paul

November 5, 2010

It was discovered the kdeplasma-addons packages were not rebuilt

(relinked) against the libkdcraw.so.8 and libkexiv2.so.8 libraries

provided by kdegraphics4-4.3.5-0.7mdv2010.0. This advisory addresses

this problem.

November 5, 2010

It was discovered the kipi-plugins packages were not rebuilt (relinked)

against the libkdcraw.so.8 and libkexiv2.so.8 libraries provided by

kdegraphics4-4.3.5-0.7mdv2010.0. This advisory addresses this problem.

November 4, 2010

This is a maintenance and bugfix release of sudo which upgrades sudo

to the latest 1.7.4p4 version.

November 4, 2010

Multiple vulnerabilities were discovered and corrected in pam:

The pam_xauth module did not verify the return values of the setuid()

and setgid() system calls. A local, unprivileged user could use this

flaw to execute the xauth command with root privileges and make it

read an arbitrary input file (CVE-2010-3316).

The pam_mail module used root privileges while accessing users'

files. In certain configurations, a local, unprivileged user could

use this flaw to obtain limited information about files or directories

that they do not have access to (CVE-2010-3435).

The pam_namespace module executed the external script namespace.init

with an unchanged environment inherited from an application calling

PAM. In cases where such an environment was untrusted (for example,

when pam_namespace was configured for setuid applications such as su

or sudo), a local, unprivileged user could possibly use this flaw to

escalate their privileges (CVE-2010-3853).

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

November 2, 2010

A vulnerability was discovered and corrected in krb5:

The merge_authdata function in kdc_authdata.c in the Key Distribution

Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does

not properly manage an index into an authorization-data list, which

allows remote attackers to cause a denial of service (daemon crash),

or possibly obtain sensitive information, spoof authorization,

or execute arbitrary code, via a TGS request, as demonstrated by a

request from a Windows Active Directory client (CVE-2010-1322).

The updated packages have been patched to correct this issue.

Update:

Update packages for MES5 were missing with the MDVSA-2010:202

advisory. This advisory provides the update packages.

November 2, 2010

the only real way to tell is to download (from a trusted location) chkrootkit and run it

Do not trust an already existing chkrootkit installation.

let chkrootkit report to you, then post the results here.

November 1, 2010

A security issue was identified and fixed in mozilla-thunderbird:

Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14

and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote

attackers to execute arbitrary code via unknown vectors, as exploited

in the wild in October 2010 by the Belmoo malware (CVE-2010-3765).

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and

are being provided as updates.

October 31, 2010

Multiple vulnerabilities were discovered and corrected in php:

Stack consumption vulnerability in the filter_var function in PHP 5.2.x

through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL

mode is used, allows remote attackers to cause a denial of service

(memory consumption and application crash) via a long e-mail address

string (CVE-2010-3710).

A NULL pointer dereference was discovered in

ZipArchive::getArchiveComment (CVE-2010-3709).

A possible flaw was discovered in open_basedir (CVE-2010-3436).

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

October 30, 2010

Multiple vulnerabilities was discovered and corrected in dovecot:

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin

permission to the owner of each mailbox in a non-public namespace,

which might allow remote authenticated users to bypass intended access

restrictions by changing the ACL of a mailbox, as demonstrated by a

symlinked shared mailbox (CVE-2010-3779).

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to

cause a denial of service (master process outage) by simultaneously

disconnecting many (1) IMAP or (2) POP3 sessions (CVE-2010-3780).

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to

newly created mailboxes in certain configurations, which might allow

remote attackers to read mailboxes that have unintended weak ACLs

(CVE-2010-3304).

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15

and 2.0.x before 2.0.5 interprets an ACL entry as a directive to

add to the permissions granted by another ACL entry, instead of a

directive to replace the permissions granted by another ACL entry,

in certain circumstances involving the private namespace of a user,

which allows remote authenticated users to bypass intended access

restrictions via a request to read or modify a mailbox (CVE-2010-3706).

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and

2.0.x before 2.0.5 interprets an ACL entry as a directive to add to

the permissions granted by another ACL entry, instead of a directive

to replace the permissions granted by another ACL entry, in certain

circumstances involving more specific entries that occur after less

specific entries, which allows remote authenticated users to bypass

intended access restrictions via a request to read or modify a mailbox

(CVE-2010-3707).

This advisory provides dovecot 1.2.15 which is not vulnerable to

these issues

October 30, 2010

Multiple vulnerabilities was discovered and corrected in python:

The asyncore module in Python before 3.2 does not properly handle

unsuccessful calls to the accept function, and does not have

accompanying documentation describing how daemon applications should

handle unsuccessful calls to the accept function, which makes it

easier for remote attackers to conduct denial of service attacks that

terminate these applications via network connections (CVE-2010-3492).

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,

2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of

service (daemon outage) by establishing and then immediately closing

a TCP connection, leading to the accept function having an unexpected

return value of None, an unexpected value of None for the address,

or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername

function having an ENOTCONN error, a related issue to CVE-2010-3492

(CVE-2010-3493).

The updated packages have been patched to correct these issues.

October 30, 2010

Multiple vulnerabilities was discovered and corrected in python:

Buffer underflow in the rgbimg module in Python 2.5 allows remote

attackers to cause a denial of service (application crash) via a large

ZSIZE value in a black-and-white (aka B/W) RGB image that triggers

an invalid pointer dereference (CVE-2009-4134).

Integer overflow in rgbimgmodule.c in the rgbimg module in Python

2.5 allows remote attackers to have an unspecified impact via a large

image that triggers a buffer overflow. NOTE: this vulnerability exists

because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449).

Multiple buffer overflows in the RLE decoder in the rgbimg module in

Python 2.5 allow remote attackers to have an unspecified impact via an

image file containing crafted data that triggers improper processing

within the (1) longimagedata or (2) expandrow function (CVE-2010-1450).