-
Content Count
5599 -
Joined
-
Last visited
-
Days Won
6
Posts posted by paul
-
-
It was discovered the kipi-plugins packages were not rebuilt (relinked)
against the libkdcraw.so.8 and libkexiv2.so.8 libraries provided by
kdegraphics4-4.3.5-0.7mdv2010.0. This advisory addresses this problem.
-
This is a maintenance and bugfix release of sudo which upgrades sudo
to the latest 1.7.4p4 version.
-
Multiple vulnerabilities were discovered and corrected in pam:
The pam_xauth module did not verify the return values of the setuid()
and setgid() system calls. A local, unprivileged user could use this
flaw to execute the xauth command with root privileges and make it
read an arbitrary input file (CVE-2010-3316).
The pam_mail module used root privileges while accessing users'
files. In certain configurations, a local, unprivileged user could
use this flaw to obtain limited information about files or directories
that they do not have access to (CVE-2010-3435).
The pam_namespace module executed the external script namespace.init
with an unchanged environment inherited from an application calling
PAM. In cases where such an environment was untrusted (for example,
when pam_namespace was configured for setuid applications such as su
or sudo), a local, unprivileged user could possibly use this flaw to
escalate their privileges (CVE-2010-3853).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
A vulnerability was discovered and corrected in krb5:
The merge_authdata function in kdc_authdata.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does
not properly manage an index into an authorization-data list, which
allows remote attackers to cause a denial of service (daemon crash),
or possibly obtain sensitive information, spoof authorization,
or execute arbitrary code, via a TGS request, as demonstrated by a
request from a Windows Active Directory client (CVE-2010-1322).
The updated packages have been patched to correct this issue.
Update:
Update packages for MES5 were missing with the MDVSA-2010:202
advisory. This advisory provides the update packages.
-
the only real way to tell is to download (from a trusted location) chkrootkit and run it
Do not trust an already existing chkrootkit installation.
let chkrootkit report to you, then post the results here.
-
A security issue was identified and fixed in mozilla-thunderbird:
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14
and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote
attackers to execute arbitrary code via unknown vectors, as exploited
in the wild in October 2010 by the Belmoo malware (CVE-2010-3765).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
Multiple vulnerabilities were discovered and corrected in php:
Stack consumption vulnerability in the filter_var function in PHP 5.2.x
through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL
mode is used, allows remote attackers to cause a denial of service
(memory consumption and application crash) via a long e-mail address
string (CVE-2010-3710).
A NULL pointer dereference was discovered in
ZipArchive::getArchiveComment (CVE-2010-3709).
A possible flaw was discovered in open_basedir (CVE-2010-3436).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities was discovered and corrected in dovecot:
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin
permission to the owner of each mailbox in a non-public namespace,
which might allow remote authenticated users to bypass intended access
restrictions by changing the ACL of a mailbox, as demonstrated by a
symlinked shared mailbox (CVE-2010-3779).
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to
cause a denial of service (master process outage) by simultaneously
disconnecting many (1) IMAP or (2) POP3 sessions (CVE-2010-3780).
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to
newly created mailboxes in certain configurations, which might allow
remote attackers to read mailboxes that have unintended weak ACLs
(CVE-2010-3304).
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and 2.0.x before 2.0.5 interprets an ACL entry as a directive to
add to the permissions granted by another ACL entry, instead of a
directive to replace the permissions granted by another ACL entry,
in certain circumstances involving the private namespace of a user,
which allows remote authenticated users to bypass intended access
restrictions via a request to read or modify a mailbox (CVE-2010-3706).
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and
2.0.x before 2.0.5 interprets an ACL entry as a directive to add to
the permissions granted by another ACL entry, instead of a directive
to replace the permissions granted by another ACL entry, in certain
circumstances involving more specific entries that occur after less
specific entries, which allows remote authenticated users to bypass
intended access restrictions via a request to read or modify a mailbox
(CVE-2010-3707).
This advisory provides dovecot 1.2.15 which is not vulnerable to
these issues
-
Multiple vulnerabilities was discovered and corrected in python:
The asyncore module in Python before 3.2 does not properly handle
unsuccessful calls to the accept function, and does not have
accompanying documentation describing how daemon applications should
handle unsuccessful calls to the accept function, which makes it
easier for remote attackers to conduct denial of service attacks that
terminate these applications via network connections (CVE-2010-3492).
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of
service (daemon outage) by establishing and then immediately closing
a TCP connection, leading to the accept function having an unexpected
return value of None, an unexpected value of None for the address,
or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername
function having an ENOTCONN error, a related issue to CVE-2010-3492
(CVE-2010-3493).
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities was discovered and corrected in python:
Buffer underflow in the rgbimg module in Python 2.5 allows remote
attackers to cause a denial of service (application crash) via a large
ZSIZE value in a black-and-white (aka B/W) RGB image that triggers
an invalid pointer dereference (CVE-2009-4134).
Integer overflow in rgbimgmodule.c in the rgbimg module in Python
2.5 allows remote attackers to have an unspecified impact via a large
image that triggers a buffer overflow. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449).
Multiple buffer overflows in the RLE decoder in the rgbimg module in
Python 2.5 allow remote attackers to have an unspecified impact via an
image file containing crafted data that triggers improper processing
within the (1) longimagedata or (2) expandrow function (CVE-2010-1450).
The asyncore module in Python before 3.2 does not properly handle
unsuccessful calls to the accept function, and does not have
accompanying documentation describing how daemon applications should
handle unsuccessful calls to the accept function, which makes it
easier for remote attackers to conduct denial of service attacks that
terminate these applications via network connections (CVE-2010-3492).
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of
service (daemon outage) by establishing and then immediately closing
a TCP connection, leading to the accept function having an unexpected
return value of None, an unexpected value of None for the address,
or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername
function having an ENOTCONN error, a related issue to CVE-2010-3492
(CVE-2010-3493).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
A vulnerability in Linux kernel caused by insecure allocation of user
space memory when translating system call inputs to 64-bit. A stack
pointer underflow can occur when using the compat_alloc_user_space
method with an arbitrary length input. (CVE-2010-3081)
To update your kernel, please follow the directions located at:
-
It was discovered that the gjs packages wasn't rebuilt for the latest
xulrunner version, this advisory fixes the problem.
-
A vulnerability was discovered and corrected in xulrunner:
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14
and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote
attackers to execute arbitrary code via unknown vectors, as exploited
in the wild in October 2010 by the Belmoo malware (CVE-2010-3765).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
The gkrellm package shipped in 2010.0 and 2010.1 was build without
libsensor support, preventing the usage of hardware sensors in some
cases, as reported in bug #55400.
-
This update fixes several major issues in perl-URPM:
- it fixes a crash in rpmdrake (#40309, #54521)
- it fixes a segfault in rpmdrake & urpmi on 32bit machines (#61144)
-
libgpod as shipped with Mandriva 2010.1 does not have support for HAL,
the Hardware Abstraction Layer anymore. This is still needed for iPod
support in KDE, so the update reenables HAL support.
-
This is a bugfix release that upgrades clamav to the latest version
(0.96.4).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
-
The install of mailman failed because of a problem in the rpm scripts,
additionally the logrotation script was fixed.
-
A vulnerability in the GNU C library (glibc) was discovered which
could escalate the privilegies for local users (CVE-2010-3856).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
Security issues were identified and fixed in mozilla-thunderbird:
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via
a brute-force attack (CVE-2010-3173).
Unspecified vulnerability in the browser engine in Mozilla Firefox
3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before
2.0.9 allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do
not properly handle certain modal calls made by javascript: URLs
in circumstances related to opening a new window and performing
cross-domain navigation, which allows remote attackers to bypass the
Same Origin Policy via a crafted HTML document (CVE-2010-3178).
Stack-based buffer overflow in the text-rendering functionality in
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a long argument to the
document.write method (CVE-2010-3179).
Use-after-free vulnerability in the nsBarProp function in Mozilla
Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote
attackers to execute arbitrary code by accessing the locationbar
property of a closed window (CVE-2010-3180).
A certain application-launch script in Mozilla Firefox before 3.5.14
and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3182).
The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x
before 3.1.5, and SeaMonkey before 2.0.9 does not properly support
window.__lookupGetter__ function calls that lack arguments, which
allows remote attackers to execute arbitrary code or cause a denial
of service (incorrect pointer dereference and application crash)
via a crafted HTML document (CVE-2010-3183).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
Security issues were identified and fixed in firefox:
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
recognize a wildcard IP address in the subject's Common Name field of
an X.509 certificate, which might allow man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by
a legitimate Certification Authority (CVE-2010-3170).
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via
a brute-force attack (CVE-2010-3173).
Unspecified vulnerability in the browser engine in Mozilla Firefox
3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before
2.0.9 allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher
parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and
SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary
web script or HTML via a crafted name of a (1) file or (2) directory
on a Gopher server (CVE-2010-3177).
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do
not properly handle certain modal calls made by javascript: URLs
in circumstances related to opening a new window and performing
cross-domain navigation, which allows remote attackers to bypass the
Same Origin Policy via a crafted HTML document (CVE-2010-3178).
Stack-based buffer overflow in the text-rendering functionality in
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a long argument to the
document.write method (CVE-2010-3179).
Use-after-free vulnerability in the nsBarProp function in Mozilla
Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote
attackers to execute arbitrary code by accessing the locationbar
property of a closed window (CVE-2010-3180).
A certain application-launch script in Mozilla Firefox before 3.5.14
and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3182).
The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x
before 3.1.5, and SeaMonkey before 2.0.9 does not properly support
window.__lookupGetter__ function calls that lack arguments, which
allows remote attackers to execute arbitrary code or cause a denial
of service (incorrect pointer dereference and application crash)
via a crafted HTML document (CVE-2010-3183).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates. The NSS and SQLite3 packages has been
upgraded to the latest versions.
-
A buffer overflow was discovered in libsmi when long OID was given
in numerical form. This could lead to arbitraty code execution
(CVE-2010-2891).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A security vulnerability has been identified and fixed in pidgin:
It has been discovered that eight denial of service conditions exist
in libpurple all due to insufficient validation of the return value
from purple_base64_decode(). Invalid or malformed data received in
place of a valid base64-encoded value in portions of the Yahoo!, MSN,
MySpaceIM, and XMPP protocol plugins and the NTLM authentication
support trigger a crash. These vulnerabilities can be leveraged by
a remote user for denial of service (CVE-2010-3711).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
This update provides pidgin 2.7.4, which is not vulnerable to this
issue.
-
A vulnerability in the GNU C library (glibc) was discovered which
could escalate the privilegies for local users (CVE-2010-3847).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
Advisories MDVA-2010:219: kdeplasma-addons
in Mandriva Security Advisories
Posted · Report reply
It was discovered the kdeplasma-addons packages were not rebuilt
(relinked) against the libkdcraw.so.8 and libkexiv2.so.8 libraries
provided by kdegraphics4-4.3.5-0.7mdv2010.0. This advisory addresses
this problem.