Jump to content

paul

Admin
 View Profile  See their activity

  • Posts

    5611

  • Joined

  • Last visited

  • Days Won

    8

 Content Type 

Posts posted by paul

  2. mageiausers.org

    in Mageia

    Posted

    I'm in :) does that mean I'm an admin there too? ;)

     

    you poor bastard .. you're a glutton for punishment aren't you? weird.gif

     

    go register, and I can tick the box to make you admin .. don't say I didn't warn you screwy.gif

     

    popcorn.gif

     

     

     

  3. mageiausers.org

    in Mageia

    Posted

    Since there's no Mageia release out yet, not even a test release, there's nothing really to be in yet if I'm not mistaken. Development takes place on the mailing lists not on the forum.

    Btw what was the final conclusion, will they have their own forum or will they use yours?

     

    I know it's been asked before but I can't remember your answer: is it possible to display the mailing lists as forum topics in the new forum?

     

    1. Correct; no release means nothing to support, but it *might* happen :)

    2. Final conclusion was: Conversation evaporated, never continued, and whoever is in control of the dns removed forum.mageia.org (or pointed it elsewhere)

    3.Not so far; and keep a legible user database, but I'll keep my eye out.

     

     

    You can count me in Paul. As Dexter11 says there's nowt much to talk about yet.

     

    Dexter and SilverSurfer .. I'm trying to drum up support, been here before (starting a support forum) it takes more than one person; takes a team cool.gif

  4. mageiausers.org

    in Mageia

    Posted

    Right . .who's in?

    and what is there to do?

     

     

    From the founders of other Linux support success stories such as MandrivaUsers.org, Mageia Linux support forum: Mageia Users.

     

     

    About Mageia Linux

    As you may have heard, the future of the Mandriva Linux distribution is unclear.

     

    Most employees working on the distribution were laid off when Edge-IT was liquidated. We do not trust the plans of Mandriva SA anymore and we don't think the company (or any company) is a safe host for such a project.

     

    Many things have happened in the past 12 years. Some were very nice: the Mandriva Linux community is quite large, motivated and experienced, the distribution remains one of the most popular and an award-winning product, easy to use and innovative. Some other events did have some really bad consequences that made people not so confident in the viability of their favourite distribution.

     

    People working on it just do not want to be dependent on the economic fluctuations and erratic, unexplained strategic moves of the company.

     

    For more information from the official Mageia Linux team, visit mageia.org

     

    Paul Willard - mageiausers.org founder.

  6. Advisories MDVSA-2010:239: php

    in Mandriva Security Advisories

    Posted

    A possible double free flaw was found in the imap extension for php

    (CVE-2010-4150).

     

    A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that

    under certain circumstances could cause a segmention fault (crash).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  7. Advisories MDVA-2010:227: libalsa2

    in Mandriva Security Advisories

    Posted

    This is a bugfix and maintenance update bundle that addresses various

    issues in a number of packages.

     

    * Some thread-related problems were found in the libalsa2 library

    that could cause segmentation faults in some audio applications (one

    example being phonon when used with gstreamer output and accessing

    pulseaudio via ALSA plugin). The updated libalsa2 package contains

    an upstream fix to correct this problem.

     

    On a related note the PulseAudio package has also been updated to

    include several important upstream bugfixes including:

     

    * Much improved handling of capture stream latencies and timing

     

    * Client side XCB implementation to replace Xlib (and thus solve some

    thread-related issues).

     

    * Support for the a52 alsa plugin when combined with an appropriate

    ~/.asoundrc file.

     

    * Several bugs in the pulseaudio plugin for the GStreamer audio

    framework could lead to application crashes, for instance in

    pidgin. This update contains fixes for memory allocation and lock

    handling of the pulseaudio plugin.

  8. Advisories MDVSA-2010:239: php

    in Mandriva Security Advisories

    Posted

    A possible double free flaw was found in the imap extension for php

    (CVE-2010-4150).

     

    A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that

    under certain circumstances could case a segmention fault (crash).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  9. Advisories MDVSA-2010:238: openssl

    in Mandriva Security Advisories

    Posted

    A vulnerability was discovered in openssl that causes a race condition

    within the TLS extension parsing code and which can be exploited to

    cause a heap-based buffer overflow (CVE-2010-3864).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.

  10. Advisories MDVSA-2010:237: perl-CGI

    in Mandriva Security Advisories

    Posted

    A new version of the CGI Perl module has been released to CPAN,

    which fixes several security bugs which directly affect Bugzilla

    (these two security bugs where first discovered as affecting Bugzilla,

    then identified as being bugs in CGI.pm itself).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been upgraded to perl-CGI 3.50 to solve

    these security issues.

  11. Advisories MDVSA-2010:236: freetype2

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in freetype2:

     

    An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c

    when handling the "SHZ" bytecode instruction can be exploited to

    cause a crash and potentially execute arbitrary code via a specially

    crafted font (CVE-2010-3814).

     

    An error exists in the "ft_var_readpackedpoints()" function in

    src/truetype/ttgxvar.c when processing TrueType GX fonts and can

    be exploited to cause a heap-based buffer overflow via a specially

    crafted font (CVE-2010-3855).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  13. Advisories MDVSA-2010:234: cups

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in cups:

     

    Cross-site request forgery (CSRF) vulnerability in the web interface

    in CUPS, allows remote attackers to hijack the authentication of

    administrators for requests that change settings (CVE-2010-0540).

     

    The _WriteProlog function in texttops.c in texttops in the Text Filter

    subsystem in CUPS before 1.4.4 does not check the return values

    of certain calloc calls, which allows remote attackers to cause a

    denial of service (NULL pointer dereference or heap memory corruption)

    or possibly execute arbitrary code via a crafted file (CVE-2010-0542).

     

    The web interface in CUPS, reads uninitialized memory during handling

    of form variables, which allows context-dependent attackers to obtain

    sensitive information from cupsd process memory via unspecified vectors

    (CVE-2010-1748).

     

    The cupsFileOpen function in CUPS before 1.4.4 allows local users,

    with lp group membership, to overwrite arbitrary files via a

    symlink attack on the (1) /var/cache/cups/remote.cache or (2)

    /var/cache/cups/job.cache file (CVE-2010-2431).

     

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate

    memory for attribute values with invalid string data types, which

    allows remote attackers to cause a denial of service (use-after-free

    and application crash) or possibly execute arbitrary code via a

    crafted IPP request (CVE-2010-2941).

     

    The updated packages have been upgraded to cups 1.3.10 and patched

    to correct these issues.

  14. Advisories MDVSA-2010:232: cups

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in cups:

     

    Cross-site request forgery (CSRF) vulnerability in the web interface

    in CUPS, allows remote attackers to hijack the authentication of

    administrators for requests that change settings (CVE-2010-0540).

     

    The _WriteProlog function in texttops.c in texttops in the Text Filter

    subsystem in CUPS before 1.4.4 does not check the return values

    of certain calloc calls, which allows remote attackers to cause a

    denial of service (NULL pointer dereference or heap memory corruption)

    or possibly execute arbitrary code via a crafted file (CVE-2010-0542).

     

    The web interface in CUPS, reads uninitialized memory during handling

    of form variables, which allows context-dependent attackers to obtain

    sensitive information from cupsd process memory via unspecified vectors

    (CVE-2010-1748).

     

    The cupsFileOpen function in CUPS before 1.4.4 allows local users,

    with lp group membership, to overwrite arbitrary files via a

    symlink attack on the (1) /var/cache/cups/remote.cache or (2)

    /var/cache/cups/job.cache file (CVE-2010-2431).

     

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate

    memory for attribute values with invalid string data types, which

    allows remote attackers to cause a denial of service (use-after-free

    and application crash) or possibly execute arbitrary code via a

    crafted IPP request (CVE-2010-2941).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  15. Advisories MDVSA-2010:233: cups

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in cups:

     

    Cross-site request forgery (CSRF) vulnerability in the web interface

    in CUPS, allows remote attackers to hijack the authentication of

    administrators for requests that change settings (CVE-2010-0540).

     

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate

    memory for attribute values with invalid string data types, which

    allows remote attackers to cause a denial of service (use-after-free

    and application crash) or possibly execute arbitrary code via a

    crafted IPP request (CVE-2010-2941).

     

    The updated packages have been patched to correct these issues.

  17. Advisories MDVSA-2010:231: poppler

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in poppler:

     

    The Gfx::getPos function in the PDF parser in poppler, allows

    context-dependent attackers to cause a denial of service (crash)

    via unknown vectors that trigger an uninitialized pointer dereference

    (CVE-2010-3702).

     

    The PostScriptFunction::PostScriptFunction function in

    poppler/Function.cc in the PDF parser in poppler, allows

    context-dependent attackers to cause a denial of service (crash)

    via a PDF file that triggers an uninitialized pointer dereference

    (CVE-2010-3703).

     

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

    in poppler, allows context-dependent attackers to cause a denial

    of service (crash) and possibly execute arbitrary code via a PDF

    file with a crafted Type1 font that contains a negative array index,

    which bypasses input validation and which triggers memory corruption

    (CVE-2010-3704).

     

    The updated packages have been patched to correct these issues.

  18. Advisories MDVSA-2010:230: poppler

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in poppler:

     

    The Gfx::getPos function in the PDF parser in poppler, allows

    context-dependent attackers to cause a denial of service (crash)

    via unknown vectors that trigger an uninitialized pointer dereference

    (CVE-2010-3702).

     

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

    in poppler, allows context-dependent attackers to cause a denial

    of service (crash) and possibly execute arbitrary code via a PDF

    file with a crafted Type1 font that contains a negative array index,

    which bypasses input validation and which triggers memory corruption

    (CVE-2010-3704).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  19. Advisories MDVSA-2010:229: kdegraphics

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in kdegraphics:

     

    The Gfx::getPos function in the PDF parser in kdegraphics, allows

    context-dependent attackers to cause a denial of service (crash)

    via unknown vectors that trigger an uninitialized pointer dereference

    (CVE-2010-3702).

     

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

    in kdegraphics, allows context-dependent attackers to cause a denial

    of service (crash) and possibly execute arbitrary code via a PDF

    file with a crafted Type1 font that contains a negative array index,

    which bypasses input validation and which triggers memory corruption

    (CVE-2010-3704).

     

    The updated packages have been patched to correct these issues.

  20. Advisories MDVSA-2010:228: xpdf

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in xpdf:

     

    The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,

    allows context-dependent attackers to cause a denial of service (crash)

    via unknown vectors that trigger an uninitialized pointer dereference

    (CVE-2010-3702).

     

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

    in xpdf before 3.02pl5, allows context-dependent attackers to cause a

    denial of service (crash) and possibly execute arbitrary code via a PDF

    file with a crafted Type1 font that contains a negative array index,

    which bypasses input validation and which triggers memory corruption

    (CVE-2010-3704).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

  22. Advisories MDVA-2010:224: snort

    in Mandriva Security Advisories

    Posted

    Thus is a bug and maintenance release of snort that fixes numerous

    of issues such as:

     

    * Fix installer packages to include correct version of sensitive data

    preprocessor for linux and Windows

     

    * Eliminate false positives when using fast_pattern:only and having

    only one http content in the pattern matcher.

     

    * Address false positives in FTP preprocessor with string format

    verification.

     

    This advisory provides snort v2.8.6.1 where these problems has been

    resolved.

  24. Advisories MDVSA-2010:227: proftpd

    in Mandriva Security Advisories

    Posted

    Multiple vulnerabilities were discovered and corrected in proftpd:

     

    Multiple directory traversal vulnerabilities in the mod_site_misc

    module in ProFTPD before 1.3.3c allow remote authenticated users to

    create directories, delete directories, create symlinks, and modify

    file timestamps via directory traversal sequences in a (1) SITE

    MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command

    (CVE-2010-3867).

     

    Multiple stack-based buffer overflows in the pr_netio_telnet_gets

    function in netio.c in ProFTPD before 1.3.3c allow remote attackers

    to execute arbitrary code via vectors involving a TELNET IAC escape

    character to a (1) FTP or (2) FTPS server (CVE-2010-4221).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

×
×
  • Create New...