Download
| Alert*
|
oval:org.secpod.oval:def:300087
A vulnerability has been found and corrected in lvm2: The cluster logical volume manager daemon in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial ... oval:org.secpod.oval:def:300345 Multiple vulnerabilities has been found and corrected in ghostscript: Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file, as originall ... oval:org.secpod.oval:def:300342 Multiple vulnerabilities has been found and corrected in irssi: Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject"s Common Name field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attac ... oval:org.secpod.oval:def:300242 A vulnerability have been discovered and corrected in fetchmail: The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service or possibly execute arbitrary code via an ... oval:org.secpod.oval:def:300386 A vulnerability has been found and corrected in opensc: Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to card-acos5.c, card-atrust-acos.c, and ... oval:org.secpod.oval:def:300279 A vulnerability has been found and corrected in gv: GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file . This update provides gv 3.7.1, which is not vulnerable to this issue. oval:org.secpod.oval:def:301126 A vulnerability has been found and corrected in proftpd: Heap-based buffer overflow in the sql_prepare_where function in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted username containing substi ... oval:org.secpod.oval:def:300276 A vulnerability has been found and corrected in okular : A specially crafted PDF or PS file could cause okular to crash or execute arbitrary code . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301128 Multiple vulnerabilities has been found and corrected in xfig: Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arb ... oval:org.secpod.oval:def:300390 A vulnerability has been found and corrected in gif2png: Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png . Buffer overflow ... oval:org.secpod.oval:def:300160 A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitraty code execution . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300413 A vulnerability has been found and corrected in tomboy: The tomboy and tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. N ... oval:org.secpod.oval:def:300312 A new version of the CGI Perl module has been released to CPAN, which fixes several security bugs which directly affect Bugzilla . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300222 Multiple vulnerabilities were discovered and corrected in php-pear : Argument injection vulnerability in the sendmail implementation of the Mail::Send method in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, a different vector tha ... oval:org.secpod.oval:def:300247 This advisory updates webmin to the latest version 1.500, fixing several bugs and a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. oval:org.secpod.oval:def:300821 A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting attacks via unspecified web client software . This update provides a solution to this vulnerability. oval:org.secpod.oval:def:301008 Multiple vulnerabilities has been found and corrected in python-feedparser: Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas . feedparser.py in Universal ... oval:org.secpod.oval:def:300091 A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences . This update fixes the issue by disabling the display of co ... oval:org.secpod.oval:def:300655 Due to a packaging problem, the development version of the libxt package on 64 bit systems could lead to file conflicts during the installation because it was not providing the libxt6-devel package. This update fixes this issue. oval:org.secpod.oval:def:300423 This is a bugfix release that upgrades firefox to the latest version due to issues where some Java applets would fail to load. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300305 This is a maintenance upgrade for ISC BIND that fixes some upstream bugs. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300439 It was discovered that gwenhywfar was using an old private copy of the ca-bundle.crt file containing the root CA certs, this has now been resolved so that it uses the system wide and up to date /etc/pki/tls/certs/ca-bundle.crt file last updated with the MDVSA-2011:068 advisory. Packages for 2009.0 a ... oval:org.secpod.oval:def:300444 It was discovered that the QT packages were affected by the fraudalent certificates problem as well, the same issue as with firefox . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300441 Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. This could deceive them into revealing personal information such ... oval:org.secpod.oval:def:300691 A regression was found and fixed for mpg123 while attempting to load the mpg123 modules. This regression stems from MDVSA-2009:307 . oval:org.secpod.oval:def:300114 The install of mailman failed because of a problem in the rpm scripts, additionally the logrotation script was fixed. oval:org.secpod.oval:def:300234 A dependency problem with the postgresql packages was discovered which under certain circumstances prevented a smooth upgrade. This advisory addresses this problem. oval:org.secpod.oval:def:300368 The pptp-linux packages in Mandriva Linux 2009.0, MES5, 2009.1 and 2010.0 try to call /bin/ip instead of /sbin/ip. The updated packages fix this issue. oval:org.secpod.oval:def:300362 A bug in nfs-server init script incorrectly reload rpc.idmapd after rpc.nfsd start, preventing proper communication between the two processes. As a result, all files are considered owned by nobody uid/gid on client side. This update fix this issue. Packages for 2009.0 are provided as of the Extended ... oval:org.secpod.oval:def:300127 A bug in the integration with CUPS causes programs that rely on xulrunner to crash when trying to print . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300839 This is a minor bugfix release for apache : The openssl and makedev packages is needed at install time from cdrom medias in %post for the apache-mod_ssl sub package in order to be able to generate the dummy ssl certificate The packages provided with this update addresses this problem. oval:org.secpod.oval:def:300971 Due to a packaging problem, the development version of the libxcb package on 64 bit systems could lead to file conflicts during the installation because it was not providing the libxcb-devel package. This update fixes this issue. oval:org.secpod.oval:def:300873 The aoss script which redirect OSS sound output to Alsa contains an error which makes it fail to preload the correct library. Because of this error, old applications using OSS may fail to play sound if PulseAudio is not used. This update corrects this error. oval:org.secpod.oval:def:300875 This is a bugfix and maintenance release for squid that upgrades squid to 3.0.STABLE20 and fixes some bugs: An outstanding issue with code 304 and code 200 replies being mixed up has now been resolved. This means requests which need to refresh cache objects will not cause temporary client software f ... oval:org.secpod.oval:def:300406 This is a maintenance and bugfix release that upgrades mysql to the latest 5.0 and 5.1 versions which solves numerous upstream bugs. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300402 The saslauth daemon could crash under heavy load. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:301097 This is a maintenance and bugfix release that upgrades php to the latest 5.2 and 5.3 versions which solves numerous upstream bugs. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300379 This is a bugfix and maintenance advisory that upgrades pidgin to the latest version that addresses various issues with upstream service providers . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300037 This is a maintenance and bugfix release of firefox that upgrades firefox to the 3.6.12 version and adds missing localization packages for the Georgian, Kurdish, Occitan and Serbian languages. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300046 A bug it the NSS source rpm package did not pull in the latest and required version of NSPR when building NSS . Additionally the rootcerts package was updated with the latest certdata.txt file from the mozilla cvs and is also provided with this advisory. oval:org.secpod.oval:def:300289 This update fixes a bug in irqbalance that makes it to fail to spread IRQs in a SMP or a muli core machine oval:org.secpod.oval:def:301134 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:301010 The TCL extension for sqlite3 was not provided with the the MDVSA-2011:079 advisory. This advisory addresses the problem and provides the missing packages. oval:org.secpod.oval:def:300171 This is a maintenance and bugfix release of sudo which upgrades sudo to the latest 1.7.4p4 version. oval:org.secpod.oval:def:300070 The network detection routine could not detect the network connection properly in some cases, resulting in premature termination with incorrect return code. This could result in failure on startup for services which depend on network to be up, such as apache2 server. This update fixes this issue. oval:org.secpod.oval:def:301172 The DHCP client ignores the interface-mtu option set by server. This update fixes the issue. oval:org.secpod.oval:def:300367 A vulnerability has been found and corrected in nss_db: The Free Software Foundation Berkeley DB NSS module 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application th ... oval:org.secpod.oval:def:300428 Multiple vulnerabilities has been identified and fixed in openldap: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sendin ... oval:org.secpod.oval:def:300235 Multiple vulnerabilities has been found and corrected in libthai: Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string . Packages for 2008. ... oval:org.secpod.oval:def:300136 A vulnerability has been discovered and corrected in libsndfile: The htk_read_header, alaw_init, ulaw_init, pcm_init, float32_init, and sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service via a crafted audio file . Packages for 2008.0 ... oval:org.secpod.oval:def:300250 A vulnerability has been discovered and fixed in kget : The name attribute of the file element of metalink files is not properly sanitized before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to dir ... oval:org.secpod.oval:def:300285 A vulnerability was discovered and corrected in dovecot: Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service via long headers in an e-mail message . This update provides dovecot 1.2.11 which is not vulnerable to this issue and also holds man ... oval:org.secpod.oval:def:300053 Multiple vulnerabilities has been found and corrected in cabextract: The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service via a malformed MSZIP archive in a .cab file during a test or extract action, related to the libmspack library . Integer signedn ... oval:org.secpod.oval:def:300172 A vulnerability has been found and corrected in libgdiplus: Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; a crafted JPEG file, related to the gdip_load ... oval:org.secpod.oval:def:300180 A vulnerability has been found and corrected in kdm : KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has been discovered by Sebastian K ... oval:org.secpod.oval:def:300199 A vulnerability has been found and corrected in libglpng: Multiple integer overflows in glpng.c in glpng 1.45 allow context-dependent attackers to execute arbitrary code via a crafted PNG image, related to the pngLoadRawF function and the pngLoadF function, leading to heap-based buffer overflows . ... oval:org.secpod.oval:def:300245 Updated timezone packages for PHP are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. Packages for 2008.0 are provided due to the Extended Maint ... oval:org.secpod.oval:def:300249 The rootcerts package was added in Mandriva in 2005 and was meant to be updated when nessesary. The provided rootcerts packages has been upgraded using the latest certdata.txt file from the mozilla cvs repository, as of 2009/12/03. In Mandriva a number of additional CA root certificates has been add ... oval:org.secpod.oval:def:301185 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:300093 A vulnerability has been discovered and fixed in libxext: There"s a race condition in libXext that causes apps that use the X shared memory extensions to occasionally crash. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The corrected packages ... oval:org.secpod.oval:def:300137 It was brought to our attention by Ludwig Nussel at SUSE the md5 collision certificate should not be included. This update removes the offending certificate. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The mozilla nss library has consequently been rebuilt to pickup these ... oval:org.secpod.oval:def:300372 This is a maintenance release of mozilla firefox and thunderbird that upgrades firefox to 3.6.10 and thunderbird to 3.0.8. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300264 The new mdkonline packages adds the extended maintenance support to mdkonline. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. oval:org.secpod.oval:def:300261 A bug was discovered in the FH_DATE_PAST_20XX rules that affects vanilla spamassassin 3.2 installations after the first of January 2010 . This update fixes this issue. oval:org.secpod.oval:def:300030 This is a maintenance and bugfix release of apache-conf that mainly fixes so that the httpd service is handled more gracefully when reloading the apache server . Other fixes : - fix #53887 - workaround #47992 - added logic to make it possible to set limits from the init script in an attempt to add ... oval:org.secpod.oval:def:300169 Changes on the ICQ servers made the login impossible if the clientLogin and SSL options were enabled. This update adds patches to restore these options. Also add xdg patch from cooker. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:301135 This bugfix release addresses a long standing problem when issuing the halt or reboot commands on a remote Mandriva system. This led to that the session wasn"t closed properly. This advisory corrects this problem. oval:org.secpod.oval:def:300044 The eject package shipped in Mandriva Linux 2009.0, 2009.1, 2010.0 contains a bug which will lead to a failure when ejecting a DVD which has space characters within its name. The updated package fixes this problem. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. oval:org.secpod.oval:def:300042 The new drakconf packages adds extended maintainance access support to drakconf. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers as well as for official 2008.0 updates. oval:org.secpod.oval:def:301147 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:300293 The xulrunner and firefox packages sent with the MDVSA-2010:070 advisory did not require the version of sqlite3 they were built against which prevented firefox from starting. The fixed packages addresses this problem. oval:org.secpod.oval:def:300173 The Adobe Flash plugin has https support, but only searches for SSL certificates in /etc/ssl/certs. This advisory provides a compatibility symlink at /etc/ssl/certs pointing to /etc/pki/tls/certs to remedy this problem. Additionally this advisory also brings the latest root CA certs from the mozilla ... oval:org.secpod.oval:def:300181 It was discovered that yelp stopped working correctly on Mandriva Linux with latest xulrunner. This update addresses this problem. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. oval:org.secpod.oval:def:301150 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. Packages for 2008.0 and 2009.0 are provided due to the Extended Ma ... oval:org.secpod.oval:def:301169 This is a maintenance update that upgrades php to the latest upstream version for CS4/MES5/2008.0/2009.0/2009.1/2010.0. Additionally some of the third party extensions and required dependencies has been upgraded. Corporate Server 4.0 with php-5.1.6 had the old Hardening-Patch 0.4.14 applied statical ... oval:org.secpod.oval:def:300074 Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300203 It was discovered that the ASN.1 BER dissector in wireshark was susceptible to a stack overflow . For 2010.0 and 2010.1 wireshark was upgraded to v1.2.12 which is not vulnerable to this issue and was patched for CS4 and MES5 to resolve the vulnerability. oval:org.secpod.oval:def:300356 The cross-desktop screensaver tool was missing a dependency on the xset tool. This update adds it. oval:org.secpod.oval:def:300135 Due to a bug in the keychain package the "--noask" option wasn"t always used, this caused the Qt4 ssh-askpass dialogue to get loaded before a window manager was fully-started, preventing the user from entering the passphrase as the dialogue never gets focus without a window manager running. This upd ... oval:org.secpod.oval:def:300374 The translations for the default download directory was missing for several languages. This update adds the missing translations. oval:org.secpod.oval:def:301005 This advisory updates perl-URPM package to a version compatible with disttag and rpm5 features. This update is mandatory to be able to update to Mandriva 2011 version via online update. oval:org.secpod.oval:def:301151 Due to bug in nss_updatedb package old BDB transaction logs were not removed from /var/lib/misc directory, possibly filling the /var filesystem. The fixed package corrects this bug, and will also remove all leftover transaction logs from the system. oval:org.secpod.oval:def:300651 This update improves the Polish translation used in KDE4 splash screens. oval:org.secpod.oval:def:300652 Some Qt softwares like Opera have some CPU issues with Qt4 version released on mandriva 2010.0 This update fixes this issues. oval:org.secpod.oval:def:300893 In Mandriva 2010.0, konqueror crashes when opening a new tab on a previously detached tab. This update fixes this issue. oval:org.secpod.oval:def:300891 In Mandriva Linux 2010.0, the kmix application may fail to initialize on system start. This update fixes this issue. oval:org.secpod.oval:def:300659 In mandriva 2010.0, a beta version of digikam was provided. This update provides the final version of 1.0.0. oval:org.secpod.oval:def:300534 This update fixes two issues in drakx-net shipped with Mandriva Linux 2010.0: - draksambashare application was fixed to correctly handle samba users - drakhosts application was fixed to allow specifying multiple IP addresses for same host address oval:org.secpod.oval:def:300898 The version of kino shipped with 2010.0 does not use the soundwrapper system to allow output to legacy OSS sound device in a friendly way . This update changes the .desktop file used to launch kino from the menus to ensure that soundwrapper is used. Additionally, this update also provides soundwrapp ... oval:org.secpod.oval:def:300785 Correct issues with scaled bitmap fonts by properly installing fontconfig.properties and requires a default font . oval:org.secpod.oval:def:300300 Updated packages for lvm2 and device mapper correct malfunctioning of dmeventd and errors while creating snapshots and mirrored targets. oval:org.secpod.oval:def:300663 In Mandriva 2010.0, because of a regression, the KTimetracker menu was missing many options, which made it unusable. Also in Mandriva 2010.0, when using Knotes inside Kontact the note title was left-cutted when using a long title. This update fixes these issues. oval:org.secpod.oval:def:300782 In kde 4.3 provided with mandriva 2O1O.0 there was a performance regression and lag in krunner. This update fixes the issue. oval:org.secpod.oval:def:300548 In Mandriva 2010.0, krdc was not able to connect to RDP servers as the rdesktop package was not installed, this update fixes this by adding rdesktop as runtime dependency for krdc. oval:org.secpod.oval:def:300789 The python-qt package included in Mandriva 2010.0 contains a API incompatibility problem with python-sip 4.9.1, which will cause downstream problem unusable. This update fixes the issue. oval:org.secpod.oval:def:300666 On mandriva 2010.0 when closing the KDE session, with 3D effects enabled, it can happen that the screen become black. oval:org.secpod.oval:def:300667 In Amarok of mandriva 2010, the time bar is locked, you cannot seek to a point when listening to a song, this happens because missing gstreamer0.10-plugins-ugly, this phonon-gstreamer update adds this package as dependency fixing the bug. Additionally the gstreamer0.10-plugins-ugly packages are prov ... oval:org.secpod.oval:def:300791 This update is a rebuild of qemu packages shipped in 2010.0 against latest glibc-2.10.1-6.2mnb2 with fixed preadv/pwritev prototypes. oval:org.secpod.oval:def:300318 msec in Mandriva Linux 2009.1 and 2010.0 would not carry out the chkrootkit check correctly if the chkrootkit package was uninstalled after the test has been run at least once. This update fixes the issue. oval:org.secpod.oval:def:300679 Due to a bad interaction between fuse and audit framework, applications reading .gvfs would hang if audit is activated. This happens at least on first boot and every month due to readahead-collector. This was reported as bug #53208. These updated packages fix the issue. oval:org.secpod.oval:def:300557 The firefox extension for the beagle desktop search engine was not compatible anymore with the latest firefox security update. This update makes it work with the new firefox. oval:org.secpod.oval:def:300202 In mandriva 2010.0, k3b didn"t had menu icons on Gnome, LXDE, XFCE menus. This update fixes this issue. oval:org.secpod.oval:def:300686 This update ships glibc with fixed preadv/pwritev/fallocate prototypes which are wrong on 32-bit architectures with -D_FILE_OFFSET_BITS=64 on glibc 2.10.1. After installing the update, you must rebuild any application using preadv/pwritev/fallocate built with -D_FILE_OFFSET_BITS=64 on a 32-bit arch. oval:org.secpod.oval:def:300321 The xinit manpage in 2010.0 was not reflecting the real application behavior, which could confuse users. This update fixes the xinit manpage to reflect its real behavior. oval:org.secpod.oval:def:300322 The a2ps package as provided in Mandriva Linux 2010.0 contains improvements concerning paper auto-detection, locale recognition and security issues. The locale recognition prevented the application to perform correctly, this update fixes the issue. oval:org.secpod.oval:def:300561 This update provides updated translation files for msec shipped with Mandriva Linux 2010.0 oval:org.secpod.oval:def:300683 This update fixes two issues with msec: - saving new security level with "msec --save" would result in an error - msec would show a bogus error when checking permissions on non-local files oval:org.secpod.oval:def:300209 It was discovered php-eaccelerator-0.9.6 did not work properly with open_basedir for php-5.3.2. This advisory upgrades php-eaccelerator to 0.9.6.1 which solves this problem. oval:org.secpod.oval:def:300206 A programming error in the Python bindings for GObject would make programs like eliza and Moodvida take up all CPU resources for unnecessary operations while running. This update fixes the problem. oval:org.secpod.oval:def:300327 The network settings were always disabled in the Pulseaudio settings. This update makes the Pulseaudio preferences dialog work again with the latest update of pulseaudio. oval:org.secpod.oval:def:300204 This update brings a new stable version of webkitgtk, and solves the problem with processors without the SSE2 instruction set. It is easy to see if you are suffering from this bug, just try to open some webpage on epiphany Web broswser, it will crash with old webkit version. oval:org.secpod.oval:def:300205 This packages update fixes several issues in initscripts: - ensure dm-mod is loading in speedboot mode - ensure loadkeys is called in the right order - ensure hid is loaded in first pass for speedboot - remove false check on alsa - avoid dmraid error message oval:org.secpod.oval:def:300326 A regression was discovered in fetchmail 6.3.12 The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose message codes 400..599 and treat all of these as temporary error. This would cause messages to be left on the server even if softbounce was turned off. Reported by Thomas Jarosch. ... oval:org.secpod.oval:def:300689 Mandriva 2010 includes k3b 1.68 and the stable release won"t be ready before a long time, this update introduces the Aplha4 version, with lot"s of bugfixes and some new features including: New features * Added close buttons on project tabs * Added support for new libmpcdec API Bugfixes * Crash at ... oval:org.secpod.oval:def:300334 The file /etc/profile.d/gpg-agent.sh uses the source statement which is not valid in sh or ksh. The source statement for sh, ksh, and bash should be . rather than source. This update fixes this issue. oval:org.secpod.oval:def:300576 Nautilus would sometimes crash, caused by corrupted gvfs metadata. This updates gvfs to the new fixed version. oval:org.secpod.oval:def:300335 The libxrender library contained a bug where it could crash applications on x86_64 bit machines when the XRenderSetPictureFilter function was called . oval:org.secpod.oval:def:300211 This update only reverts two testing patches, fixing some font issues in the folderview-applet. oval:org.secpod.oval:def:300212 The rsh package in 2010.0 has several bugs that prevented it from working correctly, the updated packages fix all those issues. oval:org.secpod.oval:def:300331 gtk+ 2.0 was not handling correctly input method in client-side window mode. This could lead to applications crash, inkscape is a good example of crash. This updates fixes this issues and upgrades gtk+2.0 to latest stable release , which includes stability fixes for various applications, including g ... oval:org.secpod.oval:def:300218 It was discovered that firefox-ext-plasmanotify-0.3.0 did not work with firefox-3.6 . This update provides firefox-ext-plasmanotify-0.3.1 that brings it alive again. oval:org.secpod.oval:def:300339 This update enables files to be properly attached when xdg-email is used with Thunderbird as the default mail client. oval:org.secpod.oval:def:300578 Tcsh as shipped with Mandriva Linux 2010.0 would abort on startup with the Unknown colorls variable mh. error, caused by inability to handle the MULTIHARDLINK color parameter . This update fixes this issue. oval:org.secpod.oval:def:300216 Security issues were identified and fixed in firefox 3.5.x: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service via a crafted web site that triggers memory consumption and an accompanying ... oval:org.secpod.oval:def:300103 gtkspell would consume much memory when several instances were used. This affected pidgin. This update changes the way gtkspell loads the dictionaries to use less memory. oval:org.secpod.oval:def:300224 mono as shipped with Mandriva 2010.0 was built with wrong compiler optimizations that made some applications freeze. The updated package uses safe compiler flags that prevents the freeze. oval:org.secpod.oval:def:300341 When a system uses dmraid, mkinitrd now calls dmraid command with the option --rm_partitions. This option is only available in new dmraid package, so boot will fail if, during an upgrade, initrd is generated with new mkinitrd and old dmraid . This updated package adds this dependency. Additionally, ... oval:org.secpod.oval:def:300105 Sane wasn"t compiled with V4L support. This packages update fixes this issue. Additional packages is being provided to satisfy the added dependencies. oval:org.secpod.oval:def:300589 Sound events for Ia_Ora sound theme were not disabled by default for some actions. This package fixes this issue and ensure OpenOffice entries are in the correct order in Office menu in desktop environments. oval:org.secpod.oval:def:300227 This update fixes a number of issues in msec: - this update fixes incorrect German localization for msecperms messages - this update allows to import legacy perm.local permissions configuration file, which could be installed by third-party applications - this update fixes a crash when pam_unix is u ... oval:org.secpod.oval:def:300477 This update fixes several issues with mdkapplet: - it fixes adding the Restricted media - it fixes a rare crash - it forces applying the updates before offering to upgrade to a newer distro - it fixes a crash while upgrading older distributions when perl has been upgraded to a newer version oval:org.secpod.oval:def:300115 x11-server contains a memory leak that is triggered when cursors are changed, which might lead to high memory consumption over a long period of time. This update fixes the problem. oval:org.secpod.oval:def:300112 -In mandriva 2010.0 under KDE, the scrollbar was too small to be used in some cases, this update adds a minimum size to 21 for the scrollbar . -In mandriva 2010.0 under KDE, Quassel could crash when highlighting links. -This update fixes the titlebar colors to make it friendly with ia ora specs. oval:org.secpod.oval:def:300113 It was discovered the kipi-plugins packages were not rebuilt against the libkdcraw.so.8 and libkexiv2.so.8 libraries provided by kdegraphics4-4.3.5-0.7mdv2010.0. This advisory addresses this problem. oval:org.secpod.oval:def:300597 This is a bug fix release, added some missing screenshots for 2010 and a fix for publication date in the pdf file. oval:org.secpod.oval:def:300353 Previous version of openbox were incorrectly started by the login windows, causing various settings such as autostart.sh to malfunction. oval:org.secpod.oval:def:300230 Kdevelop provided with Mandriva 2010.0 could crash at startup oval:org.secpod.oval:def:300479 In Mandriva 2010.0, hal-cups-utils does not re-enable printers when they are reconnected and no printer applet is running. This update fix this issue. oval:org.secpod.oval:def:301206 In Konqueror of Mandriva 2010.0 there is a statusbar rendering a bug when restoring multiple tabs. This Update fixes this issue. oval:org.secpod.oval:def:300238 It was discovered that the snmpd daemon could segfault with certain configuration options. The updated packages addresses this problem. oval:org.secpod.oval:def:300004 Mandriva Linux 2010.0 is installed oval:org.secpod.oval:def:300365 Rsnapshot will automatically add --exclude=xxxx to the rsync options for backups of the filesystem on which the snapshot-root is located. This will be added to the rsync command-line AFTER the rsync_short_args and rsync_long_args, but BEFORE any backup-specific options. This means that the --exclude ... oval:org.secpod.oval:def:300121 This updates digikam and all it"s dependencies, fixing some bugs, notably #56078, and introducing functionalities and boosting up stability. oval:org.secpod.oval:def:300122 This update has fixes for pccard 3G modem detection and accumulated fix for handling hdX/sdX devices Update: This update remove conflicts on drakfirsttime caused by the last update of drakxtools. oval:org.secpod.oval:def:300240 The Gnome Settings Daemon would crash when the multimedia volume keys were used when the mouse pointer is on the secondary screen. This updates gtk+ to a new version that also has fixes for crashes in empathy, eog and other applications. oval:org.secpod.oval:def:300241 A incorrect initialisation in consolekit daemon could prevent automount of removable media under GNOME or KDE environment. This package update fixes this issue . oval:org.secpod.oval:def:300369 This update contains an important fix for YouTube video parsing, fixing a problem which was introduced when YouTube introduced new rating elements. oval:org.secpod.oval:def:300814 The xdpyinfo package was updated to allow handling more X11 extensions. oval:org.secpod.oval:def:300941 MDVA-2009:252 introduced a regression with the newer version of the webkit package, which made the Mandriva Control Center crash. This update reverts the webkit package to the previous version. Also this update reintroduces the issue fixed by MDVA-2009-252. oval:org.secpod.oval:def:300715 This update provides the missing read-netprofile command for netprofile application, which was required for on-boot network profile selection. oval:org.secpod.oval:def:300831 Dansguardian service, when launched with the stop option, would report errors on lines 51. This update fixes the issue. oval:org.secpod.oval:def:300708 In mandriva 2010.0, Okular was failing to open files from firefox, if the URL contained spaces or accents. This update fixes this issue. oval:org.secpod.oval:def:300841 This update fixes an issue in mdkapplet where it offers to upgrade Mandriva 2010.0 to 2009.1 when the former is not listed on api.mdv.com oval:org.secpod.oval:def:300607 This update brings the new stable version 1.1.15.4 of webkitgtk, and solves the problem with the SSE2 instruction set on AMD machines. oval:org.secpod.oval:def:300725 This update provides the pcsc-lite packages which were needed by MDVA-2009:264 but not provided. oval:org.secpod.oval:def:300977 This is a bugfix and maintenance release for php that upgrades php to 5.3.1RC3 and fixes some bugs: - fix #54993 - With latest php-5.3.xx, it"s not needed to build a separate binary for FastCGI SAPI support, this is allways enabled in the php-cgi binary. This obsoletes the php-fcgi package and also ... oval:org.secpod.oval:def:300855 A missing xulrunner path in the eclipse.ini configuration file is preventing the Eclipse to start resulting in a crash. This update provides the fix for that bug. oval:org.secpod.oval:def:300853 In Mandriva 2010.0, when using an old X server without support for the XrandR extension, the Gnome settings daemon would crash. This update resolves the issue by adding a check before using the extension. oval:org.secpod.oval:def:300863 When accounts are created in MDS, the accounts are created with shadowExpire=0 They should be set with shadowExpire=-1, otherwise new accounts will always warn that they are expired when logging in using the account. This fixes this bug for new accounts created using MDS. It does not fix the problem ... oval:org.secpod.oval:def:300984 In mandriva 2010.0, KNetattach was using fish for the ssh connections, this update makes it use the more suported sftp instead. oval:org.secpod.oval:def:300621 Due to a change in glibc on x86_64, pam_tcb incorrectly handles negative values in /etc/shadow. When password expiration warning delay is set to -1, a warning would be displayed to the users saying that their password will expire in 99999 days. This update resolves this bug. oval:org.secpod.oval:def:300629 In kde 4.3 of mandriva 2010.0 the possibility to lock/unlock widgets from the panel wasn"t activated, this rpms handles this issue. oval:org.secpod.oval:def:300867 This update fixes an issue with graphviz: * graphviz isn"t properly upgraded to a newer version when upgrading from a 2009.0 system oval:org.secpod.oval:def:300501 This update fixes several issues regarding the live upgrade to a more recent distribution. oval:org.secpod.oval:def:300516 In Mandriva 2010.0 it may happen that devices like iPod fail to get ejected. Also in Mandriva 2010.0, solid does not respect HAL locks, resulting in KDE applications not properly showing partitions from these devices. This Update fixes these issues. oval:org.secpod.oval:def:300757 This update updates Midnight Commander to latest version, which fixes occasional crashes when searching within editor/browser. oval:org.secpod.oval:def:300515 MDVA-2009:258 introduced a regression which made the libwebkitgtk devel packages uninstallable. This update fixes this issue. oval:org.secpod.oval:def:300885 In Mandriva 2010.0, with Ktimetracker embedded in Kontact, the shortcut to create a new task didn"t work, another bug is that the shortcut ctrl + shift + W would make Kontact crash. This update fixes these issues. oval:org.secpod.oval:def:300522 In Mandriva 2010.0, espeak did not support the pulseaudio audio system, which rendered incomprehensible speech. This update changes the build of espeak to use pulseaudio as audio output. oval:org.secpod.oval:def:300763 This is a maintenance and bugfix update for firefox 3.5.x: * Bug 468562 - ASSERTION: Inserting multiple children without flushing * Bug 521750 - Put a runtime NS_IsMainThread check in nsCycleCollector::Suspect2 and Forget2 * Bug 525326 - Crashes in gif decoder [@ xul.dll@0x348945][@ xul.dll@0x348864 ... oval:org.secpod.oval:def:300762 mplayer would crash when selecting a chapter from the DVD menu. This update prevents the crash. oval:org.secpod.oval:def:300888 This is a update to version 0.8 making it work fine again. oval:org.secpod.oval:def:300765 This update fixes the index page css and images when in disconnected mode. oval:org.secpod.oval:def:300099 The find utility in Mandriva Linux 2010.0 could give bogus "No such file or directory" messages, when run from msec application. This advisory updates the find application to the latest available version, fixing this issue. oval:org.secpod.oval:def:301189 Old version of slib was not compatible with some gnucash features, which could cause crashes in the application. This bugfix update features latest version of slib package and ensure it is correctly registering into guile code repository. Additionally improvements was done for the guile packages whi ... oval:org.secpod.oval:def:300097 Updated libSDL packages are being provided for Mandriva Linux 2010.0 which fixes random crackling occurring when playing sound in SDL-based applications via PulseAudio. oval:org.secpod.oval:def:300096 This update fixes a reported buffer overflow found with ntlm authentication . This advisory obsoletes MDVA-2010:172 oval:org.secpod.oval:def:301181 The tkcvs package did not work properly with Tk release 8.6 and later. This packages updates fixes this issue and ensure tcl is properly required by tkcvs package. oval:org.secpod.oval:def:300090 The youtube plugin in totem has stopped working. This was caused by changes on the youtube web site. This new version updates to those changes to make youtube playback in totem work again. oval:org.secpod.oval:def:301192 The package phonon-gstreamer issued in main/updates has a new dependency added, gstreamer0.10-plugins-ugly, this new dependencie also depends on some other packages only available on the /main/release media, this updates pushes the gstreamer0.10-plugins-ugly dependecies to the /Main/Updates media m ... oval:org.secpod.oval:def:300910 SDL_image shipped in Mandriva Linux 2010.0 contains a hidden link on libjpeg62, which is incompatible with libjpeg7 shipped in 2010.0. The hidden link will cause downstream applications such as tuxmath unable to launch. This update fixes this issue. oval:org.secpod.oval:def:300907 A bug in fontconfig language cache was generating invalid cache which would cause crashes or freeze when upgrading previous Mandriva Linux release to Mandriva Linux 2010 using live update feature. This updates fixes this issue. oval:org.secpod.oval:def:300906 With dragon player, after watching a film, the screensaver was activated even if you had disactived it. This update fixes the issue. oval:org.secpod.oval:def:300923 The x86_64 and i586 development packages had conflicting files and weren"t installable in parallel. This update modifies the installation of the conflicting files. oval:org.secpod.oval:def:300922 In kde4-firstsetup.sh from Mandriva 2010.0 there was still some references to plasma which have been renamed to plasma-desktop on KDE 4.3. This update fixes this issue. oval:org.secpod.oval:def:300916 A bug in pango was preventing correct location of some glyphs when scaling was in effect. This update fixes this issue and enforce version dependency on cairo, which could cause crashes when upgrading Mandriva Linux distribution to release 2010.0. oval:org.secpod.oval:def:300378 This update a bug in urpmi which prevented rpmdrake to install packages a second time oval:org.secpod.oval:def:301226 This is a bugfix and maintenance release for php that upgrades php to 5.3.1RC4. Additionally, some packages which require so, have been rebuilt and are being provided as updates. oval:org.secpod.oval:def:300016 Allow to use ddf1 raid and to manage unpartitionned dmraid. It also offers to install onto dmraid or existing lvm without using manual partitionning. Update: drakx-installer-stage2 packages was missing with the MDVA-2010:062 advisory. The missing packages being provided with this advisory. oval:org.secpod.oval:def:300011 Update of ldetect-lst to add the support of new Intel GPU: Atom Pineview G, Atom Pineview GM, Intel B43 and Intel Core i3/i5 IGP. Also update the monitor DB to add two new Samsung SyncMaster devices. oval:org.secpod.oval:def:300130 It was dicovered that the kde4ff theme for firefox 3.5 did not work, to address this problem the kfirefox theme is provided as a drop in replacement. It was discovered that the beagle extension for firefox had the wrong release number which prevented it from being upgraded. This advisory addresse ... oval:org.secpod.oval:def:300493 This package adds new top bar for Mandriva Flash 2010 edition. oval:org.secpod.oval:def:300131 In mandriva 2010.0, there was a missing requires that make impossible to choose a printer though samba. Also, in mandriva 2010.0, the cups service couldn"t be started if the user started s-c-p manually. This update fixes these issues. oval:org.secpod.oval:def:300252 Allow to use ddf1 raid and to manage unpartitionned dmraid. It also offers to install onto dmraid or existing lvm without using manual partitionning. oval:org.secpod.oval:def:300138 It was discovered php-xdebug-2.0.5 did not work properly for php-5.3.2. This advisory upgrades php-xdebug to 2.1.0 RC1 which solves this problem. oval:org.secpod.oval:def:300259 The last iaora update introduced a litlle regression in some IaOra color schemes, like Iaora-Gray, this new package is correcting this. Also in iaora, the application"s name in the titlebar wasn"t correctly centered. oval:org.secpod.oval:def:300018 This updates fixes a wrong Obsoletes: tag on netcdf package which would break upgrades to 2010.1. oval:org.secpod.oval:def:300139 The dbus-glib package was built without a symbol that is needed by the latest versions of tracker. This update adds the missing functions . oval:org.secpod.oval:def:301227 This updates the wireless regulatory domain database to 2009-11-10 in order to follow the wireless regulations in the world. For Mandriva 2010.0: - add support for Aruba - update United States rules for 5600 MHz - 5650 MHz For Mandriva 2009.1: - enable 5GHz band for Thailand - updates to 5GHz ban ... oval:org.secpod.oval:def:300371 Programs like hplip that use polkit to authorize privileged operations fail in desktop environments that don"t start their own polkit-agent. This update starts the polkit-agent for GNOME in all desktop environments. oval:org.secpod.oval:def:300147 This update adds a feature to msec to save the log message that would be sent by email into /var/log/security/ to allow consulting it without relying on email system. oval:org.secpod.oval:def:300148 This update fixes two issues with msec: - some error messages could result in msec trowing an exception instead of logging the corresponding text - security report about group-writable files belonging to gdm user was silenced by default oval:org.secpod.oval:def:300024 In mandriva 2010.0, we provided KDE 4.3.2, this update brings KDE to version 4.3.5, overall, it provides many bug fixes and enhancements. Update: This update also provides new package python-mwclient, required by kde 4.3.5. oval:org.secpod.oval:def:300025 In mandriva 2010.0, there was a layout pb in the Kontact Planner plugin. In Korganizer, in the TODO Mode, the first line of text wasn"t viewable in non rich text mode. This update fixes these issues. oval:org.secpod.oval:def:300267 A bug in the x11-driver-input-evdev package could lead to crashes in the Xorg server after read errors in input devices. This update fixes this problem. oval:org.secpod.oval:def:300022 This is maintenance and bugfix release bringing php-xdebug-2.1.0 that addreses some php-5.3.x specific issues. oval:org.secpod.oval:def:300143 In mandriva 2010.0, when listening to a web stream while you lose your internet connection can make Amarok to crash. This update fixes this bug. oval:org.secpod.oval:def:300263 rpmstats in 2010.0 displays strange characters for some last modified file names, this is easy noticed on Drakstats. This updated package fixes this bug . oval:org.secpod.oval:def:300028 Perl scripts shipped in the freeradius-web sub package use File::Temp perl module incorrectly, preventing to execute them correctly. In these perl scripts, a change was made to replace the line "use File::Temp \;" by "use File::Tempqw\\;". oval:org.secpod.oval:def:300038 In Mandriva Linux 2010.0 some widgets, such as the Opendesktop ones, resulted in plasma crashes. This update fixes this issue. oval:org.secpod.oval:def:300156 This is the latest IaOra package, with fixes for some issues: - ability to align window titles to left - Date field on kontact calendar - New event is too small #55699 - Two bugs on IaOra colors on lists #56883 and #57079 oval:org.secpod.oval:def:300273 This new mkinitrd release fixes hotplug command and thus firmware loading inside nash, addressing failure with modules loaded inside initrd which requests firmware. oval:org.secpod.oval:def:300039 A change on the youtube web page has stopped the youtube plugin from working. This update adapts totem to these changes. oval:org.secpod.oval:def:300272 This update makes the debug package for dbus available to be used by gdb on x86-64 and allows parallel installation of the development packages for both x86 and x86-64 architectures. oval:org.secpod.oval:def:301138 Dhcp-server package shipped with Mandriva Linux 2009.1 and 2010.0 was using incorrect SV_LDAP definitions during the build, which resulted in ldap support being non-functional. This update fixes the issue. oval:org.secpod.oval:def:300049 xvt script was not detecting KDE4 properly and was forking KDE4 terminal, which could break some scripts. This updates fixes this issue and also disable some unwanted sound events when using Firefox 3.6.x under GNOME. oval:org.secpod.oval:def:300167 The tcsh package has some broken basic features due to a wrong patch. In a tcsh shell executing "echo [1-]" should return 0 and be silent, instead it returns an error message argv: Subscript out of range. This update fixes this issue. oval:org.secpod.oval:def:300286 glibc 2.10.1 on Mandriva 2010.0 can"t resolve names with some buggy routers. This update includes upstream fixes post glibc 2.10.1 release that fixes the issue . Other glibc resolver fixes are included too, which addresses also some other upstream opened bugs. oval:org.secpod.oval:def:300045 In mandriva 2010.0 there was some missing translations. This update fixes this issue. oval:org.secpod.oval:def:300287 It was discovered the kdeplasma-addons packages were not rebuilt against the libkdcraw.so.8 and libkexiv2.so.8 libraries provided by kdegraphics4-4.3.5-0.7mdv2010.0. This advisory addresses this problem. oval:org.secpod.oval:def:300284 The LIRC infrared support in xine-ui program didn"t work. This update fixes the issue. oval:org.secpod.oval:def:300041 Plymouth verbose mode at shutdown was not displaying logs properly. This update fixes this issue. oval:org.secpod.oval:def:300059 Poppler cairo backend was not handling PDF images prescaling correctly, causing some PDF files to be unreadable. This updates fixes this issues and includes other stability fixes. oval:org.secpod.oval:def:300179 In mandriva 2010.0, we provided KDE 4.3.2, this update brings KDE to version 4.3.5, overall, it provides many bug fixes and enhancements oval:org.secpod.oval:def:300055 This update fixes an issue with rpm filetriggers : when several file triggers are ran in parallel and try to read from stdin, a pipe filedescriptor leak leads to a deadlock and rpm freezing. oval:org.secpod.oval:def:300297 This update provides openoffice.org-voikko package for the last OpenOffice.org 3.1.1 update. oval:org.secpod.oval:def:301145 Evolution could crash when adding new task to a task list. Those packages fixes this issue and updates Evolution to the latest stable release, bringing performance and stability fixes, as well as additional translations. oval:org.secpod.oval:def:300298 This updates gdcm to version 20.0.14 and corrects some packaging issues that rendered the python interface non functional. oval:org.secpod.oval:def:301144 The blogtk package in 2010.0 was crashing on start. This update fixes the problem by updating blogtk to the latest version. Additionally the python-gdata packages are being provided as well due to requirements. Update: The MDVA-2010:070 advisory was missing some new dependancies that prevented blog ... oval:org.secpod.oval:def:300294 gdm was not configuring properly dpi value to use for its graphical greeter, which could lead to unreadable text on HD resolution with some graphical chipset. This package update fixes this issue. oval:org.secpod.oval:def:301140 This update provides a fix to the correction of CVE-2010-0307, which resulted in crashes when running i586 applications on x86_64 oval:org.secpod.oval:def:300170 This update fixes rpmdrake behavior when suggesting packages from disabled backports media . oval:org.secpod.oval:def:300050 In mandriva 2010.0 /etc/pam.d/kde was not tagged as a config file so was replaced by a new file on each update.This update fixes this issue. oval:org.secpod.oval:def:300189 This update provides: - Fix for bug #59541: Empty fields in media helpers not allowing the addition of enterprise/restricted medias - New feature: Offers powerpack media to Free/One users, and re-subscription to Flash/Powerpack users. oval:org.secpod.oval:def:301158 The predrawn figure library in xfig could not be accessed by non-root users because of incorrect permissions making the contents of /usr/lib/X11/xfig/Libraries readable only by root. This update corrects the problematic permissions. oval:org.secpod.oval:def:300069 It was not possible to load the lirc_atiusb and lirc_bt829 LIRC infrared drivers due to an Unknown symbol error. The updated packages fix this issue. oval:org.secpod.oval:def:300187 The heartbeat package in the 2010.0 release had wrong permissions and ownership for /usr/bin/cl_status this prevented it from working correctly. Also when peers were outdated heartbeat didn"t failover gracefully. This update fixes both these issues. oval:org.secpod.oval:def:301154 Espeak as shipped with Mandriva 2010.0 had no support for pulseaudio. An updated package was provided that added pulseaudio support, but didn"t work anymore for systems that had pulseaudio disabled. This update makes espeak work in both scenarios. Additional packages has been added to this advisory ... oval:org.secpod.oval:def:300062 In kde4.3 this is not possible to execute a bash script when double clicking on it. This update fixes this issue. oval:org.secpod.oval:def:300061 This update fixes a reported buffer overflow found with ntlm authentication . oval:org.secpod.oval:def:300182 This update adds missing header files which are necessary to compile third-party applications based on iptables. oval:org.secpod.oval:def:300078 This update fixes unaligned access in libpci on some rare hardware which ended in all programs using libldetect to fail with draksound . oval:org.secpod.oval:def:300073 There was a bug in the ATI X1200 driver, making it show very frequent screen corruption. This update fixes the issue. oval:org.secpod.oval:def:300190 This updates fixes issues with k3b when ripping CDs with external encoder such as FLAC. oval:org.secpod.oval:def:301179 The latest update to openssh application caused it to display bogus FAILED status when shutting down or restarting, when no clients are connected to the ssh server. This update fixes this issue. oval:org.secpod.oval:def:300086 The blogtk package in 2010.0 was crashing on start. This update fixes the problem by updating blogtk to the latest version. Additionally the python-gdata packages are being provided as well due to requirements. oval:org.secpod.oval:def:301175 The version of PulseAudio shipped with 2010.0 has had numerous bug fixes since it was released. This updates the PulseAudio package to 0.9.21 which contains most of the bug fixes . Additional fixes from the upstream stable-queue branch are also included in this package. The fixes include better supp ... oval:org.secpod.oval:def:300082 jpeg2yuv segfaulted when linked against libjpeg v7/8 . The provided packages has been patched to address this issue. oval:org.secpod.oval:def:300081 In some cases aria2 would crash with a segmentation fault when encountering file not found errors. This could particularly happen when installing updates with urpmi. oval:org.secpod.oval:def:300132 A vulnerability was discovered and corrected in freeciv: freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the os, io, package, dofile, loadfile, loadlib, module, and r ... oval:org.secpod.oval:def:300278 A vulnerability was discovered in aria2 which allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file . This update fixes this issue. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300303 A vulnerability has been found and corrected in sudo: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a -u root sequence . The upda ... oval:org.secpod.oval:def:301171 A vulnerability has been found and corrected in squid: The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service via crafted packets to the HTCP port, which triggers a NULL pointer dereference . Packages for 2008.0 are ... oval:org.secpod.oval:def:300071 A vulnerability has been found and corrected in vte: The vte_sequence_handler_window_manipulation function in vteseq.c in libvte in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain pot ... oval:org.secpod.oval:def:300274 A vulnerability has been found and corrected in squid: The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service via a crafted request . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintena ... oval:org.secpod.oval:def:300183 A vulnerability has been found in Qt Creator 2.0.0 and previous versions. The vulnerability occurs because of an insecure manipulation of a Unix environment variable by the qtcreator shell script. It manifests by causing Qt or Qt Creator to attempt to load certain library names from the current work ... oval:org.secpod.oval:def:300412 A vulnerability has been found and corrected in banshee: The banshee-1 and muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory . Packa ... oval:org.secpod.oval:def:300048 A vulnerability was discovered and corrected in gnucash: gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory . The affected /usr/bin/gnc-t ... oval:org.secpod.oval:def:300040 Multiple vulnerabilities has been discovered and corrected in gnome-screensaver: gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended w ... oval:org.secpod.oval:def:300012 A vulnerability was discovered and fixed in kolab-horde-framework: Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an image upload form. Packages for 2008.0 and 2009.0 are provided as of the ... oval:org.secpod.oval:def:300346 A vulnerability was discovered and corrected in git : A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbitrary web script or HTML code via f and fp variables . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300315 A vulnerability has been found and corrected in krb5: Multiple integer underflows in the AES and RC4 decryption functionality in the crypto library in MIT Kerberos 5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service or possibly execute arbitrary code by ... oval:org.secpod.oval:def:300337 A vulnerability has been found and corrected in lftp: The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a C ... oval:org.secpod.oval:def:300355 A vulnerability was discovered and corrected in ISC dhcp: ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address fiel ... oval:org.secpod.oval:def:300408 Multiple vulnerabilities were discovered and corrected in krb5: The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300407 A vulnerability has been found and corrected in dhcp: The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service by sending a message over IPv6 for a declined and abandoned addre ... oval:org.secpod.oval:def:301187 A vulnerabilitiy has been found and corrected in sudo: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileg ... oval:org.secpod.oval:def:300397 A vulnerability has been found and corrected in dhcp: ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp proc ... oval:org.secpod.oval:def:300393 Multiple vulnerabilities has been found and corrected in evince: Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DV ... oval:org.secpod.oval:def:300198 A vulnerability has been found and corrected in perl-libwww-perl: lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Conten ... oval:org.secpod.oval:def:301161 A vulnerability has been found and corrected in dhcp: ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service via a zero-length client ID . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300088 Multiple vulnerabilities were discovered and corrected in poppler: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference . The PostScriptFunction::PostScriptFunctio ... oval:org.secpod.oval:def:301178 A vulnerability has been found and corrected in sudo: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allows lo ... oval:org.secpod.oval:def:300786 A vulnerability was discovered and corrected in acl: The setfacl and getfacl commands in XFS acl 2.2.47, when running in recursive mode, follow symbolic links even when the --physical or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories vi ... oval:org.secpod.oval:def:300435 A vulnerability was discovered and corrected in xmlsec1: xslt.c in XML Security Library before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform ele ... oval:org.secpod.oval:def:300330 Security issues were identified and fixed in firefox 3.0.x and 3.5.x: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we p ... oval:org.secpod.oval:def:300599 A vulnerability has been found and corrected in acpid: acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulne ... oval:org.secpod.oval:def:300133 A vulnerability was discovered and corrected in mono: Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory . Packages for 2009.0 are provided as of the Extended Mainte ... oval:org.secpod.oval:def:300389 A vulnerability has been found and corrected in perl-CGI: Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2 ... oval:org.secpod.oval:def:300385 Multiple vulnerabilities has been found and corrected in mysql: storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service by modifying the innodb_file_format or innodb_file_per_table configuration parameters for the InnoD ... oval:org.secpod.oval:def:300031 Multiple vulnerabilities was discovered and corrected in dovecot: Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing ... oval:org.secpod.oval:def:300174 Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name ... oval:org.secpod.oval:def:300292 A vulnerability has been found and corrected in emacs: lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks . Packages for 2008.0 and 2009.0 are provided due to the Ext ... oval:org.secpod.oval:def:301177 A vulnerability has been discovered and corrected in sudo: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of ... oval:org.secpod.oval:def:300410 Multiple vulnerabilities has been found and corrected in python-django: Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks via for ... oval:org.secpod.oval:def:300377 A vulnerability has been found and corrected in cpio and tar: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service or possibly execute arbitrary ... oval:org.secpod.oval:def:300281 Multiple vulnerabilities were discovered and corrected in bind: named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attack ... oval:org.secpod.oval:def:300445 A vulnerability has been found and corrected in ISC DHCP: dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message . Add ... oval:org.secpod.oval:def:301004 A vulnerability has been found and corrected in xrdb: xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP or XDMCP message . Packages for 2009.0 are provided as of the Extended Ma ... oval:org.secpod.oval:def:300394 A vulnerability has been found and corrected in libuser: libuser before 0.57 uses a cleartext password value of !! or x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values . Packages for 2009.0 are provided as of the Extended Ma ... oval:org.secpod.oval:def:300168 Multiple vulnerabilities has been found and corrected in libesmtp: libESMTP, probably 1.0.4 and earlier, does not properly handle a \"\0\" character in a domain name in the subject"s Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers ... oval:org.secpod.oval:def:300200 A vulnerability has been found and corrected in apache-mod_auth_shadow: A race condition was found in the way mod_auth_shadow used an external helper binary to validate user credentials . A remote attacker could use this flaw to bypass intended access restrictions, resulting in ability to view and p ... oval:org.secpod.oval:def:300215 Multiple vulnerabilities has been discovered and corrected in Path.pm and Safe.pm which could lead to escalated privilegies . The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301132 A vulnerability was discovered and corrected in automake: The dist or distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions to directories in the build ... oval:org.secpod.oval:def:301180 A vulnerability has been found and corrected in virtualbox: Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service on the guest OS via unknown vectors . ... oval:org.secpod.oval:def:300195 Security issues were identified and fixed in firefox and mozilla-thinderbird: Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, w ... oval:org.secpod.oval:def:300258 Security issues were identified and fixed in mozilla-thunderbird: Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system"s font implementati ... oval:org.secpod.oval:def:300201 Security issues were identified and fixed in firefox: Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by th ... oval:org.secpod.oval:def:300361 Security issues were identified and fixed in firefox: Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by th ... oval:org.secpod.oval:def:300296 Security issues were identified and fixed in firefox: Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by th ... oval:org.secpod.oval:def:300248 Security issues were identified and fixed in firefox: Security researcher regenrecht reported a potential reuse of a deleted image frame in Firefox 3.6"s handling of multipart/x-mixed-replace images. Although no exploit was shown, re-use of freed memory has led to exploitable vulnerabilities in the ... oval:org.secpod.oval:def:300328 A security issue was identified and fixed in mozilla-thunderbird: Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by ... oval:org.secpod.oval:def:300221 A vulnerability was discovered and corrected in xulrunner: Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Be ... oval:org.secpod.oval:def:300079 Security issues were identified and fixed in mozilla-thunderbird: The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mo ... oval:org.secpod.oval:def:300075 Security issues were identified and fixed in firefox: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject"s Common Name field of an X.509 certificate, which might allow man-i ... oval:org.secpod.oval:def:300125 This updates provides a security update to the OpenOffice.org described as follow: OpenOffice"s xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use ... oval:org.secpod.oval:def:301216 A vulnerability was discovered and corrected in libtool: All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code . This advisory fixes this issue. Additionally, all applications embedding ... oval:org.secpod.oval:def:300165 A vulnerability has been discovered and corrected in fastjar: Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. in a non-initial pathname component in a filename within a .jar archive, a ... oval:org.secpod.oval:def:301149 Ovidiu Mara reported a vulnerability in ping.c that could cause ping to hang when responding to a malicious echo reply . The updated packages have been patched to correct these issues. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300420 A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with CCITT Group 4 encoding . Additionally it was discovered that the fixes for CVE-2009-2347 and CVE-2010-2065 were incomplete for Mandriva Linu ... oval:org.secpod.oval:def:300054 A vulnerability has been found and corrected in curl: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial o ... oval:org.secpod.oval:def:300310 This advisory updates wireshark to the latest version , fixing one security issue: Heap-based buffer overflow in the dissect_ldss_transfer function in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service and possibly exec ... oval:org.secpod.oval:def:300401 A vulnerability has been found and corrected in wireshark: Buffer overflow in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding compression . The update ... oval:org.secpod.oval:def:300280 This advisory updates wireshark to the latest version, fixing several bugs and one security issue: The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service via a malformed packet trace file . oval:org.secpod.oval:def:300425 A vulnerability was discovered and corrected in vsftpd: The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-20 ... oval:org.secpod.oval:def:301003 A vulnerability has been found and corrected in libtiff: The libtiff OJPEG decoder contains a heap buffer overflow when decoding certain malformed data . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301011 This advisory updates wireshark to the latest version , fixing several security issues: The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service via a crafted .pcap ... oval:org.secpod.oval:def:300442 A vulnerability has been found and corrected in kdelibs4: kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL ser ... oval:org.secpod.oval:def:301001 A vulnerability has been found and corrected in kdelibs4: Cross-site scripting vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to a ... oval:org.secpod.oval:def:300433 A vulnerability wase discovered and corrected in rsync: rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service or possibly execute arbitrary code via malformed data . Packages for 2009.0 are provided as of t ... oval:org.secpod.oval:def:300432 Multiple vulnerabilities were discovered and corrected in logrotate: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place . The shred_file function in logrotate ... oval:org.secpod.oval:def:300006 A null pointer dereference due to receiving a short packet for a direct connection in the MSN code could potentially cause a denial of service. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300387 A vulnerability has been found and corrected in wireshark: Buffer overflow in the MAC-LTE dissector in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of RARs . The updated packages h ... oval:org.secpod.oval:def:300415 A vulnerability has been found and corrected in mailman: Multiple cross-site scripting vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the full name or username field in a confirmation message . Packages for 200 ... oval:org.secpod.oval:def:300427 Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk: The JNLP SecurityManager in IcedTea 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might ... oval:org.secpod.oval:def:300409 Multiple vulnerabilities were discovered and corrected in OpenOffice.org: Multiple directory traversal vulnerabilities allow remote attackers to overwrite arbitrary files via a .. in an entry in an XSLT JAR filter description file, an Extension file, or unspecified other JAR or ZIP files . Use-aft ... oval:org.secpod.oval:def:300419 A vulnerability has been found and corrected in pango: It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph, where possibly untrusted input is used as an index used for accessing ... oval:org.secpod.oval:def:300332 A vulnerability has been discovered and corrected in pango: Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service via a crafted font file, related to building a synt ... oval:org.secpod.oval:def:300411 A vulnerability has been found and corrected in eclipse: Multiple cross-site scripting vulnerabilities in the Help Contents web application in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to help/index.jsp or help/advanced/content.js ... oval:org.secpod.oval:def:300399 Multiple vulnerabilities has been found and corrected in subversion: The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service via vectors that trigger the walk ... oval:org.secpod.oval:def:300067 A vulnerability was discovered and corrected in freetype2: Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs ... oval:org.secpod.oval:def:300151 A vulnerability has been found and corrected in libHX: Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service via a string that is inconsistent with the expected number of fields . The update ... oval:org.secpod.oval:def:300118 A vulnerability has been discovered and corrected in freetype2: Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially-crafted font file that, when opened, would cause an applic ... oval:org.secpod.oval:def:300246 A vulnerability has been found and corrected in libtiff: libtiff allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted TIFF image . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300023 Multiple vulnerabilities has been discovered and corrected in libtiff: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service via a crafted TIFF image tha ... oval:org.secpod.oval:def:300065 Multiple vulnerabilities has been discovered and corrected in samba: The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Sessi ... oval:org.secpod.oval:def:300141 A vulnerability were discovered and corrected in coreutils: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp . Packages for 2008.0 are provided for Corporate Desktop 2008.0 custo ... oval:org.secpod.oval:def:300043 A vulnerability has been found and corrected in krb5: Certain invalid GSS-API tokens can cause a GSS-API acceptor to crash due to a null pointer dereference in the GSS-API library . Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated p ... oval:org.secpod.oval:def:301153 Multiple vulnerabilities were discovered and corrected in proftpd: Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory t ... oval:org.secpod.oval:def:300895 Multiple vulnerabilities was discovered and corrected in postgresql: NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificat ... oval:org.secpod.oval:def:300047 Multiple vulnerabilities was discovered and corrected in postgresql: The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving a negative integer ... oval:org.secpod.oval:def:300426 Multiple vulnerabilities has been identified and fixed in pidgin: It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed b ... oval:org.secpod.oval:def:300398 It was discovered that t1lib suffered from the same vulnerability as previousely addressed in Evince with MDVSA-2011:005 . As a precaution t1lib has been patched to address this flaw. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300391 It was discovered that tetex suffered from the same vulnerability as previousely addressed in Evince with MDVSA-2011:005 . As a precaution tetex has been patched to address this flaw. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300219 A vulnerability has been found and corrected in wget: GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wget ... oval:org.secpod.oval:def:300400 A vulnerability has been found and corrected in pcsc-lite: Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset Handler for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service and poss ... oval:org.secpod.oval:def:300134 A vulnerability has been found and corrected in ruby: WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to mo ... oval:org.secpod.oval:def:300436 The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root ... oval:org.secpod.oval:def:300149 A vulnerability in the GNU C library was discovered which could escalate the privilegies for local users . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:301119 Multiple vulnerabilities has been found and corrected in tomcat5: When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate ... oval:org.secpod.oval:def:300370 Multiple vulnerabilities was discovered and corrected in postgresql: An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Pr ... oval:org.secpod.oval:def:300275 Multiple vulnerabilities were discovered and corrected in pam: The pam_xauth module did not verify the return values of the setuid and setgid system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file . The ... oval:org.secpod.oval:def:300437 Multiple vulnerabilities has been identified and fixed in ffmpeg: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bound ... oval:org.secpod.oval:def:300956 A vulnerability was discovered and corrected in gimp: Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow . This u ... oval:org.secpod.oval:def:300396 Multiple vulnerabilities has been found and corrected in MHonArc: MHonArc 2.6.16 allows remote attackers to cause a denial of service via start tags that are placed within other start tags, as demonstrated by a &lt;bo&lt;bo&lt;bo&lt;bo&lt;body&gt;dy&gt;dy&gt;dy&g ... oval:org.secpod.oval:def:301188 A vulnerability has been discovered and corrected in libmikmod: Multiple heap-based buffer overflows might allow remote attackers to execute arbitrary code via crafted samples or crafted instrument definitions in an Impulse Tracker file . Packages for 2008.0 and 2009.0 are provided as of the Exten ... oval:org.secpod.oval:def:300254 A denial of service attack against apr_brigade_split_line was discovered in apr-util . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300313 Multiple vulnerabilities has been found and corrected in mozilla-thunderbird: Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010 . ... oval:org.secpod.oval:def:300107 Security issues were identified and fixed in firefox: An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a temporary footprint when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoof ... oval:org.secpod.oval:def:300033 Security issues were identified and fixed in firefox: layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted HTML ... oval:org.secpod.oval:def:300232 A vulnerability in the GNU C library was discovered which could escalate the privilegies for local users . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300309 Multiple vulnerabilities has been found and corrected in php: * Improved LCG entropy. * Fixed safe_mode validation inside tempnam when the directory path does not end with a /(Martin Jansen(Ilia oval:org.secpod.oval:def:300418 A vulnerability has been found and corrected in samba: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code t ... oval:org.secpod.oval:def:300443 A vulnerability was discovered and corrected in subversion: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service via a request that contains a lock token . Additionally for Corporate Server 4 and E ... oval:org.secpod.oval:def:301183 A vulnerability was discovered and corrected in openssl: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of an unint ... oval:org.secpod.oval:def:301072 A vulnerability has been found and corrected in openssl: Incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications ... oval:org.secpod.oval:def:301174 A vulnerability was discovered in openssl that causes a race condition within the TLS extension parsing code and which can be exploited to cause a heap-based buffer overflow . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300226 A race condition has been found in fuse that could escalate privileges for local users and lead to a DoS . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:300154 A vulnerability has been found in ncpfs which can be exploited by local users to disclose potentially sensitive information, cause a DoS , and potentially gain escalated privileges . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to co ... oval:org.secpod.oval:def:300063 Multiple vulnerabilities was discovered and corrected in the OpenOffice.org: Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow . Heap-based buffer overflow allows remote attackers to cause a denial of service or poss ... oval:org.secpod.oval:def:301133 Multiple vulnerabilities has been found and corrected in tomcat5: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. in an entry in a WAR file, as demonstrated by a ../../bin/catali ... oval:org.secpod.oval:def:300027 This advisory updates wireshark to the latest 1.2.5 version, fixing several bugs and two security issues: - The SMB and SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service via a crafted packet - Buffer overflow in the daintree_sna_read function in ... oval:org.secpod.oval:def:300674 A vulnerability was discovered and corrected in gimp: Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow . Additionally the patch for ... oval:org.secpod.oval:def:301157 A vulnerability have been discovered and corrected in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows remote attackers to cause a denial of service via a crafted DNS packet that only contains a header . This update provides a fix to this vulnerability. oval:org.secpod.oval:def:300068 A vulnerability has been found and corrected in ghostscript: Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file . Packages for 2008.0 and 2009.0 are provided due to the Extended Ma ... oval:org.secpod.oval:def:301007 Chris Evans of the Chrome Security Team reported that the XSLT generate-id function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploitin ... oval:org.secpod.oval:def:301025 It was discovered that the fix for CVE-2011-0419 under certain conditions could cause a denial-of-service attack in APR . Packages for 2010.0 are provided as of the Extended Maintenance Program. Update: Packages for Mandriva Linux 2010.0 were missing with the MDVSA-2011:095 advisory. oval:org.secpod.oval:def:301009 A vulnerability has been found and corrected in kdenetwork4: Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. in the name attribut ... oval:org.secpod.oval:def:300404 A vulnerability was discovered and corrected in postgresql: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to ca ... oval:org.secpod.oval:def:301106 Multiple vulnerabilities has been found and corrected in sudo: A a patch for parse.c in sudo does not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain r ... oval:org.secpod.oval:def:300306 Multiple vulnerabilies has been found and corrected in samba: client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the device name and mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string . client/mount ... oval:org.secpod.oval:def:300153 Multiple vulnerabilies has been found and corrected in samba: client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the device name and mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string . client/mount ... oval:org.secpod.oval:def:301006 Security issues were identified and fixed in mozilla-thunderbird: Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether ... oval:org.secpod.oval:def:300422 Cross-site request forgery vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different w ... oval:org.secpod.oval:def:300421 Security issues were identified and fixed in mozilla-thunderbird: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service or possibl ... oval:org.secpod.oval:def:300302 Multiple vulnerabilities were discovered and corrected in mysql: * During evaluation of arguments to extreme-value functions , type errors did not propagate properly, causing the server to crash . * The server could crash after materializing a derived table that required a temporary table for groupi ... oval:org.secpod.oval:def:300430 Multiple vulnerabilities were discovered and corrected in libtiff: Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding . Heap-based buffer overflow in the thunder decoder in tif_thunder.c in LibTIFF 3 ... oval:org.secpod.oval:def:300316 A vulnerability has been found and corrected in mysql: It was possible for DROP TABLE of one MyISAM table to remove the data and index files of a different MyISAM table . Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have ... oval:org.secpod.oval:def:300438 It was discovered that the /etc/cron.d/php cron job for php-session allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300102 This advisory updates wireshark to the latest version, fixing several security issues: Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors . Buffer overflow in the SigComp Universal Decompressor Virtual M ... oval:org.secpod.oval:def:300364 Multiple vulnerabilities has been found and corrected in mysql: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements t ... oval:org.secpod.oval:def:300255 This advisory updates wireshark to the latest version, fixing several security issues: * The SMB dissector could dereference a NULL pointer. * J. Oquendo discovered that the ASN.1 BER dissector could overrun the stack. * The SMB PIPE dissector could dereference a NULL pointer on some platforms. * T ... oval:org.secpod.oval:def:300388 A vulnerability has been found and corrected in hplip: A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it ... oval:org.secpod.oval:def:300265 A vulnerability was discovered in mysql which would permit mysql users without any kind of privileges to use the UNINSTALL PLUGIN function. A problem was discovered in the mysqld init script which under certain circumstances could cause the service to exit too quickly, giving the [ OK ] status and b ... oval:org.secpod.oval:def:300260 A vulnerabilitiy has been found and corrected in mysql: MySQL is vulnerable to a symbolic link attack when the data home directory contains a symlink to a different filesystem which allows remote authenticated users to bypass intended access restrictions . The updated packages have been patched to c ... oval:org.secpod.oval:def:300163 Multiple vulnerabilities has been found and corrected in mysql: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service via an ALTER DATABASE command with a #mysql50# string followed by a . , .. , ../ or similar sequence, and an UPGRADE DAT ... oval:org.secpod.oval:def:300307 Multiple vulnerabilities has been found and corrected in mailman: Multiple cross-site scripting vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving the list information field or the list description field . ... oval:org.secpod.oval:def:300214 A vulnerabilitiy has been found and corrected in mozilla-thunderbird: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use ... oval:org.secpod.oval:def:300577 Security issues were identified and fixed in firefox 3.5.x: Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla"s string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code con ... oval:org.secpod.oval:def:300344 A vulnerability was discovered and corrected in libmbfl : * Fix bug #53273 . The updated packages have been patched to correct these issues. Update: The MDVSA-2010:225 advisory used the wrong patch to address the problem, however it did fix the issue. This advisory provides the correct upstream pat ... oval:org.secpod.oval:def:300358 A vulnerability was discovered and corrected in libmbfl : * Fix bug #53273 . The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:300128 A vulnerabilitiy has been found and corrected in apache: The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service via a request that lacks a path . Packages for 2008.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300750 Security issues were identified and fixed in firefox 3.5.x: liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service or execute arbitrary code via unspecified vectors, related to memory safety issues. Integer o ... oval:org.secpod.oval:def:301089 Multiple vulnerabilities has been identified and fixed in php: The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service via an ... oval:org.secpod.oval:def:300253 A vulnerability was discovered and corrected in php: A flaw in ext/xml/xml.c could cause a cross-site scripting vulnerability . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300146 A vulnerability was discovered and corrected in krb5: An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of using a single-use ... oval:org.secpod.oval:def:300140 Multiple vulnerabilities was discovered and corrected in kdelibs4: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \"\0\" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL se ... oval:org.secpod.oval:def:300158 A vulnerability has been found and corrected in samba: Stack-based buffer overflow in the sid_parse and dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Windows Security ID on a file share . The u ... oval:org.secpod.oval:def:300035 Multiple vulnerabilities were discovered and corrected in php: Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service via a long e-mail address stri ... oval:org.secpod.oval:def:300177 A vulnerability was discovered and corrected in subversion: authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule ... oval:org.secpod.oval:def:300051 An integer overflow has been found and corrected in bzip2 which could be exploited by using a specially crafted bz2 file and cause a denial of service attack . Additionally clamav has been upgraded to 0.96.2 and has been patched for this issue. perl-Compress-Bzip2 in MES5 has been linked against the ... oval:org.secpod.oval:def:300077 A vulnerability was discovered and corrected in libxml2: A double free vulnerability in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling . Packages for 2009.0 are provided as of the Extended Maintenance Prog ... oval:org.secpod.oval:def:300194 Multiple vulnerabilities were discovered and corrected in freetype2: An error within the "Ins_SHZ" function in src/truetype/ttinterp.c when handling the "SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted fon ... oval:org.secpod.oval:def:300193 A possible double free flaw was found in the imap extension for php . A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could case a segmention fault . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:300191 A vulnerability was discovered and corrected in libxml2: libxml2 before 2.7.8 reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service via a crafted XML document . Packages for 2009.0 are provided as ... oval:org.secpod.oval:def:300424 This advisory updates wireshark to the latest version , fixing several security issues: Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service or possibly have unspecified ... oval:org.secpod.oval:def:300239 A vulnerability have been discovered and corrected in netpbm: Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via an XPM image file that contains a crafted header fie ... oval:org.secpod.oval:def:300243 A vulnerability has been found and corrected in git: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy . The updated packages have been patched to correct this ... oval:org.secpod.oval:def:300416 A vulnerability has been found and corrected in avahi: avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service via an empty IPv4 or IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244 . ... oval:org.secpod.oval:def:300380 A vulnerability was discovered and corrected in avahi: The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a diffe ... oval:org.secpod.oval:def:300244 Multiple vulnerabilities has been discovered and fixed in tetex: Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service via a long .bib bibliography file . Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and P ... oval:org.secpod.oval:def:301155 A vulnerability was discovered and corrected in the Linux 2.6 kernel: The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which al ... oval:org.secpod.oval:def:300101 A security vulnerability has been identified and fixed in pidgin: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. in an application/x-msnmsgrp2p MSN emoticon request, a relat ... oval:org.secpod.oval:def:300347 Multiple security vulnerabilities has been identified and fixed in pidgin: Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly . In a user in a multi-user chat room has a nickname containing "<br>" t ... oval:org.secpod.oval:def:300123 A security vulnerability has been identified and fixed in pidgin: The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service via a custom emoticon in a malformed SLP message . Packages for 2008.0 and 200 ... oval:org.secpod.oval:def:300017 A security vulnerability has been identified and fixed in pidgin: It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode. Invalid or malformed data received in place of a valid base64-encoded ... oval:org.secpod.oval:def:300020 A security vulnerability has been identified and fixed in pidgin: The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service via an X-Status message that lacks the expected end tag for ... oval:org.secpod.oval:def:300257 Some vulnerabilities were discovered and corrected in bind: The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when recei ... oval:org.secpod.oval:def:300057 A vulnerability has been found and corrected in transmission: Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. in a pathname within a .torrent file . The updated packages have bee ... oval:org.secpod.oval:def:301164 Some vulnerabilities were discovered and corrected in openssl: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service via vectors that trigger incorrect calls to the CR ... oval:org.secpod.oval:def:300036 A vulnerability has been discovered and corrected in gnupg2: Importing a certificate with more than 98 Subject Alternate Names via GPGSM"s import command or implicitly while verifying a signature causes GPGSM to reallocate an array with the names. The bug is that the reallocation code misses assigni ... oval:org.secpod.oval:def:300157 Multiple vulnerabilities has been found and corrected in mozilla-thunderbird: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script"s URL in cer ... oval:org.secpod.oval:def:300196 Multiple vulnerabilities has been found and corrected in cups: CUPS in does not properly handle HTTP headers and HTML templates, which allows remote attackers to conduct cross-site scripting attacks and HTTP response splitting attacks via vectors related to the product"s web interface, the conf ... oval:org.secpod.oval:def:300543 A vulnerability was discovered and corrected in dovecot: Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the bas ... oval:org.secpod.oval:def:301141 This is a maintenance and security update that upgrades php to 5.3.4 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.4: * Paths with NULL in them are now considered as invalid . * Fixed bug #53512 Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436, CVE-2010-3709, CVE-2010- ... oval:org.secpod.oval:def:300317 A vulnerabilitiy has been found and corrected in apache: mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR . Packages for 2008.0 are provided for Corporate Desktop 2008.0 ... oval:org.secpod.oval:def:300325 Multiple vulnerabilities has been found and corrected in libpng: Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service via a crafted PNG file oval:org.secpod.oval:def:300338 A vulnerabilitiy has been found and corrected in apache: The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a b ... oval:org.secpod.oval:def:300225 Multiple vulnerabilities were discovered and corrected in cups: Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings . The _WriteProlog function in texttops.c in texttops in th ... oval:org.secpod.oval:def:300108 Multiple vulnerabilities has been found and corrected in gzip: A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspect ... oval:org.secpod.oval:def:300229 Multiple vulnerabilities has been discovered and corrected in openldap: The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary cod ... oval:org.secpod.oval:def:300106 Multiple vulnerabilities has been found and corrected in mysql: The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table- ... oval:org.secpod.oval:def:300359 A vulnerability has been found and corrected in libpng: The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, ... oval:org.secpod.oval:def:301184 This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.3: * Rewrote var_export to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs . * Fixed a possible resource destruction issues ... oval:org.secpod.oval:def:300010 Multiple vulnerabilities has been found and corrected in freetype2: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a c ... oval:org.secpod.oval:def:300080 A vulnerability has been found and corrected in php: The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service and possibly have unspecifi ... oval:org.secpod.oval:def:300208 A vulnerability has been found and corrected in php: The htmlspecialchars function in PHP before 5.2.12 does not properly handle overlong UTF-8 sequences, invalid Shift_JIS sequences, and invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting attacks by placing a ... oval:org.secpod.oval:def:300962 Some vulnerabilities were discovered and corrected in bind: Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled , allows remote attackers to conduct ... oval:org.secpod.oval:def:300323 Multiple vulnerabilities has been found and corrected in python: Multiple integer overflows in audioop.c in the audioop module in Ptthon allow context-dependent attackers to cause a denial of service via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first ... oval:org.secpod.oval:def:300320 Multiple vulnerabilities was discovered and corrected in python: The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept ... oval:org.secpod.oval:def:300484 A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service via an XML document with malformed UTF-8 sequences that trigger a buff ... oval:org.secpod.oval:def:300164 A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service via an XML document with malformed UTF-8 sequences that trigger a buff ... oval:org.secpod.oval:def:301143 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux 5 and 6, does not properly remove POSIX locks on files that are setgid wi ... oval:org.secpod.oval:def:301168 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The ATI Rage 128 driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine state initialization, which allows local users to cause a denial of service or possibly gain privileges vi ... oval:org.secpod.oval:def:300072 A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service via an XML document with malformed UTF-8 sequences that trigger a buff ... oval:org.secpod.oval:def:300084 A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service via an XML document with malformed UTF-8 sequences that trigger a buff ... oval:org.secpod.oval:def:301170 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCT ... oval:org.secpod.oval:def:300668 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddpN device is not found, allows remote attackers to cause ... oval:org.secpod.oval:def:300111 A security vulnerability has been identified and fixed in sendmail: sendmail before 8.14.4 does not properly handle a "\0" character in a Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate ... oval:org.secpod.oval:def:301167 Multiple Java OpenJDK security vulnerabilities has been identified and fixed: - TLS: MITM attacks via session renegotiation . - Loader-constraint table allows arrays instead of only the b ase-classes . - Policy/PolicyFile leak dynamic ProtectionDomains. - File TOCTOU deserialization vulnerability . ... oval:org.secpod.oval:def:301166 A vulnerability has been found and corrected in krb5: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service via a request from a kadmin client that sends an invalid API version numb ... oval:org.secpod.oval:def:300542 A vulnerability was discovered and corrected in apache: Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-sess ... oval:org.secpod.oval:def:300110 A vulnerability has been found and corrected in nss: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Securi ... oval:org.secpod.oval:def:301210 A vulnerability has been identified and corrected in proftpd: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Netwo ... oval:org.secpod.oval:def:301159 This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service via a malformed record in a TLS connection - OpenSSL before 0.9.8m does not check for a NULL return value from ... oval:org.secpod.oval:def:300685 A vulnerability has been found and corrected in ntp: Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A r ... oval:org.secpod.oval:def:301012 It was discovered that the apr_fnmatch function used an unconstrained recursion when processing patterns with the &#039;*&#039; wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching , to exhaust al ... oval:org.secpod.oval:def:300095 Multiple vulnerabilities was discovered and fixed in glibc: Multiple integer overflows in the strfmon implementation in the GNU C Library 2.10.1 and earlier allow context-dependent attackers to cause a denial of service via a crafted format string, as demonstrated by a crafted first argument to th ... oval:org.secpod.oval:def:301223 Some vulnerabilities were discovered and corrected in php-5.3.1: - Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. - Added missing sanity checks around exif processing. - ... |
