paul
-
Posts
5611 -
Joined
-
Last visited
-
Days Won
8
Content Type
Profiles
Forums
Events
Posts posted by paul
-
-
This update fixes several major issues in perl-URPM:
- it fixes a crash in rpmdrake (#40309, #54521)
- it fixes a segfault in rpmdrake & urpmi on 32bit machines (#61144)
-
This is a bugfix release that upgrades clamav to the latest version
(0.96.4).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
-
The install of mailman failed because of a problem in the rpm scripts,
additionally the logrotation script was fixed.
-
A vulnerability in the GNU C library (glibc) was discovered which
could escalate the privilegies for local users (CVE-2010-3856).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
Security issues were identified and fixed in mozilla-thunderbird:
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via
a brute-force attack (CVE-2010-3173).
Unspecified vulnerability in the browser engine in Mozilla Firefox
3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before
2.0.9 allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do
not properly handle certain modal calls made by javascript: URLs
in circumstances related to opening a new window and performing
cross-domain navigation, which allows remote attackers to bypass the
Same Origin Policy via a crafted HTML document (CVE-2010-3178).
Stack-based buffer overflow in the text-rendering functionality in
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a long argument to the
document.write method (CVE-2010-3179).
Use-after-free vulnerability in the nsBarProp function in Mozilla
Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote
attackers to execute arbitrary code by accessing the locationbar
property of a closed window (CVE-2010-3180).
A certain application-launch script in Mozilla Firefox before 3.5.14
and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3182).
The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x
before 3.1.5, and SeaMonkey before 2.0.9 does not properly support
window.__lookupGetter__ function calls that lack arguments, which
allows remote attackers to execute arbitrary code or cause a denial
of service (incorrect pointer dereference and application crash)
via a crafted HTML document (CVE-2010-3183).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
Security issues were identified and fixed in firefox:
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
recognize a wildcard IP address in the subject's Common Name field of
an X.509 certificate, which might allow man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by
a legitimate Certification Authority (CVE-2010-3170).
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via
a brute-force attack (CVE-2010-3173).
Unspecified vulnerability in the browser engine in Mozilla Firefox
3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before
2.0.9 allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher
parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and
SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary
web script or HTML via a crafted name of a (1) file or (2) directory
on a Gopher server (CVE-2010-3177).
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do
not properly handle certain modal calls made by javascript: URLs
in circumstances related to opening a new window and performing
cross-domain navigation, which allows remote attackers to bypass the
Same Origin Policy via a crafted HTML document (CVE-2010-3178).
Stack-based buffer overflow in the text-rendering functionality in
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a long argument to the
document.write method (CVE-2010-3179).
Use-after-free vulnerability in the nsBarProp function in Mozilla
Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote
attackers to execute arbitrary code by accessing the locationbar
property of a closed window (CVE-2010-3180).
A certain application-launch script in Mozilla Firefox before 3.5.14
and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3182).
The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x
before 3.1.5, and SeaMonkey before 2.0.9 does not properly support
window.__lookupGetter__ function calls that lack arguments, which
allows remote attackers to execute arbitrary code or cause a denial
of service (incorrect pointer dereference and application crash)
via a crafted HTML document (CVE-2010-3183).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates. The NSS and SQLite3 packages has been
upgraded to the latest versions.
-
A buffer overflow was discovered in libsmi when long OID was given
in numerical form. This could lead to arbitraty code execution
(CVE-2010-2891).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A security vulnerability has been identified and fixed in pidgin:
It has been discovered that eight denial of service conditions exist
in libpurple all due to insufficient validation of the return value
from purple_base64_decode(). Invalid or malformed data received in
place of a valid base64-encoded value in portions of the Yahoo!, MSN,
MySpaceIM, and XMPP protocol plugins and the NTLM authentication
support trigger a crash. These vulnerabilities can be leveraged by
a remote user for denial of service (CVE-2010-3711).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
This update provides pidgin 2.7.4, which is not vulnerable to this
issue.
-
A vulnerability in the GNU C library (glibc) was discovered which
could escalate the privilegies for local users (CVE-2010-3847).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A vulnerability was discovered and corrected in freeciv:
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to
read arbitrary files or execute arbitrary commands via scenario
that contains Lua functionality, related to the (1) os, (2) io, (3)
package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)
require modules or functions (CVE-2010-2445).
The updated packages have been upgraded to v2.2.1 which is not
vulnerable to this issue.
-
A vulnerability was discovered and corrected in avahi:
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon
in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial
of service (assertion failure and daemon exit) via a DNS packet with
an invalid checksum followed by a DNS packet with a valid checksum,
a different vulnerability than CVE-2008-5081 (CVE-2010-2244).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A vulnerability was discovered and corrected in automake:
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3,
and release branches branch-1-4 through branch-1-9, when producing a
distribution tarball for a package that uses Automake, assign insecure
permissions (777) to directories in the build tree, which introduces
a race condition that allows local users to modify the contents of
package files, introduce Trojan horse programs, or conduct other
attacks before the build is complete (CVE-2009-4029).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A vulnerability was discovered and corrected in krb5:
The merge_authdata function in kdc_authdata.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does
not properly manage an index into an authorization-data list, which
allows remote attackers to cause a denial of service (daemon crash),
or possibly obtain sensitive information, spoof authorization,
or execute arbitrary code, via a TGS request, as demonstrated by a
request from a Windows Active Directory client (CVE-2010-1322).
The updated packages have been patched to correct this issue.
-
A vulnerability was discovered and corrected in freetype2:
Marc Schoenefeld found an input stream position error in the way
FreeType font rendering engine processed input file streams. If
a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code (integer
overflow leading to heap-based buffer overflow in the libXft library)
with the privileges of the user running the application. Different
vulnerability than CVE-2010-1797 (CVE-2010-3311).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
It was discovered that the ASN.1 BER dissector in wireshark was
susceptible to a stack overflow (CVE-2010-3445).
For 2010.0 and 2010.1 wireshark was upgraded to v1.2.12 which is not
vulnerable to this issue and was patched for CS4 and MES5 to resolve
the vulnerability.
-
A vulnerability was discovered and corrected in subversion:
authz.c in the mod_dav_svn module for the Apache HTTP Server,
as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x
before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not
properly handle a named repository as a rule scope, which allows
remote authenticated users to bypass intended access restrictions
via svn commands (CVE-2010-3315).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
This update provides the latest stable wine. MDV2010.1 provided a
release candidate of wine (1.2.0-rc4). This update pushes all the
fixes accumulated between 1.2.0-rc4 and final 1.2.0).
For further information, read:
* http://www.winehq.org/announce/1.2
* http://www.winehq.org/announce/1.2-rc7
* http://www.winehq.org/announce/1.2-rc6
* http://www.winehq.org/announce/1.2-rc5
Special thanks to Diogo Travassos and his Mandriva based lan house
for it's tests on this update candidate.
-
- fix weird comma in init script output
- Typo in init script
-
The documentation has been updated:
- Mandriva Directory Server: Authentication on workstations added
-
The heartbeat package in the 2010.0 release had wrong permissions
and ownership for /usr/bin/cl_status this prevented it from working
correctly. Also when peers were outdated heartbeat didn't failover
gracefully. This update fixes both these issues.
Update:
Packages for 2009.0 and MES5 were missing with the MDVA-2010:160
advisory. This advisory provides the missing packages
-
A problem has been discovered with cyrus-imapd 2.3.15 on Mandriva
2010 Spring, in handling the IMAP COMPRESS option.
Cyrus imapd 2.3.15 implements the IMAP COMPRESS option, in order
to compress data between the imap server and clients that support
this option, eg. Thunderbird 3. A problem has been discovered in the
implementation which causes the inability to upload large messages
to the imap server.
-
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always
follow NFS automount symlinks, which allows attackers to have an
unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem
in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9
does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure
members, which might allow local users to obtain sensitive information
from kernel memory via unspecified vectors. (CVE-2009-3228)
The do_pages_move function in mm/migrate.c in the Linux kernel before
2.6.33-rc7 does not validate node values, which allows local users
to read arbitrary kernel memory locations, cause a denial of service
(OOPS), and possibly have unspecified other impact by specifying a
node that is not part of the kernel node set. (CVE-2010-0415)
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
state initialization, which allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly gain
privileges via unspecified ioctl calls. (CVE-2009-3620)
The wake_futex_pi function in kernel/futex.c in the Linux kernel
before 2.6.33-rc7 does not properly handle certain unlock operations
for a Priority Inheritance (PI) futex, which allows local users to
cause a denial of service (OOPS) and possibly have unspecified other
impact via vectors involving modification of the futex value from
user space. (CVE-2010-0622)
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel
2.6 before 2.6.30, when running on x86 systems, does not validate
the page table root in a KVM_SET_SREGS call, which allows local
users to cause a denial of service (crash or hang) via a crafted cr3
value, which triggers a NULL pointer dereference in the gfn_to_rmap
function. (CVE-2009-2287)
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem
in the Linux kernel before 2.6.31.1 does not properly verify the
Current Privilege Level (CPL) before accessing a debug register,
which allows guest OS users to cause a denial of service (trap)
on the host OS via a crafted application. (CVE-2009-3722)
The ext4_decode_error function in fs/ext4/super.c in the ext4
filesystem in the Linux kernel before 2.6.32 allows user-assisted
remote attackers to cause a denial of service (NULL pointer
dereference), and possibly have unspecified other impact, via a
crafted read-only filesystem that lacks a journal. (CVE-2009-4308)
The eisa_eeprom_read function in the parisc isa-eeprom component
(drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6
allows local users to access restricted memory via a negative ppos
argument, which bypasses a check that assumes that ppos is positive
and causes an out-of-bounds read in the readb function. (CVE-2009-2846)
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the
XDR implementation in the NFS server in the Linux kernel before
2.6.34-rc6 allow remote attackers to cause a denial of service (panic)
or possibly execute arbitrary code via a crafted NFSv4 compound
WRITE request, related to the read_buf and nfsd4_decode_compound
functions. (CVE-2010-2521)
mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict
overcommit is enabled and CONFIG_SECURITY is disabled, does not
properly handle the export of shmemfs objects by knfsd, which allows
attackers to cause a denial of service (NULL pointer dereference and
knfsd crash) or possibly have unspecified other impact via unknown
vectors. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2010-1643. (CVE-2008-7256)
The release_one_tty function in drivers/char/tty_io.c in the
Linux kernel before 2.6.34-rc4 omits certain required calls to the
put_pid function, which has unspecified impact and local attack
vectors. (CVE-2010-1162)
mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict
overcommit is enabled, does not properly handle the export of shmemfs
objects by knfsd, which allows attackers to cause a denial of service
(NULL pointer dereference and knfsd crash) or possibly have unspecified
other impact via unknown vectors. (CVE-2010-1643)
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c
in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled,
allows remote attackers to cause a denial of service (system crash)
via an SCTPChunkInit packet containing multiple invalid parameters
that require a large amount of error data. (CVE-2010-1173)
The Transparent Inter-Process Communication (TIPC) functionality in
Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions,
allows local users to cause a denial of service (kernel OOPS) by
sending datagrams through AF_TIPC before entering network mode,
which triggers a NULL pointer dereference. (CVE-2010-1187)
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c
in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled,
allows remote attackers to cause a denial of service (system crash)
via an SCTPChunkInit packet containing multiple invalid parameters
that require a large amount of error data. (CVE-2010-1173)
fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel
before 2.6.34-rc4 allows remote attackers to cause a denial of service
(panic) via an SMB response packet with an invalid CountHigh value,
as demonstrated by a response from an OS/2 server, related to the
CIFSSMBWrite and CIFSSMBWrite2 functions. (CVE-2010-2248)
Buffer overflow in the ecryptfs_uid_hash macro in
fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux
kernel before 2.6.35 might allow local users to gain privileges
or cause a denial of service (system crash) via unspecified
vectors. (CVE-2010-2492)
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel
before 2.6.35 does not properly check the file descriptors passed
to the SWAPEXT ioctl, which allows local users to leverage write
access and obtain read access by swapping one file into another
file. (CVE-2010-2226)
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux
kernel before 2.6.35 uses an incorrect size value in calculations
associated with sentinel directory entries, which allows local
users to cause a denial of service (NULL pointer dereference and
panic) and possibly have unspecified other impact by renaming a
file in a GFS2 filesystem, related to the gfs2_rename function in
fs/gfs2/ops_inode.c. (CVE-2010-2798)
The do_anonymous_page function in mm/memory.c in the Linux kernel
before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4,
and 2.6.35.x before 2.6.35.2 does not properly separate the stack
and the heap, which allows context-dependent attackers to execute
arbitrary code by writing to the bottom page of a shared memory
segment, as demonstrated by a memory-exhaustion attack against the
X.Org X server. (CVE-2010-2240)
The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct
Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53,
2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x
before 2.6.35.4 allows local users to obtain potentially sensitive
information from kernel memory by requesting a large memory-allocation
amount. (CVE-2010-2803)
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN)
implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before
2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4
allows attackers to execute arbitrary code or cause a denial of service
(system crash) via crafted CAN traffic. (CVE-2010-2959)
Double free vulnerability in the snd_seq_oss_open function
in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before
2.6.36-rc4 might allow local users to cause a denial of service or
possibly have unspecified other impact via an unsuccessful attempt
to open the /dev/sequencer device. (CVE-2010-3080)
A vulnerability in Linux kernel caused by insecure allocation of user
space memory when translating system call inputs to 64-bit. A stack
pointer underflow can occur when using the compat_alloc_user_space
method with an arbitrary length input. (CVE-2010-3081)
The IA32 system call emulation functionality in
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2
on the x86_64 platform does not zero extend the %eax register after
the 32-bit entry path to ptrace is used, which allows local users to
gain privileges by triggering an out-of-bounds access to the system
call table using the %rax register. NOTE: this vulnerability exists
because of a CVE-2007-4573 regression. (CVE-2010-3301)
To update your kernel, please follow the directions located at:
-
Fix bad return code of urpmi.addmedia --distrib if it fails.
-
in /etc/sysconfig/mailgraph, MAILGRAPH_MAIL_LOG should be
/var/log/mail/info.log instead of /var/log/mail/info
Advisories MDVA-2010:215: libgpod
in Mandriva Security Advisories
Posted
libgpod as shipped with Mandriva 2010.1 does not have support for HAL,
the Hardware Abstraction Layer anymore. This is still needed for iPod
support in KDE, so the update reenables HAL support.