Download
| Alert*
|
oval:org.secpod.oval:def:301636
An input validation flaw was found in the X.org server"s XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service , or potentially execute arbitrary code with root privileges on the X.org server . A flaw was found in the X.org server"s XC-SECURITY extension ... oval:org.secpod.oval:def:301304 An input validation flaw was found in the X.org server"s XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service , or potentially execute arbitrary code with root privileges on the X.org server . A flaw was found in the X.org server"s XC-SECURITY extension ... oval:org.secpod.oval:def:300475 A flaw was found in how NTP checked the return value of signature verification. A remote attacker could use this to bypass certificate validation by using a malformed SSL/TLS signature . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301337 Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN attribute in SSL certificates against the server"s hostname. The updated pa ... oval:org.secpod.oval:def:301361 A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301505 Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input . The updated packages have been patched to prevent these issues. oval:org.secpod.oval:def:300537 A vulnerability have been discovered in the load function of the XPM loader for imlib2, which allows attackers to cause a denial of service and possibly execute arbitrary code via a crafted XPM file . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:301511 A stack-based buffer overflow in sarg allowed remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header . A cross-site scripting vulnerability in sarg version 2.x prior to 2.2.5 allowed remote attackers to inject arbitrary web script or HTML via the User-Agent heder ... oval:org.secpod.oval:def:301515 The LWZReadByte and IMG_LoadLBM_RW functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, th ... oval:org.secpod.oval:def:301401 A buffer overflow was found by Russell O"Conner in the libsamplerate library versions prior to 0.1.4 that could possibly lead to the execution of arbitrary code via a specially crafted audio file . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301642 A vulnerability was found in the SILC toolkit before version 1.1.5 that allowed a remote attacker to cause a denial of service , or possibly execute arbitrary code via long input data . A vulnerability was found in the SILC toolkit before version 1.1.7 that allowed a remote attacker to execute arbit ... oval:org.secpod.oval:def:301403 The ReadImage function in Tk did not check codeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300329 Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service via crafted SCARD_SET_ATTRIB message data, which is improper ... oval:org.secpod.oval:def:301424 A stack-based buffer overflow was discovered in libcdio that allowed context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a disk or image file that contains a long joliet file name. In addition, a fix for failed UTF-8 conversions that would cause a segfau ... oval:org.secpod.oval:def:301422 Bzip2 versions before 1.0.5 are vulnerable to a denial of service attack via malicious compressed data. The updated packages have been patched to prevent the issue. oval:org.secpod.oval:def:300570 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service via invalid ContextFlags data in the reqFlags field in a negTokenInit token . This update provides the fix for that secur ... oval:org.secpod.oval:def:301549 Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. Although originally a ... oval:org.secpod.oval:def:300345 Multiple vulnerabilities has been found and corrected in ghostscript: Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file, as originall ... oval:org.secpod.oval:def:300467 A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code . In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 ... oval:org.secpod.oval:def:301555 Stefan Cornelius discovered two buffer overflows in Imlib"s image loaders for PNM and XPM images, which could possibly result in the execution of arbitrary code . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:300462 A vulnerability was discovered and corrected in newt: A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request , leading to a denial of service or, pot ... oval:org.secpod.oval:def:300468 A security vulnerability has been identified and fixed in htmldoc: Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additiona ... oval:org.secpod.oval:def:301441 A buffer overflow in PCRE 7.x before 7.6 allows remote attackers to execute arbitrary code via a regular expression that contains a character class with a large number of characters with Unicode code points greater than 255. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301577 Two vulnerabilities discovered in xine-lib allow remote execution of arbitrary code: Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_d ... oval:org.secpod.oval:def:300809 A vulnerability was discovered and corrected in graphviz: Stack-based buffer overflow in the push_subg function in parser.y in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service or execute arbitrary code via a DOT file with a large nu ... oval:org.secpod.oval:def:300833 A vulnerability has been found and corrected in libgadu: libgadu before 1.8.2 allows remote servers to cause a denial of service via a contact description with a large length, which triggers a buffer over-read . This update provides a solution to this vulnerability. Update: Packages for 2008.0 are ... oval:org.secpod.oval:def:300970 Multiple vulnerabilities has been found and corrected in openafs: The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service via an RX response with a large error-code value that is interpreted as a pointer and ... oval:org.secpod.oval:def:300974 Security vulnerabilities have been discovered and corrected in gstreamer0.10-plugins-good, might allow remote attackers to execute arbitrary code via a malformed QuickTime media file . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300505 Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg: Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database ro ... oval:org.secpod.oval:def:301604 Alan Rad Pop of Secunia Research discovered the following two vulnerabilities in Evolution: Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the Itip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denia ... oval:org.secpod.oval:def:300648 A vulnerability has been found and corrected in xerces-c: Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service via vectors involving nested parentheses and invalid byte values in simply ... oval:org.secpod.oval:def:300647 Security vulnerabilies have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service . Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary ... oval:org.secpod.oval:def:301613 Chris Evans of the Google Security Team found a vulnerability in the RC4 processing code in libxslt that did not properly handle corrupted key information. A remote attacker able to make an application linked against libxslt process malicious XML input could cause the application to crash or possibl ... oval:org.secpod.oval:def:300914 Various stack buffer overflows were discovered and corrected in sarg: Additionally the previous release fixed CVE-2008-1922 The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301582 Stefan Cornelius of Secunia Research reported a boundary error when Blender processed RGBE images which could be used to execute arbitrary code with the privileges of the user running Blender if a specially crafted .hdr or .blend file were opened. As well, multiple vulnerabilities involving insecure ... oval:org.secpod.oval:def:301580 Pavel Polischouk found a boundary error in the PartsBatch class in the Pan newsreader when processing .nzb files, which could allow remote attackers to cause a denial of serice or possibly execute arbitrary code via a crafted .nzb file . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:300026 Multiple vulnerabilities has been found and corrected in squidGuard: Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service via a long URL with many / characters, related to emergency mode. Multiple buffer overflows in squidGuard 1.4 allow remote ... oval:org.secpod.oval:def:301596 A heap-based buffer overflow was found in GNU ed that allowed context-dependent or user-assisted attackers to execute arbitrary code via a long filename . This update provides GNU ed 1.0, which is not vulnerable to this issue. oval:org.secpod.oval:def:301485 A flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301377 The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ":safe", did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file co ... oval:org.secpod.oval:def:301372 A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301370 An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file . Other bugs have also been corrected in 0.94.1 which is being provided with this update. oval:org.secpod.oval:def:301491 Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301390 Two buffer overflow vulnerabilities were discovered in GNU enscript, which could allow an attacker to execute arbitrary commands via a specially crafted ASCII file, if the file were opened with the -e or --escapes option enabled . The updated packages have been patched to prevent these issues. oval:org.secpod.oval:def:301284 Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input . Update: The previous patch had a typo that caused incorrect behaviour in WordNet. This update uses an update patch that corrects the issue and also notes the a ... oval:org.secpod.oval:def:300222 Multiple vulnerabilities were discovered and corrected in php-pear : Argument injection vulnerability in the sendmail implementation of the Mail::Send method in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, a different vector tha ... oval:org.secpod.oval:def:300117 A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting attacks via unspecified web client software . This update provides a solution to this vulnerability. Update: Pa ... oval:org.secpod.oval:def:300247 This advisory updates webmin to the latest version 1.500, fixing several bugs and a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. oval:org.secpod.oval:def:300866 A vulnerability has been identified and corrected in php-smarty: The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and a dollar-sign character, aka php executed in t ... oval:org.secpod.oval:def:301585 A vulnerability was found in how Emacs would import python scripts from the current working directory during the editing of a python file. This could allow a local user to execute arbitrary code via a trojan python file . oval:org.secpod.oval:def:301625 Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300554 Multiple vulnerabilities was discovered and corrected in silc-toolkit: Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string ... oval:org.secpod.oval:def:300566 A vulnerability was discovered and corrected in xfig: Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the xfig-eps[PID], xfig-pic[PID].pix, xfig-pic[PID].err, xfig-pcx[PID].pix, xfig-xfigrc[PID], xfig[PID], xfig-print[PID] ... oval:org.secpod.oval:def:301660 Two vulnerabilities were found in the Website META Language package that allowed local users to overwrite arbitrary files via symlink attacks. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301436 Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code or cause a denial of service via a special Hello packet . Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE stateme ... oval:org.secpod.oval:def:301579 Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution. The updated packages have been patched ... oval:org.secpod.oval:def:300816 passwdehd script in pam_mount would allow local users to overwrite arbitrary files via a symlink attack on a temporary file. The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300851 A vulnerability have been discovered and corrected in VirtualBox, affecting versions prior to 2.0.6, which allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-qateam-ipc/lock temporary file . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300743 A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line field in a utmp entry . The updated packages have been patched to ... oval:org.secpod.oval:def:300091 A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences . This update fixes the issue by disabling the display of co ... oval:org.secpod.oval:def:301357 A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs . The updated ... oval:org.secpod.oval:def:301590 A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301269 A symlink vulnerability was found in the javareconf script in R that allows local users to overwrite arbitrary files . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301289 A format string vulnerability in Ruby-GNOME 2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:300661 A vulnerability has been found and corrected in mod_auth_mysql: SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input . This update ... oval:org.secpod.oval:def:300803 A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user"s acco ... oval:org.secpod.oval:def:301620 Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.93 release, including: ClamAV 0.92 allowed local users to overwrite arbitrary files via a symlink attack on temporary files or on .ascii files in sigtool, when utf16-decode is enabled . A heap-based buffer overflow in ClamAV ... oval:org.secpod.oval:def:300779 A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow . Th ... oval:org.secpod.oval:def:301624 Wei Wang found that the SNMP discovery backend in CUPS did not correctly calculate the length of strings. If a user could be tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code . As well, the fix for CVE-2007-0720 in MDKSA-2 ... oval:org.secpod.oval:def:301630 Multiple vulnerabilities were discovered in FreeType"s Printer Font Binary font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code . The updated packages have ... oval:org.secpod.oval:def:301644 An incomplete fix for CVE-2008-2713 resulted in remote attackers being able to cause a denial of service via a malformed Petite file that triggered an out-of-bounds memory access . This issue is corrected with the 0.93.3 release which is being provided. oval:org.secpod.oval:def:301529 Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. The updated packages have been patched to fix this issue. oval:org.secpod.oval:def:301528 A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the applicatio ... oval:org.secpod.oval:def:301416 An input validation flaw was found in X.org"s Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service or possibly execute arbitrary code with root privileges on the X.org server . An input validation flaw was found in X.org"s MIT-SHM extens ... oval:org.secpod.oval:def:301535 A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the applicatio ... oval:org.secpod.oval:def:301303 A vulnerability was found in the excel_read_HLINK function in the Microsoft Excel plugin in Gnumeric prior to version 1.8.1 that would allow for the execution of arbitrary code via a crafted XLS file containing XLS HLINK opcodes. The updated packages have been patched to correct this issues. oval:org.secpod.oval:def:300571 Multiple vulnerabilities has been found and corrected in ntp: Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution . A buffer overflow flaw was discovered in the ntpd daemon"s NTPv4 authentication code. If ntpd ... oval:org.secpod.oval:def:301309 A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system ... oval:org.secpod.oval:def:301308 Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a denial of service and possibly execute arbitrary code with the privileges of the logged-in user . A buffer overflow vulnerability allowed attackers ... oval:org.secpod.oval:def:301546 Ilja van Sprundel found that ClamAV contained a denial of service vulnerability in how it handled processing JPEG files, due to it not limiting the recursion depth when processing JPEG thumbnails . Other bugs have also been corrected in 0.94.2 which is being provided with this update. oval:org.secpod.oval:def:300235 Multiple vulnerabilities has been found and corrected in libthai: Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string . Packages for 2008. ... oval:org.secpod.oval:def:301338 A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service via a crafted regular expression containing UTF8 characters. The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300927 A vulnerability has been found and corrected in irssi: Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow ... oval:org.secpod.oval:def:300838 The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service by opening a large number of UNIX sockets without closing them, which triggers an infinite loop . The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to exte ... oval:org.secpod.oval:def:300960 Data length values in metadata Audible Audio media file can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code . Failure on checking heap allocation on Audible Audio media files allows remote attackers eit ... oval:org.secpod.oval:def:300730 A vulnerability has been found and corrected in subversion: Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows tha ... oval:org.secpod.oval:def:300614 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service via crafted fragmented packets without a payload, which triggers a NULL pointer dereference . Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009. ... oval:org.secpod.oval:def:300641 Multiple integer overflows in the user_info_callback, user_endrow_callback, and gst_pngdec_task functions in GStreamer Good Plug-ins 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow . Update: ... oval:org.secpod.oval:def:300523 A vulnerability has been found and corrected in mpg123: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some ... oval:org.secpod.oval:def:300136 A vulnerability has been discovered and corrected in libsndfile: The htk_read_header, alaw_init, ulaw_init, pcm_init, float32_init, and sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service via a crafted audio file . Packages for 2008.0 ... oval:org.secpod.oval:def:301346 A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the applicatio ... oval:org.secpod.oval:def:301475 An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow . Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files . As well, ... oval:org.secpod.oval:def:301595 An input validation flaw was found in X.org"s MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server . Multiple integer overflows were found in X.org"s Render extension. A maliciou ... oval:org.secpod.oval:def:301258 An integer overflow in the Exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301498 A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the applicatio ... oval:org.secpod.oval:def:300053 Multiple vulnerabilities has been found and corrected in cabextract: The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service via a malformed MSZIP archive in a .cab file during a test or extract action, related to the libmspack library . Integer signedn ... oval:org.secpod.oval:def:301398 A flaw was found in exiv2 that would cause exiv2, or applictions linked to libexiv2, to crash on image files with certain metadata in the image . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301270 Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the ... oval:org.secpod.oval:def:300180 A vulnerability has been found and corrected in kdm : KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has been discovered by Sebastian K ... oval:org.secpod.oval:def:301285 A vulnerability was discovered in ClamAV and corrected with the 0.93.1 release: libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. Other bugs have also been corrected in 0.93.1 which is being ... oval:org.secpod.oval:def:301507 The VPN connection wizard failed to setup OpenVPN connections with username and password, because of a missing requirement in the package. This update package adds the perl-Net-Telnet dependency to solve the issue. oval:org.secpod.oval:def:301504 A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update rovides Wireshark 0.99.7 which is not vulnerable to these issues. An updated version of libsmi is also being provided, not because of security issues, ... oval:org.secpod.oval:def:300665 A security vulnerability has been identified and fixed in libsamplerate: Lev Givon discovered a buffer overflow in libsamplerate that could lead to a segfault with specially crafted python code. This problem has been fixed with libsamplerate-0.1.7 but older versions are affected. This update provide ... oval:org.secpod.oval:def:301519 The oggenc program incorrectly wrote special characters in tags; they were incorrectly replaced with sharp characters. This update makes oggenc properly handle special characters in tags. oval:org.secpod.oval:def:301517 Due to bad encoding, accented letters appeared on the KDE menu and kicker as strange symbols rather than the actual letters. This update fixes the issue and properly displays those letters. oval:org.secpod.oval:def:301516 The previous openafs update was released to correct gcc compiler optimisations, however it only corrected the problem on 32bit platforms. This update fixes it for both 32bit and 64bit architectures. Update: The previous update did not completely correct the problem in all cases. It prevented listin ... oval:org.secpod.oval:def:300669 The glibc packages released with Mandriva Linux 2008 and Mandriva Linux 2008 Spring had the /etc/ld.so.conf file using relative paths to include other config files at /etc/ld.so.conf.d, breaking usage of ldconfig -r, for example when you have chroot environments. This update fixes ld.so.conf to use ... oval:org.secpod.oval:def:301635 kdesdk packages in Mandriva Linux 2008 and 2008 Spring had packaging bugs which led to the subversion ioslave to not build and thus not be provided. The updated packages fixed the bugs and provide the subversion access ioslave. oval:org.secpod.oval:def:300675 This update upgrades the php-ssh2 package to version 0.11.0 to address intermittent segfaults . oval:org.secpod.oval:def:301523 This update corrects a problem where an incorrect path was being used to execute xdm scripts. oval:org.secpod.oval:def:301522 The KDE panel has a clock applet which includes de hability to change its appearance and behavior. Because of a configuration problem, this applet was not properly saving these changes were not properly saved, being lost at every user login. This update fixes the problem. oval:org.secpod.oval:def:301521 The openchrome driver version shipped with Mandriva 2008.0 is not fully functional with most chrome based video cards available in the market. This update, requested by upstream developers, should correct the problems, and provide a more mature driver. oval:org.secpod.oval:def:301409 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:301408 Automatic mirror geolocation in drakxtools-backend in Mandriva Linux 2008.1 would fail for some locales, because it uses backward compatibility timezone names for which there were no zone.tab entries in timezone , this makes software like urpmi to not select optimal mirrors in its automatic media/mi ... oval:org.secpod.oval:def:301649 In certain rare circumstances, any area of an NTFS volume, excluding the NTFS boot sector, could get corrupted. The chances for this to happen are greater when the disk is close to full utilization and when using one of the more uncommon, less than 4096 byte cluster sizes. The updated packages corre ... oval:org.secpod.oval:def:301526 When the Kcharselect package is installed in Mandriva Linux 2008.0, the KDE kicker applet was not installed. This update corrects the problem. oval:org.secpod.oval:def:301533 The fluxbox package had an incorrect post-installation script which prevented the additional fonts files to be installed correctly. This update package fixes the fonts installation. oval:org.secpod.oval:def:301652 The package included with Mandriva Linux 2008 for psad had two problems. Firstly, it did not depend on perl-IPTables-ChainMgr, which in fact it does require to work. Secondly, the /etc/psad/ip_options file was incorrectly omitted from the package, making psad fail to start. This updated package fixe ... oval:org.secpod.oval:def:301659 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9. This update provides the latest Thunderbird to correct these issues. oval:org.secpod.oval:def:301537 This update fixes several minor issues with rpmdrake, including preventing a rare crash when canceling and fixing a crash when selecting all packages. Update: The wrong rpmdrake revision was built for updates. This update provides the correct revision. oval:org.secpod.oval:def:300688 The package was accidently linked against the wrong libjasper version. This update addresses that problem. oval:org.secpod.oval:def:301415 A bug was found in the gdb package that prevented the build of the gdbserver binary and its manpage. Updated packages are being provided to fix the issue. oval:org.secpod.oval:def:301536 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:301657 Trying to establish an XDMCP session to a machine running xdm would result in a blue screen and an X cursor that could be moved with the mouse but no login greeter. After 2 to 3 minutes, the launching tty would say XDM: too many retransmissions, declaring session dead. This update fixes the issue. oval:org.secpod.oval:def:301414 The fluxbox package had an incorrect post-installation script which prevented the additional fonts files to be installed correctly. Update: The previous package incorrectly added a requirement on a package that does not correct the problem. This update corrects that. oval:org.secpod.oval:def:301420 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:300217 A vulnerability has been discovered and corrected in samba: Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially cra ... oval:org.secpod.oval:def:301548 kdesdk packages in Mandriva Linux 2008 and 2008 Spring had packaging bugs which led to the subversion ioslave to not build and thus not be provided. The updated packages fixed the bugs and provide the subversion access ioslave. Update: The previous kdesdk update placed subversion-related files in su ... oval:org.secpod.oval:def:300336 This is a bugfix release that upgrades clamav to the latest version . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:301313 An updated hal-info package fixes resume from suspend to RAM on HP 6710b systems. It had previously failed with a black screen on Mandriva Linux 2008.0. oval:org.secpod.oval:def:301554 urpmi --auto-update was strangely broken in some uncertain cases . urpmi --limit-rate had a regression introduced in version 4.9.12. The updated package fixes these issues. oval:org.secpod.oval:def:301311 An incorrect Requires was added to the e2fsprogs package that prevented it from being installed properly on a system with both 32bit and 64bit update media configured. This update corrects the Requires, allowing the package to be installed properly. Update: The Requires that was used on the previous ... oval:org.secpod.oval:def:301431 A missing dependency could prevent gconftool symlink to be create at package install time, when installing a minimal system. This update fixes that issue. oval:org.secpod.oval:def:301552 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:300100 The new mdkonline packages adds the extended maintenance support to mdkonline. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers as well as for official 2008.0 updates. Update: A problem was discovered with unresolved dependancies. This advisory provides the missing packages. oval:org.secpod.oval:def:301551 This drakxtools update package fixes issues with the hardrake tool to make sure that USB keys are not auto-configured by the service at boot , and adds back the Run Config tool button in the harddrake interface . An issue where bootloader-config would use vmlinuz-desktop or initrd-desktop.img instea ... oval:org.secpod.oval:def:301317 Updated MySQL packages are being made available that fix a number of upstream bugs, as well as some minor packaging bugs. oval:org.secpod.oval:def:301446 This update fixes a crash when reading packages with an empty backport media . This is a rare bug since DVD media did not include backport media, and network media provides a non-empty backport media. It also makes sure that a wait dialog always got destroyed . Due to a bug, in some error cases, the ... oval:org.secpod.oval:def:301565 This update fixes a minor issue in rpmdrake; it prevents crashing if the RPM database is locked when trying to install some packages . oval:org.secpod.oval:def:301564 An incorrect Requires was added to the e2fsprogs package that prevented it from being installed properly on a system with both 32bit and 64bit update media configured. This update corrects the Requires, allowing the package to be installed properly. oval:org.secpod.oval:def:301440 The pdksh package shipped with Mandriva Linux 2008.0 contained a packaging bug where /usr/bin/ksh pointed to a non-existant target. This update corrects the problem. oval:org.secpod.oval:def:301329 A bug in Evolution was preventing the adding of remote calendars, which caused the application to crash. This update provides Evolution 2.12.3 which fixes this bug and other crash bugs, as well as including translation updates. oval:org.secpod.oval:def:301327 This update fixes a crash that some users saw, which resulted in either a segfault or a strange perl error . oval:org.secpod.oval:def:301578 The previous openafs update was released to correct gcc compiler optimisations, however it only corrected the problem on 32bit platforms. This update fixes it for both 32bit and 64bit architectures. oval:org.secpod.oval:def:300003 Mandriva Linux 2008.0 is installed oval:org.secpod.oval:def:300245 Updated timezone packages for PHP are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. Packages for 2008.0 are provided due to the Extended Maint ... oval:org.secpod.oval:def:301453 Mozilla Firefox on Mandriva Linux 2008.0 was not able to properly handle zip files if only Ark was installed due to a missing mimetype in Ark. This update provides the proper mimetype so zip files will be properly handled in Mozilla Firefox. oval:org.secpod.oval:def:300485 This stable update fixes a bug in depmod which may cause the corruption of the modules.dep file when triggered oval:org.secpod.oval:def:301452 The nfs server initscript in Mandriva Linux 2008 and 2008 Spring releases lacked support for NFS quota, preventing quota information to be available on user side. The updated packages fix this issue. oval:org.secpod.oval:def:300009 A problem was discovered in the mysqld init script which under certain circumstances could cause the service to exit too quickly, giving the [ OK ] status and before the mysql server was really started and bound to the mysql socket or IP address. This caused a problem for products like Pulse2. The c ... oval:org.secpod.oval:def:301217 This update fixes several issues with clamav: - update unexpectely changes location of clamd socket - clamav-milter was not built - Clamav-milter wanted to remove postfix - Scanning mail with clamav leaves a big temporary folder - Build fails if invoked with --with milter, in a configure stage ... oval:org.secpod.oval:def:300249 The rootcerts package was added in Mandriva in 2005 and was meant to be updated when nessesary. The provided rootcerts packages has been upgraded using the latest certdata.txt file from the mozilla cvs repository, as of 2009/12/03. In Mandriva a number of additional CA root certificates has been add ... oval:org.secpod.oval:def:300481 Internet Systems Consortium BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009 ... oval:org.secpod.oval:def:300826 A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service , when providing a specially-crafted string as input to the zsh shell. The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being pr ... oval:org.secpod.oval:def:300943 Acroread would not react to keyboard input. This update also fixes non working Flash browser plugin using this wrapper in 64bits architecture. oval:org.secpod.oval:def:300939 This update addresses minor issues with eclipse. eclipse can not be installed after firefox3 installation Update: Packages for 2008.0 are being provided due to extended support for Corporate products. oval:org.secpod.oval:def:300605 The tommath library will be needed for future clamav updates. oval:org.secpod.oval:def:300718 The dos2unix command removes the last line of a file if no newline character follow. This package fixes the issue. Update: This update now provides corrected packages for Mandriva Linux 2008.x and Corporate Server 4.0. oval:org.secpod.oval:def:300732 This update fixes several issues with clamav: - update unexpectely changes location of clamd socket - clamav-milter was not built - Clamav-milter wanted to remove postfix - Scanning mail with clamav leaves a big temporary folder - Build fails if invoked with --with milter, in a configure stage ... oval:org.secpod.oval:def:301606 After a previous update , Ark was able to open tar.bz2 archives, but couldn"t show their content. The updated packages fix this issue. oval:org.secpod.oval:def:301602 This update enhances ndiswrapper drivers support , and madwifi driver support . It also fixes the configuration of cellular cards . Also, some crashes have been fixed in the net_monitor tool . oval:org.secpod.oval:def:301610 This update fixes several minor issues: - some GUIes would crash on clicking on the close button while they load - draksec was crashing if the administrator refused to install - localdrake: After changing the localization language from drakconf in a high security level, the permissions of /etc/sy ... oval:org.secpod.oval:def:301619 The capi4linux initscript from the isdn4k-utils package in Mandriva Linux 2008.0 had incorrect permissions, which prevented it from being used. The updated package fixes the permissions of the initscript. oval:org.secpod.oval:def:300098 A regression was discovered with 3.0.16 when using NTLM authentication. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally, some packages which require so, have been rebuilt and are being provided as updates. oval:org.secpod.oval:def:301185 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:300093 A vulnerability has been discovered and fixed in libxext: There"s a race condition in libXext that causes apps that use the X shared memory extensions to occasionally crash. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The corrected packages ... oval:org.secpod.oval:def:301347 Kpdf applet crashed when trying to create a new server, if avahi wasn"t running. LZMA compressed man pages bigger than 8KB were not readable using the man:/ kioslave of KDE. The updated packages fix these issues. oval:org.secpod.oval:def:300137 It was brought to our attention by Ludwig Nussel at SUSE the md5 collision certificate should not be included. This update removes the offending certificate. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The mozilla nss library has consequently been rebuilt to pickup these ... oval:org.secpod.oval:def:300372 This is a maintenance release of mozilla firefox and thunderbird that upgrades firefox to 3.6.10 and thunderbird to 3.0.8. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300373 It was discovered that the mailcap package needed by firefox wasn"t provided with MDVA-2010:015. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This advisory addresses these problems. oval:org.secpod.oval:def:301348 The x11-data-xkbdata package distributed with Mandriva Linux 2008 had a different configuration for french keyboards, which prevented the generation of the "oe" symbol through altgr-o, and a few others. This update fixes the problem. oval:org.secpod.oval:def:300491 The package was accidently linked against the wrong libjasper version. This update addresses that problem. oval:org.secpod.oval:def:301599 A vulnerability in perl-Tk was found where specially crafted GIF images could crash perl-Tk . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300266 The new mandriva-release packages adds extended maintainance access support. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. oval:org.secpod.oval:def:301356 This drakconf update fixes a bug where some icons were hidden when translations contained certain meta characters. It also fixes a few translation errors, and enables visiting the Mandriva Tour from the Mandriva Control Center. oval:org.secpod.oval:def:300264 The new mdkonline packages adds the extended maintenance support to mdkonline. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. oval:org.secpod.oval:def:301353 Some commercial Windows programs did not run under previous builds of Wine, producing an error message notifying the user that a debugger has been detected. This update corrects the issue. oval:org.secpod.oval:def:301474 The LIRC packages included with Mandriva Linux 2008 and Mandriva Linux 2008 Spring did not include the "commandir" module, which is necessary to properly support CommandIR remote controls. These updated packages do include the module. oval:org.secpod.oval:def:301351 On kdebase as released in Mandriva Linux 2008.0, Khelpcenter could not build an index for the KDE applications manuals, because a required package, htdig, is not in the main repositories. Htdig is now added as suggested package. Also, the Add a network wizard did not show up when browsing the remote ... oval:org.secpod.oval:def:301471 The symlinks program did not work on files larger than 2GB, reporting the error Value too large for defined data type. This update fixes this issue in addition to an error where symlinks converted from absolute to relative paths were not shortened . oval:org.secpod.oval:def:301592 A minor bug in drakbt was causing it to crash when opening some dialogs such as the help. This update corrects the bug. oval:org.secpod.oval:def:300261 A bug was discovered in the FH_DATE_PAST_20XX rules that affects vanilla spamassassin 3.2 installations after the first of January 2010 . This update fixes this issue. oval:org.secpod.oval:def:301248 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:301488 The previous update introduced a bug into the dosfsck program that made it crash. This update fixes it. oval:org.secpod.oval:def:301243 When listing updates to install MandrivaUpdate performs a consistency check of the package set to install. At this stage, MandrivaUpdate was automatically selecting updated packages from non update media, as shown in the confirmation dialog. This behaviour was wrong especially due to the backports m ... oval:org.secpod.oval:def:301364 This update adds support for getting EDID information from a different DDC port and uses it by default to also get port 1. oval:org.secpod.oval:def:300152 It was discovered php-eaccelerator-0.9.6 did not work properly with open_basedir for php-5.3.2. This advisory upgrades php-eaccelerator to 0.9.6.1 which solves this problem. Update: It was discovered php-eaccelerator-0.9.6 did not work properly with open_basedir for php-5.2.13. This advisory upgrade ... oval:org.secpod.oval:def:301483 The python-sip package in Mandriva Linux 2008.0 release contained a packaging bug, making it fail to obsolete old package names. That would lead to an upgrade failure, and python-devel would not install due to unsatisfied dependencies. This update fixes that issue. oval:org.secpod.oval:def:300030 This is a maintenance and bugfix release of apache-conf that mainly fixes so that the httpd service is handled more gracefully when reloading the apache server . Other fixes : - fix #53887 - workaround #47992 - added logic to make it possible to set limits from the init script in an attempt to add ... oval:org.secpod.oval:def:301481 This update fixes several minor issues with rpmdrake, including preventing a rare crash when canceling and fixing a crash when selecting all packages. oval:org.secpod.oval:def:301480 This update fixes an X server crash with multiple indirect rendering clients and software rendering. oval:org.secpod.oval:def:300169 Changes on the ICQ servers made the login impossible if the clientLogin and SSL options were enabled. This update adds patches to restore these options. Also add xdg patch from cooker. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:301135 This bugfix release addresses a long standing problem when issuing the halt or reboot commands on a remote Mandriva system. This led to that the session wasn"t closed properly. This advisory corrects this problem. oval:org.secpod.oval:def:300044 The eject package shipped in Mandriva Linux 2009.0, 2009.1, 2010.0 contains a bug which will lead to a failure when ejecting a DVD which has space characters within its name. The updated package fixes this problem. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. oval:org.secpod.oval:def:301254 Default power management settings for hard disks may trigger excessive load/unload cycles on some disk models, and shorten their lifetime. This update package fixes the problem, by setting a less aggressive hard disk power management level. oval:org.secpod.oval:def:300042 The new drakconf packages adds extended maintainance access support to drakconf. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers as well as for official 2008.0 updates. oval:org.secpod.oval:def:301374 When pasting cells from OpenOffice.org to KMail, on Mandriva Linux 2008.0, KMail would crash. This update corrects the issue. oval:org.secpod.oval:def:300282 The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file . This update fixes this issue. oval:org.secpod.oval:def:300162 There was a small typo in the french translation. The update packages addresses this issue. oval:org.secpod.oval:def:301371 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2007 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:301490 The previous update of wireshark had the dumpcap program, which is required by both wireshark and tshark, in the wireshark package. If a user installed tshark, it would not properly operate unless the wireshark package was also installed. This update corrects the problem by providing a new dumpcap p ... oval:org.secpod.oval:def:301147 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:301268 In Mandriva Linux 2008.0 some utilities were not correctly displayed in Tools menu , and settings:// was not working properly in KDE konqueror. This update fixes the problems. oval:org.secpod.oval:def:301389 This update fixes a few minor issues like a rare crash on searching , a rare crash when an icon is missing and a crash with non existing packages . We really query local packages with the proper UTF-8 locale. oval:org.secpod.oval:def:300295 Add the extended maintainance access support for 2008.0 oval:org.secpod.oval:def:301263 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:301384 The lzma program did not properly check that the closing of output succeeded, which could lead to rare, but possible, data loss. Another issue with liblzmadec was also discovered where programs could crash if decoding of a stream was not properly initialized. This update ensures that output is prope ... oval:org.secpod.oval:def:300293 The xulrunner and firefox packages sent with the MDVSA-2010:070 advisory did not require the version of sqlite3 they were built against which prevented firefox from starting. The fixed packages addresses this problem. oval:org.secpod.oval:def:300173 The Adobe Flash plugin has https support, but only searches for SSL certificates in /etc/ssl/certs. This advisory provides a compatibility symlink at /etc/ssl/certs pointing to /etc/pki/tls/certs to remedy this problem. Additionally this advisory also brings the latest root CA certs from the mozilla ... oval:org.secpod.oval:def:301279 An updated XFdrake is available that corrects a number of bugs: - never write a ModeLine when using the fglrx driver - if the EDID gives a valid EISA_ID, a valid 16/10 preferred resolution, but no HorizSync/VertRefresh, use a generic flat panel HorizSync/VertRefresh - add 800x480 - add 1024x600 ... oval:org.secpod.oval:def:301277 This update provides Lzma payload support to rpm, which allows for updating to Mandriva Linux 2009 from Mandriva Linux 2008, or allows for creating 2009-based chroots on a 2008-based host. oval:org.secpod.oval:def:301396 The giftrans package was using the wrong path to the color definition file and couldn"t be used at all. This update uses the correct path. oval:org.secpod.oval:def:301273 libstdc++ released in Mandriva Linux 2008.0 has a small binary incompatibility, which does not affect any packages released with it, but makes it fail LSB tests. The updated package fixes this issue. oval:org.secpod.oval:def:301394 A bug in the rsh package prevented it from having the alternatives symlinks created if installed via auto_inst.cfg.pl. This update corrects the issue. oval:org.secpod.oval:def:300184 Some bugs were found in drakxtools code dropping privileges to display help or other web pages. This updates make it more reliable on 2009.0 and 2009.1, and make it actually drop privileges on 2008.0. Additionally it fixes drakbug on 2008.0 to actually open the bug when launching the browser. Packag ... oval:org.secpod.oval:def:300181 It was discovered that yelp stopped working correctly on Mandriva Linux with latest xulrunner. This update addresses this problem. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. oval:org.secpod.oval:def:301150 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. Packages for 2008.0 and 2009.0 are provided due to the Extended Ma ... oval:org.secpod.oval:def:301392 The kweather applet would be available in the applets viewer of the KDE kicker, despite the kweather application not being installed. Also, the previous update of kdetoys wouldn"t install because of a typo in the package specification. This update corrects the issues. oval:org.secpod.oval:def:301169 This is a maintenance update that upgrades php to the latest upstream version for CS4/MES5/2008.0/2009.0/2009.1/2010.0. Additionally some of the third party extensions and required dependencies has been upgraded. Corporate Server 4.0 with php-5.1.6 had the old Hardening-Patch 0.4.14 applied statical ... oval:org.secpod.oval:def:301165 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. Update: The MDVA-2010:006 advisory did not provide updated timezon ... oval:org.secpod.oval:def:301286 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:300074 Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:301280 The kdeeject command did not work, which resulted in a user being able to unmount, but not eject, removable devices. This package update corrects the issue. oval:org.secpod.oval:def:301296 A flaw in the locales packages could make the spell checker in OpenOffice.org and other programs to not work as intended . This was a side-effect of the locales packges not updating the _install_langs rpm macro on the system with provided locale variants for some cases. This update also contains add ... oval:org.secpod.oval:def:301291 Updated PHP timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2007 and later for certain time zones. In Mandriva Linux 2007.1 and newer, package php-timezonedb provides the PHP timezone database. These updated pack ... oval:org.secpod.oval:def:301290 Webmin would always fail the login if the user"s password contained UTF-8 non-ascii characters. This update corrects the issue. oval:org.secpod.oval:def:301638 A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server . This issue was originally corrected in MDKS ... oval:org.secpod.oval:def:301171 A vulnerability has been found and corrected in squid: The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service via crafted packets to the HTCP port, which triggers a NULL pointer dereference . Packages for 2008.0 are ... oval:org.secpod.oval:def:300560 Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory . This update provides fix fo ... oval:org.secpod.oval:def:300642 Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted WMF file . The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provide ... oval:org.secpod.oval:def:300946 mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807 . Update ... oval:org.secpod.oval:def:300119 A vulnerability has been found and corrected in freeradius: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967 . This update provides a solution ... oval:org.secpod.oval:def:300012 A vulnerability was discovered and fixed in kolab-horde-framework: Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an image upload form. Packages for 2008.0 and 2009.0 are provided as of the ... oval:org.secpod.oval:def:301336 A vulnerability was found in gnome-screensaver prior to 2.22.1 when a remote authentication server was enabled. During a network outage, gnome-screensaver would crash upon an unlock attempt, allowing physically local users to gain access to locked sessions . The updated packages have been patched to ... oval:org.secpod.oval:def:300967 preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this. Additio ... oval:org.secpod.oval:def:301469 A vulnerability in emacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by emacs . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301478 A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode . This update corrects these issues and, in additio ... oval:org.secpod.oval:def:300700 Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory . This update provides fix f ... oval:org.secpod.oval:def:300991 A vulnerability has been identified and corrected in valgrind: Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. N ... oval:org.secpod.oval:def:300880 Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory . This update provides fix for t ... oval:org.secpod.oval:def:300324 A vulnerability has been found and corrected in imlib2: imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted ARGB, BMP, JPEG, LBM, PNM, TGA, or XPM file, related to several heap and stack based buffer overflows - partly due to integer overflows. P ... oval:org.secpod.oval:def:301331 A vulnerability was found in gnome-screensaver 2.20.0 that could possibly allow a local user to read the clipboard contents and X selection data for a locked session by using CTRL-V . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301386 A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by appending paths to LD_LIBRARY_PATH the program would also search the current directory for shared libraries. In directories containing network data, those libraries could be injected into the application. The updated packages have ... oval:org.secpod.oval:def:300827 A vulnerability has been discovered in Avahi before 0.6.24, which allows remote attackers to cause a denial of service via a crafted mDNS packet with a source port of 0 . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300737 A security vulnerability has been identified and fixed in avahi which could allow remote attackers to cause a denial of service via a crafted legacy unicast mDNS query packet . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300805 Multiple vulnerabilities has been found and corrected in python-django: The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrar ... oval:org.secpod.oval:def:301400 Tavis Ormandy and Will Drewry found that the bost library did not properly perform input validation on regular expressions. An attacker could exploit this by sening a specially crafted regular expression to an application linked against boost and cause a denial of service via an application crash. T ... oval:org.secpod.oval:def:300315 A vulnerability has been found and corrected in krb5: Multiple integer underflows in the AES and RC4 decryption functionality in the crypto library in MIT Kerberos 5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service or possibly execute arbitrary code by ... oval:org.secpod.oval:def:300337 A vulnerability has been found and corrected in lftp: The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a C ... oval:org.secpod.oval:def:301310 MadWifi prior to 0.9.3.3 allowed remote attackers to cause a denial of service via a beacon frame with a large length value in the extended supported rates element, which would trigger an assertion error. Updated packages have been updated to 0.9.3.3 to correct this issue. Wpa_supplicant is built ... oval:org.secpod.oval:def:301320 Several vulnerabilities were found in the vim editor: A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim . Ulf Härnhammar of Secunia Resear ... oval:org.secpod.oval:def:301449 A vulnerability in Postfix 2.4 and later was discovered, when running on Linux kernel 2.6, where a local user could cause a denial of service due to Postfix leaking the epoll file descriptor when executing non-Postfix commands . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300526 Some vulnerabilities were discovered and corrected in perl-MDK-Common: The functions used to write strings into shell like configuration files by Mandriva tools were not taking care of some special characters. This could lead to some bugs , and privilege escalation. This update fixes that issue by e ... oval:org.secpod.oval:def:301187 A vulnerabilitiy has been found and corrected in sudo: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileg ... oval:org.secpod.oval:def:301484 Several vulnerabilities were found in the vim editor: A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim . Ulf Härnhammar of Secunia Resear ... oval:org.secpod.oval:def:300198 A vulnerability has been found and corrected in perl-libwww-perl: lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Conten ... oval:org.secpod.oval:def:301178 A vulnerability has been found and corrected in sudo: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allows lo ... oval:org.secpod.oval:def:300330 Security issues were identified and fixed in firefox 3.0.x and 3.5.x: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we p ... oval:org.secpod.oval:def:300599 A vulnerability has been found and corrected in acpid: acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulne ... oval:org.secpod.oval:def:301454 A potential vulnerability was discovered in Qt4 version 4.3.0 through 4.3.2 which may cause a certificate verification in SSL connections not to be performed. As a result, code that uses QSslSocket could be tricked into thinking that the certificate was verified correctly when it actually failed in ... oval:org.secpod.oval:def:300480 A security vulnerability has been identified and fixed in nfs-utils, which caused TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300360 A vulnerability has been found and corrected in brltty: Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. ... oval:org.secpod.oval:def:301601 Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account . Another vulnerability ... oval:org.secpod.oval:def:301463 Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user"s credential cache . The updated packages have bee ... oval:org.secpod.oval:def:301584 MySQL 5.0.x did not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement . The federated engine in MySQL 5.0.x, when perf ... oval:org.secpod.oval:def:301470 Joe Nall reported a stack-based buffer overflow in Audit"s log handling that could allow remote attackers to execute arbitrary code via a long command argument . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300174 Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name ... oval:org.secpod.oval:def:300292 A vulnerability has been found and corrected in emacs: lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks . Packages for 2008.0 and 2009.0 are provided due to the Ext ... oval:org.secpod.oval:def:301275 A vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel . This flaw only concerns users who have enabled OCSP validation in stunnel. The updated packages have been patche ... oval:org.secpod.oval:def:301177 A vulnerability has been discovered and corrected in sudo: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of ... oval:org.secpod.oval:def:301622 An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash . An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully c ... oval:org.secpod.oval:def:301302 A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these cases. ... oval:org.secpod.oval:def:301330 Several severe security issues were discovered in the Joomla! PHP-based content management system. These issues have been fixed in version 1.0.15 which is provided with this update. oval:org.secpod.oval:def:300377 A vulnerability has been found and corrected in cpio and tar: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service or possibly execute arbitrary ... oval:org.secpod.oval:def:300550 A vulnerability has been found and corrected in wget: GNU Wget before 1.12 does not properly handle a "\0" character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by ... oval:org.secpod.oval:def:301461 Tavis Ormandy of the Google Security Team discovered a flaw in how libpng handles zero-length unknown chunks in PNG files, which could lead to memory corruption in applications that make use of certain functions . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301629 A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code . By default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated package ... oval:org.secpod.oval:def:301406 rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module"s hierarchy. Unspecified vulnerability in rsync before 3.0.0pre6, when ... oval:org.secpod.oval:def:300997 A vulnerability has been found and corrected in ISC DHCP: Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Bu ... oval:org.secpod.oval:def:301274 The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the de ... oval:org.secpod.oval:def:301391 The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the de ... oval:org.secpod.oval:def:300678 A vulnerability has been found and corrected in fetchmail: socket.c in fetchmail before 6.3.11 does not properly handle a "\0" character in a domain name in the subject"s Common Name and subjectAltName fields of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL ... oval:org.secpod.oval:def:301563 Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card"s PIN without first having the PIN or PUK, or the superuser"s PIN or PUK . Please note that this issue can not be ... oval:org.secpod.oval:def:300524 OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a low level APDU command or debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. The updated packages fix th ... oval:org.secpod.oval:def:300168 Multiple vulnerabilities has been found and corrected in libesmtp: libESMTP, probably 1.0.4 and earlier, does not properly handle a \"\0\" character in a domain name in the subject"s Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers ... oval:org.secpod.oval:def:300200 A vulnerability has been found and corrected in apache-mod_auth_shadow: A race condition was found in the way mod_auth_shadow used an external helper binary to validate user credentials . A remote attacker could use this flaw to bypass intended access restrictions, resulting in ability to view and p ... oval:org.secpod.oval:def:300215 Multiple vulnerabilities has been discovered and corrected in Path.pm and Safe.pm which could lead to escalated privilegies . The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301355 A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service by simultaneously acquiring and giving back file callbacks . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301180 A vulnerability has been found and corrected in virtualbox: Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service on the guest OS via unknown vectors . ... oval:org.secpod.oval:def:300195 Security issues were identified and fixed in firefox and mozilla-thinderbird: Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, w ... oval:org.secpod.oval:def:300248 Security issues were identified and fixed in firefox: Security researcher regenrecht reported a potential reuse of a deleted image frame in Firefox 3.6"s handling of multipart/x-mixed-replace images. Although no exploit was shown, re-use of freed memory has led to exploitable vulnerabilities in the ... oval:org.secpod.oval:def:300547 PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests . This upda ... oval:org.secpod.oval:def:301292 Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefuly crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitray code when opened . The ... oval:org.secpod.oval:def:300959 Multiple vulnerabilities has been found and corrected in libsndfile: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service and possibly execute arbitrary code ... oval:org.secpod.oval:def:300525 Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow . This update provides fix for that vulnerability. oval:org.secpod.oval:def:300697 A vulnerability was discovered and corrected in libtool: All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code . This advisory fixes this issue. Additionally, all applications embedding ... oval:org.secpod.oval:def:300706 Multiple security vulnerabilities has been identified and fixed in xmlsec1: A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges a ... oval:org.secpod.oval:def:300165 A vulnerability has been discovered and corrected in fastjar: Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. in a non-initial pathname component in a filename within a .jar archive, a ... oval:org.secpod.oval:def:300064 This update provides the OpenOffice.org 3.0 major version and holds the security fixes for the following issues: An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document leading to a heap-based buffer overflow . An heap- ... oval:org.secpod.oval:def:301571 Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV"s chm-parser allowed remote attackers to cause a denial of service via a malformed CHM file . A vulnerability in libclamav would allow attackers to cause a denial of service ... oval:org.secpod.oval:def:301378 Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV"s chm-parser allowed remote attackers to cause a denial of service via a malformed CHM file . A vulnerability in libclamav would allow attackers to cause a denial of service ... oval:org.secpod.oval:def:301149 Ovidiu Mara reported a vulnerability in ping.c that could cause ping to hang when responding to a malicious echo reply . The updated packages have been patched to correct these issues. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300496 Multiple vulnerabilities has been found and corrected in mono: IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers . Multiple cross-site scripting vulnerabilities in the ASP.n ... oval:org.secpod.oval:def:301574 Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories ... oval:org.secpod.oval:def:300588 Multiple vulnerabilities has been found and corrected in clamav: Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive . libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service via a crafte ... oval:org.secpod.oval:def:301427 CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. oval:org.secpod.oval:def:301443 A denial of service condition was found in Ruby"s regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite loop and crash . A number of flaws were found in Ruby that could allow an attacker to create a care ... oval:org.secpod.oval:def:301509 Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff"s LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary c ... oval:org.secpod.oval:def:301432 A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301569 Tavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execu ... oval:org.secpod.oval:def:301447 A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc . The updated packages have been patched to correct th ... oval:org.secpod.oval:def:300054 A vulnerability has been found and corrected in curl: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial o ... oval:org.secpod.oval:def:300982 Heap-based overflow on functions to manipulate WMF and EMF files in OpenOffice.org documments enables remote attackers to execute arbitrary code on documments holding certain crafted either WMF or EMF files . This update provide the fix for these security issues and further openoffice.org-voikko pa ... oval:org.secpod.oval:def:301413 Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. The updated packages have been patched to fix the issue. oval:org.secpod.oval:def:301354 A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow user-assisted remote attackers to execute arbitrary Java code via crafted database documents . A heap overflow was discovered in OpenOffice.org"s EMF parser. An attacker could create a carefully crafted EMF file that could cause ... oval:org.secpod.oval:def:301326 A few vulnerabilities were found in Wireshark, that could cause it to crash or hang under certain conditions. This update provides Wireshark 1.0.0, which is not vulnerable to the issues. oval:org.secpod.oval:def:301600 A few vulnerabilities were found in Wireshark, that could cause it to crash or consume excessive memory under certain conditions. This update rovides Wireshark 0.99.8 which is not vulnerable to the issues. oval:org.secpod.oval:def:301476 A vulnerability was found in Wireshark, that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.2, which is not vulnerable to that. oval:org.secpod.oval:def:301315 OpenSSH allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301382 Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened . This vulnerability also ... oval:org.secpod.oval:def:301608 Multiple cross-site scripting vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list"s info attribute in the web administrator interface. The updated packages have been patched to correct ... oval:org.secpod.oval:def:300332 A vulnerability has been discovered and corrected in pango: Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service via a crafted font file, related to building a synt ... oval:org.secpod.oval:def:300118 A vulnerability has been discovered and corrected in freetype2: Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially-crafted font file that, when opened, would cause an applic ... oval:org.secpod.oval:def:300340 Multiple vulnerabilities has been discovered and corrected in libtiff: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service via a crafted TIFF image tha ... oval:org.secpod.oval:def:300060 Multiple vulnerabilities was discovered and fixed in clamav: The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length . Off-by ... oval:org.secpod.oval:def:300141 A vulnerability were discovered and corrected in coreutils: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp . Packages for 2008.0 are provided for Corporate Desktop 2008.0 custo ... oval:org.secpod.oval:def:300043 A vulnerability has been found and corrected in krb5: Certain invalid GSS-API tokens can cause a GSS-API acceptor to crash due to a null pointer dereference in the GSS-API library . Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated p ... oval:org.secpod.oval:def:300677 A vulnerability has been found and corrected in perl-Compress-Raw-Zlib: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service ... oval:org.secpod.oval:def:300710 Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the is ... oval:org.secpod.oval:def:301417 A memory management issue was found in libpoppler by Felipe Andres Manzano that could allow for the execution of arbitrary code with the privileges of the user running a poppler-based application, if they opened a specially crafted PDF file . The updated packages have been patched to correct this is ... oval:org.secpod.oval:def:301626 Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2"s XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop . The second is an intege ... oval:org.secpod.oval:def:301207 Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space . Buffer overflow in the util_path_encode function in ud ... oval:org.secpod.oval:def:300124 A vulnerability has been found and corrected in kdegraphics : Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service via an SVG animation element, related to ... oval:org.secpod.oval:def:300653 A wrong handling of signed Secure/Multipurpose Internet Mail Extensions e-mail messages enables attackers to spoof its signatures by modifying the latter copy . Crafted authentication challange packets sent by a malicious remote mail server enables remote attackers either to cause denial of servic ... oval:org.secpod.oval:def:300858 Multiple security vulnerabilities has been identified and fixed in Little cms: A memory leak flaw allows remote attackers to cause a denial of service via a crafted image file . Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap ... oval:org.secpod.oval:def:300626 Integer overflows in gstreamer0.10-plugins-base Base64 encoding and decoding functions may lead attackers to cause denial of service. Altough vector attacks are not known yet . This update provide the fix for that security issue. oval:org.secpod.oval:def:300793 Multiple integer overflows in GLib"s Base64 encoding and decoding functions enable attackers either to cause denial of service and to execute arbitrary code via an untrusted input . This update provide the fix for that security issue. oval:org.secpod.oval:def:300569 An integer overflow in libsoup-2.2_8 Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code . This update provides the fix for that security issue. oval:org.secpod.oval:def:301256 A number of vulnerabilities were discovered in Wireshark that could cause it to crash while processing malicious packets . This update provides Wireshark 1.0.3, which is not vulnerable to these issues. oval:org.secpod.oval:def:301379 Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory . The updated packages have been patched to prevent these issues. oval:org.secpod.oval:def:301404 field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service via an ID3_FIELD_TYPE_STRINGLIST field that ends in "\0", which triggers an infinite loop. The updated packages have been patched to correct this. oval:org.secpod.oval:def:301560 Argument injection vulnerability in login in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events. The updated packages have been patched to fix the issue. oval:org.secpod.oval:def:300482 A vulnerability in PHP allowed context-dependent attackers to cause a denial of service via a certain long string in the glob or fnmatch functions . A vulnerability in the cURL library in PHP allowed context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary fi ... oval:org.secpod.oval:def:301237 Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301399 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13. This update provides the latest Firefox to correct these issues. oval:org.secpod.oval:def:301458 A denial of service flaw was discovered by the Google Security Team in the way libxml2 processes malformed XML content. This flaw could cause the application to stop responding. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301489 Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file. The updated packages have been patc ... oval:org.secpod.oval:def:300895 Multiple vulnerabilities was discovered and corrected in postgresql: NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificat ... oval:org.secpod.oval:def:300047 Multiple vulnerabilities was discovered and corrected in postgresql: The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving a negative integer ... oval:org.secpod.oval:def:301438 A flaw in fetchmail was discovered that allowed remote attackers to cause a denial of service via a malformed message with long headers. The crash only occured when fetchmail was called in "-v -v" mode . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301616 A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300219 A vulnerability has been found and corrected in wget: GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wget ... oval:org.secpod.oval:def:300585 Multiple vulnerabilities was discovered and corrected in ruby: ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revok ... oval:org.secpod.oval:def:300134 A vulnerability has been found and corrected in ruby: WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to mo ... oval:org.secpod.oval:def:300536 Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnera ... oval:org.secpod.oval:def:300383 A vulnerability was discovered and fixed in gtk+2.0: gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate atta ... oval:org.secpod.oval:def:301496 Multiple integer overflows were found in python"s imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter ... oval:org.secpod.oval:def:300349 A vulnerability has been found and corrected in php: PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to interrupt corruption of the SESSION superglobal array and the session.save_path directive . Packages for 2008.0 are provided for ... oval:org.secpod.oval:def:301212 A security vulnerability has been identified and fixed in OpenSSL, which could crash applications using OpenSSL library when parsing malformed certificates . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300370 Multiple vulnerabilities was discovered and corrected in postgresql: An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Pr ... oval:org.secpod.oval:def:300966 A vulnerability was discovered and corrected in gimp: Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow . This u ... oval:org.secpod.oval:def:301188 A vulnerability has been discovered and corrected in libmikmod: Multiple heap-based buffer overflows might allow remote attackers to execute arbitrary code via crafted samples or crafted instrument definitions in an Impulse Tracker file . Packages for 2008.0 and 2009.0 are provided as of the Exten ... oval:org.secpod.oval:def:301193 Multiple vulnerabilities has been found and corrected in libmikmod: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows u ... oval:org.secpod.oval:def:300254 A denial of service attack against apr_brigade_split_line was discovered in apr-util . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300313 Multiple vulnerabilities has been found and corrected in mozilla-thunderbird: Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010 . ... oval:org.secpod.oval:def:300107 Security issues were identified and fixed in firefox: An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a temporary footprint when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoof ... oval:org.secpod.oval:def:300033 Security issues were identified and fixed in firefox: layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted HTML ... oval:org.secpod.oval:def:300309 Multiple vulnerabilities has been found and corrected in php: * Improved LCG entropy. * Fixed safe_mode validation inside tempnam when the directory path does not end with a /(Martin Jansen(Ilia oval:org.secpod.oval:def:300500 Multiple vulnerabilities has been found and corrected in samba: The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for f ... oval:org.secpod.oval:def:300154 A vulnerability has been found in ncpfs which can be exploited by local users to disclose potentially sensitive information, cause a DoS , and potentially gain escalated privileges . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to co ... oval:org.secpod.oval:def:301162 Multiple vulnerabilities has been found and corrected in tomcat5: Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle double quote characters or \%5C sequences in a cookie value, which might cause sensitive information such as session IDs t ... oval:org.secpod.oval:def:300066 This advisory updates Wireshark to the version 1.0.11, which fixes the following vulnerabilities: The SMB and SMB2 dissectors could crash . The Infiniband dissector could crash on some platforms . Several buffer overflows were discovered and fixed in the LWRES dissector. oval:org.secpod.oval:def:300836 A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method . A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bu ... oval:org.secpod.oval:def:300913 A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method . A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bu ... oval:org.secpod.oval:def:300690 A security vulnerability has been identified and fixed in curl, which could allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files via a redirect to a file: URL, or execute arbitrary commands via a redirect to an scp: URL . The updated packa ... oval:org.secpod.oval:def:300463 Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash(CVE-2009-0688 oval:org.secpod.oval:def:300483 A vulnerability has been found and corrected in curl: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a "\0" character in a domain name in the subject"s Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof a ... oval:org.secpod.oval:def:301157 A vulnerability have been discovered and corrected in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows remote attackers to cause a denial of service via a crafted DNS packet that only contains a header . This update provides a fix to this vulnerability. oval:org.secpod.oval:def:300495 Multiple vulnerabilities has been found and corrected in gnutls: gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is not yet valid or no longer valid, related to lac ... oval:org.secpod.oval:def:301430 An integer overflow flaw was found in Pidgin"s MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message . In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVA-2008:103 . The updated pa ... oval:org.secpod.oval:def:301363 The D-Bus library did not correctly validate certain corrupted signatures which could cause a crash of applications linked against the D-Bus library if a local user were to send a specially crafted D-Bus request . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:300068 A vulnerability has been found and corrected in ghostscript: Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file . Packages for 2008.0 and 2009.0 are provided due to the Extended Ma ... oval:org.secpod.oval:def:300772 A vulnerability was discovered and corrected in ffmpeg: MPlayer allows remote attackers to cause a denial of service via a malformed AAC file, as demonstrated by lol-vlc.aac; or a malformed Ogg Media file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718 . Packages for 200 ... oval:org.secpod.oval:def:300812 Vulnerabilities have been discovered and corrected in ffmpeg: - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service via a crafted GIF file - FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service via unknown vectors, aka a ... oval:org.secpod.oval:def:300625 Vulnerabilities have been discovered and corrected in xine-lib: Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files . Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using ... oval:org.secpod.oval:def:300528 Several vulnerabilities have been discovered in ffmpeg, related to the execution of DTS generation code and incorrect handling of DCA_MAX_FRAME_SIZE value . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300802 Several vulnerabilities have been discovered in mplayer, which could allow remote attackers to execute arbitrary code via a malformed TwinVQ file , and in ffmpeg, as used by mplayer, related to the execution of DTS generation code . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:301276 A vulnerability was found in how ffmpeg handled STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301614 Multiple vulnerabilities have been found in Qemu. Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to ... oval:org.secpod.oval:def:300911 A security vulnerability have been discovered and corrected in VNC server of qemu 0.9.1 and earlier, which could lead to a denial-of-service attack . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:301506 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 . This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. oval:org.secpod.oval:def:301513 Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16 . This update provides the latest Firefox to correct these issues. oval:org.secpod.oval:def:301323 Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.17 . This update provides the latest Firefox to correct these issues. oval:org.secpod.oval:def:301588 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 . This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. Update: The previous update provided ... oval:org.secpod.oval:def:301366 Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.15 . This update provides the latest Firefox to correct these issues. oval:org.secpod.oval:def:301362 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.17 . This update provides the latest Thunderbird to correct these issues. oval:org.secpod.oval:def:301381 A vulnerability was found in how Net-SNMP checked an SNMPv3 packet"s Keyed-Hash Message Authentication Code . An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet . A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convi ... oval:org.secpod.oval:def:301557 A number of vulnerabilities have been discovered in the Apache Tomcat server: The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files ... oval:org.secpod.oval:def:301570 Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash path separators or cas ... oval:org.secpod.oval:def:301229 A vulnerability was found by the Google Security Team with how OpenSSL checked the verification of certificates. An attacker in control of a malicious server or able to effect a man-in-the-middle attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, whi ... oval:org.secpod.oval:def:301297 The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial of service via unknown vectors related to HTTP headers. The updated package fixes this issue. oval:org.secpod.oval:def:301615 A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer . Several integer overflows were discovered by Felipe Andres Manzano in MPlayer"s Real video stream demuxing code. These vulnerabilities ... oval:org.secpod.oval:def:301358 An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched ... oval:org.secpod.oval:def:301375 An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched ... oval:org.secpod.oval:def:301288 Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program . The ASF demuxer in xine-lib did ... oval:org.secpod.oval:def:301328 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.12. This update provides the latest Thunderbird to correct these issues. oval:org.secpod.oval:def:301272 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.12. This update provides the latest Firefox to correct these issues. oval:org.secpod.oval:def:301566 A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update provides Wireshark 0.99.7 which is not vulnerable to these issues. An updated version of libsmi is also being provided, not because of security issues ... oval:org.secpod.oval:def:301433 The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service via unspecified vectors. NOTE: some of these details are obtained from third party information. The tcp_sacktag_write_qu ... oval:org.secpod.oval:def:301558 A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of ... oval:org.secpod.oval:def:301486 A race condition in the directory notification subsystem in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service and possibly gain privileges via unspecified vectors. The Linux kernel before 2.6.25.2 does not apply a certain protection me ... oval:org.secpod.oval:def:300270 Multiple vulnerabilities has been found and corrected in clamav: ClamAV before 0.96 does not properly handle the CAB and 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities . The qtm_decompress function i ... oval:org.secpod.oval:def:300153 Multiple vulnerabilies has been found and corrected in samba: client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the device name and mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string . client/mount ... oval:org.secpod.oval:def:301191 A vulnerability was discovered and corrected in squid: The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function . This ... oval:org.secpod.oval:def:300733 A vulnerability was discovered and corrected in dbus: The _dbus_validate_signature_with_reason function in D-Bus uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 . This updat ... oval:org.secpod.oval:def:300519 Multiple security vulnerabilities has been identified and fixed in libmodplug: Integer overflow in the CSoundFile::ReadMed function in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted ... oval:org.secpod.oval:def:300968 A security vulnerability has been identified and fixed in pam: Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow ... oval:org.secpod.oval:def:300797 A vulnerability has been identified and corrected in audacity: Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service and possibly execute ar ... oval:org.secpod.oval:def:300568 A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length . The updated packages have been patched to prevent this. Update: The previous update package w ... oval:org.secpod.oval:def:300870 A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:301220 A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user"s system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbit ... oval:org.secpod.oval:def:301402 A denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially-crafted request which would cause snmpd to crash . Please note that for this to be successfully exploited, an attacker must have ... oval:org.secpod.oval:def:301587 pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. oval:org.secpod.oval:def:301583 Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to . T ... oval:org.secpod.oval:def:301334 A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301508 Flaws discovered in versions prior to 2.2.4 and 2.3.10 of GnuTLS allow an attacker to cause denial of service , and maybe execute arbitrary code. The updated packages have been patched to fix these flaws. Note that any applications using this library must be restarted for the update to take effec ... oval:org.secpod.oval:def:301249 Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.14. This update provides the latest Firefox to correct these issues. oval:org.secpod.oval:def:301455 An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service . The updated packages have been patched to c ... oval:org.secpod.oval:def:300905 Multiple vulnerabilities has been found and corrected in libtiff: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service via a crafted TIFF image, a different vulnerability than CVE-2008-2327 . Fix several places in tiff2rgb ... oval:org.secpod.oval:def:300564 A flaw was found in how BIND checked the return value of the OpenSSL DSA_do_verify function. On systems that use DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, which would allow for spoofing attacks . The updated packages have been patche ... oval:org.secpod.oval:def:300555 Vulnerabilities have been discovered and corrected in wireshark, affecting DCERPC/NT dissector, which allows remote attackers to cause a denial of service via a file that records a malformed packet trace ; and in wiretap/erf.c which allows remote attackers to execute arbitrary code or cause a denia ... oval:org.secpod.oval:def:300316 A vulnerability has been found and corrected in mysql: It was possible for DROP TABLE of one MyISAM table to remove the data and index files of a different MyISAM table . Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have ... oval:org.secpod.oval:def:300366 Multiple vulnerabilities has been found and corrected in mysql: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements t ... oval:org.secpod.oval:def:300632 Multiple vulnerabilities has been found and corrected in mysql: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b"" token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service by using this token in a SQL statement ... oval:org.secpod.oval:def:301493 A flaw in the Tcl regular expression handling engine was originally discovered by Will Drewry in the PostgreSQL database server"s Tcl regular expression engine. This flaw can result in an infinite loop when processing certain regular expressions. The updated packages have been patched to correct the ... oval:org.secpod.oval:def:300776 Security issues were identified and fixed in firefox 3.0.x: Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla"s string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code con ... oval:org.secpod.oval:def:300307 Multiple vulnerabilities has been found and corrected in mailman: Multiple cross-site scripting vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving the list information field or the list description field . ... oval:org.secpod.oval:def:301658 A weakness was found in the DNS protocol by Dan Kaminsky. A remote attacker could exploit this weakness to spoof DNS entries and poison DNS caches. This could be used to misdirect users and services; i.e. for web and email traffic . This update provides the latest stable BIND releases for all platfo ... oval:org.secpod.oval:def:300214 A vulnerabilitiy has been found and corrected in mozilla-thunderbird: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use ... oval:org.secpod.oval:def:300695 Security issues were identified and fixed in firefox 3.0.x: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service or possibly execute arbitrary c ... oval:org.secpod.oval:def:300128 A vulnerabilitiy has been found and corrected in apache: The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service via a request that lacks a path . Packages for 2008.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300158 A vulnerability has been found and corrected in samba: Stack-based buffer overflow in the sid_parse and dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Windows Security ID on a file share . The u ... oval:org.secpod.oval:def:300051 An integer overflow has been found and corrected in bzip2 which could be exploited by using a specially crafted bz2 file and cause a denial of service attack . Additionally clamav has been upgraded to 0.96.2 and has been patched for this issue. perl-Compress-Bzip2 in MES5 has been linked against the ... oval:org.secpod.oval:def:301524 A race condition was preventing dbus from starting correctly when user authentication was network based . This could prevent other desktop functions from working properly, such as device automounting. This update provides updated dbus and initscript packages that fix this issue. Both packages must b ... oval:org.secpod.oval:def:300532 Multiple security vulnerabilities has been identified and fixed in ghostscript: A buffer underflow in Ghostscript"s CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file . Buffer overflow in Ghostscript"s BaseFont wr ... oval:org.secpod.oval:def:300239 A vulnerability have been discovered and corrected in netpbm: Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via an XPM image file that contains a crafted header fie ... oval:org.secpod.oval:def:300488 Multiple security vulnerabilities has been identified and fixed in netpbm: Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation . Buffer overflow in the jas_str ... oval:org.secpod.oval:def:300486 Multiple security vulnerabilities has been identified and fixed in jasper: The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library before 1.900 allows remote user-assisted attackers to cause a denial of service and possibly corrupt the heap via malformed image files, as ... oval:org.secpod.oval:def:301632 Thomas Pollet discovered an integer overflow vulnerability in the PNG image handling filter in CUPS. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a denial of service by sending a specially crafted PNG image to the print server . T ... oval:org.secpod.oval:def:300796 Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166 ... oval:org.secpod.oval:def:300455 Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference . The web interface in CUPS before 1.3.8 u ... oval:org.secpod.oval:def:301543 A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An attacker could create malicious SGI image files that could possibly execute arbitrary code if the file was printed . An integer overflow flaw leading to a heap buffer ove ... oval:org.secpod.oval:def:300244 Multiple vulnerabilities has been discovered and fixed in tetex: Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service via a long .bib bibliography file . Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and P ... oval:org.secpod.oval:def:300711 Multiple vulnerabilities has been found and corrected in xpdf: Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow ... oval:org.secpod.oval:def:300846 Security vulnerabilities have been discovered and fixed in pdf processing code embedded in koffice package . This update fixes these vulnerabilities. Packages for 2008.0 are being provided due to extended support for Corporate products. oval:org.secpod.oval:def:300886 Multiple buffer overflows in the JBIG2 decoder allows remote attackers to cause a denial of service via a crafted PDF file . Multiple integer overflows in the JBIG2 decoder allows remote attackers to cause a denial of service via a crafted PDF file . An integer overflow in the JBIG2 decoder has un ... oval:org.secpod.oval:def:301265 A heap-based buffer overflow in CUPS 1.2.x and later was discovered by regenrecht of VeriSign iDenfense that could allow a remote attacker to execute arbitrary code via a crafted CGI search expression . A validation error in the Hp-GL/2 filter was also discovered . Finally, a vulnerability in how CU ... oval:org.secpod.oval:def:300085 An out-of-bounds reading flaw in the JBIG2 decoder allows remote attackers to cause a denial of service via a crafted PDF file . Multiple input validation flaws in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file . An integer overflow in the JBIG2 decoder a ... oval:org.secpod.oval:def:301648 A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration. The updated packages fix this issue. oval:org.secpod.oval:def:301572 A vulnerability was found in xdg-open and xdg-email commands, which allows remote attackers to execute arbitrary commands if the user is tricked into trying to open a maliciously crafted URL. The updated packages have been patched to prevent the issue. oval:org.secpod.oval:def:301203 A vulnerability has been identified in sudo which allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root . The updated packages have been patched to prevent this. oval:org.secpod.oval:def:300830 A vulnerability has been found and corrected in cyrus-imapd: Buffer overflow in the SIEVE script component in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect us ... oval:org.secpod.oval:def:300269 A vulnerability was discovered and corrected in openldap: libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \"\0\" character in a domain name in the subject"s Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrar ... oval:org.secpod.oval:def:300347 Multiple security vulnerabilities has been identified and fixed in pidgin: Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly . In a user in a multi-user chat room has a nickname containing "<br>" t ... oval:org.secpod.oval:def:300352 Security vulnerabilities has been identified and fixed in pidgin: The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service via crafted contact-list data for ICQ and possibly AIM, as demonstrated by the SIM IM client ... oval:org.secpod.oval:def:300123 A security vulnerability has been identified and fixed in pidgin: The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service via a custom emoticon in a malformed SLP message . Packages for 2008.0 and 200 ... oval:org.secpod.oval:def:300610 Security vulnerabilities has been identified and fixed in pidgin: The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. Pidgin 2.4.1 allows remote a ... oval:org.secpod.oval:def:300020 A security vulnerability has been identified and fixed in pidgin: The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service via an X-Status message that lacks the expected end tag for ... oval:org.secpod.oval:def:300616 Some vulnerabilities were discovered and corrected in bind: Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled , allows remote attackers to conduct ... oval:org.secpod.oval:def:300257 Some vulnerabilities were discovered and corrected in bind: The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when recei ... oval:org.secpod.oval:def:301164 Some vulnerabilities were discovered and corrected in openssl: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service via vectors that trigger incorrect calls to the CR ... oval:org.secpod.oval:def:300036 A vulnerability has been discovered and corrected in gnupg2: Importing a certificate with more than 98 Subject Alternate Names via GPGSM"s import command or implicitly while verifying a signature causes GPGSM to reallocate an array with the names. The bug is that the reallocation code misses assigni ... oval:org.secpod.oval:def:300157 Multiple vulnerabilities has been found and corrected in mozilla-thunderbird: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script"s URL in cer ... oval:org.secpod.oval:def:300008 Multiple vulnerabilities has been found and corrected in cups: CUPS in does not properly handle HTTP headers and HTML templates, which allows remote attackers to conduct cross-site scripting attacks and HTTP response splitting attacks via vectors related to the product"s web interface, the conf ... oval:org.secpod.oval:def:300572 Multiple vulnerabilities has been found and corrected in libxml: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service via a large depth of element declarations in a DTD, related to a ... oval:org.secpod.oval:def:301643 A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code . The updated packages have been patched to prevent this ... oval:org.secpod.oval:def:301426 Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding . Update: The original fix used to correct this issue caused some applications tha ... oval:org.secpod.oval:def:301598 Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301255 Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.18 . This update provides the latest Mozilla Firefox 2.x to correct these issues. oval:org.secpod.oval:def:301242 A vulnerability was discovered by Havoc Pennington in how the dbus-daemon applied its security policy. A user with the ability to connect to the dbus-daemon could possibly execute certain method calls that they should not normally have access to. The updated packages have been patched to correct the ... oval:org.secpod.oval:def:301373 A number of vulnerabilities were found and fixed in the Apache 2.2.x packages: A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publically available . A flaw found in the mod_status module could lead ... oval:org.secpod.oval:def:301567 Multiple vulnerabilities were discovered in the image decoders of ImageMagick. If a user or automated system were tricked into processing malicious DCM, DIB, XBM, XCF, or XWD images, a remote attacker could execute arbitrary code with user privileges. The updated packages have been patched to correc ... oval:org.secpod.oval:def:300948 Multiple vulnerabilities has been found and corrected in OpenEXR: Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to the ... oval:org.secpod.oval:def:300518 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service via a crafted PDF file, related to JBIG2Stream::readSymbolDictSeg, JBIG2Stream::readSymbolDictSeg, and JBIG2Stream::readGene ... oval:org.secpod.oval:def:300832 Multiple vulnerabilities has been found and corrected in krb5: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 1.5 through 1.6.3 allows remote attackers to cause a denial of service and possibly obtain sensitive information via a crafted length value that triggers a buf ... oval:org.secpod.oval:def:300969 A number of vulnerabilities have been found and corrected in libpng: Fixed 1-byte buffer overflow in pngpread.c . This was allready fixed in Mandriva Linux 2009.0. Fix the function png_check_keyword that allowed setting arbitrary bytes in the process memory to 0 . Fix a potential DoS or to potentia ... oval:org.secpod.oval:def:301477 Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates . Update: It was found ... oval:org.secpod.oval:def:301494 Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates . The updated packages ... oval:org.secpod.oval:def:301322 Multiple memory management flaws were found in the GSSAPI library used by Kerberos that could result in the use of already freed memory or an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code . A flaw was discovered in how the Kerberos krb5 ... oval:org.secpod.oval:def:301236 Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory . This update provides fix for t ... oval:org.secpod.oval:def:300308 Multiple vulnerabilities has been found and corrected in libpng: libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to rea ... oval:org.secpod.oval:def:300546 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in smooth/ftsmooth.c, sfnt/ttcmap.c, and cff/cffload.c. This update corrects the problem. Update: Packages for 2008.0 are being provided ... oval:org.secpod.oval:def:300317 A vulnerabilitiy has been found and corrected in apache: mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR . Packages for 2008.0 are provided for Corporate Desktop 2008.0 ... oval:org.secpod.oval:def:300325 Multiple vulnerabilities has been found and corrected in libpng: Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service via a crafted PNG file oval:org.secpod.oval:def:300213 Multiple vulnerabilities has been found and corrected in freetype2: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a c ... oval:org.secpod.oval:def:300338 A vulnerabilitiy has been found and corrected in apache: The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a b ... oval:org.secpod.oval:def:300108 Multiple vulnerabilities has been found and corrected in gzip: A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspect ... oval:org.secpod.oval:def:300229 Multiple vulnerabilities has been discovered and corrected in openldap: The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary cod ... oval:org.secpod.oval:def:300106 Multiple vulnerabilities has been found and corrected in mysql: The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table- ... oval:org.secpod.oval:def:300877 A vulnerability has been found and corrected in libneo: neon before 0.28.6, when OpenSSL is used, does not properly handle a "\0" character in a domain name in the subject"s Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a cra ... oval:org.secpod.oval:def:300996 A vulnerability has been found and corrected in mod_perl v1.x and v2.x: Cross-site scripting vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web scrip ... oval:org.secpod.oval:def:301152 This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Security Enhancements and Fixes in PHP 5.2.14: * Rewrote var_export to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs . * Fixed a possible interrupti ... oval:org.secpod.oval:def:300080 A vulnerability has been found and corrected in php: The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service and possibly have unspecifi ... oval:org.secpod.oval:def:300926 A vulnerability has been found and corrected in gd: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attack ... oval:org.secpod.oval:def:300384 Multiple vulnerabilities has been found and corrected in php: The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information and cause a PHP crash by using the ini_set function to declare a variable, ... oval:org.secpod.oval:def:300323 Multiple vulnerabilities has been found and corrected in python: Multiple integer overflows in audioop.c in the audioop module in Ptthon allow context-dependent attackers to cause a denial of service via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first ... oval:org.secpod.oval:def:300484 A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service via an XML document with malformed UTF-8 sequences that trigger a buff ... oval:org.secpod.oval:def:300164 A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service via an XML document with malformed UTF-8 sequences that trigger a buff ... oval:org.secpod.oval:def:300072 A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service via an XML document with malformed UTF-8 sequences that trigger a buff ... oval:org.secpod.oval:def:300084 A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service via an XML document with malformed UTF-8 sequences that trigger a buff ... oval:org.secpod.oval:def:300843 The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service by re-LOAD-ing libraries from a certain plugins directory . The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8. ... oval:org.secpod.oval:def:301295 Index Functions Privilege Escalation : as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: index functions were executed as the superuser and not the table ow ... oval:org.secpod.oval:def:300111 A security vulnerability has been identified and fixed in sendmail: sendmail before 8.14.4 does not properly handle a "\0" character in a Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate ... oval:org.secpod.oval:def:300847 Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate and md2 algorithm flaws , and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate . This update provides the latest versions of NSS and ... oval:org.secpod.oval:def:301194 Multiple security vulnerabilities has been identified and fixed in OpenSSL: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service via a large series of future epoch DTLS records that are buffered in a queue ... oval:org.secpod.oval:def:301166 A vulnerability has been found and corrected in krb5: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service via a request from a kadmin client that sends an invalid API version numb ... oval:org.secpod.oval:def:301655 A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service via a large number of interim responses . A cross-site scripting vulnerability was found in the mod_proxy_ftp ... oval:org.secpod.oval:def:300110 A vulnerability has been found and corrected in nss: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Securi ... oval:org.secpod.oval:def:301210 A vulnerability has been identified and corrected in proftpd: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Netwo ... oval:org.secpod.oval:def:300601 Multiple vulnerabilities has been found and corrected in apache: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service via multiple calls, as demonstrated by initial SSL client handshake ... oval:org.secpod.oval:def:301000 Multiple security vulnerabilities has been identified and fixed in apr and apr-util: Multiple integer overflows in the Apache Portable Runtime library and the Apache Portable Utility library 0.9.x and 1.3.x allow remote attackers to cause a denial of service or possibly execute arbitrary code via ... oval:org.secpod.oval:def:301159 This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service via a malformed record in a TLS connection - OpenSSL before 0.9.8m does not check for a NULL return value from ... oval:org.secpod.oval:def:301198 Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit: Multiple stack-based buffer overflows in University of Washington IMAP Toolkit 2002 through 2007c, University of Washington Alpine 2.00 and earlier, and Panda IMAP allow local users to gain privilege ... oval:org.secpod.oval:def:301540 An input validation flaw was found in the Bluetooth Session Description Protocol packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and p ... oval:org.secpod.oval:def:300594 PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server . The u ... oval:org.secpod.oval:def:300878 A number of vulnerabilities have been found and corrected in PHP: improve mbfl_filt_conv_html_dec_flush error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c . Additionally on Mandriva Linux 2009.0 and up the php-mbstring module is linked against a separate shared libmbfl library that al ... oval:org.secpod.oval:def:301251 A number of vulnerabilities have been found and corrected in PHP: The htmlentities and htmlspecialchars functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors . The output_add_rewrite_var function in PHP prior to 5.2.5 rewrites local forms i ... oval:org.secpod.oval:def:301332 Chris Evans found a buffer overflow condition in Ghostscript, which can lead to arbitrary code execution as the user running any application using it to process a maliciously crafted Postscript file. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:300596 A vulnerability was found in xmltok_impl.c that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 . This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. oval:org.secpod.oval:def:300363 A vulnerability was found in xmltok_impl.c that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 . This update fixes this vulnerability. Update: Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. oval:org.secpod.oval:def:300929 A vulnerability was found in xmltok_impl.c that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 . This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. oval:org.secpod.oval:def:300954 A vulnerability was found in xmltok_impl.c that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 . This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. oval:org.secpod.oval:def:300972 A number of security vulnerabilities have been discovered in Mozilla Thunderbird: Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate . A vulnerability was found in xmltok_impl.c that with specially crafted XML could be exploited and lead to a den ... oval:org.secpod.oval:def:300976 A vulnerability was found in xmltok_impl.c that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 . Additionally on 2009.0 a patch was added to prevent kompozer from crashing , on 2009.1 a format string patch was added to make it build wi ... oval:org.secpod.oval:def:300767 A vulnerability was found in xmltok_impl.c that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 . This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. oval:org.secpod.oval:def:300492 A vulnerability was found in xmltok_impl.c that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 . This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. oval:org.secpod.oval:def:300685 A vulnerability has been found and corrected in ntp: Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A r ... oval:org.secpod.oval:def:301646 Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301568 Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows . This was due to an incomplete fix for CVE-2007-4965. David Rema ... oval:org.secpod.oval:def:300000 Multiple vulnerabilities was discovered and fixed in glibc: Multiple integer overflows in the strfmon implementation in the GNU C Library 2.10.1 and earlier allow context-dependent attackers to cause a denial of service via a crafted format string, as demonstrated by a crafted first argument to th ... oval:org.secpod.oval:def:300623 Multiple vulnerabilities was discovered and corrected in php: The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modif ... |
