Updated gzip packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gzip
Advisory ID: MDKSA-2005:092
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
Several vulnerabilities have been discovered in the gzip package:
Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. (CAN-2005-0758)
A race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip file allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. (CAN-2005-0988)
A directory traversal vulnerability via "gunzip -N" in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. (CAN-2005-1228)
Updated packages are patched to address these issues.
Updated rpmdrake packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: rpmdrake
Advisory ID: MDKA-2005:027
Date: May 18th, 2005
Affected versions: 10.2
______________________________________________________________________
Problem Description:
A bug in rpmdrake prevented it from showing the reason for an update when it was invoked by the mdkonline applet. This update corrects that problem.
Updated bzip2 packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: bzip2
Advisory ID: MDKSA-2005:091
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A race condition in the file permission restore code of bunzip2 was discovered by Imran Ghory. While a user was decompressing a file, a local attacker with write permissions to the directory containing the compressed file could replace the target file with a hard link which would cause bunzip2 to restore the file permissions of the original file to the hard link target. This could be exploited to gain read or write access to files of other users (CAN-2005-0953).
A vulnerability was found where specially crafted bzip2 archives would cause an infinite loop in the decompressor, resulting in an indefinitively large output file (also known as a "decompression bomb"). This could be exploited to cause a Denial of Service attack on the host computer due to disk space exhaustion (CAN-2005-1260).
The provided packages have been patched to correct these issues.
Updated nasm packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: nasm
Advisory ID: MDKSA-2005:090
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A buffer overflow in nasm was discovered by Josh Bressers. If an attacker could trick a user into assembling a malicious source file, they could use this vulnerability to execute arbitrary code with the privileges of the user running nasm.
The provided packages have been patched to correct these issues.
A cdrdao update is available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: cdrdao
Advisory ID: MDKSA-2005:089
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
The cdrdao package contains two vulnerabilities; the first allows local users to read arbitrary files via the show-data command and the second allows local users to overwrite arbitrary files via a symlink attack on the ~/.cdrdao configuration file. This can also lead to elevated privileges (a root shell) due to cdrdao being installed suid root.
The provided packages have been patched to correct these issues.
Updated kdebase packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: kdebase
Advisory ID: MDKA-2005:026
Date: May 16th, 2005
Affected versions: 10.2
______________________________________________________________________
Problem Description:
The following fixes have been applied to the kdebase package:
- fix kcontrol kde bug #71484
- fix kioslave/fish kde bug #69333
- fix kcontrol/randr crash
- fix ksysguard activate gui
- fix kwin kde bug #97031
- Update bookmarks for mandriva club
Updated drakxtools packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: drakxtools
Advisory ID: MDKA-2005:025
Date: May 16th, 2005
Affected versions: 10.2
______________________________________________________________________
Problem Description:
Three hardware-related bugs were discovered in the drakxtools package:
A test to determine if there was at least one PCMCIA controller was flawed and resulted in disabling PCMCIA support on each boot.
While probing for extra PCI serial controllers, all serial drivers were mistakenly loaded rather than just the serial drivers related to the PCI cards installed in the computer.
Finally, harddrake now detects SATA and RAID controllers (both SATA and SCSI) in their own category. This makes it so that hwdb will not fill the IDE category with SATA controllers.
The updated packages correct these issues.
Updated mozilla packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: mozilla
Advisory ID: MDKSA-2005:088
Date: May 13th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A number of security vulnerabilities were fixed in the Mozilla Firefox 1.0.4 and Mozilla Suite 1.7.8 releases. Patches have been backported where appropriate; Corporate 3.0 is receiving the new Mozilla Suite 1.7.8 release.
Updated tcpdump packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: tcpdump
Advisory ID: MDKSA-2005:087
Date: May 11th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of Denial of Service vulnerabilities were discovered in the way that tcpdump processes certain network packets. If abused, these flaws can allow a remote attacker to inject a carefully crafted packet onto the network, crashing tcpdump.
The provided packages have been patched to correct these issues.
Updated gaim packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gaim
Advisory ID: MDKSA-2005:086
Date: May 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
More vulnerabilities have been found in the gaim instant messaging client. A stack-based buffer overflow bug was found in how gaim processes a message containing a URL; a remote attacker could send a carefully crafted message to cause the execution of arbitrary code on the user's machine (CAN-2005-1261).
Another bug was found in how gaim handles malformed MSN messages; an attacker could send a carefully crafted MSN message that would cause gaim to crash (CAN-2005-1262).
Gaim version 1.3.0 fixes these issues and is provided with this update.
Updated kdelibs packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: kdelibs
Advisory ID: MDKSA-2005:085
Date: May 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow in the PCX decoder of kimgio was discovered by Bruno Rohee. If an attacker could trick a user into loading a malicious PCX image with any KDE application, he could cause the execution of arbitrary code with the privileges of the user opening the image.
The provided packages have been patched to correct this issue.
In addition, the LE2005 packages contain fixes to configuring email into kbugreport, fixing a KDE crasher bug, fixing a kicondialog bug, a KHTML bug, and a knewsticker export symbol problem.
Updated gnutls packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gnutls
Advisory ID: MDKSA-2005:084
Date: May 12th, 2005
Affected versions: 10.1, 10.2
______________________________________________________________________
Problem Description:
Two vulnerabilities were discovered in the GnuTLS library. The first is a vulnerability in the way GnuTLS does record packet parsing; the second is a flaw in the RSA key export functionality. These could be exploited by a remote attacker to cause a Denial of Service to any program using the GnuTLS library.
The provided packages have been patched to correct these issues.
Updated ethereal packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: ethereal
Advisory ID: MDKSA-2005:083
Date: May 10th, 2005
Affected versions: 10.1, 10.2
______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in previous version of Ethereal that have been fixed in the 0.10.11 release, including:
- The ANSI A and DHCP dissectors are vulnerable to format string vulnerabilities.
- The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP and Presentation dissectors are vulnerable to buffer overflows.
- The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB NETLOGON dissectors are vulnerable to pointer handling errors.
- The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and L2TP dissectors are vulnerable to looping problems.
- The Telnet and DHCP dissectors could abort.
- The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a segmentation fault.
- The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2, RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.
- The DICOM, NDPS and ICEP dissectors are vulnerable to memory handling errors.
- The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP dissectors could terminate abnormallly.
Updated OpenOffice.org packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: OpenOffice.org
Advisory ID: MDKSA-2005:082
Date: May 6th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
AD-LAB discovered a heap overflow in the StgCompObjStream::Load() function when OpenOffice.org processes DOC documents. If an attacker created a malicious DOC document that contained a specially crafted header, it could execute arbitrary code with the rights of the user running OpenOffice.org.
The updated packages have been patched to prevent this problem.
Updated XFree86/XOrg packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: XFree86
Advisory ID: MDKSA-2005:081
Date: May 5th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files.
The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files.
An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library.
Updated packages are patched to correct all these issues.
Updated pwauth packages are available for Mandriva 10.2
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: pwauth
Advisory ID: MDKA-2005:023
Date: May 4th, 2005
Affected versions: 10.2
______________________________________________________________________
Problem Description:
A bug in the pwauth package prevented it from working with apache because it assumes that apache has a static uid of 48, whereas apache's uid is dynamically assigned at install-time.
The updated package have been fixed to allow pwauth to work with apache regardless of the uid.
Updated libxpm4 packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: xpm
Advisory ID: MDKSA-2005:080
Date: April 28th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files.
An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library.
Updated packages are patched to correct all these issues.
Updated perl packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: perl
Advisory ID: MDKSA-2005:079
Date: April 28th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
Paul Szabo discovered another vulnerability in the rmtree() function in File::Path.pm. While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree.
The provided packages have been patched to resolve this problem.
An updated lsb package has been released for Mandriva Corporate 3.0
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: lsb
Advisory ID: MDKA-2005:020
Date: April 28th, 2005
Affected versions: Corporate 3.0
______________________________________________________________________
Problem Description:
The lsb package is being updated to provide corrected install_initd, remove_initd scripts and correct the package provides.
A patched chkconfig is also included in this advisory, to handle LSB style init scripts.
An updated mdkonline package has been released for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: mdkonline
Advisory ID: MDKA-2005:022
Date: April 28th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
With the change of the distribution to Mandriva, and the various domain name changes, it is necessary to update mdkonline to point to the correct servers. Updated packages resolve this issue.
