Jump to content

aru

Members
  • Posts

    2022
  • Joined

  • Last visited

Everything posted by aru

  1. Mandriva Advisories MDKA-2006:011 : hwdb-clients Updated hwdb-clients packages address hostname issue January 19th, 2006 Updated hwdb-clients packages are now available that point the clients correctly to hwdb.mandriva.com rather than hwdb.mandrakesoft.com. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:011 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  2. Mandriva Advisories MDKA-2006:010 : klamav Updated klamav packages provide updated translations and bug fixes January 17th, 2006 Klamav 0.32 is now available for Mandriva Linux 2006 that fixes a number of problems with the previous version: - fix the proxy configuration; password-less proxies can now be used - fix media:/ vs. devices:/ difference on different KDE versions - translation of HTML advisory files; English and Brazilian Portuguese are now available - fix translation for all programs; a new klamav.pot file generated against the full string translation code - full English and Brazilian Portuguese are now available The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:010 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  3. Mandriva Advisories MDKA-2006:009 : OpenOffice.org Updated OpenOffice.org packages fix crash bug January 17th, 2006 Updated OpenOffice.org package correct a bug that caused a random crash when opening certain sxi files. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:009 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  4. Mandriva Advisories MDKA-2006:008 : squid Updated squid packages provide ICAP support January 17th, 2006 New squid packages are now available for Corporate Server 2.1 that provide many new features, including ICAP support. The released versions of Mandriva GNU/Linux affected are: CS2.1 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:008 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  5. Mandriva Advisories MDKSA-2006:016 : clamav Updated clamav packages fix vulnerability January 16th, 2006 A heap-based buffer overflow was discovered in ClamAV versions prior to 0.88 which allows remote attackers to cause a crash and possibly execute arbitrary code via specially crafted UPX files. This update provides ClamAV 0.88 which corrects this issue and also fixes some other bugs. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:016 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  6. Mandriva Advisories MDKSA-2006:015 : hylafax Updated hylafax packages fix eval injection vulnerabilities January 16th, 2006 Patrice Fournier discovered the faxrcvd/notify scripts (executed as the uucp/fax user) run user-supplied input through eval without any attempt at sanitising it first.This would allow any user who could submit jobs to HylaFAX, or through telco manipulation control the representation of callid information presented to HylaFAX to run arbitrary commands as the uucp/fax user. (CVE-2005-3539, only 'notify' in the covered versions) Updated packages were also reviewed for vulnerability to an issue where if PAM is disabled, a user could log in with no password. (CVE-2005-3538) In addition, some fixes to the packages for permissions, and the %pre/%post scripts were backported from cooker. (#19679) The updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: 10.1 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:015 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3539 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  7. Mandriva Advisories MDKSA-2006:014 : wine Updated wine packages fix WMF vulnerability January 16th, 2006 A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly resulting in the execution of arbitrary code with the privileges of the user runing Wine. The updated packages have been patched to correct these problems. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:014 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  8. Mandriva Advisories MDKA-2006:007 : festival Updated festival packages fix crash on x86. January 16th, 2006 The festival program on x86 platforms crashes when the user attempts to use it. The updated packages are rebuilt against the correct libraries and correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:007 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  9. Mandriva Advisories MDKSA-2006:013 : kolab-resource-handlers Updated kolab packages fix vulnerability January 12th, 2006 A problem exists in how the Kolab Server transports emails bigger than 8KB in size and if a dot (".") character exists in the wrong place.If these conditions are met, kolabfilter will double this dot and a modified email will be delivered, which could lead to broken clear-text signatures or broken attachments. The updated packages have been patched to correct these problems. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:013 Other references: http://kolab.org/security/kolab-vendor-notice-07.txt Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  10. Mandriva Advisories MDKSA-2006:002 : ethereal Updated ethereal packages fix vulnerabilities January 3rd, 2006 Three vulnerabilities were discovered in Ethereal 0.10.13: The IRC and GTP dissectors could go into an infinite loop. A buffer overflow was discovered by iDefense in the OSPF dissector. Ethereal has been upgraded to 0.10.14 which does not suffer from these problems. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:002 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3651 http://www.ethereal.com/appnotes/enpa-sa-00022.html Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  11. Mandriva Advisories MDKSA-2006:001 : tkcvs Updated tkcvs packages fix insecure temporary file vulnerability January 3rd, 2006 Javier Fernandez-Sanguino Pena discovered that tkdiff created temporary files in an insecure manner. The updated packages have been patched to correct these problems. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:001 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3343 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  12. Mandriva Advisories MDKA-2006:002 : mdkonline Updated mdkonline packages fixes various bugs January 2nd, 2006 A bug in the mdkupdate cron job (when automatic update mode is enabled) prevents $ENV{USER} from being defined, which kills mdkupdate before performing the updates. The mdkapplet GUI is now refreshed and doesn't stall anymore when waiting for configuration or installation operations to finish prior to re-drawing itself. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:002 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  13. Mandriva Advisories MDKA-2006:001 : nss_ldap Updated nss_ldap packages fixes bug with groups with large numberof members. January 2nd, 2006 A bug was discovered in nss_ldap when a group has a large number of members. This was resulting in SIGABRT of 'ls -la' when attempting to add additional users to the group. Updated packages have been patched to correct the issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:001 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  14. Mandriva Advisories MDKSA-2005:239 : printer-filters-utils Updated printer-filters-utils packages fix local vulnerability December 30th, 2005 "newbug" discovered a local root vulnerability in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges. Mandriva encourages all users to upgrade immediately. The updated packages have been patched to correct these problems. The released versions of Mandriva GNU/Linux affected are: 10.1 CS2.1 CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:239 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  15. Mandriva Advisories MDKA-2005:062 : libgphoto Updated libgphoto packages fixes issue with some cameras December 28th, 2005 The hotplug usermap has been restored for this package because it is used by HAL to correctly detect digital cameras which are not using USB Mass storage (for instance, all Canon digital cameras, as well as some Nikon ones and all PTP cameras). This should allow gnome-volume-manager to automatically popup a "Do you want to import photos?" dialog when the camera is plugged in. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2005:062 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  16. Mandriva Advisories MDKSA-2005:238 : php Updated php/php-mbstring packages fix mail injection vulnerability December 27th, 2005 A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent). The updated packages have been patched to address this issue.Once the new packages have been installed, you will need to restart your Apache server using "service httpd restart" in order for the new packages to take effect. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:238 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3883 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  17. Mandriva Advisories MDKA-2005:061 : digikamimageplugins Updated digikamimageplugins packages fix showfoto crash issue. December 26th, 2005 A previous update of DigiKam (MDKA-2005:059) bumped the version to 0.8.0. After this update, Narfi Stefansson reported that showfoto, from digikamimageplugins was crashing when trying to use "Free Rotation". This update bumps digikamimageplugins to version 0.8.0 also. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2005:061 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  18. Mandriva Advisories MDKSA-2005:237 : cpio Updated cpio packages fix buffer overflow on x86_64 December 23rd, 2005 A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits. The updated packages have been patched to correct these problems. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:237 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  19. Mandriva Advisories MDKSA-2005:236 : fetchmail Updated fetchmail packages fix vulnerability December 23rd, 2005 Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-4348 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  20. Mandriva Advisories MDKA-2005:060 : msec Updated msec packages fixes various bugs December 22nd, 2005 Bugs in the msec package have been corrected: msec wasn't properly parsing the output on security checks to check ownership of files, reporting files as unowned when they were in fact properly owned by a valid user. The /var/lib/msec/security.conf was no longer being generated which prevented msec from running. The updated packages have been patched to correct these problems. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2005:060 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  21. Mandriva Advisories MDKSA-2005:235 : kernel Updated kernel packages fix numerous vulnerabilities December 21st, 2005 Multiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected in this update: A stack-based buffer overflow in the sendmsg function call in versions prior to 2.6.13.1 allow local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread (CVE-2005-2490). The raw_sendmsg function in versions prior to 2.6.13.1 allow local users to cause a DoS (change hardware state) or read from arbitrary memory via crafted input (CVE-2005-2492). The ipt_recent module in versions prior to 2.6.12 does not properly perform certain tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early (CVE-2005-2873). Multiple vulnerabilities in versions prior to 2.6.13.2 allow local users to cause a DoS (oops from null dereference) via fput in a 32bit ioctl on 64-bit x86 systems or sockfd_put in the 32-bit routing_ioctl function on 64-bit systems (CVE-2005-3044). Versions 2.6.8 to 2.6.14-rc2 allow local users to cause a DoS (oops) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference (CVE-2005-3055). drm.c in version 2.6.13 and earlier creates a debug file in sysfs with world-readable and world-writable permissions, allowing local users to enable DRM debugging and obtain sensitive information (CVE-2005-3179). The Orinoco driver in 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, allowing remote attackers to obtain sensitive information (CVE-2005-3180). Kernels 2.6.13 and earlier, when CONFIG_AUDITSYSCALL is enabled, use an incorrect function to free names_cache memory, preventing the memory from being tracked by AUDITSYSCALL code and leading to a memory leak (CVE-2005-3181). The VT implementation in version 2.6.12 allows local users to use certain IOCTLs on terminals of other users and gain privileges (CVE-2005-3257). A race condition in ip_vs_conn_flush in versions prior to 2.6.13, when running on SMP systems, allows local users to cause a DoS (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired (CVE-2005-3274). The provided packages are patched to fix these vulnerabilities.All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:235 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  22. Mandriva Advisories MDKSA-2005:234 : sudo Updated sudo packages fix vulnerability December 20th, 2005 Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script. In addition, other environment variables have been included in the patch that remove similar environment variables that could be used in python and ruby, scripts, among others. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 CS2.1 CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:234 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-4158 http://www.sudo.ws/sudo/alerts/perl_env.html Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  23. Mandriva Advisories MDKSA-2005:233 : apache2 Updated apache2 packages fix vulnerability in worker MPM December 19th, 2005 A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service (memory consumption) via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections. As well, this update addresses two bugs in the Mandriva 2006 Apache packges where apachectl was missing and also a segfault that occured when using the mod_ldap module. The released versions of Mandriva GNU/Linux affected are: 10.1 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:233 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2970 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  24. Mandriva Advisories MDKA-2005:059 : digikam Updated digikam packages fixes printing functionality December 16th, 2005 The printing functionality of DigiKam in Mandriva 2006 is flawed in that when trying to print a picture, regardless of the size, it swaps near infinitely and takes an extremely long time until the photo comes out.As well, the photo may not come out because GhostScript fails due to lack of memory. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2005:059 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  25. Mandriva Advisories MDKSA-2005:232 : gstreamer-ffmpeg Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability December 14th, 2005 Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. Gstreamer-ffmpeg is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:232 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
×
×
  • Create New...