A squid update is available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: squid
Advisory ID: MDKSA-2005:104
Date: June 24th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A bug was found in the way that Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall, it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content.

A pam_ldap security update has been released for Mandriva Linux 10.2

_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name: pam_ldap
Advisory ID: MDKA-2005:032
Date: June 24th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

This package fixes a bug that prevents password changes via pam_ldap from succeeding when configured to use the password type "exop" (via a "pam_password exop" entry in /etc/ldap.conf or the configuration file provided as an option in the pam configuration file) against a server which doens't allow exop password changes which include the old password (such as OpenLDAP 2.1.x).

The update applies the changes made between pam_ldap versions 174 and 175, and changes the behaviour for the "exop" password method to not send the old password. The behaviour that was exhibited by the original package may be obtained by changing the password method to "exop_send_old".

A sudo security update is available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: sudo
Advisory ID: MDKSA-2005:103
Date: June 21st, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A race condition was discovered in sudo by Charles Morris. This could lead to the escalation of privileges if /etc/sudoers allowed a user to execute selected programs that were then followed by another line containing the pseudo-command "ALL". By creating symbolic links at a certain time, that user could execute arbitrary commands.

The updated packages have been patched to correct this problem.

Mandriva today unveils the second version of its comprehensive infrastructure and security system: Multi Network Firewall.

Updated gedit packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gedit
Advisory ID: MDKSA-2005:102
Date: June 15th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A vulnerability was discovered in gEdit where it was possible for an attacker to create a file with a carefully crafted name which, when opened, executed arbitrary code on the victim's computer. It is highly unlikely that a user would open such a file, due to the file name, but could possibly be tricked into opening it.

The updated packages have been patched to correct this problem.

Updated tcpdump packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: tcpdump
Advisory ID: MDKSA-2005:101
Date: June 15th, 2005

Affected versions: 10.1, 10.2
______________________________________________________________________

Problem Description:

A Denial of Service vulnerability was found in tcpdump during the processing of certain network packages. Because of this flaw, it was possible for an attacker to inject a carefully crafted packet onto the network which would crash a running tcpdump session.

The updated packages have been patched to correct this problem. This problem does not affect at least tcpdump 3.8.1 and earlier.

Updated gaim packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gaim
Advisory ID: MDKSA-2005:099
Date: June 14th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

More vulnerabilities have been discovered in the gaim IM client. The first is a remote crash with the Yahoo! protocol (CAN-2005-1269) and the second is a remote DoS in the MSN protocol (CAN-2005-1934).

These problems have been corrected in gaim 1.3.1 which is provided with this update.

Updated rsh packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: rsh
Advisory ID: MDKSA-2005:100
Date: June 14th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server.

The updated packages have been patched to correct this problem.

Updated wget packages are available for Mandriva Linux
_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: wget
Advisory ID: MDKSA-2005:098
Date: June 9th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Two vulnerabilities were found in wget. The first is that an HTTP redirect statement could be used to do a directory traversal and write to files outside of the current directory. The second is that HTTP redirect statements could be used to overwrite dot ('.') files, potentially overwriting the user's configuration files (such as .bashrc, etc.).

The updated packages have been patched to help address these problems by replacing dangerous directories and filenames containing the dot ('.') character with an underscore ('_') character.

Updated cyrus-sasl packages are avilable for Mandriva Corporate 3.0
_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name: cyrus-sasl
Advisory ID: MDKA-2005:031
Date: June 8th, 2005

Affected versions: Corporate 3.0
______________________________________________________________________

Problem Description:

A problem was discovered in saslauthd (part of cyrus-sasl which handles the Simple Authentication and Security Layer (SASL)) when using the LDAP authentication mechanism. If the connection with the LDAP server was torn down (due to an idle timeout, for example), saslauthd would error immediately instead of trying again with the credentials it already has, causing the client application to display an error as if the password was incorrect.

Any administrators relying on saslauthd with LDAP authentication should upgrade their packages.

Mandriva is launching "Academia", a new all-in-one programme to the education world, which makes possible the deployment of a site-wide IT infrastructure at low cost.

Here the press-release from Mandriva:

June 8th, 2005 - Further empowering universities, schools and research institutions seeking to build upon Linux for their IT infrastructure, Mandriva launches the Academia program, the all-in-one, single-tier solution for educational institutions.

Updated a2ps packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: a2ps
Advisory ID: MDKSA-2005:097
Date: June 7th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

The fixps and psmandup scripts, part of the a2ps package, are vulnerable to symlink attacks which could allow a local attacker to overwrite arbitrary files. The updated packages have been patched to correct the problem.

Updated openssl packages are available for Mandriva Linux
_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: openssl
Advisory ID: MDKSA-2005:096
Date: June 6th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys (CAN-2005-0109). The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private key operations. The patch was designed to mitigate cache
timing and possibly related attacks.

Updated PostgreSQL packages are available for Mandriva Linux

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: postgresql
Advisory ID: MDKSA-2005:093
Date: May 26th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A number of vulnerabilities were found and corrected in the PostgreSQL DBMS:

Two serious security errors have been found in PostgreSQL 7.3 and newer releases. These errors at least allow an unprivileged database user to crash the backend process, and may make it possible for an unprivileged user to gain the privileges of a database superuser.

Functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument values. (CAN-2005-1409)

The contrib/tsearch2 module misdeclares several functions as returning type "internal" when they do not have any "internal" argument. This breaks the type safety of "internal" by allowing users to construct SQL commands that invoke other functions accepting "internal" arguments.
(CAN-2005-1410)

These vulnerabilities must also be fixed in all existing databases when upgrading. The post-installation script of the updated postgresql-server package attempts to do this automatically.

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1410
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
aeedc1072185c106fcafe2797a52302b 10.0/RPMS/libecpg3-7.4.1-2.5.100mdk.i586.rpm
d81d17fb9e13e0bb887f4663624c52e0 10.0/RPMS/libecpg3-devel-7.4.1-2.5.100mdk.i586.rpm
ec386e33401e002a09ac6c54aec9eaeb 10.0/RPMS/libpgtcl2-7.4.1-2.5.100mdk.i586.rpm
bafb74ea7dc4cd80996b249e2ce0a532 10.0/RPMS/libpgtcl2-devel-7.4.1-2.5.100mdk.i586.rpm
58ce2d043358b14d9f09cc2b5e952940 10.0/RPMS/libpq3-7.4.1-2.5.100mdk.i586.rpm
3d036161d3d50e02147a4f84b4d9200c 10.0/RPMS/libpq3-devel-7.4.1-2.5.100mdk.i586.rpm
bae8fa690bc501efddfda5f182981c7e 10.0/RPMS/postgresql-7.4.1-2.5.100mdk.i586.rpm
ab74642e890a5824208be7e0cb05352f 10.0/RPMS/postgresql-contrib-7.4.1-2.5.100mdk.i586.rpm
35fd0d594e8fab8822bfb7620877f919 10.0/RPMS/postgresql-devel-7.4.1-2.5.100mdk.i586.rpm
3f9c657ce179b9546789255b65f6c977 10.0/RPMS/postgresql-docs-7.4.1-2.5.100mdk.i586.rpm
02f3a3878d2fbf0666cc8aa5979064e6 10.0/RPMS/postgresql-jdbc-7.4.1-2.5.100mdk.i586.rpm
3ebe274bcb0914335abad73e246f36bb 10.0/RPMS/postgresql-pl-7.4.1-2.5.100mdk.i586.rpm
4b6bd61c9d7b9ce663a88f0c2e0d915a 10.0/RPMS/postgresql-server-7.4.1-2.5.100mdk.i586.rpm
79a2686235e0465f7dba8999ad177ec8 10.0/RPMS/postgresql-tcl-7.4.1-2.5.100mdk.i586.rpm
e18521d0a723f63f75864195618a540a 10.0/RPMS/postgresql-test-7.4.1-2.5.100mdk.i586.rpm
378f0e512dd7f333b587453755882383 10.0/SRPMS/postgresql-7.4.1-2.5.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
a03225fe2348b3c94b69a0cf024a72b4 amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.5.100mdk.amd64.rpm
b844f646558df72e9066e0dda8293ad0 amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.5.100mdk.amd64.rpm
4abf07522176fab45e3cedfa4ea486ab amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.5.100mdk.amd64.rpm
edadf59a66119ea2053cdaf1b706bae0 amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.5.100mdk.amd64.rpm
cacc38a0324383c5b5c1a7ede85e893a amd64/10.0/RPMS/lib64pq3-7.4.1-2.5.100mdk.amd64.rpm
781bd584c08364468c468e1f20ac024b amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.5.100mdk.amd64.rpm
01cc41dd346dbd97f902669aceadcbc1 amd64/10.0/RPMS/postgresql-7.4.1-2.5.100mdk.amd64.rpm
9e31560671ab5f98e667cc0ffef509ff amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.5.100mdk.amd64.rpm
d68cd3987e1fb07c85e8677a922aea57 amd64/10.0/RPMS/postgresql-devel-7.4.1-2.5.100mdk.amd64.rpm
66454d5034e732ef7d2cc6b0b86ff67b amd64/10.0/RPMS/postgresql-docs-7.4.1-2.5.100mdk.amd64.rpm
f1d6651b86cf725df5350b0152ca6a56 amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.5.100mdk.amd64.rpm
fb10823047b3ff5b55867c60dccb75fc amd64/10.0/RPMS/postgresql-pl-7.4.1-2.5.100mdk.amd64.rpm
33617c7b030b95f0665782ff6e66abaf amd64/10.0/RPMS/postgresql-server-7.4.1-2.5.100mdk.amd64.rpm
55f7443460141b83b1af9db28b3ed613 amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.5.100mdk.amd64.rpm
db4eaf039b41a3b72f4d2e634269ceb7 amd64/10.0/RPMS/postgresql-test-7.4.1-2.5.100mdk.amd64.rpm
378f0e512dd7f333b587453755882383 amd64/10.0/SRPMS/postgresql-7.4.1-2.5.100mdk.src.rpm

Mandrakelinux 10.1:
09606474acc279cf257c232276a80f6d 10.1/RPMS/libecpg3-7.4.5-4.3.101mdk.i586.rpm
8e4a27778ba55f2b2713c4ff03147b91 10.1/RPMS/libecpg3-devel-7.4.5-4.3.101mdk.i586.rpm
a8351c0abe59c0f668e73ddea0414b90 10.1/RPMS/libpgtcl2-7.4.5-4.3.101mdk.i586.rpm
b0821e8cd84d21680b99ef1d0f59e93b 10.1/RPMS/libpgtcl2-devel-7.4.5-4.3.101mdk.i586.rpm
c248b5409ec28142da7dd2c42b82bf7e 10.1/RPMS/libpq3-7.4.5-4.3.101mdk.i586.rpm
cc865b79edf26e5959e2d2c4f3303bdf 10.1/RPMS/libpq3-devel-7.4.5-4.3.101mdk.i586.rpm
b86715d30a1760abf186492dceedcd0b 10.1/RPMS/postgresql-7.4.5-4.3.101mdk.i586.rpm
02a611cfb25fa10b342d4c4e99166fb1 10.1/RPMS/postgresql-contrib-7.4.5-4.3.101mdk.i586.rpm
bc2d9475031ca568de4c523d5a732d0a 10.1/RPMS/postgresql-devel-7.4.5-4.3.101mdk.i586.rpm
63839ede6a4b8baa70a441567c42443f 10.1/RPMS/postgresql-docs-7.4.5-4.3.101mdk.i586.rpm
fe1ef871c021672de9fc5c0deaea3368 10.1/RPMS/postgresql-jdbc-7.4.5-4.3.101mdk.i586.rpm
c9a8be14fbf5a3a76aca31b6f13d9fc4 10.1/RPMS/postgresql-pl-7.4.5-4.3.101mdk.i586.rpm
a906c3ef7edb6c69b8da32b32857e64b 10.1/RPMS/postgresql-server-7.4.5-4.3.101mdk.i586.rpm
474ad52e73e70c6a68b6ba2d61f53b3c 10.1/RPMS/postgresql-tcl-7.4.5-4.3.101mdk.i586.rpm
2ffc7c3402f23607ec0d2178bfec0926 10.1/RPMS/postgresql-test-7.4.5-4.3.101mdk.i586.rpm
8241f1ad851b1ab1e6325f972db24d43 10.1/SRPMS/postgresql-7.4.5-4.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
5a60b5d1caa1a8d24d52bd1d64b9e6d7 x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.3.101mdk.x86_64.rpm
0938c879ccdc1385796005ab2697fc38 x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.3.101mdk.x86_64.rpm
40bbe3d1f9d72cb2b4a71f2345a9bf56 x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.3.101mdk.x86_64.rpm
26ea7696e0f3416e53fc5747f4bd38d6 x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.3.101mdk.x86_64.rpm
1ff13822321bfc41c82ee7b903c10958 x86_64/10.1/RPMS/lib64pq3-7.4.5-4.3.101mdk.x86_64.rpm
c76722085f68d98e442534ed52fc7b16 x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.3.101mdk.x86_64.rpm
b07617ff5b49437f34a54ddfea917d2c x86_64/10.1/RPMS/postgresql-7.4.5-4.3.101mdk.x86_64.rpm
d576aebbff57bdfaf4ecca953f6333b4 x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.3.101mdk.x86_64.rpm
a09f7ea1b574465a9c078e20aa876451 x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.3.101mdk.x86_64.rpm
5679dc9d250bfa18ce8822633dde80fc x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.3.101mdk.x86_64.rpm
272f98ec19d1762bcd1b9f4728a331a1 x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.3.101mdk.x86_64.rpm
5cbad6ef4166de69de826fe3b3ba0efc x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.3.101mdk.x86_64.rpm
16ecc03b01dccf331e4bb7be51f44fbf x86_64/10.1/RPMS/postgresql-server-7.4.5-4.3.101mdk.x86_64.rpm
3fdcab04553bb9120ba4b7d4993224fe x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.3.101mdk.x86_64.rpm
0584d593511c3ac5fb8a268d5e7ab83a x86_64/10.1/RPMS/postgresql-test-7.4.5-4.3.101mdk.x86_64.rpm
8241f1ad851b1ab1e6325f972db24d43 x86_64/10.1/SRPMS/postgresql-7.4.5-4.3.101mdk.src.rpm

Mandrakelinux 10.2:
61c64c9b20bb80fe6757a0e4c7894b63 10.2/RPMS/libecpg3-8.0.1-6.1.102mdk.i586.rpm
4de064827bb13edf67e412a4294bd533 10.2/RPMS/libecpg3-devel-8.0.1-6.1.102mdk.i586.rpm
0f45c58fc5230b807fbbd8ca6f5f2725 10.2/RPMS/libpq3-8.0.1-6.1.102mdk.i586.rpm
19a908b24da05da597f6b86203d872e7 10.2/RPMS/libpq3-devel-8.0.1-6.1.102mdk.i586.rpm
41d5f625312105ee64dd2befe0b70d7b 10.2/RPMS/postgresql-8.0.1-6.1.102mdk.i586.rpm
9dffbcad7032dfba00d12147e909b086 10.2/RPMS/postgresql-contrib-8.0.1-6.1.102mdk.i586.rpm
fd5ce05efcb9d7ddc11db907b4025424 10.2/RPMS/postgresql-devel-8.0.1-6.1.102mdk.i586.rpm
aca7525d2ecc366460634e9d8fb3fa42 10.2/RPMS/postgresql-docs-8.0.1-6.1.102mdk.i586.rpm
3fd2312905f4f176cc09772c54db330f 10.2/RPMS/postgresql-jdbc-8.0.1-6.1.102mdk.i586.rpm
9ad8301e937e88763788a025b4dfcead 10.2/RPMS/postgresql-pl-8.0.1-6.1.102mdk.i586.rpm
798f14f65e655b5bbb5b931a2a89faef 10.2/RPMS/postgresql-plperl-8.0.1-6.1.102mdk.i586.rpm
2b16d3bb6c09c87b07be760b5235f209 10.2/RPMS/postgresql-plpgsql-8.0.1-6.1.102mdk.i586.rpm
08fbc6c56c8f1c98b32a75c91615651d 10.2/RPMS/postgresql-plpython-8.0.1-6.1.102mdk.i586.rpm
5efe64db2293f1a2f2c000b16862a462 10.2/RPMS/postgresql-pltcl-8.0.1-6.1.102mdk.i586.rpm
392d86d0de31b2ac369db079d18e91d2 10.2/RPMS/postgresql-server-8.0.1-6.1.102mdk.i586.rpm
983ffbe5df3072aa1600192e0ad957fa 10.2/RPMS/postgresql-test-8.0.1-6.1.102mdk.i586.rpm
e0448322820d9d84bcb5b9634dd71f7a 10.2/SRPMS/postgresql-8.0.1-6.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
bb236f6a074b84ec758ab6e46d3265ef x86_64/10.2/RPMS/lib64ecpg3-8.0.1-6.1.102mdk.x86_64.rpm
90625e7c22b561141a1047b1d7c43529 x86_64/10.2/RPMS/lib64ecpg3-devel-8.0.1-6.1.102mdk.x86_64.rpm
12e0df06b9dbaeb2a937434f1b199b6a x86_64/10.2/RPMS/lib64pq3-8.0.1-6.1.102mdk.x86_64.rpm
51481227bf7a9e408179af112166813b x86_64/10.2/RPMS/lib64pq3-devel-8.0.1-6.1.102mdk.x86_64.rpm
eb8ff843ef146fc9695e71019c4c21e5 x86_64/10.2/RPMS/postgresql-8.0.1-6.1.102mdk.x86_64.rpm
eb81533aa4ceb19b2ad7f2625dccf711 x86_64/10.2/RPMS/postgresql-contrib-8.0.1-6.1.102mdk.x86_64.rpm
a3253f9558f17d3f774619fc64e6ab24 x86_64/10.2/RPMS/postgresql-devel-8.0.1-6.1.102mdk.x86_64.rpm
7199380968ebbac84c607d6be752bf7a x86_64/10.2/RPMS/postgresql-docs-8.0.1-6.1.102mdk.x86_64.rpm
2c20a3d479e0209932937566a17082a0 x86_64/10.2/RPMS/postgresql-jdbc-8.0.1-6.1.102mdk.x86_64.rpm
067014855679381323083143793d3e2b x86_64/10.2/RPMS/postgresql-pl-8.0.1-6.1.102mdk.x86_64.rpm
da9b74b4d0d1e9c838256fe37fa8de6b x86_64/10.2/RPMS/postgresql-plperl-8.0.1-6.1.102mdk.x86_64.rpm
06083864d339c8c01d3e7c025872b5bb x86_64/10.2/RPMS/postgresql-plpgsql-8.0.1-6.1.102mdk.x86_64.rpm
8104f8e470d2d5a727a23f0c14e17b23 x86_64/10.2/RPMS/postgresql-plpython-8.0.1-6.1.102mdk.x86_64.rpm
cc5ad304dfe9afdf37db8e52977c9c2a x86_64/10.2/RPMS/postgresql-pltcl-8.0.1-6.1.102mdk.x86_64.rpm
071540a64c49a0f683b7b01702ab8e2c x86_64/10.2/RPMS/postgresql-server-8.0.1-6.1.102mdk.x86_64.rpm
0284882f4a617159335d61d5ad5d9305 x86_64/10.2/RPMS/postgresql-test-8.0.1-6.1.102mdk.x86_64.rpm
e0448322820d9d84bcb5b9634dd71f7a x86_64/10.2/SRPMS/postgresql-8.0.1-6.1.102mdk.src.rpm

Corporate 3.0:
1084cc1f3a3da18bd773e6a54de4038f corporate/3.0/RPMS/libecpg3-7.4.1-2.5.C30mdk.i586.rpm
9baf7e49e166581c3c0e0b17c42b2c61 corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.5.C30mdk.i586.rpm
3653201f8d29ad836e1ee8a3f6171575 corporate/3.0/RPMS/libpgtcl2-7.4.1-2.5.C30mdk.i586.rpm
17dcd61c96b56c741114fab9ca780c3e corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.5.C30mdk.i586.rpm
2eb7ad8e0f230b038cb9046a80ddc299 corporate/3.0/RPMS/libpq3-7.4.1-2.5.C30mdk.i586.rpm
320aa6315ae8bacc4379b1404346ae44 corporate/3.0/RPMS/libpq3-devel-7.4.1-2.5.C30mdk.i586.rpm
5784c53a7932abda8d8343adcf08d350 corporate/3.0/RPMS/postgresql-7.4.1-2.5.C30mdk.i586.rpm
8a8c0a27c10485d7905946f9d87450aa corporate/3.0/RPMS/postgresql-devel-7.4.1-2.5.C30mdk.i586.rpm
6c5c1595e1e44818c46d2d3591b0b3bc corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.5.C30mdk.i586.rpm
59a9a365b643025a1165af9d392f5bbf corporate/3.0/RPMS/postgresql-server-7.4.1-2.5.C30mdk.i586.rpm
42f850d67cb9eabd30c72639d199d15c corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.5.C30mdk.i586.rpm
2c1a549736575e2ea17e8bc677a60d6b corporate/3.0/RPMS/postgresql-test-7.4.1-2.5.C30mdk.i586.rpm
1a5d1e1335c762cffdae8ef99f9ee8b0 corporate/3.0/SRPMS/postgresql-7.4.1-2.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
61cf52dae208a64c9d9a86f7f84e4715 x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.5.C30mdk.x86_64.rpm
4650e70174d13b7532bd2e3ce34bc7d2 x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.5.C30mdk.x86_64.rpm
75f69e6e12e87aea7f26d70fc98bd41a x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.5.C30mdk.x86_64.rpm
46a0b82d33e6c3039edc97df1e7c101d x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.5.C30mdk.x86_64.rpm
0e3f53f79b8c8a2ac40fd8a74c3e22ed x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.5.C30mdk.x86_64.rpm
8eb7832db36961e35882f7a6968285eb x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.5.C30mdk.x86_64.rpm
d2333ac12f0da54186d9d7cbad4cf0a8 x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.5.C30mdk.x86_64.rpm
86d61ab130fe5fc1a2eb4ac8a34e458d x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.5.C30mdk.x86_64.rpm
b3f04130766368997f072ad35d96fb05 x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.5.C30mdk.x86_64.rpm
18cf866bcff3fb0de49c96beb564023e x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.5.C30mdk.x86_64.rpm
5393b957bc89d366e87bd16c68dd828c x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.5.C30mdk.x86_64.rpm
31809ff793c8e22bfd8323e16b85580f x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.5.C30mdk.x86_64.rpm
1a5d1e1335c762cffdae8ef99f9ee8b0 x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.5.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Updated xine-lib packages are available for Mandriva Linux
_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: xine-lib
Advisory ID: MDKSA-2005:094
Date: May 26th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Two buffer overflow vulnerabilities were discovered in the MMS and Real RTSP stream handlers in the Xine libraries. If an attacker can trick a user to connect to a malicious MMS or RTSP video/audio stream source with any application using this library, they could crash the client and possibly even execute arbitrary code with the privileges of the user running the player program.

The updated packages have been patched to correct these problems.

A lsb-release update has been released for Mandriva Corporate 3.0
_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name: lsb-release
Advisory ID: MDKA-2005:030
Date: June 1st, 2005

Affected versions: Corporate 3.0
______________________________________________________________________

Problem Description:

The lsb-release package wasn't returning properly formatted information which is required to meet LSB requirements. The updated packages fix this.

Updated kdenetwork packages are available for Mandriva Linux 10.1
_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name: kdenetwork
Advisory ID: MDKA-2005:028-1
Date: June 1st, 2005
Original Advisory Date: May 24th, 2005
Affected versions: 10.1
______________________________________________________________________

Problem Description:

The MSN protocol has changed and as a result the MSN support in kopete no longer worked. This update fixes the issue.

Updated gdb packages are available for Mandriva Linux
_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: gdb
Advisory ID: MDKSA-2005:095
Date: May 30th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilites in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CAN-2005-1704).

He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CAN-2005-1705).

The updated packages have been patched to correct these problems.

Updated qt3 packages are available for Mandriva Linux 10.2
_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name: qt3
Advisory ID: MDKA-2005:029
Date: May 24th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

A problem exists in qmake where it won't accept certain arguments such as filenames with spaces in the name. The updated packages correct this problem.

Updated kdenetwork packages are available for Mandriva Linux 10.2
_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name: kdenetwork
Advisory ID: MDKA-2005:028
Date: May 24th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

The MSN protocol has changed and as a result the MSN support in kopete no longer worked. This update fixes the issue.