%package e2fsprogs Update: Fri Apr 05 2002 12:29:01 Importance: bugfix %pre There is a problem with the previous version of e2fsprogs in regards to memory leaks in the journaling code, and in the ismounted code checking for a swap device. %description The e2fsprogs package contains a number of utilities for creating, checking, modifying and correcting any inconsistencies in second extended (ext2) filesystems. E2fsprogs contains e2fsck (used to repair filesystem inconsistencies after an unclean shutdown), mke2fs (used to initialize a partition to contain an empty ext2 filesystem), debugfs (used to examine the internal structure of a filesystem, to manually repair a corrupted filesystem or to create test cases for e2fsck), tune2fs (used to modify filesystem parameters) and most of the other core ext2fs filesystem utilities. You should install the e2fsprogs package if you need to manage the performance of an ext2 filesystem. %package nss_ldap Update: Fri Apr 05 2002 12:29:01 Importance: bugfix %pre The previous nss_ldap package did not give out a list of supplementary groups which the user is also a member of. This new package is rebuilt with ids-uid and RFC2307bis support. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package Xtart Update: Fri Apr 05 2002 12:29:01 Importance: bugfix %pre The released Xtart package used an old method of initiating X which did not provide a complete environment for consolehelper; as a result any applications, like Mandrake Control Center, that requires consolehelper to gain root access fails. %description Xtart is a simple program that checks for properly installed window managers and allows the user full menu access to them from a logged-in console. The special entry 00 in menu selectio will start X with an xterm to manually start new installations of window managers or to do tests with X and no window manager. See /etc/X11/wmsession.d for proper WM integration. %package drakxtools Update: Fri Apr 05 2002 12:29:01 Importance: bugfix %pre There were various problems with printerdrake and HP Multi-Function devices. These issues are corrected with the new drakxtools package. %description Contains XFdrake, diskdrake, keyboarddrake, lspcidrake, mousedrake, printerdrake and drakboot. XFdrake: menu-driven program which walks you through setting up your X server. It works on console and under X :) It autodetects both monitor and video card if possible. diskdrake: The purpose of the DiskDrake project is to make hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakbackup: backup and restore your system. drakfont: import some fonts in the system. keyboarddrake: configures your keyboard (both console and X) lspcidrake: displays your pci information, *and* the corresponding kernel module. mousedrake: configures and autodetects your mouse printerdrake: detects and configures your printer draknet: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. liveupdate: live update software. drakboot: configures your boot configuration (Lilo/GRUB, Aurora, X, autologin) drakautoinst: help you configure an automatic installation replay %package libsafe Update: Thu Apr 11 2002 13:47:35 Importance: security %pre Wojciech Purczynski discovered that format string protection in libsafe can be easily bypassed by using flag characters that are implemented in glibc but are not implemented in libsafe. It was also discovered that *printf function wrappers incorrectly parse argument indexing in format strings, making some incorrect assumptions on the number of arguments and conversion specifications. These problems were fixed by the libsafe authors in 2.0-12. %description The libsafe library is designed to overwrite dangerous library C function like strcpy / snprintf and perform bound checking on the destination buffer address in order to detect an eventual Stack Overflow attempt. The libsafe library protects a process against the exploitation of buffer overflow vulnerabilities in process stacks. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. The method intercepts all calls to library functions that are known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame. Libsafe has been shown to detect several known attacks and can potentially prevent yet unknown attacks. Experiments indicate that the performance overhead of libsafe is negligible. %package squid Update: Mon Apr 16 2002 14:42:23 Importance: security %pre A security issue has recently been found and fixed in the Squid-2.X releases up to and including 2.4.STABLE4. Error and boundary conditions were not checked when handling compressed DNS answer messages in the internal DNS code (lib/rfc1035.c). A malicous DNS server could craft a DNS reply that causes Squid to exit with a SIGSEGV. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package sudo Update: Thu Apr 25 2002 11:13:12 Importance: security %pre A problem was discovered by fc, with further research by Global InterSec, in the sudo program with the password prompt parameter (-p). Sudo can be tricked into allocating less memory than it should for the prompt and in certain conditions it is possible to exploit this flaw to corrupt the heap in such a way that could be used to execute arbitary commands. Because sudo is generally suid root, this can lead to an elevation of privilege for local users. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package pax Update: Thu Apr 25 2002 11:28:15 Importance: bugfix %pre The pax package was not completely compliant with the POSIX "tar" tests in the LSB test suite. This updated version fixes failures on three of the LSB tests. %description 'pax' is the POSIX standard archive tool. It supports the two most common forms of standard Unix archive (backup) files - CPIO and TAR. %package cdrecord Update: Thu Apr 25 2002 11:28:15 Importance: bugfix %pre A problem was discovered with compatability between the version of cdrecord included in 8.2 and the version of xcdroast included. This update corrects the compatability issues and allows xcdroast to detect discs in CD-ROM drives. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package xcdroast Update: Thu Apr 25 2002 11:28:15 Importance: bugfix %pre A problem was discovered with compatability between the version of cdrecord included in 8.2 and the version of xcdroast included. This update corrects the compatability issues and allows xcdroast to detect discs in CD-ROM drives. %description Graphical frontend for the CD-recording program cdrecord. Features: Self-explanatory X11 user interface. Automatic SCSI-hardware setup Copies of ISO9660-CDs, some non-ISO9660-CDs, and audio CDs Production of new ISO9660 data CDs ("mastering") Production of new audio CDs Fast copying of CDs without hardisk buffering Logfile option User interface in more than 10 languages %package eroaster Update: Thu Apr 25 2002 11:28:15 Importance: bugfix %pre Eroaster would die when detecting devices/records with an IO error due to some python 2.x incompatabilities. %description A graphical front end to cdrecord and mkisofs. - Writes data and audio cd's on the fly - read data and audio cd's - drag and drop support - nice user interface - auto selection of files to fill cd - auto conversion of mp3 files to wav files %package mutt Update: Thu Apr 25 2002 11:28:15 Importance: bugfix %pre The previous version of mutt was built with slang which would cause some custom configurations using color to display improperly. This new version is built with ncurses again, and color displays fine. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package ghostscript Update: Thu Apr 25 2002 11:28:15 Importance: bugfix %pre A bug in ps2epsi gives errors when processing PS files. %description Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. Most applications use PostScript for printer output. You should install ghostscript if you need to display PostScript files, or if you have a non-PostScript printer. %package setup Update: Thu Apr 25 2002 11:28:15 Importance: bugfix %pre in some cases an error message would be printed to the screen when opening a new terminal (ie. Eterm) about TMOUT being a readonly variable. %description The setup package contains a set of very important system configuration and setup files, such as passwd, group, profile and more. You should install the setup package because you will find yourself using its many features for system administration. %package imlib Update: Thu Apr 25 2002 12:50:49 Importance: security %pre Previous versions of imlib, prior to 1.9.13, would fall back to the NetPBM library which is not suitable for loading untrusted images due to various problem in it's code. The new imlib also fixes some problems with arguments passed to malloc(). These problems could allow attackers to construct images that could cause crashes or, potentially, the execution of arbitrary code when said images are loaded by a viewer that uses imlib. Thanks to Alan Cox and Al Viro for discovering the problems. %description Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Install imlib if you need an image loading and rendering library for X11R6. You may also want to install the imlib-cfgeditor package, which will help you configure Imlib. %package fileutils Update: Thu May 16 2002 11:02:12 Importance: security %pre Wojciech Purczynski reported a race condition in some utilities in the GNU fileutils package that may cause root to delete the entire filesystem. This only affects version 4.1 stable and 4.1.6 development versions, and the authors have fixed this in the latest development version. %description The fileutils package includes a number of GNU versions of common and popular file management utilities. Fileutils includes the following tools: chgrp (changes a file's group ownership), chown (changes a file's ownership), chmod (changes a file's permissions), cp (copies files), dd (copies and converts files), df (shows a filesystem's disk usage), dir (gives a brief directory listing), dircolors (the setup program for the color version of the ls command), du (shows disk usage), install (copies files and sets permissions), ln (creates file links), ls (lists directory contents), mkdir (creates directories), mkfifo (creates FIFOs or named pipes), mknod (creates special files), mv (renames files), rm (removes/deletes files), rmdir (removes empty directories), sync (synchronizes memory and disk), touch (changes file timestamps), and vdir (provides long directory listings). %package tcpdump Update: Thu May 16 2002 11:15:24 Importance: security %pre Several buffer overflows were found in the tcpdump package by FreeBSD developers during a code audit, in versions prior to 3.5. However, newer versions of tcpdump, including 3.6.2, are also vulnerable to another buffer overflow in the AFS RPC decoding functions, which was discovered by Nick Cleaton. These vulnerabilities could be used by a remote attacker to crash the the tcpdump process or possibly even be exploited to execute arbitrary code as the user running tcpdump, which is usually root. The newer libpcap 0.6 has also been audited to make it more safe by implementing better buffer boundary checks in several functions. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package webmin Update: Tue May 21 2002 15:21:31 Importance: security %pre A vulnerability exists in all versions of Webmin prior to 0.970 that allows a remote attacker to login to Webmin as any user. All users of Webmin are encouraged to upgrade immediately. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package imap Update: Mon May 27 2002 13:38:29 Importance: security %pre A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow. However, the user must successfully authenticate to the imap service in order to exploit it, which limits the scope of the vulnerability somewhat, unless you are a free mail provider or run a mail service where users do not already have shell access to the system. %description The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. The POP protocol uses a "post office" machine to collect mail for users and allows users to download their mail to their local machine for reading. The IMAP protocol provides the functionality of POP, but allows a user to read mail on a remote machine without downloading it to their local machine. Install the imap package if you need a server to support the IMAP or the POP mail access protocols. %package perl-Digest-MD5 Update: Tue May 28 2002 09:46:59 Importance: security %pre A problem was discovered with versions of fetchmail prior to 5.9.10 that was triggered by retreiving mail from an IMAP server. The fetchmail client will allocate an array to store the sizes of the messages it is attempting to retrieve. This array size is determined by the number of messages the server is claiming to have, and fetchmail would not check whether or not the number of messages the server was claiming was too high. This would allow a malicious server to make the fetchmail process write data outside of the array bounds. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package fetchmail Update: Tue May 28 2002 09:47:41 Importance: security %pre A problem was discovered with versions of fetchmail prior to 5.9.10 that was triggered by retreiving mail from an IMAP server. The fetchmail client will allocate an array to store the sizes of the messages it is attempting to retrieve. This array size is determined by the number of messages the server is claiming to have, and fetchmail would not check whether or not the number of messages the server was claiming was too high. This would allow a malicious server to make the fetchmail process write data outside of the array bounds. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package dhcp Update: Wed May 29 2002 10:29:05 Importance: security %pre Fermin J. Serna discovered a problem in the dhcp server and client package from versions 3.0 to 3.0.1rc8, which are affected by a format string vulnerability that can be exploited remotely. By default, these versions of DHCP are compiled with the dns update feature enabled, which allows DHCP to update DNS records. The code that logs this update has an exploitable format string vulnerability; the update message can contain data provided by the attacker, such as a hostname. A successful exploitation could give the attacker elevated privileges equivalent to the user running the DHCP daemon, which is the user dhcpd in Mandrake Linux 8.x, but root in earlier versions. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will al so need to install the dhcp-server and/or dhcp-relay packages. %package bind Update: Tue Jun 04 2002 12:32:25 Importance: security %pre A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the $GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. %package ImageMagick Update: Tue Jun 18 2002 11:36:59 Importance: security %pre A problem exists with ImageMagick's development libraries which is causing C++ programs linked with libMagick++/libMagick libraries that want to have exception handled but instead get a segfault. This only affects the x86 packages, and is corrected with these new packages. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. This package installs the necessary files to run ImageMagick. %package apache Update: Fri Jun 21 2002 09:46:39 Importance: security %pre A Denial of Service attack was discovered by Mark Litchfield in the Apache webserver. As well, while investigating this problem, the Apache Software Foundation discovered that the code for handling invalid requests that use chunked encoding may also allow arbitrary code to be executed on 64bit architectures. All versions of Apache prior to 1.3.26 and 2.0.37 are vulnerable to this problem. This update provides patched versions of Apache for the remaining supported Mandrake Linux versions. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This special version also includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, Hotwired XSSI module, hooks for SSL module and several cosmetic improvements. Also included is the FrontPage 2000 patch, however you need to install the frontpage package to enable it. %package openssh Update: Mon Jun 24 2002 17:43:12 Importance: security %pre Details of an upcoming OpenSSH vulnerability will be published early next week. According to the OpenSSH team, this remote vulnerability cannot be exploited when sshd is running with privilege separation. The priv separation code is significantly improved in version 3.3 of OpenSSH which was released on June 21st. Unfortunately, there are some known problems with this release; compression does not work on all operating systems and the PAM support has not been completed. The OpenSSH team encourages everyone to upgrade to version 3.3 immediately and enable privilege separation. This can be enabled by placing in your /etc/ssh/sshd_config file the following: UsePrivilegeSeparation yes The vulnerability that will be disclosed next week is not fixed in version 3.3 of OpenSSH, however with priv separation enabled, you will not be vulnerable to it. This is because privilege separation uses a seperate non-privileged process to handle most of the work, meaning that any vulnerability in this part of OpenSSH will never lead to a root compromise. Only access as the non-privileged user restricted in chroot would be available. MandrakeSoft encourages all of our users to upgrade to the updated packages immediately. This update creates a new user and group on the system named sshd that is used to run the non-privileged processes. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-clients Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-server Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-askpass Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-askpass-gnome Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package kernel Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-secure Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description This package includes a SECURE version of the Linux 2.4.18 kernel. This package add options for kernel that make it more secure for servers and such. See : http://grsecurity.net/features.htm for list of features we have included. %package kernel-smp Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description This package includes a SMP version of the Linux 2.4.18 kernel. It is required only on machines with two or more CPUs, although it should work fine on single-CPU boxes. %package kernel-enterprise Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description This package includes a kernel that has appropriate configuration options enabled for the typical large enterprise server. This includes SMP support for multiple processor machines, support for large memory configurations and other appropriate items. %package kernel22 Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel22-smp Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description This package includes a SMP version of the Linux 2.2.20 kernel. It is required only on machines with two or more CPUs, although it should work fine on single-CPU boxes. %package devfsd Update: Wed Jul 03 2002 15:42:39 Importance: bugfix %pre This is an updated devfsd, required for the newer 2.4.18 kernels. %description The devfsd programme is a daemon, run by the system boot scripts which can provide for intelligent management of device entries in the Device Filesystem (devfs). As part of its setup phase devfsd creates certain symbolic links which are compiled into the code. These links are required by /usr/src/linux/Documentation/devices.txt. This behaviour may change in future revisions. devfsd will read the special control file .devfsd in a mounted devfs, listening for the creation and removal of device entries (this is termed a change operation). For each change operation, devfsd can take many actions. The daemon will normally run itself in the background and send messages to syslog. The opening of the syslog service is automatically delayed until /dev/log is created. At startup, before switching to daemon mode, devfsd will scan the mounted device tree and will generate synthetic REGISTER events for each leaf node. %package LPRng Update: Thu Jul 04 2002 11:50:47 Importance: security %pre Matthew Caron pointed out that using the LPRng default configuration, the lpd daemon will accept job submissions from any remote host. These updated LPRng packages modify the job submission policy in /etc/lpd.perms to refuse print jobs from remote hosts by default. %description The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. While providing the same interface and meeting RFC1179 requirements, the implementation is completely new and provides support for the following features: lightweight (no databases needed) lpr, lpc, and lprm programs; dynamic redirection of print queues; automatic job holding; highly verbose diagnostics; multiple printers serving a single queue; client programs do not need to run SUID root; greatly enhanced security checks; and a greatly improved permission and authorization mechanism. The source software compiles and runs on a wide variety of UNIX systems, and is compatible with other print spoolers and network printers that use the LPR interface and meet RFC1179 requirements. LPRng provides emulation packages for the SVR4 lp and lpstat programs, eliminating the need for another print spooler package. These emulation packages can be modified according to local requirements, in order to support vintage printing systems. For users that require secure and/or authenticated printing support, LPRng supports Kerberos V, MIT Kerberos IV Print Support, and PGP authentication. LPRng is being adopted by MIT for use as their Campus Wide printing support system. Additional authentication support is extremely simple to add. %package glibc-lsb Update: Mon Jul 08 2002 21:04:12 Importance: normal %pre New packages are available that bring Mandrake Linux 8.2 into compliance with the LSB (Linux Standard Base) version 1.2. %description Contains the standard libraries that are used by almost all programs on the system, including the most important sets of shared libraries, the standard C library and the standard math library. Without these libraries, a Linux system will not function. This version is built for LSB compliance/development and is a supplement to the system glibc. %package lsb Update: Mon Jul 08 2002 21:04:12 Importance: normal %pre New packages are available that bring Mandrake Linux 8.2 into compliance with the LSB (Linux Standard Base) version 1.2. %description The skeleton package defining packages needed for LSB compliance. Also contains some directories LSB tests look for that aren't owned by other Mandrake packages, and scripts to re-create the old /sbin/fasthalt and /sbin/fastboot. Currently, to be able to run the LSB binary test suit successfully, you need to boot with devfs=nomount, as well as insure that the partitions containing /tmp and /home are mounted with the option 'atime', rather than 'noatime'. %pre New packages are available that bring Mandrake Linux 8.2 into compliance with the LSB (Linux Standard Base) version 1.2. %package lsb-release Update: Mon Jul 08 2002 21:04:12 Importance: normal %description LSB version query program This program forms part of the required functionality of the LSB (Linux Standard Base) specification. The program queries the installed state of the distribution to display certain properties such as the version of the LSB against which the distribution claims compliance as well. It can also attempt to display the name and release of the distribution along with an identifier of who produces the distribution. %package squid Update: Wed Jul 17 2002 10:29:27 Importance: security %pre Numerous security problems were fixed in squid-2.4.STABLE7. This releases has several bugfixes to the Gopher client to correct some security issues. Security fixes to how squid parses FTP directory listings into HTML have been implemented. A security fix to how squid forwards proxy authentication credentials has been applied, as well as the MSNT auth helper has been updated to fix buffer overflows in the helper. Finally, FTP data channels are now sanity checked to match the address of the requested FTP server, which prevents injection of data or theft. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package libmm1 Update: Mon Jul 29 2002 10:52:13 Importance: security %pre Marcus Meissner discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user (typically apache or nobody) is already obtained. %description The MM library is a 2-layer abstraction library which simplifies the usage of shared memory between forked (and this way strongly related) processes under Unix platforms. On the first layer it hides all platform dependent implementation details (allocation and locking) when dealing with shared memory segments and on the second layer it provides a high-level malloc(3)- style API for a convenient and well known way to work with data-structures inside those shared memory segments. The library is released under the term of an open-source (BSD-style) license because it's originally written for a proposed use inside next versions of the Apache webserver as a base library for providing shared memory pools to Apache modules (because currently Apache modules can only use heap-allocated memory which isn't shared accross the pre-forked server processes). The requirement actually comes from comprehensive modules like mod_ssl, mod_perl and mod_php which would benefit a lot from easy to use shared memory pools. Mostly all functionality (except for shared locks in addition to exclusive locks and multi-segment memory areas instead of single-segment memory areas) is already implemented and the library already works fine under FreeBSD, Linux and Solaris and should also adjust itself for most other Unix platforms with it's GNU Autoconf and GNU Libtool based configuration and compilation procedure. %package openssl Update: Tue Jul 30 2002 10:59:31 Importance: security %pre An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable. From the OpenSSL advisory: 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 with Kerberos enabled. 4. Various buffers for ASCII representations of integers were too small on 64 bit platforms. At the same time, various potential buffer overflows have had assertions added; these are not known to be exploitable. Finally, a vulnerability was found by Adi Stav and James Yonan independantly in the ASN1 parser which can be confused by supplying it with certain invalid encodings. There are no known exploits for this vulnerability. All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have been applied to the versions of OpenSSL provided in this update to fix all of these problems, except for the ASN1 vulnerability, which a fix will be provided for once MandrakeSoft has had a chance to QA the new packages. In the meantime, it is is strongly encouraged that all users upgrade to these OpenSSL packages. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0 Update: Tue Jul 30 2002 10:59:31 Importance: security %pre An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable. From the OpenSSL advisory: 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 with Kerberos enabled. 4. Various buffers for ASCII representations of integers were too small on 64 bit platforms. At the same time, various potential buffer overflows have had assertions added; these are not known to be exploitable. Finally, a vulnerability was found by Adi Stav and James Yonan independantly in the ASN1 parser which can be confused by supplying it with certain invalid encodings. There are no known exploits for this vulnerability. All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have been applied to the versions of OpenSSL provided in this update to fix all of these problems, except for the ASN1 vulnerability, which a fix will be provided for once MandrakeSoft has had a chance to QA the new packages. In the meantime, it is is strongly encouraged that all users upgrade to these OpenSSL packages. %description The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). Patches for many networking apps can be found at: ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ %package openssl Update: Tue Aug 06 2002 12:08:12 Importance: security %pre An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable. From the OpenSSL advisory: 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 with Kerberos enabled. 4. Various buffers for ASCII representations of integers were too small on 64 bit platforms. At the same time, various potential buffer overflows have had assertions added; these are not known to be exploitable. Finally, a vulnerability was found by Adi Stav and James Yonan independantly in the ASN1 parser which can be confused by supplying it with certain invalid encodings. There are no known exploits for this vulnerability. All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have been applied to the versions of OpenSSL provided in this update to fix all of these problems. Update: These new OpenSSL packages are available to additionally fix the ASN1 vulnerability described above. All Mandrake Linux users are encouraged to upgrade to these new packages. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0 Update: Tue Aug 06 2002 12:08:12 Importance: security %pre An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable. From the OpenSSL advisory: 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 with Kerberos enabled. 4. Various buffers for ASCII representations of integers were too small on 64 bit platforms. At the same time, various potential buffer overflows have had assertions added; these are not known to be exploitable. Finally, a vulnerability was found by Adi Stav and James Yonan independantly in the ASN1 parser which can be confused by supplying it with certain invalid encodings. There are no known exploits for this vulnerability. All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have been applied to the versions of OpenSSL provided in this update to fix all of these problems. Update: These new OpenSSL packages are available to additionally fix the ASN1 vulnerability described above. All Mandrake Linux users are encouraged to upgrade to these new packages. %description The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). Patches for many networking apps can be found at: ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/ %package util-linux Update: Thu Aug 08 2002 11:22:12 Importance: security %pre Michal Zalewski found a vulnerability in the util-linux package with the chfn utility. This utility allows users to modify some information in the /etc/passwd file, and is installed setuid root. Using a carefully crafted attack sequence, an attacker can exploit a complex file locking and modification race that would allow them to make changes to the /etc/passwd file. To successfully exploit this vulnerability and obtain privilege escalation, there is a need for some administrator interaction, and the password file must over over 4kb in size; the attacker's entry cannot be in the last 4kb of the file. %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. %package mod_ssl Update: Thu Aug 08 2002 11:22:12 Importance: security %pre Frank Denis discovered an off-by-one error in mod_ssl dealing with the handling of older configuration directorives (the rewrite_command hook). A malicious user could use a specially-crafted .htaccess file to execute arbitrary commands as the apache user or execute a DoS against the apache child processes. This vulnerability is fixed in mod_ssl 2.8.10; patches have been applied to correct this problem in these packages. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package libpng3 Update: Tue Aug 13 2002 11:50:28 Importance: security %pre A buffer overflow was found in the in the progressive reader of the PNG library when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. These deliberately malformed datastreams would crash applications thus potentially allowing an attacker to execute malicious code. Many programs make use of the PNG libraries, including web browsers. This overflow is corrected in versions 1.0.14 and 1.2.4 of the PNG library. In order to have the system utilize the upgraded packages after the upgrade, you must restart all running applications that are linked to libpng. You can obtain this list by executing "lsof|grep libpng" or "fuser -v /usr/lib/libpng.so". %description This package contains the library needed to run programs dynamically linked with libpng. %package libpng3-devel Update: Tue Aug 13 2002 11:50:28 Importance: security %pre A buffer overflow was found in the in the progressive reader of the PNG library when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. These deliberately malformed datastreams would crash applications thus potentially allowing an attacker to execute malicious code. Many programs make use of the PNG libraries, including web browsers. This overflow is corrected in versions 1.0.14 and 1.2.4 of the PNG library. In order to have the system utilize the upgraded packages after the upgrade, you must restart all running applications that are linked to libpng. You can obtain this list by executing "lsof|grep libpng" or "fuser -v /usr/lib/libpng.so". %description The libpng-devel package contains the header files and libraries necessary for developing programs using the PNG (Portable Network Graphics) library. If you want to develop programs which will manipulate PNG image format files, you should install libpng-devel. You'll also need to install the libpng package. %package libpng3-static-devel Update: Tue Aug 13 2002 11:50:28 Importance: security %pre A buffer overflow was found in the in the progressive reader of the PNG library when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. These deliberately malformed datastreams would crash applications thus potentially allowing an attacker to execute malicious code. Many programs make use of the PNG libraries, including web browsers. This overflow is corrected in versions 1.0.14 and 1.2.4 of the PNG library. In order to have the system utilize the upgraded packages after the upgrade, you must restart all running applications that are linked to libpng. You can obtain this list by executing "lsof|grep libpng" or "fuser -v /usr/lib/libpng.so". %description Libpng development static libraries. %package glibc Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support and timezone databases. %package glibc-devel Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description The glibc-devel package contains the header and object files necessary for developing programs which use the standard C libraries (which are used by nearly all programs). If you are developing programs which will use the standard C libraries, your system needs to have these standard header and object files available in order to create the executables. Install glibc-devel if you are going to develop programs which will use the standard C libraries. %package glibc-profile Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description The glibc-profile package includes the GNU libc libraries and support for profiling using the gprof program. Profiling is analyzing a program's functions to see how much CPU time they use and determining which functions are calling other functions during execution. To use gprof to profile a program, your program needs to use the GNU libc libraries included in glibc-profile (instead of the standard GNU libc libraries included in the glibc package). If you are going to use the gprof program to profile a program, you'll need to install the glibc-profile program. %package nscd Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description Nscd caches name service lookups and can dramatically improve performance with NIS+, and may help with DNS as well. Note that you can't use nscd with 2.0 kernels because of bugs in the kernel-side thread support. Unfortunately, nscd happens to hit these bugs particularly hard. Install nscd if you need a name service lookup caching daemon, and you're not using a version 2.0 kernel. %package ldconfig Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description Ldconfig is a basic system program which determines run-time link bindings between ld.so and shared libraries. Ldconfig scans a running system and sets up the symbolic links that are used to load shared libraries properly. It also creates a cache (/etc/ld.so.cache) which speeds the loading of programs which use shared libraries. %package xchat Update: Wed Aug 14 2002 10:02:07 Importance: security %pre In versions of the xchat IRC client prior to version 1.8.9, xchat does not filter the response from an IRC server when a /dns query is executed. xchat resolves hostnames by passing the configured resolver and hostname to a shell, so an IRC server may return a malicious response formatted so that arbitrary commands are executed with the privilege of the user running xchat. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package sharutils Update: Wed Aug 14 2002 10:02:07 Importance: security %pre The uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this vulnerability by checking to see if the destination output file is a symlink or pipe. %description The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files (in binary or text format) in a special plain text format called shell archives (shar). This format can be sent through email (which can be problematic for regular binary files). The shar utility supports a wide range of capabilities (compressing, uuencoding, splitting long files for multi-part mailings, providing checksums), which make it very flexible at creating shar files. After the files have been sent, the unshar tool scans mail messages looking for shar files. Unshar automatically strips off mail headers and introductory text and then unpacks the shar files. Install sharutils if you send binary files through email very often. %package bind Update: Wed Aug 14 2002 14:06:12 Importance: security %pre A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. Update: Sascha Kettler noticed that the version of BIND9 supplied originally was in fact 9.2.1RC1 and mis-labelled as 9.2.1. The packages provided in this update are BIND 9.2.1 final. Likewise, the buffer overflow in the DNS resolver libraries, as noted in MDKSA-2002:043, has also been fixed. Thanks to Red Hat for backporting the patches from 8.3.3 to 9.2.1. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the $GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. %package bind-devel Update: Wed Aug 14 2002 14:06:12 Importance: security %pre A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. Update: Sascha Kettler noticed that the version of BIND9 supplied originally was in fact 9.2.1RC1 and mis-labelled as 9.2.1. The packages provided in this update are BIND 9.2.1 final. Likewise, the buffer overflow in the DNS resolver libraries, as noted in MDKSA-2002:043, has also been fixed. Thanks to Red Hat for backporting the patches from 8.3.3 to 9.2.1. %description The bind-devel package contains all the include files and the library required for DNS (Domain Name Service) development for BIND versions 9.x.x. %package bind-utils Update: Wed Aug 14 2002 14:06:12 Importance: security %pre A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. Update: Sascha Kettler noticed that the version of BIND9 supplied originally was in fact 9.2.1RC1 and mis-labelled as 9.2.1. The packages provided in this update are BIND 9.2.1 final. Likewise, the buffer overflow in the DNS resolver libraries, as noted in MDKSA-2002:043, has also been fixed. Thanks to Red Hat for backporting the patches from 8.3.3 to 9.2.1. %description Bind-utils contains a collection of utilities for querying DNS (Domain Name Service) name servers to find out information about Internet hosts. These tools will provide you with the IP addresses for given host names, as well as other information about registered domains and network addresses. You should install bind-utils if you need to get information from DNS name servers. %package caching-nameserver Update: Wed Aug 14 2002 14:06:12 Importance: bugfix %pre The caching-nameserver improperly contains the named.ca root servers list instead of the bind package itself. This update fixes the problem. %description The caching-nameserver package includes the configuration files which will make BIND, the DNS name server, act as a simple caching nameserver. Many users on dialup connections use this package along with BIND for such a purpose. If you would like to set up a caching name server, you'll need to install the caching-nameserver package; you'll also need to install bind. %package xinetd Update: Mon Aug 26 2002 11:40:12 Importance: security %pre A vulnerability was discovered by Solar Designer in xinetd. File descriptors for the signal pipe that were introduced in version 2.3.4 are leaked into services started by xinetd, which can then be used to talk to xinetd, resulting in a crash of xinetd. %description xinetd is a powerful replacement for inetd. xinetd has access control machanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. xinetd has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use ip masquerading, or NAT, and want to be able to reach your internal hosts. xinetd also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. %package gaim Update: Thu Aug 29 2002 10:29:01 Importance: security %pre Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable. %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package hylafax Update: Thu Aug 29 2002 10:29:01 Importance: security %pre Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places. A remote sender using a specially formatted TSI string can cause the faxgetty program to segfault, resulting in a denial of service. Format string vulnerabilities were also discovered by Christer Oberg, which exist in a number of utilities bundled with HylaFax, such as faxrm, faxalter, faxstat, sendfax, sendpage, and faxwatch. If any of these tools are setuid, they could be used to elevate system privileges. Mandrake Linux does not, by default, install these tools setuid. Finally, Lee Howard discovered that faxgetty would segfault due to a buffer overflow after receiving a very large line of image data. This vulnerability could conceivably be used to execute arbitrary commands on the system as root, and could also be exploited more easily as a denial of sevice. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. You need this package if you are going to install hylafax-client and/or hylafax server. %package hylafax-client Update: Thu Aug 29 2002 10:29:01 Importance: security %pre Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places. A remote sender using a specially formatted TSI string can cause the faxgetty program to segfault, resulting in a denial of service. Format string vulnerabilities were also discovered by Christer Oberg, which exist in a number of utilities bundled with HylaFax, such as faxrm, faxalter, faxstat, sendfax, sendpage, and faxwatch. If any of these tools are setuid, they could be used to elevate system privileges. Mandrake Linux does not, by default, install these tools setuid. Finally, Lee Howard discovered that faxgetty would segfault due to a buffer overflow after receiving a very large line of image data. This vulnerability could conceivably be used to execute arbitrary commands on the system as root, and could also be exploited more easily as a denial of sevice. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. This is the client portion of HylaFAX. %package hylafax-server Update: Thu Aug 29 2002 10:29:01 Importance: security %pre Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places. A remote sender using a specially formatted TSI string can cause the faxgetty program to segfault, resulting in a denial of service. Format string vulnerabilities were also discovered by Christer Oberg, which exist in a number of utilities bundled with HylaFax, such as faxrm, faxalter, faxstat, sendfax, sendpage, and faxwatch. If any of these tools are setuid, they could be used to elevate system privileges. Mandrake Linux does not, by default, install these tools setuid. Finally, Lee Howard discovered that faxgetty would segfault due to a buffer overflow after receiving a very large line of image data. This vulnerability could conceivably be used to execute arbitrary commands on the system as root, and could also be exploited more easily as a denial of sevice. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. This is the server portion of HylaFAX. %package mkisofs Update: Thu Aug 29 2002 14:04:52 Importance: bugfix %pre In some situations, noteably with xcdroast, the mkisofs utility creates pseudo-empty filesystems. The filesystem is the proper size, but the contents of the filesystem are not available. This update corrects this problem. %description This is the mkisofs package. It is used to create ISO 9660 file system images for creating CD-ROMs. Now includes support for making bootable "El Torito" CD-ROMs. %package xcdroast Update: Thu Sep 05 2002 17:24:46 Importance: normal %pre New xcdroast packages are available that are compatible with the latest version of cdrecord. %description Graphical frontend for the CD-recording program cdrecord. Features: Self-explanatory X11 user interface. Automatic SCSI-hardware setup Copies of ISO9660-CDs, some non-ISO9660-CDs, and audio CDs Production of new ISO9660 data CDs ("mastering") Production of new audio CDs Fast copying of CDs without hardisk buffering Logfile option User interface in more than 10 languages %package ftp-client-krb5 Update: Mon Aug 09 2002 11:43:12 Importance: security %pre The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability. %description The ftp package provides the standard UNIX command-line FTP client. FTP is the file transfer protocol, which is a widely used Internet protocol for transferring files and for archiving files. If your system is on a network, you should install ftp in order to do file transfers. This version supports kerberos authentication. %package ftp-server-krb5 Update: Mon Aug 09 2002 11:43:12 Importance: security %pre The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability. %description The ftp-server package provides an ftp server. This version supports kerberos authentication. %package krb5-devel Update: Mon Aug 09 2002 11:43:12 Importance: security %pre The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability. %description Kerberos is a network authentication system. The krb5-devel package contains the header files and libraries needed for compiling Kerberos 5 programs. If you want to develop Kerberos-aware programs, you'll need to install this package. %package krb5-libs Update: Mon Aug 09 2002 11:43:12 Importance: security %pre The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability. %description Kerberos is a network authentication system. The krb5-libs package contains the shared libraries needed by Kerberos 5. If you're using Kerberos, you'll need to install this package. %package krb5-server Update: Mon Aug 09 2002 11:43:12 Importance: security %pre The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability. %description Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a Kerberos 5 server. If you're installing a Kerberos 5 server, you need to install this package (in other words, most people should NOT install this package). %package krb5-workstation Update: Mon Aug 09 2002 11:43:12 Importance: security %pre The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability. %description Kerberos is a network authentication system. The krb5-workstation package contains the basic Kerberos programs (kinit, klist, kdestroy, kpasswd) as well as kerberized versions of Telnet and FTP. If your network uses Kerberos, this package should be installed on every workstation. %package telnet-client-krb5 Update: Mon Aug 09 2002 11:43:12 Importance: security %pre The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability. %description Telnet is a popular protocol for logging into remote systems over the Internet. The telnet package provides a command line telnet client. Install the telnet package if you want to telnet to remote machines. This version supports kerberos authentication. %package telnet-client-krb5 Update: Mon Aug 09 2002 11:43:12 Importance: security %pre The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow. With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability. %description Telnet is a popular protocol for logging into remote systems over the Internet. The telnet-server package provides a telnet daemon, which will support remote logins into the host machine. The telnet daemon is enabled by default. You may disable the telnet daemon by editing /etc/inetd.conf. Install the telnet-server package if you want to support remote logins to your machine. This version supports kerberos authentication. %package kdelibs Update: Mon Aug 09 2002 12:10:58 Importance: security %pre A vulnerability was discovered in KDE's SSL implementation in that it does not check the basic constraints on a certificate and as a result may accept certificates as valid that were signed by an issuer who is not authorized to do so. This can lead to Konqueror and other SSL- enabled KDE software falling victim to a man-in-the-middle attack without being aware of the invalid certificate. This will trick users into thinking they are on a secure connection with a valid site when in fact the site is different from that which they intended to connect to. This is fixed in KDE 3.0.3, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work. %description Libraries for the K Desktop Environment. %package kdelibs-devel Update: Mon Aug 09 2002 12:10:58 Importance: security %pre A vulnerability was discovered in KDE's SSL implementation in that it does not check the basic constraints on a certificate and as a result may accept certificates as valid that were signed by an issuer who is not authorized to do so. This can lead to Konqueror and other SSL- enabled KDE software falling victim to a man-in-the-middle attack without being aware of the invalid certificate. This will trick users into thinking they are on a secure connection with a valid site when in fact the site is different from that which they intended to connect to. This is fixed in KDE 3.0.3, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work. %description Libraries for the K Desktop Environment. %package kdelibs-sound Update: Mon Aug 09 2002 12:10:58 Importance: security %pre A vulnerability was discovered in KDE's SSL implementation in that it does not check the basic constraints on a certificate and as a result may accept certificates as valid that were signed by an issuer who is not authorized to do so. This can lead to Konqueror and other SSL- enabled KDE software falling victim to a man-in-the-middle attack without being aware of the invalid certificate. This will trick users into thinking they are on a secure connection with a valid site when in fact the site is different from that which they intended to connect to. This is fixed in KDE 3.0.3, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work. %description Libraries for the K Desktop Environment. %package arts Update: Mon Aug 09 2002 12:10:58 Importance: normal %pre These arts packages should be upgraded along with the latest kdelibs updates. %description aRts is a short form for "analog realtime synthesizer". The idea of the whole thing is to create/process sound using small modules which do certain tasks. These may be create a waveform (oscillators), play samples, filter data, add signals, perform effects like delay/flanger/chorus, or output the data to the soundcard. %package libarts2 Update: Mon Aug 09 2002 12:10:58 Importance: normal %pre These arts packages should be upgraded along with the latest kdelibs updates. %description aRts is a short form for "analog realtime synthesizer". The idea of the whole thing is to create/process sound using small modules which do certain tasks. These may be create a waveform (oscillators), play samples, filter data, add signals, perform effects like delay/flanger/chorus, or output the data to the soundcard. %package libarts2-devel Update: Mon Aug 09 2002 12:10:58 Importance: normal %pre These arts packages should be upgraded along with the latest kdelibs updates. %description aRts is a short form for "analog realtime synthesizer". The idea of the whole thing is to create/process sound using small modules which do certain tasks. These may be create a waveform (oscillators), play samples, filter data, add signals, perform effects like delay/flanger/chorus, or output the data to the soundcard. %package glibc Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support and timezone databases. %package glibc-devel Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description The glibc-devel package contains the header and object files necessary for developing programs which use the standard C libraries (which are used by nearly all programs). If you are developing programs which will use the standard C libraries, your system needs to have these standard header and object files available in order to create the executables. Install glibc-devel if you are going to develop programs which will use the standard C libraries. %package glibc-profile Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description The glibc-profile package includes the GNU libc libraries and support for profiling using the gprof program. Profiling is analyzing a program's functions to see how much CPU time they use and determining which functions are calling other functions during execution. To use gprof to profile a program, your program needs to use the GNU libc libraries included in glibc-profile (instead of the standard GNU libc libraries included in the glibc package). If you are going to use the gprof program to profile a program, you'll need to install the glibc-profile program. %package nscd Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description Nscd caches name service lookups and can dramatically improve performance with NIS+, and may help with DNS as well. Note that you can't use nscd with 2.0 kernels because of bugs in the kernel-side thread support. Unfortunately, nscd happens to hit these bugs particularly hard. Install nscd if you need a name service lookup caching daemon, and you're not using a version 2.0 kernel. %package ldconfig Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description Ldconfig is a basic system program which determines run-time link bindings between ld.so and shared libraries. Ldconfig scans a running system and sets up the symbolic links that are used to load shared libraries properly. It also creates a cache (/etc/ld.so.cache) which speeds the loading of programs which use shared libraries. %package glibc_lsb Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description Contains the standard libraries that are used by almost all programs on the system, including the most important sets of shared libraries, the standard C library and the standard math library. Without these libraries, a Linux system will not function. This version is built for LSB compliance/development and is a supplement to the system glibc. %package kernel-headers Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description Kernel-headers includes the C header files for the Linux kernel. The header files define structures and constants that are needed for building most standard programs. The header files are also needed for rebuilding the kernel. %package tcl Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Tcl is a simple scripting language designed to be embedded into other applications. Tcl is designed to be used with Tk, a widget set, which is provided in the tk package. This package also includes tclsh, a simple example of a Tcl application. If you're installing the tcl package and you want to use Tcl for development, you should also install the tk and tclx packages. %package tcllib Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Tcllib is a collection of utility modules for tcl. These modules provide a wide variety of functionality, from implementation of standard data structures to implementation of common networking protocols. the intent is to collect commoly used function into a single library, which users can rely on to be available and stable. %package tclx Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description TclX is a set of extensions which make it easier to use the Tcl scripting language for common UNIX/Linux programming tasks. TclX enhances Tcl support for files, network access, debugging, math, lists, and message catalogs. TclX can be used with both Tcl and Tcl/Tk applications. Install TclX if you are developing applications with Tcl/Tk. You'll also need to install the tcl and tk packages. %package itcl Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description [incr Tcl] is an object-oriented extension of the Tcl language. It was created to support more structured programming in Tcl. Tcl scripts that grow beyond a few thousand lines become extremely difficult to maintain. This is because the building blocks of vanilla Tcl are procedures and global variables, and all of these building blocks must reside in a single global namespace. There is no support for protection or encapsulation. [incr Tcl] introduces the notion of objects. Each object is a bag of data with a set of procedures or "methods" that are used to manipulate it. Objects are organized into "classes" with identical characteristics, and classes can inherit functionality from one another. This object-oriented paradigm adds another level of organization on top of the basic variable/procedure elements, and the resulting code is easier to understand and maintain. %package tk Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Tk is a X Windows widget set designed to work closely with the tcl scripting language. It allows you to write simple programs with full featured GUI's in only a little more time then it takes to write a text based interface. Tcl/Tk applications can also be run on Windows and Macintosh platforms. %package tix Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Tix (Tk Interface Extension), an add-on for the Tk widget set, is an extensive set of over 40 widgets. In general, Tix widgets are more complex and more capable than the widgets provided in Tk. Tix widgets include a ComboBox, a Motif-style FileSelectBox, an MS Windows-style FileSelectBox, a PanedWindow, a NoteBook, a hierarchical list, a directory tree and a file manager. Install the tix package if you want to try out more complicated widgets for Tk. You'll also need to have the tcl and tk packages installed. %package expect Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Expect is a tcl extension for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect is also useful for testing the named applications. Expect makes it easy for a script to control another program and interact with it. Install the expect package if you'd like to develop scripts which interact with interactive applications. You'll also need to install the tcl package. %package postgresql Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-devel Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-jdbc Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-python Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-server Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-tcl Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-test Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-tk Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-odbc Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-perl Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-contrib Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-docs Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libecpg3 Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libpgsql2 Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libpgsqlodbc0 Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libpgtcl2 Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libpgperl Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package fetchmail Updated: Tue Oct 1 12:11:58 2002 Importance: security %pre Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package fetchmail-daemon Updated: Tue Oct 1 12:11:58 2002 Importance: security %pre Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail. %description SySV init script for demonize fetchmail for sucking emails. %package fetchmailconf Updated: Tue Oct 1 12:11:58 2002 Importance: security %pre Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail. %description Fetchmailconf is a TCL/TK application for graphically configuring your ~/.fetchmailrc preferences file. Fetchmail has many options which can be daunting to the new user. This utility takes some of the guesswork and hassle out of setting up fetchmail. %package kdelibs Update: Wed Oct 09 2002 14:51:35 Importance: security %pre A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. %description Libraries for the K Desktop Environment. %package kdelibs-devel Update: Wed Oct 09 2002 14:51:35 Importance: security %pre A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. %description Libraries for the K Desktop Environment. %package kdelibs-sound Update: Wed Oct 09 2002 14:51:35 Importance: security %pre A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. %description Libraries for the K Desktop Environment. %package arts Update: Wed Oct 09 2002 14:51:35 Importance: security %pre A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. %description Libraries for the K Desktop Environment. %package libarts2 Update: Wed Oct 09 2002 14:51:35 Importance: security %pre A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. %description Libraries for the K Desktop Environment. %package libarts2-devel Update: Wed Oct 09 2002 14:51:35 Importance: security %pre A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. %description Libraries for the K Desktop Environment. %package unzip Updated: Thu Oct 10 11:28:19 2002 Importance: security %pre A directory traversal vulnerability was discovered in unzip version 5.42 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename, as well as prefixing filenames in the archive with "/" (slash). %description unzip will list, test, or extract files from a ZIP archive, commonly found on MS-DOS systems. A companion program, zip, creates ZIP archives; both programs are compatible with archives created by PKWARE's PKZIP and PKUNZIP for MS-DOS, but in many cases the program options or default behaviors differ. This version also has encryption support. %package tar Updated: Thu Oct 10 11:28:56 2002 Importance: security %pre A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename. %description The GNU tar program saves many files together into one archive and can restore individual files (or all of the files) from the archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive compression/ decompression, the ability to perform remote archives and the ability to perform incremental and full backups. If you want to use Tar for remote backups, you'll also need to install the rmt package. You should install the tar package, because you'll find its compression and decompression utilities essential for working with files. %package apache Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-common Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-devel Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-manual Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-modules Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-source Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package gv Update: Mon Oct 21 2002 10:59:16 Importance: security %pre A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities. %description Gv provides a user interface for the ghostscript PostScript(TM) interpreter. Derived from the ghostview program, gv can display PostScript and PDF documents using the X Window System. Install the gv package if you'd like to view PostScript and PDF documents on your system. You'll also need to have the ghostscript package installed, as well as the X Window System. %package ggv Update: Mon Oct 21 2002 10:59:16 Importance: security %pre A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities. %description ggv allows you to view PostScript documents, and print ranges of pages. %package tetex Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-afm Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-doc Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-dvilj Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-latex Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-xdvi Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-dvipdfm Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package kdegraphics Updated: Thu Oct 24 11:01:45 2002 Importance: security %pre A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages %description Graphical tools for the K Desktop Environment. %package kdegraphics-devel Updated: Thu Oct 24 11:01:45 2002 Importance: security %pre A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages %description Graphical tools for the K Desktop Environment. %package mod_ssl Updated: Thu Oct 24 11:01:45 2002 Importance: security %pre A cross-site scripting vulnerability was discovered in mod_ssl by Joe Orton. This only affects servers using a combination of wildcard DNS and "UseCanonicalName off" (which is not the default in Mandrake Linux). With this setting turned off, Apache will attempt to use the hostname:port that the client supplies, which is where the problem comes into play. With this setting turned on (the default), Apache constructs a self-referencing URL and will use ServerName and Port to form the canonical name. It is recommended that all users upgrade, regardless of the setting of the "UseCanonicalName" configuration option. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package krb5-libs Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-devel Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-server Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-workstation Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package ftp-client-krb5 Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package ftp-server-krb5 Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package telnet-client-krb5 Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package telnet-server-krb5 Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package libjs Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package libnspr4 Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package libnspr4-devel Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package libnss3 Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package libnss3-devel Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozilla Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozilla-devel Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozilla-dom-inspector Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozill-enigmail Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozill-enigmime Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozill-irc Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozill-js-debugger Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozill-mail Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozill-spellchecker Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package mozill-xmlterm Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package galeon Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Gnome browser based on Gecko (Mozilla rendering engine) %package libnautilus0 Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Nautilus is an excellent file manager for the GNOME desktop environment. %package libnautilus0-devel Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Nautilus is an excellent file manager for the GNOME desktop environment. %package nautilus Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Nautilus is an excellent file manager for the GNOME desktop environment. %package nautilus-mozilla Updated: Thu Oct 31 00:01:01 2002 Importance: security %pre Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla. %description Nautilus is an excellent file manager for the GNOME desktop environment. %package nss_ldap Updated: Thu Nov 7 11:03:12 2002 Importance: security %pre A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the "host" keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow. A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow. Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist. All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package pam_ldap Updated: Thu Nov 7 11:03:12 2002 Importance: security %pre A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the "host" keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow. A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow. Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist. All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package perl-MailTools Updated: Thu Nov 7 11:03:12 2002 Importance: security %pre A vulnerability was discovered in Mail::Mailer perl module by the SuSE security team during an audit. The vulnerability allows remote attackers to execute arbitrary commands in certain circumstances due to the usage of mailx as the default mailer, a program that allows commands to be embedded in the mail body. This module is used by some auto-response programs and spam filters which make use of Mail::Mailer. %description This is MailTools, a set of perl modules related to mail applications %package ypserv Update: Mon Nov 18 2002 11:32:12 Importance: security %pre A memory leak that could be triggered remotely was discovered in ypserv 2.5 and earlier. This could lead to a Denial of Service as repeated requests for a non-existant map will result in ypserv consuming more and more memory, and also running more slowly. If the system runs out of available memory, ypserv would also be killed. %description The Network Information Service (NIS) is a system which provides network information (login names, passwords, home directories, group information) to all of the machines on a network. NIS can enable users to login on any machine on the network, as long as the machine has the NIS client programs running and the user's password is recorded in the NIS passwd database. NIS was formerly known as Sun Yellow Pages (YP). This package provides the NIS server, which will need to be running on your network. NIS clients do not need to be running the server. Install ypserv if you need an NIS server for your network. You'll also need to install the yp-tools and ypbind packages onto any NIS client machines. %package nss_wins Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-client Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-common Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-doc Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-server Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-swat Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-winbind Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package libpython2.2 Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package libpython2.2-devel Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package python Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package python-base Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package python-docs Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package tkinter Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package sendmail Updated: Wed Nov 27 12:08:04 2002 Importance: security %pre A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-cf Updated: Wed Nov 27 12:08:04 2002 Importance: security %pre A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-doc Updated: Wed Nov 27 12:08:04 2002 Importance: security %pre A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-devel Updated: Wed Nov 27 12:08:04 2002 Importance: security %pre A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package pine Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre A vulnerability was discovered in pine while parsing and escaping characters of email addresses; not enough memory is allocated for storing the escaped mailbox part of the address. The resulting buffer overflow on the heap makes pine crash. This new version of pine, 4.50, has the vulnerability fixed. It also offers many other bug fixes and new features. %description Pine is a very popular, easy to use, full-featured email user agent which includes a simple text editor called pico. Pine supports MIME extensions and can also be used to read news. Pine also supports IMAP, mail and MH style folders. Pine should be installed because Pine is a very commonly used email user agent and it is currently in development. %package WindowMaker Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package WindowMaker-devel Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package WindowMaker-static-devel Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package libwraster2 Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package libwraster2-devel Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package libwraster2-static-devel Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package wget Updated: Wed Dec 11 12:12:40 2002 Importance: security %pre A vulnerability in all versions of wget prior to and including 1.8.2 was discovered by Steven M. Christey. The bug permits a malicious FTP server to create or overwriet files anywhere on the local file system by sending filenames beginning with "/" or containing "/../". This can be used to make vulnerable FTP clients write files that can later be used for attack against the client machine. %description GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. %package libmysql10 Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package libmysql10-devel Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-bench Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-client Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package urpmi Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Updated urpmi and mdkonline packages are available for 8.1 and 8.2. These updates bump up the version of urpmi and mdkonline to those found in Mandrake Linux 9.0, which offer more features and better support for updating packages via urpmi and Mandrake Online. Updated urpmi packages for 9.0 fix a bug where urpmi would not follow symlinks when downloading files; urpmi would download the symlink instead of the file it pointed to. Finally, for users of Mandrake Linux 8.1: The synthesis hdlist format has changed so updating packages may be timely until urpmi can retrieve new-style synthesis lists. This is done when a urpmi media has been updated via urpmi.update. Until a new synthesis file has been retrieved, urpmi will use the larger hdlist file. Additional required perl libraries have been packed with this update that are required for urpmi and mdkonline to operate properly so be sure to install listed files for your particular distribution. Please see: http://www.mandrakesecure.net/en/advisory.php?name=MDKA-2002:022 for more information. %description urpmi takes care of dependencies between rpms, using a pool (or pools) of rpms. You can compare rpm vs. urpmi with insmod vs. modprobe %package gurpmi Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Updated urpmi and mdkonline packages are available for 8.1 and 8.2. These updates bump up the version of urpmi and mdkonline to those found in Mandrake Linux 9.0, which offer more features and better support for updating packages via urpmi and Mandrake Online. Updated urpmi packages for 9.0 fix a bug where urpmi would not follow symlinks when downloading files; urpmi would download the symlink instead of the file it pointed to. Finally, for users of Mandrake Linux 8.1: The synthesis hdlist format has changed so updating packages may be timely until urpmi can retrieve new-style synthesis lists. This is done when a urpmi media has been updated via urpmi.update. Until a new synthesis file has been retrieved, urpmi will use the larger hdlist file. Additional required perl libraries have been packed with this update that are required for urpmi and mdkonline to operate properly so be sure to install listed files for your particular distribution. Please see: http://www.mandrakesecure.net/en/advisory.php?name=MDKA-2002:022 for more information. %description urpmi takes care of dependencies between rpms, using a pool (or pools) of rpms. You can compare rpm vs. urpmi with insmod vs. modprobe %package urpmi-parallel-ssh Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Updated urpmi and mdkonline packages are available for 8.1 and 8.2. These updates bump up the version of urpmi and mdkonline to those found in Mandrake Linux 9.0, which offer more features and better support for updating packages via urpmi and Mandrake Online. Updated urpmi packages for 9.0 fix a bug where urpmi would not follow symlinks when downloading files; urpmi would download the symlink instead of the file it pointed to. Finally, for users of Mandrake Linux 8.1: The synthesis hdlist format has changed so updating packages may be timely until urpmi can retrieve new-style synthesis lists. This is done when a urpmi media has been updated via urpmi.update. Until a new synthesis file has been retrieved, urpmi will use the larger hdlist file. Additional required perl libraries have been packed with this update that are required for urpmi and mdkonline to operate properly so be sure to install listed files for your particular distribution. Please see: http://www.mandrakesecure.net/en/advisory.php?name=MDKA-2002:022 for more information. %description urpmi takes care of dependencies between rpms, using a pool (or pools) of rpms. You can compare rpm vs. urpmi with insmod vs. modprobe %package mdkonline Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Updated urpmi and mdkonline packages are available for 8.1 and 8.2. These updates bump up the version of urpmi and mdkonline to those found in Mandrake Linux 9.0, which offer more features and better support for updating packages via urpmi and Mandrake Online. Updated urpmi packages for 9.0 fix a bug where urpmi would not follow symlinks when downloading files; urpmi would download the symlink instead of the file it pointed to. Finally, for users of Mandrake Linux 8.1: The synthesis hdlist format has changed so updating packages may be timely until urpmi can retrieve new-style synthesis lists. This is done when a urpmi media has been updated via urpmi.update. Until a new synthesis file has been retrieved, urpmi will use the larger hdlist file. Additional required perl libraries have been packed with this update that are required for urpmi and mdkonline to operate properly so be sure to install listed files for your particular distribution. Please see: http://www.mandrakesecure.net/en/advisory.php?name=MDKA-2002:022 for more information. %description The Mandrake Online tool is designed for registered users who want to upload their configuration (packages, hardware infos). This allows them to be kept informed about security updates, hardware support/enhancements and other high value services. %package perl-URPM Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Support package for urpmi and mdkonline updates. %description The URPM module allows you to manipulate rpm files, rpm header files and hdlist files and manage them in memory. %package perl-Locale-gettext Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Support package for urpmi and mdkonline updates. %description The gettext module permits access from perl to the gettext() family of functions for retrieving message strings from databases constructed to internationalize software. It provides gettext(), dgettext(), dcgettext(), textdomain() and bindtextdomain(). %package rpmdrake Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Support package for urpmi and mdkonline updates. %description rpmdrake is an apt-alike tool. It also handles packages on more than one cdrom, asking you the needed one. It is a graphical front-end to urpmi/gurpmi. %package cups Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package cups-common Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package cups-serial Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libcups1 Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libcups1-devel Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package xpdf Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre The pdftops filter found in both the xpdf and CUPS packages suffers from an integer overflow that can be exploited to gain the privilege of the victim user. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package dhcpcd Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables and DHCP assignment information. The way quotes are handled inside these assignments is flawed, and a malicious DHCP server can execute arbitrary shell commands on the vulnerable DHCP client system. This can also be exploited by an attacker able to spoof DHCP responses. Mandrake Linux packages contain a sample /etc/dhcpc/dhcpcd.exe file and encourages all users to upgrade immediately. Please note that when you do upgrade, you will have to restart the network for the changes to take proper effect by issuing "service network restart" as root. %description dhcpcd is an implementation of the DHCP client specified in draft-ietf-dhc-dhcp-09 (when -r option is not speci- fied) and RFC1541 (when -r option is specified). It gets the host information (IP address, netmask, broad- cast address, etc.) from a DHCP server and configures the network interface of the machine on which it is running. It also tries to renew the lease time according to RFC1541 or draft-ietf-dhc-dhcp-09. %package arts Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Libraries for the K Desktop Environment. %package libarts2 Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Libraries for the K Desktop Environment. %package libarts2-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Libraries for the K Desktop Environment. %package kdelibs Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Libraries for the K Desktop Environment. %package kdelibs-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Libraries for the K Desktop Environment. %package kdelibs-sound Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Libraries for the K Desktop Environment. %package kdebase Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Core applications for the K Desktop Environment. %package kdebase-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Core applications for the K Desktop Environment. %package kdebase-nsplugins Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Core applications for the K Desktop Environment. %package kdegames Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Games for the K Desktop Environment. %package kdegames-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Games for the K Desktop Environment. %package kdegraphics Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Graphical tools for the K Desktop Environment. %package kdegraphics-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Graphical tools for the K Desktop Environment. %package kdemultimedia Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Multimedia tools for the K Desktop Environment. %package kdemultimedia-aktion Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Multimedia tools for the K Desktop Environment. %package kdemultimedia-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Multimedia tools for the K Desktop Environment. %package kdenetwork Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Networking applications for the K Desktop Environment. %package kdenetwork-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Networking applications for the K Desktop Environment. %package kdepim Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Information Management applications for the K Desktop Environment. %package kdepim-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Information Management applications for the K Desktop Environment. %package kdesdk Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Software Development Kit for the K Desktop Environment. %package kdesdk-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Software Development Kit for the K Desktop Environment. %package kdeutils Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Utilities for the K Desktop Environment. %package kdeutils-devel Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Utilities for the K Desktop Environment. %package leafnode Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A vulnerability was discovered by Jan Knutar in leafnode that Mark Brown pointed out could be used in a Denial of Service attack. This vulnerability causes leafnode to go into an infinite loop with 100% CPU use when an article that has been crossposed to several groups, one of which is the prefix of another, is requested by it's Message-ID. This vulnerability was introduced in 1.9.20 and fixed upstream in version 1.9.30. Only Mandrake Linux 9.0 is affected by this, but version 1.9.19 (which shipped with Mandrake Linux 8.2) is receiving an update due to critical bugs in it that can corrupt parts of its news spool under certain circumstances. %description Leafnode is a small NNTP server for leaf sites without permanent connection to the internet. It supports a subset of NNTP and is able to automatically fetch the newsgroups the user reads regularly from the newsserver of the ISP. %package libldap2 Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package libldap2-devel Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package libldap2-devel-static Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_dnssrv Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_ldap Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_passwd Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_sql Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-clients Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-guide Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-migration Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-servers Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package dhcp-common Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package dhcp-client Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package dhcp-devel Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package dhcp-relay Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package dhcp-server Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package cups-drivers Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package foomatic Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package ghostscript Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package ghostscript-module-SVGALIB Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package ghostscript-module-X Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package gimpprint Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package libgimpprint1 Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package libgimpprint1-devel Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package omni Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package printer-filters Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package printer-testpages Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package printer-utils Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package fetchmail Updated: Mon Jan 27 10:55:12 2003 Importance: security %pre A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package fetchmail-daemon Updated: Mon Jan 27 10:55:12 2003 Importance: security %pre A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package fetchmailconf Updated: Mon Jan 27 10:55:12 2003 Importance: security %pre A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package vim-common Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package vim-enhanced Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package vim-minimal Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package vim-X11 Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package libmysql10 Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package libmysql10-devel Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-bench Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-client Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package slocate Updated: Wed Feb 5 11:20:44 2002 Importance: security %pre A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7. %description Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (updated regularly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system. %package postgresql Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-devel Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-jdbc Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-python Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-server Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-tcl Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-test Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-tk Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-odbc Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-perl Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-contrib Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-docs Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libecpg3 Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libpgsql2 Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libpgsqlodbc0 Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libpgtcl2 Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libpgperl Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package util-linux Updated: Thu Feb 13 11:04:12 2003 Importance: security %pre The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out. %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. %package mount Updated: Thu Feb 13 11:04:12 2003 Importance: security %pre The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out. %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. %package losetup Updated: Thu Feb 13 11:04:12 2003 Importance: security %pre The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out. %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. %package pam Updated: Tue Feb 18 11:33:12 2003 Importance: security %pre Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker. %description PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. %package pam-devel Updated: Tue Feb 18 11:33:12 2003 Importance: security %pre Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker. %description PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. %package pam-doc Updated: Tue Feb 18 11:33:12 2003 Importance: security %pre Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker. %description PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. %package apcupsd Updated: Tue Feb 18 11:33:12 2003 Importance: security %pre A remote root vulnerability in slave setups and some buffer overflows in the network information server code were discovered by the apcupsd developers. They have been fixed in the latest unstable version, 3.10.5 which contains additional enhancements like USB support, and the latest stable version, 3.8.6. There are a few changes that need to be noted, such as the port has changed from port 7000 to post 3551 for NIS, and the new config only allows access from the localhost. Users may need to modify their configuration files appropriately, depending upon their configuration. %description UPS power management under Linux for APCC Products. It allows your computer/server to run during power problems for a specified length of time or the life of the batteries in your BackUPS, BackUPS Pro, SmartUPS v/s, or SmartUPS, and then properly executes a controlled shutdown during an extended power failure. %package openssl Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0 Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0-devel Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0-static-devel Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package ftp-client-krb5 Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package ftp-server-krb5 Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-devel Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-libs Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-server Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-workstation Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package telnet-client-krb5 Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package telnet-server-krb5 Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package vnc Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. %description Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. %package vnc-doc Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. %description Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. %package vnc-server Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. %description Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. %package lynx Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting. %description This a terminal based WWW browser. While it does not make any attempt at displaying graphics, it has good support for HTML text formatting, forms, and tables. This version includes support for SSL encryption. WARNING: In some countries, it is illegal to export this package. In some countries, it may even be illegal to use it. %package webmin Updated: Wed Feb 26 09:04:31 2003 Importance: security %pre A vulnerability was discovered in webmin by Cintia M. Imanishi, in the miniserv.pl program, which is the core server of webmin. This vulnerability allows an attacker to spoof a session ID by including special metacharacters in the BASE64 encoding string used during the authentication process. This could allow an attacker to gain full administrative access to webmin. MandrakeSoft encourages all users to upgrade immediately. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package shadow-utils Updated: Wed Feb 26 09:04:31 2003 Importance: security %pre The shadow-utils package contains the tool useradd, which is used to create or update new user information. When useradd creates an account, it would create it with improper permissions; instead of having it owned by the group mail, it would be owned by the user's primary group. If this is a shared group (ie. "users"), then all members of the shared group would be able to obtain access to the mail spools of other members of the same group. A patch to useradd has been applied to correct this problem. %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %package tcpdump Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package libpcap0 Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets. %description Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this system-independent API to ease in porting and to alleviate the need for several system-dependent packet capture modules in each application. %package libpcap0-devel Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets. %description Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this system-independent API to ease in porting and to alleviate the need for several system-dependent packet capture modules in each application. %package sendmail Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. %description Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-cf Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. %description Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-doc Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. %description Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-devel Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. %description Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package snort Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package snort-bloat Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package snort-mysql+flexresp Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package snort-mysql Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package snort-plain+flexresp Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package snort-postgresql+flexresp Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package snort-postgresql Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package snort-snmp+flexresp Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package snort-snmp Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package file Updated: Thu Mar 6 10:24:39 2003 Importance: security %pre A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file. %description The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. You should install the file package, since the file command is such a useful utility. %package nss_wins Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-client Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-common Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-doc Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-server Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-swat Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-winbind Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package zlib1 Updated: Tue Mar 18 11:28:18 2003 Importance: security %pre Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3). %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package zlib1-devel Updated: Tue Mar 18 11:28:18 2003 Importance: security %pre Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3). %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package e2fsprogs libext2fs2 libext2fs-devel Updated: Mon Mar 24 10:56:06 2003 Importance: normal %pre The ext2/ext3 partition format in Mandrake Linux 9.1 is not compatible with older Mandrake Linux releases, so new packages are available for some older distributions so that, for example, a 9.0 system can mount a 9.1-formatted ext2 or ext3 partition. %description The e2fsprogs package contains a number of utilities for creating, checking, modifying and correcting any inconsistencies in second extended (ext2) filesystems. E2fsprogs contains e2fsck (used to repair filesystem inconsistencies after an unclean shutdown), mke2fs (used to initialize a partition to contain an empty ext2 filesystem), debugfs (used to examine the internal structure of a filesystem, to manually repair a corrupted filesystem or to create test cases for e2fsck), tune2fs (used to modify filesystem parameters) and most of the other core ext2fs filesystem utilities. You should install the e2fsprogs package if you need to manage the performance of an ext2 filesystem. %package libext2fs2 Updated: Mon Mar 24 10:56:06 2003 Importance: normal %pre The ext2/ext3 partition format in Mandrake Linux 9.1 is not compatible with older Mandrake Linux releases, so new packages are available for some older distributions so that, for example, a 9.0 system can mount a 9.1-formatted ext2 or ext3 partition. %description The e2fsprogs package contains a number of utilities for creating, checking, modifying and correcting any inconsistencies in second extended (ext2) filesystems. E2fsprogs contains e2fsck (used to repair filesystem inconsistencies after an unclean shutdown), mke2fs (used to initialize a partition to contain an empty ext2 filesystem), debugfs (used to examine the internal structure of a filesystem, to manually repair a corrupted filesystem or to create test cases for e2fsck), tune2fs (used to modify filesystem parameters) and most of the other core ext2fs filesystem utilities. You should install the e2fsprogs package if you need to manage the performance of an ext2 filesystem. %package libext2fs-devel Updated: Mon Mar 24 10:56:06 2003 Importance: normal %pre The ext2/ext3 partition format in Mandrake Linux 9.1 is not compatible with older Mandrake Linux releases, so new packages are available for some older distributions so that, for example, a 9.0 system can mount a 9.1-formatted ext2 or ext3 partition. %description The e2fsprogs package contains a number of utilities for creating, checking, modifying and correcting any inconsistencies in second extended (ext2) filesystems. E2fsprogs contains e2fsck (used to repair filesystem inconsistencies after an unclean shutdown), mke2fs (used to initialize a partition to contain an empty ext2 filesystem), debugfs (used to examine the internal structure of a filesystem, to manually repair a corrupted filesystem or to create test cases for e2fsck), tune2fs (used to modify filesystem parameters) and most of the other core ext2fs filesystem utilities. You should install the e2fsprogs package if you need to manage the performance of an ext2 filesystem. %package rxvt Updated: Mon Mar 24 11:03:32 2003 Importance: security %pre Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. %description Rxvt is a color VT102 terminal emulator for the X Window System. Rxvt is intended to be an xterm replacement for users who don't need the more esoteric features of xterm, like Tektronix 4014 emulation, session logging and toolkit style configurability. Since it doesn't support those features, rxvt uses much less swap space than xterm uses. This is a significant advantage on a machine which is serving a large number of X sessions. The rxvt package should be installed on any machine which serves a large number of X sessions, if you'd like to improve that machine's performance. This version of rxvt can display Japanese, Chinese (Big5 and GuoBiao) and Korean. %package rxvt-CJK Updated: Mon Mar 24 11:03:32 2003 Importance: security %pre Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. %description Rxvt is a color VT102 terminal emulator for the X Window System. Rxvt is intended to be an xterm replacement for users who don't need the more esoteric features of xterm, like Tektronix 4014 emulation, session logging and toolkit style configurability. Since it doesn't support those features, rxvt uses much less swap space than xterm uses. This is a significant advantage on a machine which is serving a large number of X sessions. The rxvt package should be installed on any machine which serves a large number of X sessions, if you'd like to improve that machine's performance. This version of rxvt can display Japanese, Chinese (Big5 and GuoBiao) and Korean. %package rxvt-devel Updated: Mon Mar 24 11:03:32 2003 Importance: security %pre Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. %description Rxvt is a color VT102 terminal emulator for the X Window System. Rxvt is intended to be an xterm replacement for users who don't need the more esoteric features of xterm, like Tektronix 4014 emulation, session logging and toolkit style configurability. Since it doesn't support those features, rxvt uses much less swap space than xterm uses. This is a significant advantage on a machine which is serving a large number of X sessions. The rxvt package should be installed on any machine which serves a large number of X sessions, if you'd like to improve that machine's performance. This version of rxvt can display Japanese, Chinese (Big5 and GuoBiao) and Korean. %package openssl Updated: Mon Mar 24 12:05:31 2003 Importance: security %pre Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the "Bleichenbacher attack" on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0 Updated: Mon Mar 24 12:05:31 2003 Importance: security %pre Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the "Bleichenbacher attack" on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0-devel Updated: Mon Mar 24 12:05:31 2003 Importance: security %pre Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the "Bleichenbacher attack" on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0-static-devel Updated: Mon Mar 24 12:05:31 2003 Importance: security %pre Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the "Bleichenbacher attack" on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package netpbm Updated: Mon Mar 24 13:35:23 2003 Importance: security %pre Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package libnetpbm9 Updated: Mon Mar 24 13:35:23 2003 Importance: security %pre Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package libnetpbm9-devel Updated: Mon Mar 24 13:35:23 2003 Importance: security %pre Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package glibc Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package glibc-devel Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package glibc-profile Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package ldconfig Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package nscd Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package kernel22 Updated: Thu Mar 27 11:25:46 2003 Importance: security %pre A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. As well, multiple ethernet device drivers do not pad frames with null bytes, which could allow remote attackers to obtain information from previous packets or kernel memory by using malformed packets. Finally, the 2.2 kernel allows local users to cause a crash of the host system by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. All users are encouraged to upgrade to the latest kernel version provided. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel22-smp Updated: Thu Mar 27 11:25:46 2003 Importance: security %pre A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. As well, multiple ethernet device drivers do not pad frames with null bytes, which could allow remote attackers to obtain information from previous packets or kernel memory by using malformed packets. Finally, the 2.2 kernel allows local users to cause a crash of the host system by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. All users are encouraged to upgrade to the latest kernel version provided. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel22-source Updated: Thu Mar 27 11:25:46 2003 Importance: security %pre A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. As well, multiple ethernet device drivers do not pad frames with null bytes, which could allow remote attackers to obtain information from previous packets or kernel memory by using malformed packets. Finally, the 2.2 kernel allows local users to cause a crash of the host system by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. All users are encouraged to upgrade to the latest kernel version provided. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package mutt Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre A vulnerability was discovered in the mutt text-mode email client in the IMAP code. This vulnerability can be exploited by a malicious IMAP server to crash mutt or even execute arbitrary code with the privilege of the user running mutt. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package sendmail Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-cf Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-devel Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-doc Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package ftp-client-krb5 Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package ftp-server-krb5 Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-devel Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-libs Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-server Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package krb5-workstation Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package telnet-client-krb5 Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package telnet-server-krb5 Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package nss_wins Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-client Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-common Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-doc Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-server Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-swat Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-winbind Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package kernel-2.4.19.33mdk Updated: Wed Apr 9 15:03:45 2003 Importance: security %pre A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. This update applies a patch to correct the problem. All users should upgrade. Please note that the Mandrake Linux 9.1 kernel already has this patch, and an updated kernel for Mandrake Linux 8.2 will be available shortly. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-enterprise-2.4.19.33mdk Updated: Wed Apr 9 15:03:45 2003 Importance: security %pre A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. This update applies a patch to correct the problem. All users should upgrade. Please note that the Mandrake Linux 9.1 kernel already has this patch, and an updated kernel for Mandrake Linux 8.2 will be available shortly. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-smp-2.4.19.33mdk Updated: Wed Apr 9 15:03:45 2003 Importance: security %pre A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. This update applies a patch to correct the problem. All users should upgrade. Please note that the Mandrake Linux 9.1 kernel already has this patch, and an updated kernel for Mandrake Linux 8.2 will be available shortly. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-source Updated: Wed Apr 9 15:03:45 2003 Importance: security %pre A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. This update applies a patch to correct the problem. All users should upgrade. Please note that the Mandrake Linux 9.1 kernel already has this patch, and an updated kernel for Mandrake Linux 8.2 will be available shortly. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-secure-2.4.19.33mdk Updated: Wed Apr 9 15:03:45 2003 Importance: security %pre A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. This update applies a patch to correct the problem. All users should upgrade. Please note that the Mandrake Linux 9.1 kernel already has this patch, and an updated kernel for Mandrake Linux 8.2 will be available shortly. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-BOOT-2.4.19.33mdk Updated: Wed Apr 9 15:03:45 2003 Importance: security %pre A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. This update applies a patch to correct the problem. All users should upgrade. Please note that the Mandrake Linux 9.1 kernel already has this patch, and an updated kernel for Mandrake Linux 8.2 will be available shortly. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package snort Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package snort-bloat Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package snort-mysql+flexresp Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package snort-mysql Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package snort-plain+flexresp Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package snort-postgresql+flexresp Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package snort-postgresql Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package snort-snmp+flexresp Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package snort-snmp Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package libldap2 Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package libldap2-devel Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package libldap2-devel-static Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_dnssrv Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_ldap Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_passwd Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_sql Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-clients Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-guide Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-migration Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-servers Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package mgetty Updated: Tue May 6 10:47:08 2003 Importance: security %pre Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented. %description The mgetty package contains a "smart" getty which allows logins over a serial line (i.e., through a modem). If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a modem, you should install the mgetty package. If you'd like to send faxes using mgetty and your modem, you'll need to install the mgetty-sendfax program. If you need a viewer for faxes, you'll also need to install the mgetty-viewfax package. %package mgetty-contrib Updated: Tue May 6 10:47:08 2003 Importance: security %pre Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented. %description The mgetty package contains a "smart" getty which allows logins over a serial line (i.e., through a modem). If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a modem, you should install the mgetty package. If you'd like to send faxes using mgetty and your modem, you'll need to install the mgetty-sendfax program. If you need a viewer for faxes, you'll also need to install the mgetty-viewfax package. %package mgetty-sendfax Updated: Tue May 6 10:47:08 2003 Importance: security %pre Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented. %description The mgetty package contains a "smart" getty which allows logins over a serial line (i.e., through a modem). If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a modem, you should install the mgetty package. If you'd like to send faxes using mgetty and your modem, you'll need to install the mgetty-sendfax program. If you need a viewer for faxes, you'll also need to install the mgetty-viewfax package. %package mgetty-viewfax Updated: Tue May 6 10:47:08 2003 Importance: security %pre Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented. %description The mgetty package contains a "smart" getty which allows logins over a serial line (i.e., through a modem). If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a modem, you should install the mgetty package. If you'd like to send faxes using mgetty and your modem, you'll need to install the mgetty-sendfax program. If you need a viewer for faxes, you'll also need to install the mgetty-viewfax package. %package mgetty-voice Updated: Tue May 6 10:47:08 2003 Importance: security %pre Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented. %description The mgetty package contains a "smart" getty which allows logins over a serial line (i.e., through a modem). If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a modem, you should install the mgetty package. If you'd like to send faxes using mgetty and your modem, you'll need to install the mgetty-sendfax program. If you need a viewer for faxes, you'll also need to install the mgetty-viewfax package. %package man Updated: Tue May 6 10:47:08 2003 Importance: security %pre A difficult to exploit vulnerability was discovered in versions of man prior to 1.51. A bug exists in man that could caus a program named "unsafe" to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called "unsafe" that would be located somewhere in the victim's path. %description The man package includes three tools for finding information and/or documentation about your Linux system: man, apropos and whatis. The man system formats and displays on-line manual pages about commands or functions on your system. Apropos searches the whatis database (containing short descriptions of system commands) for a string. Whatis searches its own database for a complete word. The man package should be installed on your system because it is the primary way for find documentation on a Mandrake Linux system. %package xinetd Updated: Thu May 14 09:45:51 2003 Importance: security %pre A vulnerability was discovered in xinetd where memory was allocated and never freed if a connection was refused for any reason. Because of this bug, an attacker could crash the xinetd server, making unavailable all of the services it controls. Other flaws were also discovered that could cause incorrect operation in certain strange configurations. These issues have been fixed upstream in xinetd version 2.3.11 which are provided in this update. %description xinetd is a powerful replacement for inetd. xinetd has access control machanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. xinetd has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use ip masquerading, or NAT, and want to be able to reach your internal hosts. xinetd also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. %package xinetd-ipv6 Updated: Thu May 14 09:45:51 2003 Importance: security %pre A vulnerability was discovered in xinetd where memory was allocated and never freed if a connection was refused for any reason. Because of this bug, an attacker could crash the xinetd server, making unavailable all of the services it controls. Other flaws were also discovered that could cause incorrect operation in certain strange configurations. These issues have been fixed upstream in xinetd version 2.3.11 which are provided in this update. %description xinetd is a powerful replacement for inetd. xinetd has access control machanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. xinetd has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use ip masquerading, or NAT, and want to be able to reach your internal hosts. xinetd also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. %package libmysql10 Updated: Thu May 14 09:45:51 2003 Importance: security %pre In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in version 3.23.56, which is provided for Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated packages have been patched to correct this issue. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package libmysql10-devel Updated: Thu May 14 09:45:51 2003 Importance: security %pre In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in version 3.23.56, which is provided for Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated packages have been patched to correct this issue. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL Updated: Thu May 14 09:45:51 2003 Importance: security %pre In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in version 3.23.56, which is provided for Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated packages have been patched to correct this issue. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-bench Updated: Thu May 14 09:45:51 2003 Importance: security %pre In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in version 3.23.56, which is provided for Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated packages have been patched to correct this issue. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-client Updated: Thu May 14 09:45:51 2003 Importance: security %pre In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in version 3.23.56, which is provided for Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated packages have been patched to correct this issue. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package cdrecord Updated: Wed May 21 14:00:00 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. Two additional format string problems were discovered by Olaf Kirch and an updated patch has been applied to fix those problems as well. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package cdrecord-cdda2wav Updated: Wed May 21 14:00:00 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. Two additional format string problems were discovered by Olaf Kirch and an updated patch has been applied to fix those problems as well. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package cdrecord-devel Updated: Wed May 21 14:00:00 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. Two additional format string problems were discovered by Olaf Kirch and an updated patch has been applied to fix those problems as well. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package cdrecord-dvdhack Updated: Wed May 21 14:00:00 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. Two additional format string problems were discovered by Olaf Kirch and an updated patch has been applied to fix those problems as well. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package mkisofs Updated: Wed May 21 14:00:00 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. Two additional format string problems were discovered by Olaf Kirch and an updated patch has been applied to fix those problems as well. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package lpr Updated: Wed May 21 12:46:43 2003 Importance: security %pre A buffer overflow was discovered in the lpr printer spooling system that can be exploited by a local user to gain root privileges. This can be done even if the printer is configured properly. %description The lpr package provides a basic system utility for managing printing services. Lpr manages print queues, sends print jobs to local and remote printers and accepts print jobs from remote clients. If you will be printing from your system, you will need to install either the lpr or the cups package. This package contains the new GNU-lpr which allows passing printer/driver-specific options along with the job ("-o" command line option). %package LPRng Updated: Wed May 21 12:51:56 2003 Importance: security %pre Karol Lewandowski discovered a problem with psbanner, a printer filter that creates a PostScript format banner. psbanner creates a temporary file for debugging purposes when it is configured as a filter, and does not check whether or not this file already exists or is a symlink. The filter will overwrite this file, or the file it is pointing to (if it is a symlink) with its current environment and called arguments with the user id that LPRng is running as. %description The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. While providing the same interface and meeting RFC1179 requirements, the implementation is completely new and provides support for the following features: lightweight (no databases needed) lpr, lpc, and lprm programs; dynamic redirection of print queues; automatic job holding; highly verbose diagnostics; multiple printers serving a single queue; client programs do not need to run SUID root; greatly enhanced security checks; and a greatly improved permission and authorization mechanism. The source software compiles and runs on a wide variety of UNIX systems, and is compatible with other print spoolers and network printers that use the LPR interface and meet RFC1179 requirements. LPRng provides emulation packages for the SVR4 lp and lpstat programs, eliminating the need for another print spooler package. These emulation packages can be modified according to local requirements, in order to support vintage printing systems. For users that require secure and/or authenticated printing support, LPRng supports Kerberos V, MIT Kerberos IV Print Support, and PGP authentication. LPRng is being adopted by MIT for use as their Campus Wide printing support system. Additional authentication support is extremely simple to add. %package gnupg Updated: Thu May 22 10:06:09 2003 Importance: security %pre A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package libcups1 Updated: Wed May 28 20:33:38 2003 Importance: security %pre A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default). This vulnerability has been fixed upstream in CUPS 1.1.19 and previous versions have been fixed to correct the problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libcups1-devel Updated: Wed May 28 20:33:38 2003 Importance: security %pre A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default). This vulnerability has been fixed upstream in CUPS 1.1.19 and previous versions have been fixed to correct the problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package cups Updated: Wed May 28 20:33:38 2003 Importance: security %pre A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default). This vulnerability has been fixed upstream in CUPS 1.1.19 and previous versions have been fixed to correct the problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package cups-common Updated: Wed May 28 20:33:38 2003 Importance: security %pre A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default). This vulnerability has been fixed upstream in CUPS 1.1.19 and previous versions have been fixed to correct the problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package cups-serial Updated: Wed May 28 20:33:38 2003 Importance: security %pre A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default). This vulnerability has been fixed upstream in CUPS 1.1.19 and previous versions have been fixed to correct the problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package kon2 Updated: Thu Jun 5 12:23:04 2003 Importance: security %pre A vulnerability was discovered in kon2, a Kanji emulator for the console. A buffer overflow in the command line parsing can be exploited, leading to local users being able to gain root privileges. These updated packages provide a fix for this vulnerability. %description KON displays kanji characters on Linux console screen. It is launched like a shell, so you should put at the very end of your ~/.profile something like: TTY=`tty | cut -b-8 2> /dev/null` if [ "$TTY" = "/dev/tty" ]; then exec kon fi %package ghostscript Updated: Tue Jun 10 01:19:25 2003 Importance: security %pre A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package ghostscript-module-SVGALIB Updated: Tue Jun 10 01:19:25 2003 Importance: security %pre A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package ghostscript-module-X Updated: Tue Jun 10 01:19:25 2003 Importance: security %pre A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package gzip Updated: Mon Jun 16 10:44:33 2003 Importance: security %pre A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for gzexe which had been applied previously was incomplete. It has been fixed to make full use of mktemp everywhere a temporary file is created. The znew problem was initially reported by Michal Zalewski and was again reported more recently to Debian by Paul Szabo. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandrake Linux system, because it is a very commonly used data compression program. %package ypserv Updated: Thu Jun 27 23:07:12 2003 Importance: security %pre A vulnerability was found in versions of ypserv prior to version 2.7. If a malicious client were to query ypserv via TCP and subsequently ignore the server's response, ypserv will block attempting to send the reply. The result is that ypserv will fail to respond to other client requests. ypserv 2.7 and above have been altered to fork a child for each client request, which prevents any one request from causing the server to block. %description The Network Information Service (NIS) is a system which provides network information (login names, passwords, home directories, group information) to all of the machines on a network. NIS can enable users to login on any machine on the network, as long as the machine has the NIS client programs running and the user's password is recorded in the NIS passwd database. NIS was formerly known as Sun Yellow Pages (YP). This package provides the NIS server, which will need to be running on your network. NIS clients do not need to be running the server. Install ypserv if you need an NIS server for your network. You'll also need to install the yp-tools and ypbind packages onto any NIS client machines. %package unzip Updated: Mon Jul 07 10:22:28 2003 Importance: security %pre A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence. The patch applied to these packages prevents unzip from writing to parent directories unless the "-:" command line option is used. %description unzip will list, test, or extract files from a ZIP archive, commonly found on MS-DOS systems. A companion program, zip, creates ZIP archives; both programs are compatible with archives created by PKWARE's PKZIP and PKUNZIP for MS-DOS, but in many cases the program options or default behaviors differ. This version also has encryption support. %package nfs-utils Updated: Mon Jul 21 09:58:12 2003 Importance: security %pre An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package nfs-utils-clients Updated: Mon Jul 21 09:58:12 2003 Importance: security %pre An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package kernel Updated: Tue Jul 15 09:58:12 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. * CAN-2003-0476: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-BOOT Updated: Tue Jul 15 09:58:12 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. * CAN-2003-0476: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-doc Updated: Tue Jul 15 09:58:12 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. * CAN-2003-0476: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-enterprise Updated: Tue Jul 15 09:58:12 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. * CAN-2003-0476: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-secure Updated: Tue Jul 15 09:58:12 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. * CAN-2003-0476: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-smp Updated: Tue Jul 15 09:58:12 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. * CAN-2003-0476: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-source Updated: Tue Jul 15 09:58:12 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. * CAN-2003-0476: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package phpgroupware Updated: Tue Jul 22 17:02:51 2003 Importance: security %pre Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is being actively exploited. Version 0.9.14.005 fixed several other vulnerabilities including cross-site scripting issues that can be exploited to obtain sensitive information such as authentication cookies. This update provides the latest stable version of phpgroupware and all users are encouraged to update immediately. In addition, you should also secure your installation by including the following in your Apache configuration files: Order allow,deny Deny from all %description phpgroupware is a web-based groupware suite written in PHP. It provides calendar, todo-list, addressbook, email and a news reader. It also provides an APi for developikng additional applications. See the phpgroupware apps project for add-on apps. %package wu-ftpd Updated: Thu Jul 31 09:38:42 2003 Importance: security %pre A vulnerability was discovered by Janusz Niewiadomski and Wojciech Purczynski in the wu-ftpd FTP server package. They found an off-by- one bug in the fb_realpath() function which could be used by a remote attacker to obtain root privileges on the server. This bug can only be successfully accomplished by using wu-ftpd binaries compiled on Linux 2.0.x and later 2.4.x kernels because the 2.2.x and earlier 2.4.x kernels define PATH_MAX to be 4095 characters. wu-ftpd is no longer shipped with Mandrake Linux, however Mandrake Linux 8.2 did come with wu-ftpd. If you use wu-ftpd, you are encouraged to upgrade to these patched packages. %description The wu-ftpd package contains the wu-ftpd FTP (File Transfer Protocol) server daemon. The FTP protocol is a method of transferring files between machines on a network and/or over the Internet. Wu-ftpd's features include logging of transfers, logging of commands, on the fly compression and archiving, classification of users' type and location, per class limits, per directory upload permissions, restricted guest accounts, system wide and per directory messages, directory alias, cdpath, filename filter and virtual host support. Install the wu-ftpd package if you need to provide FTP service to remote users. %package postfix Updated: Sun Aug 03 20:36:58 2003 Importance: security %pre Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. Versions prior to 1.1.12 would allow an attacker to bounce- scan private networks or use the daemon as a DDoS (Distributed Denial of Service) tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by timing. As well, versions prior to 1.1.12 have a bug where a malformed envelope address can cause the queue manager to lock up until an entry is removed from the queue and also lock up the SMTP listener leading to a DoS. Postfix version 1.1.13 corrects these issues. The provided packages have been patched to fix the vulnerabilities. %description Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. This rpm supports LDAP, SMTP AUTH (trough cyrus-sasl) and TLS. If you need MySQL too, rebuild the srpm --with mysql. %package php Updated: Sun Aug 03 20:58:59 2003 Importance: security %pre A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442). As well, two vulnerabilities had not been patched in the PHP packages included with Mandrake Linux 8.2: The mail() function did not filter ASCII control filters from its arguments, which could allow an attacker to modify the mail message content (CAN-2002-0986). Another vulnerability in the mail() function would allow a remote attacker to bypass safe mode restrictions and modify the command line arguments passed to the MTA in the fifth argument (CAN-2002-0985). All users are encouraged to upgrade to these patched packages. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package php-common Updated: Sun Aug 03 20:58:59 2003 Importance: security %pre A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442). As well, two vulnerabilities had not been patched in the PHP packages included with Mandrake Linux 8.2: The mail() function did not filter ASCII control filters from its arguments, which could allow an attacker to modify the mail message content (CAN-2002-0986). Another vulnerability in the mail() function would allow a remote attacker to bypass safe mode restrictions and modify the command line arguments passed to the MTA in the fifth argument (CAN-2002-0985). All users are encouraged to upgrade to these patched packages. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package php-devel Updated: Sun Aug 03 20:58:59 2003 Importance: security %pre A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442). As well, two vulnerabilities had not been patched in the PHP packages included with Mandrake Linux 8.2: The mail() function did not filter ASCII control filters from its arguments, which could allow an attacker to modify the mail message content (CAN-2002-0986). Another vulnerability in the mail() function would allow a remote attacker to bypass safe mode restrictions and modify the command line arguments passed to the MTA in the fifth argument (CAN-2002-0985). All users are encouraged to upgrade to these patched packages. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package perl-CGI Updated: Wed Aug 20 14:00:24 2003 Importance: security %pre Eye on Security found a cross-site scripting vulnerability in the start_form() function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the site. %description This perl library uses perl5 objects to make it easy to create Web fill-out forms and parse their contents. This package defines CGI objects, entities that contain the values of the current query string and other state variables. Using a CGI object's methods, you can examine keywords and parameters passed to your script, and create forms whose initial values are taken from the current query (thereby preserving state information). %package sendmail Updated: Mon Aug 25 18:11:35 2003 Importance: security %pre A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash. These updated packages are patched to fix the problem. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-cf Updated: Mon Aug 25 18:11:35 2003 Importance: security %pre A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash. These updated packages are patched to fix the problem. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-doc Updated: Mon Aug 25 18:11:35 2003 Importance: security %pre A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash. These updated packages are patched to fix the problem. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-devel Updated: Mon Aug 25 18:11:35 2003 Importance: security %pre A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash. These updated packages are patched to fix the problem. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package openssh Updated: Tue Sep 16 13:33:21 2003 Importance: security %pre A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-clients Updated: Tue Sep 16 13:33:21 2003 Importance: security %pre A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-server Updated: Tue Sep 16 13:33:21 2003 Importance: security %pre A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-askpass Updated: Tue Sep 16 13:33:21 2003 Importance: security %pre A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-askpass-gnome Updated: Tue Sep 16 13:33:21 2003 Importance: security %pre A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package sendmail Updated: Wed Sep 17 18:52:50 2003 Importance: security %pre A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CAN-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-cf Updated: Wed Sep 17 18:52:50 2003 Importance: security %pre A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CAN-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-devel Updated: Wed Sep 17 18:52:50 2003 Importance: security %pre A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CAN-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-doc Updated: Wed Sep 17 18:52:50 2003 Importance: security %pre A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CAN-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package MySQL Updated: Thu Sep 18 18:13:23 2003 Importance: security %pre A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package MySQL-bench Updated: Thu Sep 18 18:13:23 2003 Importance: security %pre A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package MySQL-client Updated: Thu Sep 18 18:13:23 2003 Importance: security %pre A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package libmysql10 Updated: Thu Sep 18 18:13:23 2003 Importance: security %pre A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package libmysql10-devel Updated: Thu Sep 18 18:13:23 2003 Importance: security %pre A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package libopenssl0 Updated: Tue Sep 30 17:36:12 2003 Importance: security %pre Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CAN-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0-devel Updated: Tue Sep 30 17:36:12 2003 Importance: security %pre Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CAN-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0-static-devel Updated: Tue Sep 30 17:36:12 2003 Importance: security %pre Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CAN-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package openssl Updated: Tue Sep 30 17:36:12 2003 Importance: security %pre Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CAN-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).