paul
-
Content Count
5598 -
Joined
-
Last visited
-
Days Won
6
Posts posted by paul
-
-
A vulnerability has been found and corrected in kdegraphics (ksvg):
Use-after-free vulnerability in the garbage-collection implementation
in WebCore in WebKit in Apple Safari before 4.0 allows remote
attackers to execute arbitrary code or cause a denial of service
(heap corruption and application crash) via an SVG animation element,
related to SVG set objects, SVG marker elements, the targetElement
attribute, and unspecified caches. (CVE-2009-1709)
Packages for 2008.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
The cross-desktop screensaver tool was missing a dependency on the
xset tool. This update adds it.
-
A vulnerability has been found and corrected in ntop:
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via an Authorization HTTP header
that lacks a : (colon) character in the base64-decoded string
(CVE-2009-2732).
The updated packages have been patched to correct this issue.
-
Gthumb would crash for users of Nvidia graphic cards. This is a new
version that contains a fix for the crash.
-
A vulnerability has been found and corrected in rpm:
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and
RPM before 4.4.3, does not properly reset the metadata of an executable
file during replacement of the file in an RPM package upgrade, which
might allow local users to gain privileges by creating a hard link
to a vulnerable (1) setuid or (2) setgid file (CVE-2010-2059).
The updated packages have been patched to correct this issue.
-
A vulnerability has been found and corrected in libglpng:
Multiple integer overflows in glpng.c in glpng 1.45 allow
context-dependent attackers to execute arbitrary code via a crafted
PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF
function, leading to heap-based buffer overflows (CVE-2010-1519).
The updated packages have been patched to correct this issue.
-
Multiple vulnerabilities has been found and corrected in ocsinventory:
Multiple cross-site scripting (XSS) vulnerabilities in
ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers
to inject arbitrary web script or HTML via (1) the query string, (2)
the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these
details are obtained from third party information (CVE-2010-1594).
Multiple SQL injection vulnerabilities in ocsreports/index.php in
OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary
SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter
(CVE-2010-1595).
Multiple SQL injection vulnerabilities in OCS Inventory NG before
1.02.3 allow remote attackers to execute arbitrary SQL commands via
(1) multiple inventory fields to the search form, reachable through
index.php; or (2) the Software name field to the All softwares search
form, reachable through index.php. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information (CVE-2010-1733).
This upgrade provides ocsinventory 1.02.3 which is not vulnerable
for these security issues.
-
Multiple vulnerabilities has been found and corrected in tomcat5:
Directory traversal vulnerability in Apache Tomcat 5.5.0 through
5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or
overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,
as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and
6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase
files that remain from a failed undeploy, which might allow remote
attackers to bypass intended authentication requirements via HTTP
requests (CVE-2009-2901).
Directory traversal vulnerability in Apache Tomcat 5.5.0 through
5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete
work-directory files via directory traversal sequences in a WAR
filename, as demonstrated by the ...war filename (CVE-2009-2902).
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might
allow remote attackers to discover the server's hostname or IP
address by sending a request for a resource that requires (1) BASIC or
(2) DIGEST authentication, and then reading the realm field in the
WWW-Authenticate header in the reply (CVE-2010-1157).
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0
beta does not properly handle an invalid Transfer-Encoding header,
which allows remote attackers to cause a denial of service (application
outage) or obtain sensitive information via a crafted header that
interferes with recycling of a buffer. (CVE-2010-2227)
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
Multiple vulnerabilities has been found and corrected in tomcat5:
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0
through 4.1.36 does not properly handle (1) double quote (") characters
or (2) %5C (encoded backslash) sequences in a cookie value, which
might cause sensitive information such as session IDs to be leaked
to remote attackers and enable session hijacking attacks. NOTE:
this issue exists because of an incomplete fix for CVE-2007-3385
(CVE-2007-5333).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through
6.0.18, and possibly earlier versions normalizes the target pathname
before filtering the query string when using the RequestDispatcher
method, which allows remote attackers to bypass intended access
restrictions and conduct directory traversal attacks via .. (dot dot)
sequences and the WEB-INF directory in a Request (CVE-2008-5515).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18, when the Java AJP connector and mod_jk load balancing
are used, allows remote attackers to cause a denial of service
(application outage) via a crafted request with invalid headers,
related to temporary blocking of connectors that have encountered
errors, as demonstrated by an error involving a malformed HTTP Host
header (CVE-2009-0033).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and
6.0.0 through 6.0.18, when FORM authentication is used, allows
remote attackers to enumerate valid usernames via requests to
/j_security_check with malformed URL encoding of passwords, related to
improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,
and (3) JDBCRealm authentication realms, as demonstrated by a %
(percent) value for the j_password parameter (CVE-2009-0580).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18 permits web applications to replace an XML parser used
for other web applications, which allows local users to read or modify
the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web
applications via a crafted application that is loaded earlier than
the target application (CVE-2009-0783).
Directory traversal vulnerability in Apache Tomcat 5.5.0 through
5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or
overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,
as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and
6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase
files that remain from a failed undeploy, which might allow remote
attackers to bypass intended authentication requirements via HTTP
requests (CVE-2009-2901).
Directory traversal vulnerability in Apache Tomcat 5.5.0 through
5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete
work-directory files via directory traversal sequences in a WAR
filename, as demonstrated by the ...war filename (CVE-2009-2902).
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might
allow remote attackers to discover the server's hostname or IP
address by sending a request for a resource that requires (1) BASIC or
(2) DIGEST authentication, and then reading the realm field in the
WWW-Authenticate header in the reply (CVE-2010-1157).
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0
beta does not properly handle an invalid Transfer-Encoding header,
which allows remote attackers to cause a denial of service (application
outage) or obtain sensitive information via a crafted header that
interferes with recycling of a buffer. (CVE-2010-2227)
Packages for 2008.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
A vulnerability has been found and corrected in sudo:
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does
not properly handle use of the -u option in conjunction with the -g
option, which allows local users to gain privileges via a command
line containing a -u root sequence (CVE-2010-2956).
The updated packages have been patched to correct this issue.
-
Stack-based buffer overflow in the bgp_route_refresh_receive
function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows
remote authenticated users to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a malformed Outbound
Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message
(CVE-2010-2948).
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via an unknown AS type in an AS path
attribute in a BGP UPDATE message (CVE-2010-2949).
Updated packages are available that bring Quagga to version 0.99.17
which provides numerous bugfixes over the previous 0.99.12 version,
and also corrects these issues.
-
Security issues were identified and fixed in firefox and
mozilla-thinderbird:
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird
before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7
do not properly restrict read access to the statusText property of
XMLHttpRequest objects, which allows remote attackers to discover
the existence of intranet web servers via cross-origin requests
(CVE-2010-2764).
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before
3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x
before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote
attackers to inject arbitrary web script or HTML via a selection that
is added to a document in which the designMode property is enabled
(CVE-2010-2769).
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird
before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do
not properly restrict use of the type attribute of an OBJECT element
to set a document's charset, which allows remote attackers to bypass
cross-site scripting (XSS) protection mechanisms via UTF-7 encoding
(CVE-2010-2768).
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka
SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and
Thunderbird 3.1.x before 3.1.3 does not properly restrict objects
at the end of scope chains, which allows remote attackers to execute
arbitrary JavaScript code with chrome privileges via vectors related
to a chrome privileged object and a chain ending in an outer object
(CVE-2010-2762).
The normalizeDocument function in Mozilla Firefox before 3.5.12 and
3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3,
and SeaMonkey before 2.0.7 does not properly handle the removal of
DOM nodes during normalization, which might allow remote attackers
to execute arbitrary code via vectors involving access to a deleted
object (CVE-2010-2766).
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and
3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3,
and SeaMonkey before 2.0.7 does not properly handle node removal in
XUL trees, which allows remote attackers to execute arbitrary code
via vectors involving access to deleted memory, related to a dangling
pointer vulnerability. (CVE-2010-3167)
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird
before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not
properly restrict the role of property changes in triggering XUL tree
removal, which allows remote attackers to cause a denial of service
(deleted memory access and application crash) or possibly execute
arbitrary code by setting unspecified properties (CVE-2010-3168).
Use-after-free vulnerability in the nsTreeSelection function in Mozilla
Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before
3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow
remote attackers to execute arbitrary code via vectors involving a XUL
tree selection, related to a dangling pointer vulnerability. NOTE:
this issue exists because of an incomplete fix for CVE-2010-2753
(CVE-2010-2760).
Integer overflow in the FRAMESET element implementation in Mozilla
Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7
and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote
attackers to execute arbitrary code via a large number of values in the
cols (aka columns) attribute, leading to a heap-based buffer overflow
(CVE-2010-2765).
Heap-based buffer overflow in the nsTextFrameUtils::TransformText
function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9,
Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before
2.0.7 might allow remote attackers to execute arbitrary code via a
bidirectional text run (CVE-2010-3166).
The navigator.plugins implementation in Mozilla Firefox before 3.5.12
and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before
3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction
of the DOM plugin array, which might allow remote attackers to cause
a denial of service (application crash) or execute arbitrary code
via crafted access to the navigator object, related to a dangling
pointer vulnerability. (CVE-2010-2767)
Multiple unspecified vulnerabilities in the browser engine in
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird
before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2010-3169).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates. The NSS and NSPR packages has been
upgraded to the latest versions. The rootcerts package has been
upgraded to the latest CVS version (as of 2010/08/27).
-
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Buffer overflow in the ecryptfs_uid_hash macro in
fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux
kernel before 2.6.35 might allow local users to gain privileges
or cause a denial of service (system crash) via unspecified
vectors. (CVE-2010-2492)
The DNS resolution functionality in the CIFS implementation in the
Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled,
relies on a user's keyring for the dns_resolver upcall in the
cifs.upcall userspace helper, which allows local users to spoof the
results of DNS queries and perform arbitrary CIFS mounts via vectors
involving an add_key call, related to a cache stuffing issue and
MS-DFS referrals. (CVE-2010-2524)
The do_anonymous_page function in mm/memory.c in the Linux kernel
before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4,
and 2.6.35.x before 2.6.35.2 does not properly separate the stack
and the heap, which allows context-dependent attackers to execute
arbitrary code by writing to the bottom page of a shared memory
segment, as demonstrated by a memory-exhaustion attack against the
X.Org X server. (CVE-2010-2240)
Integer overflow in the ext4_ext_get_blocks function in
fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local
users to cause a denial of service (BUG and system crash) via a
write operation on the last block of a large file, followed by a sync
operation. (CVE-2010-3015)
To update your kernel, please follow the directions located at:
-
ssh-menu for all the servers I need to connect to
-
The version of cairo shipped with Mandriva 2010.1 prevented several
PDF viewers from working. This updates cairo to the newest version
to fix these problems.
-
A vulnerability has been found and corrected in lvm2:
The cluster logical volume manager daemon (clvmd) in lvm2-cluster
in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)
and other products, does not verify client credentials upon a socket
connection, which allows local users to cause a denial of service
(daemon exit or logical-volume change) or possibly have unspecified
other impact via crafted control commands (CVE-2010-2526).
The updated packages have been patched to correct this issue.
-
A vulnerability has been found and corrected in wget:
GNU Wget 1.12 and earlier uses a server-provided filename instead of
the original URL to determine the destination filename of a download,
which allows remote servers to create or overwrite arbitrary files
via a 3xx redirect to a URL with a .wgetrc filename followed by a
3xx redirect to a URL with a crafted filename, and possibly execute
arbitrary code as a consequence of writing to a dotfile in a home
directory (CVE-2010-2252).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11
and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x
before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress
a script's URL in certain circumstances involving a redirect and an
error message, which allows remote attackers to obtain sensitive
information about script parameters via a crafted HTML document,
related to the window.onerror handler (CVE-2010-2754).
Mozilla Firefox permits cross-origin loading of CSS stylesheets
even when the stylesheet download has an incorrect MIME type and the
stylesheet document is malformed, which allows remote HTTP servers
to obtain sensitive information via a crafted document (CVE-2010-0654).
The importScripts Web Worker method in Mozilla Firefox 3.5.x before
3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and
3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that
content is valid JavaScript code, which allows remote attackers to
bypass the Same Origin Policy and obtain sensitive information via
a crafted HTML document (CVE-2010-1213).
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x
before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before
3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute
arbitrary code via a large selection attribute in a XUL tree element
(CVE-2010-2753).
Integer overflow in an array class in Mozilla Firefox 3.5.x before
3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x
before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to
execute arbitrary code by placing many Cascading Style Sheets (CSS)
values in an array (CVE-2010-2752).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x
before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2010-1211).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
A vulnerability has been found and corrected in openssl:
Double free vulnerability in the ssl3_get_key_exchange function in
the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7,
and possibly other versions, when using ECDH, allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted private key with an invalid prime. NOTE:
some sources refer to this as a use-after-free issue (CVE-2010-2939).
The updated packages have been patched to correct this issue.
-
A vulnerability has been found and corrected in perl-libwww-perl:
lwp-download in libwww-perl before 5.835 does not reject downloads to
filenames that begin with a . (dot) character, which allows remote
servers to create or overwrite files via (1) a 3xx redirect to a
URL with a crafted filename or (2) a Content-Disposition header
that suggests a crafted filename, and possibly execute arbitrary
code as a consequence of writing to a dotfile in a home directory
(CVE-2010-2253).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A vulnerability has been found and corrected in libgdiplus:
Multiple integer overflows in libgdiplus 2.6.7, as used in Mono,
allow attackers to execute arbitrary code via (1) a crafted TIFF
file, related to the gdip_load_tiff_image function in tiffcodec.c;
(2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal
function in jpegcodec.c; or (3) a crafted BMP file, related to the
gdip_read_bmp_image function in bmpcodec.c, leading to heap-based
buffer overflows (CVE-2010-1526).
The updated packages have been patched to correct this issue.
-
A vulnerability has been found and corrected in libHX:
Heap-based buffer overflow in the HX_split function in string.c in
libHX before 3.6 allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via a string that
is inconsistent with the expected number of fields (CVE-2010-2947).
The updated packages have been patched to correct this issue.
-
A vulnerability has been found and corrected in phpmyadmin:
It was possible to conduct a XSS attack using crafted URLs or POST
parameters on several pages (CVE-2010-3056).
This upgrade provides phpmyadmin 3.3.5.1 which is not vulnerable for
this security issue.
-
Multiple vulnerabilities has been found and corrected in phpmyadmin:
The setup script used to generate configuration can be fooled using
a crafted POST request to include arbitrary PHP code in generated
configuration file. Combined with the ability to save files on the
server, this can allow unauthenticated users to execute arbitrary
PHP code (CVE-2010-3055).
It was possible to conduct a XSS attack using crafted URLs or POST
parameters on several pages (CVE-2010-3056).
This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable
for these security issues.
Advisories MDVSA-2010:183: socat
in Mandriva Security Advisories
Posted · Report reply
A vulnerability has been found and corrected in socat:
Stack-based buffer overflow in the nestlex function in nestlex.c
in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3,
when bidirectional data relay is enabled, allows context-dependent
attackers to execute arbitrary code via long command-line arguments
(CVE-2010-2799).
The updated packages have been patched to correct this issue.