Updated cpio packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: cpio
Advisory ID: MDKSA-2005:116-1
Date: July 19th, 2005
Original Advisory Date: July 11th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
A race condition has been found in cpio 2.6 and earlier which allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete (CAN-2005-1111).
A vulnerability has been discovered in cpio that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. cpio will extract to the path specified in the cpio file, this path can be absolute (CAN-2005-1229).
Update:
The previous packages had a problem upgrading due to an unresolved issue with tar and rmt. These packages correct the problem.
Updated nss_ldap/pam_ldap packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: nss_ldap
Advisory ID: MDKSA-2005:121
Date: July 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
Rob Holland, of the Gentoo Security Audit Team, discovered that pam_ldap and nss_ldap would not use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the "ssl start_tls" setting in ldap.conf.
As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0 has been fixed that caused crond, and other applications, to crash as a result of clients receiving a SIGPIPE signal when attempting to issue a new search request to a directory server that is no longer available.
The updated packages have been patched to address this issue.
Updated mozilla-firefox packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: mozilla-firefox
Advisory ID: MDKSA-2005:120
Date: July 13th, 2005
Affected versions: 10.2
______________________________________________________________________
Problem Description:
A number of vulnerabilities were reported and fixed in Firefox 1.0.5 and Mozilla 1.7.9. The following vulnerabilities have been backported and patched for this update:
Updated krb5 packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: krb5
Advisory ID: MDKSA-2005:119
Date: July 13th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
A number of vulnerabilities have been corrected in this Kerberos
update:
The rcp protocol would allow a server to instruct a client to write to arbitrary files outside of the current directory. The Kerberos-aware rcp could be abused to copy files from a malicious server (CAN-2004-0175).
Gael Delalleau discovered an information disclosure vulnerability in the way some telnet clients handled messages from a server. This could be abused by a malicious telnet server to collect information from the environment of any victim connecting to the server using the Kerberos- aware telnet client (CAN-2005-0488).
Daniel Wachdorf disovered that in error conditions that could occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory, which could cause the KDC to crash resulting in a Denial of Service (CAN-2005-1174).
Daniel Wachdorf also discovered a single-byte heap overflow in the krb5_unparse_name() function that could, if successfully exploited, lead to a crash, resulting in a DoS. To trigger this flaw, an attacker would need to have control of a Kerberos realm that shares a cross- realm key with the target (CAN-2005-1175).
Finally, a double-free flaw was discovered in the krb5_recvauth() routine which could be triggered by a remote unauthenticated attacker. This issue could potentially be exploited to allow for the execution of arbitrary code on a KDC. No exploit is currently known to exist (CAN-2005-1689).
The updated packages have been patched to address this issue and Mandriva urges all users to upgrade to these packages as quickly as possible.
Updated ruby packages has been released for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: ruby
Advisory ID: MDKSA-2005:118
Date: July 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A vulnerability was discovered in ruby version 1.8 that could allow for the execution of arbitrary commands on a server running the ruby xmlrpc server.
The updated packages have been patched to address this issue.
A dhcpcd update has been released for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: dhcpcd
Advisory ID: MDKSA-2005:117
Date: July 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
"infamous42md" discovered that the dhcpcd DHCP client could be tricked into reading past the end of the supplied DHCP buffer, which could lead to the daemon crashing.
The updated packages have been patched to address this issue.
Updated cpio packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: cpio
Advisory ID: MDKSA-2005:116
Date: July 11th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A race condition has been found in cpio 2.6 and earlier which allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. (CAN-2005-1111)
A vulnerability has been discovered in cpio that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. Cpio will extract to the path specified in the cpio file, this path can be absolute. (CAN-2005-1229)
The updated packages have been patched to address both of these issues.
Updated clamav packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: clamav
Advisory ID: MDKSA-2005:113
Date: July 11th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack.
The updated packages have been patched to correct the problem.
Updated leafnode packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: leafnode
Advisory ID: MDKSA-2005:114
Date: July 11th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A number of vulnerabilities in the leafnode NNTP server package have been found:
A vulnerability in the fetchnews program that could under some circumstances cause a wait for input that never arrives, which in turn would cause fetchnews to hang (CAN-2004-2068).
Two vulnerabilities in the fetchnews program can cause fetchnews to crash when the upstream server closes the connection and leafnode is receiving an article header or an article body, which prevent leafnode from querying other servers that are listed after that particular server in the configuration file (CAN-2005-1453).
Finally, another vulnerability in the fetchnews program could also cuase a wait for input that never arrives, causing fetchnews to hang (CAN-2005-1911).
The updated packages have been patched to correct this problem.
Updated mplayer packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: mplayer
Advisory ID: MDKSA-2005:115
Date: July 11th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Two heap overflows were discovered in mplayer's code handling the RealMedia RTSP and Microsoft Media Services streams over TCP (MMST). These vulnerabilities could allow for a malicious server to execute arbitrary code on the client computer with the permissions of the user running MPlayer.
The updated packages have been patched to correct this problem.
Updated drakxtools packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: drakxtools
Advisory ID: MDKA-2005:034
Date: July 11th, 2005
Affected versions: 10.0, Corporate 3.0
______________________________________________________________________
Problem Description:
Three bugs have been corrected in the drakxtools package:
drakfirewall: The port range syntax has been corrected for samba. (#16604)
drakfont: Uninstalling fonts has been fixed. (#9324)
drakbackup: The application has been patched to correctly deal with
directory names that contain spaces, as well as add more
restrictive permissions on the backup tarballs. (#12861)
The updated packages correct these issues.
A zlib security update has been released for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: zlib
Advisory ID: MDKSA-2005:112
Date: July 6th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core.
The updated packages have been patched to correct this problem.
Updated 2.4 kernel packages are availaable for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: kernel-2.4
Advisory ID: MDKSA-2005:111
Date: June 30th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following have been fixed in the 2.4 kernels:
Updated 2.6 kernel packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: kernel
Advisory ID: MDKSA-2005:110
Date: June 30th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel:
Updated php-pear packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: php-pear
Advisory ID: MDKSA-2005:109
Date: June 30th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A vulnerability was discovered by GulfTech Security in the PHP XML RPC project. This vulnerability is considered critical and can lead to remote code execution. The vulnerability also exists in the PEAR XMLRPC implementation.
Mandriva ships with the PEAR XMLRPC implementation and it has been patched to correct this problem. It is advised that users examine the PHP applications they have installed on their servers for any applications that may come bundled with their own copies of the PEAR system and either patch RPC.php or use the system PEAR (found in /usr/share/pear).
Updates have been released for some popular PHP applications such as WordPress and Serendipity and users are urged to take all precautions to protect their systems from attack and/or defacement by upgrading their applications from the authors of the respective applications.
Updated squirrelmail packages are available for Mandriva Corporate 3.0
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: squirrelmail
Advisory ID: MDKSA-2005:108
Date: June 30th, 2005
Affected versions: Corporate 3.0
______________________________________________________________________
Problem Description:
The SquirrelMail PHP package is vulnerable to a number of cross-site scripting problems, most of which were reported by Martijn Brinkers. If an attacker could get a user to read a specially-crafted email or using a manipulated URL, they could execute arbitrary scripts running in the context of the victim's browser, which could lead to cookie theft, compromise of the user's webmail, etc.
The updated packages have been patched to correct these problems.
Mandriva today announces a new support contract with MACIF, a major personal insurance company in Europe, with a total of 4.5 million subscribers.
All details about this deal are available on:
http://images.mandriva.com/mdksoft/pdf/PR-macif-en.pdf (PDF)
http://www.mandriva.com/company/press/pr?n=/pr/business/2558 (HTML)
Updated ImageMagick packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: ImageMagick
Advisory ID: MDKSA-2005:107
Date: June 28th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A heap-based buffer overflow was found in the way that ImageMagick parses PNM files. If an attacker can trick a victim into opening a specially crafted PNM file, the attacker could execute arbitrary code on the victim's machine (CAN-2005-1275).
As well, a Denial of Service vulnerability was found in the way that ImageMagick parses XWD files. If a user or program executed ImageMagick to process a malicious XWD file, ImageMagick will enter info an infinite loop causing a DoS (CAN-2005-1739).
The updated packages have been patched to fix these issues.
A spamassassin security update is available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: spamassassin
Advisory ID: MDKSA-2005:106
Date: June 28th, 2005
Affected versions: 10.1, 10.2
______________________________________________________________________
Problem Description:
A Denial of Service bug was discovered in SpamAssassin. An attacker could construct a particular message that would cause SpamAssassin to consume CPU resources. If a large number of these messages were sent, it could lead to a DoS. SpamAssassin 3.0.4 was released to correct this vulnerability, as well as other minor bug fixes, and is provided with this update.
For full details on the changes from previous versions of SpamAssassin to this current version, please refer to the online documentation at
http://wiki.apache.org/spamassassin/NextRelease.
Updated dbus packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: dbus
Advisory ID: MDKSA-2005:105
Date: June 24th, 2005
Affected versions: 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
Dan Reed discovered a vulnerability in the D-BUS system for sending messages between applications. He found that a user can send and listen to messages on another user's per-user session bus if they knew the address of the socket.
The updated packages have been patched to correct this problem.
