Jump to content

paul

Admin
  • Content Count

    5599
  • Joined

  • Last visited

  • Days Won

    6

Posts posted by paul


  1. A vulnerability was discovered and corrected in freeciv:

     

    freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to

    read arbitrary files or execute arbitrary commands via scenario

    that contains Lua functionality, related to the (1) os, (2) io, (3)

    package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)

    require modules or functions (CVE-2010-2445).

     

    The updated packages have been upgraded to v2.2.1 which is not

    vulnerable to this issue.


  2. A vulnerability was discovered and corrected in avahi:

     

    The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon

    in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial

    of service (assertion failure and daemon exit) via a DNS packet with

    an invalid checksum followed by a DNS packet with a valid checksum,

    a different vulnerability than CVE-2008-5081 (CVE-2010-2244).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  3. A vulnerability was discovered and corrected in automake:

     

    The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3,

    and release branches branch-1-4 through branch-1-9, when producing a

    distribution tarball for a package that uses Automake, assign insecure

    permissions (777) to directories in the build tree, which introduces

    a race condition that allows local users to modify the contents of

    package files, introduce Trojan horse programs, or conduct other

    attacks before the build is complete (CVE-2009-4029).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  4. A vulnerability was discovered and corrected in krb5:

     

    The merge_authdata function in kdc_authdata.c in the Key Distribution

    Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does

    not properly manage an index into an authorization-data list, which

    allows remote attackers to cause a denial of service (daemon crash),

    or possibly obtain sensitive information, spoof authorization,

    or execute arbitrary code, via a TGS request, as demonstrated by a

    request from a Windows Active Directory client (CVE-2010-1322).

     

    The updated packages have been patched to correct this issue.


  5. A vulnerability was discovered and corrected in freetype2:

     

    Marc Schoenefeld found an input stream position error in the way

    FreeType font rendering engine processed input file streams. If

    a user loaded a specially-crafted font file with an application

    linked against FreeType and relevant font glyphs were subsequently

    rendered with the X FreeType library (libXft), it could cause the

    application to crash or, possibly execute arbitrary code (integer

    overflow leading to heap-based buffer overflow in the libXft library)

    with the privileges of the user running the application. Different

    vulnerability than CVE-2010-1797 (CVE-2010-3311).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  6. A vulnerability was discovered and corrected in subversion:

     

    authz.c in the mod_dav_svn module for the Apache HTTP Server,

    as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x

    before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not

    properly handle a named repository as a rule scope, which allows

    remote authenticated users to bypass intended access restrictions

    via svn commands (CVE-2010-3315).

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  7. This update provides the latest stable wine. MDV2010.1 provided a

    release candidate of wine (1.2.0-rc4). This update pushes all the

    fixes accumulated between 1.2.0-rc4 and final 1.2.0).

     

    For further information, read:

    * http://www.winehq.org/announce/1.2

    * http://www.winehq.org/announce/1.2-rc7

    * http://www.winehq.org/announce/1.2-rc6

    * http://www.winehq.org/announce/1.2-rc5

     

    Special thanks to Diogo Travassos and his Mandriva based lan house

    for it's tests on this update candidate.


  8. A problem has been discovered with cyrus-imapd 2.3.15 on Mandriva

    2010 Spring, in handling the IMAP COMPRESS option.

     

    Cyrus imapd 2.3.15 implements the IMAP COMPRESS option, in order

    to compress data between the imap server and clients that support

    this option, eg. Thunderbird 3. A problem has been discovered in the

    implementation which causes the inability to upload large messages

    to the imap server.


  9. Some vulnerabilities were discovered and corrected in the Linux

    2.6 kernel:

     

    fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always

    follow NFS automount symlinks, which allows attackers to have an

    unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)

     

    The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem

    in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9

    does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure

    members, which might allow local users to obtain sensitive information

    from kernel memory via unspecified vectors. (CVE-2009-3228)

     

    The do_pages_move function in mm/migrate.c in the Linux kernel before

    2.6.33-rc7 does not validate node values, which allows local users

    to read arbitrary kernel memory locations, cause a denial of service

    (OOPS), and possibly have unspecified other impact by specifying a

    node that is not part of the kernel node set. (CVE-2010-0415)

     

    The ATI Rage 128 (aka r128) driver in the Linux kernel before

    2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)

    state initialization, which allows local users to cause a denial of

    service (NULL pointer dereference and system crash) or possibly gain

    privileges via unspecified ioctl calls. (CVE-2009-3620)

     

    The wake_futex_pi function in kernel/futex.c in the Linux kernel

    before 2.6.33-rc7 does not properly handle certain unlock operations

    for a Priority Inheritance (PI) futex, which allows local users to

    cause a denial of service (OOPS) and possibly have unspecified other

    impact via vectors involving modification of the futex value from

    user space. (CVE-2010-0622)

     

    The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel

    2.6 before 2.6.30, when running on x86 systems, does not validate

    the page table root in a KVM_SET_SREGS call, which allows local

    users to cause a denial of service (crash or hang) via a crafted cr3

    value, which triggers a NULL pointer dereference in the gfn_to_rmap

    function. (CVE-2009-2287)

     

    The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem

    in the Linux kernel before 2.6.31.1 does not properly verify the

    Current Privilege Level (CPL) before accessing a debug register,

    which allows guest OS users to cause a denial of service (trap)

    on the host OS via a crafted application. (CVE-2009-3722)

     

    The ext4_decode_error function in fs/ext4/super.c in the ext4

    filesystem in the Linux kernel before 2.6.32 allows user-assisted

    remote attackers to cause a denial of service (NULL pointer

    dereference), and possibly have unspecified other impact, via a

    crafted read-only filesystem that lacks a journal. (CVE-2009-4308)

     

    The eisa_eeprom_read function in the parisc isa-eeprom component

    (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6

    allows local users to access restricted memory via a negative ppos

    argument, which bypasses a check that assumes that ppos is positive

    and causes an out-of-bounds read in the readb function. (CVE-2009-2846)

     

    Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the

    XDR implementation in the NFS server in the Linux kernel before

    2.6.34-rc6 allow remote attackers to cause a denial of service (panic)

    or possibly execute arbitrary code via a crafted NFSv4 compound

    WRITE request, related to the read_buf and nfsd4_decode_compound

    functions. (CVE-2010-2521)

     

    mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict

    overcommit is enabled and CONFIG_SECURITY is disabled, does not

    properly handle the export of shmemfs objects by knfsd, which allows

    attackers to cause a denial of service (NULL pointer dereference and

    knfsd crash) or possibly have unspecified other impact via unknown

    vectors. NOTE: this vulnerability exists because of an incomplete

    fix for CVE-2010-1643. (CVE-2008-7256)

     

    The release_one_tty function in drivers/char/tty_io.c in the

    Linux kernel before 2.6.34-rc4 omits certain required calls to the

    put_pid function, which has unspecified impact and local attack

    vectors. (CVE-2010-1162)

     

    mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict

    overcommit is enabled, does not properly handle the export of shmemfs

    objects by knfsd, which allows attackers to cause a denial of service

    (NULL pointer dereference and knfsd crash) or possibly have unspecified

    other impact via unknown vectors. (CVE-2010-1643)

     

    The sctp_process_unk_param function in net/sctp/sm_make_chunk.c

    in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled,

    allows remote attackers to cause a denial of service (system crash)

    via an SCTPChunkInit packet containing multiple invalid parameters

    that require a large amount of error data. (CVE-2010-1173)

     

    The Transparent Inter-Process Communication (TIPC) functionality in

    Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions,

    allows local users to cause a denial of service (kernel OOPS) by

    sending datagrams through AF_TIPC before entering network mode,

    which triggers a NULL pointer dereference. (CVE-2010-1187)

     

    The sctp_process_unk_param function in net/sctp/sm_make_chunk.c

    in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled,

    allows remote attackers to cause a denial of service (system crash)

    via an SCTPChunkInit packet containing multiple invalid parameters

    that require a large amount of error data. (CVE-2010-1173)

     

    fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel

    before 2.6.34-rc4 allows remote attackers to cause a denial of service

    (panic) via an SMB response packet with an invalid CountHigh value,

    as demonstrated by a response from an OS/2 server, related to the

    CIFSSMBWrite and CIFSSMBWrite2 functions. (CVE-2010-2248)

     

    Buffer overflow in the ecryptfs_uid_hash macro in

    fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux

    kernel before 2.6.35 might allow local users to gain privileges

    or cause a denial of service (system crash) via unspecified

    vectors. (CVE-2010-2492)

     

    The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel

    before 2.6.35 does not properly check the file descriptors passed

    to the SWAPEXT ioctl, which allows local users to leverage write

    access and obtain read access by swapping one file into another

    file. (CVE-2010-2226)

     

    The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux

    kernel before 2.6.35 uses an incorrect size value in calculations

    associated with sentinel directory entries, which allows local

    users to cause a denial of service (NULL pointer dereference and

    panic) and possibly have unspecified other impact by renaming a

    file in a GFS2 filesystem, related to the gfs2_rename function in

    fs/gfs2/ops_inode.c. (CVE-2010-2798)

     

    The do_anonymous_page function in mm/memory.c in the Linux kernel

    before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4,

    and 2.6.35.x before 2.6.35.2 does not properly separate the stack

    and the heap, which allows context-dependent attackers to execute

    arbitrary code by writing to the bottom page of a shared memory

    segment, as demonstrated by a memory-exhaustion attack against the

    X.Org X server. (CVE-2010-2240)

     

    The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct

    Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53,

    2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x

    before 2.6.35.4 allows local users to obtain potentially sensitive

    information from kernel memory by requesting a large memory-allocation

    amount. (CVE-2010-2803)

     

    Integer overflow in net/can/bcm.c in the Controller Area Network (CAN)

    implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before

    2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4

    allows attackers to execute arbitrary code or cause a denial of service

    (system crash) via crafted CAN traffic. (CVE-2010-2959)

     

    Double free vulnerability in the snd_seq_oss_open function

    in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before

    2.6.36-rc4 might allow local users to cause a denial of service or

    possibly have unspecified other impact via an unsuccessful attempt

    to open the /dev/sequencer device. (CVE-2010-3080)

     

    A vulnerability in Linux kernel caused by insecure allocation of user

    space memory when translating system call inputs to 64-bit. A stack

    pointer underflow can occur when using the compat_alloc_user_space

    method with an arbitrary length input. (CVE-2010-3081)

     

    The IA32 system call emulation functionality in

    arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2

    on the x86_64 platform does not zero extend the %eax register after

    the 32-bit entry path to ptrace is used, which allows local users to

    gain privileges by triggering an out-of-bounds access to the system

    call table using the %rax register. NOTE: this vulnerability exists

    because of a CVE-2007-4573 regression. (CVE-2010-3301)

     

    To update your kernel, please follow the directions located at:

     

    http://www.mandriva.com/en/security/kernelupdate


  10. Multiple vulnerabilities was discovered and corrected in postgresql:

     

    An authenticated database user can manipulate modules and tied

    variables in some external procedural languages to execute code with

    enhanced privileges (CVE-2010-3433).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    This update provides a solution to these vulnerabilities.


  11. A vulnerability was discovered and corrected in dovecot:

     

    Multiple stack-based buffer overflows in the Sieve plugin in Dovecot

    1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,

    allow context-dependent attackers to cause a denial of service

    (crash) and possibly execute arbitrary code via a crafted SIEVE

    script, as demonstrated by forwarding an e-mail message to a large

    number of recipients, a different vulnerability than CVE-2009-2632

    (CVE-2009-3235).

     

    Packages for 2009.1 were missing with the previous MDVSA-2009:242

    update. This update corrects this.

     

    This update provides a solution to this vulnerability.


  12. A vulnerability has been found in Qt Creator 2.0.0 and previous

    versions. The vulnerability occurs because of an insecure manipulation

    of a Unix environment variable by the qtcreator shell script. It

    manifests by causing Qt or Qt Creator to attempt to load certain

    library names from the current working directory (CVE-2010-3374).

     

    The updated packages have been patched to correct this issue.


  13. Multiple vulnerabilities has been found and corrected in mailman:

     

    Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman

    before 2.1.14rc1 allow remote authenticated users to inject arbitrary

    web script or HTML via vectors involving (1) the list information

    field or (2) the list description field (CVE-2010-3089).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.

×
×
  • Create New...