%package libfreetype6 libfreetype6-devel libfreetype6-static-devel Updated: Thu Oct 06 12:07:01 2005 Importance: bugfix ID: MDKA-2005:041 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:041 %pre Updated freetype2 packages fix an invalid subpixel rendering (for LCD screens) with Bitstream Vera font problem. The Bitstream Vera font is the font used by default. %description The FreeType2 engine is a free and portable TrueType font rendering engine. It has been developed to provide TT support to a great variety of platforms and environments. Note that FreeType2 is a library, not a stand-alone application, though some utility applications are included %package libnspr4 libnspr4-devel libnss3 libnss3-devel mozilla-firefox mozilla-firefox-devel Updated: Thu Oct 06 18:03:17 2005 Importance: security ID: MDKSA-2005:173 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:173 %pre New updates are available for Mozilla Firefox: A regression in the LE2005 Firefox package caused problems with cursor movement that has been fixed. The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files (CAN-2005-2353). nsScriptSecurityManager::GetBaseURIScheme didn't handle jar:view-source:... correctly because the jar: and view-source: cases didn't use recursion as they were supposed to. This was corrected in Firefox 1.0.4 and only affects the LE2005 package. The updated packages have been patched to correct these issues. %description The Mozilla Firefox project aims to build the most useful web browser for all platforms. Mozilla Firefox features: - Popup blocking built-in - Tabbed browsing, to view more than one web page in a single window - A comprehensive set of privacy options - Search tools built right into the toolbar - Live bookmarks, using RSS - "Hassle-free" downloading, with fewer prompts %package info info-install texinfo Updated: Thu Oct 06 18:38:37 2005 Importance: security ID: MDKSA-2005:175 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:175 %pre Frank Lichtenheld has discovered that texindex insecurely creates temporary files with predictable filenames. This is exploitable if a local attacker were to create symbolic links in the temporary files directory, pointing to a valid file on the filesystem. When texindex is executed, the file would be overwitten with the rights of the user running texindex. The updated packages have been patched to correct this issue. %description Texinfo is a documentation system that can produce both online information and printed output from a single source file. Normally, you'd have to write two separate documents: one for online help or other online information and the other for a typeset manual or other printed work. Using Texinfo, you only need to write one source document. Then when the work needs revision, you only have to revise one source document. The GNU Project uses the Texinfo file format for most of its documentation. Install texinfo if you want a documentation system for producing both online and print documentation from the same source file and/or if you are going to write documentation for the GNU Project. %package mozilla-thunderbird mozilla-thunderbird-enigmail mozilla-thunderbird-enigmime Updated: Thu Oct 06 20:59:30 2005 Importance: security ID: MDKSA-2005:174 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 %pre Updated Mozilla Thunderbird packages fix various vulnerabilities: The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files (CAN-2005-2353). A bug in the way Thunderbird processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CAN-2005-2701). A bug in the way Thunderbird handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CAN-2005-2702). A bug in the way Thunderbird makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CAN-2005-2703). A bug in the way Thunderbird implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CAN-2005-2704). An integer overflow in Thunderbird's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CAN-2005-2705). A bug in the way Thunderbird displays about: pages could be used to execute JavaScript with chrome privileges (CAN-2005-2706). A bug in the way Thunderbird opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CAN-2005-2707). A bug in the way Thunderbird proceesed URLs on the command line could be used to execute arbitary commands as the user running Thunderbird; this could be abused by clicking on a supplied link, such as from an instant messaging client (CAN-2005-2968). Tom Ferris reported that Thunderbird would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non-wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CAN-2005-2871). The updated packages have been patched to correct these issues. %description Mozilla Thunderbird is a redesign of the Mozilla mail component, written using the XUL user interface language and designed to be cross-platform. %package webmin Updated: Fri Oct 07 10:25:56 2005 Importance: security ID: MDKSA-2005:176 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:176 %pre Miniserv.pl in Webmin 1.220, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). The updated packages have been patched to correct this issues. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package hylafax hylafax-client hylafax-server libhylafax4.2.0 libhylafax4.2.0-devel Updated: Fri Oct 07 11:44:51 2005 Importance: security ID: MDKSA-2005:177 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:177 %pre faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. (CAN-2005-3069) In addition, HylaFax has some provisional support for Unix domain sockets, which is disabled in the default compile configuration. It is suspected that a local user could create a fake /tmp/hyla.unix socket and intercept fax traffic via this socket. In testing for this vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found that client programs correctly exit before sending any data. (CAN-2005-3070) The updated packages have been patched to correct these issues. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. You need this package if you are going to install hylafax-client and/or hylafax server. Most users want mgetty-voice to be installed too. %package mozilla-thunderbird-nb Updated: Tue Oct 11 09:50:01 2005 Importance: bugfix ID: MDKA-2005:042 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:042 %pre Due to a packaging bug, the mozilla-thunderbird-nb package could not be installed. This update corrects the bug allowing the package to be installed. %description Norwegian Bokmaal localisation for Thunderbird %package libecpg5 libecpg5-devel libpq4 libpq4-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-plperl postgresql-plpgsql postgresql-plpython postgresql-pltcl postgresql-server postgresql-test Updated: Tue Oct 11 12:04:24 2005 Importance: bugfix ID: MDKA-2005:044 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:044 %pre A number of bugs are corrected in PostgreSQL version 8.0.4 so an update for Mandrivalinux 2006 is now available (PostgreSQL 8.0.3 was provided). Fixes include various memory leakage fixes, improved checking for partially-written WAL pages, a fix for an error that allowed "VACUUM" to remove ctid chains too soon, and other fixes. A dump/reload of the databases are not required when upgrading from the provided 8.0.3 version, but may be required if upgrading from an ealier version (ie. upgrading from Mandrivalinux LE2005). %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package ghostscript ghostscript-module-X libijs1 libijs1-devel Updated: Tue Oct 11 13:03:11 2005 Importance: bugfix ID: MDKA-2005:045 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:045 %pre New ghostscript packages are now available that provide ghostscript 8.15.1 final and provide a number of bug fixes, including: A fix for vertical japanese text. A memory overflow in the "lips4" driver was fixed. A double-free in gsdevice.c was fixed. A SEGV in the "inferno" driver was fixed; this was because the struct "inferno_device" was not created but it was accessed to its elements. The shared X11 driver was not built with the correct linker command (CCLD instead of CC_SHARED). The "opvp" driver incorrectly assumed that CODESET was supported on all platforms that supported iconv. Support in the "cups" driver for CUPS_CSPACE_RGBW colorspace was added. Other fixes are also included in these new packages. %description Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. Most applications use PostScript for printer output. You should install ghostscript if you need to display PostScript files, or if you have a non-PostScript printer. %package drakx-finish-install drakxtools drakxtools-backend drakxtools-http drakxtools-newt harddrake harddrake-ui Updated: Tue Oct 11 13:18:57 2005 Importance: normal ID: MDKA-2005:042 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:042 %pre A new version of the HPLIP driver suite is now available. This new version introduces support for parallel printers and multi-function devices; now USB, parallel, and network (TCP/Socket) devices are now fully supported, as well as the devices that the former HPOJ suite handled. The new HPLIP suite is now available for Mandrivalinux 2006. As a result, a new printerdrake is also available that installs HPLIP rather than HPOJ on all parallel HP printers and multi-function devices. Other fixes related to HPLIP are also included in the new printerdrake. %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakclock: date & time configurator drakfloppy: boot disk creator drakfont: import fonts in the system draklog: show extracted information from the system logs draknet_monitor: connection monitoring drakperm: msec GUI (permissions configurator) drakprinter: detect and configure your printer draksec: security options managment / msec frontend draksplash: bootsplash themes creation drakTermServ: terminal server configurator listsupportedprinters: list printers net_applet: applet to check network connection %package hplip hplip-hpijs hplip-hpijs-ppds hplip-model-data libhpip0 libhpip0-devel libsane-hpaio1 Updated: Tue Oct 11 13:19:40 2005 Importance: normal ID: MDKA-2005:042 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:042 %pre A new version of the HPLIP driver suite is now available. This new version introduces support for parallel printers and multi-function devices; now USB, parallel, and network (TCP/Socket) devices are now fully supported, as well as the devices that the former HPOJ suite handled. The new HPLIP suite is now available for Mandrivalinux 2006. As a result, a new printerdrake is also available that installs HPLIP rather than HPOJ on all parallel HP printers and multi-function devices. Other fixes related to HPLIP are also included in the new printerdrake. %description This is the HP driver package to supply Linux support for most Hewlett-Packard DeskJet, LaserJet, PSC, OfficeJet, and PhotoSmart printers and all-in-one peripherals (also known as Multi-Function Peripherals or MFPs), which can print, scan, copy, fax, and/or access flash memory cards. It is work in progress, but printing, scanning, memory card access, ink/toner/battery/consumable level checking, and inkjet printer maintenance are supported on most models, when either connected to the USB or LAN (built-in interfaces or selected HP JetDirect models) on a Linux workstation with CUPS printing system. For status and consumable checking and also for inkjet maintenance there is the graphical tool "hp-toolbox" available (Menu: "System"/"Monitoring"/"HP Printer Toolbox"). %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Updated: Tue Oct 11 16:49:05 2005 Importance: security ID: MDKSA-2005:179 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:179 %pre Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third- party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a "man in the middle" can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only. (CAN-2005-2969) The current default algorithm for creating "message digests" (electronic signatures) for certificates created by openssl is MD5. However, this algorithm is not deemed secure any more, and some practical attacks have been demonstrated which could allow an attacker to forge certificates with a valid certification authority signature even if he does not know the secret CA signing key. To address this issue, openssl has been changed to use SHA-1 by default. This is a more appropriate default algorithm for the majority of use cases. If you still want to use MD5 as default, you can revert this change by changing the two instances of "default_md = sha1" to "default_md = md5" in /usr/{lib,lib64}/ssl/openssl.cnf. (CAN-2005-2946) %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libxine1 libxine1-devel xine-aa xine-arts xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-plugins xine-polyp xine-smb Updated: Tue Oct 11 17:02:54 2005 Importance: security ID: MDKSA-2005:180 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:180 %pre When playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist's name. During processing of this data, a response from the server, which is located in memory on the stack, is passed to the fprintf() function as a format string. An attacker can set up a malicious CDDB server and trick the client into using this server instead of the pre- configured one. Alternatively, any user and therefore the attacker can modify entries in the official CDDB server. Using this format string vulnerability, attacker-chosen data can be written to an attacker-chosen memory location. This allows the attacker to alter the control flow and to execute malicious code with the permissions of the user running the application. This problem was reported by Ulf Harnhammar from the Debian Security Audit Project. The updated packages have been patched to correct this problem. %description xine is a free gpl-licensed video player for unix-like systems. %package squid squid-cachemgr Updated: Tue Oct 11 17:26:58 2005 Importance: security ID: MDKSA-2005:181 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:181 %pre Squid 2.5.9, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). The updated packages have been patched to address these issues. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package curl libcurl3 libcurl3-devel Updated: Thu Oct 13 15:11:53 2005 Importance: security ID: MDKSA-2005:182 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:182 %pre A vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to libcurl that together are longer than 192 bytes or b) allow (lib)curl to follow HTTP redirects and the new URL contains a URL with a user and domain name that together are longer than 192 bytes. The updated packages have been patched to address this issue. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with SSL (https) support. %package wget Updated: Thu Oct 13 15:12:45 2005 Importance: security ID: MDKSA-2005:183 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:183 %pre A vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to libcurl that together are longer than 192 bytes or b) allow (lib)curl to follow HTTP redirects and the new URL contains a URL with a user and domain name that together are longer than 192 bytes. Wget, as of version 1.10, uses the NTLM code from libcurl and is also vulnerable to this issue. The updated packages have been patched to address this issue. %description GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. %package cfengine-base cfengine-cfagent cfengine-cfenvd cfengine-cfexecd cfengine-cfservd Updated: Thu Oct 13 15:25:17 2005 Importance: security ID: MDKSA-2005:184 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:184 %pre Javier Fernández-Sanguino Peña discovered several insecure temporary file uses in cfengine <= 1.6.5 and <= 2.1.16 which allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. (CAN-2005-2960) In addition, Javier discovered the cfmailfilter and cfcron.in files for cfengine <= 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files (CAN-2005-3137) The updated packages have been patched to address this issue. %description Cfengine, the configuration engine, is a very high level language for simplifying the task of administrating and configuring large numbers of workstations. Cfengine uses the idea of classes and a primitive form of intelligence to define and automate the configuration of large systems in the most economical way possible. %package koffice koffice-karbon koffice-kexi koffice-kformula koffice-kivio koffice-koshell koffice-kpresenter koffice-krita koffice-kspread koffice-kugar koffice-kword koffice-progs libkoffice2-karbon libkoffice2-karbon-devel libkoffice2-kexi libkoffice2-kexi-devel libkoffice2-kformula libkoffice2-kformula-devel libkoffice2-kivio libkoffice2-kivio-devel libkoffice2-koshell libkoffice2-kpresenter libkoffice2-krita libkoffice2-krita-devel libkoffice2-kspread libkoffice2-kspread-devel libkoffice2-kugar libkoffice2-kugar-devel libkoffice2-kword libkoffice2-kword-devel libkoffice2-progs libkoffice2-progs-devel Updated: Fri Oct 14 11:45:05 2005 Importance: security ID: MDKSA-2005:185 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:185 %pre Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. An attacker could provide a specially crafted RTF file, which when opened in KWord can cause execution of abitrary code. The updated packages are patched to deal with these issues. %description Office applications for the K Desktop Environment. KOffice contains: * KWord: word processor * KSpread: spreadsheet * KPresenter: presentations * KChart: diagram generator * Kugar: A tool for generating business quality reports. * Kivio: A Visio®-style flowcharting application. * Kexi: an integrated environment for managing data * Some filters (Excel 97, Winword 97/2000, etc.) %package lynx Updated: Mon Oct 17 17:41:23 2005 Importance: security ID: MDKSA-2005:186 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 %pre Ulf Harnhammar discovered a remote buffer overflow in lynx versions 2.8.2 through 2.8.5. When Lynx connects to an NNTP server to fetch information about the available articles in a newsgroup, it will call a function called HTrjis() with the information from certain article headers. The function adds missing ESC characters to certain data, to support Asian character sets. However, it does not check if it writes outside of the char array buf, and that causes a remote stack-based buffer overflow, with full control over EIP, EBX, EBP, ESI and EDI. Two attack vectors to make a victim visit a URL to a dangerous news server are: (a) *redirecting scripts*, where the victim visits some web page and it redirects automatically to a malicious URL, and (b) *links in web pages*, where the victim visits some web page and selects a link on the page to a malicious URL. Attack vector (b) is helped by the fact that Lynx does not automatically display where links lead to, unlike many graphical web browsers. The updated packages have been patched to address this issue. %description This a terminal based WWW browser. While it does not make any attempt at displaying graphics, it has good support for HTML text formatting, forms, and tables. This version includes support for SSL encryption. WARNING: In some countries, it is illegal to export this package. In some countries, it may even be illegal to use it. %package dia Updated: Thu Oct 20 16:43:40 2005 Importance: security ID: MDKSA-2005:187 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:187 %pre Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitise data read from an SVG file and is hence vulnerable to execute arbitrary Python code. The updated packages have been patched to address this issue. %description Dia is a program designed to be much like the Windows program 'Visio'. It can be used to draw different kind of diagrams. In this first version there is support for UML static structure diagrams (class diagrams) and Network diagrams. It can currently load and save diagrams to a custom fileformat and export to postscript. %package graphviz libgraphviz7 libgraphviz7-devel libgraphviztcl7 libgraphviztcl7-devel Updated: Thu Oct 20 16:46:49 2005 Importance: security ID: MDKSA-2005:188 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:188 %pre Javier Fernández-Sanguino Peña discovered insecure temporary file creation in graphviz, a rich set of graph drawing tools, that can be exploited to overwrite arbitrary files by a local attacker. The updated packages have been patched to address this issue. %description A collection of tools and tcl packages for the manipulation and layout of graphs (as in nodes and edges, not as in barcharts). %package imap imap-devel imap-utils libc-client-php0 libc-client-php0-devel Updated: Thu Oct 20 16:47:26 2005 Importance: security ID: MDKSA-2005:189 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:189 %pre "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code. The updated packages have been patched to address this issue. %description The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. The POP protocol uses a "post office" machine to collect mail for users and allows users to download their mail to their local machine for reading. The IMAP protocol provides the functionality of POP, but allows a user to read mail on a remote machine without downloading it to their local machine. Install the imap package if you need a server to support the IMAP or the POP mail access protocols. %package ruby ruby-devel ruby-doc ruby-tk Updated: Thu Oct 20 16:48:49 2005 Importance: security ID: MDKSA-2005:191 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:191 %pre Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package xli Updated: Thu Oct 20 16:49:41 2005 Importance: security ID: MDKSA-2005:192 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:192 %pre Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code. The updated packages have been patched to address this issue. %description This utility will view several types of images under X11, or load images onto the X11 root window. Can view the following image types under X11: FBM Image, Sun Rasterfile, CMU WM Raster, Portable Bit Map (PBM, PGM, PPM), Faces Project, GIF Image, JFIF style jpeg Image, Utah RLE Image, Windows, OS/2 RLE Image, Photograph on CD Image, X Window Dump, Targa Image, McIDAS areafile, G3 FAX Image, PC Paintbrush Image, GEM Bit Image, MacPaint Image, X Pixmap (.xpm), XBitmap %package apcupsd Updated: Fri Oct 21 11:52:22 2005 Importance: bugfix ID: MDKA-2005:047 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:047 %pre The apcupsd package as shipped with Mandriva Linux 2006 was missing the main apcupsd configuration file. As a result, those upgrading from earlier versions would have their existing configuration file moved to /etc/apcupsd/apcupsd.conf.rpmsave with no new configuration file to replace it, which would prevent the service from starting. The new packages provide the configuration file. Users affected by this will manually need to move back the .rpmsave configuration file, however. %description UPS power management under Linux for APCC Products. It allows your computer/server to run during power problems for a specified length of time or the life of the batteries in your BackUPS, BackUPS Pro, SmartUPS v/s, or SmartUPS, and then properly executes a controlled shutdown during an extended power failure. %package ethereal ethereal-tools libethereal0 tethereal Updated: Tue Oct 25 19:48:01 2005 Importance: security ID: MDKSA-2005:193 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:193 %pre Ethereal 0.10.13 is now available fixing a number of security vulnerabilities in various dissectors: - the ISAKMP dissector could exhaust system memory - the FC-FCS dissector could exhaust system memory - the RSVP dissector could exhaust system memory - the ISIS LSP dissector could exhaust system memory - the IrDA dissector could crash - the SLIMP3 dissector could overflow a buffer - the BER dissector was susceptible to an infinite loop - the SCSI dissector could dereference a null pointer and crash - the sFlow dissector could dereference a null pointer and crash - the RTnet dissector could dereference a null pointer and crash - the SigComp UDVM could go into an infinite loop or crash - the X11 dissector could attempt to divide by zero - if SMB transaction payload reassembly is enabled the SMB dissector could crash (by default this is disabled) - if the "Dissect unknown RPC program numbers" option was enabled, the ONC RPC dissector might be able to exhaust system memory (by default this is disabled) - the AgentX dissector could overflow a buffer - the WSP dissector could free an invalid pointer - iDEFENSE discovered a buffer overflow in the SRVLOC dissector The new version of Ethereal is provided and corrects all of these issues. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package php-imap Updated: Wed Oct 26 09:47:55 2005 Importance: security ID: MDKSA-2005:194 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:194 %pre "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code. php-imap is compiled against the static c-client libs from imap. These packages have been recompiled against the updated imap development packages. %description This is a dynamic shared object (DSO) for PHP that will add IMAP support. %package squid squid-cachemgr Updated: Wed Oct 26 09:49:30 2005 Importance: security ID: MDKSA-2005:195 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:195 %pre The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses. The updated packages have been patched to address these issues. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package lynx Updated: Wed Oct 26 10:06:41 2005 Importance: security ID: MDKSA-2005:186-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:186-1 %pre Ulf Harnhammar discovered a remote buffer overflow in lynx versions 2.8.2 through 2.8.5. When Lynx connects to an NNTP server to fetch information about the available articles in a newsgroup, it will call a function called HTrjis() with the information from certain article headers. The function adds missing ESC characters to certain data, to support Asian character sets. However, it does not check if it writes outside of the char array buf, and that causes a remote stack-based buffer overflow, with full control over EIP, EBX, EBP, ESI and EDI. Two attack vectors to make a victim visit a URL to a dangerous news server are: (a) *redirecting scripts*, where the victim visits some web page and it redirects automatically to a malicious URL, and (b) *links in web pages*, where the victim visits some web page and selects a link on the page to a malicious URL. Attack vector (b) is helped by the fact that Lynx does not automatically display where links lead to, unlike many graphical web browsers. The updated packages have been patched to address this issue. %update The previous patchset had a bug in the patches themselves, which was uncovered by Klaus Singvogel of Novell/SUSE in auditing crashes on some architectures. %description This a terminal based WWW browser. While it does not make any attempt at displaying graphics, it has good support for HTML text formatting, forms, and tables. This version includes support for SSL encryption. WARNING: In some countries, it is illegal to export this package. In some countries, it may even be illegal to use it. %package unzip Updated: Wed Oct 26 10:23:42 2005 Importance: security ID: MDKSA-2005:197 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:197 %pre Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. (CAN-2005-0602) Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user. This affects versions of unzip 5.52 and lower (CAN-2005-2475) The updated packages have been patched to address these issues. %description unzip will list, test, or extract files from a ZIP archive, commonly found on MS-DOS systems. A companion program, zip, creates ZIP archives; both programs are compatible with archives created by PKWARE's PKZIP and PKUNZIP for MS-DOS, but in many cases the program options or default behaviors differ. This version also has encryption support. %package libuim0 libuim0-devel uim uim-gtk uim-qt uim-qtimmodule Updated: Wed Oct 26 11:06:25 2005 Importance: security ID: MDKSA-2005:198 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:198 %pre Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. The updated packages have been patched to address this issue. %description Uim is a multilingual input method library. Uim's project goal is to provide secure and useful input method for all languages. %package libnetpbm10 libnetpbm10-devel libnetpbm10-static-devel netpbm Updated: Wed Oct 26 11:16:42 2005 Importance: security ID: MDKSA-2005:199 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:199 %pre Pnmtopng in netpbm 10.2X, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack. Netpbm 9.2X is not affected by this vulnerability. The updated packages have been patched to correct this problem. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package mdkonline Updated: Wed Oct 26 11:31:33 2005 Importance: normal ID: MDKA-2005:048 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:048 %pre Updated mdkonline packages are now available that change the name of the main binary from MandrakeUpdate to MandrivaUpdate due to Mandriva's name change. As well, this update provides fixes the account creation and authentication based on obsolete architectures (versions prior to 2006.0). The user email address is now used as a unique login throughout all Mandriva web services. %description The Mandriva Online tool is designed for registered users who want to upload their configuration (packages, hardware infos). This allows them to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Wizard for users registration and configuration uploads, * Update daemon which allows you to install security updates automatically, * A KDE/Gnome compliant applet for security updates notification and installation. %package ethereal ethereal-tools libethereal0 tethereal Updated: Wed Oct 26 12:47:40 2005 Importance: security ID: MDKSA-2005:193-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:193-1 %pre Ethereal 0.10.13 is now available fixing a number of security vulnerabilities in various dissectors: - the ISAKMP dissector could exhaust system memory - the FC-FCS dissector could exhaust system memory - the RSVP dissector could exhaust system memory - the ISIS LSP dissector could exhaust system memory - the IrDA dissector could crash - the SLIMP3 dissector could overflow a buffer - the BER dissector was susceptible to an infinite loop - the SCSI dissector could dereference a null pointer and crash - the sFlow dissector could dereference a null pointer and crash - the RTnet dissector could dereference a null pointer and crash - the SigComp UDVM could go into an infinite loop or crash - the X11 dissector could attempt to divide by zero - if SMB transaction payload reassembly is enabled the SMB dissector could crash (by default this is disabled) - if the "Dissect unknown RPC program numbers" option was enabled, the ONC RPC dissector might be able to exhaust system memory (by default this is disabled) - the AgentX dissector could overflow a buffer - the WSP dissector could free an invalid pointer - iDEFENSE discovered a buffer overflow in the SRVLOC dissector The new version of Ethereal is provided and corrects all of these issues. %update An infinite loop in the IRC dissector was also discovered and fixed after the 0.10.13 release. The updated packages include the fix. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package apache-mod_auth_shadow Updated: Thu Oct 27 10:43:36 2005 Importance: security ID: MDKSA-2005:200 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:200 %pre The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions. This update requires an explicit "AuthShadow on" statement if website authentication should be checked against /etc/shadow. The updated packages have been patched to address this issue. %description mod_auth_shadow is an apache module which authenticates against the /etc/shadow file. You may use this module with a mode 400 root:root /etc/shadow file, while your web daemons are running under a non-privileged user. %package sudo Updated: Thu Oct 27 10:55:05 2005 Importance: security ID: MDKSA-2005:201 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:201 %pre Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed. The updated packages have been patched to correct this problem. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package ethereal ethereal-tools libethereal0 tethereal Updated: Mon Oct 31 17:56:05 2005 Importance: security ID: MDKSA-2005:193-2 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:193-2 %pre Ethereal 0.10.13 is now available fixing a number of security vulnerabilities in various dissectors: - the ISAKMP dissector could exhaust system memory - the FC-FCS dissector could exhaust system memory - the RSVP dissector could exhaust system memory - the ISIS LSP dissector could exhaust system memory - the IrDA dissector could crash - the SLIMP3 dissector could overflow a buffer - the BER dissector was susceptible to an infinite loop - the SCSI dissector could dereference a null pointer and crash - the sFlow dissector could dereference a null pointer and crash - the RTnet dissector could dereference a null pointer and crash - the SigComp UDVM could go into an infinite loop or crash - the X11 dissector could attempt to divide by zero - if SMB transaction payload reassembly is enabled the SMB dissector could crash (by default this is disabled) - if the "Dissect unknown RPC program numbers" option was enabled, the ONC RPC dissector might be able to exhaust system memory (by default this is disabled) - the AgentX dissector could overflow a buffer - the WSP dissector could free an invalid pointer - iDEFENSE discovered a buffer overflow in the SRVLOC dissector The new version of Ethereal is provided and corrects all of these issues. An infinite loop in the IRC dissector was also discovered and fixed after the 0.10.13 release. The updated packages include the fix. %update A permissions problem on the /usr/share/ethereal/dtds directory caused errors when ethereal started as a non-root user. This update corrects the problem. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package gda2.0 gda2.0-bdb gda2.0-ldap gda2.0-mysql gda2.0-odbc gda2.0-postgres gda2.0-sqlite gda2.0-xbase libgda2.0_3 libgda2.0_3-devel Updated: Tue Nov 01 11:49:40 2005 Importance: security ID: MDKSA-2005:203 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:203 %pre Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library. The updated packages have been patched to correct this issue. %description GNU Data Access is an attempt to provide uniform access to different kinds of data sources (databases, information servers, mail spools, etc). It is a complete architecture that provides all you need to access your data. libgda was part of the GNOME-DB project (http://www.gnome-db.org/), but has been separated from it to allow non-GNOME applications to be developed based on it. %package clamav clamav-db clamav-milter clamd libclamav1 libclamav1-devel Update: Mon Nov 07 14:12:19 2005 Importance: security ID: MDKSA-2005:205 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:205 %pre A number of vulnerabilities were discovered in ClamAV versions prior to 0.87.1: The OLE2 unpacker in clamd allows remote attackers to cause a DoS (segfault) via a DOC file with an invalid property tree (CVE-2005-3239) The FSG unpacker allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file (CVE-2005-3303) The tnef_attachment() function allows remote attackers to cause a DoS (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block (CVE-2005-3500) Remote attackers could cause a DoS (infinite loop) via a crafted CAB file (CVE-2005-3501) This update provides ClamAV 0.87.1 which corrects all of these issues. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package mandriva-release Update: Mon Nov 07 14:37:28 2005 Importance: normal ID: MDKA-2005:049 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:049 %pre The updated mandriva-release packages provides a fixed CREDITS file. %description Mandriva Linux release file. %package mandriva-release Update: Mon Nov 07 14:41:24 2005 Importance: normal ID: MDKA-2005:049 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:049 %pre The updated mandriva-release packages provides a fixed CREDITS file. %description Mandriva Linux release file. %package scim-qtimm Update: Wed Nov 09 14:43:34 2005 Importance: bugfix ID: MDKA-2005:050 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:050 %pre Due to a bug in the RPM requires for the scim-qtimm package, it was only installable on i586 platforms, and not on x86_64 due to differences in the naming for libqt3 (vs. lib64qt3). This update corrects the requires allowing the package to be installed on Mandriva Linux 2006/x86_64. %description SCIM context plugin for qt-immodule. %package e2fsprogs libext2fs2 libext2fs2-devel Update: Wed Nov 09 14:45:55 2005 Importance: bugfix ID: MDKA-2005:051 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:051 %pre The mklost+found program was segfaulting on Mandriva Linux 2006. This update corrects the problem. %description The e2fsprogs package contains a number of utilities for creating, checking, modifying and correcting any inconsistencies in second extended (ext2) filesystems. E2fsprogs contains e2fsck (used to repair filesystem inconsistencies after an unclean shutdown), mke2fs (used to initialize a partition to contain an empty ext2 filesystem), debugfs (used to examine the internal structure of a filesystem, to manually repair a corrupted filesystem or to create test cases for e2fsck), tune2fs (used to modify filesystem parameters) and most of the other core ext2fs filesystem utilities. You should install the e2fsprogs package if you need to manage the performance of an ext2 filesystem. %package ldetect-lst ldetect-lst-devel Update: Wed Nov 09 14:47:23 2005 Importance: normal ID: MDKA-2005:052 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:052 %pre The updated ldetect-lst packages provide five new PCI modem definitions in the hardware database. This will prevent drakconnect from misconfiguring these modems as a large number of Conexant and Smart Link modems share the same PCI ids, thus requiring additional information in the database. This package also fixes a minor bug where the PCVC840K ToUcam Pro webcam was wrongly displayed as a PCVC740K. %description The hardware device lists provided by this package are used as lookup table to get hardware autodetection %package drakx-finish-install drakxtools drakxtools-backend drakxtools-http drakxtools-newt harddrake harddrake-ui Update: Wed Nov 09 14:48:26 2005 Importance: bugfix ID: MDKA-2005:053 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:053 %pre A number of bugs have been fixed in this new drakxtools package, primarily within the drakconnect and XFdrake programs: The package requires perl-suid for fileshareset and filesharelist. Drakconnect fixes include: - don't duplicate variables (MTU, NETMASK, IPADDR) in ifcfg files - don't let interfaces with unknown drivers be configured - set hostname only after packages have been installed, thus preventing a potential failure in the graphical urpmi - workaround to have device-independant configuration files in wireless.d - workaround missing "device" link in sysfs for rt2400/rt2500 - fix zd1201 device detection Net_applet fixes include: - use disconnected icon if no route, even if wifi is associated XFdrake fixes include: - handle nvidia_legacy - prevent x11 segfaulting with nvidia driver (loading both Xorg's glx and nvidia's glx) - prevent GL applications from segfaulting when using the nv driver while nvidia packages are being installed %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakclock: date & time configurator drakfloppy: boot disk creator drakfont: import fonts in the system draklog: show extracted information from the system logs draknet_monitor: connection monitoring drakperm: msec GUI (permissions configurator) drakprinter: detect and configure your printer draksec: security options managment / msec frontend draksplash: bootsplash themes creation drakTermServ: terminal server configurator listsupportedprinters: list printers net_applet: applet to check network connection %package libungif4 libungif4-devel libungif4-static-devel libungif-progs Update: Wed Nov 09 15:02:02 2005 Importance: security ID: MDKSA-2005:207 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:207 %pre Several bugs have been discovered in the way libungif decodes GIF images. These allow an attacker to create a carefully crafted GIF image file in such a way that it could cause applications linked with libungif to crash or execute arbitrary code when the file is opened by the user. The updated packages have been patched to address this issue. %description The libungif package contains a shared library of functions for loading and saving GIF format image files. The libungif library can load any GIF file, but it will save GIFs only in uncompressed format (i.e., it won't use the patented LZW compression used to save "normal" compressed GIF files). Install the libungif package if you need to manipulate GIF files. You should also install the libungif-progs package. %package fetchmail fetchmailconf fetchmail-daemon Update: Wed Nov 09 15:11:27 2005 Importance: security ID: MDKSA-2005:209 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:209 %pre Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. fetchmailconf would create the initial output configuration file with insecure permissions and only after writing would it change permissions to be more restrictive. During that time, passwords and other data could be exposed to other users on the system unless the user used a more restrictive umask setting. As well, the Mandriva Linux 2006 packages did not contain the patch that corrected the issues fixed in MDKSA-2005:126, namely a buffer overflow in fetchmail's POP3 client (CAN-2005-2355). The updated packages have been patched to address this issue, and the Mandriva 2006 packages have also been patched to correct CAN-2005-2355. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package w3c-libwww w3c-libwww-apps w3c-libwww-devel Update: Wed Nov 09 15:33:48 2005 Importance: security ID: MDKSA-2005:210 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:210 %pre Sam Varshavchik discovered the HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. The updated packages have been patched to address this issue. %description Libwww is a general-purpose Web API written in C for Unix and Windows (Win32). With a highly extensible and layered API, it can accommodate many different types of applications including clients, robots, etc. The purpose of libwww is to provide a highly optimized HTTP sample implementation as well as other Internet protocols and to serve as a testbed for protocol experiments. See: http://www.w3.org/Consortium/Legal/copyright-software.html for further information on its license. %package lynx Update: Sat Nov 12 12:07:07 2005 Importance: security ID: MDKSA-2005:211 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:211 %pre An arbitrary command execution vulnerability was discovered in the lynx "lynxcgi:" URI handler. An attacker could create a web page that redirects to a malicious URL which could then execute arbitrary code as the user running lynx. The updated packages have been patched to address this issue. %description This a terminal based WWW browser. While it does not make any attempt at displaying graphics, it has good support for HTML text formatting, forms, and tables. This version includes support for SSL encryption. WARNING: In some countries, it is illegal to export this package. In some countries, it may even be illegal to use it. %package autofs Update: Wed Nov 16 09:44:45 2005 Importance: bugfix ID: MDKA-2005:054 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:054 %pre A problem with how autofs was linked with the LDAP libraries would cause autofs to segfault on startup. The updated package has been fixed to correct this problem. %description autofs is a daemon which automatically mounts filesystems when you use them, and unmounts them later when you are not using them. This can include network filesystems, CD-ROMs, floppies, and so forth. %package acpid Update: Wed Nov 16 09:52:44 2005 Importance: bugfix ID: MDKA-2005:055 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:055 %pre A number of bugs have been fixed in this new acpid package: Correct an error in the initscript, to look for lm_battery.sh rather than battery.sh. Correct an issue where logrotate of acpid's log files would cause the X server to consume 100% cpu. Note: In order to restart the acpid service you may have to stop X (telinit 3 if you use a graphical login, or exit X if you use startx). %description The ACPI specification defines power and system management functions for each computer, in a generic manner. The ACPI daemon coordinates the management of power and system functions when ACPI kernel support is enabled (kernel 2.3.x or later). %package libphp5_common5 php-cgi php-cli php-devel php-exif php-fcgi Update: Wed Nov 16 17:42:48 2005 Importance: security ID: MDKSA-2005:213 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:213 %pre A number of vulnerabilities were discovered in PHP: An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1. An issue with the apache2handler SAPI in mod_php could allow an attacker to cause a Denial of Service via the session.save_path option in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue does not affect Corporate Server 2.1. A Denial of Service vulnerability was discovered in the way that PHP processes EXIF image data which could allow an attacker to cause PHP to crash by supplying carefully crafted EXIF image data (CVE-2005-3353). A cross-site scripting vulnerability was discovered in the phpinfo() function which could allow for the injection of javascript or HTML content onto a page displaying phpinfo() output, or to steal data such as cookies (CVE-2005-3388). A flaw in the parse_str() function could allow for the enabling of register_globals, even if it was disabled in the PHP configuration file (CVE-2005-3389). A vulnerability in the way that PHP registers global variables during a file upload request could allow a remote attacker to overwrite the $GLOBALS array which could potentially lead the execution of arbitrary PHP commands. This vulnerability only affects systems with register_globals enabled (CVE-2005-3390). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using "service httpd restart" in order for the new packages to take effect ("service httpd2-naat restart" for MNF2). %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package file libmagic1 libmagic1-devel libmagic1-static-devel Update: Fri Nov 18 13:25:13 2005 Importance: bugfix ID: MDKA-2005:056 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:056 %pre A bug in the file program would cause it to segfault on the x86_64 architecture on certain files. This update corrects the problem. %description The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. You should install the file package, since the file command is such a useful utility. %package drakx-finish-install drakxtools drakxtools-backend drakxtools-http drakxtools-newt harddrake harddrake-ui Update: Fri Nov 18 13:30:36 2005 Importance: bugfix ID: MDKA-2005:057 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:057 %pre A number of bugs have been fixed in this new drakxtools package, primarily within the diskdrake, drakconnect and drakroam programs: Diskdrake fixes include: - handle "users" the way "user" is handled - handle dmraid-1.0.0 RC9 (#19654) Drakconnect fixes include: - don't screw up eagle-usb devices if the firmware is already loaded - fix zd1201 devices detection as well Drakroam fixes include: - remember 'restricted' wireless mode - don't crash if mandi isn't started (#19608) - fix wireless network list using iwlist (#19742) %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakclock: date & time configurator drakfloppy: boot disk creator drakfont: import fonts in the system draklog: show extracted information from the system logs draknet_monitor: connection monitoring drakperm: msec GUI (permissions configurator) drakprinter: detect and configure your printer draksec: security options managment / msec frontend draksplash: bootsplash themes creation drakTermServ: terminal server configurator listsupportedprinters: list printers net_applet: applet to check network connection %package gdk-pixbuf-loaders gtk+2.0 libgdk_pixbuf2.0_0 libgdk_pixbuf2.0_0-devel libgdk-pixbuf2 libgdk-pixbuf2-devel libgdk-pixbuf-gnomecanvas1 libgdk-pixbuf-xlib2 libgtk+2.0_0 libgtk+2.0_0-devel libgtk+-x11-2.0_0 Update: Fri Nov 18 13:41:30 2005 Importance: security ID: MDKSA-2005:214 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:214 %pre A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image rendering library could allow for arbitrary code execution. This allows an attacker to provide a carefully crafted XPM image which could possibly allow for arbitrary code execution in the context of the user viewing the image. (CVE-2005-3186) Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. (CVE-2005-2976) Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. (CVE-2005-2975) The gtk+2.0 library also contains the same gdk-pixbuf code with the same vulnerability. The Corporate Server 2.1 packages have additional patches to address CAN-2004-0782,0783,0788 (additional XPM/ICO image issues), CAN-2004-0753 (BMP image issues) and CAN-2005-0891 (additional BMP issues). These were overlooked on this platform with earlier updates. The updated packages have been patched to correct these issues. %description The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. If you are planning on using the GIMP or another program that uses GTK+, you'll need to have the gtk+ package installed. %package dkms-fuse fuse libfuse2 libfuse2-devel libfuse2-static-devel Update: Thu Nov 24 11:13:51 2005 Importance: security ID: MDKSA-2005:216 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:216 %pre Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set unauthorized mount options. This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux. The updated packages have been patched to address these problems. %description FUSE (Filesystem in USErspace) is a simple interface for userspace programs to export a virtual filesystem to the linux kernel. FUSE also aims to provide a secure method for non privileged users to create and mount their own filesystem implementations. %package eagleconnect eagle-usb Update: Fri Dec 02 10:16:04 2005 Importance: bugfix ID: MDKA-2005:058 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:058 %pre This update loads the firmware each time an eagle-usb modem is plugged in, not just when the eagle-usb module is loaded. %description Firmware and utility for the Sagem Fast 800 usb modem %package perl-Mail-SpamAssassin spamassassin spamassassin-spamc spamassassin-spamd spamassassin-tools Update: Fri Dec 02 12:26:07 2005 Importance: security ID: MDKSA-2005:221 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:221 %pre SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. Updated packages have been patched to address this issue. %description SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. SpamAssassin also includes support for reporting spam messages automatically, and/or manually, to collaborative filtering databases such as Vipul's Razor, DCC or pyzor. Install perl-Razor-Agent package to get Vipul's Razor support. Install dcc package to get Distributed Checksum Clearinghouse (DCC) support. Install pyzor package to get Pyzor support. Install perl-Mail-SPF-Query package to get SPF support. To enable spamassassin, if you are receiving mail locally, simply add this line to your ~/.procmailrc: INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc To filter spam for all users, add that line to /etc/procmailrc (creating if necessary). %package mailman Update: Fri Dec 02 12:43:23 2005 Importance: security ID: MDKSA-2005:222 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:222 %pre Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code. Updated packages are patched to correct these issues. %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain Conditional build options: mailman uid --with uid mail mailman gid --with gid mail %package webmin Update: Fri Dec 02 12:46:21 2005 Importance: security ID: MDKSA-2005:223 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:223 %pre Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package curl libcurl3 libcurl3-devel php-curl Update: Thu Dec 08 10:37:19 2005 Importance: security ID: MDKSA-2005:224 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:224 %pre Stefan Esser discovered that libcurl's URL parser function can have a malloced buffer overflows in two ways if given a too long URL. It cannot be triggered by a redirect, which makes remote exploitation unlikely, but can be passed directly to libcurl (allowing for local exploitation) and could also be used to break out of PHP's safe_mode/ open_basedir. This vulnerability only exists in libcurl and curl 7.11.2 up to and including 7.15.0, which means that Corporate Server 2.1 and Corporate 3.0 are not vulnerable. The updated packages have been patched to correct the problem. As well, updated php-curl packages are available that provide a new curl PHP module compiled against the fixed code. %description This is a dynamic shared object (DSO) for PHP that will add curl support. %package perl perl-base perl-devel perl-doc perl-suid Update: Thu Dec 08 10:42:31 2005 Importance: security ID: MDKSA-2005:225 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 %pre Jack Louis discovered a new way to exploit format string errors in the Perl programming language that could lead to the execution of arbitrary code. The updated packages are patched to close the particular exploit vector in Perl itself, to mitigate the risk of format string programming errors, however it does not fix problems that may exist in particular pieces of software written in Perl. %description Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications (and what it excels at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. You need perl-base to have a full perl. %package openvpn Update: Fri Dec 09 21:03:42 2005 Importance: security ID: MDKSA-2005:206 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:206 %pre Two Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client (CVE-2005-3393). The second DoS can occur if when in TCP server mode, OpenVPN received an error on accept(2) and the resulting exception handler causes a segfault (CVE-2005-3409). The updated packages have been patched to correct these problems. Update: Packages are now available for Mandriva Linux 2006. %description OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port. This package contains the auth-ldap plugin %package openvpn Update: Fri Dec 09 21:06:44 2005 Importance: security ID: MDKSA-2005:206-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:206-1 %pre Two Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client (CVE-2005-3393). The second DoS can occur if when in TCP server mode, OpenVPN received an error on accept(2) and the resulting exception handler causes a segfault (CVE-2005-3409). The updated packages have been patched to correct these problems. Update: Packages are now available for Mandriva Linux 2006. %description OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port. This package contains the auth-ldap plugin %package mozilla-thunderbird mozilla-thunderbird-enigmail mozilla-thunderbird-enigmime Update: Mon Dec 12 16:21:34 2005 Importance: security ID: MDKSA-2005:226 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:226 %pre A bug in enigmail, the GPG support extension for Mozilla MailNews and Mozilla Thunderbird was discovered that could lead to the encryption of an email with the wrong public key. This could potentially disclose confidential data to unintended recipients. The updated packages have been patched to prevent this problem. %description Mozilla Thunderbird is a redesign of the Mozilla mail component, written using the XUL user interface language and designed to be cross-platform. %package ethereal ethereal-tools libethereal0 tethereal Update: Wed Dec 14 13:29:26 2005 Importance: security ID: MDKSA-2005:227 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:227 %pre A stack-based buffer overflow was discovered in the OSPF dissector in Ethereal. This could potentially be abused to allow remote attackers to execute arbitrary code via crafted packets. The updated packages have been patched to prevent this problem. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package libxine1 libxine1-devel xine-aa xine-arts xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-plugins xine-polyp xine-smb Update: Wed Dec 14 14:05:35 2005 Importance: security ID: MDKSA-2005:228 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:228 %pre Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. Xine-lib is built with a private copy of ffmpeg containing this same code. (Corporate Server 2.1 is not vulnerable) The updated packages have been patched to prevent this problem. %description xine is a free gpl-licensed video player for unix-like systems. %package xmovie Update: Wed Dec 14 14:07:21 2005 Importance: security ID: MDKSA-2005:229 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:229 %pre Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. Xmovie is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. %description Introducing a movie player for MPEG-2, DVD, and Quicktime movies with stereo sound. It won't play any movies you download from the internet. What XMovie is used for is playing long, high resolution movies you capture or composite yourself with stereo sound. The other Quicktime players, well, the other player is not convenient for movies over 50 minutes and it doesn't support aspect ratios or stereo sound. XMovie plays MPEG-1/MPEG-2 system streams, MP2/MP3/AC3 audio, MPEG-1/2 video, Quicktime video (Motion JPEG A, Uncompressed RGB, Component video, Progressive JPEG, PNG, YUV 4:2:0, DV), Quicktime audio: Twos complement, IMA4, ulaw). %package libdha1.0 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Update: Wed Dec 14 14:15:21 2005 Importance: security ID: MDKSA-2005:230 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:230 %pre Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. Mplayer is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer9/Codecs %package ffmpeg libffmpeg0 libffmpeg0-devel Update: Wed Dec 14 14:17:06 2005 Importance: security ID: MDKSA-2005:231 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:231 %pre Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. The updated packages have been patched to prevent this problem. %description ffmpeg is a hyper fast realtime audio/video encoder, a streaming server and a generic audio and video file converter. It can grab from a standard Video4Linux video source and convert it into several file formats based on DCT/motion compensation encoding. Sound is compressed in MPEG audio layer 2 or using an AC3 compatible stream. %package gstreamer-ffmpeg Update: Wed Dec 14 14:24:36 2005 Importance: security ID: MDKSA-2005:232 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:232 %pre Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. Gstreamer-ffmpeg is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. %description Video codec plugin for GStreamer based on the ffmpeg libraries. %package digikam kipi-plugins libdigikam0 libdigikam0-devel Update: Fri Dec 16 12:36:20 2005 Importance: bugfix ID: MDKA-2005:059 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:059 %pre The printing functionality of DigiKam in Mandriva 2006 is flawed in that when trying to print a picture, regardless of the size, it swaps near infinitely and takes an extremely long time until the photo comes out. As well, the photo may not come out because GhostScript fails due to lack of memory. The updated packages have been patched to correct this problem. %description Digikam is a fine KDE interface for gphoto2. Designed to be a standalone application to preview and download images from a digital camera on a linux machine. %package apache-base apache-devel apache-mod_cache apache-mod_dav apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-modules apache-mod_userdir apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Mon Dec 19 11:58:37 2005 Importance: security ID: MDKSA-2005:233 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:233 %pre A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service (memory consumption) via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections. As well, this update addresses two bugs in the Mandriva 2006 Apache packges where apachectl was missing and also a segfault that occured when using the mod_ldap module. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache modules for Mandriva at: http://nux.se/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package sudo Update: Tue Dec 20 10:14:42 2005 Importance: security ID: MDKSA-2005:234 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:234 %pre Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script. In addition, other environment variables have been included in the patch that remove similar environment variables that could be used in python and ruby, scripts, among others. The updated packages have been patched to correct this problem. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package kernel-2.6.12.14mdk kernel-i586-up-1GB-2.6.12.14mdk kernel-i686-up-4GB-2.6.12.14mdk kernel-smp-2.6.12.14mdk kernel-source-2.6 kernel-source-stripped-2.6 kernel-xbox-2.6.12.14mdk kernel-xen0-2.6.12.14mdk kernel-xenU-2.6.12.14mdk Update: Wed Dec 21 12:45:15 2005 Importance: security ID: MDKSA-2005:235 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:235 %pre Multiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected in this update: A stack-based buffer overflow in the sendmsg function call in versions prior to 2.6.13.1 allow local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread (CVE-2005-2490). The raw_sendmsg function in versions prior to 2.6.13.1 allow local users to cause a DoS (change hardware state) or read from arbitrary memory via crafted input (CVE-2005-2492). The ipt_recent module in versions prior to 2.6.12 does not properly perform certain tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early (CVE-2005-2873). Multiple vulnerabilities in versions prior to 2.6.13.2 allow local users to cause a DoS (oops from null dereference) via fput in a 32bit ioctl on 64-bit x86 systems or sockfd_put in the 32-bit routing_ioctl function on 64-bit systems (CVE-2005-3044). Versions 2.6.8 to 2.6.14-rc2 allow local users to cause a DoS (oops) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference (CVE-2005-3055). drm.c in version 2.6.13 and earlier creates a debug file in sysfs with world-readable and world-writable permissions, allowing local users to enable DRM debugging and obtain sensitive information (CVE-2005-3179). The Orinoco driver in 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, allowing remote attackers to obtain sensitive information (CVE-2005-3180). Kernels 2.6.13 and earlier, when CONFIG_AUDITSYSCALL is enabled, use an incorrect function to free names_cache memory, preventing the memory from being tracked by AUDITSYSCALL code and leading to a memory leak (CVE-2005-3181). The VT implementation in version 2.6.12 allows local users to use certain IOCTLs on terminals of other users and gain privileges (CVE-2005-3257). A race condition in ip_vs_conn_flush in versions prior to 2.6.13, when running on SMP systems, allows local users to cause a DoS (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired (CVE-2005-3274). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandriva Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/security/kernelupdate %package msec Update: Thu Dec 22 11:55:30 2005 Importance: bugfix ID: MDKA-2005:060 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:060 %pre Bugs in the msec package have been corrected: msec wasn't properly parsing the output on security checks to check ownership of files, reporting files as unowned when they were in fact properly owned by a valid user. The /var/lib/msec/security.conf was no longer being generated which prevented msec from running. The updated packages have been patched to correct these problems. %description The Mandriva Linux Security package is designed to provide generic secure level to the Mandriva Linux users... It will permit you to choose between level 0 to 5 for a less -> more secured distribution. This packages includes several programs that will be run periodically in order to test the security of your system and alert you if needed. %package fetchmail fetchmailconf fetchmail-daemon Update: Fri Dec 23 14:38:33 2005 Importance: security ID: MDKSA-2005:236 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:236 %pre Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers. The updated packages have been patched to correct this problem. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package cpio Update: Fri Dec 23 15:02:06 2005 Importance: security ID: MDKSA-2005:237 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:237 %pre A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits. The updated packages have been patched to correct these problems. %description GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. %package digikamimageplugins Update: Mon Dec 26 07:53:57 2005 Importance: bugfix ID: MDKA-2005:061 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:061 %pre A previous update of DigiKam (MDKA-2005:059) bumped the version to 0.8.0. After this update, Narfi Stefansson reported that showfoto, from digikamimageplugins was crashing when trying to use "Free Rotation". This update bumps digikamimageplugins to version 0.8.0 also. %description Digikam is a fine KDE interface for digital photo management. It is designed to be a standalone application to preview, download, organize, and present images from a digital camera on a linux machine. This package contains several plug-ins to enhance Digikam's functionality. The plugins included in this package are: adjustlevels charcoal despeckle emboss filmgrain oilpaint raindrop solarize unsharp %package libphp5_common5 php-cgi php-cli php-devel php-fcgi php-mbstring Update: Tue Dec 27 11:16:31 2005 Importance: security ID: MDKSA-2005:238 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:238 %pre A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using "service httpd restart" in order for the new packages to take effect. %description This is a dynamic shared object (DSO) for PHP that will add multibyte string support. %package libgphoto2 libgphoto2-devel libgphoto-hotplug Update: Wed Dec 28 16:46:22 2005 Importance: bugfix ID: MDKA-2005:062 URL: http://www.mandriva.com/security/advisories?name=MDKA-2005:062 %pre The hotplug usermap has been restored for this package because it is used by HAL to correctly detect digital cameras which are not using USB Mass storage (for instance, all Canon digital cameras, as well as some Nikon ones and all PTP cameras). This should allow gnome-volume-manager to automatically popup a "Do you want to import photos?" dialog when the camera is plugged in. %description The gPhoto2 project is a universal, free application and library framework that lets you download images from several different digital camera models, including the newer models with USB connections. Note that a) for some older camera models you must use the old "gphoto" package. b) for USB mass storage models you must use the driver in the kernel This package contains the library that digital camera applications can use Frontends (GUI and command line) are available separately. %package cups-drivers printer-filters printer-utils Update: Fri Dec 30 13:01:19 2005 Importance: security ID: MDKSA-2005:239 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:239 %pre "newbug" discovered a local root vulnerability in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges. Mandriva encourages all users to upgrade immediately. The updated packages have been patched to correct these problems. %description This source RPM builds the printer-filters and printer-utils packages. These two packages are built by one source RPM, as many upstream source packages contain both a filter and a utility. %package nss_ldap Update: Mon Jan 02 13:06:15 2006 Importance: bugfix ID: MDKA-2006:001 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:001 %pre A bug was discovered in nss_ldap when a group has a large number of members. This was resulting in SIGABRT of 'ls -la' when attempting to add additional users to the group. Updated packages have been patched to correct the issue. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package mdkonline Update: Mon Jan 02 17:03:45 2006 Importance: bugfix ID: MDKA-2006:002 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:002 %pre A bug in the mdkupdate cron job (when automatic update mode is enabled) prevents $ENV{USER} from being defined, which kills mdkupdate before performing the updates. The mdkapplet GUI is now refreshed and doesn't stall anymore when waiting for configuration or installation operations to finish prior to re-drawing itself. %description The Mandriva Online tool is designed for registered users who want to upload their configuration (packages, hardware infos). This allows them to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Wizard for users registration and configuration uploads, * Update daemon which allows you to install security updates automatically, * A KDE/Gnome compliant applet for security updates notification and installation. %package tkcvs Update: Tue Jan 03 19:13:51 2006 Importance: security ID: MDKSA-2006:001 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:001 %pre Javier Fernandez-Sanguino Pena discovered that tkdiff created temporary files in an insecure manner. The updated packages have been patched to correct these problems. %description tkCVS is a Tk based graphical interface to the CVS configuration management system. It includes facilities for providing "user friendly" names to modules and directories within the repository, and provides a facility to interactively browse the repository looking for modules and directories. %package ethereal ethereal-tools libethereal0 tethereal Update: Tue Jan 03 19:52:35 2006 Importance: security ID: MDKSA-2006:002 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:002 %pre Three vulnerabilities were discovered in Ethereal 0.10.13: The IRC and GTP dissectors could go into an infinite loop. A buffer overflow was discovered by iDefense in the OSPF dissector. Ethereal has been upgraded to 0.10.14 which does not suffer from these problems. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package hal hal-gnome libhal0 libhal0-devel Update: Thu Jan 05 14:49:20 2006 Importance: bugfix ID: MDKA-2006:003 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:003 %pre HAL in Mandriva 2006 doesn't correctly handle card readers advertising themselves as SCSI removable disk, which was preventing HAL from correctly creating entries in fstab when the user inserts a memory card. Updated packages have been patched to address this issue. %description HAL is daemon for collection and maintaining information from several sources about the hardware on the system. It provides a live device list through D-BUS. %package libpoppler0 libpoppler0-devel libpoppler-qt0 libpoppler-qt0-devel Update: Thu Jan 05 14:51:55 2006 Importance: security ID: MDKSA-2006:003 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:003 %pre Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to "FlateDecode" stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to "CCITTFaxDecode" stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626) Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627) Possible to use index past end of array in "DCTDecode" stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in "DCTDecode" stream. (CVE-2005-3627) Poppler uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. %description Poppler is a PDF rendering library based on the xpdf-3.0 code base. %package pdftohtml Update: Thu Jan 05 15:06:43 2006 Importance: security ID: MDKSA-2006:004 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:004 %pre Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to "FlateDecode" stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to "CCITTFaxDecode" stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626) Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627) Possible to use index past end of array in "DCTDecode" stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in "DCTDecode" stream. (CVE-2005-3627) Pdftohtml uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. %description PDFTOHTML converts Portable Document Format (PDF) files to HTML format. This release converts text and links. Bold and italic face are preserved, but high level HTML structures ( like lists or tables ) are not yet generated. Images are ignored ( but you can extract them from the PDF file using pdfimages, distributed with the Xpdf package ). The current version is tested on Linux and Solaris 2.6 %package xpdf Update: Thu Jan 05 15:44:52 2006 Importance: security ID: MDKSA-2006:005 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:005 %pre Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to "FlateDecode" stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to "CCITTFaxDecode" stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626) Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627) Possible to use index past end of array in "DCTDecode" stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in "DCTDecode" stream. (CVE-2005-3627) The updated packages have been patched to correct these problems. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package apache-base apache-devel apache-mod_cache apache-mod_dav apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Thu Jan 05 16:01:29 2006 Importance: security ID: MDKSA-2006:007 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:007 %pre A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352). Also, a NULL pointer dereference flaw was found in mod_ssl that affects server configurations where an SSL virtual host was configured with access controls and a custom 400 error document. This could allow a remote attacker to send a carefully crafted request to trigger the issue and cause a crash, but only with the non-default worker MPM (CVE-2005-3357). The provided packages have been patched to prevent these problems. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache modules for Mandriva at: http://nux.se/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package koffice koffice-karbon koffice-kexi koffice-kformula koffice-kivio koffice-koshell koffice-kpresenter koffice-krita koffice-kspread koffice-kugar koffice-kword koffice-progs libkoffice2-karbon libkoffice2-karbon-devel libkoffice2-kexi libkoffice2-kexi-devel libkoffice2-kformula libkoffice2-kformula-devel libkoffice2-kivio libkoffice2-kivio-devel libkoffice2-koshell libkoffice2-kpresenter libkoffice2-krita libkoffice2-krita-devel libkoffice2-kspread libkoffice2-kspread-devel libkoffice2-kugar libkoffice2-kugar-devel libkoffice2-kword libkoffice2-kword-devel libkoffice2-progs libkoffice2-progs-devel Update: Fri Jan 06 13:07:10 2006 Importance: security ID: MDKSA-2006:008 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:008 %pre Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to "FlateDecode" stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to "CCITTFaxDecode" stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626) Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627) Possible to use index past end of array in "DCTDecode" stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in "DCTDecode" stream. (CVE-2005-3627) Koffice uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. %description Office applications for the K Desktop Environment. KOffice contains: * KWord: word processor * KSpread: spreadsheet * KPresenter: presentations * KChart: diagram generator * Kugar: A tool for generating business quality reports. * Kivio: A Visio®-style flowcharting application. * Kexi: an integrated environment for managing data * Some filters (Excel 97, Winword 97/2000, etc.) %package apache-mod_auth_pgsql Update: Fri Jan 06 16:18:10 2006 Importance: security ID: MDKSA-2006:009 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:009 %pre iDefense discovered several format string vulnerabilities in the way that mod_auth_pgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if mod_auth_pgsql is used for user authentication. The provided packages have been patched to prevent this problem. %description mod_auth_pgsql can be used to limit access to documents served by a web server by checking fields in a table in a PostgresQL database. %package kat libkat0 libkat0-devel Update: Tue Jan 10 11:55:57 2006 Importance: bugfix ID: MDKA-2006:005 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:005 %pre A number of fixes are available with this new kat update including a fix in the support of utf8 files, a number of crash situation were corrected, a double deletion that caused a crash when kat was closed was corrected, and finally the mail indexer is disabled due to problems it caused. %description Kat is an application for KDE designed to index files. Meta information, fulltext and thumbnails are extracted from documents, images, mp3 and other media allowing quick and accurate information retrieval. Similar to the Windows application WhereIsIt, but also similar to Google Desktop Search, Kat is completely written in C++, using Qt3, KDE and KIO libraries. The application is based on the extensible kfile plugin architecture of KDE in order to facilitate the creation of new media managers for emerging file formats. Kat is the first KDE application using the new fulltext kfile plugins. Information retrieval relies on the powerful SQLite3 embedded database engine. %package cups cups-common cups-serial libcups2 libcups2-devel Update: Tue Jan 10 14:12:57 2006 Importance: security ID: MDKSA-2006:010 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:010 %pre Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to "FlateDecode" stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to "CCITTFaxDecode" stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626) Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627) Possible to use index past end of array in "DCTDecode" stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in "DCTDecode" stream. (CVE-2005-3627) CUPS uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package jadetex tetex tetex-afm tetex-context tetex-devel tetex-doc tetex-dvilj tetex-dvipdfm tetex-dvips tetex-latex tetex-mfwin tetex-texi2html tetex-xdvi xmltex Update: Tue Jan 10 14:15:51 2006 Importance: security ID: MDKSA-2006:011 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:011 %pre Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to "FlateDecode" stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to "CCITTFaxDecode" stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626) Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627) Possible to use index past end of array in "DCTDecode" stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in "DCTDecode" stream. (CVE-2005-3627) Tetex uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package libxorg-x11 libxorg-x11-devel libxorg-x11-static-devel X11R6-contrib xorg-x11-100dpi-fonts xorg-x11 xorg-x11-75dpi-fonts xorg-x11-cyrillic-fonts xorg-x11-doc xorg-x11-glide-module xorg-x11-server xorg-x11-xauth xorg-x11-Xdmx xorg-x11-xfs xorg-x11-Xnest xorg-x11-Xprt xorg-x11-Xvfb Update: Thu Jan 12 13:07:21 2006 Importance: bugfix ID: MDKA-2006:006 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:006 %pre Issues have been reported with display corruption for various cards, including several ATI and Nvidia cards when using the free drivers. There was also an issue with the Greek keyboard layout. These should be corrected by the upstream 6.9.0 final, which this package is based on. Updated packages should correct these issues. %description If you want to install the X Window System (TM) on your machine, you'll need to install X11. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel. %package kdegraphics kdegraphics-common kdegraphics-kdvi kdegraphics-kfax kdegraphics-kghostview kdegraphics-kiconedit kdegraphics-kolourpaint kdegraphics-kooka kdegraphics-kpaint kdegraphics-kpdf kdegraphics-kpovmodeler kdegraphics-kruler kdegraphics-ksnapshot kdegraphics-ksvg kdegraphics-kuickshow kdegraphics-kview kdegraphics-mrmlsearch libkdegraphics0-common libkdegraphics0-common-devel libkdegraphics0-kghostview libkdegraphics0-kghostview-devel libkdegraphics0-kooka libkdegraphics0-kooka-devel libkdegraphics0-kpovmodeler libkdegraphics0-kpovmodeler-devel libkdegraphics0-ksvg libkdegraphics0-ksvg-devel libkdegraphics0-kuickshow libkdegraphics0-kview libkdegraphics0-kview-devel libkdegraphics0-mrmlsearch Update: Thu Jan 12 14:37:05 2006 Importance: security ID: MDKSA-2006:012 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:012 %pre Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to "FlateDecode" stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to "CCITTFaxDecode" stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626) Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627) Possible to use index past end of array in "DCTDecode" stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in "DCTDecode" stream. (CVE-2005-3627) Kdegraphics uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package kolab-resource-handlers Update: Thu Jan 12 15:46:28 2006 Importance: security ID: MDKSA-2006:013 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:013 %pre A problem exists in how the Kolab Server transports emails bigger than 8KB in size and if a dot (".") character exists in the wrong place. If these conditions are met, kolabfilter will double this dot and a modified email will be delivered, which could lead to broken clear-text signatures or broken attachments. The updated packages have been patched to correct these problems. %description Kolab components for group and resource management. %package libwine1 libwine1-capi libwine1-devel libwine1-twain wine Update: Mon Jan 16 13:47:34 2006 Importance: security ID: MDKSA-2006:014 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:014 %pre A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly resulting in the execution of arbitrary code with the privileges of the user runing Wine. The updated packages have been patched to correct these problems. %description Wine is a program which allows running Microsoft Windows programs (including DOS, Windows 3.x and Win32 executables) on Unix. It consists of a program loader which loads and executes a Microsoft Windows binary, and a library (called Winelib) that implements Windows API calls using their Unix or X11 equivalents. The library may also be used for porting Win32 code into native Unix executables. %package hylafax hylafax-client hylafax-server libhylafax4.2.0 libhylafax4.2.0-devel Update: Mon Jan 16 13:51:17 2006 Importance: security ID: MDKSA-2006:015 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:015 %pre Patrice Fournier discovered the faxrcvd/notify scripts (executed as the uucp/fax user) run user-supplied input through eval without any attempt at sanitising it first. This would allow any user who could submit jobs to HylaFAX, or through telco manipulation control the representation of callid information presented to HylaFAX to run arbitrary commands as the uucp/fax user. (CVE-2005-3539, only 'notify' in the covered versions) Updated packages were also reviewed for vulnerability to an issue where if PAM is disabled, a user could log in with no password. (CVE-2005-3538) In addition, some fixes to the packages for permissions, and the %pre/%post scripts were backported from cooker. (#19679) The updated packages have been patched to correct these issues. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. You need this package if you are going to install hylafax-client and/or hylafax server. Most users want mgetty-voice to be installed too. %package festival festival-devel Update: Mon Jan 16 13:55:31 2006 Importance: bugfix ID: MDKA-2006:007 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:007 %pre The festival program on x86 platforms crashes when the user attempts to use it. The updated packages are rebuilt against the correct libraries and correct this issue. %description Festival is a general multi-lingual speech synthesis system developed at CSTR. It offers a full text to speech system with various APIs, as well as an environment for development and research of speech synthesis techniques. It is written in C++ with a Scheme-based command interpreter for general control. %package clamav clamav-db clamav-milter clamd libclamav1 libclamav1-devel Update: Mon Jan 16 14:07:15 2006 Importance: security ID: MDKSA-2006:016 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:016 %pre A heap-based buffer overflow was discovered in ClamAV versions prior to 0.88 which allows remote attackers to cause a crash and possibly execute arbitrary code via specially crafted UPX files. This update provides ClamAV 0.88 which corrects this issue and also fixes some other bugs. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package OpenOffice.org-libs Update: Tue Jan 17 10:22:23 2006 Importance: bugfix ID: MDKA-2006:009 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:009 %pre Updated OpenOffice.org package correct a bug that caused a random crash when opening certain sxi files. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, forumula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Languages available in OpenOffice.org-l10n-* packages include: English, French, German, Spanish, Italian, Dutch, Swedish, Finnish, Polish, Russian, Chinese, Japanese, Korean, Danish, Greek, Turkish, Czech, Catalan, Arab, Slovak, Basque, Norwegian Bokmal, Norwegian Nynorsk, Welsh, Slovenian. Localized help files available in OpenOffice.org-help-* packages include: English, French, German, Spanish, Italian, Swedish, Russian, Finnish, Czech, Japanese, Korean, Chinese, Slovak, Basque, Slovenian. Spell-checking and hyphenation dictionaries are available in myspell-* and myspell-hyph-* packages, respectively. Please install the ones that better suit your language needs. Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. The ooffice wrapper script will install a few files in the user's home, if necessary. * oocalc: OpenOffice.org Calc * oodraw: OpenOffice.org Draw * ooimpress: OpenOffice.org Impress * oomath: OpenOffice.org Math * oowriter: OpenOffice.org Writer %package klamav Update: Tue Jan 17 11:33:17 2006 Importance: bugfix ID: MDKA-2006:010 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:010 %pre Klamav 0.32 is now available for Mandriva Linux 2006 that fixes a number of problems with the previous version: - fix the proxy configuration; password-less proxies can now be used - fix media:/ vs. devices:/ difference on different KDE versions - translation of HTML advisory files; English and Brazilian Portuguese are now available - fix translation for all programs; a new klamav.pot file generated against the full string translation code - full English and Brazilian Portuguese are now available %description KlamAV provides ClamAV protection for the KDE desktop. It includes 'on access' scanning, manual scanning, quarantine management, downloading of updates, mail scanning, and automated installation. %package kernel-2.6.12.15mdk kernel-i586-up-1GB-2.6.12.15mdk kernel-i686-up-4GB-2.6.12.15mdk kernel-smp-2.6.12.15mdk kernel-source-2.6 kernel-source-stripped-2.6 kernel-xbox-2.6.12.15mdk kernel-xen0-2.6.12.15mdk kernel-xenU-2.6.12.15mdk Update: Fri Jan 20 09:21:43 2006 Importance: security ID: MDKSA-2006:018 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:018 %pre A number of vulnerabilites have been corrected in the Linux kernel: A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783). The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784). A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805). The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifes the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806). An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808). As well, other bugfixes are included in this update: Fixes to swsup and HDA sound fixes (DMA buffer fixes, and fixes for the AD1986a codec, added support for Nvidia chipsets, and new model information for the Gigabyte K8N51). MCP51 forcedeth support has been added. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandriva Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/security/kernelupdate %package kdelibs-common kdelibs-devel-doc libkdecore4 libkdecore4-devel Update: Fri Jan 20 15:54:55 2006 Importance: security ID: MDKSA-2006:019 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:019 %pre A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpretter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site. The updated packages have been patched to correct this problem. %description Libraries for the K Desktop Environment. %package webmin Update: Mon Jan 23 11:49:03 2006 Importance: normal ID: MDKA-2006:012 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:012 %pre Michael Zaripov reported the previous webmin update points to the wrong init script for mysql. Updated packages correct this issue. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package ipsec-tools libipsec0 libipsec0-devel Update: Wed Jan 25 10:57:34 2006 Importance: security ID: MDKSA-2006:020 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:0?? %pre The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The updated packages have been patched to correct this problem. %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.6 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %package mozilla-thunderbird mozilla-thunderbird-enigmail mozilla-thunderbird-enigmime Update: Wed Jan 25 13:03:40 2006 Importance: security ID: MDKSA-2006:021 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:021 %pre GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. The updated packages have been patched to correct this problem. %description Mozilla Thunderbird is a redesign of the Mozilla mail component, written using the XUL user interface language and designed to be cross-platform. %package perl-Net_SSLeay Update: Thu Jan 26 12:10:58 2006 Importance: security ID: MDKSA-2006:023 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:023 %pre Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content. The updated packages have been patched to correct this problem. %description Net::SSLeay module for perl. %package ImageMagick ImageMagick-doc libMagick8.4.2 libMagick8.4.2-devel perl-Image-Magick Update: Thu Jan 26 12:29:53 2006 Importance: security ID: MDKSA-2006:024 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:024 %pre The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601) A format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3, and other versions, allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. (CVE-2006-0082) The updated packages have been patched to correct these issues. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. Build Options: --with plf Build for PLF (LZW compression, fpx support) --with modules Compile all supported image types as modules --with jasper Enable JPEG2000 support (enabled) --with graphviz Enable Graphviz support (enabled) %package dynamic Update: Thu Jan 26 16:00:09 2006 Importance: bugfix ID: MDKA-2006:014 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:014 %pre Dynamic was not calling scripts correctly when hardware was plugged/unplugged. Plugging a digital camera (not usb mass storage, like a Canon camera) was not creating an icon on Desktop (for GNOME) or in the Devices window (for KDE). Dynamic was also creating a "pilot" symlink in / (in addition to /dev/pilot) when a Palm was connected, and this file was not removed when the Palm was unplugged. Now, this file is not longer created. If the symlink is already on the user's system, it can safely be removed manually. Updated packages have been patched to correct the issue. %description Create desktop entries for GNOME and KDE when a new peripheral is plugged in the system (mainly USB devices). %package gthumb Update: Thu Jan 26 16:03:19 2006 Importance: bugfix ID: MDKA-2006:015 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:015 %pre A bug was discovered in gthumb were the UI (User Interface) can get corrupted when importing photos in some non-UTF8 locales (such as French). Some text strings (returned from libgphoto) where not converted into UTF-8 before being used by GTK+. Updated packages have been patched to correct the issue. %description gThumb lets you browse your hard disk, showing you thumbnails of image files. It also lets you view single files (including GIF animations), add comments to images, organize images in catalogs, print images, view slideshows, set your desktop background, and more. %package libgphoto2 libgphoto2-devel libgphoto-hotplug Update: Thu Jan 26 16:06:12 2006 Importance: bugfix ID: MDKA-2006:016 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:016 %pre A bug was discovered with libgphoto which was preventing the removal of icons on the desktop (in GNOME) or in the Devices window (in KDE) when a digital camera was unplugged. Updated packages have been patched to correct the issue. %description The gPhoto2 project is a universal, free application and library framework that lets you download images from several different digital camera models, including the newer models with USB connections. Note that a) for some older camera models you must use the old "gphoto" package. b) for USB mass storage models you must use the driver in the kernel This package contains the library that digital camera applications can use Frontends (GUI and command line) are available separately. %package mozilla-thunderbird mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmime Update: Fri Jan 27 13:34:29 2006 Importance: bugfix ID: MDKA-2006:017 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:017 %pre Recent security updates to mozilla-thunderbird did not include some changes made to the build from the community branch of 2006.0. The changes include corrections to the packaging of language files and some corrections to the uninstall scripts. New builds of the enigmail-es and enigmail-it packages are also included. Updated packages merge both of these builds. %description Mozilla Thunderbird is a redesign of the Mozilla mail component, written using the XUL user interface language and designed to be cross-platform. %package bzip2 libbzip2_1 libbzip2_1-devel Update: Mon Jan 30 11:02:50 2006 Importance: security ID: MDKSA-2006:026 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 %pre A bug was found in the way that bzgrep processed file names. If a user could be tricked into running bzgrep on a file with a special file name, it would be possible to execute arbitrary code with the privileges of the user running bzgrep. As well, the bzip2 package provided with Mandriva Linux 2006 did not the patch applied to correct CVE-2005-0953 which was previously fixed by MDKSA-2005:091; those packages are now properly patched. The updated packages have been patched to correct these problems. %description Bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and Huffman coding. Compression is generally considerably better than that achieved by more conventional LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors. The command-line options are deliberately very similar to those of GNU Gzip, but they are not identical. %package gzip Update: Mon Jan 30 12:53:57 2006 Importance: security ID: MDKSA-2006:027 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:027 %pre Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. This was previously corrected in MDKSA-2005:092, however the fix was incomplete. These updated packages provide a more comprehensive fix to the problem. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandriva Linux system, because it is a very commonly used data compression program. %package libphp5_common5 php-cgi php-cli php-devel php-fcgi Update: Wed Feb 01 12:00:50 2006 Importance: security ID: MDKSA-2006:028 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 %pre Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. (CVE-2006-0207) Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in "certain error conditions." (CVE-2006-0208). This issue does not affect Corporate Server 2.1. Updated packages are patched to address these issues. Users must execute "service httpd restart" for the new PHP modules to be loaded by Apache. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package libast2 libast2-devel Update: Thu Feb 02 10:28:32 2006 Importance: security ID: MDKSA-2006:029 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:029 %pre Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X argument. The updated packages have been patched to correct this issue. %description LibAST is the Library of Assorted Spiffy Things. It contains various handy routines and drop-in substitutes for some good-but-non-portable functions. It currently has a built-in memory tracking subsystem as well as some debugging aids and other similar tools. %package libpoppler0 libpoppler0-devel libpoppler-qt0 libpoppler-qt0-devel Update: Thu Feb 02 10:29:55 2006 Importance: security ID: MDKSA-2006:030 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:030 %pre Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue. %description Poppler is a PDF rendering library based on the xpdf-3.0 code base. %package kdegraphics kdegraphics-common kdegraphics-kdvi kdegraphics-kfax kdegraphics-kghostview kdegraphics-kiconedit kdegraphics-kolourpaint kdegraphics-kooka kdegraphics-kpaint kdegraphics-kpdf kdegraphics-kpovmodeler kdegraphics-kruler kdegraphics-ksnapshot kdegraphics-ksvg kdegraphics-kuickshow kdegraphics-kview kdegraphics-mrmlsearch libkdegraphics0-common libkdegraphics0-common-devel libkdegraphics0-kghostview libkdegraphics0-kghostview-devel libkdegraphics0-kooka libkdegraphics0-kooka-devel libkdegraphics0-kpovmodeler libkdegraphics0-kpovmodeler-devel libkdegraphics0-ksvg libkdegraphics0-ksvg-devel libkdegraphics0-kuickshow libkdegraphics0-kview libkdegraphics0-kview-devel libkdegraphics0-mrmlsearch Update: Thu Feb 02 11:17:17 2006 Importance: security ID: MDKSA-2006:031 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:031 %pre Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package xpdf Update: Thu Feb 02 11:33:56 2006 Importance: security ID: MDKSA-2006:032 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:032 %pre Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. The updated packages have been patched to correct this issue. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package OpenOffice.org OpenOffice.org-l10n-af OpenOffice.org-l10n-ar OpenOffice.org-l10n-ca OpenOffice.org-l10n-cs OpenOffice.org-l10n-cy OpenOffice.org-l10n-da OpenOffice.org-l10n-de OpenOffice.org-l10n-el OpenOffice.org-l10n-en OpenOffice.org-l10n-es OpenOffice.org-l10n-et OpenOffice.org-l10n-eu OpenOffice.org-l10n-fi OpenOffice.org-l10n-fr OpenOffice.org-l10n-he OpenOffice.org-l10n-hu OpenOffice.org-l10n-it OpenOffice.org-l10n-ja OpenOffice.org-l10n-ko OpenOffice.org-l10n-nb OpenOffice.org-l10n-nl OpenOffice.org-l10n-nn OpenOffice.org-l10n-ns OpenOffice.org-l10n-pl OpenOffice.org-l10n-pt OpenOffice.org-l10n-pt_BR OpenOffice.org-l10n-ru OpenOffice.org-l10n-sk OpenOffice.org-l10n-sl OpenOffice.org-l10n-sv OpenOffice.org-l10n-tr OpenOffice.org-l10n-zh_CN OpenOffice.org-l10n-zh_TW OpenOffice.org-l10n-zu OpenOffice.org-libs Update: Thu Feb 02 11:37:53 2006 Importance: security ID: MDKSA-2006:033 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:033 %pre OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. Updated packages are patched to address this issue. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, forumula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Languages available in OpenOffice.org-l10n-* packages include: English, French, German, Spanish, Italian, Dutch, Swedish, Finnish, Polish, Russian, Chinese, Japanese, Korean, Danish, Greek, Turkish, Czech, Catalan, Arab, Slovak, Basque, Norwegian Bokmal, Norwegian Nynorsk, Welsh, Slovenian. Localized help files available in OpenOffice.org-help-* packages include: English, French, German, Spanish, Italian, Swedish, Russian, Finnish, Czech, Japanese, Korean, Chinese, Slovak, Basque, Slovenian. Spell-checking and hyphenation dictionaries are available in myspell-* and myspell-hyph-* packages, respectively. Please install the ones that better suit your language needs. Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. The ooffice wrapper script will install a few files in the user's home, if necessary. * oocalc: OpenOffice.org Calc * oodraw: OpenOffice.org Draw * ooimpress: OpenOffice.org Impress * oomath: OpenOffice.org Math * oowriter: OpenOffice.org Writer %package openssh openssh-askpass openssh-askpass-gnome openssh-clients openssh-server Update: Mon Feb 06 12:12:43 2006 Importance: security ID: MDKSA-2006:034 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:034 %pre A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename. The provided updates bump the OpenSSH version to the latest release version of 4.3p1. A number of differences exist, primarily dealing with PAM authentication over the version included in Corporate 3.0 and MNF2. In particular, the default sshd_config now only accepts protocol 2 connections and UsePAM is now disabled by default. On systems using alternate authentication methods (ie. LDAP) that use the PAM stack for authentication, you will need to enable UsePAM. Note that the default /etc/pam.d/sshd file has also been modified to use the pam_listfile.so module which will deny access to any users listed in /etc/ssh/denyusers (by default, this is only the root user). This is required to preserve the expected behaviour when using "PermitRootLogin without-password"; otherwise it would still be possible to obtain a login prompt and login without using keys. Mandriva Linux 10.1 and newer already have these changes in their shipped versions. There are new features in OpenSSH and users are encouraged to review the new sshd_config and ssh_config files when upgrading. %description Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. You can build openssh with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] skey smartcard support (disabled) --with[out] krb5 kerberos support (enabled) --with[out] watchdog watchdog support (disabled) --with[out] x11askpass X11 ask pass support (enabled) --with[out] gnomeaskpass Gnome ask pass support (enabled) --with[out] ldap OpenLDAP support (disabled) --with[out] sftplog sftp logging support (disabled) --with[out] chroot chroot support (disabled) %package libnspr4 libnspr4-devel libnss3 libnss3-devel mozilla-firefox mozilla-firefox-devel Update: Tue Feb 07 16:10:57 2006 Importance: security ID: MDKSA-2006:037 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 %pre Mozilla and Mozilla Firefox allow remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. (CVE-2005-4134) The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. (CVE-2006-0292) The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. (CVE-2006-0296) Updated packages are patched to address these issues. %description The Mozilla Firefox project aims to build the most useful web browser for all platforms. Mozilla Firefox features: - Popup blocking built-in - Tabbed browsing, to view more than one web page in a single window - A comprehensive set of privacy options - Search tools built right into the toolbar - Live bookmarks, using RSS - "Hassle-free" downloading, with fewer prompts %package groff groff-for-man groff-gxditview groff-perl Update: Wed Feb 08 14:24:44 2006 Importance: security ID: MDKSA-2006:038 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:038 %pre The Trustix Secure Linux team discovered a vulnerability in the groffer utility, part of the groff package. It created a temporary directory in an insecure way which allowed for the exploitation of a race condition to create or overwrite files the privileges of the user invoking groffer. Likewise, similar temporary file issues were fixed in the pic2graph and eqn2graph programs which now use mktemp to create temporary files, as discovered by Javier Fernandez-Sanguino Pena. The updated packages have been patched to correct this issue. %description Groff is a document formatting system. Groff takes standard text and formatting commands as input and produces formatted output. The created documents can be shown on a display or printed on a printer. Groff's formatting commands allow you to specify font type and size, bold type, italic type, the number and size of columns on a page, and more. You should install groff if you want to use it as a document formatting system. Groff can also be used to format man pages. If you are going to use groff with the X Window System, you'll also need to install the groff-gxditview package. %package ghostscript ghostscript-dvipdf ghostscript-module-X libijs1 libijs1-devel Update: Fri Feb 10 11:46:49 2006 Importance: bugfix ID: MDKA-2006:018 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:018 %pre A number of bugs have been corrected with this latest ghostscript package including a fix when rendering imaged when converting PostScript to PDF with ps2pdf, a crash when generating PDF files with the pdfwrite device, several segfaults, a fix for vertical japanese text, and a number of other fixes. %description Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. Most applications use PostScript for printer output. You should install ghostscript if you need to display PostScript files, or if you have a non-PostScript printer. %package gnutls libgnutls11 libgnutls11-devel Update: Mon Feb 13 18:11:06 2006 Importance: security ID: MDKSA-2006:039 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:039 %pre Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls. The provided packages have been patched to correct these issues. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package libecpg5 libecpg5-devel libpq4 libpq4-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-plperl postgresql-plpgsql postgresql-plpython postgresql-pltcl postgresql-server postgresql-test Update: Tue Feb 14 11:28:17 2006 Importance: normal ID: MDKA-2006:019 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:019 %pre Various bugs in the PostgreSQL 8.0.x branch have been corrected with the latest 8.0.7 maintenance release which is being provided for Mandriva Linux 2006 users. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package kernel-2.6.12.17mdk kernel-i586-up-1GB-2.6.12.17mdk kernel-i686-up-4GB-2.6.12.17mdk kernel-smp-2.6.12.17mdk kernel-source-2.6 kernel-source-stripped-2.6 kernel-xbox-2.6.12.17mdk kernel-xen0-2.6.12.17mdk kernel-xenU-2.6.12.17mdk Update: Fri Feb 17 10:25:34 2006 Importance: security ID: MDKSA-2006:040 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:040 %pre A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The udp_v6_get_port function in udp.c, when running IPv6, allows local users to cause a Denial of Service (infinite loop and crash) (CVE-2005-2973). The mq_open system call in certain situations can decrement a counter twice as a result of multiple calls to the mntput function when the dentry_open function call fails, allowing a local user to cause a DoS (panic) via unspecified attack vectors (CVE-2005-3356). The procfs code allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value (CVE-2005-4605). A buffer overflow in sysctl allows local users to cause a DoS and possibly execute arbitrary code via a long string, which causes sysctl to write a zero byte outside the buffer (CVE-2005-4618). A buffer overflow in the CA-driver for TwinHan DST Frontend/Card allows local users to cause a DoS (crash) and possibly execute arbitrary code by reading more than eight bytes into an eight byte long array (CVE-2005-4639). dm-crypt does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key (CVE-2006-0095). Remote attackers can cause a DoS via unknown attack vectors related to an "extra dst release when ip_options_echo fails" in icmp.c (CVE-2006-0454). In addition to these security fixes, other fixes have been included such as: - support for mptsas - fix for IPv6 with sis190 - a problem with the time progressing twice as fast - a fix for Audigy 2 ZS Video Editor sample rates - a fix for a supermount crash when accessing a supermount-ed CD/DVD drive - a fix for improperly unloading sbp2 module The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandriva Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/security/kernelupdate %package bluez-hcidump Update: Fri Feb 17 11:29:48 2006 Importance: security ID: MDKSA-2006:041 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:041 %pre Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet. The updated packages have been patched to correct this issue. %description Bluetooth HCI packet dump. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Update: Fri Feb 17 11:34:58 2006 Importance: security ID: MDKSA-2006:042 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:042 %pre Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks. The updated packages have been patched to correct this issue. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package gnupg Update: Fri Feb 17 11:43:50 2006 Importance: security ID: MDKSA-2006:043 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:043 %pre Tavis Ormandy discovered it is possible to make gpg incorrectly return success when verifying an invalid signature file. The updated packages have been patched to address this issue. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package tar Update: Tue Feb 21 15:58:33 2006 Importance: security ID: MDKSA-2006:046 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:046 %pre Gnu tar versions 1.14 and above have a buffer overflow vulnerability and some other issues including: - Carefully crafted invalid headers can cause buffer overrun. - Invalid header fields go undiagnosed. - Some valid time strings are ignored. The updated packages have been patched to address this issue. %description The GNU tar program saves many files together into one archive and can restore individual files (or all of the files) from the archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive compression/ decompression, the ability to perform remote archives and the ability to perform incremental and full backups. If you want to use Tar for remote backups, you'll also need to install the rmt package. You should install the tar package, because you'll find its compression and decompression utilities essential for working with files. %package metamail Update: Wed Feb 22 16:52:10 2006 Importance: security ID: MDKSA-2006:047 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:047 %pre Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail. The updated packages have been patched to address this issue. %description Metamail is a system for handling multimedia mail, using the mailcap file. Metamail reads the mailcap file, which tells Metamail what helper program to call in order to handle a particular type of non-text mail. Note that metamail can also add multimedia support to certain non-mail programs. Metamail should be installed if you need to add multimedia support to mail programs and some other programs, using the mailcap file. %package libdha1.0 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Update: Fri Feb 24 14:03:05 2006 Importance: security ID: MDKSA-2005:048 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:048 %pre Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. The updated packages have been patched to prevent this problem. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer9/Codecs %package unzip Update: Mon Feb 27 17:58:53 2006 Importance: security ID: MDKSA-2005:050 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:050 %pre A buffer overflow was foiund in how unzip handles file name arguments. If a user could tricked into processing a specially crafted, excessively long file name with unzip, an attacker could execute arbitrary code with the user's privileges. The updated packages have been patched to address this issue. %description unzip will list, test, or extract files from a ZIP archive, commonly found on MS-DOS systems. A companion program, zip, creates ZIP archives; both programs are compatible with archives created by PKWARE's PKZIP and PKUNZIP for MS-DOS, but in many cases the program options or default behaviors differ. This version also has encryption support. %package mozilla-thunderbird mozilla-thunderbird-enigmail mozilla-thunderbird-enigmime Update: Thu Mar 02 11:30:27 2006 Importance: security ID: MDKSA-2006:052 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:052 %pre The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. Updated packages have been patched to address this issue. %description Mozilla Thunderbird is a redesign of the Mozilla mail component, written using the XUL user interface language and designed to be cross-platform. %package mozilla-thunderbird mozilla-thunderbird-enigmail mozilla-thunderbird-enigmime Update: Thu Mar 02 11:32:17 2006 Importance: security ID: MDKSA-2006:052 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:052 %pre The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. Updated packages have been patched to address this issue. %description Mozilla Thunderbird is a redesign of the Mozilla mail component, written using the XUL user interface language and designed to be cross-platform. %package libaio1 libaio1-devel libaio1-static-devel Update: Mon Mar 06 11:30:48 2006 Importance: normal ID: MDKA-2006:020 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:020 %pre The libaio package is being made available as an official/main package to provide out-of-the-box support for Oracle Express in Mandriva Linux 2006. %description The Linux-native asynchronous I/O facility ("async I/O", or "aio") has a richer API and capability set than the simple POSIX async I/O facility. This library, libaio, provides the Linux-native API for async I/O. The POSIX async I/O facility requires this library in order to provide kernel-accelerated async I/O capabilities, as do applications which require the Linux-native async I/O API. You may require this package if you want to install some DBMS. %package freeciv-client freeciv-data freeciv-server Update: Tue Mar 07 16:00:01 2006 Importance: security ID: MDKSA-2006:053 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:053 %pre A Denial of Service vulnerability was discovered in the civserver component of the freeciv game on certain incoming packets. The updated packages have been patched to fix this issue. %description Freeciv is a multiplayer strategy game, released under the GNU General Public License. It is generally comparable with Civilization II(r), published by Microprose(r). Default configuration uses the Civilization II(r) style Isometric view. If you prefer classic Civilization(r) 2-d view, invoke the client with "civclient --tiles trident". %package kdegraphics kdegraphics-common kdegraphics-kdvi kdegraphics-kfax kdegraphics-kghostview kdegraphics-kiconedit kdegraphics-kolourpaint kdegraphics-kooka kdegraphics-kpaint kdegraphics-kpdf kdegraphics-kpovmodeler kdegraphics-kruler kdegraphics-ksnapshot kdegraphics-ksvg kdegraphics-kuickshow kdegraphics-kview kdegraphics-mrmlsearch libkdegraphics0-common libkdegraphics0-common-devel libkdegraphics0-kghostview libkdegraphics0-kghostview-devel libkdegraphics0-kooka libkdegraphics0-kooka-devel libkdegraphics0-kpovmodeler libkdegraphics0-kpovmodeler-devel libkdegraphics0-ksvg libkdegraphics0-ksvg-devel libkdegraphics0-kuickshow libkdegraphics0-kview libkdegraphics0-kview-devel libkdegraphics0-mrmlsearch Update: Wed Mar 08 12:31:35 2006 Importance: security ID: MDKSA-2006:054 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:054 %pre Marcelo Ricardo Leitner discovered the official published kpdf patches for several previous xpdf vulnerabilities were lacking some hunks published by upstream xpdf. As a result, kpdf is still vulnerable to certain carefully crafted pdf files. Although previous updates captured most of these changes, this new update picks up some of the missing patches. The updated packages have been patched to correct these problems. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package gnupg Update: Mon Mar 13 12:38:22 2006 Importance: security ID: MDKSA-2006:055 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:055 %pre Another vulnerability, different from that fixed in MDKSA-2006:043 (CVE-2006-0455), was discovered in gnupg in the handling of signature files. This vulnerability is corrected in gnupg 1.4.2.2 which is being provided with this update. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package libxorg-x11 libxorg-x11-devel libxorg-x11-static-devel X11R6-contrib xorg-x11-100dpi-fonts xorg-x11 xorg-x11-75dpi-fonts xorg-x11-cyrillic-fonts xorg-x11-doc xorg-x11-glide-module xorg-x11-server xorg-x11-xauth xorg-x11-Xdmx xorg-x11-xfs xorg-x11-Xnest xorg-x11-Xprt xorg-x11-Xvfb Update: Mon Mar 20 11:06:51 2006 Importance: security ID: MDKSA-2006:056 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:056 %pre Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files. Updated packages have been patched to correct these issues. %description If you want to install the X Window System (TM) on your machine, you'll need to install X11. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel. %package libcairo2 libcairo2-devel libcairo2-static-devel Update: Mon Mar 20 13:14:19 2006 Importance: security ID: MDKSA-2006:057 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:057 %pre GNOME Evolution allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. The underlying issue is in libcairo, which is used by recent versions of Evolution for message rendering. The Corporate Desktop 3.0 version of Evolution does not use libcairo and is not vulnerable to this issue. Updated packages have been patched to correct these issues. %description Cairo provides anti-aliased vector-based rendering for X. Paths consist of line segments and cubic splines and can be rendered at any width with various join and cap styles. All colors may be specified with optional translucence (opacity/alpha) and combined using the extended Porter/Duff compositing algebra as found in the X Render Extension. Cairo exports a stateful rendering API similar in spirit to the path construction, text, and painting operators of PostScript, (with the significant addition of translucence in the imaging model). When complete, the API is intended to support the complete imaging model of PDF 1.4. Cairo relies on the Xc library for backend rendering. Xc provides an abstract interface for rendering to multiple target types. As of this writing, Xc allows Cairo to target X drawables as well as generic image buffers. Future backends such as PostScript, PDF, and perhaps OpenGL are currently being planned. %package sendmail sendmail-cf sendmail-devel sendmail-doc Update: Wed Mar 22 14:08:48 2006 Importance: security ID: MDKSA-2006:058 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:058 %pre A race condition was reported in sendmail in how it handles asynchronous signals. This could allow a remote attacker to be able to execute arbitrary code with the privileges of the user running sendmail. The updated packages have been patched to correct this problem via a patch provided by the Sendmail Consortium via CERT. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package kernel-2.6.12.18mdk kernel-BOOT-2.6.12.18mdk kernel-i586-up-1GB-2.6.12.18mdk kernel-i686-up-4GB-2.6.12.18mdk kernel-smp-2.6.12.18mdk kernel-source-2.6 kernel-source-stripped-2.6 kernel-xbox-2.6.12.18mdk kernel-xen0-2.6.12.18mdk kernel-xenU-2.6.12.18mdk Update: Wed Mar 22 14:41:25 2006 Importance: security ID: MDKSA-2006:059 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:059 %pre A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: sysctl.c in the Linux kernel prior to 2.6.14.1 allows local users to cause a Denial of Service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table (CVE-2005-2709). Multiple vulnerabilities in versions prior to 2.6.13.2 allow local users to cause a DoS (oops from null dereference) via fput in a 32bit ioctl on 64-bit x86 systems or sockfd_put in the 32-bit routing_ioctl function on 64-bit systems (CVE-2005-3044). Note that this was previously partially corrected in MDKSA-2005:235. Prior to 2.6.14, the kernel's atm module allows local users to cause a DoS (panic) via certain socket calls that produce inconsistent reference counts for loadable protocol modules (CVE-2005-3359). A race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in the 2.6.x kernel allows local users to cause a DoS (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory (CVE-2006-0457). Prior to 2.6.15.5, the kernel allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data (CVE-2006-0554). Prior to 2.6.15.5, the kernel allows local users to cause a DoS (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (CVE-2006-0555). Prior to an including kernel 2.6.16, sys_mbind in mempolicy.c does not sanity check the maxnod variable before making certain computations, which has an unknown impact and attack vectors (CVE-2006-0557). Prior to 2.6.15.5, the kernel allows local users to cause a DoS ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address" on Intel processors (CVE-2006-0741). Prior to 2.6.15.6, the die_if_kernel function in the kernel can allow local users to cause a DoS by causing user faults on Itanium systems (CVE-2006-00742). A race in the signal-handling code which allows a process to become unkillable when the race is triggered was also fixed. In addition to these security fixes, other fixes have been included such as: - add ich8 support - libata locking rewrite - libata clear ATA_QCFLAG_ACTIVE flag before calling the completion callback - support the Acer Aspire 5xxx/3xxx series in the acerhk module - USB storage: remove info sysfs file as it violates the sysfs one value per file rule - fix OOPS in sysfs_hash_and_remove_file() - pl2303 USB driver fixes; makes pl2303HX chip work correctly - fix OOPS in IPMI driver which is probably caused when trying to use ACPI functions when ACPI was not properly initialized - fix de_thread() racy BUG_ON() The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Please note that users using the LSI Logic 53c1030 dual-channel ultra 320 SCSI card will need to re-create their initrd images manually prior to rebooting in order to fix a bug that prevents booting. A future update will correct this problem. To do this, execute: # rm /boot/initrd-2.6.12-18mdk.img # mkinitrd /boot/initrd-2.6.12-18mdk.img 2.6.12-18mdk --with-module=mptspi %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandriva Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/security/kernelupdate %package freeradius libfreeradius1 libfreeradius1-devel libfreeradius1-krb5 libfreeradius1-ldap libfreeradius1-mysql libfreeradius1-postgresql libfreeradius1-unixODBC Update: Thu Mar 23 15:38:28 2006 Importance: security ID: MDKSA-2006:060 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:060 %pre An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. Updated packages have been patched to correct this issue. %description The FreeRADIUS Server Project is a high-performance and highly configurable GPL'd RADIUS server. It is somewhat similar to the Livingston 2.0 RADIUS server, but has many more features, and is much more configurable. %package dia Update: Mon Apr 03 11:19:49 2006 Importance: security ID: MDKSA-2006:062 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:062 %pre Three buffer overflows were discovered by infamous41md in dia's xfig import code. This could allow for user-complicit attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid color index, number of points, or depth. Updated packages have been patched to correct this issue. %description Dia is a program designed to be much like the Windows program 'Visio'. It can be used to draw different kind of diagrams. In this first version there is support for UML static structure diagrams (class diagrams) and Network diagrams. It can currently load and save diagrams to a custom fileformat and export to postscript. %package libphp5_common5 php-cgi php-cli php-devel php-fcgi Update: Mon Apr 03 12:02:29 2006 Importance: security ID: MDKSA-2006:063 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:063 %pre A vulnerability was discovered where the html_entity_decode() function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magic_quotes_gpc on which seems to protect against this vulnerability "out of the box" but users are encourages to upgrade regardless. Once the upgraded packages have been installed, users will need to issue a "service httpd restart" in order for the fixed packages to be properly loaded. Updated packages have been patched to correct this issue. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package libmysql14 libmysql14-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max MySQL-NDB Update: Mon Apr 03 13:12:53 2006 Importance: security ID: MDKSA-2006:064 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:064 %pre MySQL allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. Updated packages have been patched to correct this issue. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. You can build MySQL with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code (disabled), forces --with alltests --with test Initiate tests (enabled) --without test Disable test --with alltests Initiate tests for all built servers (disabled) Warning! This could take several hours... --without alltests Disable all tests %package kaffeine libkaffeine0 libkaffeine0-devel Update: Wed Apr 05 08:47:16 2006 Importance: security ID: MDKSA-2006:065 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:065 %pre Marcus Meissner discovered Kaffeine contains an unchecked buffer while creating HTTP request headers for fetching remote RAM playlists, which allows overflowing a heap allocated buffer. As a result, remotely supplied RAM playlists can be used to execute arbitrary code on the client machine. Updated packages have been patched to correct this issue. %description Kaffeine is a Xine-based Media Player for QT/KDE3. %package freeradius libfreeradius1 libfreeradius1-devel libfreeradius1-krb5 libfreeradius1-ldap libfreeradius1-mysql libfreeradius1-postgresql libfreeradius1-unixODBC Update: Wed Apr 05 14:43:48 2006 Importance: security ID: MDKSA-2006:066 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:066 %pre Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. Updated packages have been patched to correct this issue. %description The FreeRADIUS Server Project is a high-performance and highly configurable GPL'd RADIUS server. It is somewhat similar to the Livingston 2.0 RADIUS server, but has many more features, and is much more configurable. %package clamav clamav-db clamav-milter clamd libclamav1 libclamav1-devel Update: Fri Apr 07 12:13:06 2006 Importance: security ID: MDKSA-2006:067 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:067 %pre Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614). Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615). David Luyer found that ClamAV could be tricked into an invalid memory access in the cli_bitset_set() function, which could lead to a Denial of Service (CVE-2006-1630). This update provides ClamAV 0.88.1 which corrects this issue and also fixes some other bugs. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package libdha1.0 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Update: Fri Apr 07 12:38:01 2006 Importance: security ID: MDKSA-2006:068 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:068 %pre Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. The updated packages have been patched to prevent this problem. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer9/Codecs %package openvpn Update: Mon Apr 10 15:46:11 2006 Importance: security ID: MDKSA-2006:069 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:069 %pre A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. Updated packages have been patched to correct this issue by removing setenv support. %description OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port. This package contains the auth-ldap plugin %package sash Update: Mon Apr 10 16:28:12 2006 Importance: security ID: MDKSA-2006:070 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:070 %pre Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). Markus Oberhumber discovered additional ways that a specially-crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user (CVE-2005-1849). Both of these issues have previously been fixed in zlib, but sash links statically against zlib and is thus also affected by these issues. New sash packages are available that link against the updated zlib packages. %description Sash is a simple, standalone, statically linked shell which includes simplified versions of built-in commands like ls, dd and gzip. Sash is statically linked so that it can work without shared libraries, so it is particularly useful for recovering from certain types of system failures. Sash can also be used to safely upgrade to new versions of shared libraries. %package libphp5_common5 php-cgi php-cli php-devel php-fcgi Update: Mon Apr 24 10:52:46 2006 Importance: security ID: MDKSA-2006:074 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:074 %pre A cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP <= 5.1.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. (CVE-2006-0996) Directory traversal vulnerability in file.c in PHP <= 5.1.2 allows local users to bypass open_basedir restrictions and allows remote attackers to create files in arbitrary directories via the tempnam function. (CVE-2006-1494) The copy function in file.c in PHP <= 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. (CVE-2006-1608) Updated packages have been patched to address these issues. After upgrading these packages, please run "service httpd restart". %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package libnspr4 libnspr4-devel libnss3 libnss3-devel mozilla-firefox mozilla-firefox-devel Update: Mon Apr 24 16:07:48 2006 Importance: security ID: MDKSA-2006:075 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075 %pre A number of vulnerabilities have been discovered in the Mozilla Firefox browser that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other information from web pages. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the browser. As well, two crasher bugs have been fixed as well. The updated packages have been patched to fix these problems. %description The Mozilla Firefox project aims to build the most useful web browser for all platforms. Mozilla Firefox features: - Popup blocking built-in - Tabbed browsing, to view more than one web page in a single window - A comprehensive set of privacy options - Search tools built right into the toolbar - Live bookmarks, using RSS - "Hassle-free" downloading, with fewer prompts %package ethereal ethereal-tools libethereal0 tethereal Update: Tue Apr 25 13:55:05 2006 Importance: security ID: MDKSA-2006:077 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:077 %pre A number of vulnerabilities have been discovered in the Ethereal network analyzer. These issues have been corrected in Ethereal version 0.99.0 which is provided with this update. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package mozilla-thunderbird mozilla-thunderbird-enigmail mozilla-thunderbird-enigmime Update: Tue Apr 25 14:03:14 2006 Importance: security ID: MDKSA-2006:078 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 %pre A number of vulnerabilities have been discovered in the Mozilla Thunderbird email client that could allow a remote attacker to craft malicious web emails that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, or other information. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the program. As well, two crasher bugs have been fixed as well. The updated packages have been patched to fix these problems. %description Mozilla Thunderbird is a redesign of the Mozilla mail component, written using the XUL user interface language and designed to be cross-platform. %package ruby ruby-devel ruby-doc ruby-tk Update: Tue Apr 25 14:17:05 2006 Importance: security ID: MDKSA-2006:079 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:079 %pre A vulnerability in how ruby's HTTP module uses blocking sockets was reported by Yukihiro Matsumoto. By sending large amounts of data to a server application using this module, a remote attacker could exploit it to render the application unusable and not respond to other client requests. The updated packages have been patched to fix this problem. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package module-init-tools Update: Wed Apr 26 17:03:40 2006 Importance: normal ID: MDKA-2006:022 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:022 %pre The default configuration of module-init-tools was to send a HUP signal to the CUPS daemon whenever the "usblp" kernel module is loaded, for example when a USB printer is plugged in. Due to udev also sending a HUP signal to the CUPS daemon on pluggin in a USB printer there were two HUPs one shortly after the other which often makes the CUPS daemon crashing. The updated module-init-tools package removes the usblp call responsible for this bad behaviour. %description This package contains a set of programs for loading, inserting, and removing kernel modules for Linux (versions 2.5.47 and above). It serves the same function that the "modutils" package serves for Linux 2.4. %package module-init-tools Update: Sat Apr 29 10:40:48 2006 Importance: normal ID: MDKA-2006:022 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:022 %pre The default configuration of module-init-tools was to send a HUP signal to the CUPS daemon whenever the "usblp" kernel module is loaded, for example when a USB printer is plugged in. Due to udev also sending a HUP signal to the CUPS daemon on pluggin in a USB printer there were two HUPs one shortly after the other which often makes the CUPS daemon crashing. The updated module-init-tools package removes the usblp call responsible for this bad behaviour. %description This package contains a set of programs for loading, inserting, and removing kernel modules for Linux (versions 2.5.47 and above). It serves the same function that the "modutils" package serves for Linux 2.4. %package clamav clamav-db clamav-milter clamd libclamav1 libclamav1-devel Update: Mon May 01 17:45:05 2006 Importance: security ID: MDKSA-2006:080 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:080 %pre Ulf Harnhammar discovered that the freshclam tool does not do a proper check for the size of header data received from a web server. This could potentially allow a specially prepared HTTP server to exploit freshclam clients connecting to a database mirror and causing a DoS. The updated packages have been updated to Clamav 0.88.2 which corrects this problem. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package libxorg-x11 libxorg-x11-devel libxorg-x11-static-devel X11R6-contrib xorg-x11-100dpi-fonts xorg-x11 xorg-x11-75dpi-fonts xorg-x11-cyrillic-fonts xorg-x11-doc xorg-x11-glide-module xorg-x11-server xorg-x11-xauth xorg-x11-Xdmx xorg-x11-xfs xorg-x11-Xnest xorg-x11-Xprt xorg-x11-Xvfb Update: Tue May 02 15:17:13 2006 Importance: security ID: MDKSA-2006:081 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:081 %pre A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. The updated packages have been patched to correct this issue. %description If you want to install the X Window System (TM) on your machine, you'll need to install X11. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Update: Wed May 03 11:24:24 2006 Importance: security ID: MDKSA-2006:082 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:082 %pre Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these issues. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package libxorg-x11 libxorg-x11-devel libxorg-x11-static-devel xorg-x11-100dpi-fonts xorg-x11 xorg-x11-75dpi-fonts xorg-x11-cyrillic-fonts xorg-x11-doc xorg-x11-glide-module xorg-x11-server xorg-x11-xauth xorg-x11-Xdmx xorg-x11-xfs xorg-x11-Xnest xorg-x11-Xprt xorg-x11-Xvfb Update: Thu May 04 23:18:03 2006 Importance: security ID: MDKSA-2006:081 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:081 %pre A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. Update: Rafael Bermudez noticed that the patch for 2006 was mis-applied. This update resolves that issue. %description If you want to install the X Window System (TM) on your machine, you'll need to install X11. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel. %package gzip Update: Tue May 09 12:22:27 2006 Importance: normal ID: MDKA-2006:024 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:024 %pre The zgrep wrapper script does not correctly pass all available options that grep accepts to the grep binary. Updated packages have been patched to correct this issue. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandriva Linux system, because it is a very commonly used data compression program. %package gdm gdm-Xnest Update: Tue May 09 16:31:55 2006 Importance: security ID: MDKSA-2006:083 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:083 %pre A race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. Packages have been patched to correct this issue. %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package libmysql14 libmysql14-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max MySQL-NDB X11R6-contrib Update: Wed May 10 08:19:35 2006 Importance: security ID: MDKSA-2006:084 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:084 %pre The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. (CVE-2006-1516) sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. (CVE-2006-1517) Updated packages have been patched to correct these issues. %description %package xine-ui xine-ui-aa xine-ui-fb Update: Wed May 10 12:10:31 2006 Importance: security ID: MDKSA-2006:085 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:085 %pre Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. Packages have been patched to correct this issue. %description xine is a free GPL-licensed video player for UNIX-like systems. User interface for the X Window system. %package bootsplash kernel-2.6.12.21mdk kernel-BOOT-2.6.12.21mdk kernel-i586-up-1GB-2.6.12.21mdk kernel-i686-up-4GB-2.6.12.21mdk kernel-smp-2.6.12.21mdk kernel-source-2.6 kernel-source-stripped-2.6 kernel-xbox-2.6.12.21mdk kernel-xen0-2.6.12.21mdk kernel-xenU-2.6.12.21mdk mkinitrd Update: Thu May 18 13:42:04 2006 Importance: security ID: MDKSA-2006:086 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:086 %pre A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Prior to Linux kernel 2.6.16.5, the kernel does not properly handle uncanonical return addresses on Intel EM64T CPUs which causes the kernel exception handler to run on the user stack with the wrong GS (CVE-2006-0744). The selinux_ptrace logic hooks in SELinux for 2.6.6 allow local users with ptrace permissions to change the tracer SID to an SID of another process (CVE-2006-1052). Prior to 2.6.16, the ip_push_pending_frames function increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows a remote attacker to conduct an idle scan attack, bypassing any intended protection against such an attack (CVE-2006-1242). In kernel 2.6.16.1 and some earlier versions, the sys_add_key function in the keyring code allows local users to cause a DoS (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, causing an invalid dereference (CVE-2006-1522). Prior to 2.6.16.8, the ip_route_input function allows local users to cause a DoS (panic) via a request for a route for a multicast IP address, which triggers a null dereference (CVE-2006-1525). Prior to 2.6.16.13, the SCTP-netfilter code allows remote attackers to cause a DoS (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed (CVE-2006-1527). Prior to 2.6.16, local users can bypass IPC permissions and modify a read-only attachment of shared memory by using mprotect to give write permission to the attachment (CVE-2006-2071). Prior to 2.6.17, the ECNE chunk handling in SCTP (lksctp) allows remote attackers to cause a DoS (kernel panic) via an unexpected chucnk when the session is in CLOSED state (CVE-2006-2271). Prior to 2.6.17, SCTP (lksctp) allows remote attacker to cause a DoS (kernel panic) via incoming IP fragmented COOKIE_ECHO and HEARTBEAT SCTP control chunks (CVE-2006-2272). In addition to these security fixes, other fixes have been included such as: - fix a scheduler deadlock - Yenta oops fix - ftdi_sio: adds support for iPlus devices - enable kprobes on i386 and x86_64 - avoid a panic on bind mount of autofs owned directory - fix a kernel OOPs when booting with 'console=ttyUSB0' but without a USB-serial dongle plugged in - make dm-mirror not issue invalid resync requests - fix media change detection on scsi removable devices - add support for the realtek 8168 chipset - update hfsplus driver to 2.6.16 state - backport 'Gilgal' support from e1000 7.0.33 - selected ACPI video fixes - update 3w-9xxx to 2.26.02.005 (9550SX support) - fix a deadlock in the ext2 filesystem - fix usbserial use-after-free bug - add i945GM DRI support - S3 resume fixes - add ECS PF22 hda model support - SMP suspend - CPU hotplug - miscellaneous AGP fixes - added sata-suspend patch for 2.6.12 for Napa platform The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. As well, updated mkinitrd and bootsplash packages are provided to fix minor issues; users should upgrade both packages prior to installing a new kernel. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description Mkinitrd creates filesystem images for use as initial ramdisk (initrd) images. These ramdisk images are often used to preload the block device modules (SCSI or RAID) needed to access the root filesystem. In other words, generic kernels can be built without drivers for any SCSI adapters which load the SCSI driver as a module. Since the kernel needs to read those modules, but in this case it isn't able to address the SCSI adapter, an initial ramdisk is used. The initial ramdisk is loaded by the operating system loader (normally LILO) and is available to the kernel as soon as the ramdisk is loaded. The ramdisk image loads the proper SCSI adapter and allows the kernel to mount the root filesystem. The mkinitrd program creates such a ramdisk using information found in the /etc/modules.conf file. %package gstreamer-a52dec gstreamer-aalib gstreamer-alsa gstreamer-arts gstreamer-artsd gstreamer-asf gstreamer-audiofile gstreamer-audio-formats gstreamer-avi gstreamer-cairo gstreamer-cdaudio gstreamer-cdio gstreamer-cdparanoia gstreamer-colorspace gstreamer-dirac gstreamer-directfb gstreamer-dv gstreamer-dxr3 gstreamer-esound gstreamer-festival gstreamer-flac gstreamer-GConf gstreamer-gdkpixbuf gstreamer-gnomevfs gstreamer-gsm gstreamer-icecast gstreamer-jack gstreamer-jpeg gstreamer-jpegmmx gstreamer-ladspa gstreamer-libdvdnav gstreamer-libdvdread gstreamer-libvisual gstreamer-mad gstreamer-mikmod gstreamer-mms gstreamer-mng gstreamer-mpeg gstreamer-musepack gstreamer-musicbrainz gstreamer-nas gstreamer-opengl gstreamer-plugins gstreamer-polyp gstreamer-qcam gstreamer-quicktime gstreamer-raw1394 gstreamer-SDL gstreamer-sid gstreamer-sndfile gstreamer-speex gstreamer-swfdec gstreamer-v4l2 gstreamer-visualisation gstreamer-vorbis gstreamer-wavpack gstreamer-x11 libgstgconf0.8 libgstreamer-plugins0.8 libgstreamer-plugins0.8-devel Update: Sat May 20 20:56:30 2006 Importance: normal ID: MDKA-2006:025 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:025 %pre The gnome-cd program would hang on certain audio CDs due to a regression in gstreamer-cdparanoia. Updated packages have been patched to correct this issue. %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. %package kernel-2.6.12.22mdk kernel-BOOT-2.6.12.22mdk kernel-i586-up-1GB-2.6.12.22mdk kernel-i686-up-4GB-2.6.12.22mdk kernel-smp-2.6.12.22mdk kernel-source-2.6 kernel-source-stripped-2.6 kernel-xbox-2.6.12.22mdk kernel-xen0-2.6.12.22mdk kernel-xenU-2.6.12.22mdk Update: Wed May 24 08:32:58 2006 Importance: security ID: MDKSA-2006:087 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:087 %pre Memory corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed. The provided packages are patched to fix this vulnerability. Users who may be running netfilter on important servers are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandriva Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/security/kernelupdate %package hostapd Update: Wed May 24 09:31:41 2006 Importance: security ID: MDKSA-2006:088 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:088 %pre Hostapd 0.3.7 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. Packages have been patched to correct this issue. %description Hostapd is an optional user space component for Host AP driver. It adds more features to the basic IEEE 802.11 management included in the kernel driver: using external RADIUS authentication server for MAC address based access control, IEEE 802.1X Authenticator and dynamic WEP keying, RADIUS accounting. %package kphone Update: Wed May 24 09:55:26 2006 Importance: security ID: MDKSA-2006:089 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:089 %pre Kphone creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. Packages have been patched to correct this issue. %description KPhone is a SIP (Session Initiation Protocol) user agent for Linux, with which you can initiate VoIP (Voice over IP) connections over the Internet. It also supports Presence and Instant Messaging. %package libphp5_common5 php-cgi php-cli php-devel php-fcgi Update: Wed May 24 11:39:26 2006 Importance: security ID: MDKSA-2006:091 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:091 %pre An integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow (CVE-2006-1990). The substr_compare() function in PHP 5.x and 4.4.2 could allow attackers to cause a Denial of Service (memory access violation) via an out-of-bounds offset argument (CVE-2006-1991). The second vulnerability only affects Mandriva Linux 2006; earlier versions shipped with older versions of PHP that do not contain the substr_compare() function. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package libnetpbm10 libnetpbm10-devel libnetpbm10-static-devel netpbm Update: Fri May 26 07:49:00 2006 Importance: normal ID: MDKA-2006:026 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:026 %pre The pnmtopalm program, part of netpbm, crashes on many images. (#21020) The pnmtofits program, part of netpbm, crashes during conversion. (#21444) Updated packages have been patched to correct these issues. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package mpg123 Update: Fri May 26 09:31:37 2006 Importance: security ID: MDKSA-2006:092 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:092 %pre An unspecified vulnerability in mpg123 0.59r allows user-complicit attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. Packages have been patched to correct this issue. %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org/ %package dia Update: Tue May 30 05:00:54 2006 Importance: security ID: MDKSA-2006:093 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:093 %pre A format string vulnerability in Dia allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms inputs that are automatically process by Dia, such as a crafted .dia file. (CVE-2006-2480) Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. (CVE-2006-2453) Packages have been patched to correct this issue. %description Dia is a program designed to be much like the Windows program 'Visio'. It can be used to draw different kind of diagrams. In this first version there is support for UML static structure diagrams (class diagrams) and Network diagrams. It can currently load and save diagrams to a custom fileformat and export to postscript. %package evolution evolution-devel evolution-pilot Update: Thu Jun 01 07:04:43 2006 Importance: security ID: MDKSA-2006:094 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:094 %pre Evolution, as shipped in Mandriva Linux 2006.0, can crash displaying certain carefully crafted images, if the "Load images if sender is in address book" option in enabled in Edit | Preferences | Mail Preferences | HTML. Packages have been patched to correct this issue. %description Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. %package libxorg-x11 libxorg-x11-devel libxorg-x11-static-devel X11R6-contrib xorg-x11-100dpi-fonts xorg-x11 xorg-x11-75dpi-fonts xorg-x11-cyrillic-fonts xorg-x11-doc xorg-x11-glide-module xorg-x11-server xorg-x11-xauth xorg-x11-Xdmx xorg-x11-xfs xorg-x11-Xnest xorg-x11-Xprt xorg-x11-Xvfb Update: Mon Jun 05 14:52:51 2006 Importance: bugfix ID: MDKA-2006:027 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:027 %pre A misapplied patch in a recent X.org updated caused keyboard layout problems which resulted in some users being unable to use the CTRL-ALT-function key combination to switch to a console, as well as other keyboard mapping issues. Updated packages have been re-patched to correct these issues. %description If you want to install the X Window System (TM) on your machine, you'll need to install X11. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Update: Mon Jun 05 16:30:32 2006 Importance: security ID: MDKSA-2006:095 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:095 %pre A stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid, and there may not be a common scenario under which tiffsplit is called with attacker-controlled command line arguments. The updated packages have been patched to correct this issue. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package libldap2.3_0 libldap2.3_0-devel libldap2.3_0-static-devel openldap openldap-clients openldap-doc openldap-servers Update: Wed Jun 07 09:48:21 2006 Importance: security ID: MDKSA-2006:096 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:096 %pre A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow attackers to execute arbitrary code via a long hostname. Packages have been patched to correct this issue. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd) and stand-alone LDAP replication server (slurpd) which are in the -servers package, libraries for implementing the LDAP protocol (in the lib packages), and utilities, tools, and sample clients (in the -clients package). The openldap binary package includes configuration files used by the libraries. Install openldap if you need LDAP applications and tools. %package libmysql14 libmysql14-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max MySQL-NDB Update: Wed Jun 07 10:29:01 2006 Importance: security ID: MDKSA-2006:097 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:097 %pre SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been patched to correct this issue. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. You can build MySQL with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code (disabled), forces --with alltests --with test Initiate tests (enabled) --without test Disable test --with alltests Initiate tests for all built servers (disabled) Warning! This could take several hours... --without alltests Disable all tests %package libecpg5 libecpg5-devel libpq4 libpq4-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-plperl postgresql-plpgsql postgresql-plpython postgresql-pltcl postgresql-server postgresql-test Update: Wed Jun 07 11:28:36 2006 Importance: security ID: MDKSA-2006:098 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:098 %pre PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." (CVE-2006-2313) PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. (CVE-2006-2314) Packages have been patched or updated to correct these issues. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libfreetype6 libfreetype6-devel libfreetype6-static-devel Update: Mon Jun 12 10:21:16 2006 Importance: security ID: MDKSA-2006:099 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:099 %pre Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. (CVE-2006-0747) Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. (CVE-2006-1861) Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. (CVE-2006-2661) In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious bug in ttkern.c that caused some programs to go into an infinite loop when dealing with fonts that don't have a properly sorted kerning sub-table. This patch is not applicable to the earlier Mandriva releases. Packages have been patched to correct this issue. %description The FreeType2 engine is a free and portable TrueType font rendering engine. It has been developed to provide TT support to a great variety of platforms and environments. Note that FreeType2 is a library, not a stand-alone application, though some utility applications are included %package libfreetype6 libfreetype6-devel libfreetype6-static-devel Update: Tue Jun 13 18:42:07 2006 Importance: security ID: MDKSA-2006:099-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:099-1 %pre Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. (CVE-2006-0747) Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. (CVE-2006-1861) Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. (CVE-2006-2661) In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious bug in ttkern.c that caused some programs to go into an infinite loop when dealing with fonts that don't have a properly sorted kerning sub-table. This patch is not applicable to the earlier Mandriva releases. Update: The previous update introduced some issues with other applications and libraries linked to libfreetype, that were missed in testing for the vulnerabilty issues. The new packages correct these issues. %description The FreeType2 engine is a free and portable TrueType font rendering engine. It has been developed to provide TT support to a great variety of platforms and environments. Note that FreeType2 is a library, not a stand-alone application, though some utility applications are included %package gdm gdm-Xnest Update: Tue Jun 13 19:02:19 2006 Importance: security ID: MDKSA-2006:100 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:100 %pre A vulnerability in gdm could allow a user to activate the gdm setup program if the administrator configured a gdm theme that provided a user list. The user could do so by choosing the setup option from the menu, clicking the user list, then entering his own password instead of root's. The updated packages have been patched to correct this issue. %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Update: Wed Jun 14 12:18:03 2006 Importance: security ID: MDKSA-2006:102 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 %pre A buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in a sprintf call. Corporate Server 3 and Corporate Desktop 3 are not affected by this vulnerability as tiff2pdf was not part of the libtiff version shipped in those products. The updated packages have been patched to correct this issue. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package perl-Mail-SpamAssassin spamassassin spamassassin-spamc spamassassin-spamd spamassassin-tools Update: Wed Jun 14 12:31:35 2006 Importance: security ID: MDKSA-2006:103 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:103 %pre A flaw was discovered in the way that spamd processes the virtual POP usernames passed to it. If running with the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running spamd. By default, the Spamassassin packages do not start spamd with either of these flags and this usage is uncommon. The updated packages have been patched to correct this issue. %description SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. SpamAssassin also includes support for reporting spam messages automatically, and/or manually, to collaborative filtering databases such as Vipul's Razor, DCC or pyzor. Install perl-Razor-Agent package to get Vipul's Razor support. Install dcc package to get Distributed Checksum Clearinghouse (DCC) support. Install pyzor package to get Pyzor support. Install perl-Mail-SPF-Query package to get SPF support. To enable spamassassin, if you are receiving mail locally, simply add this line to your ~/.procmailrc: INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc To filter spam for all users, add that line to /etc/procmailrc (creating if necessary). %package sendmail sendmail-cf sendmail-devel sendmail-doc Update: Wed Jun 14 18:45:00 2006 Importance: security ID: MDKSA-2006:104 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:104 %pre A vulnerability in the way Sendmail handles multi-part MIME messages was discovered that could allow a remote attacker to create a carefully crafted message that could crash the sendmail process during delivery. The updated packages have been patched to correct these issues. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package kdebase kdebase-common kdebase-kate kdebase-kcontrol-data kdebase-kcontrol-nsplugins kdebase-kdeprintfax kdebase-kdm kdebase-kdm-config-file kdebase-kmenuedit kdebase-konsole kdebase-nsplugins kdebase-progs libkdebase4 libkdebase4-devel libkdebase4-kate libkdebase4-kate-devel libkdebase4-kmenuedit libkdebase4-konsole Update: Thu Jun 15 14:25:07 2006 Importance: security ID: MDKSA-2006:105 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:105 %pre A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. The updated packages have been patched to correct these issues. %description Core applications for the K Desktop Environment. Here is an overview of the directories: - drkonqi: if ever an app crashes (heaven forbid!) then Dr.Konqi will be so kind and make a stack trace. This is a great help for the developers to fix the bug. - kappfinder: searches your hard disk for non-KDE applications, e.g. Acrobat Reader (tm) and installs those apps under the K start button - kate: a fast and advanced text editor with nice plugins - kcheckpass: small program to enter and check passwords, only to be used by other programs - kcontrol: the KDE Control Center allows you to tweak the KDE settings - kdcop: GUI app to browse for DCOP interfaces, can also execute them - kdebugdialog: allows you to specify which debug messages you want to see - kdeprint: the KDE printing system - kdesktop: you guessed it: the desktop above the panel - kdesu: a graphical front end to "su" - kdm: replacement for XDM, for those people that like graphical logins - kfind: find files - khelpcenter: the app to read all great documentation about KDE - khotkeys: intercepts keys and can call applications - kicker: the panel at the botton with the K start button and the taskbar etc - kioslave: infrastructure that helps make every application internet enabled e.g. to directly save a file to ftp://place.org/dir/file.txt - klipper: enhances and extenses the X clipboard - kmenuedit: edit for the menu below the K start button - konqueror: the file manager and web browser you get easily used to - kpager: applet to show the contents of the virtual desktops - kpersonalizer: the customization wizard you get when you first start KDE - kreadconfig: a tool for shell scripts to get info from KDE's config files - kscreensaver: the KDE screensaver environment and lot's of savers - ksmserver: the KDE session manager (saves program status on login, restarts those program at the next login) - ksplash: the screen displayed while KDE starts - kstart: to launch applications with special window properties such as iconified etc - ksysguard: task manager and system monitor, even for remote systems - ksystraycmd: allows to run any application in the system tray - ktip: gives you tips how to use KDE - kwin: the KDE window manager - kxkb: a keyboard map tool - legacyimport: odd name for a cute program to load GTK themes - libkonq: some libraries needed by Konqueror - nsplugins: together with OSF/Motif or Lesstif allows you to use Netscape (tm) plugins in Konqueror %package arts libarts1 libarts1-devel Update: Tue Jun 20 16:00:42 2006 Importance: security ID: MDKSA-2006:107 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:107 %pre A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their system could be at risk, The updated packages have been patched to correct these issues. %description aRts is a short form for "analog realtime synthesizer". The idea of the whole thing is to create/process sound using small modules which do certain tasks. These may be create a waveform (oscillators), play samples, filter data, add signals, perform effects like delay/flanger/chorus, or output the data to the soundcard. %package libxine1 libxine1-devel xine-aa xine-arts xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-plugins xine-polyp xine-smb Update: Tue Jun 20 16:02:07 2006 Importance: security ID: MDKSA-2006:108 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:108 %pre A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802) In addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue. The updated packages have been patched to correct these issues. %description xine is a free gpl-licensed video player for unix-like systems. %package libwv2_1 libwv2_1-devel Update: Tue Jun 20 16:04:07 2006 Importance: security ID: MDKSA-2006:109 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:109 %pre A boundary checking error was discovered in the wv2 library, used for accessing Microsoft Word documents. This error can lead to an integer overflow induced by processing certain Word files. The updated packages have been patched to correct these issues. %description wvWare is the continuation of Caolan McNamara's wv - the MSWord library. Efforts are underway to make this library more correct, robust, and turn it into a Word97 exporter. %package gnupg gnupg2 Update: Tue Jun 20 16:04:57 2006 Importance: security ID: MDKSA-2006:110 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:110 %pre A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length. The updated packages have been patched to correct these issues. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package libmysql14 libmysql14-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max MySQL-NDB Update: Fri Jun 23 07:33:35 2006 Importance: security ID: MDKSA-2006:111 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:111 %pre Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been patched to correct this issue. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. You can build MySQL with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code (disabled), forces --with alltests --with test Initiate tests (enabled) --without test Disable test --with alltests Initiate tests for all built servers (disabled) Warning! This could take several hours... --without alltests Disable all tests %package gd-utils libgd2 libgd2-devel libgd2-static-devel Update: Tue Jun 27 16:11:02 2006 Importance: security ID: MDKSA-2006:112 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:112 %pre The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. gd-2.0.15 in Corporate 3.0 is not affected by this issue. Packages have been patched to correct this issue. %description gd is a graphics library. It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. This is particularly useful in World Wide Webapplications, where PNG and JPEG are two of the formats accepted for inlineimages by most browsers. gd is not a paint program. If you are looking for a paint program, you are looking in the wrong place. If you are not a programmer, you are looking in the wrong place. gd does not provide for every possible desirable graphics operation. It is not necessary or desirable for gd to become a kitchen-sink graphics package, but version 1.7.3 incorporates most of the commonly requested features for an 8-bit 2D package. %package jadetex tetex tetex-afm tetex-context tetex-devel tetex-doc tetex-dvilj tetex-dvipdfm tetex-dvips tetex-latex tetex-mfwin tetex-texi2html tetex-xdvi xmltex Update: Tue Jun 27 16:22:39 2006 Importance: security ID: MDKSA-2006:113 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:113 %pre Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Tetex contains an embedded copy of the GD library code. (CAN-2004-0941) The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. Tetex contains an embedded copy of the GD library code. (CVE-2006-2906) Updated packages have been patched to address both issues. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package libwmf0.2_7 libwmf0.2_7-devel libwmf Update: Tue Jun 27 18:38:57 2006 Importance: security ID: MDKSA-2006:114 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:114 %pre Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Libwmf contains an embedded copy of the GD library code. (CAN-2004-0941) Updated packages have been patched to address this issue. %description libwmf is a library for unix like machines that can convert wmf files into other formats, currently it supports a gd binding to convert to gif, and an X one to draw direct to an X window or pixmap. %package mutt mutt-utf8 Update: Wed Jun 28 15:47:53 2006 Importance: security ID: MDKSA-2006:115 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:115 %pre A stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. Updated packages have been patched to address this issue. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package libwmf0.2_7 libwmf0.2_7-devel libwmf Update: Thu Jun 29 11:33:57 2006 Importance: security ID: MDKSA-2006:114 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:114 %pre Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. (CVE-2004-0941) Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Libwmf contains an embedded copy of the GD library code. (CVE-2004-0990) Update: The previous update incorrectly attributed the advisory text to CVE-2004-0941, while it should have been CVE-2004-0990. Additional review of the code found fixes for CVE-2004-0941 were missing and have also been included in this update. %description libwmf is a library for unix like machines that can convert wmf files into other formats, currently it supports a gd binding to convert to gif, and an X one to draw direct to an X window or pixmap. %package libmms0 libmms0-devel Update: Thu Jul 06 15:05:17 2006 Importance: security ID: MDKSA-2006:117 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:117 %pre Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Libmms uses the same vulnerable code. The updated packages have been patched to correct this issue. %description Libmms is a library implementing the mms streaming protocol. %package OpenOffice.org OpenOffice.org-help-cs OpenOffice.org-help-de OpenOffice.org-help-en OpenOffice.org-help-es OpenOffice.org-help-eu OpenOffice.org-help-fi OpenOffice.org-help-fr OpenOffice.org-help-it OpenOffice.org-help-ja OpenOffice.org-help-ko OpenOffice.org-help-nl OpenOffice.org-help-pt_BR OpenOffice.org-help-ru OpenOffice.org-help-sk OpenOffice.org-help-sl OpenOffice.org-help-sv OpenOffice.org-help-tr OpenOffice.org-help-zh_CN OpenOffice.org-help-zh_TW OpenOffice.org-l10n-af OpenOffice.org-l10n-ar OpenOffice.org-l10n-ca OpenOffice.org-l10n-cs OpenOffice.org-l10n-cy OpenOffice.org-l10n-da OpenOffice.org-l10n-de OpenOffice.org-l10n-el OpenOffice.org-l10n-en OpenOffice.org-l10n-es OpenOffice.org-l10n-et OpenOffice.org-l10n-eu OpenOffice.org-l10n-fi OpenOffice.org-l10n-fr OpenOffice.org-l10n-he OpenOffice.org-l10n-hu OpenOffice.org-l10n-it OpenOffice.org-l10n-ja OpenOffice.org-l10n-ko OpenOffice.org-l10n-nb OpenOffice.org-l10n-nl OpenOffice.org-l10n-nn OpenOffice.org-l10n-ns OpenOffice.org-l10n-pl OpenOffice.org-l10n-pt OpenOffice.org-l10n-pt_BR OpenOffice.org-l10n-ru OpenOffice.org-l10n-sk OpenOffice.org-l10n-sl OpenOffice.org-l10n-sv OpenOffice.org-l10n-tr OpenOffice.org-l10n-zh_CN OpenOffice.org-l10n-zh_TW OpenOffice.org-l10n-zu OpenOffice.org-libs Update: Fri Jul 07 12:40:23 2006 Importance: security ID: MDKSA-2006:118 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:118 %pre OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. (CVE-2006-2198) An unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. (CVE-2006-2199) Heap-based buffer overflow in OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." (CVE-2006-3117) Updated packages are patched to address this issue. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, forumula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Languages available in OpenOffice.org-l10n-* packages include: English, French, German, Spanish, Italian, Dutch, Swedish, Finnish, Polish, Russian, Chinese, Japanese, Korean, Danish, Greek, Turkish, Czech, Catalan, Arab, Slovak, Basque, Norwegian Bokmal, Norwegian Nynorsk, Welsh, Slovenian. Localized help files available in OpenOffice.org-help-* packages include: English, French, German, Spanish, Italian, Swedish, Russian, Finnish, Czech, Japanese, Korean, Chinese, Slovak, Basque, Slovenian. Spell-checking and hyphenation dictionaries are available in myspell-* and myspell-hyph-* packages, respectively. Please install the ones that better suit your language needs. Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. The ooffice wrapper script will install a few files in the user's home, if necessary. * oocalc: OpenOffice.org Calc * oodraw: OpenOffice.org Draw * ooimpress: OpenOffice.org Impress * oomath: OpenOffice.org Math * oowriter: OpenOffice.org Writer %package ppp ppp-devel ppp-dhcp ppp-pppoatm ppp-pppoe ppp-prompt ppp-radius Update: Mon Jul 10 20:21:52 2006 Importance: security ID: MDKA-2006:119 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:119 %pre Marcus Meissner discovered that pppd's winbind plugin did not check for the result of the setuid() call which could allow an attacker to exploit this on systems with certain PAM limits enabled to execute the NTLM authentication helper as root. This could possibly lead to privilege escalation dependant upon the local winbind configuration. Updated packages have been patched ot correct this issue. %description The ppp package contains the PPP (Point-to-Point Protocol) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. The ppp package should be installed if your machine need to support the PPP protocol. %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-passdb-mysql samba-passdb-pgsql samba-passdb-xml samba-server samba-smbldap-tools samba-swat samba-vscan-clamav samba-vscan-icap samba-winbind Update: Mon Jul 10 20:36:10 2006 Importance: security ID: MDKA-2006:120 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:120 %pre A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections. Updated packages have been patched to correct this issue. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package cups cups-common cups-serial libcups2 libcups2-devel Update: Tue Jul 11 12:05:06 2006 Importance: bugfix ID: MDKA-2006:028 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:028 %pre A bug in the cupsd initscript could prevent a system from coming fully online if the CUPS daemon does not get actually started (for example if CUPS config or cache file are corrupted or port 631 blocked) by continuously attempting to see if the cups server is available without a timeout. Updated packages are provided that correct the issue. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libmms0 libmms0-devel Update: Wed Jul 12 11:38:56 2006 Importance: security ID: MDKSA-2006:117-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:117-1 %pre Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Libmms uses the same vulnerable code. Update: The previous update for libmms had an incorrect/incomplete patch. This update includes a more complete fix for the issue. %description Libmms is a library implementing the mms streaming protocol. %package libxine1 libxine1-devel xine-aa xine-arts xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-plugins xine-polyp xine-smb Update: Wed Jul 12 11:53:27 2006 Importance: security ID: MDKSA-2006:121 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:121 %pre Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Xine-lib contains an embedded copy of the same vulnerable code. The updated packages have been patched to correct this issue. %description xine is a free gpl-licensed video player for unix-like systems. %package libphp5_common5 php-cgi php-cli php-curl php-devel php-fcgi php-imap Update: Thu Jul 13 07:59:31 2006 Importance: security ID: MDKSA-2006:122 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 %pre Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. One instance in gd_io_dp.c does not appear to be corrected in the embedded copy of GD used in php to build the php-gd package. (CVE-2004-0941) Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. PHP, as packaged in Mandriva Linux, contains an embedded copy of the GD library, used to build the php-gd package. (CVE-2004-0990) The c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and 5.x, when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. (CVE-2006-1017) Integer overflow in the wordwrap function in string.c in might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. (CVE-2006-1990) The previous update for this issue did not resolve the issue on 64bit platforms. The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing nul characters. (CVE-2006-2563) Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. (CVE-2006-2660) The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. PHP, as packaged in Mandriva Linux, contains an embedded copy of the GD library, used to build the php-gd package. (CVE-2006-2906) The error_log function in PHP allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. (CVE-2006-3011) An unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names", including special characters that are frequently associated with CRLF injection, SQL injection, and cross-site scripting (XSS) vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). (CVE-2006-3016) An unspecified vulnerability in PHP before 5.1.3 can prevent a variable from being unset even when the unset function is called, which might cause the variable's value to be used in security-relevant operations. (CVE-2006-3017) An unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unkown impact and attack vectors related to heap corruption. (CVE-2006-3018) The GD related issues (CVE-2004-0941, CVE-2004-0990, CVE-2006-2906) affect only Corporate 3 and Mandrake Network Firewall 2. The php-curl issue (CVE-2006-2563) affects only Mandriva 2006.0. Updated packages have been patched to address all these issues. Once these packages have been installed, you will need to restart Apache (service httpd restart) in order for the changes to take effect. %description This is a dynamic shared object (DSO) for PHP that will add IMAP support. %package drbd-utils drbd-utils-heartbeat kernel-2.6.12.23mdk kernel-BOOT-2.6.12.23mdk kernel-i586-up-1GB-2.6.12.23mdk kernel-i686-up-4GB-2.6.12.23mdk kernel-smp-2.6.12.23mdk kernel-source-2.6.12.23mdk kernel-source-stripped-2.6.12.23mdk kernel-xbox-2.6.12.23mdk kernel-xen0-2.6.12.23mdk kernel-xenU-2.6.12.23mdk Update: Thu Jul 13 09:52:31 2006 Importance: security ID: MDKSA-2006:123 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:123 %pre A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The kernel did not clear sockaddr_in.sin_zero before returning IPv4 socket names for the getsockopt function, which could allow a local user to obtain portions of potentially sensitive memory if getsockopt() is called with SO_ORIGINAL_DST (CVE-2006-1343). Prior to 2.6.16, a buffer overflow in the USB Gadget RNDIS implementation could allow a remote attacker to cause a Denial of Service via a remote NDIS response (CVE-2006-1368). Prior to 2.6.13, local users could cause a Denial of Service (crash) via a dio transfer from the sg driver to memory mapped IO space (CVE-2006-1528). Prior to and including 2.6.16, the kernel did not add the appropriate LSM file_permission hooks to the readv and writev functions, which could allow an attacker to bypass intended access restrictions (CVE-2006-1856). Prior to 2.6.16.17, a buffer oveflow in SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk (CVE-2006-1857). Prior to 2.6.16.17, SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters (CVE-2006-1858). Prior to 2.6.16.16, a memory leak in fs/locks.c could allow an attacker to cause a DoS (memory consumption) via unspecified actions (CVE-2006-1859). Prior to 2.6.16.16, lease_init in fs/locks.c could allow an attacker to cause a DoS (fcntl_setlease lockup) via certain actions (CVE-2006-1860). Prior to 2.6.17, SCTP allowed remote attackers to cause a DoS (infinite recursion and crash) via a packet that contains two or more DATA fragments (CVE-2006-2274). Prior to 2.6.16.21, a race condition in run_posix_cpu timers could allow a local user to cause a DoS (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting (CVE-2006-2445). Prior to 2.6.17.1, xt_sctp in netfilter could allow an attacker to cause a DoS (infinite loop) via an SCTP chunk with a 0 length (CVE-2006-3085). As well, an issue where IPC could hit an unmapped vmalloc page when near the page boundary has been corrected. In addition to these security fixes, other fixes have been included such as: - avoid automatic update of kernel-source without updating the kernel - fix USB EHCI handoff code, which made some machines hang while booting - disable USB_BANDWIDTH which corrects a known problem in some USB sound devices - fix a bluetooth refcounting bug which could hang the machine - fix a NULL pointer dereference in USB-Serial's serial_open() function - add missing wakeup in pl2303 TIOCMIWAIT handling - fix a possible user-after-free in USB-Serial core - suspend/resume fixes - HPET timer fixes - prevent fixed button event to reach userspace on S3 resume - add sysfs support in ide-tape - fix ASUS P5S800 reboot Finally, a new drbd-utils package is provided that is a required upgrade with this new kernel due to a logic bug in the previously shipped version of drbd-utils that could cause a kernel panic on the master when a slave went offline. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandriva Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/security/kernelupdate %package kernel-2.6.12.24mdk kernel-BOOT-2.6.12.24mdk kernel-i586-up-1GB-2.6.12.24mdk kernel-i686-up-4GB-2.6.12.24mdk kernel-smp-2.6.12.24mdk kernel-source-2.6.12.24mdk kernel-source-stripped-2.6.12.24mdk kernel-xbox-2.6.12.24mdk kernel-xen0-2.6.12.24mdk kernel-xenU-2.6.12.24mdk Update: Tue Jul 18 09:37:48 2006 Importance: security ID: MDKSA-2006:124 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:124 %pre A race condition in the Linux kernel 2.6.17.4 and earlier allows local users to obtain root privileges due to a race condition in the /proc filesystem. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandriva Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/security/kernelupdate %package webmin Update: Tue Jul 18 15:04:38 2006 Importance: security ID: MDKSA-2006:1?? URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:1?? %pre Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files. NOTE: This is a different issue than CVE-2006-3274. Updated packages have been patched to correct this issue. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package libtunepimp2 libtunepimp2-devel libtunepimp2-static-devel libtunepimp2-utils Update: Tue Jul 18 15:33:30 2006 Importance: security ID: MDKSA-2006:126 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:126 %pre Kevin Kofler discovered multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote user-complicit attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release date (MBE_ReleaseGetDate), (2) data, or (3) error strings. Updated packages have been patched to correct this issue. %description The TunePimp library (also referred to as libtunepimp) is a development library geared towards developers who wish to create MusicBrainz enabled tagging applications. %package gimp gimp-python libgimp2.0_0 libgimp2.0-devel Update: Tue Jul 18 15:34:15 2006 Importance: security ID: MDKSA-2006:127 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:127 %pre A buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp 2.2.x allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. Updated packages have been patched to correct this issue. %description The GIMP is an image manipulation program suitable for photo retouching, image composition and image authoring. Many people find it extremely useful in creating logos and other graphics for web pages. The GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. This version of The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP ftp site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package. Get them in ftp://ftp.gimp.org/pub/gimp/fonts/ if you are so inclined. Alternatively, choose fonts which exist on your system before running the scripts. Build Options: --without python Disable pygimp (default enabled) --with mmx Enable MMX code support (default disabled) --with sse Enable SSE code support (default disabled) --with lzw Enable LZW compression in GIF (default disabled) %package libwireshark0 tshark wireshark wireshark-tools Update: Tue Jul 18 16:02:29 2006 Importance: security ID: MDKSA-2006:128 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:128 %pre A number of vulnerabilities have been discovered in the Wireshark (formerly Ethereal) network analyzer. These issues have been corrected in Wireshark version 0.99.2 which is provided with this update. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package libfreetype6 libfreetype6-devel libfreetype6-static-devel Update: Thu Jul 20 05:24:43 2006 Importance: security ID: MDKSA-2006:129 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:129 %pre An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user. Updated packages have been patched to correct this issue. %description The FreeType2 engine is a free and portable TrueType font rendering engine. It has been developed to provide TT support to a great variety of platforms and environments. Note that FreeType2 is a library, not a stand-alone application, though some utility applications are included %package kdelibs-common kdelibs-devel-doc libkdecore4 libkdecore4-devel Update: Thu Jul 20 14:58:26 2006 Importance: security ID: MDKSA-2006:130 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:130 %pre KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. This issue does not affect Corporate 3.0. Updated packages have been patched to correct this issue. %description Libraries for the K Desktop Environment. %package imlib2-data libimlib2_1 libimlib2_1-devel libimlib2_1-filters libimlib2_1-loaders Update: Fri Jul 21 11:15:49 2006 Importance: bugfix ID: MDKA-2006:030 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:030 %pre The tiff loader from imlib2 crashes when processing images on the x86_64 platform. This was reported when using digikam on x86_64, which uses this loader. Updated packages are provided that correct the issue. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. Build Options: --with mmx Enable mmx cpu detection (10% - 30% speedup) %package libwmf0.2_7 libwmf0.2_7-devel libwmf Update: Fri Jul 28 07:34:02 2006 Importance: security ID: MDKSA-2006:132 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:132 %pre Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. Updated packages have been patched to correct this issue. %description libwmf is a library for unix like machines that can convert wmf files into other formats, currently it supports a gd binding to convert to gif, and an X one to draw direct to an X window or pixmap. %package apache-base apache-devel apache-mod_cache apache-mod_dav apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-modules apache-mod_userdir apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Fri Jul 28 09:21:37 2006 Importance: security ID: MDKSA-2006:133 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:133 %pre Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling. In order for this to be exploitable, a number of conditions need to be met including a) running a vulnerable version of Apache (1.3.28+, 2.0.46+, or 2.2.0+), b) enabling mod_rewrite, c) having a rewrite rule that the remote user can influence the beginning of, and d) a particular stack frame layout. By default, RewriteEngine is not enabled in Mandriva Linux Apache packages, and no RewriteRules are defined. Updated packages have been patched to correct this issue. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache modules for Mandriva at: http://nux.se/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package ruby ruby-devel ruby-doc ruby-tk Update: Fri Jul 28 11:32:24 2006 Importance: security ID: MDKSA-2006:134 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:134 %pre A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions. Updated packages have been patched to correct this issue. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package freeciv-client freeciv-data freeciv-server Update: Mon Jul 31 15:57:00 2006 Importance: security ID: MDKSA-2006:135 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:135 %pre Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. The updated packages have been patched to fix this issue. %description Freeciv is a multiplayer strategy game, released under the GNU General Public License. It is generally comparable with Civilization II(r), published by Microprose(r). Default configuration uses the Civilization II(r) style Isometric view. If you prefer classic Civilization(r) 2-d view, invoke the client with "civclient --tiles trident". %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Update: Tue Aug 01 10:44:30 2006 Importance: security ID: MDKSA-2006:137 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 %pre Tavis Ormandy, Google Security Team, discovered several vulnerabilites the libtiff image processing library: Several buffer overflows have been discovered, including a stack buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is used to read two unsigned shorts from the input file. While a bounds check is performed via CheckDirCount(), no action is taken on the result allowing a pathological tdir_count to read an arbitrary number of unsigned shorts onto a stack buffer. (CVE-2006-3459) A heap overflow vulnerability was discovered in the jpeg decoder, where TIFFScanLineSize() is documented to return the size in bytes that a subsequent call to TIFFReadScanline() would write, however the encoded jpeg stream may disagree with these results and overrun the buffer with more data than expected. (CVE-2006-3460) Another heap overflow exists in the PixarLog decoder where a run length encoded data stream may specify a stride that is not an exact multiple of the number of samples. The result is that on the final decode operation the destination buffer is overrun, potentially allowing an attacker to execute arbitrary code. (CVE-2006-3461) The NeXT RLE decoder was also vulnerable to a heap overflow vulnerability, where no bounds checking was performed on the result of certain RLE decoding operations. This was solved by ensuring the number of pixels written did not exceed the size of the scanline buffer already prepared. (CVE-2006-3462) An infinite loop was discovered in EstimateStripByteCounts(), where a 16bit unsigned short was used to iterate over a 32bit unsigned value, should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the loop would never terminate and continue forever. (CVE-2006-3463) Multiple unchecked arithmetic operations were uncovered, including a number of the range checking operations deisgned to ensure the offsets specified in tiff directories are legitimate. These can be caused to wrap for extreme values, bypassing sanity checks. Additionally, a number of codepaths were uncovered where assertions did not hold true, resulting in the client application calling abort(). (CVE-2006-3464) A flaw was also uncovered in libtiffs custom tag support, as documented here http://www.libtiff.org/v3.6.0.html. While well formed tiff files must have correctly ordered directories, libtiff attempts to support broken images that do not. However in certain circumstances, creating anonymous fields prior to merging field information from codec information can result in recognised fields with unexpected values. This state results in abnormal behaviour, crashes, or potentially arbitrary code execution. (CVE-2006-3465) The updated packages have been patched to correct these issues. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package clamav clamav-db clamav-milter clamd libclamav1 libclamav1-devel Update: Tue Aug 08 15:58:41 2006 Importance: security ID: MDKSA-2006:138 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:138 %pre Damian Put discovered a boundary error in the UPX extraction module in ClamAV which is used to unpack PE Windows executables. This could be abused to cause a Denial of Service issue and potentially allow for the execution of arbitrary code with the permissions of the user running clamscan or clamd. Updated packages have been patched to correct this issue. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package ftp-client-krb5 ftp-server-krb5 krb5-server krb5-workstation libkrb53 libkrb53-devel telnet-client-krb5 telnet-server-krb5 Update: Wed Aug 09 10:41:47 2006 Importance: security ID: MDKSA-2006:139 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:139 %pre A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege. Updated packages have been patched to correct this issue. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package ncompress Update: Wed Aug 09 10:54:22 2006 Importance: security ID: MDKSA-2006:140 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:140 %pre Tavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data. Updated packages have been patched to correct this issue. %description The ncompress package contains the compress and uncompress file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions). These utilities can't handle gzipped (.gz file extensions) files, but gzip can handle compressed files. %package gnupg gnupg2 Update: Mon Aug 14 12:30:45 2006 Importance: security ID: MDKSA-2006:141 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:141 %pre An integer overflow vulnerability was discovered in gnupg where an attacker could create a carefully-crafted message packet with a large length that could cause gnupg to crash or possibly overwrite memory when opened. Updated packages have been patched to correct this issue. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package heartbeat heartbeat-ldirectord heartbeat-pils heartbeat-stonith libheartbeat0 libheartbeat0-devel libheartbeat-pils0 libheartbeat-pils0-devel libheartbeat-stonith0 libheartbeat-stonith0-devel Update: Mon Aug 14 12:56:52 2006 Importance: security ID: MDKSA-2006:142 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:142 %pre Two vulnerabilities in heartbeat prior to 2.0.6 was discovered by Yan Rong Ge. The first is that heartbeat would set insecure permissions in an shmget call for shared memory, allowing a local attacker to cause an unspecified denial of service via unknown vectors (CVE-2006-3815). The second is a remote vulnerability that could allow allow the master control process to read invalid memory due to a specially crafted heartbeat message and die of a SEGV, all prior to any authentication (CVE-2006-3121). Updated packages have been patched to correct these issues. %description heartbeat is a basic heartbeat subsystem for Linux-HA. It will run scripts at initialization, and when machines go up or down. This version will also perform IP address takeover using gratuitious ARPs. It works correctly for a 2-node configuration, and is extensible to larger configurations. It implements the following kinds of heartbeats: - Bidirectional Serial Rings ("raw" serial ports) - UDP/IP braodcast (ethernet, etc) - Bidirectional Serial PPP/UDP Rings (using PPP) %package devhelp epiphany epiphany-devel galeon gnome-doc-utils libdevhelp-1_0 libdevhelp-1_0-devel libnspr4 libnspr4-devel libnspr4-static-devel libnss3 libnss3-devel mozilla-firefox mozilla-firefox-br mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-devel mozilla-firefox-el mozilla-firefox-es mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-ga mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ko mozilla-firefox-nb mozilla-firefox-nl mozilla-firefox-pl mozilla-firefox-pt_BR mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv mozilla-firefox-tr mozilla-firefox-zh_CN mozilla-firefox-zh_TW yelp Update: Wed Aug 16 11:44:20 2006 Importance: security ID: MDKSA-2006:143 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided which corrects a number of vulnerabilities that were previously unpatched, as well as providing new and enhanced features. The following CVE names have been corrected with this update: CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package mozilla-firefox-br mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-el mozilla-firefox-es mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-ga mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ko mozilla-firefox-nb mozilla-firefox-nl mozilla-firefox-pl mozilla-firefox-pt_BR mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv mozilla-firefox-tr mozilla-firefox-zh_CN mozilla-firefox-zh_TW Update: Thu Aug 17 12:35:26 2006 Importance: security ID: MDKSA-2006:143-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:143-1 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided which corrects a number of vulnerabilities that were previously unpatched, as well as providing new and enhanced features. The following CVE names have been corrected with this update: CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. Update: The previous language packages were not correctly tagged for the new Firefox which resulted in many of them not loading properly. These updated language packages correct the problem. %description Traditional Chinese localisation for Firefox %package libphp5_common5 php-cgi php-cli php-devel php-fcgi Update: Mon Aug 21 12:47:23 2006 Importance: security ID: MDKSA-2006:144 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:144 %pre A vulnerability was discovered in the sscanf function that could allow attackers in certain circumstances to execute arbitrary code via argument swapping which incremented an index past the end of an array and triggered a buffer over-read. Updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package mozilla-thunderbird mozilla-thunderbird-br mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-zh mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-es mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-nb mozilla-thunderbird-nl mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv mozilla-thunderbird-tr mozilla-thunderbird-zh_CN nsinstall Update: Mon Aug 21 15:26:34 2006 Importance: security ID: MDKSA-2006:146 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program. Corporate 3 had contained the Mozilla suite however, due to the support cycle for Mozilla, it was felt that upgrading Mozilla to Firefox and Thunderbird would allow for better future support for Corporate 3 users. To that end, the latest Thunderbird is being provided for Corporate 3 users which fix all known vulnerabilities up to version 1.5.0.5, as well as providing new and enhanced features. Corporate users who were using Mozilla for mail may need to explicitly install the new mozilla-thunderbird packages. For 2006 users, no explicit installs are necessary. The following CVE names have been corrected with this update: CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2787, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3802, CVE-2006-3805, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package epiphany-extensions Update: Wed Aug 23 11:34:30 2006 Importance: normal ID: MDKA-2006:032 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:032 %pre Recently, epiphany was updated to work with the latest Mozilla Firefox however new epiphany-extensions packages were not available. This update provides updated epiphany-extensions for epiphany. %description This package contains the following extensions for the Epiphany Browser: Gestures Popup blocker Tabs menu %package libxorg-x11 libxorg-x11-devel libxorg-x11-static-devel X11R6-contrib xorg-x11-100dpi-fonts xorg-x11 xorg-x11-75dpi-fonts xorg-x11-cyrillic-fonts xorg-x11-doc xorg-x11-glide-module xorg-x11-server xorg-x11-xauth xorg-x11-Xdmx xorg-x11-xfs xorg-x11-Xnest xorg-x11-Xprt xorg-x11-Xvfb Update: Thu Aug 24 10:18:01 2006 Importance: security ID: MDKSA-2006:148 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:148 %pre An integer overflow flaw was discovered in how xorg-x11/XFree86 handles PCF files. A malicious authorized client could exploit the issue to cause a DoS (crash) or potentially execute arbitrary code with root privileges on the xorg-x11/XFree86 server. Updated packages are patched to address this issue. %description If you want to install the X Window System (TM) on your machine, you'll need to install X11. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel. %package libmysql14 libmysql14-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max MySQL-NDB Update: Thu Aug 24 11:33:33 2006 Importance: security ID: MDKSA-2006:149 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:149 %pre MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031). The update allows the local admin to override MERGE using the '--skip-merge' option when running mysqld. This can be defined under MYSQLD_OPTIONS in /etc/sysconfig/mysqld. If '--skip-merge' is not used, the old behaviour of MERGE tables is still used. MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226). Packages have been patched to correct these issues. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. You can build MySQL with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code (disabled), forces --with alltests --with test Initiate tests (enabled) --without test Disable test --with alltests Initiate tests for all built servers (disabled) Warning! This could take several hours... --without alltests Disable all tests %package kernel-2.6.12.25mdk kernel-BOOT-2.6.12.25mdk kernel-i586-up-1GB-2.6.12.25mdk kernel-i686-up-4GB-2.6.12.25mdk kernel-smp-2.6.12.25mdk kernel-source-2.6.12.25mdk kernel-source-stripped-2.6.12.25mdk kernel-xbox-2.6.12.25mdk kernel-xen0-2.6.12.25mdk kernel-xenU-2.6.12.25mdk Update: Fri Aug 25 09:42:23 2006 Importance: security ID: MDKSA-2006:151 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:151 %pre A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Prior to and including 2.6.16-rc2, when running on x86_64 systems with preemption enabled, local users can cause a DoS (oops) via multiple ptrace tasks that perform single steps (CVE-2006-1066). Prior to 2.6.16, a directory traversal vulnerability in CIFS could allow a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences (CVE-2006-1863). Prior to 2.6.16, a directory traversal vulnerability in smbfs could allow a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences (CVE-2006-1864). Prior to to 2.6.16.23, SCTP conntrack in netfilter allows remote attackers to cause a DoS (crash) via a packet without any chunks, causing a variable to contain an invalid value that is later used to dereference a pointer (CVE-2006-2934). The dvd_read_bca function in the DVD handling code assigns the wrong value to a length variable, which could allow local users to execute arbitrary code via a crafted USB storage device that triggers a buffer overflow (CVE-2006-2935). Prior to 2.6.17, the ftdi_sio driver could allow local users to cause a DoS (memory consumption) by writing more data to the serial port than the hardware can handle, causing the data to be queued (CVE-2006-2936). The 2.6 kernel, when using both NFS and EXT3, allowed remote attackers to cause a DoS (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), triggering an error and causing an exported directory to be remounted read-only (CVE-2006-3468). The 2.6 kernel's SCTP was found to cause system crashes and allow for the possibility of local privilege escalation due to a bug in the get_user_iov_size() function that doesn't properly handle overflow when calculating the length of iovec (CVE-2006-3745). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as: - added support for new devices: o Testo products in usb-serial o ATI SB600 IDE o ULI M-1573 south Bridge o PATA and SATA support for nVidia MCP55, MCP61, MCP65, and AMD CS5536 o Asus W6A motherboard in snd-hda-intel o bcm 5780 - fixed ip_gre module unload OOPS - enabled opti621 driver for x86 and x86_64 - fixed a local DoS introduced by an imcomplete fix for CVE-2006-2445 - updated to Xen 3.0.1 with selected fixes - enable hugetlbfs To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandriva Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/security/kernelupdate %package libwireshark0 tshark wireshark wireshark-tools Update: Fri Aug 25 12:01:02 2006 Importance: security ID: MDKSA-2006:152 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:152 %pre Vulnerabilities in the SCSI, DHCP, and SSCOP dissectors were discovered in versions of wireshark less than 0.99.3, as well as an off-by-one error in the IPsec ESP preference parser if compiled with ESP decryption support. This updated provides wireshark 0.99.3a which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package binutils libbinutils2 libbinutils2-devel Update: Mon Aug 28 18:35:29 2006 Importance: security ID: MDKSA-2006:153 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:153 %pre A stack-based buffer overflow in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code (CVE-2005-4807). Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex?) record in which the length character is not a valid hexadecimal character (CVE-2006-2362). The updated packages have been patched to correct these issues. %description Binutils is a collection of binary utilities, including: * ar: creating modifying and extracting from archives * nm: for listing symbols from object files * objcopy: for copying and translating object files * objdump: for displaying information from object files * ranlib: for generating an index for the contents of an archive * size: for listing the section sizes of an object or archive file * strings: for listing printable strings from files * strip: for discarding symbols (a filter for demangling encoded C++ symbols * addr2line: for converting addresses to file and line * nlmconv: for converting object code into an NLM Install binutils if you need to perform any of these types of actions on binary files. Most programmers will want to install binutils. %package lesstif lesstif-clients lesstif-devel lesstif-mwm liblesstif1 liblesstif2 Update: Mon Aug 28 18:37:14 2006 Importance: security ID: MDKSA-2006:154 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:154 %pre The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program. The updated packages have been rebuilt with the --enable-production configure switch in order to correct this issue. %description Lesstif is an API compatible clone of the Motif toolkit. Most of the Motif 1.2 API is in place. Motif 2.1 functionality is being improved. Many Motif applications compile and run out-of-the-box with LessTif, and we want to hear about those that don't. %package ImageMagick ImageMagick-doc libMagick8.4.2 libMagick8.4.2-devel perl-Image-Magick Update: Tue Aug 29 06:03:16 2006 Importance: security ID: MDKSA-2006:155 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:155 %pre Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. (CVE-2006-3743) Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. (CVE-2006-3744) Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. (CVE-2006-4144) The updated packages have been patched to correct these issues. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. Build Options: --with plf Build for PLF (LZW compression, fpx support) --with modules Compile all supported image types as modules --with jasper Enable JPEG2000 support (enabled) --with graphviz Enable Graphviz support (enabled) %package sendmail sendmail-cf sendmail-devel sendmail-doc Update: Wed Aug 30 13:34:02 2006 Importance: security ID: MDKSA-2006:156 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:156 %pre Moritz Jodeit discovered a vulnerability in sendmail when processing very long header lines that could be exploited to cause a Denial of Service by crashing sendmail. The updated packages have been patched to correct this issue. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package libmusicbrainz4 libmusicbrainz4-devel Update: Wed Aug 30 13:48:09 2006 Importance: security ID: MDKSA-2006:157 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:157 %pre Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. The updated packages have been patched to correct this issue. %description The MusicBrainz client library allows applications to make metadata lookup to a MusicBrainz server, generate signatures from WAV data and create CD Index Disk ids from audio CD roms. %package libmysql14 libmysql14-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max MySQL-NDB Update: Thu Aug 31 10:15:05 2006 Importance: security ID: MDKSA-2006:158 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:158 %pre MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. (CVE-2006-4380) There is a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This impacted the restart beahvior during updates, as well as scripted setups that temporarily stopped the server to backup the database files. (Bug #15724) The Corporate 3 and MNF2 products are not affected by these issues. Packages have been patched to correct these issues. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. You can build MySQL with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code (disabled), forces --with alltests --with test Initiate tests (enabled) --without test Disable test --with alltests Initiate tests for all built servers (disabled) Warning! This could take several hours... --without alltests Disable all tests %package sudo Update: Thu Aug 31 15:10:39 2006 Importance: security ID: MDKSA-2006:159 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:159 %pre Previous sudo updates were made available to sanitize certain environment variables from affecting a sudo call, such as PYTHONINSPECT, PERL5OPT, etc. While those updates were effective in addressing those specific environment variables, other variables that were not blacklisted were being made available. Debian addressed this issue by forcing sudo to use a whitlist approach in DSA-946-2 by arbitrarily making env_reset the default (as opposed to having to be enabled in /etc/sudoers). Mandriva has opted to follow the same approach so now only certain variables are, by default, made available, such as HOME, LOGNAME, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER, as well as the SUDO_* variables. If other variables are required to be kept, this can be done by editing /etc/sudoers and using the env_keep option, such as: Defaults env_keep="FOO BAR" As well, the Corporate 3 packages are now compiled with the SECURE_PATH setting. Updated packages are patched to address this issue. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package libxorg-x11 libxorg-x11-devel libxorg-x11-static-devel X11R6-contrib xorg-x11-100dpi-fonts xorg-x11 xorg-x11-75dpi-fonts xorg-x11-cyrillic-fonts xorg-x11-doc xorg-x11-glide-module xorg-x11-server xorg-x11-xauth xorg-x11-Xdmx xorg-x11-xfs xorg-x11-Xnest xorg-x11-Xprt xorg-x11-Xvfb Update: Thu Aug 31 15:35:02 2006 Importance: security ID: MDKSA-2006:1?? URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:1?? %pre X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. In practice, it is unlikely that these programs have any real-world vulnerability. The X binary is the only one shipped suid. Further analysis of the code in question shows that it's highly unlikely that this can be exploited. Patched updates are provided as a precaution nonetheless. Updated packages are patched to address this issue. %description If you want to install the X Window System (TM) on your machine, you'll need to install X11. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel. %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Update: Wed Sep 06 14:56:08 2006 Importance: security ID: MDKSA-2006:161 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:161 %pre Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS. Updated packages are patched to address this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Update: Thu Sep 07 08:43:10 2006 Importance: security ID: MDKSA-2006:161 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:161 %pre Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS. Updated packages are patched to address this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libphp5_common5 php-cgi php-cli php-devel php-fcgi php-imap Update: Thu Sep 07 11:10:34 2006 Importance: security ID: MDKSA-2006:162 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:162 %pre The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481). Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484). The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485). CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP. Updated packages have been patched to correct these issues. %description This is a dynamic shared object (DSO) for PHP that will add IMAP support. %package bind bind-devel bind-utils Update: Fri Sep 08 13:28:09 2006 Importance: security ID: MDKSA-2006:163 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:163 %pre A vulnerability in BIND was discovered where it did not sufficiently verify particular requests and responses from other name servers and users. This could be exploited by sending a specially crafted packet to crash the name server. Updated packages have been patched to address these issues. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the $GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) %package libxorg-x11 libxorg-x11-devel libxorg-x11-static-devel X11R6-contrib xorg-x11-100dpi-fonts xorg-x11 xorg-x11-75dpi-fonts xorg-x11-cyrillic-fonts xorg-x11-doc xorg-x11-glide-module xorg-x11-server xorg-x11-xauth xorg-x11-Xdmx xorg-x11-xfs xorg-x11-Xnest xorg-x11-Xprt xorg-x11-Xvfb Update: Thu Sep 14 04:48:11 2006 Importance: security ID: MDKSA-2006:164 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:164 %pre Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739). Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3740). Updated packages are patched to address this issue. %description If you want to install the X Window System (TM) on your machine, you'll need to install X11. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel. %package ipsec-tools libipsec0 libipsec0-devel Update: Fri Sep 15 11:55:01 2006 Importance: normal ID: MDKA-2006:034 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:034 %pre IPsec-Tools[1] is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. This update fixes a few issues and introduces new functionalities to the package provided for Mandriva 2006 users: - fixed tunnel mode connection (#19460 [2]) - fixed GSSAPI build - version update: 0.6.6 - enabled PAM authentication support - better default configuration files - other fixes It is recommended that users of ipsec-tools upgrade their packages. After the upgrade, the services will be restarted automatically if needed. %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.6 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %package mailman Update: Mon Sep 18 17:14:16 2006 Importance: security ID: MDKSA-2006:165 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:165 %pre A flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941). As well, a number of XSS (cross-site scripting) issues were discovered that could be exploited to perform XSS attacks against the Mailman administrator (CVE-2006-3636). Finally, a CRLF injection vulnerability allows remote attackers to spoof messages in the error log (CVE-2006-4624). Updated packages have been patched to address these issues. %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain Conditional build options: mailman uid --with uid mail mailman gid --with gid mail %package gnutls libgnutls11 libgnutls11-devel Update: Wed Sep 20 14:50:11 2006 Importance: security ID: MDKSA-2006:166 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:166 %pre verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. The provided packages have been patched to correct this issues. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package gzip Update: Wed Sep 20 15:10:55 2006 Importance: security ID: MDKSA-2006:167 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:167 %pre NULL Dereference (CVE-2006-4334) A stack modification vulnerability (where a stack buffer can be modified out of bounds, but not in the traditional stack overrun sense) exists in the LZH decompression support of gzip. (CVE-2006-4335) A .bss buffer underflow exists in gzip's pack support, where a loop from build_tree() does not enforce any lower bound while constructing the prefix table. (CVE-2006-4336) A .bss buffer overflow vulnerability exists in gzip's LZH support, due to it's inability to handle exceptional input in the make_table() function, a pathological decoding table can be constructed in such a way as to generate counts so high that the rapid growth of `nextcode` exceeds the size of the table[] buffer. (CVE-2006-4337) A possible infinite loop exists in code from unlzh.c for traversing the branches of a tree structure. This makes it possible to disrupt the operation of automated systems relying on gzip for data decompression, resulting in a minor DoS. (CVE-2006-4338) Updated packages have been patched to address these issues. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandriva Linux system, because it is a very commonly used data compression program. %package devhelp epiphany epiphany-devel epiphany-extensions galeon libdevhelp-1_0 libdevhelp-1_0-devel libnspr4 libnspr4-devel libnspr4-static-devel libnss3 libnss3-devel mozilla-firefox mozilla-firefox-ar mozilla-firefox-bg mozilla-firefox-br mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-devel mozilla-firefox-el mozilla-firefox-es mozilla-firefox-es_AR mozilla-firefox-eu mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-fy mozilla-firefox-ga mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ko mozilla-firefox-lt mozilla-firefox-mk mozilla-firefox-nb mozilla-firefox-nl mozilla-firefox-pa_IN mozilla-firefox-pl mozilla-firefox-pt mozilla-firefox-pt_BR mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv mozilla-firefox-tr mozilla-firefox-uk mozilla-firefox-zh_CN mozilla-firefox-zh_TW yelp Update: Wed Sep 20 18:16:10 2006 Importance: security ID: MDKSA-2006:168 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.7. This update provides the latest Firefox to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package mozilla-thunderbird mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-es mozilla-thunderbird-es_AR mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-ga mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-nb mozilla-thunderbird-nl mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv mozilla-thunderbird-tr mozilla-thunderbird-zh_CN nsinstall Update: Fri Sep 22 10:45:00 2006 Importance: security ID: MDKSA-2006:169 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.7. This update provides the latest Thunderbird to correct these issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package webmin Update: Fri Sep 22 11:00:47 2006 Importance: security ID: MDKSA-2006:170 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 %pre Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. Updated packages have been patched to correct this issue. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package libldap2.3_0 libldap2.3_0-devel libldap2.3_0-static-devel openldap openldap-clients openldap-doc openldap-servers Update: Thu Sep 28 11:54:30 2006 Importance: security ID: MDKSA-2006:171 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:171 %pre slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). Packages have been patched to correct this issue. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd) and stand-alone LDAP replication server (slurpd) which are in the -servers package, libraries for implementing the LDAP protocol (in the lib packages), and utilities, tools, and sample clients (in the -clients package). The openldap binary package includes configuration files used by the libraries. Install openldap if you need LDAP applications and tools. %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Update: Thu Sep 28 12:02:09 2006 Importance: security ID: MDKSA-2006:172 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:172 %pre Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937) Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. (CVE-2006-4343) Updated packages are patched to address these issues. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package ffmpeg libffmpeg0 libffmpeg0-devel Update: Thu Sep 28 15:05:09 2006 Importance: security ID: MDKSA-2006:173 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:173 %pre Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. %description ffmpeg is a hyper fast realtime audio/video encoder, a streaming server and a generic audio and video file converter. It can grab from a standard Video4Linux video source and convert it into several file formats based on DCT/motion compensation encoding. Sound is compressed in MPEG audio layer 2 or using an AC3 compatible stream. %package gstreamer-ffmpeg Update: Thu Sep 28 15:06:52 2006 Importance: security ID: MDKSA-2006:174 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:174 %pre Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. %description Video codec plugin for GStreamer based on the ffmpeg libraries. %package libdha1.0 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Update: Thu Sep 28 15:08:20 2006 Importance: security ID: MDKSA-2006:175 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:175 %pre Mplayer uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer9/Codecs %package libxine1 libxine1-devel xine-aa xine-arts xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-plugins xine-polyp xine-smb Update: Thu Sep 28 15:10:04 2006 Importance: security ID: MDKSA-2006:176 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:176 %pre Xine-lib uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. %description xine is a free gpl-licensed video player for unix-like systems. %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Update: Mon Oct 02 11:39:39 2006 Importance: security ID: MDKSA-2006:172-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:172-1 %pre Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937) Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. (CVE-2006-4343) Updated packages are patched to address these issues. Update: There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libmysql14 libmysql14-devel MySQL MySQL-bench MySQL-client MySQL-common MySQL-Max MySQL-NDB Update: Mon Oct 02 12:11:07 2006 Importance: security ID: MDKSA-2006:177 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 %pre Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. You can build MySQL with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code (disabled), forces --with alltests --with test Initiate tests (enabled) --without test Disable test --with alltests Initiate tests for all built servers (disabled) Warning! This could take several hours... --without alltests Disable all tests %package ntp ntp-client Update: Mon Oct 02 12:52:47 2006 Importance: security ID: MDKSA-2006:178 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 %pre Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. %package openssh openssh-askpass openssh-askpass-gnome openssh-clients openssh-server Update: Tue Oct 03 12:59:45 2006 Importance: security ID: MDKSA-2006:179 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 %pre Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would then deny ssh services to other users or processes (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva ships with only SSH protocol version 2 enabled by default. Next, an unsafe signal handler was found by Mark Dowd. This signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication DoS, and theoretically a pre-authentication remote code execution in the case where some authentication methods like GSSAPI are enabled (CVE-2006-5051). Updated packages have been patched to correct this issue. %description Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. You can build openssh with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] skey smartcard support (disabled) --with[out] krb5 kerberos support (enabled) --with[out] watchdog watchdog support (disabled) --with[out] x11askpass X11 ask pass support (enabled) --with[out] gnomeaskpass Gnome ask pass support (enabled) --with[out] ldap OpenLDAP support (disabled) --with[out] sftplog sftp logging support (disabled) --with[out] chroot chroot support (disabled) %package libphp5_common5 php-cgi php-cli php-devel php-fcgi Update: Thu Oct 05 13:17:31 2006 Importance: security ID: MDKSA-2006:180 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:180 %pre An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. Updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package glibc glibc-debug glibc-devel glibc-doc glibc-doc-pdf glibc-i18ndata glibc-profile glibc-static-devel glibc-utils ldconfig locales locales-aa locales-af locales-am locales-ar locales-as locales-az locales-be locales-ber locales-bg locales-bn locales-br locales-bs locales-ca locales-cs locales-cy locales-da locales-de locales-dz locales-el locales-en locales-eo locales-es locales-et locales-eu locales-fa locales-fi locales-fo locales-fr locales-fur locales-fy locales-ga locales-gd locales-gl locales-gu locales-gv locales-ha locales-he locales-hi locales-hr locales-hu locales-hy locales-id locales-ig locales-ik locales-is locales-it locales-iu locales-ja locales-ka locales-kk locales-kl locales-km locales-kn locales-ko locales-ku locales-kw locales-ky locales-lg locales-li locales-lo locales-lt locales-lv locales-mi locales-mk locales-ml locales-mn locales-mr locales-ms locales-mt locales-nds locales-ne locales-nl locales-no locales-nr locales-nso locales-oc locales-pa locales-pl locales-pt locales-ro locales-ru locales-sc locales-se locales-sk locales-sl locales-so locales-sq locales-sr locales-ss locales-st locales-sv locales-sw locales-ta locales-te locales-tg locales-th locales-tk locales-tl locales-tn locales-tr locales-ts locales-tt locales-ug locales-uk locales-ur locales-uz locales-ve locales-vi locales-wa locales-xh locales-yi locales-yo locales-zh locales-zu nptl-devel nscd timezone Update: Tue Oct 10 12:16:26 2006 Importance: bugfix ID: MDKA-2006:037 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:037 %pre Updated glibc packages are being provided to ensure that kernel and user-space tools are in sync. This update also fixes a bug present on x86_64 platforms where strncmp() is mis-optimized. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package libpython2.4 libpython2.4-devel python python-base python-docs tkinter Update: Tue Oct 10 12:59:38 2006 Importance: security ID: MDKSA-2006:181 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:181 %pre A vulnerability in python's repr() function was discovered by Benjamin C. Wiley Sittler. It was found that the function did not properly handle UTF-32/UCS-4 strings, so an application that used repr() on certin untrusted data could possibly be exploited to execute arbitrary code with the privileges of the user running the python application. Updated packages have been patched to correct this issue. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package kernel-2.6.12.27mdk kernel-BOOT-2.6.12.27mdk kernel-i586-up-1GB-2.6.12.27mdk kernel-i686-up-4GB-2.6.12.27mdk kernel-smp-2.6.12.27mdk kernel-source-2.6.12.27mdk kernel-source-stripped-2.6.12.27mdk kernel-xbox-2.6.12.27mdk kernel-xen0-2.6.12.27mdk kernel-xenU-2.6.12.27mdk librsbac1 librsbac1-devel librsbac1-static-devel rsbac-admin rsbac-admin-doc xen Update: Wed Oct 11 10:22:52 2006 Importance: security ID: MDKSA-2006:182 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:182 %pre A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Stephane Eranian discovered an issue with permon2.0 where, under certain circumstances, the perfmonctl() system call may not correctly manage the file descriptor reference count, resulting in the system possibly running out of file structure (CVE-2006-3741). Prior to and including 2.6.17, the Universal Disk Format (UDF) filesystem driver allowed local users to cause a DoS (hang and crash) via certain operations involving truncated files (CVE-2006-4145). Various versions of the Linux kernel allowed local users to cause a DoS (crash) via an SCTP socket with a certain SO_LINGER value, which is possibly related to the patch used to correct CVE-2006-3745 (CVE-2006-4535). The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in the dvb driver allows remote attackers to cause a DoS (crash) via an SNDU length of 0 in a ULE packet (CVE-2006-4623). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as: - added support for new devices: o NetXtreme BCM5715 gigabit ethernet o NetXtreme II BCM5708 gigabit ethernet - enabled the CISS driver for Xen kernels - updated ich8 support in ata_piix - enabled support for 1078 type controller in megaraid_sas - multiple fixes for RSBAC support To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The basic tools for managing XEN virtual machines. %package smbldap-tools Update: Mon Oct 16 16:03:46 2006 Importance: bugfix ID: MDKA-2006:041 URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:041 %pre This update fixes a problem with the smbldap-tools package shipped with Mandriva Linux 2006 where it would issue warnings if the smb.conf configuration file had continuation lines using the "\" character. The updated packages correct this issue. %description Smbldap-tools is a set of perl scripts written by Idealx. Those scripts are designed to help managing users and groups in a ldap directory server and can be used both by users and administrators of Linux systems: . users can change their password in a way similar to the standard "passwd" command, . administrators can perform users and groups management Scripts are described in the Smbldap-tools User Manual (http://samba.idealx.org/smbldap-tools.en.html) which also give command line examples. You can download the latest version on Idealx web site (http://samba.idealx.org/dist/). Comments and/or questions can be sent to the smbldap-tools mailing list (http://lists.idealx.org/lists/samba). %package libksba8 libksba8-devel Update: Tue Oct 17 12:42:58 2006 Importance: security ID: MDKSA-2006:183 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:183 %pre The libksba library, as used by gpgsm in the gnupg2 package, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature. libksba-0.9.15 in Mandriva 2007.0 is not affected by this issue. Updated packages have been patched to correct this issue. %description KSBA is a library designed to build software based on the X.509 and CMS protocols. %package clamav clamav-db clamav-milter clamd libclamav1 libclamav1-devel Update: Tue Oct 17 13:14:18 2006 Importance: security ID: MDKSA-2006:184 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:184 %pre An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file (CVE-2006-4182). Another vulnerability could allow a remote attacker to cause a DoS via a crafted compressed HTML (CHM) file that causes ClamAV to read an invalid memory location (CVE-2006-5295). These issues are corrected in ClamAV 0.88.5 which is provided with this update. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package libphp5_common5 php-cgi php-cli php-devel php-fcgi Update: Tue Oct 17 15:19:13 2006 Importance: security ID: MDKSA-2006:185 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:185 %pre PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. (CVE-2006-4625) A race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. (CVE-2006-5178) Because the design flaw cannot be solved it is strongly recommended to disable the symlink() function if you are using the open_basedir feature. You can achieve that by adding symlink to the list of disabled functions within your php.ini: disable_functions=...,symlink The updated packages do not alter the system php.ini. Updated packages have been patched to correct the CVE-2006-4625 issue. Users must restart Apache for the changes to take effect. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package libdesignercore1 libeditor1 libqassistantclient1 libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql libqt3-sqlite libqt3-static-devel qt3-common qt3-doc qt3-example Update: Tue Oct 24 16:40:11 2006 Importance: security ID: MDKSA-2006:187 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:187 %pre An integer overflow was discovered in the way that Qt handled pixmap images. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using an application that uses Qt (like Konqueror), would cause it to crash or possibly execute arbitrary code with the privileges of the user. Updated packages have been patched to correct this issue. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package xsupplicant xsupplicant-doc Update: Fri Oct 27 11:48:30 2006 Importance: security ID: MDKSA-2006:189 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:189 %pre Yannick Van Osselaer discovered a stack overflow in Xsupplicant, which could potentially be exploited by a remote, authenticated user to gain root priviledges. Additional code cleanups to fix potential memory leaks are also included. Updated packages have been patched to correct this issue. %description An open source implementation of IEEE 802.1X. IEEE 802.1x is a port based authentication protocol. It can be used in *any* scenario where one can abstract out the notion of a port. It requires entitie(s) to play three roles in the authentication process: that of an supplicant, an authenticator and an authentication server. %package mutt mutt-utf8 Update: Fri Oct 27 11:49:43 2006 Importance: security ID: MDKSA-2006:190 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:190 %pre A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. (CVE-2006-5297) The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. (CVE-2006-5298) Updated packages have been patched to correct these issues. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package screen Update: Fri Oct 27 11:50:59 2006 Importance: security ID: MDKSA-2006:191 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:191 %pre Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. Updated packages have been patched to correct this issue. %description The screen utility allows you to have multiple logins on just one terminal. Screen is useful for users who telnet into a machine or are connected via a dumb terminal, but want to use more than just one login. Install the screen package if you need a screen manager that can support multiple logins on one terminal. %package ruby ruby-devel ruby-doc ruby-tk Update: Fri Oct 27 15:03:05 2006 Importance: security ID: MDKSA-2006:192 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:192 %pre The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption. Updated packages have been patched to correct this issue. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package ImageMagick ImageMagick-doc libMagick8.4.2 libMagick8.4.2-devel perl-Image-Magick Update: Mon Oct 30 15:38:07 2006 Importance: security ID: MDKSA-2006:193 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:193 %pre Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. Updated packages have been patched to correct these issues. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. Build Options: --with plf Build for PLF (LZW compression, fpx support) --with modules Compile all supported image types as modules --with jasper Enable JPEG2000 support (enabled) --with graphviz Enable Graphviz support (enabled) %package libecpg5 libecpg5-devel libpq4 libpq4-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-plperl postgresql-plpgsql postgresql-plpython postgresql-pltcl postgresql-server postgresql-test Update: Mon Oct 30 15:39:39 2006 Importance: security ID: MDKSA-2006:194 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:194 %pre A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users to cause a Denial of Service (daemon crash) via certain aggregate functions in an UPDATE statement which were not handled correctly (CVE-2006-5540). Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote authenticated users to crash the daemon via a coercion of an unknown element to ANYARRAY (CVE-2006-5541). Finally, another vulnerability in 8.1.x could allow a remote authenticated user to cause a DoS related to duration logging of V3-protocol Execute message for COMMIT and ROLLBACK statements (CVE-2006-5542). This updated provides the latest 8.0.x and 8.1.x PostgreSQL versions and patches the version of PostgreSQL shipped with Corporate 3.0. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libwireshark0 tshark wireshark wireshark-tools Update: Thu Nov 02 21:57:13 2006 Importance: security ID: MDKSA-2006:195 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:195 %pre Vulnerabilities in the HTTP, LDAP, XOT, WBXML, and MIME Multipart dissectors were discovered in versions of wireshark less than 0.99.4, as well as various other bugs. This updated provides wireshark 0.99.4 which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package libphp5_common5 php-cgi php-cli php-devel php-fcgi Update: Thu Nov 02 21:59:57 2006 Importance: security ID: MDKSA-2006:196 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:196 %pre The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used) In addition, selected patches backported from php cvs that address other issues that may or may not have security implications have been applied to this release. Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. (ie. use with rpm --rebuild): --with[out] hardened Compile with the Hardened-PHP patch applied (disabled) you will have to rebuild all php-* extensions against the Hardened-PHP, and also live with the fact that commercial extensions will not work anymore :( %package imlib2-data libimlib2_1 libimlib2_1-devel libimlib2_1-filters libimlib2_1-loaders Update: Mon Nov 06 16:28:16 2006 Importance: security ID: MDKSA-2006:198 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:198 %pre M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. (CVE-2006-4806) The tga loader fails to bounds check input data to make sure the input data doesn't load outside the memory mapped region. (CVE-2006-4807) The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn't cause a heap overflow of the pixel buffer. (CVE-2006-4808) The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking. (CVE-2006-4809) Updated packages have been patched to correct these issues. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. Build Options: --with mmx Enable mmx cpu detection (10% - 30% speedup) %package libpopt0 libpopt0-devel librpm4.4 librpm4.4-devel popt-data python-rpm rpm rpm-build Update: Tue Nov 07 10:32:27 2006 Importance: security ID: MDKSA-2006:200 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:200 %pre A heap-based buffer overflow was discovered in librpm when the LANG or LC_ALL environment variable is set to ru_RU.UTF-8 (and possibly other locales), which could allow for user-assisted attackers to execute arbitrary code via crafted RPM packages. Updated packages have been patched to correct this issue. %description RPM is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a description, etc. %package pam_ldap Update: Tue Nov 07 16:37:28 2006 Importance: security ID: MDKSA-2006:201 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:201 %pre Pam_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. This might lead to an attacker being able to login into a suspended system account. Updated packages have been patched to correct this issue. %description Pam_ldap is a module for Linux-PAM that supports password changes, V2 clients, Netscapes SSL, ypldapd, Netscape Directory Server password policies, access authorization, crypted hashes, etc. Install pam_ldap if you need to authenticate PAM-enabled services to LDAP. This package can be compiled with support for configuration from DNS, by building with "--with dnsconfig" %package libwv-1.0_3 libwv-1.0_3-devel wv Update: Tue Nov 07 16:46:35 2006 Importance: security ID: MDKSA-2006:202 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:202 %pre Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. Updated packages have been patched to correct these issues. %description Wv is a program that understands the Microsoft Word 6/7/8/9 binary file format and is able to convert Word documents into HTML, which can then be read with a browser. %package imlib2-data libimlib2_1 libimlib2_1-devel libimlib2_1-filters libimlib2_1-loaders Update: Tue Nov 07 17:02:35 2006 Importance: security ID: MDKSA-2006:198-1 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:198-1 %pre M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. (CVE-2006-4806) The tga loader fails to bounds check input data to make sure the input data doesn't load outside the memory mapped region. (CVE-2006-4807) The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn't cause a heap overflow of the pixel buffer. (CVE-2006-4808) The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking. (CVE-2006-4809) Updated packages have been patched to correct these issues. Update: An error in the preivous patchset may affect JPEG image handling for certain valid images. This new update corrects this issue. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. Build Options: --with mmx Enable mmx cpu detection (10% - 30% speedup) %package info info-install texinfo Update: Wed Nov 08 05:10:09 2006 Importance: security ID: MDKSA-2006:203 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:203 %pre Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file. Updated packages have been patched to correct this issue. %description Texinfo is a documentation system that can produce both online information and printed output from a single source file. Normally, you'd have to write two separate documents: one for online help or other online information and the other for a typeset manual or other printed work. Using Texinfo, you only need to write one source document. Then when the work needs revision, you only have to revise one source document. The GNU Project uses the Texinfo file format for most of its documentation. Install texinfo if you want a documentation system for producing both online and print documentation from the same source file and/or if you are going to write documentation for the GNU Project. %package openssh openssh-askpass openssh-askpass-gnome openssh-clients openssh-server Update: Wed Nov 08 15:00:41 2006 Importance: security ID: MDKSA-2006:204 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:204 %pre A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the abence of additional vulnerabilities. Updated packages have been patched to correct this issue, and Mandriva Linux 2007 has received the latest version of OpenSSH. %description Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. You can build openssh with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] skey smartcard support (disabled) --with[out] krb5 kerberos support (enabled) --with[out] watchdog watchdog support (disabled) --with[out] x11askpass X11 ask pass support (enabled) --with[out] gnomeaskpass Gnome ask pass support (enabled) --with[out] ldap OpenLDAP support (disabled) --with[out] sftplog sftp logging support (disabled) --with[out] chroot chroot support (disabled) %package bind bind-devel bind-utils Update: Tue Nov 14 17:05:23 2006 Importance: security ID: MDKSA-2006:207 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:207 %pre The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem (CVE-2006-4339). BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3. You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the $GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) %package libldap2.3_0 libldap2.3_0-devel libldap2.3_0-static-devel openldap openldap-clients openldap-doc openldap-servers Update: Tue Nov 14 20:06:18 2006 Importance: security ID: MDKSA-2006:208 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:208 %pre An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap. Packages have been patched to correct this issue. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd) and stand-alone LDAP replication server (slurpd) which are in the -servers package, libraries for implementing the LDAP protocol (in the lib packages), and utilities, tools, and sample clients (in the -clients package). The openldap binary package includes configuration files used by the libraries. Install openldap if you need LDAP applications and tools. %package libpng3 libpng3-devel libpng3-static-devel Update: Thu Nov 16 12:09:17 2006 Importance: security ID: MDKSA-2006:209 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:209 %pre Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793) Packages have been patched to correct these issues. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package pxelinux pxelinux-devel Update: Thu Nov 16 12:37:06 2006 Importance: security ID: MDKSA-2006:211 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:211 %pre PXELINUX is a PXE bootloader. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities: Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793) Packages have been patched to correct these issues. %description PXELINUX is a PXE bootloader. %package doxygen Update: Thu Nov 16 12:55:21 2006 Importance: security ID: MDKSA-2006:212 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:212 %pre Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities: Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793) In addition, an patch to address several old vulnerabilities has been applied to this build. (CAN-2002-1363, CAN-2004-0421, CAN-2004-0597, CAN-2004-0598, CAN-2004-0599) Packages have been patched to correct these issues. %description Doxygen is a documentation system for C, C++ and IDL. It can generate an on-line class browser (in HTML) and/or an off-line reference manual (in LaTeX) from a set of documented source files. There is also support for generating man lpages and for converting the generated output into Postscript, hyperlinked PDF or compressed HTML. The documentation is extracted directly from the sources. Doxygen can also be configured to extract the code-structure from undocumented source files. This can be very useful to quickly find your way in large source distributions. %package gv Update: Fri Nov 17 09:23:02 2006 Importance: security ID: MDKSA-2006:214 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:214 %pre Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header. Packages have been patched to correct this issue. %description Gv provides a user interface for the ghostscript PostScript(TM) interpreter. Derived from the ghostview program, gv can display PostScript and PDF documents using the X Window System. Install the gv package if you'd like to view PostScript and PDF documents on your system. You'll also need to have the ghostscript package installed, as well as the X Window System. %package links links-common links-graphic Update: Mon Nov 20 11:29:44 2006 Importance: security ID: MDKSA-2006:216 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:216 %pre The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. Corporate 3.0 is not affected by this issue, as that version of links does not have smb:// URI support. Updated packages have disabled access to smb:// URIs. %description Links is a text based WWW browser, at first look similar to Lynx, but somehow different: - renders tables and frames - displays colors as specified in current HTML page - uses drop-down menu (like in Midnight Commander) - can download files in background - partially handle Javascript %package proftpd proftpd-anonymous Update: Mon Nov 20 12:11:46 2006 Importance: security ID: MDKSA-2006:217 URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:217 %pre As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration, which is not the case in the default configuration of ProFTPD. Packages have been patched to correct these issues. %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation.