Jump to content
  • Announcements

    • spinynorman

      Mandriva Official Documentation

      Official documentation for extant versions of Mandriva can be found at doc.mandriva.com.   Documentation for the latest release may take some time to appear there. You can install all the manuals from the main repository if you have Mandriva installed - files are prefixed mandriva-doc.
    • paul

      Forum software upgrade   10/29/17

      So you may have noticed the forum software has upgraded !!!
      A few things that have changed. We no longer have community blogs (was never really used) We no longer have a portal page.
      We can discuss this, and decide whether it is needed (It costs money) See this thread: Here

aru

Members
  • Content count

    2022
  • Joined

  • Last visited

Community Reputation

-1 Poor

About aru

  • Rank
    Mandriva Guru

Contact Methods

  • Website URL
    http://libertonia.escomposlinux.org
  • ICQ
    0

Profile Information

  • Location
    ~/spain/valencia
  1. Mandriva Advisories MDKSA-2006:120 : samba Updated samba packages fix DoS vulnerability July 10th, 2006 A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections. Updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:120 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403 http://www.samba.org/samba/security/CAN-2006-3403.html Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.3 2006/07/02 09:40:56 aru Exp $)
  2. Mandriva Advisories MDKSA-2006:119 : ppp Updated ppp packages fix plugin vulnerability July 10th, 2006 Marcus Meissner discovered that pppd's winbind plugin did not check for the result of the setuid() call which could allow an attacker to exploit this on systems with certain PAM limits enabled to execute the NTLM authentication helper as root.This could possibly lead to privilege escalation dependant upon the local winbind configuration. Updated packages have been patched ot correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:119 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2194 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.3 2006/07/02 09:40:56 aru Exp $)
  3. Mandriva Advisories MDKSA-2006:118 : OpenOffice.org Updated OpenOffice.org packages fix various vulnerabilities July 7th, 2006 OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. (CVE-2006-2198) An unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. (CVE-2006-2199) Heap-based buffer overflow in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." (CVE-2006-3117) Updated packages are patched to address this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:118 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3117 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.3 2006/07/02 09:40:56 aru Exp $)
  4. Mandriva Advisories MDKSA-2006:117 : libmms Updated libmms packages fix buffer overflow vulnerability July 6th, 2006 Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Libmms uses the same vulnerable code. The updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:117 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.3 2006/07/02 09:40:56 aru Exp $)
  5. Mandriva Advisories MDKSA-2006:107 : arts Updated arts packages fix vulnerability in artswrapper June 20th, 2006 A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their system could be at risk, The updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:107 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.3 2006/07/02 09:40:56 aru Exp $)
  6. Mandriva Advisories MDKSA-2006:107 : arts Updated arts packages fix vulnerability in artswrapper June 20th, 2006 A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their system could be at risk, The updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:107 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  7. Mandriva Advisories MDKSA-2006:115 : mutt Updated mutt packages fix buffer overflow vulnerability June 28th, 2006 A stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. Updated packages have been patched to address this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:115 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-3242 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  8. Mandriva Advisories MDKSA-2006:114 : libwmf Updated libwmf packages fixes embedded GD vulnerability June 27th, 2006 Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers tocause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Libwmf contains an embedded copy of the GD library code. (CAN-2004-0941) Updated packages have been patched to address this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:114 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  9. Mandriva Advisories MDKSA-2006:113 : tetex Updated tetex packages fix embedded GD vulnerabilities June 27th, 2006 Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers tocause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Tetex contains an embedded copy of the GD library code. (CAN-2004-0941) The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.Tetex contains an embedded copy of the GD library code. (CVE-2006-2906) Updated packages have been patched to address both issues. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:113 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  10. Mandriva Advisories MDKSA-2006:112 : gd Updated gd packages fix DoS vulnerability. June 27th, 2006 The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. gd-2.0.15 in Corporate 3.0 is not affected by this issue. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:112 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  11. Mandriva Advisories MDKSA-2006:111 : MySQL Updated MySQL packages fixes authorized user DoS(crash) vulnerability. June 23rd, 2006 Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:111 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  12. Mandriva Advisories MDKSA-2006:110 : gnupg Updated gnupg packages fix vulnerability June 20th, 2006 A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length. The updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:110 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  13. Mandriva Advisories MDKSA-2006:109 : wv2 Updated wv2 packages fix vulnerability June 20th, 2006 A boundary checking error was discovered in the wv2 library, used for accessing Microsoft Word documents.This error can lead to an integer overflow induced by processing certain Word files. The updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:109 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2197 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  14. Mandriva Advisories MDKSA-2006:108 : xine-lib Updated xine-lib packages fix buffer overflow vulnerabilities June 20th, 2006 A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802) In addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue. The updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:108 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  15. Mandriva Advisories MDKSA-2006:107 : arts Updated arts packages fix vulnerability in artswrapper June 20th, 2006 A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their system could be at risk, The updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:107 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
×