Updated xpdf packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: xpdf
Advisory ID: MDKSA-2005:017
Date: January 25th, 2005
Affected versions: 10.0, 10.1, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
A buffer overflow vulnerability was discovered in the xpdf PDF viewer, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag.
The updated packages have been patched to prevent these problems.
Mandrakelinux 10.2 Beta 1 has been released
Updated mailman packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: mailman
Advisory ID: MDKSA-2005:015
Date: January 24th, 2005
Affected versions: 10.0, 10.1, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
Florian Weimer discovered a vulnerability in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input is not properly sanitised by "scripts/driver" when returning error pages. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of a vulnerable site by tricking a user into visiting a malicious web site or follow a specially crafted link. (CAN-2004-1177).
Updated php packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: php
Advisory ID: MDKA-2005:004
Date: January 24th, 2005
Affected versions: 10.0, 9.2, Corporate Server 3.0
______________________________________________________________________
Problem Description:
When php tries to opens a connection using fsockopen(), but the connection fails, php would not close the socket. The updated packages fix this problem.
Updated squid packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: squid
Advisory ID: MDKSA-2005:014
Date: January 24th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
"infamous41md" discovered two vulnerabilities in the squid proxy cache server. The first is a buffer overflow in the Gopher response parser which leads to memory corruption and would usually crash squid (CAN-2005-0094). The second is an integer overflow in the receiver of WCCP (Web Cache Communication Protocol) messages. An attacker could send a specially crafted UDP datagram that would cause squid to crash (CAN-2005-0095).
The updated packages have been patched to prevent these problems.
Updated ethereal packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ethereal
Advisory ID: MDKSA-2005:013
Date: January 24th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities were found in Ethereal, all of which are fixed in version 0.10.9: The COPS dissector could go into an infinite loop (CAN-2005-0006); the DLSw dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0007); the DNP dissector could cause memory corruption (CAN-2005-0008); the Gnutella dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0009); the MMSE dissector could free static memory (CAN-2005-0010); and the X11 protocol dissector is vulnerable to a string buffer overflow (CAN-2005-0084).
Updated zhcon packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: zhcon
Advisory ID: MDKSA-2005:012
Date: January 24th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
Erik Sjolund discovered that zhcon accesses a user-controlled configuration file with elevated privileges which could make it possible to read arbitrary files.
The updated packages have been patched to prevent these problems.
Updated xine packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: xine-lib
Advisory ID: MDKSA-2005:011
Date: January 19th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CAN-2004-1187). As well, they discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CAN-2004-1188).
Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size making it vulnerable to a buffer overflow problem (CAN-2004-1300).
The updated packages have been patched to prevent these problems.
Updated playmidi packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: playmidi
Advisory ID: MDKSA-2005:010
Date: January 19th, 2005
Affected versions: 10.0, 10.1, Corporate Server 3.0
______________________________________________________________________
Problem Description:
Erik Sjolund discovered a buffer overflow in playmidi that could be exploited by a local attacker if installed setuid root. Note that by default Mandrakelinux does not ship playmidi installed setuid root.
Updated mpg123 packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: mpg123
Advisory ID: MDKSA-2005:009
Date: January 19th, 2005
Affected versions: 10.0, 10.1, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
A vulnerability in mpg123's ability to parse frame headers in input streams could allow a malicious file to exploit a buffer overflow and execute arbitray code with the permissions of the user running mpg123.
The updated packages have been patched to prevent these problems.
Updated cups package are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cups
Advisory ID: MDKSA-2005:008
Date: January 17th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Corporate Server 3.0
______________________________________________________________________
Problem Description:
A buffer overflow was discovered in the ParseCommand function in the hpgltops utility. An attacker with the ability to send malicious HPGL files to a printer could possibly execute arbitrary code as the "lp" user (CAN-2004-1267).
Vulnerabilities in the lppasswd utility were also discovered. The program ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS passwd file or prevent future use of lppasswd (CAN-2004-1268 and CAN-2004-1269). As well, lppasswd does not verify that the passwd.new file is different from STDERR, which could allow a local user to control output to passwd.new via certain user input that could trigger an error message (CAN-2004-1270).
The updated packages have been patched to prevent these problems.
Updated imlib packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: imlib
Advisory ID: MDKSA-2005:007
Date: January 12th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025).
As well, Pavel also discovered several integer overflows in imlib. These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026).
The updated packages have been patched to prevent these problems.
Updated hylafax packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: hylafax
Advisory ID: MDKSA-2005:006
Date: January 12th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system.
The updated packages are provided to prevent this issue. Note that the packages included with Corporate Server 2.1 do not require this fix.
Updated nfs-utils packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: nfs-utils
Advisory ID: MDKSA-2005:005
Date: January 11th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could then lead to the execution of arbitrary code.
The updated packages are provided to prevent this issue.
Updated xscreensaver packages are available for Mandrakelinux 10.1
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: xscreensaver
Advisory ID: MDKA-2005:002
Date: January 10th, 2005
Affected versions: 10.1
______________________________________________________________________
Problem Description:
A bug in xscreensaver existed when running under KDE. When selecting a screensaver, it can be tested and seen properly, but when it actually is supposed to start, only a black screen would come up.
This update corrects the problem.
Updated g-wrap packages are available for Mandrakelinux 10.1/x86_64
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: g-wrap
Advisory ID: MDKA-2005:001
Date: January 10th, 2005
Affected versions: 10.1
______________________________________________________________________
Problem Description:
A compilation error in g-wrap prevented gnucash from running on Mandrakelinux 10.1/x86_64. The updated packages correct the problem.
Updated nasm packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: nasm
Advisory ID: MDKSA-2005:004
Date: January 6th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
A buffer overflow in nasm was discovered by Jonathan Rockway. This vulnerability could lead to the execution of arbitrary code when compiling a malicious assembler source file.
The updated packages are patched to correct the problem.
Updated vim packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: vim
Advisory ID: MDKSA-2005:003
Date: January 6th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Several "modeline"-related vulnerabilities were discovered in Vim by Ciaran McCreesh. The updated packages have been patched with Bram Moolenaar's vim 6.3.045 patch which fixes the reported vulnerabilities and adds more conservative "modeline" rights.
Updated wxGTK2 packages are available for Mandrakelinux 10.0 and 10.1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: wxGTK2
Advisory ID: MDKSA-2005:002
Date: January 6th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities:
iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code.
The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag.
iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CAN-2004-1308)
The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry.
The updated packages are patched to protect against these
vulnerabilities.
Updated libtiff packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: libtiff
Advisory ID: MDKSA-2005:001
Date: January 6th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
Several vulnerabilities have been discovered in the libtiff package:
iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code.
The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag.
iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CAN-2004-1308)
The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry.
The updated packages are patched to protect against these
vulnerabilities.
