Updated samba packages has been released for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:035
Date: April 19th, 2004
Affected versions: 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was discovered in samba where a local user could use the smbmnt utility, which is shipped suid root, to mount a file share from a remote server which would contain a setuid program under the control of the user. By executing this setuid program, the local user could elevate their privileges on the local system.
The updated packages are patched to prevent this problem. The version of samba shipped with Mandrakelinux 10.0 does not have this problem.
Updated MySQL packages has been released for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: MySQL
Advisory ID: MDKSA-2004:034
Date: April 19th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the scripts.
The scripts have been patched in the updated packages to prevent this behaviour.
Updated xine-ui packages are available for Mandrakelinux 9.2 and 10.0
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: xine-ui
Advisory ID: MDKSA-2004:033
Date: April 19th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
Shaun Colley discovered a temporary file vulnerability in the xine-check script packaged in xine-ui. This problem could allow local attackers to overwrite arbitrary files with the privileges of the user invoking the script.
The updated packages change the location of where temporary files are written to prevent this attack.
Updated libneon packages has been released for Mandrakelinux 9.2 and 10.0
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: libneon
Advisory ID: MDKSA-2004:032
Date: April 19th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A number of various format string vulnerabilities were discovered in the error output handling of Neon, the HTTP and WebDAV client library, by Thomas Wana. These problems affect all versions of Neon from 0.19.0 up to and including 0.24.4.
All users are encouraged to upgrade. All client software using this library is affected.
Updated utempter packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: utempter
Advisory ID: MDKSA-2004:031
Date: April 19th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
Steve Grubb discovered two potential issues in the utempter program:
1) If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another important file, programs that have root privileges that do no further validation can then overwrite whatever the symlink pointed to.
2) Several calls to strncpy without a manual termination of the string. This would most likely crash utempter.
The updated packages are patched to correct these problems.
Updated tcpdump packages has been released for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: tcpdump
Advisory ID: MDKSA-2004:030
Date: April 14th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump. These vulnerabilities include:
Remote attackers can cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read. (CAN-2004-1083)
Integer underflow in the isakmp_id_print allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read. (CAN-2004-0184)
The updated packages are patched to correct these problems.
A kernel update has been released for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kernel
Advisory ID: MDKSA-2004:029
Date: April 14th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003).
A local root vulnerability was discovered in the isofs component of the Linux kernel by iDefense. This vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO filesystem, or attempting to access a file via a malformed symlink on such a filesystem (CAN-2004-0109).
An information leak was discovered in the ext3 filesystem code by Solar Designer. It was discovered that when creating or writing to an ext3 filesystem, some amount of other in-memory data gets written to the device. The data is not the file's contents, not something on the same filesystem, or even anything that was previously in a file at all. To obtain this data, a user needs to read the raw device (CAN-2004-0177).
The same vulnerability was also found in the XFS filesystem code (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181).
Finally, a vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CAN-2004-0178).
The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located at:
http://www.mandrakesecure.net/en/kernelupdate.php
Updated cvs packages has been released for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cvs
Advisory ID: MDKSA-2004:028
Date: April 14th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content on the local user's disk. This problem affects all versions of CVS prior to 1.11.15 which has fixed the problem.
The updated packages provide 1.11.14 with the pertinent fix for the problem.
Mandrakelinux 10.0 Official is now available. Here the press release:
Mandrakelinux 10.0 Official is available
Altadena, CA; Paris, France; April 14th 2004 - Mandrakesoft, publisher of the popular Linux distribution Mandrakelinux, today announce the availability of Mandrakelinux 10.0 Official, a full-featured operating system that includes a full suite of desktop and server applications. Mandrakelinux 10.0 Official is available for download to Mandrakeclub Members, and as part of Mandrakesoft's complete range of retail packs, now available for pre-order on www.mandrakestore.com and soon in retail stores (Suggested Retail Price for all products are shown below).
The second beta of Mandrakelinux 10.0 for AMD64 has been released
Download Download (Bittorrent)
Updated ipsec-tools packages has been released for Mandrakelinux 10.0
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ipsec-tools
Advisory ID: MDKSA-2004:027
Date: April 8th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
A very serious security flaw was discovered by Ralf Spenneberg in racoon, the IKE daemon of the KAME-tools. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to verify the client's signature.
All versions of ipsec-tools prior to 0.2.5 and 0.3rc5 are vulnerable to this issue. The provided package updates ipsec-tools to 0.2.5.
An updated mkinitrd package for Mandrakelinux 10.0 is available
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: mkinitrd
Advisory ID: MDKA-2004:018
Date: April 8th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
A problem in mkinitrd would cause it to fail when devfs is not in use. This problem, while still creating an initrd, would cause the system to attempt to create device files if booted without devfs, which would lead to segfault due to bug in dietlibc.
The updated packages have been patched to correct the problem.
Updated qt3 packages has been released for Mandrakelinux 10.0
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: qt3
Advisory ID: MDKA-2004:017
Date: April 7th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
A problem was found when displaying an image as fullscreen in kuickshow. Instead of displaying the image properly it would only show a 1x1 picture.
The updated packages fix the problem.
An updated kdeutils package has been released for Mandrakelinux 10.0
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: kdeutils
Advisory ID: MDKA-2004:016
Date: April 7th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
A problem in the kdeutils package prevented kgpg from working properly and as a result it was unable to edit an encrypted message in kgpg. The updated packages correct this problem.
Updated kdenetwork packages has been released for Mandrakelinux 10.0
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: kdenetwork
Advisory ID: MDKA-2004:015
Date: April 7th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
The knewsticker applet was unable to add RSS source feeds. This update corrects this problem.
Updated fileutils/coreutils packages has been released for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: fileutils
Advisory ID: MDKA-2004:014
Date: April 6th, 2004
Affected versions: 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
The version of ls bundled with fileutils and, in later versions of Mandrakelinux, coreutils would segfault on listing directories with a large number of files in them, on the amd64 platform.
The updated packages correct the problem.
Updated mplayer packages are available for Mandrake Linux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: mplayer
Advisory ID: MDKSA-2004:026
Date: April 5th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header.
The updated packages contain a patch from the MPlayer development team to correct the problem.
Updated squid packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: squid
Advisory ID: MDKSA-2004:025
Date: March 30th, 2004
Affected versions: 9.1, 9.2, 10.0, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was discovered in squid version 2.5.STABLE4 and earlier with the processing of %-encoded characters in a URL. If a squid configuration uses ACLs (Access Control Lists), it is possible for a remote attacker to create URLs that would not be properly tested against squid's ACLs, potentially allowing clients to access URLs that would otherwise be disallowed.
As well, the provided packages for Mandrake Linux 9.2 and 9.1 include a new Access Control type called "urllogin" which can be used to protect vulnerable Microsoft Internet Explorer clients from accessing URLs that contain login information. While this Access Control type is available, it is not used in the default configuration.
The updated packages are patched to protect against these vulnerabilities.
Updated ethereal packages are available for Mandrakelinux 9.1 and 9.2
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ethereal
Advisory ID: MDKSA-2004:024
Date: March 30th, 2004
Affected versions: 9.1, 9.2
______________________________________________________________________
Problem Description:
A number of serious issues have been discovered in versions of Ethereal prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors. Jonathan Heusser discovered that a carefully-crafted RADIUS packet could cause Ethereal to crash. It was also found that a zero-length Presentation protocol selector could make Ethereal crash. Finally, a corrupt color filter file could cause a segmentation fault. It is possible, through the exploitation of some of these vulnerabilities, to cause Ethereal to crash or run arbitrary code by injecting a malicious, malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.
The updated packages bring Ethereal to version 0.10.3 which is not vulnerable to these issues.
Good news from Mandrakesoft:
