Jump to content

paul

Admin
  • Content Count

    5599
  • Joined

  • Last visited

  • Days Won

    6

Posts posted by paul


  1. Multiple vulnerabilities were discovered and corrected in pam:

     

    The pam_xauth module did not verify the return values of the setuid()

    and setgid() system calls. A local, unprivileged user could use this

    flaw to execute the xauth command with root privileges and make it

    read an arbitrary input file (CVE-2010-3316).

     

    The pam_mail module used root privileges while accessing users'

    files. In certain configurations, a local, unprivileged user could

    use this flaw to obtain limited information about files or directories

    that they do not have access to (CVE-2010-3435).

     

    The pam_namespace module executed the external script namespace.init

    with an unchanged environment inherited from an application calling

    PAM. In cases where such an environment was untrusted (for example,

    when pam_namespace was configured for setuid applications such as su

    or sudo), a local, unprivileged user could possibly use this flaw to

    escalate their privileges (CVE-2010-3853).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  2. A vulnerability was discovered and corrected in krb5:

     

    The merge_authdata function in kdc_authdata.c in the Key Distribution

    Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does

    not properly manage an index into an authorization-data list, which

    allows remote attackers to cause a denial of service (daemon crash),

    or possibly obtain sensitive information, spoof authorization,

    or execute arbitrary code, via a TGS request, as demonstrated by a

    request from a Windows Active Directory client (CVE-2010-1322).

     

    The updated packages have been patched to correct this issue.

     

    Update:

     

    Update packages for MES5 were missing with the MDVSA-2010:202

    advisory. This advisory provides the update packages.


  3. A security issue was identified and fixed in mozilla-thunderbird:

     

    Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14

    and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote

    attackers to execute arbitrary code via unknown vectors, as exploited

    in the wild in October 2010 by the Belmoo malware (CVE-2010-3765).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.


  4. Multiple vulnerabilities were discovered and corrected in php:

     

    Stack consumption vulnerability in the filter_var function in PHP 5.2.x

    through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL

    mode is used, allows remote attackers to cause a denial of service

    (memory consumption and application crash) via a long e-mail address

    string (CVE-2010-3710).

     

    A NULL pointer dereference was discovered in

    ZipArchive::getArchiveComment (CVE-2010-3709).

     

    A possible flaw was discovered in open_basedir (CVE-2010-3436).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  5. Multiple vulnerabilities was discovered and corrected in dovecot:

     

    Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin

    permission to the owner of each mailbox in a non-public namespace,

    which might allow remote authenticated users to bypass intended access

    restrictions by changing the ACL of a mailbox, as demonstrated by a

    symlinked shared mailbox (CVE-2010-3779).

     

    Dovecot 1.2.x before 1.2.15 allows remote authenticated users to

    cause a denial of service (master process outage) by simultaneously

    disconnecting many (1) IMAP or (2) POP3 sessions (CVE-2010-3780).

     

    The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to

    newly created mailboxes in certain configurations, which might allow

    remote attackers to read mailboxes that have unintended weak ACLs

    (CVE-2010-3304).

     

    plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15

    and 2.0.x before 2.0.5 interprets an ACL entry as a directive to

    add to the permissions granted by another ACL entry, instead of a

    directive to replace the permissions granted by another ACL entry,

    in certain circumstances involving the private namespace of a user,

    which allows remote authenticated users to bypass intended access

    restrictions via a request to read or modify a mailbox (CVE-2010-3706).

     

    plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and

    2.0.x before 2.0.5 interprets an ACL entry as a directive to add to

    the permissions granted by another ACL entry, instead of a directive

    to replace the permissions granted by another ACL entry, in certain

    circumstances involving more specific entries that occur after less

    specific entries, which allows remote authenticated users to bypass

    intended access restrictions via a request to read or modify a mailbox

    (CVE-2010-3707).

     

    This advisory provides dovecot 1.2.15 which is not vulnerable to

    these issues


  6. Multiple vulnerabilities was discovered and corrected in python:

     

    The asyncore module in Python before 3.2 does not properly handle

    unsuccessful calls to the accept function, and does not have

    accompanying documentation describing how daemon applications should

    handle unsuccessful calls to the accept function, which makes it

    easier for remote attackers to conduct denial of service attacks that

    terminate these applications via network connections (CVE-2010-3492).

     

    Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,

    2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of

    service (daemon outage) by establishing and then immediately closing

    a TCP connection, leading to the accept function having an unexpected

    return value of None, an unexpected value of None for the address,

    or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername

    function having an ENOTCONN error, a related issue to CVE-2010-3492

    (CVE-2010-3493).

     

    The updated packages have been patched to correct these issues.


  7. Multiple vulnerabilities was discovered and corrected in python:

     

    Buffer underflow in the rgbimg module in Python 2.5 allows remote

    attackers to cause a denial of service (application crash) via a large

    ZSIZE value in a black-and-white (aka B/W) RGB image that triggers

    an invalid pointer dereference (CVE-2009-4134).

     

    Integer overflow in rgbimgmodule.c in the rgbimg module in Python

    2.5 allows remote attackers to have an unspecified impact via a large

    image that triggers a buffer overflow. NOTE: this vulnerability exists

    because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449).

     

    Multiple buffer overflows in the RLE decoder in the rgbimg module in

    Python 2.5 allow remote attackers to have an unspecified impact via an

    image file containing crafted data that triggers improper processing

    within the (1) longimagedata or (2) expandrow function (CVE-2010-1450).

     

    The asyncore module in Python before 3.2 does not properly handle

    unsuccessful calls to the accept function, and does not have

    accompanying documentation describing how daemon applications should

    handle unsuccessful calls to the accept function, which makes it

    easier for remote attackers to conduct denial of service attacks that

    terminate these applications via network connections (CVE-2010-3492).

     

    Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,

    2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of

    service (daemon outage) by establishing and then immediately closing

    a TCP connection, leading to the accept function having an unexpected

    return value of None, an unexpected value of None for the address,

    or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername

    function having an ENOTCONN error, a related issue to CVE-2010-3492

    (CVE-2010-3493).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  8. A vulnerability was discovered and corrected in the Linux 2.6 kernel:

     

    A vulnerability in Linux kernel caused by insecure allocation of user

    space memory when translating system call inputs to 64-bit. A stack

    pointer underflow can occur when using the compat_alloc_user_space

    method with an arbitrary length input. (CVE-2010-3081)

     

    To update your kernel, please follow the directions located at:

     

    http://www.mandriva.com/en/security/kernelupdate


  9. A vulnerability was discovered and corrected in xulrunner:

     

    Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14

    and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote

    attackers to execute arbitrary code via unknown vectors, as exploited

    in the wild in October 2010 by the Belmoo malware (CVE-2010-3765).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  10. Security issues were identified and fixed in mozilla-thunderbird:

     

    The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x

    before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and

    SeaMonkey before 2.0.9 does not properly set the minimum key length

    for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for

    remote attackers to defeat cryptographic protection mechanisms via

    a brute-force attack (CVE-2010-3173).

     

    Unspecified vulnerability in the browser engine in Mozilla Firefox

    3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before

    2.0.9 allows remote attackers to cause a denial of service (memory

    corruption and application crash) or possibly execute arbitrary code

    via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).

     

    Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird

    before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do

    not properly handle certain modal calls made by javascript: URLs

    in circumstances related to opening a new window and performing

    cross-domain navigation, which allows remote attackers to bypass the

    Same Origin Policy via a crafted HTML document (CVE-2010-3178).

     

    Stack-based buffer overflow in the text-rendering functionality in

    Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird

    before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows

    remote attackers to execute arbitrary code or cause a denial of service

    (memory corruption and application crash) via a long argument to the

    document.write method (CVE-2010-3179).

     

    Use-after-free vulnerability in the nsBarProp function in Mozilla

    Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before

    3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote

    attackers to execute arbitrary code by accessing the locationbar

    property of a closed window (CVE-2010-3180).

     

    A certain application-launch script in Mozilla Firefox before 3.5.14

    and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before

    3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length

    directory name in the LD_LIBRARY_PATH, which allows local users to

    gain privileges via a Trojan horse shared library in the current

    working directory (CVE-2010-3182).

     

    The LookupGetterOrSetter function in Mozilla Firefox before

    3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x

    before 3.1.5, and SeaMonkey before 2.0.9 does not properly support

    window.__lookupGetter__ function calls that lack arguments, which

    allows remote attackers to execute arbitrary code or cause a denial

    of service (incorrect pointer dereference and application crash)

    via a crafted HTML document (CVE-2010-3183).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.


  11. Security issues were identified and fixed in firefox:

     

    Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird

    before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9

    recognize a wildcard IP address in the subject's Common Name field of

    an X.509 certificate, which might allow man-in-the-middle attackers

    to spoof arbitrary SSL servers via a crafted certificate issued by

    a legitimate Certification Authority (CVE-2010-3170).

     

    The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x

    before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and

    SeaMonkey before 2.0.9 does not properly set the minimum key length

    for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for

    remote attackers to defeat cryptographic protection mechanisms via

    a brute-force attack (CVE-2010-3173).

     

    Unspecified vulnerability in the browser engine in Mozilla Firefox

    3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before

    2.0.9 allows remote attackers to cause a denial of service (memory

    corruption and application crash) or possibly execute arbitrary code

    via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).

     

    Multiple cross-site scripting (XSS) vulnerabilities in the Gopher

    parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and

    SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary

    web script or HTML via a crafted name of a (1) file or (2) directory

    on a Gopher server (CVE-2010-3177).

     

    Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird

    before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do

    not properly handle certain modal calls made by javascript: URLs

    in circumstances related to opening a new window and performing

    cross-domain navigation, which allows remote attackers to bypass the

    Same Origin Policy via a crafted HTML document (CVE-2010-3178).

     

    Stack-based buffer overflow in the text-rendering functionality in

    Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird

    before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows

    remote attackers to execute arbitrary code or cause a denial of service

    (memory corruption and application crash) via a long argument to the

    document.write method (CVE-2010-3179).

     

    Use-after-free vulnerability in the nsBarProp function in Mozilla

    Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before

    3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote

    attackers to execute arbitrary code by accessing the locationbar

    property of a closed window (CVE-2010-3180).

     

    A certain application-launch script in Mozilla Firefox before 3.5.14

    and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before

    3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length

    directory name in the LD_LIBRARY_PATH, which allows local users to

    gain privileges via a Trojan horse shared library in the current

    working directory (CVE-2010-3182).

     

    The LookupGetterOrSetter function in Mozilla Firefox before

    3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x

    before 3.1.5, and SeaMonkey before 2.0.9 does not properly support

    window.__lookupGetter__ function calls that lack arguments, which

    allows remote attackers to execute arbitrary code or cause a denial

    of service (incorrect pointer dereference and application crash)

    via a crafted HTML document (CVE-2010-3183).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates. The NSS and SQLite3 packages has been

    upgraded to the latest versions.


  12. A buffer overflow was discovered in libsmi when long OID was given

    in numerical form. This could lead to arbitraty code execution

    (CVE-2010-2891).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  13. A security vulnerability has been identified and fixed in pidgin:

     

    It has been discovered that eight denial of service conditions exist

    in libpurple all due to insufficient validation of the return value

    from purple_base64_decode(). Invalid or malformed data received in

    place of a valid base64-encoded value in portions of the Yahoo!, MSN,

    MySpaceIM, and XMPP protocol plugins and the NTLM authentication

    support trigger a crash. These vulnerabilities can be leveraged by

    a remote user for denial of service (CVE-2010-3711).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    This update provides pidgin 2.7.4, which is not vulnerable to this

    issue.

×
×
  • Create New...