-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
A vulnerability was discovered and corrected in ISC dhcp:
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before
4.2.0-P1 allows remote attackers to cause a denial of service (crash)
via a DHCPv6 packet containing a Relay-Forward message without an
address in the Relay-Forward link-address field (CVE-2010-3611).
The updated packages have been upgraded to 4.1.2 which is not
vulnerable to this issue.
-
A vulnerability was discovered and corrected in libmbfl (php):
* Fix bug #53273 (mb_strcut() returns garbage with the excessive
length parameter) (CVE-2010-4156).
The updated packages have been patched to correct these issues.
Update:
The MDVSA-2010:225 advisory used the wrong patch to address the
problem, however it did fix the issue. This advisory provides the
correct upstream patch.
-
A vulnerability was discovered and corrected in libmbfl (php):
* Fix bug #53273 (mb_strcut() returns garbage with the excessive
length parameter) (CVE-2010-4156).
The updated packages have been patched to correct these issues.
Update:
The MDVSA-2010:225 advisory used the wrong patch to address the
problem, however it did fix the issue. This advisory provides the
corect upstream patch.
-
A vulnerability was discovered and corrected in libmbfl (php):
* Fix bug #53273 (mb_strcut() returns garbage with the excessive
length parameter) (CVE-2010-4156).
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities were discovered and corrected in mysql:
* During evaluation of arguments to extreme-value functions (such
as LEAST() and GREATEST()), type errors did not propagate properly,
causing the server to crash (CVE-2010-3833).
* The server could crash after materializing a derived table that
required a temporary table for grouping (CVE-2010-3834).
* A user-variable assignment expression that is evaluated in a logical
expression context can be precalculated in a temporary table for GROUP
BY. However, when the expression value is used after creation of the
temporary table, it was re-evaluated, not read from the table and a
server crash resulted (CVE-2010-3835).
* Pre-evaluation of LIKE predicates during view preparation could
cause a server crash (CVE-2010-3836).
* GROUP_CONCAT() and WITH ROLLUP together could cause a server crash
(CVE-2010-3837).
* Queries could cause a server crash if the GREATEST() or LEAST()
function had a mixed list of numeric and LONGBLOB arguments, and
the result of such a function was processed using an intermediate
temporary table (CVE-2010-3838).
* Queries with nested joins could cause an infinite loop in the
server when used from stored procedures and prepared statements
(CVE-2010-3839).
* The PolyFromWKB() function could crash the server when improper
WKB data was passed to the function (CVE-2010-3840).
The updated packages have been patched to correct these issues.
-
A vulnerability was discovered and corrected in php:
A flaw in ext/xml/xml.c could cause a cross-site scripting (XSS)
vulnerability (CVE-2010-3870).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities were discovered and corrected in mysql:
* Joins involving a table with with a unique SET column could cause
a server crash (CVE-2010-3677).
* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash (CVE-2010-3680).
* The server could crash if there were alternate reads from two
indexes on a table using the HANDLER interface (CVE-2010-3681).
* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY
(SELECT ... WHERE ...) could cause a server crash (CVE-2010-3682).
* During evaluation of arguments to extreme-value functions (such
as LEAST() and GREATEST()), type errors did not propagate properly,
causing the server to crash (CVE-2010-3833).
* The server could crash after materializing a derived table that
required a temporary table for grouping (CVE-2010-3834).
* A user-variable assignment expression that is evaluated in a logical
expression context can be precalculated in a temporary table for GROUP
BY. However, when the expression value is used after creation of the
temporary table, it was re-evaluated, not read from the table and a
server crash resulted (CVE-2010-3835).
* Pre-evaluation of LIKE predicates during view preparation could
cause a server crash (CVE-2010-3836).
* GROUP_CONCAT() and WITH ROLLUP together could cause a server crash
(CVE-2010-3837).
* Queries could cause a server crash if the GREATEST() or LEAST()
function had a mixed list of numeric and LONGBLOB arguments, and
the result of such a function was processed using an intermediate
temporary table (CVE-2010-3838).
* Queries with nested joins could cause an infinite loop in the
server when used from stored procedures and prepared statements
(CVE-2010-3839).
* The PolyFromWKB() function could crash the server when improper
WKB data was passed to the function (CVE-2010-3840).
Additionally the default behaviour of using the mysqlmanager instead
of the mysqld_safe script has been reverted in the SysV init script
because of instability issues with the mysqlmanager.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to mysql 5.0.91 and patched
to correct these issues.
-
Multiple vulnerabilities has been found and corrected in mysql:
MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash
and database loss) via an ALTER DATABASE command with a #mysql50#
string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
causes MySQL to move certain directories to the server data directory
(CVE-2010-2008).
Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as:
* LOAD DATA INFILE did not check for SQL errors and sent an OK packet
even when errors were already reported. Also, an assert related to
client-server protocol checking in debug servers sometimes was raised
when it should not have been. (Bug#52512) (CVE-2010-3683)
* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER
BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)
(CVE-2010-3682)
* The server could crash if there were alternate reads from two indexes
on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)
* A malformed argument to the BINLOG statement could result in Valgrind
warnings or a server crash. (Bug#54393) (CVE-2010-3679)
* Incorrect handling of NULL arguments could lead to a crash for IN()
or CASE operations when NULL arguments were either passed explicitly
as arguments (for IN()) or implicitly generated by the WITH ROLLUP
modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)
* Joins involving a table with with a unique SET column could cause
a server crash. (Bug#54575) (CVE-2010-3677)
* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash. (Bug#54044) (CVE-2010-3680)
The updated packages have been patched to correct these issues.
Update:
Packages for 2009.1 was not provided with the MDVSA-2010:155
advisory. This advisory provides the missing packages.
-
Multiple vulnerabilities was discovered and corrected in the
OpenOffice.org:
Integer overflow allows remote attackers to execute arbitrary code
via a crafted XPM file that triggers a heap-based buffer overflow
(CVE-2009-2949).
Heap-based buffer overflow allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a crafted GIF file, related to LZW decompression (CVE-2009-2950).
Integer underflow allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
a crafted sprmTDefTable table property modifier in a Word document
(CVE-2009-3301).
boundary error flaw allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
a crafted sprmTSetBrc table property modifier in a Word document
(CVE-2009-3302).
Lack of properly enforcing Visual Basic for Applications (VBA) macro
security settings, which allows remote attackers to run arbitrary
macros via a crafted document (CVE-2010-0136).
User-assisted remote attackers are able to bypass Python macro
security restrictions and execute arbitrary Python code via a crafted
OpenDocument Text (ODT) file that triggers code execution when the
macro directory structure is previewed (CVE-2010-0395).
Impress module does not properly handle integer values associated
with dictionary property items, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PowerPoint document that triggers a
heap-based buffer overflow, related to an integer truncation error
(CVE-2010-2935).
Integer overflow in the Impress allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via crafted polygons in a PowerPoint document that triggers a
heap-based buffer overflow (CVE-2010-2936).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
This update provides OpenOffice.org packages have been patched to
correct these issues and additional dependent packages.
-
It was discovered the kdeplasma-addons packages were not rebuilt
(relinked) against the libkdcraw.so.8 and libkexiv2.so.8 libraries
provided by kdegraphics4-4.3.5-0.7mdv2010.0. This advisory addresses
this problem.
-
It was discovered the kipi-plugins packages were not rebuilt (relinked)
against the libkdcraw.so.8 and libkexiv2.so.8 libraries provided by
kdegraphics4-4.3.5-0.7mdv2010.0. This advisory addresses this problem.
-
This is a maintenance and bugfix release of sudo which upgrades sudo
to the latest 1.7.4p4 version.
-
Multiple vulnerabilities were discovered and corrected in pam:
The pam_xauth module did not verify the return values of the setuid()
and setgid() system calls. A local, unprivileged user could use this
flaw to execute the xauth command with root privileges and make it
read an arbitrary input file (CVE-2010-3316).
The pam_mail module used root privileges while accessing users'
files. In certain configurations, a local, unprivileged user could
use this flaw to obtain limited information about files or directories
that they do not have access to (CVE-2010-3435).
The pam_namespace module executed the external script namespace.init
with an unchanged environment inherited from an application calling
PAM. In cases where such an environment was untrusted (for example,
when pam_namespace was configured for setuid applications such as su
or sudo), a local, unprivileged user could possibly use this flaw to
escalate their privileges (CVE-2010-3853).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
A vulnerability was discovered and corrected in krb5:
The merge_authdata function in kdc_authdata.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does
not properly manage an index into an authorization-data list, which
allows remote attackers to cause a denial of service (daemon crash),
or possibly obtain sensitive information, spoof authorization,
or execute arbitrary code, via a TGS request, as demonstrated by a
request from a Windows Active Directory client (CVE-2010-1322).
The updated packages have been patched to correct this issue.
Update:
Update packages for MES5 were missing with the MDVSA-2010:202
advisory. This advisory provides the update packages.
-
the only real way to tell is to download (from a trusted location) chkrootkit and run it
Do not trust an already existing chkrootkit installation.
let chkrootkit report to you, then post the results here.
-
A security issue was identified and fixed in mozilla-thunderbird:
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14
and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote
attackers to execute arbitrary code via unknown vectors, as exploited
in the wild in October 2010 by the Belmoo malware (CVE-2010-3765).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
Multiple vulnerabilities were discovered and corrected in php:
Stack consumption vulnerability in the filter_var function in PHP 5.2.x
through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL
mode is used, allows remote attackers to cause a denial of service
(memory consumption and application crash) via a long e-mail address
string (CVE-2010-3710).
A NULL pointer dereference was discovered in
ZipArchive::getArchiveComment (CVE-2010-3709).
A possible flaw was discovered in open_basedir (CVE-2010-3436).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities was discovered and corrected in dovecot:
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin
permission to the owner of each mailbox in a non-public namespace,
which might allow remote authenticated users to bypass intended access
restrictions by changing the ACL of a mailbox, as demonstrated by a
symlinked shared mailbox (CVE-2010-3779).
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to
cause a denial of service (master process outage) by simultaneously
disconnecting many (1) IMAP or (2) POP3 sessions (CVE-2010-3780).
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to
newly created mailboxes in certain configurations, which might allow
remote attackers to read mailboxes that have unintended weak ACLs
(CVE-2010-3304).
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and 2.0.x before 2.0.5 interprets an ACL entry as a directive to
add to the permissions granted by another ACL entry, instead of a
directive to replace the permissions granted by another ACL entry,
in certain circumstances involving the private namespace of a user,
which allows remote authenticated users to bypass intended access
restrictions via a request to read or modify a mailbox (CVE-2010-3706).
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and
2.0.x before 2.0.5 interprets an ACL entry as a directive to add to
the permissions granted by another ACL entry, instead of a directive
to replace the permissions granted by another ACL entry, in certain
circumstances involving more specific entries that occur after less
specific entries, which allows remote authenticated users to bypass
intended access restrictions via a request to read or modify a mailbox
(CVE-2010-3707).
This advisory provides dovecot 1.2.15 which is not vulnerable to
these issues
-
Multiple vulnerabilities was discovered and corrected in python:
The asyncore module in Python before 3.2 does not properly handle
unsuccessful calls to the accept function, and does not have
accompanying documentation describing how daemon applications should
handle unsuccessful calls to the accept function, which makes it
easier for remote attackers to conduct denial of service attacks that
terminate these applications via network connections (CVE-2010-3492).
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of
service (daemon outage) by establishing and then immediately closing
a TCP connection, leading to the accept function having an unexpected
return value of None, an unexpected value of None for the address,
or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername
function having an ENOTCONN error, a related issue to CVE-2010-3492
(CVE-2010-3493).
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities was discovered and corrected in python:
Buffer underflow in the rgbimg module in Python 2.5 allows remote
attackers to cause a denial of service (application crash) via a large
ZSIZE value in a black-and-white (aka B/W) RGB image that triggers
an invalid pointer dereference (CVE-2009-4134).
Integer overflow in rgbimgmodule.c in the rgbimg module in Python
2.5 allows remote attackers to have an unspecified impact via a large
image that triggers a buffer overflow. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449).
Multiple buffer overflows in the RLE decoder in the rgbimg module in
Python 2.5 allow remote attackers to have an unspecified impact via an
image file containing crafted data that triggers improper processing
within the (1) longimagedata or (2) expandrow function (CVE-2010-1450).
The asyncore module in Python before 3.2 does not properly handle
unsuccessful calls to the accept function, and does not have
accompanying documentation describing how daemon applications should
handle unsuccessful calls to the accept function, which makes it
easier for remote attackers to conduct denial of service attacks that
terminate these applications via network connections (CVE-2010-3492).
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of
service (daemon outage) by establishing and then immediately closing
a TCP connection, leading to the accept function having an unexpected
return value of None, an unexpected value of None for the address,
or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername
function having an ENOTCONN error, a related issue to CVE-2010-3492
(CVE-2010-3493).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
A vulnerability in Linux kernel caused by insecure allocation of user
space memory when translating system call inputs to 64-bit. A stack
pointer underflow can occur when using the compat_alloc_user_space
method with an arbitrary length input. (CVE-2010-3081)
To update your kernel, please follow the directions located at:
-
It was discovered that the gjs packages wasn't rebuilt for the latest
xulrunner version, this advisory fixes the problem.
-
A vulnerability was discovered and corrected in xulrunner:
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14
and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote
attackers to execute arbitrary code via unknown vectors, as exploited
in the wild in October 2010 by the Belmoo malware (CVE-2010-3765).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
The gkrellm package shipped in 2010.0 and 2010.1 was build without
libsensor support, preventing the usage of hardware sensors in some
cases, as reported in bug #55400.
Advisories MDVA-2010:221: postgresql
in Mandriva Security Advisories
Posted
A dependency problem with the postgresql packages was discovered
which under certain circumstances prevented a smooth upgrade. This
advisory addresses this problem.