruction can be exploited to

    cause a crash and potentially execute arbitrary code via a specially

    crafted font (CVE-2010-3814).

     

    An error exists in the "ft_var_readpackedpoints()" function in

    src/truetype/ttgxvar.c when processing TrueType GX fonts and can

    be exploited to cause a heap-based buffer overflow via a specially

    crafted font (CVE-2010-3855).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  2. Multiple vulnerabilities were discovered and corrected in cups:

     

    Cross-site request forgery (CSRF) vulnerability in the web interface

    in CUPS, allows remote attackers to hijack the authentication of

    administrators for requests that change settings (CVE-2010-0540).

     

    The _WriteProlog function in texttops.c in texttops in the Text Filter

    subsystem in CUPS before 1.4.4 does not check the return values

    of certain calloc calls, which allows remote attackers to cause a

    denial of service (NULL pointer dereference or heap memory corruption)

    or possibly execute arbitrary code via a crafted file (CVE-2010-0542).

     

    The web interface in CUPS, reads uninitialized memory during handling

    of form variables, which allows context-dependent attackers to obtain

    sensitive information from cupsd process memory via unspecified vectors

    (CVE-2010-1748).

     

    The cupsFileOpen function in CUPS before 1.4.4 allows local users,

    with lp group membership, to overwrite arbitrary files via a

    symlink attack on the (1) /var/cache/cups/remote.cache or (2)

    /var/cache/cups/job.cache file (CVE-2010-2431).

     

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate

    memory for attribute values with invalid string data types, which

    allows remote attackers to cause a denial of service (use-after-free

    and application crash) or possibly execute arbitrary code via a

    crafted IPP request (CVE-2010-2941).

     

    The updated packages have been upgraded to cups 1.3.10 and patched

    to correct these issues.


  3. Multiple vulnerabilities were discovered and corrected in cups:

     

    Cross-site request forgery (CSRF) vulnerability in the web interface

    in CUPS, allows remote attackers to hijack the authentication of

    administrators for requests that change settings (CVE-2010-0540).

     

    The _WriteProlog function in texttops.c in texttops in the Text Filter

    subsystem in CUPS before 1.4.4 does not check the return values

    of certain calloc calls, which allows remote attackers to cause a

    denial of service (NULL pointer dereference or heap memory corruption)

    or possibly execute arbitrary code via a crafted file (CVE-2010-0542).

     

    The web interface in CUPS, reads uninitialized memory during handling

    of form variables, which allows context-dependent attackers to obtain

    sensitive information from cupsd process memory via unspecified vectors

    (CVE-2010-1748).

     

    The cupsFileOpen function in CUPS before 1.4.4 allows local users,

    with lp group membership, to overwrite arbitrary files via a

    symlink attack on the (1) /var/cache/cups/remote.cache or (2)

    /var/cache/cups/job.cache file (CVE-2010-2431).

     

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate

    memory for attribute values with invalid string data types, which

    allows remote attackers to cause a denial of service (use-after-free

    and application crash) or possibly execute arbitrary code via a

    crafted IPP request (CVE-2010-2941).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  4. Multiple vulnerabilities were discovered and corrected in cups:

     

    Cross-site request forgery (CSRF) vulnerability in the web interface

    in CUPS, allows remote attackers to hijack the authentication of

    administrators for requests that change settings (CVE-2010-0540).

     

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate

    memory for attribute values with invalid string data types, which

    allows remote attackers to cause a denial of service (use-after-free

    and application crash) or possibly execute arbitrary code via a

    crafted IPP request (CVE-2010-2941).

     

    The updated packages have been patched to correct these issues.


  5. Multiple vulnerabilities were discovered and corrected in poppler:

     

    The Gfx::getPos function in the PDF parser in poppler, allows

    context-dependent attackers to cause a denial of service (crash)

    via unknown vectors that trigger an uninitialized pointer dereference

    (CVE-2010-3702).

     

    The PostScriptFunction::PostScriptFunction function in

    poppler/Function.cc in the PDF parser in poppler, allows

    context-dependent attackers to cause a denial of service (crash)

    via a PDF file that triggers an uninitialized pointer dereference

    (CVE-2010-3703).

     

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

    in poppler, allows context-dependent attackers to cause a denial

    of service (crash) and possibly execute arbitrary code via a PDF

    file with a crafted Type1 font that contains a negative array index,

    which bypasses input validation and which triggers memory corruption

    (CVE-2010-3704).

     

    The updated packages have been patched to correct these issues.


  6. Multiple vulnerabilities were discovered and corrected in poppler:

     

    The Gfx::getPos function in the PDF parser in poppler, allows

    context-dependent attackers to cause a denial of service (crash)

    via unknown vectors that trigger an uninitialized pointer dereference

    (CVE-2010-3702).

     

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

    in poppler, allows context-dependent attackers to cause a denial

    of service (crash) and possibly execute arbitrary code via a PDF

    file with a crafted Type1 font that contains a negative array index,

    which bypasses input validation and which triggers memory corruption

    (CVE-2010-3704).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  7. Multiple vulnerabilities were discovered and corrected in kdegraphics:

     

    The Gfx::getPos function in the PDF parser in kdegraphics, allows

    context-dependent attackers to cause a denial of service (crash)

    via unknown vectors that trigger an uninitialized pointer dereference

    (CVE-2010-3702).

     

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

    in kdegraphics, allows context-dependent attackers to cause a denial

    of service (crash) and possibly execute arbitrary code via a PDF

    file with a crafted Type1 font that contains a negative array index,

    which bypasses input validation and which triggers memory corruption

    (CVE-2010-3704).

     

    The updated packages have been patched to correct these issues.


  8. Multiple vulnerabilities were discovered and corrected in xpdf:

     

    The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,

    allows context-dependent attackers to cause a denial of service (crash)

    via unknown vectors that trigger an uninitialized pointer dereference

    (CVE-2010-3702).

     

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

    in xpdf before 3.02pl5, allows context-dependent attackers to cause a

    denial of service (crash) and possibly execute arbitrary code via a PDF

    file with a crafted Type1 font that contains a negative array index,

    which bypasses input validation and which triggers memory corruption

    (CVE-2010-3704).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  9. Thus is a bug and maintenance release of snort that fixes numerous

    of issues such as:

     

    * Fix installer packages to include correct version of sensitive data

    preprocessor for linux and Windows

     

    * Eliminate false positives when using fast_pattern:only and having

    only one http content in the pattern matcher.

     

    * Address false positives in FTP preprocessor with string format

    verification.

     

    This advisory provides snort v2.8.6.1 where these problems has been

    resolved.


  10. Multiple vulnerabilities were discovered and corrected in proftpd:

     

    Multiple directory traversal vulnerabilities in the mod_site_misc

    module in ProFTPD before 1.3.3c allow remote authenticated users to

    create directories, delete directories, create symlinks, and modify

    file timestamps via directory traversal sequences in a (1) SITE

    MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command

    (CVE-2010-3867).

     

    Multiple stack-based buffer overflows in the pr_netio_telnet_gets

    function in netio.c in ProFTPD before 1.3.3c allow remote attackers

    to execute arbitrary code via vectors involving a TELNET IAC escape

    character to a (1) FTP or (2) FTPS server (CVE-2010-4221).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  11. A vulnerability was discovered and corrected in ISC dhcp:

     

    ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before

    4.2.0-P1 allows remote attackers to cause a denial of service (crash)

    via a DHCPv6 packet containing a Relay-Forward message without an

    address in the Relay-Forward link-address field (CVE-2010-3611).

     

    The updated packages have been upgraded to 4.1.2 which is not

    vulnerable to this issue.


  12. A vulnerability was discovered and corrected in libmbfl (php):

     

    * Fix bug #53273 (mb_strcut() returns garbage with the excessive

    length parameter) (CVE-2010-4156).

     

    The updated packages have been patched to correct these issues.

     

    Update:

     

    The MDVSA-2010:225 advisory used the wrong patch to address the

    problem, however it did fix the issue. This advisory provides the

    correct upstream patch.


  13. A vulnerability was discovered and corrected in libmbfl (php):

     

    * Fix bug #53273 (mb_strcut() returns garbage with the excessive

    length parameter) (CVE-2010-4156).

     

    The updated packages have been patched to correct these issues.

     

    Update:

     

    The MDVSA-2010:225 advisory used the wrong patch to address the

    problem, however it did fix the issue. This advisory provides the

    corect upstream patch.


  14. Multiple vulnerabilities were discovered and corrected in mysql:

     

    * During evaluation of arguments to extreme-value functions (such

    as LEAST() and GREATEST()), type errors did not propagate properly,

    causing the server to crash (CVE-2010-3833).

     

    * The server could crash after materializing a derived table that

    required a temporary table for grouping (CVE-2010-3834).

     

    * A user-variable assignment expression that is evaluated in a logical

    expression context can be precalculated in a temporary table for GROUP

    BY. However, when the expression value is used after creation of the

    temporary table, it was re-evaluated, not read from the table and a

    server crash resulted (CVE-2010-3835).

     

    * Pre-evaluation of LIKE predicates during view preparation could

    cause a server crash (CVE-2010-3836).

     

    * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash

    (CVE-2010-3837).

     

    * Queries could cause a server crash if the GREATEST() or LEAST()

    function had a mixed list of numeric and LONGBLOB arguments, and

    the result of such a function was processed using an intermediate

    temporary table (CVE-2010-3838).

     

    * Queries with nested joins could cause an infinite loop in the

    server when used from stored procedures and prepared statements

    (CVE-2010-3839).

     

    * The PolyFromWKB() function could crash the server when improper

    WKB data was passed to the function (CVE-2010-3840).

     

    The updated packages have been patched to correct these issues.


  15. A vulnerability was discovered and corrected in php:

     

    A flaw in ext/xml/xml.c could cause a cross-site scripting (XSS)

    vulnerability (CVE-2010-3870).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  16. Multiple vulnerabilities were discovered and corrected in mysql:

     

    * Joins involving a table with with a unique SET column could cause

    a server crash (CVE-2010-3677).

     

    * Use of TEMPORARY InnoDB tables with nullable columns could cause

    a server crash (CVE-2010-3680).

     

    * The server could crash if there were alternate reads from two

    indexes on a table using the HANDLER interface (CVE-2010-3681).

     

    * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY

    (SELECT ... WHERE ...) could cause a server crash (CVE-2010-3682).

     

    * During evaluation of arguments to extreme-value functions (such

    as LEAST() and GREATEST()), type errors did not propagate properly,

    causing the server to crash (CVE-2010-3833).

     

    * The server could crash after materializing a derived table that

    required a temporary table for grouping (CVE-2010-3834).

     

    * A user-variable assignment expression that is evaluated in a logical

    expression context can be precalculated in a temporary table for GROUP

    BY. However, when the expression value is used after creation of the

    temporary table, it was re-evaluated, not read from the table and a

    server crash resulted (CVE-2010-3835).

     

    * Pre-evaluation of LIKE predicates during view preparation could

    cause a server crash (CVE-2010-3836).

     

    * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash

    (CVE-2010-3837).

     

    * Queries could cause a server crash if the GREATEST() or LEAST()

    function had a mixed list of numeric and LONGBLOB arguments, and

    the result of such a function was processed using an intermediate

    temporary table (CVE-2010-3838).

     

    * Queries with nested joins could cause an infinite loop in the

    server when used from stored procedures and prepared statements

    (CVE-2010-3839).

     

    * The PolyFromWKB() function could crash the server when improper

    WKB data was passed to the function (CVE-2010-3840).

     

    Additionally the default behaviour of using the mysqlmanager instead

    of the mysqld_safe script has been reverted in the SysV init script

    because of instability issues with the mysqlmanager.

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been upgraded to mysql 5.0.91 and patched

    to correct these issues.


  17. Multiple vulnerabilities has been found and corrected in mysql:

     

    MySQL before 5.1.48 allows remote authenticated users with alter

    database privileges to cause a denial of service (server crash

    and database loss) via an ALTER DATABASE command with a #mysql50#

    string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or

    similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which

    causes MySQL to move certain directories to the server data directory

    (CVE-2010-2008).

     

    Additionally many security issues noted in the 5.1.49 release notes

    has been addressed with this advisory as well, such as:

     

    * LOAD DATA INFILE did not check for SQL errors and sent an OK packet

    even when errors were already reported. Also, an assert related to

    client-server protocol checking in debug servers sometimes was raised

    when it should not have been. (Bug#52512) (CVE-2010-3683)

     

    * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER

    BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)

    (CVE-2010-3682)

     

    * The server could crash if there were alternate reads from two indexes

    on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)

     

    * A malformed argument to the BINLOG statement could result in Valgrind

    warnings or a server crash. (Bug#54393) (CVE-2010-3679)

     

    * Incorrect handling of NULL arguments could lead to a crash for IN()

    or CASE operations when NULL arguments were either passed explicitly

    as arguments (for IN()) or implicitly generated by the WITH ROLLUP

    modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)

     

    * Joins involving a table with with a unique SET column could cause

    a server crash. (Bug#54575) (CVE-2010-3677)

     

    * Use of TEMPORARY InnoDB tables with nullable columns could cause

    a server crash. (Bug#54044) (CVE-2010-3680)

     

    The updated packages have been patched to correct these issues.

     

    Update:

     

    Packages for 2009.1 was not provided with the MDVSA-2010:155

    advisory. This advisory provides the missing packages.


  18. Multiple vulnerabilities was discovered and corrected in the

    OpenOffice.org:

     

    Integer overflow allows remote attackers to execute arbitrary code

    via a crafted XPM file that triggers a heap-based buffer overflow

    (CVE-2009-2949).

     

    Heap-based buffer overflow allows remote attackers to cause a denial

    of service (application crash) or possibly execute arbitrary code

    via a crafted GIF file, related to LZW decompression (CVE-2009-2950).

     

    Integer underflow allows remote attackers to cause a denial of

    service (application crash) or possibly execute arbitrary code via

    a crafted sprmTDefTable table property modifier in a Word document

    (CVE-2009-3301).

     

    boundary error flaw allows remote attackers to cause a denial of

    service (application crash) or possibly execute arbitrary code via

    a crafted sprmTSetBrc table property modifier in a Word document

    (CVE-2009-3302).

     

    Lack of properly enforcing Visual Basic for Applications (VBA) macro

    security settings, which allows remote attackers to run arbitrary

    macros via a crafted document (CVE-2010-0136).

     

    User-assisted remote attackers are able to bypass Python macro

    security restrictions and execute arbitrary Python code via a crafted

    OpenDocument Text (ODT) file that triggers code execution when the

    macro directory structure is previewed (CVE-2010-0395).

     

    Impress module does not properly handle integer values associated

    with dictionary property items, which allows remote attackers to

    cause a denial of service (application crash) or possibly execute

    arbitrary code via a crafted PowerPoint document that triggers a

    heap-based buffer overflow, related to an integer truncation error

    (CVE-2010-2935).

     

    Integer overflow in the Impress allows remote attackers to cause a

    denial of service (application crash) or possibly execute arbitrary

    code via crafted polygons in a PowerPoint document that triggers a

    heap-based buffer overflow (CVE-2010-2936).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    This update provides OpenOffice.org packages have been patched to

    correct these issues and additional dependent packages.

×
×
  • Create New...