%package squid Updated: Tue Mar 30 11:11:12 2004 Importance: security %pre A vulnerability was discovered in squid version 2.5.STABLE4 and earlier with the processing of %-encoded characters in a URL. If a squid configuration uses ACLs (Access Control Lists), it is possible for a remote attacker to create URLs that would not be properly tested against squid's ACLs, potentially allowing clients to access URLs that would otherwise be disallowed. As well, the provided packages for Mandrake Linux 9.2 and 9.1 include a new Access Control type called "urllogin" which can be used to protect vulnerable Microsoft Internet Explorer clients from accessing URLs that contain login information. While this Access Control type is available, it is not used in the default configuration. The updated packages are patched to protect against these vulnerabilities. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package libdha0.1 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Updated: Mon Apr 05 14:38:47 2004 Importance: security %pre A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header. The updated packages contain a patch from the MPlayer development team to correct the problem. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer9/Codecs %package kdenetwork kdenetwork-common kdenetwork-kdict kdenetwork-kget kdenetwork-knewsticker kdenetwork-kopete kdenetwork-kppp kdenetwork-krfb kdenetwork-ksirc kdenetwork-ktalk kdenetwork-kwifimanager libkdenetwork2-common libkdenetwork2-common-devel libkdenetwork2-knewsticker libkdenetwork2-kopete libkdenetwork2-kopete-devel libkdenetwork2-ksirc libkdenetwork2-kwifimanager lisa Updated: Wed Apr 7 10:29:44 2004 Importance: bugfix %pre The knewsticker applet was unable to add RSS source feeds. This update corrects this problem. %description Networking applications for the K Desktop Environment. - kdict: graphical client for the DICT protocol. - kit: AOL instant messenger client, using the TOC protocol - knewsticker: RDF newsticker applet - kpf: public fileserver applet - ksirc: IRC client - ktalkd: talk daemon - lanbrowsing: lan browsing kio slave - krfb: Desktop Sharing server, allow others to access your desktop via VNC - krdc: a client for Desktop Sharing and other VNC servers %package kdeutils kdeutils-ark kdeutils-common kdeutils-kcalc kdeutils-kcharselect kdeutils-kdepasswd kdeutils-kdessh kdeutils-kdf kdeutils-kedit kdeutils-kfloppy kdeutils-kgpg kdeutils-khexedit kdeutils-kjots kdeutils-ksim kdeutils-ktimer kdeutils-kwalletmanager libkdeutils1-ark libkdeutils1-common libkdeutils1-common-devel libkdeutils1-kcalc libkdeutils1-kedit libkdeutils1-ksim libkdeutils1-ksim-devel Updated: Wed Apr 7 10:29:44 2004 Importance: bugfix %pre A problem in the kdeutils package prevented kgpg from working properly and as a result it was unable to edit an encrypted message in kgpg. The updated packages correct this problem. %description Utilities for the K Desktop Environment. - ark: manager for compressed files and archives - kcalc: scientific calculator - kcharselect: select special characters from any fonts and put them into the clipboard - charselectapplet: dito, but as a Kicker applet - kcardtools: - kdepasswd: like 'passwd', a graphical password changer - kdessh: front end to ssh - kdf: like 'df', a graphical free disk space viewer - kedit: a simple text editor, without formatting like bold, italics etc - kfloppy: format a floppy disks with this app - khexedit: binary file editor - kjots: manages several "books" with a subject and notes - klaptopdaemon: battery and power management, including KControl plugins - kregexpeditor: graphical regular expression editor - ktimer: execute programs after some time %package libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql qt3-common qt3-example Updated: Wed Apr 7 10:29:44 2004 Importance: bugfix %pre A problem was found when displaying an image as fullscreen in kuickshow. Instead of displaying the image properly it would only show a 1x1 picture. The updated packages fix the problem. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package mkinitrd Updated: Thu Apr 08 09:40:48 2004 Importance: bugfix %pre A problem in mkinitrd would cause it to fail when devfs is not in use. This problem, while still creating an initrd, would cause the system to attempt to create device files if booted without devfs, which would lead to segfault due to bug in dietlibc. The updated packages have been patched to correct the problem. %description Mkinitrd creates filesystem images for use as initial ramdisk (initrd) images. These ramdisk images are often used to preload the block device modules (SCSI or RAID) needed to access the root filesystem. In other words, generic kernels can be built without drivers for any SCSI adapters which load the SCSI driver as a module. Since the kernel needs to read those modules, but in this case it isn't able to address the SCSI adapter, an initial ramdisk is used. The initial ramdisk is loaded by the operating system loader (normally LILO) and is available to the kernel as soon as the ramdisk is loaded. The ramdisk image loads the proper SCSI adapter and allows the kernel to mount the root filesystem. The mkinitrd program creates such a ramdisk using information found in the /etc/modules.conf file. %package ipsec-tools libipsec-tools0 Updated: Thu Apr 08 09:40:48 2004 Importance: security %pre A very serious security flaw was discovered in racoon, the IKE daemon of the KAME-tools by Ralf Spenneberg. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to verify the client's signature. All versions of ipsec-tools prior to 0.2.5 and 0.3rc5 are vulnerable to this issue. The provided package updates ipsec-tools to 0.2.5. %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %package cvs Updated: Wed Apr 14 11:11:12 2004 Importance: security %pre Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content on the local user's disk. This problem affects all versions of CVS prior to 1.11.15 which has fixed the problem. The updated packages provide 1.11.14 with the pertinent fix for the problem. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package kernel-2.4.25.3mdk kernel-enterprise-2.4.25.3mdk kernel-smp-2.4.25.3mdk kernel-i686-up-4GB-2.4.25.3mdk kernel-p3-smp-64GB-2.4.25.3mdk kernel-source kernel-2.6.3.8mdk kernel-enterprise-2.6.3.8mdk kernel-secure-2.6.3.8mdk kernel-smp-2.6.3.8mdk kernel-i686-up-4GB-2.6.3.8mdk kernel-p3-smp-64GB-2.6.3.8mdk kernel-source kernel-source-stripped Updated: Wed Apr 14 11:11:12 2004 Importance: security %pre A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003). A local root vulnerability was discovered in the isofs component of the Linux kernel by iDefense. This vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO filesystem, or attempting to access a file via a malformed symlink on such a filesystem (CAN-2004-0109). An information leak was discovered in the ext3 filesystem code by Solar Designer. It was discovered that when creating or writing to an ext3 filesystem, some amount of other in-memory data gets written to the device. The data is not the file's contents, not something on the same filesystem, or even anything that was previously in a file at all. To obtain this data, a user needs to read the raw device (CAN-2004-0177). The same vulnerability was also found in the XFS filesystem code (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181). Finally, a vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CAN-2004-0178). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package tcpdump Updated: Wed Apr 14 11:31:59 MDT 2004 Importance: security %pre A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump. These vulnerabilities include: Remote attackers can cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read. (CAN-2004-1083) Integer underflow in the isakmp_id_print allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read. (CAN-2004-0184) The updated packages are patched to correct these problems. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package utempter libutempter0 libutempter0-devel Updated: Mon Apr 19 06:36:09 2004 Importance: security %pre Steve Grubb discovered two potential issues in the utempter program: 1) If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another important file, programs that have root privileges that do no further validation can then overwrite whatever the symlink pointed to. 2) Several calls to strncpy without a manual termination of the string. This would most likely crash utempter. The updated packages are patched to correct these problems. %description Utempter is a utility which allows some non-privileged programs to have required root access without compromising system security. Utempter accomplishes this feat by acting as a buffer between root and the programs. %package libneon0.24 libneon0.24-devel libneon0.24-static-devel Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre A number of various format string vulnerabilities were discovered in the error output handling of Neon, the HTTP and WebDAV client library, by Thomas Wana. These problems affect all versions of Neon from 0.19.0 up to and including 0.24.4. All users are encouraged to upgrade. All client software using this library is affected. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package xine-ui xine-ui-aa xine-ui-fb Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre Shaun Colley discovered a temporary file vulnerability in the xine-check script packaged in xine-ui. This problem could allow local attackers to overwrite arbitrary files with the privileges of the user invoking the script. The updated packages change the location of where temporary files are written to prevent this attack. %description xine is a free GPL-licensed video player for UNIX-like systems. User interface for the X Window system. %package libmysql12 libmysql12-devel MySQL MySQL-Max MySQL-bench MySQL-client MySQL-common Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the scripts. The scripts have been patched in the updated packages to prevent this behaviour. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package xchat xchat-perl xchat-python xchat-tcl Updated: Wed Apr 21 10:03:59 2004 Importance: security %pre A remotely exploitable vulnerability was discovered in the Socks-5 proxy code in XChat. By default, socks5 traversal is disabled, and one would also need to connect to an attacker's own custom proxy server in order for this to be exploited. Successful exploitation could lead to arbitrary code execution as the user running XChat. The provided packages are patched to prevent this problem. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package kernel-2.4.25.4mdk kernel-enterprise-2.4.25.4mdk kernel-smp-2.4.25.4mdk kernel-i686-up-4GB-2.4.25.4mdk kernel-p3-smp-64GB-2.4.25.4mdk kernel-source kernel-2.6.3.9mdk kernel-enterprise-2.6.3.9mdk kernel-secure-2.6.3.9mdk kernel-smp-2.6.3.9mdk kernel-i686-up-4GB-2.6.3.9mdk kernel-p3-smp-64GB-2.6.3.9mdk kernel-source kernel-source-stripped Updated: Tue Apr 27 09:31:05 2004 Importance: security %pre A vulnerability was found in the framebuffer driver of the 2.6 kernel. This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229) A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels. (CAN-2004-0424) There is a minor issue with the static buffer in 2.4 kernel's panic() function. Although it's a possibly buffer overflow, it most like not exploitable due to the nature of panic(). (CAN-2004-0394) In do_fork(), if an error occurs after the mm_struct for the child has been allocated, it is never freed. The exit_mm() meant to free it increments the mm_count and this count is never decremented. (For a running process that is exitting, schedule() takes care this; however, the child process being cleaned up is not running.) In the CLONE_VM case, the parent's mm_struct will get an extra mm_count and so it will never be freed. This issue is present in both 2.4 and 2.6 kernels. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package rpmdrake park-rpmdrake Updated: Wed Apr 28 12:02:22 2004 Importance: bugfix %pre When MandrakeUpdate was unable to retrieve the hdlist or the synthesis file from an update medium, it used to continue without alerting the user. Now MandrakeUpdate will alert the user and indicate to them to retry the operation later or to delete and re-add the medium in case the directory layout has changed. %description rpmdrake is a simple graphical frontend to manage software packages on a Mandrakelinux system; it has 3 different modes: - software packages installation; - software packages removal; - MandrakeUpdate (software packages updates). A fourth program manages the media (add, remove, edit). %package shorewall shorewall-doc Updated: Wed Apr 28 12:02:22 2004 Importance: bugfix %pre This new version of shorewall provides updated RFC1918 and bogons files that are needed for proper operation of the firewall. %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package sysklogd Updated: Wed Apr 28 12:02:22 2004 Importance: security %pre Steve Grubb discovered a bug in sysklogd where it allocates an insufficient amount of memory which causes sysklogd to write to unallocated memory. This could allow for a malicious user to crash sysklogd. The updated packages provide a patched sysklogd using patches from OpenWall to correct the problem and also corrects the use of an unitialized variable (a previous use of "count"). %description The sysklogd package contains two system utilities (syslogd and klogd) which provide support for system logging. Syslogd and klogd run as daemons (background processes) and log system messages to different places, like sendmail logs, security logs, error logs, etc. %package libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql qt3-common qt3-example Updated: Wed Apr 28 14:18:34 2004 Importance: security %pre Using qprinter with cups was impossible because qprinter was trying to load "libcups.so" rather than "libcups.so.2". The updated packages correct this problem. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package mc Updated: Thu Apr 29 13:41:38 2004 Importance: security %pre There are a number of vulnerablities in the midnight commander program. This includes several buffer overflows, as well as a format string issue and an issue with temporary file creation. Most of the included fixes are backports from CVS, done by Andrew V. Samoilov and Pavel Roskin. The updated packages are patched to correct these problems. %description Midnight Commander is a visual shell much like a file manager, only with way more features. It is text mode, but also includes mouse support if you are running GPM. Its coolest feature is the ability to ftp, view tar, zip files, and poke into RPMs for specific files. :-) %package libpng3 libpng3-devel libpng3-static-devel Updated: Thu Apr 29 13:41:38 2004 Importance: security %pre Steve Grubb discovered that libpng would access memory that is out of bounds when creating an error message. The impact of this bug is not clear, but it could lead to a core dump in a program using libpng, or could result in a DoS (Denial of Service) condition in a daemon that uses libpng to process PNG imagaes. The updated packages are patched to correct the vulnerability. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package proftpd proftpd-anonymous Updated: Fri Apr 30 12:14:06 2004 Importance: security %pre A portability workaround that was applied in version 1.2.9 of the ProFTPD FTP server caused CIDR based ACL entries in "Allow" and "Deny" directives to act like an "AllowAll" directive. This granted FTP clients access to files and directories that the server configuration may have been explicitly denying. This problem only exists in version 1.2.9 and has been fixed upstream. A patch has been applied to correct the problem. %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package rsync Updated: Mon May 10 09:17:05 2004 Importance: security %pre Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this problem. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Mon May 10 09:17:05 2004 Importance: security %pre A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The updated packages provide a patched mod_ssl to correct these problems. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package kdepim kdepim-common kdepim-kaddressbook kdepim-karm kdepim-kmail kdepim-knode kdepim-knotes kdepim-kontact kdepim-korganizer kdepim-korn kdepim-kpilot libkdepim2-common libkdepim2-common-devel libkdepim2-kaddressbook libkdepim2-kaddressbook-devel libkdepim2-kmail libkdepim2-kmail-devel libkdepim2-knode libkdepim2-knode-devel libkdepim2-kontact libkdepim2-kontact-devel libkdepim2-korganizer libkdepim2-korganizer-devel libkdepim2-kpilot libkdepim2-kpilot-devel Updated: Mon May 10 10:09:51 2004 Importance: bugfix %pre When kaddressbook is called from kmail, an endless loop would occur if kaddressbook was already open. This update fixes the problem. %description Information Management applications for the K Desktop Environment. - kaddressbook: The KDE addressbook application. - kandy: sync phone book entries between your cell phone and computer ("kandy" comes from "Handy", the german word used for a cellular) - korganizer: a calendar-of-events and todo-list manager - kpilot: to sync with your PalmPilot - kalarm: gui for setting up personal alarm/reminder messages - kalarmd: personal alarm/reminder messages daemon, shared by korganizer and kalarm. - kaplan: A shell for the PIM apps, still experimental. - karm: Time tracker. - kitchensync: Synchronisation framework, still under heavy development. - kfile-plugins: vCard KFIleItem plugin. - knotes: yellow notes application - konsolecalendar: Command line tool for accessing calendar files. - kmail: universal mail client - kmailcvt: converst addressbooks to kmail format %package lsb-release Updated: Mon May 17 06:15:40 2004 Importance: bugfix %pre /etc/lsb-release still had data referencing the 9.2 release and the old Mandrakesoft naming. %description LSB version query program This program forms part of the required functionality of the LSB (Linux Standard Base) specification. The program queries the installed state of the distribution to display certain properties such as the version of the LSB against which the distribution claims compliance as well. It can also attempt to display the name and release of the distribution along with an identifier of who produces the distribution. %package passwd Updated: Mon May 17 11:18:10 2004 Importance: security %pre Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed as well. The updated packages are patched to correct these problems. %description The passwd package contains a system utility (passwd) which sets and/or changes passwords, using PAM (Pluggable Authentication Modules). To use passwd, you should have PAM installed on your system. %package libuser libuser1 libuser1-devel libuser-python Updated: Mon May 17 11:18:10 2004 Importance: security %pre Steve Grubb discovered a number of problems in the libuser library that can lead to a crash in applications linked to it, or possibly write 4GB of garbage to the disk. The updated packages provide a patched libuser to correct these problems. %description The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. %package apache apache-devel apache-modules apache-source Updated: Mon May 17 11:18:10 2004 Importance: security %pre Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CAN-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a "AuthDigestRealmSeed" secret exposed as an MD5 checksum (CAN-2004-0987). mod_acces in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CAN-2003-0993). Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CAN-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Tue May 18 12:45:32 2004 Importance: security %pre A vulnerability in the Opera web browser was identified by iDEFENSE; the same type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI handlers do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. This can allow remote attackers to create or truncate arbitrary files. The updated packages contain patches provided by the KDE team to fix this problem. %description Libraries for the K Desktop Environment. %package cvs Updated: Wed May 19 09:32:59 2004 Importance: security %pre Stefan Esser discovered that malformed "Entry" lines in combination with Is-modified and Unchanged can be used to overflow malloc()ed memory in a way that can be remotely exploited. The updated packages contain a patch to correct the problem. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package libneon0.24 libneon-devel0.24 libneon-static-devel0.24 Updated: Wed May 19 09:32:59 2004 Importance: security %pre It was discovered that in portions of neon, sscanf() is used in an unsafe manner. This will result in an overflow of a static heap variable. The updated packages provide a patched libneon to correct these problems. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package apache-mod_perl mod_perl-common mod_perl-devel HTML-Embperl Updated: Wed May 19 21:03:55 2004 Importance: security %pre Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available. %description Apache is a powerful, full-featured, efficient and freely-available Web server. mod_perl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Mod_perl links the Perl runtime library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a quicker CGI script turnaround process, since no external Perl interpreter has to be started. This package contains Apache with mod_perl linked statically. It also contains a statically linked HTML::Embperl module, but you need the separate HTML-Embperl package to activate it. %package mkinitrd-net Updated: Thu May 20 15:02:04 2004 Importance: bugfix %pre The include-modules script in the mkinitrd-net package has a debugging statement, "basename: $basename" left in it, which causes problems in booting a client machine. This update had been built back in March, but never made it into the distribution. %description mkinitrd-net allows you to build initial ramdisk images (initrds) suitable for use with Etherboot and other network-booting software. This package contains two main utilities: mkinitrd-net (to build an initrd containing a specified set of network-card modules) and mknbi (to generate Etherboot-usable NBI images from a given kernel and initrd). It also contains a helper script mknbi-set which will maintain sets of initrds to match all your currently-installed kernels. mkinitrd-net uses code from the uClibc, busybox, udhcp and Etherboot projects. %package kernel-2.4.25.5mdk kernel-enterprise-2.4.25.5mdk kernel-smp-2.4.25.5mdk kernel-i686-up-4GB-2.4.25.5mdk kernel-p3-smp-64GB-2.4.25.5mdk kernel-source kernel-2.6.3.13mdk kernel-enterprise-2.6.3.13mdk kernel-secure-2.6.3.13mdk kernel-smp-2.6.3.13mdk kernel-i686-up-4GB-2.6.3.13mdk kernel-p3-smp-64GB-2.6.3.13mdk kernel-source kernel-source-stripped Updated: Fri May 21 10:14:44 2004 Importance: security %pre Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel (CAN-2004-0228). As well, a permissions problem existed on some SCSI drivers; a fix from Olaf Kirch is provided that changes the mode from 0777 to 0600. This update also provides a 10.0/amd64 kernel with fixes for the previous MDKSA-2004:037 advisory as well as the above-noted fixes. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesosft.com/kernelupdate %package mailman Updated: Wed May 26 09:12:18 2004 Importance: security %pre Mailman versions >= 2.1 have an issue where 3rd parties can retrieve member passwords from the server. The updated packages have a patch backported from 2.1.5 to correct the issue. %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain %package kolab-server Updated: Wed May 26 11:34:00 2004 Importance: security %pre Luca Villani reported the disclosure of critical configuration information within Kolab, the KDE Groupware server. The affected versions store OpenLDAP passwords in plain text. The heart of Kolab is an engine written in Perl that rewrites configuration for certain applications based on templates. The build() function in the engine left slapd.conf world-readable exhibiting the OpenLDAP root password. %description Kolab is the KDE Groupware Server that provides full groupware features to either KDE Kolab clients or Microsoft Outlook[tm] clients running on Windows[tm] using the Konsec Konnector http://www.konsec.com. In addition it is a robust and flexible general imap mail server with LDAP addressbook and nice web gui for administration. %package libpostfix1 postfix postfix-ldap postfix-mysql postfix-pcre postfix-pgsql Updated: Wed May 26 11:34:00 2004 Importance: bugfix %pre The Postfix 2.1.1 official release provides completely revised documentation and some minor bugfixes. %description Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. This rpm supports SMTP AUTH (trough cyrus-sasl) and TLS. If you need MySQL, Postgres SQL, LDAP, PCRE please install the corresponding postfix-XXX package Build time options: Smtpd multiline greeting: --with multiline 0 Munge bare CR: --with barecr 0 TLS support: --with tls 1 Chroot by default: --with chroot 1 %package mandrake-doc-common mandrake-doc-de mandrake-doc-drakxtools-de mandrake-doc-drakxtools-en mandrake-doc-drakxtools-es mandrake-doc-drakxtools-fr mandrake-doc-drakxtools-it mandrake-doc-drakxtools-zh_cn mandrake-doc-en mandrake-doc-es mandrake-doc-fr mandrake-doc-it mandrake-doc-zh_cn Updated: Wed May 26 11:34:00 2004 Importance: normal %pre Updated Mandrakelinux documentation is available with the latest updates for the 10.0 release as well as new translations. %description This package contains some useful documentation for Mandrakelinux systems. This documentation is directly accessible through the desktop (the "Documentation" icon). It includes many manuals ranging from Installation Guide to Server Reference Manual. %package mdkonline Updated: Tue Jun 01 09:20:49 2004 Importance: bugfix %pre Mdkonline as shipped in 10.0 has some issues comparing squid release versions. This package is a mandatory upgrade to get fully functional Mandrake Online services. %description The MandrakeOnline tool is designed for registered users who want to upload their configuration (packages, hardware infos). This allows them to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * MandrakeOnline wizard for users registration and configuration uploads, * Mdkupdate daemon which allows you to install security updates automatically, * Mdkapplet which is a KDE/Gnome applet for security updates notification and installation. %package xpcd xpcd-gimp Updated: Tue Jun 01 09:31:15 2004 Importance: security %pre A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar. xpcd-svga uses svgalib to display graphics on the console and it would copy user-supplied data of an arbitrary length into a fixed-size buffer in the pcd_open function. As well, Steve Kemp previously discovered a buffer overflow in xpcd-svga that could be triggered by a long HOME environment variable, which could be exploited by a local attacker to obtain root privileges. The updated packages resolve these vulnerabilities. %description This is a PhotoCD tool collection. The main application - xpcd - is a comfortable, X11-based PhotoCD decoding/viewing program. Also included pcdtoppm, which is a command line based PhotoCD-to-PPM/JPEG converter. %package mod_ssl Updated: Tue Jun 01 09:31:15 2004 Importance: security %pre A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Tue Jun 01 09:53:23 2004 Importance: security %pre A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package drakxtools drakxtools-http drakxtools-newt harddrake harddrake-ui Updated: Wed Jun 2 05:40:43 2004 Importance: bugfix %pre - authentication: install autofs for nis authentication (florin & fcrozat) - diskdrake: disable package instead of removing nfs-utils or samba-server (when "diskdrake --fileshare" disables a export kind) (pixel, #9804) - drakbackup: fix dropped .txt files when running mkisofs (stew) (Anthill #799) o late breaking typo fix in tape restore (Federico Belvisi) o use binary mode for ftp, fix gui issues in restore - drakconnect: o prevent identification mismatch on ethtool results (#9669) o fix card name lookup when driver does not support GDRVINFO command from ETHTOOL ioctl and there's only one card managed by this driver o fallback on sysfs in order to get driver and card description when ethtool is not supported (eg: ipw2100 driver for intel centrino) - drakfirewall: handle BitTorrent (robert vojta) - drakTermServ: add /etc/modprobe* mount points for client hardware config (stew) - keyboardrake (pablo): o support more keyboards o Nepali uses devanagari script - localedrake: handle Latgalian language (pablo) - net_monitor: ignore sit0 %description Contains many Mandrakelinux applications simplifying users and administrators life on a Mandrakelinux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package perl-Libconf perl-Libconf-gui perl-Libconf-samples Updated: Wed Jun 2 05:40:43 2004 Importance: bugfix %pre - authentication: install autofs for nis authentication (florin & fcrozat) - diskdrake: disable package instead of removing nfs-utils or samba-server (when "diskdrake --fileshare" disables a export kind) (pixel, #9804) - drakbackup: fix dropped .txt files when running mkisofs (stew) (Anthill #799) o late breaking typo fix in tape restore (Federico Belvisi) o use binary mode for ftp, fix gui issues in restore - drakconnect: o prevent identification mismatch on ethtool results (#9669) o fix card name lookup when driver does not support GDRVINFO command from ETHTOOL ioctl and there's only one card managed by this driver o fallback on sysfs in order to get driver and card description when ethtool is not supported (eg: ipw2100 driver for intel centrino) - drakfirewall: handle BitTorrent (robert vojta) - drakTermServ: add /etc/modprobe* mount points for client hardware config (stew) - keyboardrake (pablo): o support more keyboards o Nepali uses devanagari script - localedrake: handle Latgalian language (pablo) - net_monitor: ignore sit0 %description Libconf is a wrapper to the main configuration files of the system. It's mainly a generic parser plus many templates %package ftp-client-krb5 ftp-server-krb5 libkrb51-devel libkrb51 krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Thu Jun 03 11:14:09 2004 Importance: security %pre Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges. In order to exploit this flaw, an attacker must first successfully authenticate to a vulnerable service, which must be configured to enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname, which is not a default configuration. Mandrakesoft encourages all users to upgrade to these patched krb5 packages. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package tripwire Updated: Mon Jun 7 11:39:46 2004 Importance: security %pre Paul Herman discovered a format string vulnerability in tripwire that could allow a local user to execute arbitrary code with the rights of the user running tripwire (typically root). This vulnerability only exists when tripwire is generating an email report. %description Tripwire is a very valuable security tool for Linux systems, if it is installed to a clean system. Tripwire should be installed right after the OS installation, and before you have connected your system to a network (i.e., before any possibility exists that someone could alter files on your system). When Tripwire is initially set up, it creates a database that records certain file information. Then when it is run, it compares a designated set of files and directories to the information stored in the database. Added or deleted files are flagged and reported, as are any files that have changed from their previously recorded state in the database. When Tripwire is run against system files on a regular basis, any file changes will be spotted when Tripwire is run. Tripwire will report the changes, which will give system administrators a clue that they need to enact damage control measures immediately if certain files have been altered. Extra-paranoid Tripwire users will set it up to run once a week and e-mail the results to themselves. Then if the e-mails stop coming, you'll know someone has gotten to the Tripwire program... After installing this package, you should run "/etc/tripwire/twinstall.sh" to generate cryptographic keys, and "tripwire --init" to initialize the database. %package cvs Updated: Wed Jun 9 09:08:12 2004 Importance: security %pre Another vulnerability was discovered related to "Entry" lines in cvs, by the development team (CAN-2004-0414). As well, Stefan Esser and Sebastian Krahmer performed an audit on the cvs source code and discovered a number of other problems, including: A double-free condition in the server code is exploitable (CAN-2004-0416). By sending a large number of arguments to the CVS server, it is possible to cause it to allocate a huge amount of memory which does not fit into the address space, causing an error (CAN-2004-0417). It was found that the serve_notify() function would write data out of bounds (CAN-2004-0418). The provided packages update cvs to 1.11.16 and include patches to correct all of these problems. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package squid Updated: Wed Jun 9 09:08:12 2004 Importance: security %pre A vulnerability exists in squid's NTLM authentication helper. This buffer overflow can be exploited by a remote attacker by sending an overly long password, thus overflowing the buffer and granting the ability to execute arbitrary code. This can only be exploited, however, if NTLM authentication is used. NTLM authentication is built by default in Mandrakelinux packages, but is not enabled in the default configuration. The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided packages are patched to fix this problem. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package ksymoops Updated: Thu Jun 10 10:35:08 2004 Importance: security %pre Geoffrey Lee discovered a problem with the ksymoops-gznm script distributed with Mandrakelinux. The script fails to do proper checking when copying a file to the /tmp directory. Because of this, a local attacker can setup a symlink to point to a file that they do not have permission to remove. The problem is difficult to exploit because someone with root privileges needs to run ksymoops on a particular module for which a symlink for the same filename already exists. %description The Linux kernel produces error messages that contain machine specific numbers which are meaningless for debugging. ksymoops reads machine specific files and the error log and converts the addresses to meaningful symbols and offsets. %package dhcp-client dhcp-common dhcp-devel dhcp-relay dhcp-server Updated: Tue Jun 22 08:47:59 2004 Importance: security %pre A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable server with the permissions of the user running DHCPD, which is usually root. A similar vulnerability also exists in the way ISC's DHCPD makes use of the vsnprintf() function on system that do not support vsnprintf(). This vulnerability could also be used to execute arbitrary code and/or perform a DoS attack. The vsnprintf() statements that have this problem are defined after the vulnerable code noted above, which would trigger the previous problem rather than this one. Thanks to Gregory Duchemin and Solar Designer for discovering these flaws. The updated packages contain 3.0.1rc14 which is not vulnerable to these problems. Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable to these issues. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package kernel-2.4.25.6mdk kernel-enterprise-2.4.25.6mdk kernel-smp-2.4.25.6mdk kernel-i686-up-4GB-2.4.25.6mdk kernel-p3-smp-64GB-2.4.25.6mdk kernel-source kernel-2.6.3.14mdk kernel-enterprise-2.6.3.14mdk kernel-secure-2.6.3.14mdk kernel-smp-2.6.3.14mdk kernel-i686-up-4GB-2.6.3.14mdk kernel-p3-smp-64GB-2.6.3.14mdk kernel-source kernel-source-stripped Updated: Wed Jun 23 10:12:05 2004 Importance: security %pre A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and earlier was discovered. The e1000 driver does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory (CAN-2004-0535). A vulnerability was also discovered in the kernel were a certain C program would trigger a floating point exception that would crash the kernel. This vulnerability can only be triggered locally by users with shell access (CAN-2004-0554). To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package initscripts Updated: Fri Jun 25 09:46:59 2004 Importance: bugfix %pre A number of bugs have been corrected in this updated initscripts package: A bug in the lang.sh and lang.csh files would overwrite locales every time they were launched; the ifdown-aliases script did not work properly; translated keys were not used during fsck question at boot; usb was not being fully loaded if certain usb devices were pre-loaded prior to calling the usb initscript; a bug in checking the loopback filesystems has also been addressed. The updated packages fix this problems. %description The initscripts package contains the basic system scripts used to boot your Mandrakelinux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package libpng3 libpng3-devel libpng3-static-devel Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. This vulnerability was initially patched in January of 2003, but it has since been noted that fixes were required in two additional places that had not been corrected with the earlier patch. This update uses an updated patch to fix all known issues. After the upgrade, all applications that use libpng should be restarted. Many applications are linked to libpng, so if you are unsure of what applications to restart, you may wish to reboot the system. Mandrakesoft encourages all users to upgrade immediately. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package libapr0 apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow. The updated packages contain a patch from the ASF to correct the problem. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ("service httpd stop" and "service httpd start" respectively). %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package apache apache-devel apache-modules apache-source Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A buffer overflow vulnerability was found by George Guninski in Apache's mod_proxy module, which can be exploited by a remote user to potentially execute arbitrary code with the privileges of an httpd child process (user apache). This can only be exploited, however, if mod_proxy is actually in use. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ("service httpd stop" and "service httpd start" respectively). %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package kernel-2.4.25.7mdk kernel-enterprise-2.4.25.7mdk kernel-smp-2.4.25.7mdk kernel-i686-up-4GB-2.4.25.7mdk kernel-p3-smp-64GB-2.4.25.7mdk kernel-source kernel-2.6.3.15mdk kernel-enterprise-2.6.3.15mdk kernel-secure-2.6.3.15mdk kernel-smp-2.6.3.15mdk kernel-i686-up-4GB-2.6.3.15mdk kernel-p3-smp-64GB-2.6.3.15mdk kernel-source kernel-source-stripped Updated: Tue Jul 7 09:15:12 2004 Importance: security %pre A number of vulnerabilities were discovered in the Linux kernel that are corrected with this update: Multiple vulnerabilities were found by the Sparse source checker that could allow local users to elevate privileges or gain access to kernel memory (CAN-2004-0495). Missing Discretionary Access Controls (DAC) checks in the chown(2) system call could allow an attacker with a local account to change the group ownership of arbitrary files, which could lead to root privileges on affected systems (CAN-2004-0497). An information leak vulnerability that affects only ia64 systems was fixed (CAN-2004-0565). Insecure permissions on /proc/scsi/qla2300/HbaApiNode could allow a local user to cause a DoS on the system; this only affects Mandrakelinux 9.2 and below (CAN-2004-0587). A vulnerability that could crash the kernel has also been fixed. This crash, however, can only be exploited via root (in br_if.c). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package ethereal Updated: Fri Jul 09 12:43:53 2004 Importance: security %pre Three vulnerabilities were discovered in Ethereal versions prior to 0.10.5 in the iSNS, SMB SID, and SNMP dissectors. It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet into the wire or by convincing someone to read a malformed packet trace file. These vulnerabilities have been corrected in Ethereal 0.10.5. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package php-cgi php-cli php432-devel libphp_common432 Updated: Wed Jul 14 13:51:21 2004 Importance: security %pre Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memory_limit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of allowed tags within PHP's strip_tags() function. This could lead to a number of XSS issues on sites that rely on strip_tags(); this only seems to affect the Internet Explorer and Safari browsers. The updated packages have been patched to correct the problem and all users are encouraged to upgrade immediately. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package freeswan super-freeswan super-freeswan-doc Updated: Wed Jul 14 13:51:21 2004 Importance: security %pre Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws. %description The basic idea of IPSEC is to provide security functions (authentication and encryption) at the IP (Internet Protocol) level. It will be required in IP version 6 (better known as IPng, the next generation) and is optional for the current IP, version 4. FreeS/WAN is a freely-distributable implementation of IPSEC protocol. This package has the x509 patch applied (www.strongsec.com) For kernel with this freeswan version, please check the main distro or http://people.mandrakesoft.com/~florin/www/rpms/cooker/rpms/i586/ %package ipsec-tools libipsec-tools0 Updated: Wed Jul 14 13:51:21 2004 Importance: security %pre A vulnerability in racoon prior to version 20040408a would allow a remote attacker to cause a DoS (memory consumption) via an ISAKMP packet with a large length field. Another vulnerability in racoon was discovered where, when using RSA signatures, racoon would validate the X.509 certificate but would not validate the signature. This can be exploited by an attacker sending a valid and trusted X.509 certificate and any private key. Using this, they could perform a man-in-the-middle attack and initiate an unauthorized connection. This has been fixed in ipsec-tools 0.3.3. The updated packages contain patches backported from 0.3.3 to correct the problem. %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel nss_wins samba-client samba-common samba-doc samba-passdb-mysql samba-passdb-xml samba-server samba-swat samba-winbind Updated: Thu Jul 22 06:47:28 2004 Importance: security %pre A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial attribute value when using the ldapsam passdb backend, and to decode input given to the ntlm_auth tool. This vulnerability only exists in Samba versions 3.0.2 or later; the 3.0.5 release fixes the vulnerability. Systems using SWAT, the ldapsam passdb backend, and tose running winbindd and allowing third- party applications to issue authentication requests via ntlm_auth tool should upgrade immediately. (CAN-2004-0600) A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. This bug is present in Samba 3.0.0 and later, as well as Samba 2.2.X (CAN-2004-0686) This update also fixes a bug where attempting to print in some cases would cause smbd to exit with a signal 11. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xnest XFree86-Xvfb XFree86-cyrillic-fonts XFree86-doc XFree86-glide-module XFree86-server XFree86-xfs libxfree86 libxfree86-devel libxfree86-static-devel Updated: Tue Jul 27 09:34:22 2004 Importance: security %pre Steve Rumble discovered XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. The updated packages are patched to correct the problem. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package webmin Updated: Tue Jul 27 09:34:22 2004 Importance: security %pre Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. (CAN-2004-0582) The account lockout functionality in Webmin 1.140 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. (CAN-2004-0583) The updated packages are patched to correct the problem. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package sox sox-devel Updated: Wed Jul 28 09:23:18 2004 Importance: security %pre Ulf Harnhammar discovered two buffer overflows in SoX. They occur when the sox or play commands handle malicious .WAV files. Versions 12.17.4, 12.17.3 and 12.17.2 are vulnerable to these overflows. 12.17.1, 12.17 and 12.16 are some versions that are not. %description SoX (Sound eXchange) is a sound file format converter for Linux, UNIX and DOS PCs. The self-described 'Swiss Army knife of sound tools,' SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Install the sox package if you'd like to convert sound file formats or manipulate some sounds. %package libwv-1.0_0 libwv-1.0_0-devel wv Updated: Thu Jul 29 11:31:31 2004 Importance: security %pre iDefense discovered a buffer overflow vulnerability in the wv package which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. The updated packages are patched to protect against this problem. %description Wv is a program that understands the Microsoft Word 6/7/8/9 binary file format and is able to convert Word documents into HTML, which can then be read with a browser. %package OpenOffice.org OpenOffice.org-libs Updated: Thu Jul 29 12:26:51 2004 Importance: security %pre The OpenOffice.org office suite contains an internal libneon library which allows it to connect to WebDAV servers. This internal library is subject to the same vulnerabilities that were fixed in libneon recently. These updated packages contain fixes to libneon to correct the several format string vulnerabilities in it, as well as a heap-based buffer overflow vulnerability. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, forumula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Languages available in OpenOffice.org-l10n-* packages include: English, French, German, Spanish, Italian, Dutch, Swedish, Finnish, Polish, Russian, Chinese, Japanese, Korean, Danish, Greek, Turkish, Czech, Catalan, Arab, Slovak, Basque. Localized help files available in OpenOffice.org-help-* packages include: English, French, German, Spanish, Italian, Swedish, Russian, Finnish, Czech, Japanese, Korean, Chinese, Slovak, Basque. Spell-checking and hyphenation dictionaries are available in myspell-* and myspell-hyph-* packages, respectively. Please install the ones that better suit your language needs. Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. The ooffice wrapper script will install a few files in the user's home, if necessary. * oocalc: OpenOffice.org Calc * oodraw: OpenOffice.org Draw * ooimpress: OpenOffice.org Impress * oomath: OpenOffice.org Math * oowriter: OpenOffice.org Writer %package libpng3 libpng3-devel libpng3-static-devel Updated: Wed Aug 04 09:53:45 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the libpng graphics library, including a remotely exploitable stack-based buffer overrun in the png_handle_tRNS function, dangerous code in png_handle_sBIT, a possible NULL-pointer crash in png_handle_iCCP (which is also duplicated in multiple other locations), a theoretical integer overflow in png_read_png, and integer overflows during progressive reading. All users are encouraged to upgrade immediately. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package rpmdrake park-rpmdrake Updated: Wed Aug 04 10:58:16 2004 Importance: security %pre When rpmdrake would come across a package name containing the string "-h" it would print out the help usage instead of installing or upgrading a package. The updated packages fix this. It is recommended that all users upgrade immediately. %description rpmdrake is a simple graphical frontend to manage software packages on a Mandrakelinux system; it has 3 different modes: - software packages installation; - software packages removal; - MandrakeUpdate (software packages updates). A fourth program manages the media (add, remove, edit). %package drakxtools drakxtools-newt drakxtools-http harddrake harddrake-ui Updated: Wed Aug 04 11:12:10 2004 Importance: bugfix %pre The updated drakxtools packages contain the following bugfixes: - diskdrake: o fix Compaq Smart Array support o misc bug fixes - drakbackup: o fix Anthill bugs #927 and #929 (filenames with spaces, .backupignore, misc GUI issues) o fix AntHill bugs #1009 and #1010 (DVD recording, disk quota) o fix .backupignore issue o typo in "other" routine - drakboot: fix doble windows on LILO/GRUB error - drakconnect: misc bug fixes - draksplash: make it works again... - drakTermServ: misc fixes - drakupdate_fstab: add support for floppies - drakxtv: fix tv modules that weren't loaded on boot - globetrooter support (a mdk10.0 based product with automatic hw configuration in harddrake service) - harddrake GUI: do not automatically configure removable media but run the proper config tool instead - harddrake service: o fix adding a removable medium o fix misdetection of nvidia nforce ethernet cards (broken since forcedeth replaced nvnet on 2004-01-21 in MDK10's ldetect-lst) o fix logs of newly added hardware o only stop boot progressbar if there a non automatic tool to run o fix duplicated USB disks (in both disk and unknown categories in GUI) - XFdrake: fix monitor detection (based on mandrakemove) %description Contains many Mandrakelinux applications simplifying users and administrators life on a Mandrakelinux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package cupsddk Updated: Mon Aug 09 13:04:04 2004 Importance: normal %pre The cupssdk package is provided in order to build newer CUPS packages. %description The CUPS Driver Development Kit (DDK) provides a suite of standard drivers, a PPD file compiler, and other utilities that can be used to develop printer drivers for CUPS and other printing environments. CUPS provides a portable printing layer for UNIX®-based operating systems. The CUPS DDK provides the means for mass-producing PPD files and drivers/filters for CUPS-based printer drivers. %package shorewall shorewall-doc Updated: Mon Aug 09 13:04:04 2004 Importance: security %pre The shorewall package has a vulnerability when creating temporary files and directories, which could allow non-root users to overwrite arbitrary files on the system. The updated packages are patched to fix the problem. As well, for Mandrakelinux 10.0, the updated packages have been fixed to start shorewall after the network, rather than before. After updating the package, if shorewall was previously running, you may need to issue a "service shorewall restart". %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package cups-drivers foomatic-db foomatic-db-engine foomatic-filters ghostscript ghostscript-module-X gimpprint libgimpprint1 libgimpprint1-devel libijs0 libijs0-devel printer-filters printer-testpages printer-utils Updated: Mon Aug 09 13:04:04 2004 Importance: bugfix %pre Updated printer-drivers packages are now available that fix a number of bugs and provide new drivers/functionality for existing drivers, including: - bug fixes in Foomatic, including a bug which prevented OpenOffice.org versions >1.1.0 from printing correctly. - higher quality of black text printing on HP DeskJets, Business InkJets, and OfficeJets; also more support models (HPIJS 1.6.1) - more Epson Inkets printers supported, bug fixes, and better photo quality (Gimp-Print 4.2.7 final) - update of the PostScript printer PPDs from HP and Kyocera - PostScript printer PPDs from Okidata - Epson-Kowa laser printer driver updated to support the newest workgroup and high-volume laser printers from Epson - many driver updates, including complete support for MicroDry printers (Alps MD-XXXX, Citizen printiva, Okidata DP-xxxx) - new drivers added, including support for a wide range of laser winprinters: Minolta PagePro 12xxW, 13xxW, magicolor 2300W, Canon LBP-460, LBP-660, Lexmark X74, X75, and some Casio label printers %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, Gimp-Print, Foomatic, ... This way duplicate source code (as Gimp-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package gaim gaim-encrypt gaim-festival gaim-perl libgaim-remote0 libgaim-remote0-devel Updated: Thu Aug 12 12:30:08 2004 Importance: security %pre Sebastian Krahmer discovered two remotely exploitable buffer overflow vulnerabilities in the gaim instant messenger. The updated packages are patched to correct the problems. %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package libnspr4 libnspr4-devel libnss3 libnss3-devel mozilla mozilla-devel mozilla-dom-inspector mozilla-enigmail mozilla-enigmime mozilla-irc mozilla-js-debugger mozilla-mail mozilla-spellchecker Updated: Thu Aug 12 14:08:30 2004 Importance: security %pre A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing. Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079). %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package rsync Updated: Tue Aug 17 09:50:59 2004 Importance: security %pre An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. This vulnerability allows a remote attacker to possibly read/write to/from files outside of the rsync directory. The updated packages are patched to prevent this problem. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package spamassassin spamassassin-tools perl-Mail-SpamAssassin Updated: Wed Aug 18 10:40:17 2004 Importance: security %pre Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to date. %description SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. SpamAssassin also includes support for reporting spam messages automatically, and/or manually, to collaborative filtering databases such as Vipul's Razor, DCC or pyzor. Install perl-Razor-Agent package to get Vipul's Razor support. Install dcc package to get Distributed Checksum Clearinghouse (DCC) support. Install pyzor package to get Pyzor support. %package libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql qt3-common qt3-example Updated: Wed Aug 18 10:40:17 2004 Importance: security %pre Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty. These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others. The updated packages have been patched to correct these problems. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package galeon Updated: Wed Aug 18 12:38:25 2004 Importance: bugfix %pre Some of the security changes made to Mozilla in MDKSA-2004:082 had an adverse effect on the galeon and epiphany browsers in Mandrakelinux 10.0, and as a result right- and middle-clicks would no longer work properly. The updated packages are rebuilt against the latest Mozilla from security updates to bring this necessary functionality back. %description GNOME Web browser based on Gecko (Mozilla rendering engine) %package epiphany epiphany-devel Updated: Wed Aug 18 12:38:25 2004 Importance: bugfix %pre Some of the security changes made to Mozilla in MDKSA-2004:082 had an adverse effect on the galeon and epiphany browsers in Mandrakelinux 10.0, and as a result right- and middle-clicks would no longer work properly. The updated packages are rebuilt against the latest Mozilla from security updates to bring this necessary functionality back. %description Epiphany is a GNOME web browser based on the mozilla rendering engine. The name meaning: "An intuitive grasp of reality through something (as an event) usually simple and striking" %package kdebase kdebase-common kdebase-kate kdebase-kdeprintfax kdebase-kdm kdebase-kdm-config kdebase-nsplugins kdebase-progs libkdebase4 libkdebase4-devel libkdebase4-kate libkdebase4-kate-devel libkdebase4-konsole libkdebase4-nsplugins libkdebase4-nsplugins-devel kdebase-kcontrol-data kdebase-kdm-config-file kdebase-kmenuedit kdebase-konsole libkdebase4-kmenuedit Updated: Fri Aug 20 18:42:05 2004 Importance: security %pre A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CAN-2004-0689). The DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CAN-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability. The Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open. This could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CAN-02004-0721). The Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CAN-2004-0746). %description Core applications for the K Desktop Environment. Here is an overview of the directories: - drkonqi: if ever an app crashes (heaven forbid!) then Dr.Konqi will be so kind and make a stack trace. This is a great help for the developers to fix the bug. - kappfinder: searches your hard disk for non-KDE applications, e.g. Acrobat Reader (tm) and installs those apps under the K start button - kate: a fast and advanced text editor with nice plugins - kcheckpass: small program to enter and check passwords, only to be used by other programs - kcontrol: the KDE Control Center allows you to tweak the KDE settings - kdcop: GUI app to browse for DCOP interfaces, can also execute them - kdebugdialog: allows you to specify which debug messages you want to see - kdeprint: the KDE printing system - kdesktop: you guessed it: the desktop above the panel - kdesu: a graphical front end to "su" - kdm: replacement for XDM, for those people that like graphical logins - kfind: find files - khelpcenter: the app to read all great documentation about KDE - khotkeys: intercepts keys and can call applications - kicker: the panel at the botton with the K start button and the taskbar etc - kioslave: infrastructure that helps make every application internet enabled e.g. to directly save a file to ftp://place.org/dir/file.txt - klipper: enhances and extenses the X clipboard - kmenuedit: edit for the menu below the K start button - konqueror: the file manager and web browser you get easily used to - kpager: applet to show the contents of the virtual desktops - kpersonalizer: the customization wizard you get when you first start KDE - kreadconfig: a tool for shell scripts to get info from KDE's config files - kscreensaver: the KDE screensaver environment and lot's of savers - ksmserver: the KDE session manager (saves program status on login, restarts those program at the next login) - ksplash: the screen displayed while KDE starts - kstart: to launch applications with special window properties such as iconified etc - ksysguard: task manager and system monitor, even for remote systems - ksystraycmd: allows to run any application in the system tray - ktip: gives you tips how to use KDE - kwin: the KDE window manager - kxkb: a keyboard map tool - legacyimport: odd name for a cute program to load GTK themes - libkonq: some libraries needed by Konqueror - nsplugins: together with OSF/Motif or Lesstif allows you to use Netscape (tm) plugins in Konqueror %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Fri Aug 20 18:42:05 2004 Importance: security %pre A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CAN-2004-0689). The DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CAN-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability. The Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open. This could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CAN-02004-0721). The Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CAN-2004-0746). %description Libraries for the K Desktop Environment. %package mkinitrd Updated: Thu Aug 26 13:02:59 2004 Importance: bugfix %pre A bug existed in mkinitrd where depmod-24 would generate a modules.dep file containing "\\\n" if there is more than one module listed as a dependency. Because of this, when mkinitrd is called, it will miss the dependencies of certain modules and as a result the modules that need to be loaded first will be loaded last and the kernel will complain about some missing symbols. This problem only affects systems using the 2.4 kernel with SCSI devices. The updated packages are fixed to correct the problem. %description Mkinitrd creates filesystem images for use as initial ramdisk (initrd) images. These ramdisk images are often used to preload the block device modules (SCSI or RAID) needed to access the root filesystem. In other words, generic kernels can be built without drivers for any SCSI adapters which load the SCSI driver as a module. Since the kernel needs to read those modules, but in this case it isn't able to address the SCSI adapter, an initial ramdisk is used. The initial ramdisk is loaded by the operating system loader (normally LILO) and is available to the kernel as soon as the ramdisk is loaded. The ramdisk image loads the proper SCSI adapter and allows the kernel to mount the root filesystem. The mkinitrd program creates such a ramdisk using information found in the /etc/modules.conf file. %package kernel-2.4.25.8mdk kernel-enterprise-2.4.25.8mdk kernel-smp-2.4.25.8mdk kernel-i686-up-4GB-2.4.25.8mdk kernel-p3-smp-64GB-2.4.25.8mdk kernel-source kernel-2.6.3.16mdk kernel-enterprise-2.6.3.16mdk kernel-secure-2.6.3.16mdk kernel-smp-2.6.3.16mdk kernel-i686-up-4GB-2.6.3.16mdk kernel-p3-smp-64GB-2.6.3.16mdk kernel-source kernel-source-stripped Updated: Thu Aug 26 13:02:59 2004 Importance: security %pre A race condition was discovered in the 64bit file offset handling by Paul Starzetz from iSEC. The file offset pointer (f_pos) is changed during reading, writing, and seeking through a file in order to point to the current position of a file. The value conversion between both the 32bit and 64bit API in the kernel, as well as access to the f_pos pointer, is defective. As a result, a local attacker can abuse this vulnerability to gain access to uninitialized kernel memory, mostly via entries in the /proc filesystem. This kernel memory can possibly contain information like the root password, and other sensitive data. The updated kernel packages provided are patched to protect against this vulnerability, and all users are encouraged to upgrade immediately. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package ftp-client-krb5 ftp-server-krb5 libkrb51-devel libkrb51 krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Tue Aug 31 10:23:12 2004 Importance: security %pre A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers vulnerable. The MIT Kerberos 5 development team believes that exploitation of these bugs would be difficult and no known vulnerabilities are believed to exist. The vulnerability in krb524d was discovered by Marc Horowitz; the other double-free vulnerabilities were discovered by Will Fiveash and Nico Williams at Sun. Will Fiveash and Nico Williams also found another vulnerability in the ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of Service) attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. The MIT Kerberos 5 team has provided patches which have been applied to the updated software to fix these issues. Mandrakesoft encourages all users to upgrade immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package imlib imlib-cfgeditor libimlib1 libimlib1-devel Updated: Tue Sep 07 09:53:31 2004 Importance: security %pre Marcus Meissner discovered that the imlib and imlib2 libraries are also affected with a similar BMP-related vulnerability as the recent QT updates. The updated imlib and imlib2 packages are patched to protect against this problem. %description Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Install imlib if you need an image loading and rendering library for X11R6. You may also want to install the imlib-cfgeditor package, which will help you configure Imlib. %package libimlib2_1 libimlib2_1-devel libimlib2_1-filters libimlib2_1-loaders Updated: Tue Sep 07 09:53:31 2004 Importance: security %pre Marcus Meissner discovered that the imlib and imlib2 libraries are also affected with a similar BMP-related vulnerability as the recent QT updates. The updated imlib and imlib2 packages are patched to protect against this problem. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. %package zlib1 zlib1-devel Updated: Tue Sep 07 09:53:31 2004 Importance: security %pre Due to a Debian bug report, a Denial of Service vulnerability was discovered in the zlib compression library versions 1.2.x, in the inflate() and inflateBack() functions. Older versions of zlib are not affected. Once the updated packages have been installed, all programs linked against zlib must be restarted for the new packages to take effect. %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package cdrecord cdrecord-cdda2wav cdrecord-devel mkisofs Updated: Tue Sep 07 09:53:31 2004 Importance: security %pre Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges. The updated packages are patched to fix the vulnerability. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package drakconf Updated: Tue Sep 07 13:58:41 2004 Importance: bugfix %pre Updated DrakConf packages are now available that fix various bugs, including: - fixed special "" entries (pablo) - drakconsole: add a title for when one run it not from mcc - make web wizard description more accurate (#8153) - translation updates - embed rfbdrake (Online Administration section) - fix buildrequires (Per Øyvind Karlsen) - fix profiles garbage (tvignaud, #9278) As well, a new rfbdrake package is provided for the embedded rfbdrake to work properly. %description drakconf includes the Mandrakelinux Control Center which is an interface to multiple utilities from DrakXtools. %package rfbdrake Updated: Tue Sep 07 13:58:41 2004 Importance: bugfix %pre Updated rfbdrake allows for rfbdrake to be embedded in DrakConf. %description rfbdrake is a tool to setup a client/server remote framebuffer for virtual network computing. It use vncviewer backend at the client side and x0rfbserver for the server side. %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel nss_wins samba-client samba-common samba-doc samba-passdb-mysql samba-passdb-xml samba-server samba-swat samba-winbind Updated: Mon Sep 13 10:39:06 2004 Importance: security %pre Two vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd's ASN.1 parsing that allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. As a result, it is possible to use up all available memory on the server. The second vulnerability is in nmbd's processing of mailslot packets which could allow an attacker to anonymously crash nmbd. The provided packages are patched to protect against these two vulnerabilities. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package squid Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed NTLMSSP packets to crash squid, resulting in a DoS. The provided packages have been patched to prevent this problem. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package gdk-pixbuf-loaders libgdk-pixbuf-gnomecanvas1 libgdk-pixbuf-xlib2 libgdk-pixbuf2 libgdk-pixbuf2-devel Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CAN-2004-0753). Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783). Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf (CAN-2004-0788). All four problems have been corrected in these updated packages. %description The GdkPixBuf library provides a number of features: - Image loading facilities. - Rendering of a GdkPixBuf into various formats: drawables (windows, pixmaps), GdkRGB buffers. %package cups-drivers foomatic-db foomatic-db-engine foomatic-filters ghostscript ghostscript-module-X gimpprint libgimpprint1 libgimpprint1-devel libijs0 libijs0-devel printer-filters printer-testpages printer-utils Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of abuse. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, Gimp-Print, Foomatic, ... This way duplicate source code (as Gimp-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre Two Denial of Service conditions were discovered in the input filter of mod_ssl, the module that enables apache to handle HTTPS requests. Another vulnerability was discovered by the ASF security team using the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util library, can possibly lead to arbitray code execution if certain non-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK define). As well, the SITIC have discovered a buffer overflow when Apache expands environment variables in configuration files such as .htaccess and httpd.conf, which can lead to possible privilege escalation. This can only be done, however, if an attacker is able to place malicious configuration files on the server. Finally, a crash condition was discovered in the mod_dav module by Julian Reschke, where sending a LOCK refresh request to an indirectly locked resource could crash the server. The updated packages have been patched to protect against these vulnerabilities. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes. The updated packages are patched to protect against this vulnerability. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libxpm4 libxpm4-devel Updated: Wed Sep 15 12:26:41 2004 Importance: security %pre Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 (from which the libxpm code is derived): Stack overflows (CAN-2004-0687): Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c). Integer Overflows (CAN-2004-0688): Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence. The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities. %description The xpm package contains the XPM pixmap library for the X Window System. The XPM library allows applications to display color, pixmapped images, and is used by many popular X programs. %package libxfree86 libxfree86-devel libxfree86-static-devel X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-cyrillic-fonts XFree86-doc XFree86-glide-module XFree86-server XFree86-xfs XFree86-Xnest XFree86-Xvfb Updated: Wed Sep 15 12:26:41 2004 Importance: security %pre Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86: Stack overflows (CAN-2004-0687): Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c). Integer Overflows (CAN-2004-0688): Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence. The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package gtk+2.0 libgdk_pixbuf2.0_0 libgdk_pixbuf2.0_0-devel libgtk+-linuxfb-2.0_0 libgtk+-linuxfb-2.0_0-devel libgtk+-x11-2.0_0 libgtk+2.0_0 libgtk+2.0_0-devel Updated: Fri Sep 17 12:12:35 2004 Importance: security %pre A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CAN-2004-0753). Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783). Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf (CAN-2004-0788). All four problems have been corrected in these updated packages. %description The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. If you are planning on using the GIMP or another program that uses GTK+, you'll need to have the gtk+ package installed. %package webmin Updated: Wed Sep 22 10:42:14 2004 Importance: security %pre A vulnerability in webmin was discovered by Ludwig Nussel. A temporary directory was used in webmin, however it did not check for the previous owner of the directory. This could allow an attacker to create the directory and place dangerous symbolic links inside. The updated packages are patched to prevent this problem. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package mpg123 Updated: Wed Sep 22 10:42:14 2004 Importance: security %pre A vulnerability in mpg123 was discovered by Davide Del Vecchio where certain malicious mpg3/2 files would cause mpg123 to fail header checks, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123 (CAN-2004-0805). As well, an older vulnerability in mpg123, where a response from a remote HTTP server could overflow a buffer allocated on the heap, is also fixed in these packages. This vulnerability could also potentially permit the execution of arbitray code with the privileges of the user running mpg123 (CAN-2003-0865). %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org/ %package ImageMagick libMagick5.5.7 libMagick5.5.7-devel perl-Magick ImageMagick-doc Updated: Wed Sep 22 10:42:14 2004 Importance: security %pre Several buffer overflow vulnerabilities in ImageMagick were discovered by Marcus Meissner from SUSE. These vulnerabilities would allow an attacker to create a malicious image or vide file in AVI, BMP, or DIB formats which could crash the reading process. It may be possible to create malicious images that could also allow for the execution of arbitray code with the privileges of the invoking user or process. The updated packages provided are patched to correct these problems. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. %package libnetpbm9 libnetpbm9-devel libnetpbm9-static-devel netpbm Updated: Mon Sep 27 11:00:33 2004 Importance: security %pre A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package OpenOffice.org OpenOffice.org-help-cs OpenOffice.org-help-de OpenOffice.org-help-en OpenOffice.org-help-es OpenOffice.org-help-eu OpenOffice.org-help-fi OpenOffice.org-help-fr OpenOffice.org-help-it OpenOffice.org-help-ja OpenOffice.org-help-ko OpenOffice.org-help-nl OpenOffice.org-help-ru OpenOffice.org-help-sk OpenOffice.org-help-sv OpenOffice.org-help-zh_CN OpenOffice.org-help-zh_TW OpenOffice.org-l10n-ar OpenOffice.org-l10n-ca OpenOffice.org-l10n-cs OpenOffice.org-l10n-da OpenOffice.org-l10n-de OpenOffice.org-l10n-el OpenOffice.org-l10n-en OpenOffice.org-l10n-es OpenOffice.org-l10n-et OpenOffice.org-l10n-eu OpenOffice.org-l10n-fi OpenOffice.org-l10n-fr OpenOffice.org-l10n-it OpenOffice.org-l10n-ja OpenOffice.org-l10n-ko OpenOffice.org-l10n-nb OpenOffice.org-l10n-nl OpenOffice.org-l10n-nn OpenOffice.org-l10n-pl OpenOffice.org-l10n-pt OpenOffice.org-l10n-pt_BR OpenOffice.org-l10n-ru OpenOffice.org-l10n-sk OpenOffice.org-l10n-sv OpenOffice.org-l10n-tr OpenOffice.org-l10n-zh_CN OpenOffice.org-l10n-zh_TW OpenOffice.org-libs Updated: Mon Sep 27 10:01:12 2004 Importance: security %pre A vulnerability in OpenOffice.org was reported by pmladek where a local user may be able to obtain and read documents that belong to another user. The way that OpenOffice.org created temporary files, which used the user's umask to create the file, could potentially allow for other users to have read access to the document (again, dependant upon the user's umask). The updated packages have been patched to prevent this problem. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, forumula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Languages available in OpenOffice.org-l10n-* packages include: English, French, German, Spanish, Italian, Dutch, Swedish, Finnish, Polish, Russian, Chinese, Japanese, Korean, Danish, Greek, Turkish, Czech, Catalan, Arab, Slovak, Basque. Localized help files available in OpenOffice.org-help-* packages include: English, French, German, Spanish, Italian, Swedish, Russian, Finnish, Czech, Japanese, Korean, Chinese, Slovak, Basque. Spell-checking and hyphenation dictionaries are available in myspell-* and myspell-hyph-* packages, respectively. Please install the ones that better suit your language needs. Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. The ooffice wrapper script will install a few files in the user's home, if necessary. * oocalc: OpenOffice.org Calc * oodraw: OpenOffice.org Draw * ooimpress: OpenOffice.org Impress * oomath: OpenOffice.org Math * oowriter: OpenOffice.org Writer %package kernel-2.4.25.9mdk kernel-enterprise-2.4.25.9mdk kernel-smp-2.4.25.9mdk kernel-i686-up-4GB-2.4.25.9mdk kernel-p3-smp-64GB-2.4.25.9mdk kernel-source kernel-2.6.3.19mdk kernel-enterprise-2.6.3.19mdk kernel-secure-2.6.3.19mdk kernel-smp-2.6.3.19mdk kernel-i686-up-4GB-2.6.3.19mdk kernel-p3-smp-64GB-2.6.3.19mdk kernel-source kernel-source-stripped Updated: Mon Oct 04 21:01:46 2004 Importance: bugfix %pre New kernels are available for Mandrakelinux 10.0 that fix the following bugs and/or add the following enhancements: The 2.4 kernel adds prism54 support. The 2.6 kernel adds atiixp support and ia64 support. It fixes alsa intel8x0 (specifically for nvidia chipsets). It includes the Megaraid newgen 2.20.3.1 (a new driver that replaces the old megaraid), adds pwc fork 0.3 (a new driver), 3w-9xxx (new driver), and updates ide piix/libata (supports ICH6, adds NVIDIA, Promise, Sis, and Vitesse chipset support). Driver updates of Bcm5700, qla, and ieee1394 were also included, as well as xfs fixes. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package libxine1 libxine1-devel xine-aa xine-arts xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-plugins Updated: Tue Oct 05 11:00:33 2004 Importance: security %pre A number of string overflows were discovered in the xine-lib program, some of which can be used for remote buffer overflow exploits that lead to the execution of arbitrary code with the permissions of the user running a xine-lib-based media application. xine-lib versions 1-rc2 through, and including, 1-rc5 are vulnerable to these problems. As well, a heap overflow was found in the DVD subpicture decoder of xine-lib; this vulnerability is also remotely exploitable. All versions of xine-lib prior to and including 0.5.2 through. and including, 1-rc5 are vulnerable to this problem. Patches from the xine-lib team have been backported and applied to the program to solve these problems. %description xine is a free gpl-licensed video player for unix-like systems. %package cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-login libsasl2-plug-ntlm libsasl2-plug-otp libsasl2-plug-plain libsasl2-plug-sasldb libsasl2-plug-srp Updated: Thu Oct 07 11:51:21 2004 Importance: security %pre A vulnerability was discovered in the libsasl library of cyrus-sasl. libsasl honors the SASL_PATH environment variable blindly, which could allow a local user to create a malicious "library" that would get executed with the EID of SASL when anything calls libsasl. The provided packages are patched to protect against this vulnerability. %description SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. %package libnspr4 libnspr4-devel libnss3 libnss3-devel mozilla mozilla-devel mozilla-dom-inspector mozilla-enigmail mozilla-enigmime mozilla-irc mozilla-js-debugger mozilla-mail mozilla-spellchecker Updated: Tue Oct 19 12:49:38 2004 Importance: security %pre A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0: - "Send page" heap overrun - javascript clipboard access - buffer overflow when displaying VCard - BMP integer overflow - javascript: link dragging - Malicious POP3 server III The details of all of these vulnerabilities are available from the Mozilla website. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package cvs Updated: Tue Oct 19 12:49:38 2004 Importance: security %pre iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an undocumented switch implemented in CVS' history command. The -X switch specifies the name of the history file which allows an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS process has access to them. This flaw has been fixed in CVS version 1.1.17. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package libtiff-progs libtiff3 libtiff3-devel libtiff3-static-devel Updated: Tue Oct 19 12:49:38 2004 Importance: security %pre Several vulnerabilities have been discovered in the libtiff package: Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CAN-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow. (CAN-2004-0804) Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CAN-2004-0886) %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package gaim gaim-encrypt gaim-festival gaim-perl libgaim-remote0 libgaim-remote0-devel Updated: Thu Oct 21 12:11:16 2004 Importance: security %pre More vulnerabilities have been discovered in the gaim instant messenger client. The vulnerabilities pertinent to version 0.75, which is the version shipped with Mandrakelinux 10.0, are: installing smiley themes could allow remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. There is also a buffer overflow in the way gaim handles receiving very long URLs. The provided packages have been patched to fix these problems. These issues, amongst others, have been fixed upstream in version 0.82. %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package libwxgtk2.5 libwxgtk2.5-devel libwxgtkgl2.5 wxGTK2.5 Updated: Thu Oct 21 12:11:16 2004 Importance: security %pre Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities: Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CAN-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow. (CAN-2004-0804) Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CAN-2004-0886) %description wxWindows is a free C++ library for cross-platform GUI development. With wxWindows, you can create applications for different GUIs (GTK+, Motif/LessTif, MS Windows, Mac) from the same source code. %package squid Updated: Thu Oct 21 12:11:16 2004 Importance: security %pre iDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap corruption or some other exceptional condition, and closing all current connections then restarting. Squid 2.5.STABLE7 has been released to address this issue; the provided packages are patched to fix the issue. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package gpdf Updated: Thu Oct 21 14:20:57 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like gpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. The updated packages are patched to protect against these vulnerabilities. %description GNOME PDF Viewer, based on xpdf %package xpdf Updated: Thu Oct 21 14:20:57 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the xpdf package: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (0888) Multiple integer overflow issues affecting xpdf-3.0 only. These can result in DoS or possibly arbitrary code execution. (0889) Chris also discovered issues with infinite loop logic error affecting xpdf-3.0 only. The updated packages are patched to deal with these issues. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package kdegraphics kdegraphics-common kdegraphics-kdvi kdegraphics-kfax kdegraphics-kghostview kdegraphics-kiconedit kdegraphics-kooka kdegraphics-kpaint kdegraphics-kpdf kdegraphics-kpovmodeler kdegraphics-kruler kdegraphics-ksnapshot kdegraphics-ksvg kdegraphics-kuickshow kdegraphics-kview kdegraphics-mrmlsearch libkdegraphics0-common libkdegraphics0-common-devel libkdegraphics0-kooka libkdegraphics0-kooka-devel libkdegraphics0-kpovmodeler libkdegraphics0-kpovmodeler-devel libkdegraphics0-ksvg libkdegraphics0-ksvg-devel libkdegraphics0-kuickshow libkdegraphics0-kview libkdegraphics0-kview-devel libkdegraphics0-mrmlsearch Updated: Thu Oct 21 14:20:57 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as kpdf: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like kpdf which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. The updated packages are patched to protect against these vulnerabilities. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Thu Oct 21 14:20:57 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CAN-2004-0888) Also, when CUPS debugging is enabled, device URIs containing username and password end up in error_log. This information is also visible via "ps". (CAN-2004-0923) The updated packages are patched to protect against these vulnerabilities. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libmysql12 libmysql12-devel MySQL MySQL-Max MySQL-bench MySQL-client MySQL-common Updated: Mon Nov 01 09:30:35 2004 Importance: security %pre A number of problems have been discovered in the MySQL database server: Jeroen van Wolffelaar discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method (CAN-2004-0457). Oleksandr Byelkin discovered that the "ALTER TABLE ... RENAME" would check the CREATE/INSERT rights of the old table rather than the new one (CAN-2004-0835). Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function (CAN-2004-0836). Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall (CAN-2004-0837). The updated MySQL packages have been patched to protect against these issues. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package mpg123 Updated: Mon Nov 01 10:31:37 2004 Importance: security %pre Carlos Barros discovered two buffer overflow vulnerabilities in mpg123; the first in the getauthfromURL() function and the second in the http_open() function. These vulnerabilities could be exploited to possibly execute arbitrary code with the privileges of the user running mpg123. The provided packages are patched to fix these issues, as well additional boundary checks that were lacking have been included (thanks to the Gentoo Linux Sound Team for these additional fixes). %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org/ %package netatalk netatalk-devel Updated: Mon Nov 01 10:50:35 2004 Importance: security %pre The etc2ps.sh script, part of the netatalk package, creates files in /tmp with predicatable names which could allow a local attacker to use symbolic links to point to a valid file on the filesystem which could lead to the overwriting of arbitrary files if etc2ps.sh is executed by someone with enough privilege. The updated packages are patched to prevent this problem. %description netatalk is an implementation of the AppleTalk Protocol Suite for Unix/Linux systems. The current release contains support for Ethertalk Phase I and II, DDP, RTMP, NBP, ZIP, AEP, ATP, PAP, ASP, and AFP. It provides Appletalk file printing and routing services on Solaris 2.5, Linux, FreeBSD, SunOS 4.1 and Ultrix 4. It also supports AFP 2.1 and 2.2 (Appleshare IP). Note: The default configuration disables both guest accounts and plain-text passwords. To enable these options, review the configuration file /etc/netatalk/afpd.conf. %package mod_ssl Updated: Mon Nov 01 11:06:43 2004 Importance: security %pre A vulnerability in mod_ssl was discovered by Hartmut Keil. After a renegotiation, mod_ssl would fail to ensure that the requested cipher suite is actually negotiated. The provided packages have been patched to prevent this problem. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Mon Nov 01 11:06:43 2004 Importance: security %pre A vulnerability in mod_ssl was discovered by Hartmut Keil. After a renegotiation, mod_ssl would fail to ensure that the requested cipher suite is actually negotiated. The provided packages have been patched to prevent this problem. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package perl-MIME-tools Updated: Mon Nov 01 11:06:43 2004 Importance: security %pre There is a bug in MIME-tools, where it mis-parses things like boundary="". Some viruses use an empty boundary, which may allow unapproved parts through MIMEDefang. The updated packages are patched to fix this problem. %description MIME-tools - modules for parsing (and creating!) MIME entities Modules in this toolkit : Abstract message holder (file, scalar, etc.), OO interface for decoding MIME messages, an extracted and decoded MIME entity, Mail::Field subclasses for parsing fields, a parsed MIME header (Mail::Header subclass), parser and tool for building your own MIME parser, and utilities. %package perl perl-doc perl-devel perl-base Updated: Mon Nov 01 11:06:43 2004 Importance: security %pre Updated perl-MIME-tools requires MIME::Base64 version 3.03. Since MIME::Base64 is integrated in the perl package on Mandakelinux, these updates now provide the newer version. The updated packages are patched to fix this problem. %description Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications (and what it excels at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. You need perl-base to have a full perl. %package iptables iptables-ipv6 Updated: Thu Nov 04 14:03:18 2004 Importance: security %pre Faheem Mitha discovered that the iptables tool would not always load the required modules on its own as it should have, which could in turn lead to firewall rules not being loaded on system startup in some cases. The updated packages are patched to prevent this problem. %description iptables controls the Linux kernel network packet filtering code. It allows you to set up firewalls and IP masquerading, etc. Install iptables if you need to set up firewalling for your network. Install this only if you are using the 2.4 or 2.6 kernels!! %package shadow-utils Updated: Thu Nov 04 14:03:18 2004 Importance: security %pre A vulnerability in the shadow suite was discovered by Martin Schulze that can be exploited by local users to bypass certain security restrictions due to an input validation error in the passwd_check() function. This function is used by the chfn and chsh tools. The updated packages have been patched to prevent this problem. %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %package libxml1 libxml1-devel Updated: Thu Nov 04 14:03:18 2004 Importance: security %pre Multiple buffer overflows were reported in the libxml XML parsing library. These vulnerabilities may allow remote attackers to execute arbitray code via a long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function, a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy() function, and other overflows in the code that resolves names via DNS. The updated packages have been patched to prevent these issues. %description This library allows you to manipulate XML files. %package libxml2 libxml2-devel libxml2-python libxml2-utils Updated: Thu Nov 04 14:03:18 2004 Importance: security %pre Multiple buffer overflows were reported in the libxml XML parsing library. These vulnerabilities may allow remote attackers to execute arbitray code via a long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function, a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy() function, and other overflows in the code that resolves names via DNS. The updated packages have been patched to prevent these issues. %description This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. %package ruby ruby-devel ruby-doc ruby-tk Updated: Mon Nov 08 09:45:12 2004 Importance: security %pre Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session's FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues (CAN-2004-0755). The ruby developers have corrected a problem in the ruby CGI module that can be triggered remotely and cause an inifinite loop on the server (CAN-2004-0983). The updated packages are patched to prevent these problems. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package webmin Updated: Wed Nov 11 10:22:43 2004 Importance: bugfix %pre There was a problem with two modules in the webmin package that did not work correctly: the cron and backup modules. The updates packages fix the problem so the modules will again work. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package speedtouch Updated: Wed Nov 11 10:22:43 2004 Importance: security %pre The Speedtouch USB driver contains a number of format string vulnerabilities due to improperly made syslog() system calls. These vulnerabilities can be abused by a local used to potentially allow the execution of arbitray code with elevated privileges. The updated packages have been patched to prevent this problem. %description ALCATEL SpeedTouch USB ADSL modem user-space driver. This package contains all the necessary software to use your SpeedTouch USB modem under Linux. It currently support only PPPoA encapsulation. %package ez-ipupdate Updated: Wed Nov 11 10:22:43 2004 Importance: security %pre Ulf Harnhammar discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. The updated packages are patched to protect against this problem. %description ez-ipupdate is a small utility for updating your host name for any of the dynamic DNS service offered at: * http://www.ez-ip.net * http://www.justlinux.com * http://www.dhs.org * http://www.dyndns.org * http://www.ods.org * http://gnudip.cheapnet.net (GNUDip) * http://www.dyn.ca (GNUDip) * http://www.tzo.com * http://www.easydns.com * http://www.dyns.cx * http://www.hn.org * http://www.zoneedit.com it is pure C and works on Linux, *BSD and Solaris. Don't forget to create your own config file ( in /etc/ez-ipupdate.conf ) You can find some example in /usr/share/doc/ez-ipupdate-3.0.11b8 %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel nss_wins samba-client samba-common samba-doc samba-passdb-mysql samba-passdb-pgsql samba-passdb-xml samba-server samba-swat samba-winbind Updated: Wed Nov 11 10:22:43 2004 Importance: security %pre Karol Wiesek discovered a bug in the input validation routines in Samba 3.xu sed to match filename strings containing wildcard characters. This bug may allow a user to consume more than normal amounts of CPU cycles which would impact the performance and response of the server. In some cases it could also cause the server to become entirely unresponsive. The updated packages are patched to prevent this problem with patches from the Samba team. This vulnerability is fixed in samba 3.0.8. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package sudo Updated: Mon Nov 15 10:50:04 2004 Importance: security %pre Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. The problem is fixed in sudo 1.6.8p2; the provided packages have been patched to correct the issue. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package gd-utils libgd2 libgd2-devel libgd2-static-devel Updated: Mon Nov 15 10:50:04 2004 Importance: security %pre Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. The updated packages have been patched to prevent these issues. %description gd is a graphics library. It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. This is particularly useful in World Wide Webapplications, where PNG and JPEG are two of the formats accepted for inlineimages by most browsers. gd is not a paint program. If you are looking for a paint program, you are looking in the wrong place. If you are not a programmer, you are looking in the wrong place. gd does not provide for every possible desirable graphics operation. It is not necessary or desirable for gd to become a kitchen-sink graphics package, but version 1.7.3 incorporates most of the commonly requested features for an 8-bit 2D package. GIF creation will not reappear in gd until the patent expires world-wide on July 7th, 2004. I realize this situation is frustrating for many; please direct your anger and complaints toward the questionable patent system that allows the patenting of such straightforward algorithms in the first place. To enable GIF support use a commandline like: rpm -rebuild --with gif gd-2.0.27-3.2.101mdk.src.rpm %package apache apache-devel apache-modules apache-source Updated: Mon Nov 15 10:50:04 2004 Importance: security %pre A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI. The updated packages have been patched to prevent this problem. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy apache2-worker Updated: Mon Nov 15 10:50:04 2004 Importance: security %pre A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan Trivedi; he found that by sending a large amount of specially- crafted HTTP GET requests, a remote attacker could cause a Denial of Service on the httpd server. This vulnerability is due to improper enforcement of the field length limit in the header-parsing code. The updated packages have been patched to prevent this problem. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel nss_wins samba-client samba-common samba-doc samba-passdb-mysql samba-passdb-xml samba-server samba-swat samba-winbind Updated: Thu Nov 18 14:48:55 2004 Importance: security %pre Steffan Esser discovered that invalid bounds checking in reply to certain trans2 requests could result in a buffer overrun in smbd. This can only be exploited by malicious user able to create files with very specific Unicode filenames on a samba share. The updated packages have been patched to prevent this problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xnest XFree86-Xvfb XFree86-cyrillic-fonts XFree86-doc XFree86-glide-module XFree86-server XFree86-xfs libxfree86 libxfree86-devel libxfree86-static-devel Updated: Mon Nov 22 14:40:12 2004 Importance: security %pre The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image. Updated packages are patched to correct all these issues. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package libxpm4 libxpm4-devel Updated: Mon Nov 22 14:40:12 2004 Importance: security %pre The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image. Updated packages are patched to correct all these issues. %description The xpm package contains the XPM pixmap library for the X Window System. The XPM library allows applications to display color, pixmapped images, and is used by many popular X programs. %package cyrus-imapd cyrus-imapd-devel cyrus-imapd-murder cyrus-imapd-utils perl-Cyrus Updated: Thu Nov 25 12:11:34 MST 2004 Importance: 0 %pre A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the 'partial' and 'fetch' commands, a buffer overflow could be exploited to execute arbitrary attacker-supplied code. Another exploitable buffer overflow could be triggered in situations when memory allocation files. The provided packages have been patched to prevent these problems. %description The Cyrus IMAP Server is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across multiple servers. It differs from other IMAP server implementations in that it is run on "sealed" servers, where users are not normally permitted to log in. The mailbox database is stored in parts of the filesystem that are private to the Cyrus IMAP system. All user access to mail is through software using the IMAP, POP3, or KPOP protocols. TLSv1 and SSL are supported for security. This is the main package, install also the cyrus-imapd-utils package (it contains server administration tools and depends on the perl-Cyrus package). %package a2ps a2ps-devel a2ps-static-devel Updated: Thu Nov 25 15:08:20 2004 Importance: 0 %pre The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitray commands with the privileges of the user running the vulnerable application. The updated packages have been patched to prevent this problem. %description The a2ps filter converts text and other types of files to PostScript(TM). a2ps has pretty-printing capabilities and includes support for a wide number of programming languages, encodings (ISO Latins, Cyrillic, etc.), and medias. %package zip Updated: Thu Nov 25 15:08:34 2004 Importance: 0 %pre A vulnerability in zip was discovered where zip would not check the resulting path length when doing recursive folder compression, which could allow a malicious person to convince a user to create an archive containing a specially-crafted path name. By doing so, arbitrary code could be executed with the permissions of the user running zip. The updated packages are patched to prevent this problem. %description The zip program is a compression and file packaging utility. Zip is analogous to a combination of the UNIX tar and compress commands and is compatible with PKZIP (a compression and file packaging utility for MS-DOS systems). Install the zip package if you need to compress files using the zip program. This version support crypto encryption. %package libxpm4 libxpm4-devel Updated: Mon Nov 29 17:26:11 2004 Importance: security %pre The previous libxpm4 update had a linking error that resulted in a missing s_popen symbol error running applications dependant on the library. In addition, the file path checking in the security updates prevented some applications, like gimp-2.0 from being able to save xpm format images. Updated packages are patched to correct all these issues. %description The xpm package contains the XPM pixmap library for the X Window System. The XPM library allows applications to display color, pixmapped images, and is used by many popular X programs. %package gzip Updated: Mon Dec 06 11:54:12 2004 Importance: security %pre The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack. A similar problem was fixed last year (CAN-2003-0367) in which this same problem was found in znew. At that time, Mandrakesoft also used mktemp to correct the problems in gzexe. This update uses mktemp to handle temporary files in the zdiff script. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandrakelinux system, because it is a very commonly used data compression program. %package ImageMagick ImageMagick-doc libMagick5.5.7 libMagick5.5.7-devel perl-Magick Updated: Mon Dec 06 11:55:26 2004 Importance: security %pre A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. The updated packages have been patched to prevent this problem. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. Build Options: --with plf Build for PLF (LZW compression, fpx support) --with modules Compile all supported image types as modules --with jasper Enable JPEG2000 support %package rp-pppoe rp-pppoe-gui Updated: Mon Dec 06 11:58:40 2004 Importance: security %pre Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe package. When pppoe is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid root, however the packages have been patched to prevent this problem. %description PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used by many ADSL Internet Service Providers. Roaring Penguin has a free client for Linux systems to connect to PPPoE service providers. The client is a user-mode program and does not require any kernel modifications. It is fully compliant with RFC 2516, the official PPPoE specification. It has been tested with many ISPs, such as the Canadian Sympatico HSE (High Speed Edition) service. %package nfs-utils nfs-utils-clients Updated: Mon Dec 06 11:59:28 2004 Importance: security %pre SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the "SIGPIPE" signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. The updated packages have been patched to prevent this problem. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Updated: Mon Dec 06 12:00:10 2004 Importance: security %pre The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack. The updated packages have been patched to prevent this problem. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package lvm1 Updated: Mon Dec 06 12:03:08 2004 Importance: security %pre The Trustix developers discovered that the lvmcreate_initrd script, part of the lvm1 package, created a temporary directory in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user running the script. The updated packages have been patched to prevent this problem. %description LVM includes all of the support for handling read/write operations on physical volumes (hard disks, RAID-Systems, magneto optical, etc., multiple devices (MD), see mdadd(8) or even loop devices, see losetup(8)), creating volume groups (kind of virtual disks) from one or more physical volumes and creating one or more logical volumes (kind of logical partitions) in volume groups. %package mdkonline Updated: Mon Dec 13 10:35:31 2004 Importance: normal %pre This is a major update of mandrakeonline which fixes several issues and adds more features such as a text wizard for servers without Xwindow capabilities, support for server products, corporate and MNF for instance, errors displaying and md5sum file checks. %description The MandrakeOnline tool is designed for registered users who want to upload their configuration (packages, hardware infos). This allows them to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * MandrakeOnline wizard for users registration and configuration uploads, * Mdkupdate daemon which allows you to install security updates automatically, * Mdkapplet which is a KDE/Gnome applet for security updates notification and installation. %package iproute2 Updated: Mon Dec 13 10:45:59 2004 Importance: security %pre Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. The updated packages have been patched to prevent this problem. %description The iproute package contains networking utilities (ip, tc and rtmon, for example) which are designed to use the advanced networking capabilities of the Linux 2.2.x kernels and later, such as policy routing, fast NAT and packet scheduling. %package libecpg3 libecpg3-devel libpgtcl2 libpgtcl2-devel libpq3 libpq3-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-server postgresql-tcl postgresql-test Updated: Mon Dec 13 10:47:19 2004 Importance: security %pre The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary files he has access to. The updated packages have been patched to prevent this problem. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package kdebase kdebase-common kdebase-kate kdebase-kcontrol-data kdebase-kdeprintfax kdebase-kdm kdebase-kdm-config-file kdebase-kmenuedit kdebase-konsole kdebase-nsplugins kdebase-progs libkdebase4 libkdebase4-devel libkdebase4-kate libkdebase4-kate-devel libkdebase4-kmenuedit libkdebase4-konsole libkdebase4-nsplugins libkdebase4-nsplugins-devel Updated: Wed Dec 15 11:57:58 2004 Importance: security %pre Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CAN-2004-1171). Another vulnerability was discovered where a malicious website could abuse Konqueror to load its own content into a window or tab that was opened by a trusted website, or it could trick a trusted website into loading content into an existing window or tab. This could lead to the user being confused as to the origin of a particular webpage and could have the user unknowingly send confidential information intended for a trusted site to the malicious site (CAN-2004-1158). The updated packages contain a patch from the KDE team to solve this issue. Additionally, the kdelibs and kdebase packages for Mandrakelinux 10.1 contain numerous bugfixes. New qt3 packages are being provided for Mandrakelinux 10.0 that are required to build the kdebase package. %description Core applications for the K Desktop Environment. Here is an overview of the directories: - drkonqi: if ever an app crashes (heaven forbid!) then Dr.Konqi will be so kind and make a stack trace. This is a great help for the developers to fix the bug. - kappfinder: searches your hard disk for non-KDE applications, e.g. Acrobat Reader (tm) and installs those apps under the K start button - kate: a fast and advanced text editor with nice plugins - kcheckpass: small program to enter and check passwords, only to be used by other programs - kcontrol: the KDE Control Center allows you to tweak the KDE settings - kdcop: GUI app to browse for DCOP interfaces, can also execute them - kdebugdialog: allows you to specify which debug messages you want to see - kdeprint: the KDE printing system - kdesktop: you guessed it: the desktop above the panel - kdesu: a graphical front end to "su" - kdm: replacement for XDM, for those people that like graphical logins - kfind: find files - khelpcenter: the app to read all great documentation about KDE - khotkeys: intercepts keys and can call applications - kicker: the panel at the botton with the K start button and the taskbar etc - kioslave: infrastructure that helps make every application internet enabled e.g. to directly save a file to ftp://place.org/dir/file.txt - klipper: enhances and extenses the X clipboard - kmenuedit: edit for the menu below the K start button - konqueror: the file manager and web browser you get easily used to - kpager: applet to show the contents of the virtual desktops - kpersonalizer: the customization wizard you get when you first start KDE - kreadconfig: a tool for shell scripts to get info from KDE's config files - kscreensaver: the KDE screensaver environment and lot's of savers - ksmserver: the KDE session manager (saves program status on login, restarts those program at the next login) - ksplash: the screen displayed while KDE starts - kstart: to launch applications with special window properties such as iconified etc - ksysguard: task manager and system monitor, even for remote systems - ksystraycmd: allows to run any application in the system tray - ktip: gives you tips how to use KDE - kwin: the KDE window manager - kxkb: a keyboard map tool - legacyimport: odd name for a cute program to load GTK themes - libkonq: some libraries needed by Konqueror - nsplugins: together with OSF/Motif or Lesstif allows you to use Netscape (tm) plugins in Konqueror %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Wed Dec 15 11:57:58 2004 Importance: security %pre Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CAN-2004-1171). Another vulnerability was discovered where a malicious website could abuse Konqueror to load its own content into a window or tab that was opened by a trusted website, or it could trick a trusted website into loading content into an existing window or tab. This could lead to the user being confused as to the origin of a particular webpage and could have the user unknowingly send confidential information intended for a trusted site to the malicious site (CAN-2004-1158). The updated packages contain a patch from the KDE team to solve this issue. Additionally, the kdelibs and kdebase packages for Mandrakelinux 10.1 contain numerous bugfixes. New qt3 packages are being provided for Mandrakelinux 10.0 that are required to build the kdebase package. %description Libraries for the K Desktop Environment. %package libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql qt3-common qt3-example Updated: Wed Dec 15 12:03:50 2004 Importance: normal %pre Updated qt3 packages required for new kdebase update. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package mandrakelinux-kde-config-file Updated: Wed Dec 15 12:04:55 2004 Importance: normal %pre Updated package required by kdebase updates. %description This package regroups all specific Mandrakelinux config file for KDE. (kicker config etc.) %package libphp_common432 php432-devel php-cgi php-cli Updated: Fri Dec 17 15:21:31 2004 Importance: security %pre A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough to warrant CVE names, however the packages provided, with the exception of the Corporate Server 2.1 packages, include fixes for all of the vulnerabilities, thanks to the efforts of the OpenPKG team who extracted and backported the fixes. The vulnerabilities fixed in all provided packages include a fix for a possible information disclosure, double free, and negative reference index array underflow in deserialization code (CAN-2004-1019). As well, the exif_read_data() function suffers from an overflow on a long sectionname; this vulnerability was discovered by Ilia Alshanetsky (CAN-2004-1065). The other fixes that appear in Mandrakelinux 9.2 and newer packages include a fix for out of bounds memory write access in shmop_write() and integer overflow/underflows in the pack() and unpack() functions. The addslashes() function did not properly escape "\0" correctly. A directory bypass issue existed in safe_mode execution. There is an issue of arbitrary file access through path truncation. Finally, the "magic_quotes_gpc" functionality could lead to one level directory traversal with file uploads. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package ethereal Updated: Mon Dec 20 10:10:11 2004 Importance: security %pre A number of vulnerabilities were discovered in Ethereal: - Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash (CAN-2004-1139) - An invalid RTP timestamp could make Ethereal hand and create a large temporary file, possibly filing available disk space (CAN-2004-1140) - The HTTP dissector could access previously-freed memory, causing a crash (CAN-2004-1141) - Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization (CAN-2004-1142) Ethereal 0.10.8 was released to correct these problems and is being provided. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package aspell libaspell15 libaspell15-devel Updated: Mon Dec 20 11:46:53 2004 Importance: security %pre A vulnerability was discovered in the aspell word-list-compress that can allow an attacker to execute arbitrary code. The updated packages have been patched to correct this problem. %description GNU Aspell is a Free and Open Source spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Its main feature is that it does a much better job of coming up with possible suggestions than just about any other spell checker out there for the English language, including Ispell and Microsoft Word. It also has many other technical enhancements over Ispell such as using shared memory for dictionaries and intelligently handling personal dictionaries when more than one Aspell process is open at once. %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Tue Dec 21 18:08:54 2004 Importance: security %pre A vulnerability in the Konqueror webbrowser was discovered where an untrusted java applet could escalate privileges (through JavaScript calling into Java code). This includes the reading and writing of files with the privileges of the user running the applet. The provided packages have been patched to correct this problem. %description Libraries for the K Desktop Environment. %package logcheck Updated: Tue Dec 21 18:11:05 2004 Importance: security %pre A vulnerability was discovered in the logcheck program by Christian Jaeger. This could potentially lead to a local attacker overwriting files with root privileges. The updated packages have been patched to prevent the problem. %description Logcheck is a software package that is designed to automatically run and check system log files for security violations and unusual activity. Logcheck utilizes a program called logtail that remembers the last position it read from in a log file and uses this position on subsequent runs to process new information. All source code is available for review and the implementation was kept simple to avoid problems. This package is a clone of the frequentcheck.sh script from the Trusted Information Systems Gauntlet(tm) firewall package. TIS has granted permission for me to clone this package. %package ftp-client-krb5 ftp-server-krb5 krb5-server krb5-workstation libkrb51 libkrb51-devel telnet-client-krb5 telnet-server-krb5 Updated: Tue Dec 21 18:14:24 2004 Importance: security %pre Michael Tautschnig discovered a heap buffer overflow in the history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) server. The updated packages have been patched to prevent this problem. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package libdha0.1 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Updated: Tue Dec 21 19:58:36 2004 Importance: security %pre A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code, and multiple buffer overflows in the BMP demuxer and mp3lib code. The updated packages have been patched to prevent these problems. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer9/Codecs %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel nss_wins samba-client samba-common samba-doc samba-passdb-mysql samba-passdb-pgsql samba-passdb-xml samba-server samba-swat samba-vscan-clamav samba-vscan-icap samba-winbind Updated: Mon Dec 27 10:40:45 2004 Importance: security %pre Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs. The updated packages have been patched to correct this issue. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Wed Dec 29 12:54:19 2004 Importance: security %pre A vulnerability in the Konqueror web browser was discovered that would allow a malicious web site to take advantage of a flaw in kio_ftp to send email messages without user interaction. The updated packages are patched to correct the problem. %description Libraries for the K Desktop Environment. %package glibc glibc-debug glibc-devel glibc-doc glibc-doc-pdf glibc-i18ndata glibc-profile glibc-static-devel glibc-utils ldconfig nptl-devel nscd timezone Updated: Wed Dec 29 12:54:41 2004 Importance: security %pre The Trustix developers discovered that the catchsegv and glibcbug utilities, part of the glibc package, created temporary files in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. The updated packages have been patched to correct this issue. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package xpdf Updated: Wed Dec 29 12:56:19 2004 Importance: security %pre iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package gpdf Updated: Wed Dec 29 12:57:20 2004 Importance: security %pre iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like gpdf, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. %description GNOME PDF Viewer, based on xpdf %package kdegraphics kdegraphics-common kdegraphics-kdvi kdegraphics-kfax kdegraphics-kghostview kdegraphics-kiconedit kdegraphics-kooka kdegraphics-kpaint kdegraphics-kpdf kdegraphics-kpovmodeler kdegraphics-kruler kdegraphics-ksnapshot kdegraphics-ksvg kdegraphics-kuickshow kdegraphics-kview kdegraphics-mrmlsearch libkdegraphics0-common libkdegraphics0-common-devel libkdegraphics0-kooka libkdegraphics0-kooka-devel libkdegraphics0-kpovmodeler libkdegraphics0-kpovmodeler-devel libkdegraphics0-ksvg libkdegraphics0-ksvg-devel libkdegraphics0-kuickshow libkdegraphics0-kview libkdegraphics0-kview-devel libkdegraphics0-mrmlsearch Updated: Wed Dec 29 12:58:12 2004 Importance: security %pre iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like kdegraphics, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package koffice libkoffice2 libkoffice2-devel Updated: Wed Dec 29 13:00:19 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as koffice (CAN-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like koffice which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like koffice, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CAN-2004-1125). The updated packages are patched to protect against these vulnerabilities. %description Office applications for the K Desktop Environment. KOffice contains: * KWord: word processor * KSpread: spreadsheet * KPresenter: presentations * KChart: diagram generator * KOntour * Krayon * Kugar * Kivio * Some filters (Excel 97, Winword 97/2000, etc.) %package jadetex tetex tetex-afm tetex-context tetex-devel tetex-doc tetex-dvilj tetex-dvipdfm tetex-dvips tetex-latex tetex-mfwin tetex-texi2html tetex-xdvi xmltex Updated: Wed Dec 29 13:01:21 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as tetex (CAN-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like tetex which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like tetex, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CAN-2004-1125). The updated packages are patched to protect against these vulnerabilities. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Wed Dec 29 13:08:35 2004 Importance: security %pre iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like cups, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Updated: Thu Jan 06 09:48:49 2005 Importance: security %pre Several vulnerabilities have been discovered in the libtiff package: iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag. iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CAN-2004-1308) The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry. The updated packages are patched to protect against these vulnerabilities. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package libwxgtk2.5 libwxgtk2.5-devel libwxgtkgl2.5 wxGTK2.5 Updated: Thu Jan 06 09:49:46 2005 Importance: security %pre Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities: iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag. iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CAN-2004-1308) The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry. The updated packages are patched to protect against these vulnerabilities. %description wxWindows is a free C++ library for cross-platform GUI development. With wxWindows, you can create applications for different GUIs (GTK+, Motif/LessTif, MS Windows, Mac) from the same source code. %package vim-common vim-enhanced vim-minimal vim-X11 Updated: Thu Jan 06 09:50:14 2005 Importance: security %pre Several "modeline"-related vulnerabilities were discovered in Vim by Ciaran McCreesh. The updated packages have been patched with Bram Moolenaar's vim 6.3.045 patch which fixes the reported vulnerabilities and adds more conservative "modeline" rights. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package nasm nasm-doc nasm-rdoff Updated: Thu Jan 06 09:50:55 2005 Importance: security %pre A buffer overflow in nasm was discovered by Jonathan Rockway. This vulnerability could lead to the execution of arbitrary code when compiling a malicious assembler source file. The updated packages are patched to correct the problem. %description NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. %package nfs-utils nfs-utils-clients Updated: Tue Jan 11 09:38:24 2005 Importance: security %pre Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could then lead to the execution of arbitrary code. The updated packages are provided to prevent this issue. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package hylafax hylafax-client hylafax-server libhylafax4.1.1 libhylafax4.1.1-devel Updated: Wed Jan 12 15:05:25 2005 Importance: security %pre Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system. The updated packages are provided to prevent this issue. Note that the packages included with Corporate Server 2.1 do not require this fix. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. You need this package if you are going to install hylafax-client and/or hylafax server. Most users want mgetty-voice to be installed too. %package libimlib2_1 libimlib2_1-devel libimlib2_1-filters libimlib2_1-loaders Updated: Wed Jan 12 15:05:57 2005 Importance: security %pre Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib. These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026). The updated packages have been patched to prevent these problems. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. Build Options: --with mmx Enable mmx cpu detection (10% - 30% speedup) %package imlib imlib-cfgeditor libimlib1 libimlib1-devel Updated: Wed Jan 12 15:06:14 2005 Importance: security %pre Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib. These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026). The updated packages have been patched to prevent these problems. %description Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Install imlib if you need an image loading and rendering library for X11R6. You may also want to install the imlib-cfgeditor package, which will help you configure Imlib. %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Mon Jan 17 11:24:01 2005 Importance: security ID: MDKSA-2005:008 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:008 %pre A buffer overflow was discovered in the ParseCommand function in the hpgltops utility. An attacker with the ability to send malicious HPGL files to a printer could possibly execute arbitrary code as the "lp" user (CAN-2004-1267). Vulnerabilities in the lppasswd utility were also discovered. The program ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS passwd file or prevent future use of lppasswd (CAN-2004-1268 and CAN-2004-1269). As well, lppasswd does not verify that the passwd.new file is different from STDERR, which could allow a local user to control output to passwd.new via certain user input that could trigger an error message (CAN-2004-1270). The updated packages have been patched to prevent these problems. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package mpg123 Updated: Wed Jan 19 11:57:10 2005 Importance: security ID: MDKSA-2005:009 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:009 %pre A vulnerability in mpg123's ability to parse frame headers in input streams could allow a malicious file to exploit a buffer overflow and execute arbitray code with the permissions of the user running mpg123. The updated packages have been patched to prevent these problems. %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org/ %package playmidi playmidi-X11 Updated: Wed Jan 19 11:58:51 2005 Importance: security ID: MDKSA-2005:010 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:010 %pre Erik Sjolund discovered a buffer overflow in playmidi that could be exploited by a local attacker if installed setuid root. Note that by default Mandrakelinux does not ship playmidi installed setuid root. %description Playmidi plays MIDI (Musicial Instrument Digital Interface) sound files through a sound card synthesizer. This package includes basic drum samples for use with simple FM synthesizers. Install playmidi if you want to play MIDI files using your computer's sound card. %package libxine1 libxine1-devel xine-aa xine-arts xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-plugins Updated: Wed Jan 19 12:00:06 2005 Importance: security ID: MDKSA-2005:011 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:011 %pre iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CAN-2004-1187). As well, they discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CAN-2004-1188). Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size making it vulnerable to a buffer overflow problem (CAN-2004-1300). The updated packages have been patched to prevent these problems. %description xine is a free gpl-licensed video player for unix-like systems. %package zhcon Updated: Mon Jan 24 10:04:32 2005 Importance: security ID: MDKSA-2005:012 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:012 %pre Erik Sjolund discovered that zhcon accesses a user-controlled configuration file with elevated privileges which could make it possible to read arbitrary files. The updated packages have been patched to prevent these problems. %description Zhcon is a fast Linux Console which supports framebuffer device. It can display Chinese, Japanese or Korean (CJK) double byte characters. Supported language encodings include: GB2312, GBK, BIG5, JIS and KSCM. It can also use input methods (table based) from unicon. %package ethereal Updated: Mon Jan 24 12:01:35 2005 Importance: security ID: MDKSA-2005:013 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:013 %pre A number of vulnerabilities were found in Ethereal, all of which are fixed in version 0.10.9: The COPS dissector could go into an infinite loop (CAN-2005-0006); the DLSw dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0007); the DNP dissector could cause memory corruption (CAN-2005-0008); the Gnutella dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0009); the MMSE dissector could free static memory (CAN-2005-0010); and the X11 protocol dissector is vulnerable to a string buffer overflow (CAN-2005-0084). %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package squid Updated: Mon Jan 24 15:35:29 2005 Importance: security ID: MDKSA-2005:014 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:014 %pre "infamous41md" discovered two vulnerabilities in the squid proxy cache server. The first is a buffer overflow in the Gopher response parser which leads to memory corruption and would usually crash squid (CAN-2005-0094). The second is an integer overflow in the receiver of WCCP (Web Cache Communication Protocol) messages. An attacker could send a specially crafted UDP datagram that would cause squid to crash (CAN-2005-0095). The updated packages have been patched to prevent these problems. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package libphp_common432 php432-devel php-cgi php-cli Updated: Mon Jan 24 18:54:34 2005 Importance: bugfix ID: MDKA-2005:004 URL: http://www.mandrakesoft.com/security/advisories?name=MDKA-2005:004 %pre When php tries to opens a connection using fsockopen(), but the connection fails, php would not close the socket. The updated packages fix this problem. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package mailman Updated: Mon Jan 24 19:06:40 2005 Importance: security ID: MDKSA-2005:015 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:015 %pre Florian Weimer discovered a vulnerability in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Input is not properly sanitised by "scripts/driver" when returning error pages. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of a vulnerable site by tricking a user into visiting a malicious web site or follow a specially crafted link. (CAN-2004-1177). %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain Note: Please review README.MDK for post-install notes, particularly if you are installing the package from a GUI, or migrating existing lists. %package gpdf Updated: Tue Jan 25 13:16:31 2005 Importance: security ID: MDKSA-2005:016 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:016 %pre A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Gpdf uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems. %description GNOME PDF Viewer, based on xpdf %package xpdf Updated: Tue Jan 25 13:16:48 2005 Importance: security ID: MDKSA-2005:017 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:017 %pre A buffer overflow vulnerability was discovered in the xpdf PDF viewer, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The updated packages have been patched to prevent these problems. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Tue Jan 25 13:17:18 2005 Importance: security ID: MDKSA-2005:018 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:018 %pre A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Cups uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package koffice libkoffice2 libkoffice2-devel Updated: Tue Jan 25 13:17:40 2005 Importance: security ID: MDKSA-2005:019 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:019 %pre A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Koffice uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems. %description Office applications for the K Desktop Environment. KOffice contains: * KWord: word processor * KSpread: spreadsheet * KPresenter: presentations * KChart: diagram generator * KOntour * Krayon * Kugar * Kivio * Some filters (Excel 97, Winword 97/2000, etc.) %package kdegraphics kdegraphics-common kdegraphics-kdvi kdegraphics-kfax kdegraphics-kghostview kdegraphics-kiconedit kdegraphics-kooka kdegraphics-kpaint kdegraphics-kpdf kdegraphics-kpovmodeler kdegraphics-kruler kdegraphics-ksnapshot kdegraphics-ksvg kdegraphics-kuickshow kdegraphics-kview kdegraphics-mrmlsearch libkdegraphics0-common libkdegraphics0-common-devel libkdegraphics0-kooka libkdegraphics0-kooka-devel libkdegraphics0-kpovmodeler libkdegraphics0-kpovmodeler-devel libkdegraphics0-ksvg libkdegraphics0-ksvg-devel libkdegraphics0-kuickshow libkdegraphics0-kview libkdegraphics0-kview-devel libkdegraphics0-mrmlsearch Updated: Tue Jan 25 13:21:41 2005 Importance: security ID: MDKSA-2005:020 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:020 %pre A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Kdegraphics uses xpdf code and is susceptible to the same vulnerability. 10.1 packages also include a fix for ksvg kde bug #74457. The updated packages have been patched to prevent these problems. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package jadetex tetex tetex-afm tetex-context tetex-devel tetex-doc tetex-dvilj tetex-dvipdfm tetex-dvips tetex-latex tetex-mfwin tetex-texi2html tetex-xdvi xmltex Updated: Tue Jan 25 13:23:00 2005 Importance: security ID: MDKSA-2005:021 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:021 %pre A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Tetex uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package kernel-2.4.25.13mdk kernel-2.6.3.25mdk kernel-enterprise-2.4.25.13mdk kernel-enterprise-2.6.3.25mdk kernel-i686-up-4GB-2.4.25.13mdk kernel-i686-up-4GB-2.6.3.25mdk kernel-p3-smp-64GB-2.4.25.13mdk kernel-p3-smp-64GB-2.6.3.25mdk kernel-secure-2.6.3.25mdk kernel-smp-2.4.25.13mdk kernel-smp-2.6.3.25mdk kernel-source kernel-source kernel-source-stripped Updated: Tue Jan 25 13:35:28 2005 Importance: security ID: MDKSA-2005:022 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 %pre A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory: - Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CAN-2004-0814) - Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CAN-2004-0816) - Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CAN-2004-0883 and CAN-2004-0949) - Paul Starzetz and Georgi Guninski reported, independantly, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CAN-2004-1016) - Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CAN-2004-1058) - Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CAN-2004-1068) - Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CAN-2004-1069) - Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073) - It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CAN-2004-1074) - Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CAN-2004-1137) - Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CAN-2004-1151) - Paul Starzetz found locally exploitable flaws in the binary format loader's uselib() function that could be abused to allow a local user to obtain root privileges (CAN-2004-1235) - Paul Starzetz found an exploitable flaw in the page fault handler when running on SMP machines (CAN-2005-0001) - A vulnerability in insert_vm_struct could allow a locla user to trigger BUG() when the user created a large vma that overlapped with arg pages during exec (CAN-2005-0003) - Paul Starzetz also found a number of vulnerabilities in the kernel binfmt_elf loader that could lead a local user to obtain elevated (root) privileges (isec-0017-binfmt_elf) The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the latest module-init-tools package prior to upgrading their kernel. Likewise, MNF8.2 users will need to upgrade to the latest modutils package prior to upgrading their kernel. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrakelinux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package module-init-tools Updated: Wed Jan 26 15:20:33 2005 Importance: normal ID: MDKSA-2005:022 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 %pre A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory: - Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CAN-2004-0814) - Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CAN-2004-0816) - Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CAN-2004-0883 and CAN-2004-0949) - Paul Starzetz and Georgi Guninski reported, independantly, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CAN-2004-1016) - Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CAN-2004-1058) - Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CAN-2004-1068) - Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CAN-2004-1069) - Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073) - It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CAN-2004-1074) - Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CAN-2004-1137) - Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CAN-2004-1151) - Paul Starzetz found locally exploitable flaws in the binary format loader's uselib() function that could be abused to allow a local user to obtain root privileges (CAN-2004-1235) - Paul Starzetz found an exploitable flaw in the page fault handler when running on SMP machines (CAN-2005-0001) - A vulnerability in insert_vm_struct could allow a locla user to trigger BUG() when the user created a large vma that overlapped with arg pages during exec (CAN-2005-0003) - Paul Starzetz also found a number of vulnerabilities in the kernel binfmt_elf loader that could lead a local user to obtain elevated (root) privileges (isec-0017-binfmt_elf) The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the latest module-init-tools package prior to upgrading their kernel. Likewise, MNF8.2 users will need to upgrade to the latest modutils package prior to upgrading their kernel. %description This package contains a set of programs for loading, inserting, and removing kernel modules for Linux (versions 2.5.47 and above). It serves the same function that the "modutils" package serves for Linux 2.4. %package evolution evolution-devel evolution-pilot Updated: Thu Jan 27 09:59:38 2005 Importance: security ID: MDKSA-2005:024 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:024 %pre Max Vozeler discovered an integer overflow in the camel-lock-helper application. This application is installed setgid mail by default. A local attacker could exploit this to execute malicious code with the privileges of the "mail" group; likewise a remote attacker could setup a malicious POP server to execute arbitrary code when an Evolution user connects to it. The updated packages have been patched to prevent this problem. %description Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. %package mdkonline Updated: Thu Jan 27 13:18:15 2005 Importance: normal ID: MDKA-2005:006 URL: http://www.mandrakesoft.com/security/advisories?name=MDKA-2005:006 %pre A permissions flaw was found on /etc/sysconfig/mdkonline which prevented users from reading the file. This has been fixed in the updated packages. Better x86_64 support has also been added, as well as other minor fixes. %description The MandrakeOnline tool is designed for registered users who want to upload their configuration (packages, hardware infos). This allows them to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * MandrakeOnline wizard for users registration and configuration uploads, * Mdkupdate daemon which allows you to install security updates automatically, * Mdkapplet which is a KDE/Gnome applet for security updates notification and installation. %package nut nut-cgi nut-devel nut-server Updated: Thu Jan 27 13:18:46 2005 Importance: normal ID: MDKA-2005:007 URL: http://www.mandrakesoft.com/security/advisories?name=MDKA-2005:007 %pre A bug in the upsd initscript used by nut exists where it starts the upsd/powerdown script earlier in the halt/shutdown process to ensure it still has access to USB. However, this was done too earlier, while the root partition was still mounted in read/write mode. Due to this delay, it was possible that the UPS would run out of power before a clean halt. The updated packages are fixed to remove the delay that could cause the problem. It is important to note that users make sure their UPS has at least a 15 second delay before shutting down; most UPS units have this feature by default, but not all. Users can also manage the shutdown delay in the nut configuration file if their nut-driver supports it. %description These programs are part of a developing project to monitor the assortment of UPSes that are found out there in the field. Many models have serial ports of some kind that allow some form of state checking. This capability has been harnessed where possible to allow for safe shutdowns, live status tracking on web pages, and more. This package includes the client utilities that are required to monitor a UPS that the client host is powered from - either connected directly via a serial port (in which case the main nut package needs to be installed on this machine) or across the network (where another host on the network monitors the UPS via serial cable and runs the main nut package to allow clients to see the information). %package imap imap-devel imap-utils Updated: Tue Feb 01 11:37:03 2005 Importance: security ID: MDKSA-2005:026 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:026 %pre A vulnerability was discovered in the CRAM-MD5 authentication in UW-IMAP where, on the fourth failed authentication attempt, a user would be able to access the IMAP server regardless. This problem exists only if you are using CRAM-MD5 authentication and have an /etc/cram-md5.pwd file. This is not the default setup. The updated packages have been patched to prevent these problems. %description The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. The POP protocol uses a "post office" machine to collect mail for users and allows users to download their mail to their local machine for reading. The IMAP protocol provides the functionality of POP, but allows a user to read mail on a remote machine without downloading it to their local machine. Install the imap package if you need a server to support the IMAP or the POP mail access protocols. %package chbg Updated: Tue Feb 01 11:37:52 2005 Importance: security ID: MDKSA-2005:027 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:027 %pre A vulnerability in chbg was discovered by Danny Lungstrom. A maliciously-crafted configuration/scenario file could overflow a buffer leading to the potential execution of arbitrary code. The updated packages are patched to prevent the problem. %description ChBg is for changing desktop backgrounds in a given period. It can render images with 10 modes (such as tiled, centered, scaled, etc.). It uses Imlib1, Imlib2, or gdk_pixbuf for loading images, so it supports many image formats. This version uses gdk-pixbuf. ChBg has a windowed setup program, is able to load setup files, can be used as slideshow picture previewer in its own window or as a desktop background, and can be used as screensaver or as an xscreensaver hack. It has a dialog for fast previewing of pictures and very usable thumbnail previews. %package ipxutils libncpfs2.3 libncpfs2.3-devel ncpfs Updated: Tue Feb 01 11:38:46 2005 Importance: security ID: MDKSA-2005:028 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:028 %pre Erik Sjolund discovered two vulnerabilities in programs bundled with ncpfs. Due to a flaw in nwclient.c, utilities that use the NetWare client functions insecurely access files with elevated privileges (CAN-2005-0013), and there is a potentially exploitable buffer overflow in the ncplogin program (CAN-2005-0014). As well, an older vulnerability found by Karol Wiesek is corrected with these new versions of ncpfs. Karol found a buffer overflow in the handling of the '-T' option in the ncplogin and ncpmap utilities (CAN-2004-1079). %description Ncpfs is a filesystem which understands the Novell NetWare(TM) NCP protocol. Functionally, NCP is used for NetWare the way NFS is used in the TCP/IP world. For a Linux system to mount a NetWare filesystem, it needs a special mount program. The ncpfs package contains such a mount program plus other tools for configuring and using the ncpfs filesystem. Install the ncpfs package if you need to use the ncpfs filesystem to use Novell NetWare files or services. %package vim-common vim-enhanced vim-minimal vim-X11 Updated: Wed Feb 02 13:34:12 2005 Importance: security ID: MDKSA-2005:029 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:029 %pre Javier Fernandez-Sanguino Pena discovered two vulnerabilities in scripts included with the vim editor. The two scripts, "tcltags" and "vimspell.sh" created temporary files in an insecure manner which could allow a malicious user to execute a symbolic link attack or to create, or overwrite, arbitrary files with the privileges of the user invoking the scripts. The updated packages are patched to prevent this problem. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package perl-DBI perl-DBI-ProfileDumper-Apache perl-DBI-proxy Updated: Tue Feb 08 09:16:01 2005 Importance: security ID: MDKSA-2005:030 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:030 %pre Javier Fernandez-Sanguino Pena disovered the perl5 DBI library created a temporary PID file in an insecure manner, which could be exploited by a malicious user to overwrite arbitrary files owned by the user executing the parts of the library. The updated packages have been patched to prevent these problems. %description The Perl Database Interface (DBI) is a database access Application Programming Interface (API) for the Perl Language. The Perl DBI API specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. %package perl perl-base perl-devel perl-doc Updated: Tue Feb 08 09:17:44 2005 Importance: security ID: MDKSA-2005:031 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:031 %pre Jeroen van Wolffelaar discovered that the rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack (CAN-2004-0452). Trustix developers discovered several insecure uses of temporary files in many modules which could allow a local attacker to overwrite files via symlink attacks (CAN-2004-0976). "KF" discovered two vulnerabilities involving setuid-enabled perl scripts. By setting the PERLIO_DEBUG environment variable and calling an arbitrary setuid-root perl script, an attacker could overwrite arbitrary files with perl debug messages (CAN-2005-0155). As well, calling a setuid-root perl script with a very long path would cause a buffer overflow if PERLIO_DEBUG was set, which could be exploited to execute arbitrary files with root privileges (CAN-2005-0156). The provided packages have been patched to resolve these problems. %description Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications (and what it excels at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. You need perl-base to have a full perl. %package cpio Updated: Thu Feb 10 09:15:54 2005 Importance: security ID: MDKSA-2005:032 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:032 %pre A vulnerability in cpio was discovered where cpio would create world- writeable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user. %description GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. %package enscript Updated: Thu Feb 10 12:51:46 2005 Importance: security ID: MDKSA-2005:033 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:033 %pre A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found. An attacker could create a carefully crafted ASCII file which would make used of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript (CAN-2004-1184). Additionally, flaws were found in enscript that could be abused by executing enscript with carefully crafted command-line arguments. These flaws only have a security impact if enscript is executed by other programs and passed untrusted data from remote users (CAN-2004-1185 and CAN-2004-1186). The updated packages have been patched to prevent these problems. %description GNU enscript is a free replacement for Adobe's Enscript program. Enscript converts ASCII files to PostScript(TM) and spools generated PostScript output to the specified printer or saves it to a file. Enscript can be extended to handle different output media and includes many options for customizing printouts. %package squid Updated: Thu Feb 10 12:56:47 2005 Importance: security ID: MDKSA-2005:034 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:034 %pre More vulnerabilities were discovered in the squid server: The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls (CAN-2005-0173). Minor problems in the HTTP header parsing code that could be used for cache poisoning (CAN-2005-0174 and CAN-2005-0175). A buffer overflow in the WCCP handling code allowed remote attackers to cause a Denial of Service and could potentially allow for the execution of arbitrary code by using a long WCCP packet. The updated packages have been patched to prevent these problems. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package libpython2.3 libpython2.3-devel python python-base python-docs tkinter Updated: Thu Feb 10 12:58:03 2005 Importance: security ID: MDKSA-2005:035 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:035 %pre A flaw in the python language was found by the development team. The SimpleXMLRPCServer library module could permit remote attackers unintended access to internals of the registered object or it's module, or possibly even other modules. This only affects python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers that only use the register_function() method are not affected. The updated packages have been patched to prevent these problems. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package libmysql12 libmysql12-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max Updated: Thu Feb 10 12:59:15 2005 Importance: security ID: MDKSA-2005:036 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:036 %pre A temporary file vulnerability in the mysqlaccess script in MySQL was discovered by Javier Fernandez-Sanguino Pena. This flaw could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack. It could also be used to view the contents of a temporary file which could contain sensitive information. The updated packages have been patched to prevent these problems. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package mailman Updated: Mon Feb 14 15:49:31 2005 Importance: security ID: MDKSA-2005:037 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:037 %pre A vulnerability was discovered in Mailman, which allows a remote directory traversal exploit using URLs of the form ".../....///" to access private Mailman configuration data. The vulnerability lies in the Mailman/Cgi/private.py file. Updated packages correct this issue. %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain Note: Please review README.MDK for post-install notes, particularly if you are installing the package from a GUI, or migrating existing lists. %package xemacs xemacs-devel xemacs-el xemacs-extras xemacs-packages Updated: Tue Feb 15 09:18:17 2005 Importance: security ID: MDKSA-2005:038 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:038 %pre Max Vozeler discovered several format string vulnerabilities in the movemail utility in Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The updated packages have been patched to correct the problem. %description XEmacs is a self-documenting, customizable, extensible, real-time display editor. XEmacs is self-documenting because at any time you can type in control-h to find out what your options are or to find out what a command does. XEmacs is customizable because you can change the definitions of XEmacs commands to anything you want. XEmacs is extensible because you can write entirely new commands--programs in the Lisp language to be run by Emacs' own Lisp interpreter. XEmacs includes a real-time display, which means that the text being edited is visible on the screen and is updated very frequently (usually after every character or pair of characters) as you type. To use XEmacs, you'll need to install the XEmacs binary. The xemacs package includes the standard XEmacs binary that most people will use. The XEmacs binary is dynamically linked, with both X11 and TTY (ncurses) support, but without mule (MUlti-Lingual Emacs, the Asian character set) support. %package emacs emacs-el emacs-leim emacs-nox emacs-X11 Updated: Tue Feb 15 09:21:55 2005 Importance: security ID: MDKSA-2005:038 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:038 %pre Max Vozeler discovered several format string vulnerabilities in the movemail utility in Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The updated packages have been patched to correct the problem. %description Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news and more without leaving the editor. This package includes the libraries you need to run the Emacs editor, so you need to install this package if you intend to use Emacs. You also need to install the actual Emacs program package (emacs-nox or emacs-X11). Install emacs-nox if you are not going to use the X Window System; install emacs-X11 if you will be using X. %package rwho Updated: Wed Feb 16 14:57:15 2005 Importance: security ID: MDKSA-2005:039 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:039 %pre A vulnerability in rwhod was discovered by "Vlad902" that can be abused to crash the listening process (the broadcasting process is not affected). This vulnerability only affects little endian architectures. The updated packages have been patched to correct the problem. %description The rwho command displays output similar to the output of the who command (it shows who is logged in) for all machines on the local network running the rwho daemon. Install the rwho command if you need to keep track of the users who are logged in to your local network. %package libecpg3 libecpg3-devel libpgtcl2 libpgtcl2-devel libpq3 libpq3-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-server postgresql-tcl postgresql-test Updated: Thu Feb 17 10:46:06 2005 Importance: security ID: MDKSA-2005:040 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:040 %pre A number of vulnerabilities were found and corrected in the PostgreSQL DBMS: A flaw in the LOAD command could be abused by a local user to load arbitrary shared libraries and as a result execute arbitrary code with the privileges of the user running the postgresql server (CAN-2005-0227). A permission checking flaw was found where a local user could bypass the EXECUTE permission check for functions using the CREATE AGGREGATE command (CAN-2005-0244). Multiple bufffer overflows were discovered in PL/PgSQL. A database user with permission to create plpgsql functions could trigger these flaws which could then lead to arbitrary code execution with the privileges of the user running the postgresql server (CAN-2005-0245 and CAN-2005-0247). Finally, a flaw in the integer aggregator (intagg) contrib module was found. A user could create carefully crafted arrays and crash the server, causing a Denial of Service (CAN-2005-0246). The updated packages have been patched to correct these problems. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Thu Feb 17 10:56:12 2005 Importance: security ID: MDKSA-2005:045 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:045 %pre A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email. As well, Davide Madrisan discovered that dcopidlng created temporary files in an insecure manner. The updated packages are patched to deal with these issues. %description Libraries for the K Desktop Environment. %package squid Updated: Thu Feb 24 10:03:32 2005 Importance: security ID: MDKSA-2005:047 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:047 %pre The squid developers discovered that a remote attacker could cause squid to crash via certain DNS responses. The updated packages are patched to fix the problem. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package curl libcurl2 libcurl2-devel Updated: Wed Mar 02 10:36:38 2005 Importance: security ID: MDKSA-2005:048 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:048 %pre "infamous41md" discovered a buffer overflow vulnerability in libcurl's NTLM authorization base64 decoding. This could allow a remote attacker using a prepared remote server to execute arbitrary code as the user running curl. The updated packages are patched to deal with these issues. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. If you wish to install this package, you must also install the curl-lib package. NOTE: This version is compiled with SSL (https) support. %package gaim gaim-devel gaim-perl gaim-tcl libgaim-remote0 libgaim-remote0-devel Updated: Wed Mar 02 10:42:32 2005 Importance: security ID: MDKSA-2005:049 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:049 %pre Gaim versions prior to version 1.1.4 suffer from a few security issues such as the HTML parses not sufficiently validating its input. This allowed a remote attacker to crash the Gaim client be sending certain malformed HTML messages (CAN-2005-0208 and CAN-2005-0473). As well, insufficient input validation was also discovered in the "Oscar" protocol handler, used for ICQ and AIM. By sending specially crafted packets, remote users could trigger an inifinite loop in Gaim causing it to become unresponsive and hang (CAN-2005-0472). Gaim 1.1.4 is provided and fixes these issues. %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package gftp Updated: Wed Mar 02 10:47:26 2005 Importance: security ID: MDKSA-2005:050 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:050 %pre A vulnerability in gftp could allow a malicious FTP server to overwrite files on the local system as the user running gftp due to improper handling of filenames containing slashes. The updated packages are patched to deal with these issues. %description gFTP is a multithreaded FTP client for X Windows written using Gtk. It features simultaneous downloads, resuming of interrupted file transfers, file transfer queues, downloading of entire directories, ftp proxy support, remote directory caching, passive and non-passive file transfers, drag-n-drop, bookmarks menu, stop button, and many more features. %package imap imap-devel imap-utils Updated: Wed Mar 02 11:12:34 2005 Importance: bugfix ID: MDKA-2005:012 URL: http://www.mandrakesoft.com/security/advisories?name=MDKA-2005:012 %pre The imap package was missing a requires for xinetd, which is required for using the daemon. Updated packages include this requirement. %description The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. The POP protocol uses a "post office" machine to collect mail for users and allows users to download their mail to their local machine for reading. The IMAP protocol provides the functionality of POP, but allows a user to read mail on a remote machine without downloading it to their local machine. Install the imap package if you need a server to support the IMAP or the POP mail access protocols. %package cyrus-imapd cyrus-imapd-devel cyrus-imapd-murder cyrus-imapd-utils perl-Cyrus Updated: Wed Mar 02 11:18:39 2005 Importance: security ID: MDKSA-2005:051 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:051 %pre Several overruns have been fixed in the IMAP annote extension as well as in cached header handling which can be run by an authenticated user. As well, additional bounds checking in fetchnews was improved to avoid exploitation by a peer news admin. %description The Cyrus IMAP Server is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across multiple servers. It differs from other IMAP server implementations in that it is run on "sealed" servers, where users are not normally permitted to log in. The mailbox database is stored in parts of the filesystem that are private to the Cyrus IMAP system. All user access to mail is through software using the IMAP, POP3, or KPOP protocols. TLSv1 and SSL are supported for security. This is the main package, install also the cyrus-imapd-utils package (it contains server administration tools and depends on the perl-Cyrus package). %package kdegraphics kdegraphics-common kdegraphics-kdvi kdegraphics-kfax kdegraphics-kghostview kdegraphics-kiconedit kdegraphics-kooka kdegraphics-kpaint kdegraphics-kpdf kdegraphics-kpovmodeler kdegraphics-kruler kdegraphics-ksnapshot kdegraphics-ksvg kdegraphics-kuickshow kdegraphics-kview kdegraphics-mrmlsearch libkdegraphics0-common libkdegraphics0-common-devel libkdegraphics0-kooka libkdegraphics0-kooka-devel libkdegraphics0-kpovmodeler libkdegraphics0-kpovmodeler-devel libkdegraphics0-ksvg libkdegraphics0-ksvg-devel libkdegraphics0-kuickshow libkdegraphics0-kview libkdegraphics0-kview-devel libkdegraphics0-mrmlsearch Updated: Wed Mar 02 11:28:53 2005 Importance: security ID: MDKSA-2005:052 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:052 %pre Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CAN-2004-0888). This also affects applications like kdegraphics, that use embedded versions of xpdf. (CAN-2005-0206) In addition, previous libtiff updates overlooked kdegraphics, which contains and embedded libtiff used for kfax. This update includes patches to address: CAN-2004-0803, CAN-2004-0804, CAN-2004-0886, CAN-2004-1183, CAN-2004-1308. The updated packages are patched to deal with these issues. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package lvm2 Updated: Tue Mar 15 09:04:29 2005 Importance: bugfix ID: MDKA-2005:014-1 URL: http://www.mandrakesoft.com/security/advisories?name=MDKA-2005:014-1 %pre A bug in the lvm2 packages caused it to recurse symlinked directories indefinitely which caused lvm commands to be really slow or timeout. A patch has been applied to correct this problem. %update The previous update was mistakenly built for 10.1 rather than 10.0 and Corporate 3.0 as it should have been. This update provides the correct packages. %description LVM includes all of the support for handling read/write operations on physical volumes (hard disks, RAID-Systems, magneto optical, etc., multiple devices (MD), see mdadd(8) or even loop devices, see losetup(8)), creating volume groups (kind of virtual disks) from one or more physical volumes and creating one or more logical volumes (kind of logical partitions) in volume groups. %package ethereal Updated: Tue Mar 15 09:25:57 2005 Importance: security ID: MDKSA-2005:053 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:053 %pre A number of issues were discovered in Ethereal versions prior to 0.10.10, which is provided by this update. Matevz Pustisek discovered a buffer overflow in the Etheric dissector (CAN-2005-0704); the GPRS-LLC dissector could crash if the "ignore cipher bit" was enabled (CAN-2005-0705); Diego Giago found a buffer overflow in the 3GPP2 A11 dissector (CAN-2005-0699); Leon Juranic found a buffer overflow in the IAPP dissector (CAN-2005-0739); and bugs in the JXTA and sFlow dissectors could make Ethereal crash. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-login libsasl2-plug-ntlm libsasl2-plug-otp libsasl2-plug-plain libsasl2-plug-sasldb libsasl2-plug-srp Updated: Tue Mar 15 09:27:07 2005 Importance: security ID: MDKSA-2005:054 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:054 %pre A buffer overflow was discovered in cyrus-sasl's digestmd5 code. This could lead to a remote attacker executing code in the context of the service using SASL authentication. This vulnerability was fixed upstream in version 2.1.19. The updated packages are patched to deal with this issue. %description SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. %package libopenslp1 libopenslp1-devel openslp Updated: Tue Mar 15 10:02:57 2005 Importance: security ID: MDKSA-2005:055 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:055 %pre An audit by the SUSE Security Team of critical parts of the OpenSLP package revealed various buffer overflow and out of bounds memory access issues. These problems can be triggered by remote attackers by sending malformed SLP packets. The packages have been patched to prevent these problems. %description Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. OpenSLP is an open source implementation of the SLPv2 protocol as defined by RFC 2608 and RFC 2614. This package include the daemon, libraries, header files and documentation %package gnupg Updated: Tue Mar 15 10:21:02 2005 Importance: security ID: MDKSA-2005:057 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:057 %pre The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called "quick scan" and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption. The updated packages have been patched to disable the quick check for all public key-encrypted messages and files. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Wed Mar 16 10:21:06 2005 Importance: security ID: MDKSA-2005:058 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:058 %pre A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CAN-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CAN-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CAN-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately. %description Libraries for the K Desktop Environment. %package libmysql12 libmysql12-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max Updated: Mon Mar 21 10:13:56 2005 Importance: security ID: MDKSA-2005:060 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:060 %pre A number of vulnerabilities were discovered by Stefano Di Paola in the MySQL server: If an authenticated user had INSERT privileges on the 'mysql' database, the CREATE FUNCTION command allowed that user to use libc functions to execute arbitrary code with the privileges of the user running the database server (mysql) (CAN-2005-0709). If an authenticated user had INSERT privileges on the 'mysql' database, it was possible to load a library located in an arbitrary directory by using INSERT INTO mysql.func instead of CREATE FUNCTION. This also would allow the user to execute arbitrary code with the privileges of the user running the database server (CAN-2005-0710). Finally, temporary files belonging to tables created with CREATE TEMPORARY TABLE were handled in an insecure manner, allowing any local user to overwrite arbitrary files with the privileges of the database server (CAN-2005-0711). The updated packages have been patched to correct these issues. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package ftp-client-krb5 ftp-server-krb5 krb5-server krb5-workstation libkrb51 libkrb51-devel telnet-client-krb5 telnet-server-krb5 Updated: Tue Mar 29 18:33:44 2005 Importance: security ID: MDKSA-2005:061 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:061 %pre Two buffer overflow issues were discovered in the way telnet clients handle messages from a server. Because of these issues, an attacker may be able to execute arbitray code on the victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Kerberos package contains a telnet client and is patched to deal with these issues. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package ipsec-tools libipsec-tools0 Updated: Thu Mar 31 08:42:42 2005 Importance: security ID: MDKSA-2005:062 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:062 %pre A bug was discovered in the way that the racoon daemon handled incoming ISAKMP requests. It is possible that an attacker could crash the racoon daemon by sending a specially crafted ISAKMP packet. The updated packages have been patched to correct these issues. %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %package htdig htdig-devel htdig-web Updated: Thu Mar 31 08:43:49 2005 Importance: security ID: MDKSA-2005:063 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:063 %pre A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue. %description The ht://Dig system is a complete world wide web indexing and searching system for a small domain or intranet. This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Webcrawler and AltaVista. Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site. As opposed to some WAIS-based or web-server based search engines, ht://Dig can span several web servers at a site. The type of these different web servers doesn't matter as long as they understand the HTTP 1.0 protocol. ht://Dig was developed at San Diego State University as a way to search the various web servers on the campus network. %package libexif9 libexif9-devel Updated: Thu Mar 31 08:44:49 2005 Importance: security ID: MDKSA-2005:064 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:064 %pre A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to crash. The updated packages have been patched to correct these issues. %description Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. %package ImageMagick ImageMagick-doc libMagick5.5.7 libMagick5.5.7-devel perl-Magick Updated: Fri Apr 01 13:57:03 2005 Importance: security ID: MDKSA-2005:065 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:065 %pre A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim's machine provided they could trick them into opening a file with a special name (CAN-2005-0397). As well, Andrei Nigmatulin discovered a heap-based buffer overflow in ImageMagick's image handler. An attacker could create a special PhotoShop Document (PSD) image file in such a way that it would cause ImageMagick to execute arbitray code when processing the image (CAN-2005-0005). Other vulnerabilities were discovered in ImageMagick versions prior to 6.0: A bug in the way that ImageMagick handles TIFF tags was discovered. It was possible that a TIFF image with an invalid tag could cause ImageMagick to crash (CAN-2005-0759). A bug in ImageMagick's TIFF decoder was discovered where a specially- crafted TIFF image could cause ImageMagick to crash (CAN-2005-0760). A bug in ImageMagick's PSD parsing was discovered where a specially- crafted PSD file could cause ImageMagick to crash (CAN-2005-0761). Finally, a heap overflow bug was discovered in ImageMagick's SGI parser. If an attacker could trick a user into opening a specially- crafted SGI image file, ImageMagick would execute arbitrary code (CAN-2005-0762). The updated packages have been patched to correct these issues. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. Build Options: --with plf Build for PLF (LZW compression, fpx support) --with modules Compile all supported image types as modules --with jasper Enable JPEG2000 support %package grip Updated: Fri Apr 01 14:33:07 2005 Importance: security ID: MDKSA-2005:066 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:066 %pre A buffer overflow bug was found by Dean Brettle in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. The updated packages have been patched to correct these issues. %description Grip is a gtk-based cd-player and cd-ripper. It has the ripping capabilities of cdparanoia builtin, but can also use external rippers (such as cdda2wav). It also provides an automated frontend for MP3 encoders, letting you take a disc and transform it easily straight into MP3s. The CDDB protocol is supported for retrieving track information from disc database servers. Grip works with DigitalDJ to provide a unified "computerized" version of your music collection. %package sharutils Updated: Thu Apr 07 10:43:33 2005 Importance: security ID: MDKSA-2005:067 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:067 %pre Shaun Colley discovered a buffer overflow in shar that was triggered by output files (using -o) with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code. Ulf Harnhammar discovered that shar does not check the data length returned by the wc command. Joey Hess discovered that unshar would create temporary files in an insecure manner which could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user using unshar. The updated packages have been patched to correct these issues. %description %package gtk+2.0 libgdk_pixbuf2.0_0 libgdk_pixbuf2.0_0-devel libgtk+2.0_0 libgtk+2.0_0-devel libgtk+-linuxfb-2.0_0 libgtk+-linuxfb-2.0_0-devel libgtk+-x11-2.0_0 Updated: Thu Apr 07 10:57:08 2005 Importance: security ID: MDKSA-2005:068 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:068 %pre A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0. The updated packages have been patched to correct these issues. %description The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. If you are planning on using the GIMP or another program that uses GTK+, you'll need to have the gtk+ package installed. %package gdk-pixbuf-loaders libgdk-pixbuf2 libgdk-pixbuf2-devel libgdk-pixbuf-gnomecanvas1 libgdk-pixbuf-xlib2 Updated: Thu Apr 07 10:57:29 2005 Importance: security ID: MDKSA-2005:069 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:069 %pre A bug was discovered in the way that gdk-pixbuf processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gdk-pixbuf. The updated packages have been patched to correct these issues. %description The GdkPixBuf library provides a number of features: - Image loading facilities. - Rendering of a GdkPixBuf into various formats: drawables (windows, pixmaps), GdkRGB buffers. %package libmysql12 libmysql12-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max Updated: Tue Apr 12 18:26:17 2005 Importance: security ID: MDKSA-2005:070 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:070 %pre A vulnerability in MySQL would allow a user with grant privileges to a database with a name containing an underscore character ("_") to have the ability to grant privileges to other databases with similar names. This problem was previously discovered and fixed, but a new case where the problem still existed was recently discovered. The updated packages have been patched to correct this issue. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package libphp_common432 php432-devel php-cgi php-cli Updated: Mon Apr 18 14:06:31 2005 Importance: security ID: MDKSA-2005:072 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 %pre A number of vulnerabilities are addressed in this PHP update: Stefano Di Paolo discovered integer overflows in PHP's pack(), unpack(), and shmop_write() functions which could allow a malicious script to break out of safe mode and execute arbitray code with privileges of the PHP interpreter (CAN-2004-1018; this was previously fixed in Mandrakelinux >= 10.0 in MDKSA-2004:151). Stefan Esser discovered two safe mode bypasses which would allow malicious scripts to circumvent path restrictions by using virtual_popen() with a current directory containing shell meta- characters (CAN-2004-1063) or by creating a specially crafted directory whose length exceeded the capacity of realpath() (CAN-2004-1064; both of these were previously fixed in Mandrakelinux >= 10.0 in MDKSA-2004:151). Two Denial of Service vulnerabilities were found in the getimagesize() function which uses the format-specific internal functions php_handle_iff() and php_handle_jpeg() which would get stuck in infinite loops when certain (invalid) size parameters are read from the image (CAN-2005-0524 and CAN-2005-0525). An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP's EXIF module. EXIF tags with a specially crafted "Image File Directory" (IFD) tag would cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the PHP server (CAN-2005-1042). Another vulnerability in the EXIF module was also discovered where headers with a large IFD nesting level would cause an unbound recursion which would eventually overflow the stack and cause the executed program to crash (CAN-2004-1043). All of these issues are addressed in the Corporate Server 2.1 packages and the last three issues for all other platforms, which had previously included the first two issues but had not been mentioned in MDKSA-2004:151. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package cvs Updated: Wed Apr 20 18:36:55 2005 Importance: security ID: MDKSA-2005:073 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:073 %pre A buffer overflow and memory access problem in CVS have been discovered by the CVS maintainer. The updated packages have been patched to correct the problem. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package cdrecord cdrecord-cdda2wav cdrecord-devel mkisofs Updated: Wed Apr 20 18:39:51 2005 Importance: security ID: MDKSA-2005:077 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:077 %pre Javier Fernandez-Sanguino Pena discovered that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), a symbolic link attack could be used to create or overwrite arbitrary files with the privileges of the user invoking cdrecord. Please note that by default this configuration file does not exist in Mandriva Linux so unless you create it and enable DEBUG, this does not affect you. The updated packages have been patched to correct these issues. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package squid Updated: Thu Apr 28 15:24:00 2005 Importance: security ID: MDKSA-2005:078 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:078 %pre Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. (CAN-2005-0194) Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. (CAN-2005-0626) Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previosuly freed memory. (CAN-2005-0718) In addition, due to subtle bugs in the previous backported updates of squid (Bugzilla #14209), all the squid-2.5 versions have been updated to squid-2.5.STABLE9 with all the STABLE9 patches from the squid developers. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package perl perl-base perl-devel perl-doc Updated: Thu Apr 28 15:32:00 2005 Importance: security ID: MDKSA-2005:079 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:079 %pre Paul Szabo discovered another vulnerability in the rmtree() function in File::Path.pm. While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree. %description Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications (and what it excels at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. You need perl-base to have a full perl. %package libxpm4 libxpm4-devel Updated: Thu Apr 28 15:34:00 2005 Importance: security ID: MDKSA-2005:080 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:080 %pre The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library. %description The xpm package contains the XPM pixmap library for the X Window System. The XPM library allows applications to display color, pixmapped images, and is used by many popular X programs. %package mdkonline Updated: Thu Apr 28 15:24:00 2005 Importance: bugfix ID: MDKA-2005:022 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:022 %pre With the change of the distribution to Mandriva, and the various domain name changes, it is necessary to update mdkonline to point to the correct servers. Updated packages resolve this issue. %description The Mandriva Online tool is designed for registered users who want to upload their configuration (packages, hardware infos). This allows them to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Wizard for users registration and configuration uploads, * Update daemon which allows you to install security updates automatically, * A KDE/Gnome compliant applet for security updates notification and installation. %package libxfree86 libxfree86-devel libxfree86-static-devel X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-cyrillic-fonts XFree86-doc XFree86-glide-module XFree86-server XFree86-xfs XFree86-Xnest XFree86-Xvfb Updated: Thu May 05 08:14:16 2005 Importance: security ID: MDKSA-2005:081 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:081 %pre The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library. Updated packages are patched to correct all these issues. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package tcpdump Updated: Wed May 11 23:08:23 2005 Importance: security ID: MDKSA-2005:087 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:087 %pre A number of Denial of Service vulnerabilities were discovered in the way that tcpdump processes certain network packets. If abused, these flaws can allow a remote attacker to inject a carefully crafted packet onto the network, crashing tcpdump. The provided packages have been patched to correct these issues. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package cdrdao cdrdao-gcdmaster Updated: Wed May 18 16:49:03 2005 Importance: security ID: MDKSA-2005:089 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:089 %pre The cdrdao package contains two vulnerabilities; the first allows local users to read arbitrary files via the show-data command and the second allows local users to overwrite arbitrary files via a symlink attack on the ~/.cdrdao configuration file. This can also lead to elevated privileges (a root shell) due to cdrdao being installed suid root. The provided packages have been patched to correct these issues. %description Writes audio CD-Rs in disc-at-once (DAO) mode allowing control over pre-gaps (length down to 0, nonzero audio data) and sub-channel information like ISRC codes. All data that is written to the disc must be specified with a text file. Audio data may be in WAVE or raw format. %package nasm nasm-doc nasm-rdoff Updated: Wed May 18 16:49:10 2005 Importance: security ID: MDKSA-2005:090 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:090 %pre A buffer overflow in nasm was discovered by Josh Bressers. If an attacker could trick a user into assembling a malicious source file, they could use this vulnerability to execute arbitrary code with the privileges of the user running nasm. The provided packages have been patched to correct these issues. %description NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. %package bzip2 libbzip2_1 libbzip2_1-devel Updated: Wed May 18 16:49:19 2005 Importance: security ID: MDKSA-2005:091 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:091 %pre A race condition in the file permission restore code of bunzip2 was discovered by Imran Ghory. While a user was decompressing a file, a local attacker with write permissions to the directory containing the compressed file could replace the target file with a hard link which would cause bunzip2 to restore the file permissions of the original file to the hard link target. This could be exploited to gain read or write access to files of other users (CAN-2005-0953). A vulnerability was found where specially crafted bzip2 archives would cause an infinite loop in the decompressor, resulting in an indefinitively large output file (also known as a "decompression bomb"). This could be exploited to cause a Denial of Service attack on the host computer due to disk space exhaustion (CAN-2005-1260). The provided packages have been patched to correct these issues. %description Bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and Huffman coding. Compression is generally considerably better than that achieved by more conventional LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors. The command-line options are deliberately very similar to those of GNU Gzip, but they are not identical. %package gzip Updated: Wed May 18 22:21:37 2005 Importance: security ID: MDKSA-2005:092 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:092 %pre Several vulnerabilities have been discovered in the gzip package: Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. (CAN-2005-0758) A race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip file allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. (CAN-2005-0988) A directory traversal vulnerability via "gunzip -N" in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. (CAN-2005-1228) Updated packages are patched to address these issues. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandrakelinux system, because it is a very commonly used data compression program. %package libecpg3 libecpg3-devel libpgtcl2 libpgtcl2-devel libpq3 libpq3-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-server postgresql-tcl postgresql-test Updated: Thu May 26 10:01:12 2005 Importance: security ID: MDKSA-2005:093 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:093 %pre A number of vulnerabilities were found and corrected in the PostgreSQL DBMS: Two serious security errors have been found in PostgreSQL 7.3 and newer releases. These errors at least allow an unprivileged database user to crash the backend process, and may make it possible for an unprivileged user to gain the privileges of a database superuser. Functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument values. (CAN-2005-1409) The contrib/tsearch2 module misdeclares several functions as returning type "internal" when they do not have any "internal" argument. This breaks the type safety of "internal" by allowing users to construct SQL commands that invoke other functions accepting "internal" arguments. (CAN-2005-1410) These vulnerabilities must also be fixed in all existing databases when upgrading. The post-installation script of the updated postgresql-server package attempts to do this automatically. The updated packages have been patched to correct these problems. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package gdb Updated: Mon May 30 10:44:02 2005 Importance: security ID: MDKSA-2005:095 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:095 %pre Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilites in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CAN-2005-1704). He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CAN-2005-1705). The updated packages have been patched to correct these problems. %description Gdb is a full featured, command driven debugger. Gdb allows you to trace the execution of programs and examine their internal state at any time. Gdb works for C and C++ compiled with the GNU C compiler gcc. If you are going to develop C and/or C++ programs and use the GNU gcc compiler, you may want to install gdb to help you debug your programs. %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Updated: Mon Jun 06 10:15:14 2005 Importance: security ID: MDKSA-2005:096 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:096 %pre Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys (CAN-2005-0109). The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private key operations. The patch was designed to mitigate cache timing and possibly related attacks. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package wget Updated: Thu Jun 09 09:21:52 2005 Importance: security ID: MDKSA-2005:098 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:098 %pre Two vulnerabilities were found in wget. The first is that an HTTP redirect statement could be used to do a directory traversal and write to files outside of the current directory. The second is that HTTP redirect statements could be used to overwrite dot ('.') files, potentially overwriting the user's configuration files (such as .bashrc, etc.). The updated packages have been patched to help address these problems by replacing dangerous directories and filenames containing the dot ('.') character with an underscore ('_') character. %description GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. %package rsh rsh-server Updated: Tue Jun 14 11:34:13 2005 Importance: security ID: MDKSA-2005:100 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:100 %pre A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server. The updated packages have been patched to correct this problem. %description The rsh package contains a set of programs which allow users to run commmands on remote machines, login to other machines and copy files between machines (rsh, rlogin and rcp). All three of these commands use rhosts style authentication. This package contains the clients needed for all of these services. The rsh package should be installed to enable remote access to other machines. %package sudo Updated: Tue Jun 21 17:17:45 2005 Importance: security ID: MDKSA-2005:103 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:103 %pre A race condition was discovered in sudo by Charles Morris. This could lead to the escalation of privileges if /etc/sudoers allowed a user to execute selected programs that were then followed by another line containing the pseudo-command "ALL". By creating symbolic links at a certain time, that user could execute arbitrary commands. The updated packages have been patched to correct this problem. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package php-pear Updated: Thu Jun 30 09:29:51 2005 Importance: security ID: MDKSA-2005:109 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:109 %pre A vulnerability was discovered by GulfTech Security in the PHP XML RPC project. This vulnerability is considered critical and can lead to remote code execution. The vulnerability also exists in the PEAR XMLRPC implementation. Mandriva ships with the PEAR XMLRPC implementation and it has been patched to correct this problem. It is advised that users examine the PHP applications they have installed on their servers for any applications that may come bundled with their own copies of the PEAR system and either patch RPC.php or use the system PEAR (found in /usr/share/pear). Updates have been released for some popular PHP applications such as WordPress and Serendipity and users are urged to take all precautions to protect their systems from attack and/or defacement by upgrading their applications from the authors of the respective applications. %description PEAR is short for "PHP Extension and Application Repository" and is pronounced just like the fruit. The purpose of PEAR is to provide: * A structured library of open-sourced code for PHP users * A system for code distribution and package maintenance * A standard style for code written in PHP, specified here * The PHP Foundation Classes (PFC), see more below * The PHP Extension Code Library (PECL), see more below * A web site, mailing lists and download mirrors to support the PHP/PEAR community %package kernel-2.6.3.27mdk kernel-BOOT-2.6.3.27mdk kernel-doc kernel-enterprise-2.6.3.27mdk kernel-i686-up-4GB-2.6.3.27mdk kernel-p3-smp-64GB-2.6.3.27mdk kernel-secure-2.6.3.27mdk kernel-smp-2.6.3.27mdk kernel-source kernel-source-stripped Updated: Thu Jun 30 11:46:14 2005 Importance: security ID: MDKSA-2005:110 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:110 %pre Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel: Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys via a timing attack on memory cache misses. This has been corrected by disabling HT support in all kernels (CAN-2005-0109). An information leak in the ext2 filesystem code in kernels prior to 2.6.11.6 was found where when a new directory is created, the ext2 block written to disk is not initialized (CAN-2005-0400). A flaw when freeing a pointer in load_elf_library was found in kernels prior to 2.6.11.6 that could be abused by a local user to potentially crash the machine causing a Denial of Service (CAN-2005-0749). A problem with the Bluetooth kernel stack in kernels 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 could be used by a local attacker to gain root access or crash the machine (CAN-2005-0750). Paul Starzetz found an integer overflow in the ELF binary format loader's code dump function in kernels prior to and including 2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially crafted ELF executable, a local attacker could exploit this to execute arbitrary code with root and kernel privileges (CAN-2005-1263). The drivers for raw devices used the wrong function to pass arguments to the underlying block device in 2.6.x kernels. This made the kernel address space accessible to user-space applictions allowing any local user with at least read access to a device in /dev/raw/* (usually only root) to execute arbitrary code with kernel privileges (CAN-2005-1264). The it87 and via686a hardware monitor drivers in kernels prior to 2.6.11.8 and 2.6.12 prior to 2.6.12-rc2 created a sysfs file named 'alarms' with write permissions although they are not designed to be writable. This allowed a local user to crash the kernel by attempting to write to these files (CAN-2005-1369). In addition to the above-noted CAN-2005-0109, CAN-2005-0400, CAN-2005-0749, CAN-2005-0750, and CAN-2005-1369 fixes, the following CVE names have been fixed in the 10.1 kernel: The POSIX Capability Linux Security Module (LSM) for 2.6 kernels up to and including 2.6.8.1 did not properly handle the credentials of a process that is launched before the module is loaded, which could be used by local attackers to gain elevated privileges (CAN-2004-1337). A flaw in the Linux PPP driver in kernel 2.6.8.1 was found where on systems allowing remote users to connect to a server via PPP, a remote client could cause a crash, resulting in a Denial of Service (CAN-2005-0384). George Guninski discovered a buffer overflow in the ATM driver in kernels 2.6.10 and 2.6.11 before 2.6.11-rc4 where the atm_get_addr() function does not validate its arguments sufficiently which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could potentially lead to the execution of arbitrary code (CAN-2005-0531). The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c before kernel 2.6.11, when running on 64-bit architectures, could allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types. This could allow an attacker to overwrite kernel memory, crash the machine, or potentially obtain root access (CAN-2005-0532). A race condition in the Radeon DRI driver in kernel 2.6.8.1 allows a local user with DRI privileges to execute arbitrary code as root (CAN-2005-0767). Access was not restricted to the N_MOUSE discipline for a TTY in kernels prior to 2.6.11. This could allow local attackers to obtain elevated privileges by injecting mouse or keyboard events into other user's sessions (CAN-2005-0839). Some futex functions in futex.c in 2.6 kernels performed get_user calls while holding the mmap_sem semaphore, which could allow a local attacker to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions (CAN-2005-0937). In addition to the above-noted CAN-2004-1337, CAN-2005-0109, CAN-2005-0384, CAN-2005-0400, CAN-2005-0531, CAN-2005-0532, CAN-2005-0749, CAN-2005-0750, CAN-2005-0767, CAN-2005-0839, CAN-2005-0937, CAN-2005-1263, CAN-2005-1264, and CAN-2005-1369 fixes, the following CVE names have been fixed in the 10.0/ Corporate 3.0 kernels: A race condition in the setsid function in kernels before 2.6.8.1 could allow a local attacker to cause a Denial of Service and possibly access portions of kernel memory related to TTY changes, locking, and semaphores (CAN-2005-0178). When forwarding fragmented packets in kernel 2.6.8.1, a hardware assisted checksum could only be used once which could lead to a Denial of Service attack or crash by remote users (CAN-2005-0209). A signedness error in the copy_from_read_buf function in n_tty.c before kernel 2.6.11 allows local users to read kernel memory via a negative argument (CAN-2005-0530). A vulnerability in the fib_seq_start() function allowed a local user to crash the system by readiung /proc/net/route in a certain way, causing a Denial of Service (CAN-2005-1041). A vulnerability in the Direct Rendering Manager (DRM) driver in the 2.6 kernel does not properly check the DMA lock, which could allow remote attackers or local users to cause a Denial of Service (X Server crash) and possibly modify the video output (CAN-2004-1056). %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrakelinux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package kernel-2.4.25.14mdk kernel-BOOT-2.4.25.14mdk kernel-doc kernel-enterprise-2.4.25.14mdk kernel-i686-up-4GB-2.4.25.14mdk kernel-p3-smp-64GB-2.4.25.14mdk kernel-smp-2.4.25.14mdk kernel-source Updated: Thu Jun 30 11:49:22 2005 Importance: security ID: MDKSA-2005:111 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:111 %pre Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following have been fixed in the 2.4 kernels: Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys via a timing attack on memory cache misses. This has been corrected by disabling HT support in all kernels (CAN-2005-0109). When forwarding fragmented packets, a hardware assisted checksum could only be used once which could lead to a Denial of Service attack or crash by remote users (CAN-2005-0209). A flaw in the Linux PPP driver was found where on systems allowing remote users to connect to a server via PPP, a remote client could cause a crash, resulting in a Denial of Service (CAN-2005-0384). An information leak in the ext2 filesystem code was found where when a new directory is created, the ext2 block written to disk is not initialized (CAN-2005-0400). A signedness error in the copy_from_read_buf function in n_tty.c allows local users to read kernel memory via a negative argument (CAN-2005-0530). George Guninski discovered a buffer overflow in the ATM driver where the atm_get_addr() function does not validate its arguments sufficiently which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could potentially lead to the execution of arbitrary code (CAN-2005-0531). A flaw when freeing a pointer in load_elf_library was found that could be abused by a local user to potentially crash the machine causing a Denial of Service (CAN-2005-0749). A problem with the Bluetooth kernel stack in kernels 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 could be used by a local attacker to gain root access or crash the machine (CAN-2005-0750). A race condition in the Radeon DRI driver allows a local user with DRI privileges to execute arbitrary code as root (CAN-2005-0767). Paul Starzetz found an integer overflow in the ELF binary format loader's code dump function in kernels prior to and including 2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially crafted ELF executable, a local attacker could exploit this to execute arbitrary code with root and kernel privileges (CAN-2005-1263). %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package zlib1 zlib1-devel Updated: Wed Jul 06 14:27:27 2005 Importance: security ID: MDKSA-2005:112 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:112 %pre Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core. The updated packages have been patched to correct this problem. %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package cpio Updated: Mon Jul 11 16:25:44 2005 Importance: security ID: MDKSA-2005:116 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:116 %pre A race condition has been found in cpio 2.6 and earlier which allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. (CAN-2005-1111) A vulnerability has been discovered in cpio that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. Cpio will extract to the path specified in the cpio file, this path can be absolute. (CAN-2005-1229) The updated packages have been patched to address both of these issues. %description GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. %package perl-MDK-Common perl-MDK-Common-devel Updated: Mon Jul 11 16:31:02 2005 Importance: bugfix ID: MDKA-2005:034 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:034 %pre Three bugs have been corrected in the drakxtools package: drakfirewall: The port range syntax has been corrected for samba. (#16604) drakfont: Uninstalling fonts has been fixed. (#9324) drakbackup: The application has been patched to correctly deal with directory names that contain spaces, as well as add more restrictive permissions on the backup tarballs. (#12861) The updated packages correct these issues. %description Various simple functions created for DrakX %package drakxtools drakxtools-http drakxtools-newt harddrake harddrake-ui Updated: Mon Jul 11 16:31:05 2005 Importance: bugfix ID: MDKA-2005:034 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:034 %pre Three bugs have been corrected in the drakxtools package: drakfirewall: The port range syntax has been corrected for samba. (#16604) drakfont: Uninstalling fonts has been fixed. (#9324) drakbackup: The application has been patched to correctly deal with directory names that contain spaces, as well as add more restrictive permissions on the backup tarballs. (#12861) The updated packages correct these issues. %description Contains many Mandrakelinux applications simplifying users and administrators life on a Mandrakelinux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package ftp-client-krb5 ftp-server-krb5 krb5-server krb5-workstation libkrb51 libkrb51-devel telnet-client-krb5 telnet-server-krb5 Updated: Wed Jul 13 15:05:09 2005 Importance: security ID: MDKSA-2005:119 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:119 %pre A number of vulnerabilities have been corrected in this Kerberos update: The rcp protocol would allow a server to instruct a client to write to arbitrary files outside of the current directory. The Kerberos-aware rcp could be abused to copy files from a malicious server (CAN-2004-0175). Gael Delalleau discovered an information disclosure vulnerability in the way some telnet clients handled messages from a server. This could be abused by a malicious telnet server to collect information from the environment of any victim connecting to the server using the Kerberos- aware telnet client (CAN-2005-0488). Daniel Wachdorf disovered that in error conditions that could occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory, which could cause the KDC to crash resulting in a Denial of Service (CAN-2005-1174). Daniel Wachdorf also discovered a single-byte heap overflow in the krb5_unparse_name() function that could, if successfully exploited, lead to a crash, resulting in a DoS. To trigger this flaw, an attacker would need to have control of a Kerberos realm that shares a cross- realm key with the target (CAN-2005-1175). Finally, a double-free flaw was discovered in the krb5_recvauth() routine which could be triggered by a remote unauthenticated attacker. This issue could potentially be exploited to allow for the execution of arbitrary code on a KDC. No exploit is currently known to exist (CAN-2005-1689). The updated packages have been patched to address this issue and Mandriva urges all users to upgrade to these packages as quickly as possible. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package nss_ldap pam_ldap Updated: Mon Jul 18 16:20:02 2005 Importance: security ID: MDKSA-2005:121 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:121 %pre Rob Holland, of the Gentoo Security Audit Team, discovered that pam_ldap and nss_ldap would not use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the "ssl start_tls" setting in ldap.conf. As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0 has been fixed that caused crond, and other applications, to crash as a result of clients receiving a SIGPIPE signal when attempting to issue a new search request to a directory server that is no longer available. The updated packages have been patched to address this issue. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package cpio Updated: Tue Jul 19 15:36:54 2005 Importance: security ID: MDKSA-2005:116-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:116-1 %pre A race condition has been found in cpio 2.6 and earlier which allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete (CAN-2005-1111). A vulnerability has been discovered in cpio that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. cpio will extract to the path specified in the cpio file, this path can be absolute (CAN-2005-1229). %update The previous packages had a problem upgrading due to an unresolved issue with tar and rmt. These packages correct the problem. %description GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. %package shorewall shorewall-doc Updated: Wed Jul 20 14:06:49 2005 Importance: security ID: MDKSA-2005:123 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:123 %pre A vulnerability was discovered in all versions of shorewall where a client accepted by MAC address filtering is able to bypass any other rule. If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION is set to ACCEPT in shorewall.conf, and a client is positively identified through its MAC address, it bypasses all other policies and rules in place, gaining access to all open services on the firewall. Shorewall 2.0.17 is provided which fixes this issue. %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package zlib1 zlib1-devel Updated: Fri Jul 22 09:38:53 2005 Importance: security ID: MDKSA-2005:124 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:124 %pre A previous zlib update (MDKSA-2005:112; CAN-2005-2096) fixed an overflow flaw in the zlib program. While that update did indeed fix the reported overflow issue, Markus Oberhumber discovered additional ways that a specially-crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user. The updated packages are provided to protect against this flaw. The Corporate Server 2.1 product is not affected by this vulnerability. %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_cache apache2-mod_dav apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_ldap apache2-mod_mem_cache apache2-mod_proxy apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Wed Aug 03 10:47:53 2005 Importance: security ID: MDKSA-2005:129 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 %pre Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CAN-2005-1268). Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CAN-2005-2088). The updated packages have been patched to prevent these issues. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package apache apache-devel apache-modules apache-source Updated: Wed Aug 03 10:48:45 2005 Importance: security ID: MDKSA-2005:130 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:130 %pre Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CAN-2005-2088). The updated packages have been patched to prevent these issues. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package libnetpbm9 libnetpbm9-devel libnetpbm9-static-devel netpbm Updated: Tue Aug 09 11:03:51 2005 Importance: security ID: MDKSA-2005:133 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:133 %pre Max Vozeler discovered that pstopnm, a part of the netpbm graphics utility suite, would call the GhostScript interpreter on untrusted PostScript files without using the -dSAFER option when converting a PostScript file into a PBM, PGM, or PNM file. This could result in the execution of arbitrary commands with the privileges of the user running pstopnm if they could be convinced to try to convert a malicious PostScript file. The updated packages have been patched to correct this problem. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package libsnmp0 libsnmp0-devel ucd-snmp ucd-snmp-utils Updated: Thu Aug 11 10:12:00 2005 Importance: security ID: MDKSA-2005:137 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:137 %pre A Denial of Service vulnerability was discovered in the way that ucd-snmp uses network stream protocols. A remote attacker could send a ucd-snmp agent a specially crafted packet that would cause the agent to crash. The updated packages have been patched to correct this problem. %description SNMP (Simple Network Management Protocol) is a protocol used for network management (hence the name). The NET-SNMP project includes various SNMP tools; an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. Install the ucd-snmp package if you need network management tools. You will probably also want to install the ucd-snmp-utils package, which contains NET-SNMP utilities. %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Thu Aug 11 10:40:34 2005 Importance: security ID: MDKSA-2005:138 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:138 %pre A vulnerability was discovered in the CUPS printing package where when processing a PDF file, bounds checking was not correctly performed on some fields. As a result, this could cause the pdtops filter to crash. The updated packages have been patched to correct this problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package park-rpmdrake rpmdrake Updated: Mon Aug 15 14:42:04 2005 Importance: bugfix ID: MDKA-2005:037 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:037 %pre Due to the changeover of the Mandriva domain names and the unavailability of the old Mandrake Linux domains, rpmdrake needed an update in order to update the mirrors list file. %description rpmdrake is a simple graphical frontend to manage software packages on a Mandrakelinux system; it has 3 different modes: - software packages installation; - software packages removal; - MandrakeUpdate (software packages updates). A fourth program manages the media (add, remove, edit). %package proftpd proftpd-anonymous Updated: Mon Aug 15 14:44:33 2005 Importance: security ID: MDKSA-2005:140 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:140 %pre Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory when the shutdown message is being sent. The second exists when displaying response messages to the cleint using information retreived from a database using mod_sql. Note that mod_sql support is not enabled by default, but the contrib source file has been patched regardless. The updated packages have been patched to correct these problems. %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package indexhtml Updated: Wed Aug 17 18:01:37 2005 Importance: normal ID: MDKA-2005:039 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:039 %pre Updated indexhtml packages are available to reflect the new URLs for the various Mandriva domain names. %description Mandriva Linux index.html welcome page displayed by web browsers when they are launched; and first mail displayed on mail clients after installation. %package libtiff3 libtiff3 libtiff3-devel libtiff3-devel libtiff3-static-devel libtiff3-static-devel libtiff-progs libtiff-progs Updated: Wed Aug 17 18:04:54 2005 Importance: security ID: MDKSA-2005:142 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:142 %pre Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the "YCbCr subsampling" value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash. The updated packages are patched to protect against this vulnerability. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package php-pear Updated: Mon Aug 22 11:08:02 2005 Importance: security ID: MDKSA-2005:146 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:146 %pre A problem was discovered in the PEAR XML-RPC Server package included in the php-pear package. If a PHP script which implements the XML-RPC Server is used, it would be possible for a remote attacker to construct an XML-RPC request which would cause PHP to execute arbitrary commands as the 'apache' user. %description PEAR is short for "PHP Extension and Application Repository" and is pronounced just like the fruit. The purpose of PEAR is to provide: * A structured library of open-sourced code for PHP users * A system for code distribution and package maintenance * A standard style for code written in PHP, specified here * The PHP Foundation Classes (PFC), see more below * The PHP Extension Code Library (PECL), see more below * A web site, mailing lists and download mirrors to support the PHP/PEAR community %package slocate Updated: Mon Aug 22 15:53:16 2005 Importance: security ID: MDKSA-2005:147 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:147 %pre A bug was discovered in the way that slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its filesystem scan, resulting in an incomplete database. %description Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (updated regularly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system. %package vim-common vim-enhanced vim-minimal vim-X11 Updated: Mon Aug 22 15:53:27 2005 Importance: security ID: MDKSA-2005:148 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:148 %pre A vulnerability was discovered in the way that vim processed modelines. If a user with modelines enabled opened a textfile with a specially crafted modeline, arbitrary commands could be executed. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package liblm_sensors3 liblm_sensors3-devel liblm_sensors3-static-devel lm_sensors Updated: Thu Aug 25 12:19:47 2005 Importance: security ID: MDKSA-2005:149 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:149 %pre Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lm_sensors package created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root. The updated packages have been patched to correct this problem by using mktemp to create the temporary files. %description This package contains a collection of user space tools for general SMBus access and hardware monitoring. SMBus, also known as System Management Bus, is a protocol for communicating through a I2C ('I squared C') bus. Many modern mainboards have a System Management Bus. There are a lot of devices which can be connected to a SMBus; the most notable are modern memory chips with EEPROM memories and chips for hardware monitoring. Most modern mainboards incorporate some form of hardware monitoring chips. These chips read things like chip temperatures, fan rotation speeds and voltage levels. There are quite a few different chips which can be used by mainboard builders for approximately the same results. %package bluez-utils Updated: Thu Aug 25 12:20:03 2005 Importance: security ID: MDKSA-2005:150 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:150 %pre A vulnerability in bluez-utils was discovered by Henryk Plotz. Due to missing input sanitizing, it was possible for an attacker to execute arbitrary commands supplied as a device name from the remote bluetooth device. The updated packages have been patched to correct this problem. %description These are the official Bluetooth utilities for Linux. %package libpcre0 libpcre0-devel pcre Updated: Thu Aug 25 12:21:01 2005 Importance: security ID: MDKSA-2005:151 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:151 %pre Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The updated packages have been patched to correct this problem. %description PCRE has its own native API, but a set of "wrapper" functions that are based on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow Perl syntax and semantics. This package contains a grep variant based on the PCRE library. %package libphp_common432 php432-devel php-cgi php-cli Updated: Thu Aug 25 12:21:16 2005 Importance: security ID: MDKSA-2005:152 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:152 %pre Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The php packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package libpython2.3 libpython2.3-devel python python-base python-docs tkinter Updated: Fri Aug 26 11:47:23 2005 Importance: security ID: MDKSA-2005:154 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:154 %pre Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The python packages use a private copy of pcre code. The updated packages have been patched to correct this problem. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_cache apache2-mod_dav apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_ldap apache2-mod_mem_cache apache2-mod_proxy apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Mon Aug 29 11:54:52 2005 Importance: security ID: MDKSA-2005:155 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:155 %pre Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The apache2 packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. 10.1 and 10.2/LE2005 are already built against the system pcre. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_cache apache2-mod_dav apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_ldap apache2-mod_mem_cache apache2-mod_proxy apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Thu Sep 08 10:52:53 2005 Importance: security ID: MDKSA-2005:161 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:161 %pre A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient" directive. This flaw occurs if a virtual host is configured using "SSLVerifyClient optional" and a directive "SSLVerifyClient required" is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. (CAN-2005-2700) A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CAN-2005-2728) The updated packages have been patched to address these issues. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package libxfree86 libxfree86-devel libxfree86-static-devel X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-cyrillic-fonts XFree86-doc XFree86-glide-module XFree86-server XFree86-xfs XFree86-Xnest XFree86-Xvfb Updated: Tue Sep 13 19:22:50 2005 Importance: security ID: MDKSA-2005:164 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:164 %pre A vulnerability was discovered in the pixmap allocation handling of the X server that can lead to local privilege escalation. By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap, leading to a buffer overflow which could then be exploited to execute arbitrary code with full root privileges. The updated packages have been patched to address these issues. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Mon Sep 19 19:14:58 2005 Importance: security ID: MDKSA-2005:165 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:165 %pre A vulnerability in CUPS would treat a Location directive in cupsd.conf as case-sensitive, allowing attackers to bypass intended ACLs via a printer name containing uppercase or lowecase letters that are different from that which was specified in the Location directive. This issue only affects versions of CUPS prior to 1.1.21rc1. The updated packages have been patched to correct this problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package losetup mount util-linux Updated: Tue Sep 20 10:51:59 2005 Importance: security ID: MDKSA-2005:167 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:167 %pre David Watson disovered that the umount utility, when using the "-r" cpmmand, could remove some restrictive mount options such as "nosuid". IF /etc/fstab contained user-mountable removable devices that specified nosuid, a local attacker could exploit this flaw to execute arbitrary programs with root privileges by calling "umount -r" on a removable device. The updated packages have been patched to ensure that "-r" can only be called by the root user. %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program.