Updated squid packages are avaiable for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: squid
Advisory ID: MDKSA-2005:078
Date: April 28th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. (CAN-2005-0194)
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. (CAN-2005-0626)
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previosuly freed memory. (CAN-2005-0718)
In addition, due to subtle bugs in the previous backported updates of squid (Bugzilla #14209), all the squid-2.5 versions have been updated to squid-2.5.STABLE9 with all the STABLE9 patches from the squid developers.
The updated packages are patched to fix these problems.
An updated rpmdrake package has been released for Mandriva Linux 10.2
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: rpmdrake
Advisory ID: MDKA-2005:019
Date: April 28th, 2005
Affected versions: 10.2
______________________________________________________________________
Problem Description:
There was a bug in the Software Media Manager where it couldn't correctly handle the "limited" string in /etc/release. Updated packages correct this issue.
Updated ldetect-lst packages are available for Mandrivalinux 10.2
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: ldetect-lst
Advisory ID: MDKA-2005:018
Date: April 28th, 2005
Affected versions: 10.2
______________________________________________________________________
Problem Description:
An updated ldetect-lst package provides support for the XBook modem.
Updated cdrecord packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: cdrecord
Advisory ID: MDKSA-2005:077
Date: April 20th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
Javier Fernandez-Sanguino Pena discovered that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), a symbolic link attack could be used to create or overwrite arbitrary files with the privileges of the user invoking cdrecord. Please note that by default this configuration file does not exist in Mandriva Linux so unless you create it and enable DEBUG, this does not affect you.
The updated packages have been patched to correct these issues.
Updated xli packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: xli
Advisory ID: MDKSA-2005:076
Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-characters are not properly escaped (CAN-2005-0638). It was also found that insufficient validation of image properties could potentially result in buffer management errors (CAN-2005-0639).
The updated packages have been patched to correct these problems.
Updated gnome-vfs2 packages are available for Manddriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gnome-vfs2
Advisory ID: MDKSA-2005:074
Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the gnome-vfs2 code.
The updated packages have been patched to correct these issues.
Updated libcdaudio1 packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: libcdaudio1
Advisory ID: MDKSA-2005:075
Date: April 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. This same vulnerability is present in the libcdaudio1 code.
The updated packages have been patched to correct these issues.
Updated cvs packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: cvs
Advisory ID: MDKSA-2005:073
Date: April 20th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A buffer overflow and memory access problem in CVS have been discovered by the CVS maintainer. The updated packages have been patched to correct the problem.
Updated php packages has been released for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: php
Advisory ID: MDKSA-2005:072
Date: April 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities are addressed in this PHP update:
Stefano Di Paolo discovered integer overflows in PHP's pack(), unpack(), and shmop_write() functions which could allow a malicious script to break out of safe mode and execute arbitray code with privileges of the PHP interpreter (CAN-2004-1018; this was previously fixed in Mandrakelinux >= 10.0 in MDKSA-2004:151).
Stefan Esser discovered two safe mode bypasses which would allow malicious scripts to circumvent path restrictions by using virtual_popen() with a current directory containing shell meta- characters (CAN-2004-1063) or by creating a specially crafted directory whose length exceeded the capacity of realpath() (CAN-2004-1064; both of these were previously fixed in Mandrakelinux >= 10.0 in MDKSA-2004:151).
Two Denial of Service vulnerabilities were found in the getimagesize() function which uses the format-specific internal functions php_handle_iff() and php_handle_jpeg() which would get stuck in infinite loops when certain (invalid) size parameters are read from the image (CAN-2005-0524 and CAN-2005-0525).
An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP's EXIF module. EXIF tags with a specially crafted "Image File Directory" (IFD) tag would cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the PHP server (CAN-2005-1042).
Another vulnerability in the EXIF module was also discovered where headers with a large IFD nesting level would cause an unbound recursion which would eventually overflow the stack and cause the executed program to crash (CAN-2004-1043).
All of these issues are addressed in the Corporate Server 2.1 packages and the last three issues for all other platforms, which had previously included the first two issues but had not been mentioned in MDKSA-2004:151.
Updated kdelibs packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: kdelibs
Advisory ID: MDKA-2005:017
Date: April 18th, 2005
Affected versions: 10.1
______________________________________________________________________
Problem Description:
New kdelibs packages are available to address various bugs. The details are as follows.
- fix webdav+auth
- Don't crash when js is disable
- fix khtml kde bug #86973
- fix khtml kde bug #76434
- fix khtml kde bug #66591
- fix khtml kde bug #93035
- fix khtml kde bug #81393
- fix khtml kde bug #88727
- fix khtml kde bug #99854
Updated gaim packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gaim
Advisory ID: MDKSA-2005:071
Date: April 13th, 2005
Affected versions: 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
More vulnerabilities have been discovered in the gaim instant messaging client:
A buffer overflow vulnerability was found in the way that gaim escapes HTML, allowing a remote attacker to send a specially crafted message to a gaim client and causing it to crash (CAN-2005-0965).
A bug was discovered in several of gaim's IRC processing functions that fail to properly remove various markup tags within an IRC message. This could allow a remote attacker to send specially crafted message to a gaim client connected to an IRC server, causing it to crash (CAN-2005-0966).
Finally, a problem was found in gaim's Jabber message parser that would allow a remote Jabber user to send a specially crafted message to a gaim client, bausing it to crash (CAN-2005-0967).
Gaim version 1.2.1 is not vulnerable to these issues and is provided with this update.
Updated MySQL packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2005:070
Date: April 12th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A vulnerability in MySQL would allow a user with grant privileges to a database with a name containing an underscore character ("_") to have the ability to grant privileges to other databases with similar names. This problem was previously discovered and fixed, but a new case where the problem still existed was recently discovered.
The updated packages have been patched to correct this issue.
The first Mandriva Linux release is now available.
Mandriva Linux Limited Edition 2005 is a transitional release which provides all the best and up to date open source applications to power-users, 32-bit/64-bit trouble-free coexistence, capability to boot from a USB key and many other features, with an excellent stability.
It's available right now for Mandriva Club Members and contributors, and as a DVD through Mandriva Online Store (http://www.mandrivastore.com)
Here the full press release:
Updated gdk-pixbuf packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gdk-pixbuf
Advisory ID: MDKSA-2005:069
Date: April 7th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
A bug was discovered in the way that gdk-pixbuf processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gdk-pixbuf.
The updated packages have been patched to correct these issues.
Updated sharutil packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: sharutils
Advisory ID: MDKSA-2005:067
Date: April 7th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
Shaun Colley discovered a buffer overflow in shar that was triggered by output files (using -o) with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code.
Ulf Harnhammar discovered that shar does not check the data length returned by the wc command.
Joey Hess discovered that unshar would create temporary files in an insecure manner which could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user using unshar.
The updated packages have been patched to correct these issues.
Updated gtk+2.0 packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gtk+2.0
Advisory ID: MDKSA-2005:068
Date: April 7th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0.
The updated packages have been patched to correct these issues.
Updated shorewall packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: shorewall
Advisory ID: MDKA-2005:016
Date: April 7th, 2005
Affected versions: 10.1
______________________________________________________________________
Problem Description:
The shorewall package is being updated to provide appropriate bogons information and other minor fixes.
A press release from Mandrakesoft:
It's been in the air for a few weeks...
After spending weeks balancing pros and cons, Mandrakesoft has decided to change its name!
The name change will apply worldwide to both the company and its products. The management team sees two good reasons for this change:
1. The recent Mandrakesoft - Conectiva merger calls for a new identity that better represents the combination of two key companies and their global presence.
2. The long-winding trademark lawsuit with Hearst Corporation has reached a point where we decided it is more reasonable for us to move forward. By adopting a new name, we eliminate the liability attached to the Mandrakesoft name and we can focus on what is important to us: developing and delivering great technology and solutions to both our customers and our user community.
We will endeavor to build even stronger brand recognition in our new name. So what is the new name?
Updated grip packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: grip
Advisory ID: MDKSA-2005:066
Date: April 1st, 2005
Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow bug was found by Dean Brettle in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine.
The updated packages have been patched to correct these issues.
Updated ImageMagick packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ImageMagick
Advisory ID: MDKSA-2005:065
Date: April 1st, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim's machine provided they could trick them into opening a file with a special name (CAN-2005-0397).
As well, Andrei Nigmatulin discovered a heap-based buffer overflow in ImageMagick's image handler. An attacker could create a special PhotoShop Document (PSD) image file in such a way that it would cause ImageMagick to execute arbitray code when processing the image (CAN-2005-0005).
Other vulnerabilities were discovered in ImageMagick versions prior to 6.0:
A bug in the way that ImageMagick handles TIFF tags was discovered. It was possible that a TIFF image with an invalid tag could cause ImageMagick to crash (CAN-2005-0759).
A bug in ImageMagick's TIFF decoder was discovered where a specially- crafted TIFF image could cause ImageMagick to crash (CAN-2005-0760).
A bug in ImageMagick's PSD parsing was discovered where a specially- crafted PSD file could cause ImageMagick to crash (CAN-2005-0761).
Finally, a heap overflow bug was discovered in ImageMagick's SGI parser. If an attacker could trick a user into opening a specially- crafted SGI image file, ImageMagick would execute arbitrary code (CAN-2005-0762).
The updated packages have been patched to correct these issues.
