Linux Compatible - Mandriva (Page 13)

MDKSA-2005:002 - Updated wxGTK2 packages

Mandriva 1277 Published 2005-01-06 16:25 by Philipp Esselbach 0

Updated wxGTK2 packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: wxGTK2
Advisory ID: MDKSA-2005:002
Date: January 6th, 2005

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities:

iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code.

The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag.

iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CAN-2004-1308)

The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry.

The updated packages are patched to protect against these
vulnerabilities.

MDKSA-2005:001 - Updated libtiff packages

Mandriva 1277 Published 2005-01-06 16:15 by Philipp Esselbach 0

Updated libtiff packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: libtiff
Advisory ID: MDKSA-2005:001
Date: January 6th, 2005

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________

Problem Description:

Several vulnerabilities have been discovered in the libtiff package:

iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code.

The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag.

iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CAN-2004-1308)

The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry.

The updated packages are patched to protect against these
vulnerabilities.

Mandrakesoft to liven up the corporate Linux world

Mandriva 1277 Published 2005-01-04 14:33 by Philipp Esselbach 0

Mandrakesoft has just released two new "enterprise" Linux products: Corporate Server and Corporate Desktop. These products have received specific development and testing efforts to make them as fit as possible for use in a business environment.

The new Corporate Server is meant to facilitate deployment through its auto-installation and easy configuration capabilities. It can be used for any kind of server tasks, from LDAP to Web.

Corporate Desktop was designed for the coming wave of Linux on the desktop. The problem of over-abounding, sometimes immature Open Source software has been solved in this product through careful testing and screening of software applications. That makes Corporate Desktop immediately usable.

MDKSA-2004:164 - Updated cups packages

Mandriva 1277 Published 2004-12-30 03:57 by Philipp Esselbach 0

Updated cups packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: cups
Advisory ID: MDKSA-2004:164
Date: December 29th, 2004

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________

Problem Description:

iDefense reported a buffer overflow vulnerability, which affects versions of xpdf

MDKSA-2004:166 - Updated tetex packages

Mandriva 1277 Published 2004-12-30 03:56 by Philipp Esselbach 0

Updated tetex packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: tetex
Advisory ID: MDKSA-2004:166
Date: December 29th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as tetex (CAN-2004-0888).

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like tetex which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.

iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf

MDKSA-2004:165 - Updated koffice packages

Mandriva 1277 Published 2004-12-30 03:55 by Philipp Esselbach 0

Updated koffice packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: koffice
Advisory ID: MDKSA-2004:165
Date: December 29th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as koffice (CAN-2004-0888).

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like koffice which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.

iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf

MDKSA-2004:162 - Updated gpdf packages

Mandriva 1277 Published 2004-12-30 03:52 by Philipp Esselbach 0

Updated gpdf packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: gpdf
Advisory ID: MDKSA-2004:162
Date: December 29th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

iDefense reported a buffer overflow vulnerability, which affects versions of xpdf

MDKSA-2004:161 - Updated xpdf packages

Mandriva 1277 Published 2004-12-30 03:51 by Philipp Esselbach 0

Updated xpdf packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: xpdf
Advisory ID: MDKSA-2004:161
Date: December 29th, 2004

Affected versions: 10.0, 10.1, Corporate Server 2.1
______________________________________________________________________

Problem Description:

iDefense reported a buffer overflow vulnerability, which affects versions of xpdf

MDKSA-2004:160 - Updated kdelibs packages

Mandriva 1277 Published 2004-12-30 03:50 by Philipp Esselbach 0

Updated kdelibs packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: kdelibs
Advisory ID: MDKSA-2004:160
Date: December 29th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

A vulnerability in the Konqueror web browser was discovered that would allow a malicious web site to take advantage of a flaw in kio_ftp to send email messages without user interaction.

The updated packages are patched to correct the problem.

MDKSA-2004:159 - Updated glibc packages

Mandriva 1277 Published 2004-12-30 03:49 by Philipp Esselbach 0

Updated glibc packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: glibc
Advisory ID: MDKSA-2004:159
Date: December 29th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

The Trustix developers discovered that the catchsegv and glibcbug utilities, part of the glibc package, created temporary files in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

The updated packages have been patched to correct this issue.

MDKA-2004:060 - Updated udev packages

Mandriva 1277 Published 2004-12-30 03:48 by Philipp Esselbach 0

Updated udev packages has been released for Mandrakelinux 10.1
_______________________________________________________________________

Mandrakelinux Update Advisory
_______________________________________________________________________

Package name: udev
Advisory ID: MDKA-2004:060
Date: December 29th, 2004

Affected versions: 10.1
______________________________________________________________________

Problem Description:

A problem in udev existed where a user would not be able to use a firewire camera because the required device was never created. This update forces udev to pre-create the device allowing the use of firewire cameras.

Mandrakelinux 10.2 Christmas Cooker Snapshot

Mandriva 1277 Published 2004-12-28 07:24 by Philipp Esselbach 0

An early development snapshot of Mandrakelinux 10.2 is available

MDKSA-2004:158 - Updated samba packages

Mandriva 1277 Published 2004-12-28 04:26 by Philipp Esselbach 0

Updated samba packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: samba
Advisory ID: MDKSA-2004:158
Date: December 27th, 2004

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________

Problem Description:

Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs.

The updated packages have been patched to correct this issue.

MDKSA-2004:157 - Updated mplayer packages

Mandriva 1277 Published 2004-12-22 18:45 by Philipp Esselbach 0

Updated mplayer packages are avaiable for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: mplayer
Advisory ID: MDKSA-2004:157
Date: December 22nd, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code, and multiple buffer overflows in the BMP demuxer and mp3lib code.

The updated packages have been patched to prevent these problems.

MDKSA-2004:155 - Updated logcheck packages

Mandriva 1277 Published 2004-12-22 18:44 by Philipp Esselbach 0

Updated logcheck packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: logcheck
Advisory ID: MDKSA-2004:155
Date: December 22nd, 2004

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________

Problem Description:

A vulnerability was discovered in the logcheck program by Christian Jaeger. This could potentially lead to a local attacker overwriting files with root privileges.

The updated packages have been patched to prevent the problem.

MDKSA-2004:154 - Updated kdelibs packages

Mandriva 1277 Published 2004-12-22 18:43 by Philipp Esselbach 0

Updated kdelibs packages has been released for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: kdelibs
Advisory ID: MDKSA-2004:154
Date: December 22nd, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

A vulnerability in the Konqueror webbrowser was discovered where an untrusted java applet could escalate privileges (through JavaScript calling into Java code). This includes the reading and writing of files with the privileges of the user running the applet.

The provided packages have been patched to correct this problem.

MDKSA-2004:156 - Updated krb5 packages fix

Mandriva 1277 Published 2004-12-22 18:41 by Philipp Esselbach 0

Updated krb5 packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: krb5
Advisory ID: MDKSA-2004:156
Date: December 22nd, 2004

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________

Problem Description:

Michael Tautschnig discovered a heap buffer overflow in the history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) server.

The updated packages have been patched to prevent this problem.

Mandrakesoft to lead 3.4-million-euro research project

Mandriva 1277 Published 2004-12-21 08:06 by Philipp Esselbach 0

Mandrakesoft, through its Edge-IT subsidiary, will lead an international consortium of four universities, two research institutes, and four private sector companies in the three-year EDOS project. Here the press release:

EDOS Project to boost quality and productivity in software development

Paris, France; December 21, 2004. Major European research institutions and Open Source software companies today announced the launch of EDOS, a project dealing with complexity management in the field of Open Source software. The participants will collaborate in the development of theoretical and technical solutions to the management of large-scale, modular software projects. EDOS will receive EUR 2.2 million in European Union funding, in a total budget of EUR 3.4 million.

MDKSA-2004:153 - Updated aspell packages

Mandriva 1277 Published 2004-12-20 17:10 by Philipp Esselbach 0

Updated aspell packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: aspell
Advisory ID: MDKSA-2004:153
Date: December 20th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

A vulnerability was discovered in the aspell word-list-compress utility that can allow an attacker to execute arbitrary code.

The updated packages have been patched to correct this problem.

MDKSA-2004:152 - Updated ethereal packages

Mandriva 1277 Published 2004-12-20 17:09 by Philipp Esselbach 0

Updated ethereal packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: ethereal
Advisory ID: MDKSA-2004:152
Date: December 20th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

A number of vulnerabilities were discovered in Ethereal:

- Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash (CAN-2004-1139)
- An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space (CAN-2004-1140)
- The HTTP dissector could access previously-freed memory, causing a crash (CAN-2004-1141)
- Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization (CAN-2004-1142)

Ethereal 0.10.8 was released to correct these problems and is being provided.