MDKSA-2006:019 - Updated kdelibs packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:019 http://www.mandriva.com/security/ ___ Package : kdelibs Date: January 20, 2006 Affected: 2006.0, Corporate 3.0 ___ Problem Description: A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpretter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019 ___ Updated Packages: Mandriva Linux 2006.0: 6d11e781a5112ab7d2c991df1bca4c0d 2006.0/RPMS/kdelibs-common-3.4.2-31.3.20060mdk.i586.rpm 09ddb324793a6af1e5bb55912896a9a1 2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.3.20060mdk.i586.rpm 6211efda291f9327ed98d3aca442b1f0 2006.0/RPMS/libkdecore4-3.4.2-31.3.20060mdk.i586.rpm 77f643da674997a6ae38acd761f3016a 2006.0/RPMS/libkdecore4-devel-3.4.2-31.3.20060mdk.i586.rpm 57fb02e73896d75f28d9f9aad5f5dfef 2006.0/SRPMS/kdelibs-3.4.2-31.3.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 84b25eefbb6fa383dbc4ccf92c873f74 x86_64/2006.0/RPMS/kdelibs-common-3.4.2-31.3.20060mdk.x86_64.rpm c3e42fe27e73df2da68ba768f0dbee4c x86_64/2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.3.20060mdk.x86_64.rpm a6a7258b0990a09b099e039f54db18bb x86_64/2006.0/RPMS/lib64kdecore4-3.4.2-31.3.20060mdk.x86_64.rpm 62a2e822dab43b67f7cdfb9258725d2b x86_64/2006.0/RPMS/lib64kdecore4-devel-3.4.2-31.3.20060mdk.x86_64.rpm 6211efda291f9327ed98d3aca442b1f0 x86_64/2006.0/RPMS/libkdecore4-3.4.2-31.3.20060mdk.i586.rpm 77f643da674997a6ae38acd761f3016a x86_64/2006.0/RPMS/libkdecore4-devel-3.4.2-31.3.20060mdk.i586.rpm 57fb02e73896d75f28d9f9aad5f5dfef x86_64/2006.0/SRPMS/kdelibs-3.4.2-31.3.20060mdk.src.rpm Corporate 3.0: e3b716c3fef88118742882a139d589fa corporate/3.0/RPMS/kdelibs-common-3.2-36.15.C30mdk.i586.rpm 439b0acb1afd62c8f894317ad5922557 corporate/3.0/RPMS/libkdecore4-3.2-36.15.C30mdk.i586.rpm 77e5302db914631a223c7fb6a55c623b corporate/3.0/RPMS/libkdecore4-devel-3.2-36.15.C30mdk.i586.rpm 8399789d3975218e919c7544cf4fff41 corporate/3.0/SRPMS/kdelibs-3.2-36.15.C30mdk.src.rpm Corporate 3.0/X86_64: 04d568123ae0f632020b16d7ca3c79b5 x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.15.C30mdk.x86_64.rpm 6c0451aa188253c07d9865880cb32c35 x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.15.C30mdk.x86_64.rpm 22160903e03c77c575a84ed9ef045ac6 x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.15.C30mdk.x86_64.rpm 439b0acb1afd62c8f894317ad5922557 x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.15.C30mdk.i586.rpm 8399789d3975218e919c7544cf4fff41 x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.15.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD0Wo/mqjQ0CJFipgRAmZ5AJwIj2pNBFllFW3SJGKuFTtDxynGqACg0D5Q gtPHEfoCPKr+iAPlyii2ugE= =6CJe -END PGP SIGNATURE-
MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:018 http://www.mandriva.com/security/ ___ Package : kernel Date: January 20, 2006 Affected: 2006.0 ___ Problem Description: A number of vulnerabilites have been corrected in the Linux kernel: A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783). The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784). A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805). The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifes the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806). An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808). As well, other bugfixes are included in this update: Fixes to swsup and HDA sound fixes (DMA buffer fixes, and fixes for the AD1986a codec, added support for Nvidia chipsets, and new model information for the Gigabyte K8N51). MCP51 forcedeth support has been added. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3527 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3808 ___ Updated Packages: Mandriva Linux 2006.0: c71acedddee438c177e44c59ace9231c 2006.0/RPMS/kernel-2.6.12.15mdk-1-1mdk.i586.rpm be94c46555066619429aba3c11e88c49 2006.0/RPMS/kernel-i586-up-1GB-2.6.12.15mdk-1-1mdk.i586.rpm 0506cd9f49c7fa8998ea9611c22fa33b 2006.0/RPMS/kernel-i686-up-4GB-2.6.12.15mdk-1-1mdk.i586.rpm bdc7d06043c6a98a1a9d1baee3bc47dd 2006.0/RPMS/kernel-smp-2.6.12.15mdk-1-1mdk.i586.rpm e4283335d3c3f2ff679dbaf672e2a288 2006.0/RPMS/kernel-source-2.6-2.6.12-15mdk.i586.rpm 4114739c58dd249e23afbde019ecf5e7 2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-15mdk.i586.rpm f9f5deb668cfdaf90f66a50de54e8e54 2006.0/RPMS/kernel-xbox-2.6.12.15mdk-1-1mdk.i586.rpm bc0bade8d53184908296fac79fc07724 2006.0/RPMS/kernel-xen0-2.6.12.15mdk-1-1mdk.i586.rpm 8e4f4040d6b08d25cf323a451301cfe6 2006.0/RPMS/kernel-xenU-2.6.12.15mdk-1-1mdk.i586.rpm 786b6c30ae9c052de3a856d8933fe2fd 2006.0/SRPMS/kernel-2.6.12.15mdk-1-1mdk.src.rpm Mandriva Linux 2006.0/X86_64: cf1e06a1f851f40a4298b9d7f8135da5 x86_64/2006.0/RPMS/kernel-2.6.12.15mdk-1-1mdk.x86_64.rpm 00a15f173dc072f60c810b8d513987c9 x86_64/2006.0/RPMS/kernel-smp-2.6.12.15mdk-1-1mdk.x86_64.rpm b82e5e65bb03c557a3d1f6f3145a58cd x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-15mdk.x86_64.rpm 6ed321add133142fb3f597e004c9747f x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-15mdk.x86_64.rpm 786b6c30ae9c052de3a856d8933fe2fd x86_64/2006.0/SRPMS/kernel-2.6.12.15mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD0Q4XmqjQ0CJFipgRAr2hAJ91vhSFOR0gbGWyhJ1HEiMdKMaJqgCeLoyJ
MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:017 http://www.mandriva.com/security/ ___ Package : mod_auth_ldap Date: January 19, 2006 Affected: Corporate 2.1 ___ Problem Description: A format string flaw was discovered in the way that auth_ldap logs information which may allow a remote attacker to execute arbitrary code as the apache user if auth_ldap is used for authentication. This update provides version 1.6.1 of auth_ldap which corrects the problem. Only Corporate Server 2.1 shipped with a supported auth_ldap package. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0150 ___ Updated Packages: Corporate Server 2.1: a579c887e48daaa8281ecdc4e1381fa0 corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.i586.rpm 3af337e3989aed18d9c6e634ecb3e47b corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm Corporate Server 2.1/X86_64: b3c27d91b6fa68e557507318c8e18f0c x86_64/corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.x86_64.rpm 3af337e3989aed18d9c6e634ecb3e47b x86_64/corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDz9lvmqjQ0CJFipgRAhbvAKDejWx5RUTciABT7qVXho9XOyOH5ACgsi58 FLI7qZytVoR7yezzkdYV47M= =GvY0 -END PGP SIGNATURE-
MDKSA-2006:014 - Updated wine packages fix WMF vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:014 http://www.mandriva.com/security/ ___ Package : wine Date: January 16, 2006 Affected: 2006.0, Corporate 3.0 ___ Problem Description: A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly resulting in the execution of arbitrary code with the privileges of the user runing Wine. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106 ___ Updated Packages: Mandriva Linux 2006.0: d4f3baabbba81f1bad315bc79dad7e9c 2006.0/RPMS/libwine1-20050725-6.1.20060mdk.i586.rpm fc810c3d98a537fce73977c5aa6912ea 2006.0/RPMS/libwine1-capi-20050725-6.1.20060mdk.i586.rpm 5663e266c34853af09f421897bd778c7 2006.0/RPMS/libwine1-devel-20050725-6.1.20060mdk.i586.rpm 27052e10ffe276948b7902d9a72aba9a 2006.0/RPMS/libwine1-twain-20050725-6.1.20060mdk.i586.rpm 02f66be98c0d8bde52bcfeb4e4a4ce2d 2006.0/RPMS/wine-20050725-6.1.20060mdk.i586.rpm 37780f9798d8da0c4de0a996f65b41b9 2006.0/SRPMS/wine-20050725-6.1.20060mdk.src.rpm Corporate 3.0: a22d48d27955a0b5c8cf7c872a5332ea corporate/3.0/RPMS/libwine1-20040213-3.1.C30mdk.i586.rpm b0214de7c0416e65330c2aa07c7de5ad corporate/3.0/RPMS/libwine1-capi-20040213-3.1.C30mdk.i586.rpm d9abcd416d2bb0f3d1b892f3c58d3432 corporate/3.0/RPMS/libwine1-devel-20040213-3.1.C30mdk.i586.rpm 6495fbac8ea70deab3b8401b3d83f12d corporate/3.0/RPMS/libwine1-twain-20040213-3.1.C30mdk.i586.rpm 5659cd4b240da12ed15644da93c81723 corporate/3.0/RPMS/wine-20040213-3.1.C30mdk.i586.rpm c32125932c612311afa5c930af3869ab corporate/3.0/RPMS/wine-utils-20040213-3.1.C30mdk.i586.rpm 4611ae314fd47a15f540e1d15021e79d corporate/3.0/SRPMS/wine-20040213-3.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDzAZmmqjQ0CJFipgRAsTIAKCdC5LN/aFvdUrLN6EkdBJhcodGkgCglH2/ ElJAar9JZJxnyaVn7VJyOKA= =Gsty -END PGP SIGNATURE-
MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities
/2006.0/RPMS/lib64hylafax4.2.0-devel-4.2.1-2.2.20060mdk.x86_64.rpm 7fa7882271a6486bb797a21ac3621d3c x86_64/2006.0/SRPMS/hylafax-4.2.1-2.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDzAdFmqjQ0CJFipgRAjaCAJ9+YadU465+YmVz9cUfxAGJ1oqYVwCgt/q8 MwhJKlk2ExogvsgfpBxFCy8= =7hXf -END PGP SIGNATURE-
MDKSA-2006:016 - Updated clamav packages fix vulnerability
/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.i586.rpm ebda4c6c4e070ae0b02327f64ce5f8c1 corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.i586.rpm 2343c8e3cb71f9c1f94a04ea153df0b0 corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.i586.rpm 9b9516676a908e9706070f924d127241 corporate/3.0/RPMS/libclamav1-0.88-0.1.C30mdk.i586.rpm 66c4f79955843bb0dab60021eeda4b89 corporate/3.0/RPMS/libclamav1-devel-0.88-0.1.C30mdk.i586.rpm e670f8e1032dd9cbf38479f5bc695730 corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: cb622db3837b0019ee05fab5b93b3a73 x86_64/corporate/3.0/RPMS/clamav-0.88-0.1.C30mdk.x86_64.rpm e35b47f2bb233a6a63da9111f33d34b1 x86_64/corporate/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.x86_64.rpm 0bd8f3b55cdf12eb23e1450a116f42d1 x86_64/corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.x86_64.rpm c03051f1e521db11b0604ed123caaa24 x86_64/corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.x86_64.rpm d9ad3e9cf881de0185cf58ae80c89391 x86_64/corporate/3.0/RPMS/lib64clamav1-0.88-0.1.C30mdk.x86_64.rpm 0148db41a8e5724cd229ea866b7037ad x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88-0.1.C30mdk.x86_64.rpm e670f8e1032dd9cbf38479f5bc695730 x86_64/corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDzAsDmqjQ0CJFipgRAn+hAKC+LqIePeyGT996WlgEHRz08tKDmgCeLkl9 fRY6yzxeFm2/EAO5B9Q3/to= =F+a3 -END PGP SIGNATURE-
MDKSA-2006:013 - Updated kolab packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:013 http://www.mandriva.com/security/ ___ Package : kolab-resource-handlers Date: January 12, 2006 Affected: 2006.0 ___ Problem Description: A problem exists in how the Kolab Server transports emails bigger than 8KB in size and if a dot (.) character exists in the wrong place. If these conditions are met, kolabfilter will double this dot and a modified email will be delivered, which could lead to broken clear-text signatures or broken attachments. The updated packages have been patched to correct these problems. ___ References: http://kolab.org/security/kolab-vendor-notice-07.txt ___ Updated Packages: Mandriva Linux 2006.0: 0ac77fdb0776f06f40dd8ba0ed30d317 2006.0/RPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.noarch.rpm 45f74289423c41ad54d49f7e77899fa8 2006.0/SRPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 2d56dcded06922276579f29129533a1e x86_64/2006.0/RPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.noarch.rpm 45f74289423c41ad54d49f7e77899fa8 x86_64/2006.0/SRPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDxtxEmqjQ0CJFipgRAvydAJkBuhr7Il3CFvXNVgSvOFiUjuRmBwCgpLat n6BrU+moTSBANRjoKIn2+js= =FL1V -END PGP SIGNATURE-
MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities
-2.0.2-14.4.C30mdk.x86_64.rpm df38c85b0cb2d498ebf104f7fb81e6a1 x86_64/corporate/3.0/RPMS/tetex-afm-2.0.2-14.4.C30mdk.x86_64.rpm 040e02542890318955af777141ba6812 x86_64/corporate/3.0/RPMS/tetex-context-2.0.2-14.4.C30mdk.x86_64.rpm fd9995939abc6487b32b4866a255fe23 x86_64/corporate/3.0/RPMS/tetex-devel-2.0.2-14.4.C30mdk.x86_64.rpm 1b22e30ac15cb314d7ef6565ef4b8109 x86_64/corporate/3.0/RPMS/tetex-doc-2.0.2-14.4.C30mdk.x86_64.rpm 01b0a67a0b1b6d5089bf1f3c8ac7a0dc x86_64/corporate/3.0/RPMS/tetex-dvilj-2.0.2-14.4.C30mdk.x86_64.rpm b4f357e057da68d83174b3746f2ffd84 x86_64/corporate/3.0/RPMS/tetex-dvipdfm-2.0.2-14.4.C30mdk.x86_64.rpm d13f3f09a1e75608b58dd90f5ea78c9d x86_64/corporate/3.0/RPMS/tetex-dvips-2.0.2-14.4.C30mdk.x86_64.rpm 7faa9bacbcebb61c8ceeff40ff9353e9 x86_64/corporate/3.0/RPMS/tetex-latex-2.0.2-14.4.C30mdk.x86_64.rpm 60b0c4f08c2a7019f67aee48d55b5686 x86_64/corporate/3.0/RPMS/tetex-mfwin-2.0.2-14.4.C30mdk.x86_64.rpm 88c06b65a46fe2fdaf1bd04d03226648 x86_64/corporate/3.0/RPMS/tetex-texi2html-2.0.2-14.4.C30mdk.x86_64.rpm 7204307595c55049e4e1c88c044b9555 x86_64/corporate/3.0/RPMS/tetex-xdvi-2.0.2-14.4.C30mdk.x86_64.rpm 39ba8a172542795047689f5266476ab1 x86_64/corporate/3.0/RPMS/xmltex-1.9-41.4.C30mdk.x86_64.rpm 79a310bfca0fd283f35cd7dae30b22f7 x86_64/corporate/3.0/SRPMS/tetex-2.0.2-14.4.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDxCQHmqjQ0CJFipgRAmtEAJ4gPI7lshEcpZbvAg0fOJJyVWP6NwCcCKO6 bwQoWgG8NUvYQ+NqH/JiabA= =jXRx -END PGP SIGNATURE-
MDKSA-2006:012 - Updated kdegraphics packages fix several vulnerabilities
-kooka-3.2-15.10.C30mdk.x86_64.rpm ccfed406ed331e0ec4ab69a4d984c4c1 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.10.C30mdk.x86_64.rpm f6ab21589eaca857f79612c426126bbe x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.10.C30mdk.x86_64.rpm f1814f7487c16b35e8546ea20987c037 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.10.C30mdk.x86_64.rpm dc024e62088163e4b77604340f56a754 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.10.C30mdk.x86_64.rpm 36e50208d862299f399532adb8bd6c6c x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.10.C30mdk.x86_64.rpm 23318e52cee183d5aadd7081356f781a x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.10.C30mdk.x86_64.rpm 5754f83186964102365dd48188952b3e x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-3.2-15.10.C30mdk.x86_64.rpm 4cfb54fa564a453644d7cd41e8dde7f0 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.10.C30mdk.x86_64.rpm 73b5f37e8fd9a6c09efe89ca2be3bc66 x86_64/corporate/3.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.10.C30mdk.x86_64.rpm 7eb358dc7de55e5d5a1462cf7ac1bfc2 x86_64/corporate/3.0/SRPMS/kdegraphics-3.2-15.10.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDxswBmqjQ0CJFipgRAsK0AKDAGdSx+VzBWepKGbxo0M8sz1e+hgCeIyaj DVNiOCxqnVaU3Pfig7VOiQQ= =MaW9 -END PGP SIGNATURE-
MDKSA-2006:010 - Updated cups packages fix several vulnerabilities
8dfe2e759e0749cf7b7acdf077fab2e8 x86_64/10.2/RPMS/cups-common-1.1.23-11.2.102mdk.x86_64.rpm 0ae798ff3cad9bf639db492d3717ff99 x86_64/10.2/RPMS/cups-serial-1.1.23-11.2.102mdk.x86_64.rpm b85e0f3831dae734217d76930813909b x86_64/10.2/RPMS/lib64cups2-1.1.23-11.2.102mdk.x86_64.rpm 38f5140a72acf7689b599bef9f923000 x86_64/10.2/RPMS/lib64cups2-devel-1.1.23-11.2.102mdk.x86_64.rpm 5862692ff8114c7f78a808e946c371e6 x86_64/10.2/SRPMS/cups-1.1.23-11.2.102mdk.src.rpm Mandriva Linux 2006.0: 7fa2fe8c6e545eb18fd69f037688d701 2006.0/RPMS/cups-1.1.23-17.1.20060mdk.i586.rpm 045c02e7fe8e5c5a7c19710170892847 2006.0/RPMS/cups-common-1.1.23-17.1.20060mdk.i586.rpm d0246199b3ca4cb26e91490fd85994f4 2006.0/RPMS/cups-serial-1.1.23-17.1.20060mdk.i586.rpm f8b9623d2d7a925196c3496c6f8c491d 2006.0/RPMS/libcups2-1.1.23-17.1.20060mdk.i586.rpm dca5e3b78ef5941f8f6880197e7c02c0 2006.0/RPMS/libcups2-devel-1.1.23-17.1.20060mdk.i586.rpm f54c5483e511e5f94706d25d04b9bed7 2006.0/SRPMS/cups-1.1.23-17.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 2f3de58ff175a564fe4949538632af96 x86_64/2006.0/RPMS/cups-1.1.23-17.1.20060mdk.x86_64.rpm f411ec48c957768194cde193e5693a9e x86_64/2006.0/RPMS/cups-common-1.1.23-17.1.20060mdk.x86_64.rpm 4ca9fcdc1d9c90c0d00cb5ba4c80ad06 x86_64/2006.0/RPMS/cups-serial-1.1.23-17.1.20060mdk.x86_64.rpm c869457a90e4113d284730074dfa8b4e x86_64/2006.0/RPMS/lib64cups2-1.1.23-17.1.20060mdk.x86_64.rpm 98f854ccb1cff62ac98c70213d9da0f8 x86_64/2006.0/RPMS/lib64cups2-devel-1.1.23-17.1.20060mdk.x86_64.rpm f54c5483e511e5f94706d25d04b9bed7 x86_64/2006.0/SRPMS/cups-1.1.23-17.1.20060mdk.src.rpm Corporate Server 2.1: 3a4a7fadc8472a8b9df603d06173a12b corporate/2.1/RPMS/cups-1.1.18-2.12.C21mdk.i586.rpm 8142c0e40cac5993bf87b20867403225 corporate/2.1/RPMS/cups-common-1.1.18-2.12.C21mdk.i586.rpm a4246d3a163aad65368ad436ee271d3d corporate/2.1/RPMS/cups-serial-1.1.18-2.12.C21mdk.i586.rpm 61e710d2dbd5c3b24980a3aee8027609 corporate/2.1/RPMS/libcups1-1.1.18-2.12.C21mdk.i586.rpm 26b64c12e3b8b48e214fd7070f547879 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.12.C21mdk.i586.rpm 06625c0147c5e2aaebd3575ed0133e6b corporate/2.1/SRPMS/cups-1.1.18-2.12.C21mdk.src.rpm Corporate Server 2.1/X86_64: fd0907a5db87cc55f999f05183866f4e x86_64/corporate/2.1/RPMS/cups-1.1.18-2.12.C21mdk.x86_64.rpm 7fb05a22ddee7df584552964b3c29d77 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.12.C21mdk.x86_64.rpm bf0863a6b7616e34678b6866e2c4d6df x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.12.C21mdk.x86_64.rpm d3925af3dc401c15a7d5a5da02b7469b x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.12.C21mdk.x86_64.rpm fdc4cdf8756b835b28b6e6d6945914e4 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.12.C21mdk.x86_64.rpm 06625c0147c5e2aaebd3575ed0133e6b x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.12.C21mdk.src.rpm Corporate 3.0: 18480c0d569725ed5f5542a6e118e01a corporate/3.0/RPMS/cups-1.1.20-5.10.C30mdk.i586.rpm 41eed97b13410174f82c85e43b2b9c9f corporate/3.0/RPMS/cups-common-1.1.20-5.10.C30mdk.i586.rpm c371b67e6315faae8afcd686a5f1affb corporate/3.0/RPMS/cups-serial-1.1.20-5.10.C30mdk.i586.rpm 43f1a46effe9a488642fbe7ba7932477 corporate/3.0/RPMS/libcups2-1.1.20-5.10.C30mdk.i586.rpm da7a75b3e56a8ad8812bd88e078c4567 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.10.C30mdk.i586.rpm 9540dbf56f41e2f77d573ca2798cf306 corporate/3.0/SRPMS/cups-1.1.20-5.10.C30mdk.src.rpm Corporate 3.0/X86_64: fe95777cc7bdfd4b41daf4f9a19186c9 x86_64/corporate/3.0/RPMS/cups-1.1.20-5.10.C30mdk.x86_64.rpm 5e56191f8f14638ab5304ac94df6bb7a x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.10.C30mdk.x86_64.rpm 20f1396cf173d3b58d2a1dc4068770d4 x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.10.C30mdk.x86_64.rpm 6da98153e198cd3b2456280feae5bdba x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.10.C30mdk.x86_64.rpm 83d2c68c0180d8ba395bc9c0cb8b1338 x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.10.C30mdk.x86_64.rpm 9540dbf56f41e2f77d573ca2798cf306 x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.10.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDxCNYmqjQ0CJFipgRAl+eAKDi8lnQXk0D+rUq4UvAl5Le1Ze5oQCfUw+7
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:008 http://www.mandriva.com/security/ ___ Package : koffice Date: January 6, 2006 Affected: . ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerabilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Koffice uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 ___ Updated Packages: ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDwlfMmqjQ0CJFipgRAuW2AKCRcU2hlBN11gFmk/KpVt6+X/jrIwCeOEFN i7xlPAWE1NS0RaWd/eSHSQU= =VNGd -END PGP SIGNATURE-
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:004 http://www.mandriva.com/security/ ___ Package : pdftohtml Date: January 5, 2006 Affected: . ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerabilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Pdftohtml uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 ___ Updated Packages: ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDwldPmqjQ0CJFipgRAvQcAJ4h8DgwzJTU+IJuFc085A62zWsqUACeMtVX vJ4RrWvWzQ+jAmBTfDZjEAI= =ZaPr -END PGP SIGNATURE-
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:005 http://www.mandriva.com/security/ ___ Package : xpdf Date: January 5, 2006 Affected: . ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerabilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 ___ Updated Packages: ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDwleamqjQ0CJFipgRAtBEAKCn7ElP9MsBIR+QjGB/jR8/Yqd4owCfcctI UY5IgRj3n+jGb0JRuFCUi1k= =1qsu -END PGP SIGNATURE-
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:006 http://www.mandriva.com/security/ ___ Package : gpdf Date: January 5, 2006 Affected: . ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerabilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Gpdf uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 ___ Updated Packages: ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDwleymqjQ0CJFipgRAoU6AKDQ9/0UZw0+Hzhzv93Ws1NrTteJ7wCgyGdB sG6C77WRwHc8hpnIbnpTgQg= =FpWx -END PGP SIGNATURE-
MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities
for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvs3umqjQ0CJFipgRAsQWAKDhkKglUv6U7HiqveMCZl+UYqSnKQCfRF1P VZDGDCNSiLOLUNqpi69LYE8= =ZQ9V -END PGP SIGNATURE-
MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:003 http://www.mandriva.com/security/ ___ Package : poppler Date: January 5, 2006 Affected: . ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerabilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Poppler uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 ___ Updated Packages: ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDwlcxmqjQ0CJFipgRAg9CAJ9EcuX/jbxcYjOiezqbfuKtnC637wCfUps+ 8zznxEpyMSz+c0FIC0Mm2YM= =hugG -END PGP SIGNATURE-
MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:005 http://www.mandriva.com/security/ ___ Package : xpdf Date: January 5, 2006 Affected: 2006.0, Corporate 2.1, Corporate 3.0 ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 ___ Updated Packages: Mandriva Linux 2006.0: 9f0d2d83c61f4cab871138ac2866dd30 2006.0/RPMS/xpdf-3.01-1.1.20060mdk.i586.rpm 51daa161fb5581aba221d4be39c5acbc 2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c0eb562149fe7025798ce38ef361d9c7 x86_64/2006.0/RPMS/xpdf-3.01-1.1.20060mdk.x86_64.rpm 51daa161fb5581aba221d4be39c5acbc x86_64/2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm Corporate Server 2.1: d35b8a8e201185bff3b6acfa9c3b9186 corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.i586.rpm 1f5f85d3bc3577b1141d3ea54015b63a corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm Corporate Server 2.1/X86_64: f1a715d6a7fe797d09cde9dff6db4800 x86_64/corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.x86_64.rpm 1f5f85d3bc3577b1141d3ea54015b63a x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm Corporate 3.0: bfb96e34ea12293b22cd766b61da64fe corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.i586.rpm 1e4153bea0ed2092819aa88dbc67ade4 corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm Corporate 3.0/X86_64: 0eb5eba5d264041cd67931add3d6e841 x86_64/corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.x86_64.rpm 1e4153bea0ed2092819aa88dbc67ade4 x86_64/corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security
MDKSA-2006:006 - Updated gpdf packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:006 http://www.mandriva.com/security/ ___ Package : gpdf Date: January 5, 2006 Affected: Corporate 3.0 ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Gpdf uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 ___ Updated Packages: Corporate 3.0: c632c70e9cb361a9cd5f15044e81fc2d corporate/3.0/RPMS/gpdf-0.112-2.7.C30mdk.i586.rpm b1f95183009314b1b90f09e8856eb590 corporate/3.0/SRPMS/gpdf-0.112-2.7.C30mdk.src.rpm Corporate 3.0/X86_64: 7b23a4672b186d5bbc25c0873e75eda3 x86_64/corporate/3.0/RPMS/gpdf-0.112-2.7.C30mdk.x86_64.rpm b1f95183009314b1b90f09e8856eb590 x86_64/corporate/3.0/SRPMS/gpdf-0.112-2.7.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvaPrmqjQ0CJFipgRArgeAKC1gzc8oBzmlbiCChjZEe7NRFa6iACg2+Yc gJyqmpxVcksVZ/jfutjgoyo= =cw1t -END PGP SIGNATURE-
MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:004 http://www.mandriva.com/security/ ___ Package : pdftohtml Date: January 5, 2006 Affected: 2006.0 ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Pdftohtml uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 ___ Updated Packages: Mandriva Linux 2006.0: 1f14f1f733a877f14e5470107ce6eea0 2006.0/RPMS/pdftohtml-0.36-2.1.20060mdk.i586.rpm 535348b440e6a16b800b1fb00b4b8d3e 2006.0/SRPMS/pdftohtml-0.36-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 88b1b1351cda8999e1ae2b0b813798be x86_64/2006.0/RPMS/pdftohtml-0.36-2.1.20060mdk.x86_64.rpm 535348b440e6a16b800b1fb00b4b8d3e x86_64/2006.0/SRPMS/pdftohtml-0.36-2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvaOPmqjQ0CJFipgRAlpnAJ96FyZ3EYC8EuPuV4h3mW1zmcpHOgCgh/DQ t7TrTXVTCMkFNNncK74U8X0= =OJ5N -END PGP SIGNATURE-
MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities
-13.2.20060mdk.i586.rpm b5194b3fdc57e710f671695a003d7a86 2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.i586.rpm c15e6970096ec90359fb5f950838c361 2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.i586.rpm f55dcf60da3a4e0bc6a9c7c22f153e32 2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm 377a0a4c5813cca0cfd1ec6c1be57964 2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 19f2682c0c8ea82d5d053057ebbea331 x86_64/2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.x86_64.rpm 3b74fc5aef89568e65f512a52056d98c x86_64/2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.x86_64.rpm 0573fef90fc16c5507371b57b78b8163 x86_64/2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.x86_64.rpm 2322bbe1b74c5ff49d54cc68839e86ce x86_64/2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.x86_64.rpm e318276c19d2d08fafe6f838b459f214 x86_64/2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.x86_64.rpm 109e024c0fc738fd04336f9fe640a704 x86_64/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.x86_64.rpm bec4ad366bf9a556387f36bd4586ee1f x86_64/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.x86_64.rpm aa3de6fb4e051150b8c7afee465ac079 x86_64/2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.x86_64.rpm 7ee80c338ffee9b2e4bcf942a5b4684a x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.x86_64.rpm 65da37880faf3811a35ba596fab84245 x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.x86_64.rpm 17be071c0d39a17f0f6d4c9ddf051c42 x86_64/2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.x86_64.rpm b913963f3ffafce4ddf9d87187f5ccf8 x86_64/2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.x86_64.rpm faf591ab4124eedd3b7121595035087a x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.x86_64.rpm 533dff0067505fc71673a112719a3891 x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.x86_64.rpm 3ea58408fb222e88d7b819967ec5ecf7 x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.x86_64.rpm e2dbb1c9a18e5766a08adc3ddb4f1fb6 x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.x86_64.rpm aa027a7ca0870145495edc79c9e3f7cb x86_64/2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.x86_64.rpm f55dcf60da3a4e0bc6a9c7c22f153e32 x86_64/2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm 377a0a4c5813cca0cfd1ec6c1be57964 x86_64/2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvaVJmqjQ0CJFipgRAumhAKDP71yr4yV2o8y7Kc28fAfQ7SgSPwCfZ0oH xg4Z4FlR5dChy37D4YzZA2Y= =GH6L -END PGP SIGNATURE-
MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:003 http://www.mandriva.com/security/ ___ Package : poppler Date: January 5, 2006 Affected: 2006.0 ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Poppler uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 ___ Updated Packages: Mandriva Linux 2006.0: eed45eed8ae99ca240c873c03a5cbf40 2006.0/RPMS/libpoppler0-0.4.1-3.1.20060mdk.i586.rpm 8af1cf9763672dd33d2211958a8171ba 2006.0/RPMS/libpoppler0-devel-0.4.1-3.1.20060mdk.i586.rpm 867596ef4e09751ed3d4e1e7a4e640da 2006.0/RPMS/libpoppler-qt0-0.4.1-3.1.20060mdk.i586.rpm fd4736b863ce01d20bd6d2ae1228417a 2006.0/RPMS/libpoppler-qt0-devel-0.4.1-3.1.20060mdk.i586.rpm c40f77c8b63d7af311801ab97ef8f72e 2006.0/SRPMS/poppler-0.4.1-3.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: d4dc20ee3d3cc10d39c3b9a05214ca7c x86_64/2006.0/RPMS/lib64poppler0-0.4.1-3.1.20060mdk.x86_64.rpm 0e577cbd784f733c54369cc153777978 x86_64/2006.0/RPMS/lib64poppler0-devel-0.4.1-3.1.20060mdk.x86_64.rpm 7145106c6988a8b99a0622265cc5b24a x86_64/2006.0/RPMS/lib64poppler-qt0-0.4.1-3.1.20060mdk.x86_64.rpm 913bb80df9cc19fe5948b23633915529 x86_64/2006.0/RPMS/lib64poppler-qt0-devel-0.4.1-3.1.20060mdk.x86_64.rpm c40f77c8b63d7af311801ab97ef8f72e x86_64/2006.0/SRPMS/poppler-0.4.1-3.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvaOlmqjQ0CJFipgRAsisAKC9t
MDKSA-2005:239 - Updated printer-filters-utils packages fix local vulnerability
43f0f8ff771400bd8353c77db365a9bc x86_64/corporate/3.0/RPMS/foomatic-filters-3.0.1-0.20040828.1.4.C30mdk.x86_64.rpm 296473ae2049a1fd40345704659b x86_64/corporate/3.0/RPMS/ghostscript-7.07-19.4.C30mdk.x86_64.rpm 119d21186a0d38d19c0a1e973a6acfdd x86_64/corporate/3.0/RPMS/ghostscript-module-X-7.07-19.4.C30mdk.x86_64.rpm d2105ab191a112446bfd5c744323c7de x86_64/corporate/3.0/RPMS/gimpprint-4.2.7-2.4.C30mdk.x86_64.rpm 10de82d20dfa1d2abdacfa04347b67f3 x86_64/corporate/3.0/RPMS/lib64gimpprint1-4.2.7-2.4.C30mdk.x86_64.rpm b006bab4ea62fad16ac5638b982cb362 x86_64/corporate/3.0/RPMS/lib64gimpprint1-devel-4.2.7-2.4.C30mdk.x86_64.rpm 46acabdeb28235c3b01791e33b4dd416 x86_64/corporate/3.0/RPMS/lib64ijs0-0.34-76.4.C30mdk.x86_64.rpm 3d49ce66bf0118c759c87fa4a59b9970 x86_64/corporate/3.0/RPMS/lib64ijs0-devel-0.34-76.4.C30mdk.x86_64.rpm bc45643565f3e0e9a2d6a3bdb1298d40 x86_64/corporate/3.0/RPMS/printer-filters-1.0-138.4.C30mdk.x86_64.rpm 339a0174537736b232b7a3b81c07e18b x86_64/corporate/3.0/RPMS/printer-testpages-1.0-138.4.C30mdk.x86_64.rpm 9ed4501697bc928ab930b6d6a1bdb239 x86_64/corporate/3.0/RPMS/printer-utils-1.0-138.4.C30mdk.x86_64.rpm 265470bc7807f37322e6120fbee2bb29 x86_64/corporate/3.0/SRPMS/printer-drivers-1.0-138.4.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDtZIPmqjQ0CJFipgRAjhiAJ9xPiYh3uXs1ywyUdPStga+xL0ShACghDsK XEae8mQgKvYplSY6Jjp0MyU= =K9q6 -END PGP SIGNATURE-
MDKSA-2005:238 - Updated php/php-mbstring packages fix mail injection vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:238 http://www.mandriva.com/security/ ___ Package : php Date: December 27, 2005 Affected: 2006.0 ___ Problem Description: A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the To address argument, when using sendmail as the MTA (mail transfer agent). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using service httpd restart in order for the new packages to take effect. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3883 ___ Updated Packages: Mandriva Linux 2006.0: 56df29cd687ea6ebf1cc9a1ae63a57e5 2006.0/RPMS/libphp5_common5-5.0.4-9.2.20060mdk.i586.rpm a11b5e93d7abf400d2d93960ccca1c5d 2006.0/RPMS/php-cgi-5.0.4-9.2.20060mdk.i586.rpm fd780d49c9a03ec0f79c1bdc72e731bd 2006.0/RPMS/php-cli-5.0.4-9.2.20060mdk.i586.rpm ab02893570049594e59ada69226c4c40 2006.0/RPMS/php-devel-5.0.4-9.2.20060mdk.i586.rpm 2034f37afd79db0c9fe9a85638074741 2006.0/RPMS/php-fcgi-5.0.4-9.2.20060mdk.i586.rpm 3c670610b9b775c15b5ff8123053e3d6 2006.0/RPMS/php-mbstring-5.0.4-1.1.20060mdk.i586.rpm 49f649f8e0e6971c9dc57aed47283f33 2006.0/SRPMS/php-5.0.4-9.2.20060mdk.src.rpm 50ff56f7e81807f8b2509b32d0fa779a 2006.0/SRPMS/php-mbstring-5.0.4-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 97ea04332ebbfed112efeb254dc8ecab x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.2.20060mdk.x86_64.rpm 1ceddbff0b0304d86448c8654bed7693 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.2.20060mdk.x86_64.rpm 1782dbfc99e0d183a3bb46723a65f1e2 x86_64/2006.0/RPMS/php-cli-5.0.4-9.2.20060mdk.x86_64.rpm df10015113a4324d3cf8660723052df1 x86_64/2006.0/RPMS/php-devel-5.0.4-9.2.20060mdk.x86_64.rpm 72771069aaa978f51f0a037f348a2be1 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.2.20060mdk.x86_64.rpm 145928c34d497040282e6b05fcb53221 x86_64/2006.0/RPMS/php-mbstring-5.0.4-1.1.20060mdk.x86_64.rpm 49f649f8e0e6971c9dc57aed47283f33 x86_64/2006.0/SRPMS/php-5.0.4-9.2.20060mdk.src.rpm 50ff56f7e81807f8b2509b32d0fa779a x86_64/2006.0/SRPMS/php-mbstring-5.0.4-1.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDsYT/mqjQ0CJFipgRAvyYAJ45bD4urla+HGZRVUSgcCnFiIxggQCeOJHf A47hvb6w9oAx+bGup9p2iBU= =Igz1 -END PGP SIGNATURE-
MDKSA-2005:236 - Updated fetchmail packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:236 http://www.mandriva.com/security/ ___ Package : fetchmail Date: December 23, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 3.0 ___ Problem Description: Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-4348 ___ Updated Packages: Mandriva Linux 10.1: 9c8726e3d841d87b9cc64a9ce3497021 10.1/RPMS/fetchmail-6.2.5-5.3.101mdk.i586.rpm 83258675518c03144515f89ae8c78be4 10.1/RPMS/fetchmailconf-6.2.5-5.3.101mdk.i586.rpm 321a0d1e90bbe0fdb128b96a42ff8e20 10.1/RPMS/fetchmail-daemon-6.2.5-5.3.101mdk.i586.rpm fbfde9ae3b5d9e343282d48b1f1053c8 10.1/SRPMS/fetchmail-6.2.5-5.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: ff6fb1245bcf6edf9247ad71669d4c46 x86_64/10.1/RPMS/fetchmail-6.2.5-5.3.101mdk.x86_64.rpm efb6b95e1ff2c7723460b9c1ac7e4200 x86_64/10.1/RPMS/fetchmailconf-6.2.5-5.3.101mdk.x86_64.rpm 31c794fae961246e263db99fca4308eb x86_64/10.1/RPMS/fetchmail-daemon-6.2.5-5.3.101mdk.x86_64.rpm fbfde9ae3b5d9e343282d48b1f1053c8 x86_64/10.1/SRPMS/fetchmail-6.2.5-5.3.101mdk.src.rpm Mandriva Linux 10.2: 49e0f1a245c001f08117e20542119796 10.2/RPMS/fetchmail-6.2.5-10.4.102mdk.i586.rpm c8d3515770d91ff96190e6e10c400169 10.2/RPMS/fetchmailconf-6.2.5-10.4.102mdk.i586.rpm 34feb39cc4766bdb9e15df201d085ed0 10.2/RPMS/fetchmail-daemon-6.2.5-10.4.102mdk.i586.rpm fbf579f130896de2c645a8460dd88862 10.2/SRPMS/fetchmail-6.2.5-10.4.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 489f797385cc55c378a3faf50faa898e x86_64/10.2/RPMS/fetchmail-6.2.5-10.4.102mdk.x86_64.rpm d6c123681c17748de5f17c2399fdb7c4 x86_64/10.2/RPMS/fetchmailconf-6.2.5-10.4.102mdk.x86_64.rpm 9e6b77b062ab162d4c215032dc7714f3 x86_64/10.2/RPMS/fetchmail-daemon-6.2.5-10.4.102mdk.x86_64.rpm fbf579f130896de2c645a8460dd88862 x86_64/10.2/SRPMS/fetchmail-6.2.5-10.4.102mdk.src.rpm Mandriva Linux 2006.0: e09c0856591976733a1bc8041e8eb93c 2006.0/RPMS/fetchmail-6.2.5-11.2.20060mdk.i586.rpm aba5a8c643b15149976c30ba6540 2006.0/RPMS/fetchmailconf-6.2.5-11.2.20060mdk.i586.rpm d683b66431939e6106b3fee6b8b500f5 2006.0/RPMS/fetchmail-daemon-6.2.5-11.2.20060mdk.i586.rpm bb8c5a81a1299a855594849851615d17 2006.0/SRPMS/fetchmail-6.2.5-11.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 2567bef9f4fc2b8d91fae1e5539d5920 x86_64/2006.0/RPMS/fetchmail-6.2.5-11.2.20060mdk.x86_64.rpm 33a88c8055504ab5c741be8c84ab1a81 x86_64/2006.0/RPMS/fetchmailconf-6.2.5-11.2.20060mdk.x86_64.rpm b2e430f97aed6f30e18144ee57b17b8f x86_64/2006.0/RPMS/fetchmail-daemon-6.2.5-11.2.20060mdk.x86_64.rpm bb8c5a81a1299a855594849851615d17 x86_64/2006.0/SRPMS/fetchmail-6.2.5-11.2.20060mdk.src.rpm Corporate 3.0: 51c54e861eec7692a76b3f5b91bab4b9 corporate/3.0/RPMS/fetchmail-6.2.5-3.3.C30mdk.i586.rpm 41c74970c74af1fce8eae213f60d108e corporate/3.0/RPMS/fetchmailconf-6.2.5-3.3.C30mdk.i586.rpm 53fe277159d6771d83d40c99c3418f51 corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.3.C30mdk.i586.rpm 477f8ec8d7ccaba94a529fd4ead38f11 corporate/3.0/SRPMS/fetchmail-6.2.5-3.3.C30mdk.src.rpm Corporate 3.0/X86_64: 7f806d8e2858a008799f0766503f0c7a x86_64/corporate/3.0/RPMS/fetchmail-6.2.5-3.3.C30mdk.x86_64.rpm cb3793ad31fb347d9daf894d7ec7d318 x86_64/corporate/3.0/RPMS/fetchmailconf-6.2.5-3.3.C30mdk.x86_64.rpm 8030300459d198b72b9e9a83909fc0fb x86_64/corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.3.C30mdk.x86_64.rpm 477f8ec8d7ccaba94a529fd4ead38f11 x86_64/corporate/3.0/SRPMS/fetchmail-6.2.5-3.3.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP
MDKSA-2005:237 - Updated cpio packages fix buffer overflow on x86_64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:237 http://www.mandriva.com/security/ ___ Package : cpio Date: December 23, 2005 Affected: 10.2, 2006.0 ___ Problem Description: A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268 ___ Updated Packages: Mandriva Linux 10.2: b0400cb8878a93cc4e4d4326a0a46641 10.2/RPMS/cpio-2.6-3.3.102mdk.i586.rpm ad70b46181e5a9ae2ca7ed97bb2c3853 10.2/SRPMS/cpio-2.6-3.3.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 0a7ca9d0d1de932219a76dcee4195ff8 x86_64/10.2/RPMS/cpio-2.6-3.3.102mdk.x86_64.rpm ad70b46181e5a9ae2ca7ed97bb2c3853 x86_64/10.2/SRPMS/cpio-2.6-3.3.102mdk.src.rpm Mandriva Linux 2006.0: 571d79d56efac2687713e63180f10049 2006.0/RPMS/cpio-2.6-5.1.20060mdk.i586.rpm 998e92b468e495d779efd10daacae3ad 2006.0/SRPMS/cpio-2.6-5.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 0bd4e5c9d85826c706232e21d3393317 x86_64/2006.0/RPMS/cpio-2.6-5.1.20060mdk.x86_64.rpm 998e92b468e495d779efd10daacae3ad x86_64/2006.0/SRPMS/cpio-2.6-5.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDrHPemqjQ0CJFipgRApCrAJ40iYNwqiNcgLiIrd5zh3tbuAkFSACgpiZ3 tD9IdCprIvkMOdpAqBAkdzU= =UtT3 -END PGP SIGNATURE-
MDKSA-2005:234 - Updated sudo packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:234 http://www.mandriva.com/security/ ___ Package : sudo Date: December 20, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script. In addition, other environment variables have been included in the patch that remove similar environment variables that could be used in python and ruby, scripts, among others. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-4158 http://www.sudo.ws/sudo/alerts/perl_env.html ___ Updated Packages: Mandriva Linux 10.1: 2516e27be7da2de14cccef0a77adf35a 10.1/RPMS/sudo-1.6.8p1-1.4.101mdk.i586.rpm 3c6e47db109ab754ecfd50037a163fe4 10.1/SRPMS/sudo-1.6.8p1-1.4.101mdk.src.rpm Mandriva Linux 10.1/X86_64: ba79d9f091d06ce3654584e97d6ea695 x86_64/10.1/RPMS/sudo-1.6.8p1-1.4.101mdk.x86_64.rpm 3c6e47db109ab754ecfd50037a163fe4 x86_64/10.1/SRPMS/sudo-1.6.8p1-1.4.101mdk.src.rpm Mandriva Linux 10.2: 8481507149ed3e20e2cb1ee2ac1aac2d 10.2/RPMS/sudo-1.6.8p1-2.3.102mdk.i586.rpm 34401e963a063bd36d580b188fc7d5f4 10.2/SRPMS/sudo-1.6.8p1-2.3.102mdk.src.rpm Mandriva Linux 10.2/X86_64: d105ea0dcf161229cf18bd0b4ad49ae4 x86_64/10.2/RPMS/sudo-1.6.8p1-2.3.102mdk.x86_64.rpm 34401e963a063bd36d580b188fc7d5f4 x86_64/10.2/SRPMS/sudo-1.6.8p1-2.3.102mdk.src.rpm Mandriva Linux 2006.0: da9c44f3f29809e72f0b3eac2ad08237 2006.0/RPMS/sudo-1.6.8p8-2.2.20060mdk.i586.rpm 218a529af57212352cb76bb6dddff6f7 2006.0/SRPMS/sudo-1.6.8p8-2.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 497b26c02a39f889436af1233a3ccf17 x86_64/2006.0/RPMS/sudo-1.6.8p8-2.2.20060mdk.x86_64.rpm 218a529af57212352cb76bb6dddff6f7 x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.2.20060mdk.src.rpm Corporate Server 2.1: a2ff055e40e82badb298e5e43616fa7a corporate/2.1/RPMS/sudo-1.6.6-2.4.C21mdk.i586.rpm 757021ec14b8d6bbf5092a55717fed8e corporate/2.1/SRPMS/sudo-1.6.6-2.4.C21mdk.src.rpm Corporate Server 2.1/X86_64: d8726687c4576fa798d9689a7ca1783f x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.4.C21mdk.x86_64.rpm 757021ec14b8d6bbf5092a55717fed8e x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.4.C21mdk.src.rpm Corporate 3.0: 3f8e7d74cf2a9a1df4558aae11596186 corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.4.C30mdk.i586.rpm 9b06900a06ba7f5185c4d975d6cf5600 corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.4.C30mdk.src.rpm Corporate 3.0/X86_64: c5b266372ba22c8899e35051e844ddca x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.4.C30mdk.x86_64.rpm 9b06900a06ba7f5185c4d975d6cf5600 x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.4.C30mdk.src.rpm Multi Network Firewall 2.0: 13b9e27dd7f1811edce5bba617699ddc mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.4.M20mdk.i586.rpm 65e7086a169fbf3200220e347d6824aa mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.4.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDqDwCmqjQ0CJFipgRAn4HAKCdrQ1nbUpLDexupPOOnGlvmRUDbgCcCxu+ Naj1LKxE/BZ4ZbTw+9at6MA= =miLy -END PGP SIGNATURE-
MDKSA-2005:233 - Updated apache2 packages fix vulnerability in worker MPM
/2006.0/RPMS/apache-mod_ldap-2.0.54-13.1.20060mdk.x86_64.rpm 20103975292445f4ee9f5447541fa7d4 x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.1.20060mdk.x86_64.rpm 1f666354f9d874b86d2c221214acb456 x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.1.20060mdk.x86_64.rpm b14f7af9d81118e2b04d3ad7e02b28f9 x86_64/2006.0/RPMS/apache-modules-2.0.54-13.1.20060mdk.x86_64.rpm ff61d6d64a8b636df70484c157e25157 x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.1.20060mdk.x86_64.rpm 3f7eab0128ecf4b9f6235549435ee786 x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.1.20060mdk.x86_64.rpm bf107b37c81711c4b1d76d6fe3a33d4e x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.1.20060mdk.x86_64.rpm 907f4bacd887c4c7da3d61f8b0bd5307 x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.1.20060mdk.x86_64.rpm 0d1916804450c4d0e4bdfb72eaee2662 x86_64/2006.0/RPMS/apache-source-2.0.54-13.1.20060mdk.x86_64.rpm b74ea800182ad60fd8f8ae092d7b3964 x86_64/2006.0/SRPMS/apache-2.0.54-13.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDpwLdmqjQ0CJFipgRAsxnAJ4qCp5TBNacrH50QpnTt/keZvwfGwCg2zBV 22XEEzvKprGEQ7WdeMXEz5g= =3EBS -END PGP SIGNATURE-
MDKSA-2005:227 - Updated ethereal packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:227 http://www.mandriva.com/security/ ___ Package : ethereal Date: December 14, 2005 Affected: 2006.0 ___ Problem Description: A stack-based buffer overflow was discovered in the OSPF dissector in Ethereal. This could potentially be abused to allow remote attackers to execute arbitrary code via crafted packets. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3651 ___ Updated Packages: Mandriva Linux 2006.0: 027fdd01892a957cbd51e12bfb67c5f8 2006.0/RPMS/ethereal-0.10.13-0.5.20060mdk.i586.rpm 73193fe2d3878cecab885d8b6cd6a08a 2006.0/RPMS/ethereal-tools-0.10.13-0.5.20060mdk.i586.rpm 2ec34afc4cdbd31bfa68640f13ff806e 2006.0/RPMS/libethereal0-0.10.13-0.5.20060mdk.i586.rpm 5254cd0a674ed501d25ec42ee4191cf1 2006.0/RPMS/tethereal-0.10.13-0.5.20060mdk.i586.rpm a8c390894b8410e06b12d1f2049db2d6 2006.0/SRPMS/ethereal-0.10.13-0.5.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 09829fadefeb435e75aefa966b51cc56 x86_64/2006.0/RPMS/ethereal-0.10.13-0.5.20060mdk.x86_64.rpm 5c0e3a206220014841a540e149fe96e0 x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.5.20060mdk.x86_64.rpm 7ca64eb45c380c5eccec6d99e4ca9780 x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.5.20060mdk.x86_64.rpm 8510de1e6d3f38ed08d6f863d56c0ee9 x86_64/2006.0/RPMS/tethereal-0.10.13-0.5.20060mdk.x86_64.rpm a8c390894b8410e06b12d1f2049db2d6 x86_64/2006.0/SRPMS/ethereal-0.10.13-0.5.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoICmmqjQ0CJFipgRAoI7AJ9y6m4vBYBTxsqLPS/ieSeSEEr4YACgwMhN 9IHFyD0B6DyavCcao09sVsk= =AKMk -END PGP SIGNATURE-
MDKSA-2005:228 - Updated xine-lib packages fix buffer overflow vulnerability
18132113599b1330359a045d11410d5d x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.7.C30mdk.x86_64.rpm 94beaa6edc2fd1be6badef18d818dc0c x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.7.C30mdk.x86_64.rpm cf0248a3252c55af1e15b01efae50298 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.7.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoIkfmqjQ0CJFipgRAsJPAJ90bC8k3OUmZ0/Ov+j4ART8b4W+9wCg6kdf HQwPF/7Y6E3vpgrdYViCUEk= =MIpp -END PGP SIGNATURE-
MDKSA-2005:229 - Updated xmovie packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:229 http://www.mandriva.com/security/ ___ Package : xmovie Date: December 14, 2005 Affected: 2006.0, Corporate 3.0 ___ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the avcodec_default_get_buffer() function of utils.c in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 .png file containing a palette is read. Xmovie is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 ___ Updated Packages: Mandriva Linux 2006.0: b6b3622d949af833f6fbb5b89a32a10d 2006.0/RPMS/xmovie-1.9.13-2.2.20060mdk.i586.rpm 48f0b55b1d8547eb77d3f4cf9787544b 2006.0/SRPMS/xmovie-1.9.13-2.2.20060mdk.src.rpm Corporate 3.0: 3fae159ac8ab7aa190d341868009e3c6 corporate/3.0/RPMS/xmovie-1.9.11-1.2.C30mdk.i586.rpm 18674dd3aff5f923ac327bbf134aca8c corporate/3.0/SRPMS/xmovie-1.9.11-1.2.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoImJmqjQ0CJFipgRAjvUAKCnN0bVkbd9HsA8+KgveXVd9DVKdwCfa0Hm 7jgGjjBwWM6iVdgSewMJviw= =JTeK -END PGP SIGNATURE-
MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:230 http://www.mandriva.com/security/ ___ Package : mplayer Date: December 14, 2005 Affected: 2006.0, Corporate 3.0 ___ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the avcodec_default_get_buffer() function of utils.c in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 .png file containing a palette is read. Mplayer is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 ___ Updated Packages: Mandriva Linux 2006.0: 0ec3fbc7140878b8852bfe4523bc976f 2006.0/RPMS/libdha1.0-1.0-1.pre7.12.1.20060mdk.i586.rpm 4d06925f029d9cb90de021361ec1eb8a 2006.0/RPMS/libpostproc0-1.0-1.pre7.12.1.20060mdk.i586.rpm 480697743af240b95de26f3ee2ee27bb 2006.0/RPMS/libpostproc0-devel-1.0-1.pre7.12.1.20060mdk.i586.rpm bd5f41b990b0f44258e22574f7995267 2006.0/RPMS/mencoder-1.0-1.pre7.12.1.20060mdk.i586.rpm 2e03b0379a736eeda906f521f51a8aae 2006.0/RPMS/mplayer-1.0-1.pre7.12.1.20060mdk.i586.rpm a0b6a9272cb389107871176acd59374d 2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.1.20060mdk.i586.rpm 598d3194b03a2953478058300e9867be 2006.0/SRPMS/mplayer-1.0-1.pre7.12.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 5ec60b589f7b913e5da5b410d476df34 x86_64/2006.0/RPMS/lib64postproc0-1.0-1.pre7.12.1.20060mdk.x86_64.rpm f169744934c966e9d6f063bdaabe61df x86_64/2006.0/RPMS/lib64postproc0-devel-1.0-1.pre7.12.1.20060mdk.x86_64.rpm e5cd5361fbf279b75adeb038e45f30b3 x86_64/2006.0/RPMS/mencoder-1.0-1.pre7.12.1.20060mdk.x86_64.rpm d955698040d2ccc2999b847b5f2d675b x86_64/2006.0/RPMS/mplayer-1.0-1.pre7.12.1.20060mdk.x86_64.rpm 1f4bdb33c3e36ee18be2caaef670882d x86_64/2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.1.20060mdk.x86_64.rpm 598d3194b03a2953478058300e9867be x86_64/2006.0/SRPMS/mplayer-1.0-1.pre7.12.1.20060mdk.src.rpm Corporate 3.0: 573a0671a726dda3e54147a1c9ba29ed corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.5.C30mdk.i586.rpm aa92e33a95a2e1848b9204fdb7d7e802 corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.5.C30mdk.i586.rpm 52cbda2a1568908abb2b5dfe6e5df742 corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.5.C30mdk.i586.rpm 2d4eef182721451a986db84cd02bb98f corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.5.C30mdk.i586.rpm 74c84c00d4f23cd359b2b86ecd441a35 corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.5.C30mdk.i586.rpm 168340803feefa90fd44204f1a57832e corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.5.C30mdk.i586.rpm 37026a2af62ea105e5191ba63ae7abcc corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.5.C30mdk.src.rpm Corporate 3.0/X86_64: 8fbf576d3d232fcdc273ee79d1b8a411 x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.5.C30mdk.x86_64.rpm bfeeb43e38be402db9a15d09017c57fc x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.5.C30mdk.x86_64.rpm b261ec2a243b557b842372a8500e0102 x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 5ee546e66a0956b4cfcc8f7f76ac5c1b x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 5d079fccbb6aa538e2e462bf8195ccf1 x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 37026a2af62ea105e5191ba63ae7abcc x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.5.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoItpmqjQ0CJFipgRAnHYAKD1C/yirdkJgmCCgzHQ3LuPbrCvCQCfdo04 B4ULYp42H7z3rnTp5a+UcVo= =fnux
MDKSA-2005:231 - Updated ffmpeg packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:231 http://www.mandriva.com/security/ ___ Package : ffmpeg Date: December 14, 2005 Affected: 2006.0, Corporate 3.0 ___ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the avcodec_default_get_buffer() function of utils.c in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 .png file containing a palette is read. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 ___ Updated Packages: Mandriva Linux 2006.0: 328ece4eb327ae1a8bd469e7cfd67a3e 2006.0/RPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.i586.rpm 56b14628f0c39a90e73efdd707c01abb 2006.0/RPMS/libffmpeg0-0.4.9-0.pre1.5.1.20060mdk.i586.rpm 26e70cd6bcf85d2da24ff21d23e54ec4 2006.0/RPMS/libffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk.i586.rpm 33c744c5c8b5e97b26d3a871c664f38d 2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: fffaeaf65e153d5c68ba8fc2e63f5a20 x86_64/2006.0/RPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm cfe92867d45206761c2d0442fc94438b x86_64/2006.0/RPMS/lib64ffmpeg0-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm 69a16bc824805150c1c08660421215bf x86_64/2006.0/RPMS/lib64ffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm 33c744c5c8b5e97b26d3a871c664f38d x86_64/2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.src.rpm Corporate 3.0: 8c9f945457c3c6b6ea27bdc09b551228 corporate/3.0/RPMS/ffmpeg-0.4.8-7.2.C30mdk.i586.rpm 7a18cf6e760524cdc11dcb41674de4c4 corporate/3.0/RPMS/libffmpeg0-0.4.8-7.2.C30mdk.i586.rpm a28eed315d715bf831fe4e1c4fa755b0 corporate/3.0/RPMS/libffmpeg0-devel-0.4.8-7.2.C30mdk.i586.rpm c0933f7bdd4c18c2acbc87daaa575dc7 corporate/3.0/SRPMS/ffmpeg-0.4.8-7.2.C30mdk.src.rpm Corporate 3.0/X86_64: 005b38cf84986bcb47a96eae3312196c x86_64/corporate/3.0/RPMS/ffmpeg-0.4.8-7.2.C30mdk.x86_64.rpm cd8c5a941ce2a7c8b3b1bd698627391c x86_64/corporate/3.0/RPMS/lib64ffmpeg0-0.4.8-7.2.C30mdk.x86_64.rpm 66c67e4a1bea207ecccd6b7c5336b489 x86_64/corporate/3.0/RPMS/lib64ffmpeg0-devel-0.4.8-7.2.C30mdk.x86_64.rpm c0933f7bdd4c18c2acbc87daaa575dc7 x86_64/corporate/3.0/SRPMS/ffmpeg-0.4.8-7.2.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoIvSmqjQ0CJFipgRAvWxAJ9yOBnb23UJaYz6Qop3euOTW7Xr8QCg2VH2 nQECP6rdrur/l2TikKV1V30= =+fkD -END PGP SIGNATURE-
MDKSA-2005:232 - Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:232 http://www.mandriva.com/security/ ___ Package : gstreamer-ffmpeg Date: December 14, 2005 Affected: 2006.0 ___ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the avcodec_default_get_buffer() function of utils.c in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 .png file containing a palette is read. Gstreamer-ffmpeg is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 ___ Updated Packages: Mandriva Linux 2006.0: 1e7f7ad8be3efcc5152901d1de9050c7 2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.i586.rpm 2923eb22aafa7aedd073516e47a7d94f 2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 617b165113eb1af7e805d7c2423a771b x86_64/2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.x86_64.rpm 2923eb22aafa7aedd073516e47a7d94f x86_64/2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoI2UmqjQ0CJFipgRAj5nAJ9pHRQCF/d1c0LzB9fbYJjhN3+i/wCgnyv7 vBp5g+DjEjutOTklN3tvNLs= =xQN5 -END PGP SIGNATURE-
MDKSA-2005:226 - Updated mozilla-thunderbird package fix vulnerability in enigmail
automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDngX+mqjQ0CJFipgRAsFrAJ9o36+SsC3J4vHtqufdLRK+KhjrlwCdHFTP ltbOZEx/kIvw+O9sBteLQsM= =V712 -END PGP SIGNATURE-
MDKSA-2005:206-1 - Updated openvpn packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:206-1 http://www.mandriva.com/security/ ___ Package : openvpn Date: December 9, 2005 Affected: 2006.0 ___ Problem Description: Two Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client (CVE-2005-3393). The second DoS can occur if when in TCP server mode, OpenVPN received an error on accept(2) and the resulting exception handler causes a segfault (CVE-2005-3409). The updated packages have been patched to correct these problems. Update: Packages are now available for Mandriva Linux 2006. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409 ___ Updated Packages: Mandriva Linux 2006.0: 7804df61685a36064119b813dca83172 2006.0/RPMS/openvpn-2.0.1-2.1.20060mdk.i586.rpm 2feb66835d37f31735746824027a2ef8 2006.0/SRPMS/openvpn-2.0.1-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 9d8cd19c6723507a275649c5d070970d x86_64/2006.0/RPMS/openvpn-2.0.1-2.1.20060mdk.x86_64.rpm 2feb66835d37f31735746824027a2ef8 x86_64/2006.0/SRPMS/openvpn-2.0.1-2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDmlRUmqjQ0CJFipgRAgkCAKCcMP95I+laAQsQu6Cx6tKpX0I2bACgqeMe YfJYw10qYpyzibW/Wrr/VZ4= =IgkA -END PGP SIGNATURE-
MDKSA-2005:224 - Updated curl package fixes format string vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:224 http://www.mandriva.com/security/ ___ Package : curl Date: December 8, 2005 Affected: 10.1, 10.2, 2006.0 ___ Problem Description: Stefan Esser discovered that libcurl's URL parser function can have a malloced buffer overflows in two ways if given a too long URL. It cannot be triggered by a redirect, which makes remote exploitation unlikely, but can be passed directly to libcurl (allowing for local exploitation) and could also be used to break out of PHP's safe_mode/ open_basedir. This vulnerability only exists in libcurl and curl 7.11.2 up to and including 7.15.0, which means that Corporate Server 2.1 and Corporate 3.0 are not vulnerable. The updated packages have been patched to correct the problem. As well, updated php-curl packages are available that provide a new curl PHP module compiled against the fixed code. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077 http://www.dyadsecurity.com/perl-0002.html http://curl.haxx.se/docs/adv_20051207.html ___ Updated Packages: Mandriva Linux 10.1: e338c6fec40f0b5f7c47f01ecfc85fd8 10.1/RPMS/curl-7.12.1-1.3.101mdk.i586.rpm 2c6fc6d5cb9f62c0fd7d0890779167dd 10.1/RPMS/libcurl3-7.12.1-1.3.101mdk.i586.rpm 496b439769425c8a45a15195c9f1a339 10.1/RPMS/libcurl3-devel-7.12.1-1.3.101mdk.i586.rpm 59bc58c52d3c7034e31bf7a5d9e2f845 10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: ecd5b17dd584d8ba4c986437bde4f6fa x86_64/10.1/RPMS/curl-7.12.1-1.3.101mdk.x86_64.rpm d3bb7a56841873696ffd6add01cf8da3 x86_64/10.1/RPMS/lib64curl3-7.12.1-1.3.101mdk.x86_64.rpm f54e7f2fb8a4ad73787ce9af0e65ac41 x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.3.101mdk.x86_64.rpm 59bc58c52d3c7034e31bf7a5d9e2f845 x86_64/10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm Mandriva Linux 10.2: 287e79b91baa16afe1e57944bf8887a4 10.2/RPMS/curl-7.13.1-2.2.102mdk.i586.rpm 6012e004103928ffeb31f8017a08cce1 10.2/RPMS/libcurl3-7.13.1-2.2.102mdk.i586.rpm 60b5868305bda86a04ec63b349a1b45d 10.2/RPMS/libcurl3-devel-7.13.1-2.2.102mdk.i586.rpm f12a43929acf2432a413937b00751f26 10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 6620e61f2dfc0f6b9f8ddb4bb17a9dc8 x86_64/10.2/RPMS/curl-7.13.1-2.2.102mdk.x86_64.rpm bfe67e81d224684763cbbc673df15488 x86_64/10.2/RPMS/lib64curl3-7.13.1-2.2.102mdk.x86_64.rpm 4b601554dd99d63f94b3f35f0924034e x86_64/10.2/RPMS/lib64curl3-devel-7.13.1-2.2.102mdk.x86_64.rpm f12a43929acf2432a413937b00751f26 x86_64/10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm Mandriva Linux 2006.0: 78fe1cf7868e10c17a31adaa01718f1d 2006.0/RPMS/curl-7.14.0-2.2.20060mdk.i586.rpm d6cf997f844557f77ca5b720973f717d 2006.0/RPMS/libcurl3-7.14.0-2.2.20060mdk.i586.rpm 6959638e76f3f2d7c7c8774e4d891b5a 2006.0/RPMS/libcurl3-devel-7.14.0-2.2.20060mdk.i586.rpm 7502a4eb9fe19554714247e4a9a5f176 2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.i586.rpm c04932aea0dc51673585ed68119d518d 2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm 8a30951717cc93a371e07fb95264b007 2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 7401463c8a258183c1f3798b02f3d029 x86_64/2006.0/RPMS/curl-7.14.0-2.2.20060mdk.x86_64.rpm b5d47137d19d7e69a31a50cab4e520b7 x86_64/2006.0/RPMS/lib64curl3-7.14.0-2.2.20060mdk.x86_64.rpm 50ddb76a23cb766bcb99d0ad7ff18492 x86_64/2006.0/RPMS/lib64curl3-devel-7.14.0-2.2.20060mdk.x86_64.rpm a94e9b275b0a661940c4a15fbf63efb9 x86_64/2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.x86_64.rpm c04932aea0dc51673585ed68119d518d x86_64/2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm 8a30951717cc93a371e07fb95264b007 x86_64/2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux
MDKSA-2005:225 - Updated perl package fixes format string vulnerability
/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.x86_64.rpm 1b6f22e9b27bf9dc6e029b129c64f17d x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm Corporate 3.0: 7b1917b673681d9de4e4737af0b121c8 corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.i586.rpm 2ddb28f87a9ab94bfda90fc476da3805 corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.i586.rpm c939615d266f5fa4ed1755ce31915dde corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.i586.rpm ca449fac6c286d5bbd0c3bd137316e98 corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.i586.rpm d3a7de2cfc352459b85cdc261b57d1e6 corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm Corporate 3.0/X86_64: 4578c3ad7a7c4fd87086ac571478ae1b x86_64/corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.x86_64.rpm bbe873bc27e07d05c7d4846edd34acec x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.x86_64.rpm 833889de8df484c212c69a1e658f5ffe x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.x86_64.rpm c9dbf8d3ca9715e33bbc664efc2dca24 x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.x86_64.rpm d3a7de2cfc352459b85cdc261b57d1e6 x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm Multi Network Firewall 2.0: 0f29d338645e61084cf87953c331c87e mnf/2.0/RPMS/perl-5.8.3-5.5.M20mdk.i586.rpm fee6e3863a13cd043b29ae0fcd053221 mnf/2.0/RPMS/perl-base-5.8.3-5.5.M20mdk.i586.rpm be47c56a9ae307c338031dcb5194e491 mnf/2.0/RPMS/perl-devel-5.8.3-5.5.M20mdk.i586.rpm d0c6075c99103eb8b3bea0a38d1c9cdf mnf/2.0/RPMS/perl-doc-5.8.3-5.5.M20mdk.i586.rpm 8ce4eff23c4dd50c5bbaef75b69c5482 mnf/2.0/SRPMS/perl-5.8.3-5.5.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDmHCHmqjQ0CJFipgRAqcOAJ9RYgrQInmj/Zb6GQJ3P/InER45AACdH0Hb 8JyIR1xCBe8esCPSpk2xsl4= =b5Xy -END PGP SIGNATURE-
MDKSA-2005:221 - Updated spamassassin packages fixes vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:221 http://www.mandriva.com/security/ ___ Package : spamassassin Date: December 2, 2005 Affected: 10.1, 10.2, 2006.0 ___ Problem Description: SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients (To addresses), which triggers a bus error in Perl. Updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351 ___ Updated Packages: Mandriva Linux 10.1: bef6bc710a84e631fdd4d4f94a86248c 10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.101mdk.i586.rpm 6c3246d2e9860379b267593fbdd2be74 10.1/RPMS/spamassassin-3.0.4-0.2.101mdk.i586.rpm 75171a7044be3d193e2f9979fd991e62 10.1/RPMS/spamassassin-spamc-3.0.4-0.2.101mdk.i586.rpm 20f74aae0c01c0819fc0d686a2967979 10.1/RPMS/spamassassin-spamd-3.0.4-0.2.101mdk.i586.rpm 095c5d7c16b74e4004bf731c427c9b0f 10.1/RPMS/spamassassin-tools-3.0.4-0.2.101mdk.i586.rpm c605bdcc9ac46522efaeca7e12c80949 10.1/SRPMS/spamassassin-3.0.4-0.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 18805a860661de486a7ae0a716823da2 x86_64/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.101mdk.x86_64.rpm 3fd255f3e04fc2b4380063a9b4ca7403 x86_64/10.1/RPMS/spamassassin-3.0.4-0.2.101mdk.x86_64.rpm 208127aaeb59bb39b9711b4e260fd47c x86_64/10.1/RPMS/spamassassin-spamc-3.0.4-0.2.101mdk.x86_64.rpm 21c05e1003d08a3a9b869971d713c6a7 x86_64/10.1/RPMS/spamassassin-spamd-3.0.4-0.2.101mdk.x86_64.rpm 086b1cb83ee2f4343116bbece2b37261 x86_64/10.1/RPMS/spamassassin-tools-3.0.4-0.2.101mdk.x86_64.rpm c605bdcc9ac46522efaeca7e12c80949 x86_64/10.1/SRPMS/spamassassin-3.0.4-0.2.101mdk.src.rpm Mandriva Linux 10.2: cc43a9f882ef5a1e20d587d961db8d1a 10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.102mdk.i586.rpm a42113eae2989be9d3af932338535c5d 10.2/RPMS/spamassassin-3.0.4-0.2.102mdk.i586.rpm f294a8ebb83ec6245ee4cb477f01510a 10.2/RPMS/spamassassin-spamc-3.0.4-0.2.102mdk.i586.rpm d017ebbbe4778c147dcc9903473aa092 10.2/RPMS/spamassassin-spamd-3.0.4-0.2.102mdk.i586.rpm bb699d1b5875a53b5daace54ef544d20 10.2/RPMS/spamassassin-tools-3.0.4-0.2.102mdk.i586.rpm eec76ea982c797aaa1b18f6b1c35471c 10.2/SRPMS/spamassassin-3.0.4-0.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: dccacca323368a74af5af12392e1486c x86_64/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.102mdk.x86_64.rpm d104a1c344b1616a881e29e8b4cb495c x86_64/10.2/RPMS/spamassassin-3.0.4-0.2.102mdk.x86_64.rpm 410ce462bf261c2e1c73cff6eefa4517 x86_64/10.2/RPMS/spamassassin-spamc-3.0.4-0.2.102mdk.x86_64.rpm b8c5daaf23e58bcf8d344178a6d28b72 x86_64/10.2/RPMS/spamassassin-spamd-3.0.4-0.2.102mdk.x86_64.rpm 04bf196106dfc274c726e9be8bf293ce x86_64/10.2/RPMS/spamassassin-tools-3.0.4-0.2.102mdk.x86_64.rpm eec76ea982c797aaa1b18f6b1c35471c x86_64/10.2/SRPMS/spamassassin-3.0.4-0.2.102mdk.src.rpm Mandriva Linux 2006.0: a4f918d6bf1ca8fedc56537d17a63269 2006.0/RPMS/perl-Mail-SpamAssassin-3.0.4-3.2.20060mdk.i586.rpm 51c25677480258fb2d314bafb0f9dfa8 2006.0/RPMS/spamassassin-3.0.4-3.2.20060mdk.i586.rpm b30bf3189682f28947ede6cc32c23cfe 2006.0/RPMS/spamassassin-spamc-3.0.4-3.2.20060mdk.i586.rpm af129cafa8c0afacf47848248e2a093f 2006.0/RPMS/spamassassin-spamd-3.0.4-3.2.20060mdk.i586.rpm e5c6baedbbb98c975cfdbcfbddf50940 2006.0/RPMS/spamassassin-tools-3.0.4-3.2.20060mdk.i586.rpm 4b6ae867e1bcfc10a29fc13b04d9a1a6 2006.0/SRPMS/spamassassin-3.0.4-3.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: d76d8b497ef31d06b89a3ff3a6c1fbd9 x86_64/2006.0/RPMS/perl-Mail-SpamAssassin-3.0.4-3.2.20060mdk.x86_64.rpm 29b0e1af99bc43c46c3d53b4c9e1ca1d x86_64/2006.0/RPMS/spamassassin-3.0.4-3.2.20060mdk.x86_64.rpm f8239556e3a60e290a51d70ccdc3fc48 x86_64/2006.0/RPMS/spamassassin-spamc-3.0.4-3.2.20060mdk.x86_64.rpm 0f2ac7444f0878e2c6d001d8c52a6bfd x86_64/2006.0/RPMS/spamassassin-spamd-3.0.4-3.2.20060mdk.x86_64.rpm d6770761031d62efcd536f0d087a0f40 x86_64/2006.0/RPMS/spamassassin-tools-3.0.4-3.2.20060mdk.x86_64.rpm 4b6ae867e1bcfc10a29fc13b04d9a1a6 x86_64/2006.0/SRPMS/spamassassin-3.0.4-3.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories
MDKSA-2005:222 - Updated mailman packages fix various vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:222 http://www.mandriva.com/security/ ___ Package : mailman Date: December 2, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 3.0 ___ Problem Description: Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code. Updated packages are patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3573 ___ Updated Packages: Mandriva Linux 10.1: b62f2bdad4a9295bcedec597f5479843 10.1/RPMS/mailman-2.1.5-7.5.101mdk.i586.rpm 4ebd694b50ccbc9f2b602676840c4bc9 10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm Mandriva Linux 10.1/X86_64: a887edf3dd65a418c441fae7588f7e5e x86_64/10.1/RPMS/mailman-2.1.5-7.5.101mdk.x86_64.rpm 4ebd694b50ccbc9f2b602676840c4bc9 x86_64/10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm Mandriva Linux 10.2: 99e3dbde709dfa5eb7bd71041adf41be 10.2/RPMS/mailman-2.1.5-15.2.102mdk.i586.rpm c01867687ff9c78b4c1e2da9d70c4f11 10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: c66dd1916ba0d8ecf8796b1890a064fd x86_64/10.2/RPMS/mailman-2.1.5-15.2.102mdk.x86_64.rpm c01867687ff9c78b4c1e2da9d70c4f11 x86_64/10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm Mandriva Linux 2006.0: f917270b5334f62843bbdb4a06d12ae0 2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.i586.rpm 15bc0be9373657ac39a9e3956de90801 2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: e92b1dd1ae0bfe3bbc61ba5d6f3b52c3 x86_64/2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.x86_64.rpm 15bc0be9373657ac39a9e3956de90801 x86_64/2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm Corporate 3.0: 867bdc1fe018e94eb4d5352fc69747ae corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.i586.rpm 572477eb207dadbabc22b0e53b0c2b2b corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm Corporate 3.0/X86_64: 8a4cc67f45481e9d4b25c41e80f54809 x86_64/corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.x86_64.rpm 572477eb207dadbabc22b0e53b0c2b2b x86_64/corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDkKPamqjQ0CJFipgRAli4AKCLkrxtdpNyvYclD5KxuVVAZFAHCgCgw0NO Uq5wc0mG0ABsi0Kyn7l6xR0= =e/3r -END PGP SIGNATURE-
MDKSA-2005:219 - Updated kernel packages fix numerous vulnerabilities
automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDjffWmqjQ0CJFipgRAqT9AKCj6LQEho3qcisjiq7+8ongRHGzJACg5Cuy MD+4kCb7IPC636s6mwpEITY= =TuUh -END PGP SIGNATURE-
MDKSA-2005:218 - Updated kernel packages fix numerous vulnerabilities
___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276 http://qa.mandriva.com/show_bug.cgi?id=16346 ___ Updated Packages: Corporate 3.0: 7e38bcdc8a3900485d17d08e13963700 corporate/3.0/RPMS/kernel-2.6.3.29mdk-1-1mdk.i586.rpm be4dc943991be67f9f612ac5ca2f6c10 corporate/3.0/RPMS/kernel-enterprise-2.6.3.29mdk-1-1mdk.i586.rpm 9acc6e90b1a8620be6af552baa8524ab corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.29mdk-1-1mdk.i586.rpm 1a171d91312764089f2f0c84a6e9131a corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.29mdk-1-1mdk.i586.rpm e6f42b56669ca4ac5515d728051c4f88 corporate/3.0/RPMS/kernel-secure-2.6.3.29mdk-1-1mdk.i586.rpm 5f3e473fae7614433328756156f2b953 corporate/3.0/RPMS/kernel-smp-2.6.3.29mdk-1-1mdk.i586.rpm c98b0f07cb49a918201d2daa1ac23e7c corporate/3.0/RPMS/kernel-source-2.6.3-29mdk.i586.rpm e816bcde98728e85a86c565259364f8a corporate/3.0/RPMS/kernel-source-stripped-2.6.3-29mdk.i586.rpm b2497e007272f38b30e98b4231a77a76 corporate/3.0/SRPMS/kernel-2.6.3.29mdk-1-1mdk.src.rpm Corporate 3.0/X86_64: 5261e06d1085ff9c61bf29789f10669f x86_64/corporate/3.0/RPMS/kernel-2.6.3.29mdk-1-1mdk.x86_64.rpm 3cb631841cf4e9d29e1f667d940d9ab4 x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.29mdk-1-1mdk.x86_64.rpm 61024ad1c23dbde624c3cd43c8805f26 x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.29mdk-1-1mdk.x86_64.rpm ba1514dcafcc748796bd9b23cd1905e4 x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-29mdk.x86_64.rpm 48a9eb1de36653665e6d7de333d25cb0 x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-29mdk.x86_64.rpm b2497e007272f38b30e98b4231a77a76 x86_64/corporate/3.0/SRPMS/kernel-2.6.3.29mdk-1-1mdk.src.rpm Multi Network Firewall 2.0: 7e38bcdc8a3900485d17d08e13963700 mnf/2.0/RPMS/kernel-2.6.3.29mdk-1-1mdk.i586.rpm 9acc6e90b1a8620be6af552baa8524ab mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.29mdk-1-1mdk.i586.rpm 1a171d91312764089f2f0c84a6e9131a mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.29mdk-1-1mdk.i586.rpm e6f42b56669ca4ac5515d728051c4f88 mnf/2.0/RPMS/kernel-secure-2.6.3.29mdk-1-1mdk.i586.rpm 5f3e473fae7614433328756156f2b953 mnf/2.0/RPMS/kernel-smp-2.6.3.29mdk-1-1mdk.i586.rpm b2497e007272f38b30e98b4231a77a76 mnf/2.0/SRPMS/kernel-2.6.3.29mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDjfSCmqjQ0CJFipgRAivNAKCf9uIkAEZu5hRDk/tDe6Y89813zQCdEqFD Ar/Lnzyy9a037hb4fBSiHsc= =Ohmy -END PGP SIGNATURE-
MDKSA-2005:217 - Updated netpbm packages fix pnmtopng vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:217 http://www.mandriva.com/security/ ___ Package : netpbm Date: November 30, 2005 Affected: 10.1, Corporate 2.1, Corporate 3.0 ___ Problem Description: Greg Roelofs discovered and fixed several buffer overflows in pnmtopng which is also included in netpbm, a collection of graphic conversion utilities, that can lead to the execution of arbitrary code via a specially crafted PNM file. Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. (CVE-2005-3632) An off-by-one buffer overflow in pnmtopng, when using the -alpha command line option, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors. (CVE-2005-3662) The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662 ___ Updated Packages: Mandriva Linux 10.1: 550eae5a55b39101687b7a0532219627 10.1/RPMS/libnetpbm9-9.24-8.2.101mdk.i586.rpm b3b2ea4437130703b68a5b3868eaec0b 10.1/RPMS/libnetpbm9-devel-9.24-8.2.101mdk.i586.rpm 653e84715019165ea620d64e5969714f 10.1/RPMS/libnetpbm9-static-devel-9.24-8.2.101mdk.i586.rpm ac1db50f9caf2731a0dbc63e55688ef9 10.1/RPMS/netpbm-9.24-8.2.101mdk.i586.rpm c0b1026156fd6376adba353b4f5d0528 10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: a4fb05222ac3917637ae6a0773f7cdc9 x86_64/10.1/RPMS/lib64netpbm9-9.24-8.2.101mdk.x86_64.rpm 32951fca67c13886bdb779de08f8edf3 x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.2.101mdk.x86_64.rpm dafac5b2622f774bc311ef6004e4fa3e x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.2.101mdk.x86_64.rpm 6984338299c35aca2489b8dae94e9e65 x86_64/10.1/RPMS/netpbm-9.24-8.2.101mdk.x86_64.rpm c0b1026156fd6376adba353b4f5d0528 x86_64/10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm Corporate Server 2.1: cfeeabb6edac6d7234f6e09beb19ff36 corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.i586.rpm 4b34fb42803f511646d0129d7fc7dd2f corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.i586.rpm 89b46b4d6a89797916ee54a48a38a732 corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.i586.rpm c4af1176267c16480c3d15f24dcb5db9 corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.i586.rpm 0bf9af1326905eb13fb3f4fb66424653 corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm Corporate Server 2.1/X86_64: 27b0f5ef22581bc5c5c23bf880302c58 x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.x86_64.rpm 1743d3247a1e3de046fbf31ce37e443d x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.x86_64.rpm 4e67e3d7940f30c3bc86cf5a2f215543 x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.x86_64.rpm 7ab637139c9b1977923cae04dd3cc9de x86_64/corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.x86_64.rpm 0bf9af1326905eb13fb3f4fb66424653 x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm Corporate 3.0: 784b993f4e0409fe5255c3228c72ea3b corporate/3.0/RPMS/libnetpbm9-9.24-8.3.C30mdk.i586.rpm 319272b7f74900cabd06c6fa5e0b52b2 corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.3.C30mdk.i586.rpm e6feb19b8b2c0ac6d522c1a73035811d corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.3.C30mdk.i586.rpm 42406aa8e04afd173d2194b50d11ca13 corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.i586.rpm 17a729bc07c296f77efb87301d122aa6 corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm Corporate 3.0/X86_64: d0f1d6da66166acfc0ce18dfd55548e1 x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.3.C30mdk.x86_64.rpm 9e5d975423d7d00a1cfc5b1ea87c07c4 x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.3.C30mdk.x86_64.rpm f3f7f6ec681c2edbf29e789e1f9e1887 x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.3.C30mdk.x86_64.rpm 5f27304b1b68639211c34e573c163b52 x86_64/corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.x86_64.rpm 17a729bc07c296f77efb87301d122aa6 x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http
MDKSA-2005:220 - Updated kernel packages fix numerous vulnerabilities
user (CVE-2005-3271). The rose_rt_ioctl function rose_route.c in versions prior to 2.6.12 does not properly verify the ndigis argument for a new route, allowing an attacker to trigger array out-of-bounds errors with a large number of digipeats (CVE-2005-3273). A race condition in ip_vs_conn_flush in versions prior to 2.6.13, when running on SMP systems, allows local users to cause a DoS (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired (CVE-2005-3274). The NAT code in versions prior to 2.6.13 incorrectly declares a variable to be static, allowing remote attackers to cause a DoS (memory corruption) by causing two packets for the same protocol to be NATed at the same time (CVE-2005-3275). The sys_get_thread_area function in process.c in versions prior to 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which may allow a user process to obtain sensitive information (CVE-2005-3276). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276 ___ Updated Packages: Mandriva Linux 10.2: 2c46bb090164d04e6c45a0abef9d5756 10.2/RPMS/kernel-2.6.11.13mdk-1-1mdk.i586.rpm 1f527287a66e776825c6a665a9b62ccf 10.2/RPMS/kernel-i586-up-1GB-2.6.11.13mdk-1-1mdk.i586.rpm df151a56daf78664f6ac4dcf99ffbf4a 10.2/RPMS/kernel-i686-up-4GB-2.6.11.13mdk-1-1mdk.i586.rpm b531e97efe37e4cc41fba8fea177317b 10.2/RPMS/kernel-smp-2.6.11.13mdk-1-1mdk.i586.rpm 243fc4fbd27117ecf95a8c9d856a22cb 10.2/RPMS/kernel-source-2.6-2.6.11-13mdk.i586.rpm 841f4b9e8f333ae07af81fbb295e7b89 10.2/RPMS/kernel-source-stripped-2.6-2.6.11-13mdk.i586.rpm dafc4f7aa34f21434ce2d1ec76b8b80f 10.2/RPMS/kernel-xbox-2.6.11.13mdk-1-1mdk.i586.rpm 7369eb7eaf212a81d56f3d3df895f909 10.2/SRPMS/kernel-2.6.11.13mdk-1-1mdk.src.rpm Mandriva Linux 10.2/X86_64: d82156477b51547a270c7cda5a8ac5a1 x86_64/10.2/RPMS/kernel-2.6.11.13mdk-1-1mdk.x86_64.rpm f7e6d8f44813da237726c757cf4a4958 x86_64/10.2/RPMS/kernel-smp-2.6.11.13mdk-1-1mdk.x86_64.rpm b0b6f0422937ce40d421cf607dd5c57b x86_64/10.2/RPMS/kernel-source-2.6-2.6.11-13mdk.x86_64.rpm 42f78955e8bc151d36ae5bb3e1493c25 x86_64/10.2/RPMS/kernel-source-stripped-2.6-2.6.11-13mdk.x86_64.rpm 7369eb7eaf212a81d56f3d3df895f909 x86_64/10.2/SRPMS/kernel-2.6.11.13mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux
MDKSA-2005:216 - Updated fuse packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:216 http://www.mandriva.com/security/ ___ Package : fuse Date: November 24, 2005 Affected: 2006.0 ___ Problem Description: Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set unauthorized mount options. This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux. The updated packages have been patched to address these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3531 ___ Updated Packages: Mandriva Linux 2006.0: a3ae4ac8ed8a96214bbe1801722fd68e 2006.0/RPMS/dkms-fuse-2.3.0-2.1.20060mdk.i586.rpm 7703d6d4e053663bfa3712a6302c07be 2006.0/RPMS/fuse-2.3.0-2.1.20060mdk.i586.rpm 4daead454fd46fb8ea95953d9a1d3b12 2006.0/RPMS/libfuse2-2.3.0-2.1.20060mdk.i586.rpm db457d4c29b4d8d19d34434086e12fc7 2006.0/RPMS/libfuse2-devel-2.3.0-2.1.20060mdk.i586.rpm 86880673c11a93aa8a9001d79416f962 2006.0/RPMS/libfuse2-static-devel-2.3.0-2.1.20060mdk.i586.rpm 88ec22000581f550f0f2c11f29e70b0c 2006.0/SRPMS/fuse-2.3.0-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c94bfcb85845fd023fd2edfe88af55a4 x86_64/2006.0/RPMS/dkms-fuse-2.3.0-2.1.20060mdk.x86_64.rpm bbbfc58364a1ceaeb363428e1cd9423c x86_64/2006.0/RPMS/fuse-2.3.0-2.1.20060mdk.x86_64.rpm 5b0cd9cef709bfcf624b35880c5fab46 x86_64/2006.0/RPMS/lib64fuse2-2.3.0-2.1.20060mdk.x86_64.rpm 80ba54b4cb2467f9d2045114fa859873 x86_64/2006.0/RPMS/lib64fuse2-devel-2.3.0-2.1.20060mdk.x86_64.rpm 8aa436b1cb28f893fd68ba2fa53ae76e x86_64/2006.0/RPMS/lib64fuse2-static-devel-2.3.0-2.1.20060mdk.x86_64.rpm 88ec22000581f550f0f2c11f29e70b0c x86_64/2006.0/SRPMS/fuse-2.3.0-2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDhgLfmqjQ0CJFipgRAgZMAKCoUKqr+XKmjG91tB9as/8jQjIO5wCg7pCN k7oCnFekKIWVLBUz0x1ff+Q= =X3aa -END PGP SIGNATURE-
MDKSA-2005:215 - Updated binutils packages fix vulnerabilities
can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDhKsfmqjQ0CJFipgRAgbcAJ44oqybcmVb8HGLmJsoOi7Pnc34vACg15Y6 wbya/4Q74mmWUW84jwoMa0E= =Hfll -END PGP SIGNATURE-
MDKSA-2005:213 - Updated php packages fix multiple vulnerabilities
-5.0.4-9.1.20060mdk.i586.rpm 950c43ac1569610fa31b15803fc50d40 2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.i586.rpm 1a19b2cc5607bf65c3fe7a339f97ce72 2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.i586.rpm e8d70f64d363821fe29e7cf39e93cd71 2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.i586.rpm fe70481a5316019e303e45e5f0e59adb 2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.i586.rpm 9c6a477d87cebf040cee39b75423c040 2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm f2b058c92a3c2107f97a4b07d34dc1c8 2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 044e1542f327cf7552fa4d4124843f1f x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.1.20060mdk.x86_64.rpm 60f4edc9196ea58d9614c3f2ed66a9f6 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.x86_64.rpm 9f6c1eb1a1da44518993957d13eb10bf x86_64/2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.x86_64.rpm 3c5d616931098f198eeb0f41011144aa x86_64/2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.x86_64.rpm d16ba71605fc37881443605025534440 x86_64/2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.x86_64.rpm 0f10f24c8b43317904a79ac66f0405de x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.x86_64.rpm 9c6a477d87cebf040cee39b75423c040 x86_64/2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm f2b058c92a3c2107f97a4b07d34dc1c8 x86_64/2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm Corporate Server 2.1: 18b1c4dab517ae624ee96b7558112d84 corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.i586.rpm 25e79b0cbb0b1ed8c0915db93efe7863 corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.i586.rpm c818089e5fe42953da5ca48855c52a39 corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.i586.rpm aaafac3f547795f1e4ab50094fb05bb8 corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.i586.rpm 590fd7d0a4340ac62e443a1c1543fe60 corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm Corporate Server 2.1/X86_64: d3ad20980ced61773e64fc0cd347dbc0 x86_64/corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.x86_64.rpm 74dc4c2cd5a48ebc77d081ae64fe38cd x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.x86_64.rpm 5acad2f71a4e4728a986f08a7966846a x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.x86_64.rpm 39856102ebde84daad4d917cfa94b067 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.x86_64.rpm 590fd7d0a4340ac62e443a1c1543fe60 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm Corporate 3.0: c2b5c67cd95e5ea7725a98c516b9742f corporate/3.0/RPMS/libphp_common432-4.3.4-4.8.C30mdk.i586.rpm a8eef95a35ce6916836ee78d1d473939 corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.i586.rpm 6c00ce7c4952e9cfcbc654a594d94b18 corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.i586.rpm fad4d2d37aeae89eb52ab10a35b8b3b4 corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.i586.rpm 97ed320ad4011d18f69f8f957295a7d7 corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm Corporate 3.0/X86_64: db82bf6b28383e687974a6e3ea8ef632 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.8.C30mdk.x86_64.rpm 740b5d6160992055e5e84dc03480cf45 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.x86_64.rpm 6e2fd52cca98a8b208acaec013cb7630 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.x86_64.rpm 679c794a8904940946d8cb52e529413a x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.x86_64.rpm 97ed320ad4011d18f69f8f957295a7d7 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm Multi Network Firewall 2.0: 82bae104a4800c62bf0a007d5af84941 mnf/2.0/RPMS/libphp_common432-4.3.4-4.8.M20mdk.i586.rpm b64e2f00d014aa894d94271351b1cef0 mnf/2.0/RPMS/php432-devel-4.3.4-4.8.M20mdk.i586.rpm c306907caa4c66c77653a2f264fdcdbe mnf/2.0/RPMS/php-cgi-4.3.4-4.8.M20mdk.i586.rpm 46b577275216cfc259a6caba5d4b82f3 mnf/2.0/RPMS/php-cli-4.3.4-4.8.M20mdk.i586.rpm c528b16fd83ddd8732609863ffe0a16a mnf/2.0/SRPMS/php-4.3.4-4.8.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDe9IImqjQ0CJFipgRAm1aAJ4lHTfZ0FX+0LkLxE2UZ+3U90NQlgCfW8XP GDuewXy9EIzNQOsJzWNByRY= =UcRs -END PGP SIGNATURE-
MDKSA-2005:212 - Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities
.C30mdk.noarch.rpm 84f495032f73864c1ca310a318837f31 corporate/3.0/RPMS/egroupware-projects-1.0-0.RC3.1.1.C30mdk.noarch.rpm 3db5f783dcda18436cbf518033f95be3 corporate/3.0/RPMS/egroupware-registration-1.0-0.RC3.1.1.C30mdk.noarch.rpm e8113156f031a132f175176465203169 corporate/3.0/RPMS/egroupware-sitemgr-1.0-0.RC3.1.1.C30mdk.noarch.rpm 29d48e4fe5c5d1b94e59e0cc204e0543 corporate/3.0/RPMS/egroupware-skel-1.0-0.RC3.1.1.C30mdk.noarch.rpm f6289361d472ea1ad5df3d7758f761be corporate/3.0/RPMS/egroupware-stocks-1.0-0.RC3.1.1.C30mdk.noarch.rpm 76a227fd0a41378068f50206988bede3 corporate/3.0/RPMS/egroupware-tts-1.0-0.RC3.1.1.C30mdk.noarch.rpm ec29184df68cc2b948acab7c5f8aeeb9 corporate/3.0/RPMS/egroupware-wiki-1.0-0.RC3.1.1.C30mdk.noarch.rpm 5384f10de57e45eeb12a9dd327ee9c10 corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 2f1b49e341d8edd6c1932003566ffc58 x86_64/corporate/3.0/RPMS/egroupware-1.0-0.RC3.1.1.C30mdk.noarch.rpm 6ccdd0eb824c3e33ec3d563faab7c3d0 x86_64/corporate/3.0/RPMS/egroupware-addressbook-1.0-0.RC3.1.1.C30mdk.noarch.rpm d174b44005b42690b63f579fc52f25a5 x86_64/corporate/3.0/RPMS/egroupware-backup-1.0-0.RC3.1.1.C30mdk.noarch.rpm 7a373d4cd1164b9d224d4994660261be x86_64/corporate/3.0/RPMS/egroupware-bookmarks-1.0-0.RC3.1.1.C30mdk.noarch.rpm c4c7ba83e63d4c020ab727489ca97cf1 x86_64/corporate/3.0/RPMS/egroupware-calendar-1.0-0.RC3.1.1.C30mdk.noarch.rpm 86c6438ad0ba2b49a6cf5ca620029061 x86_64/corporate/3.0/RPMS/egroupware-comic-1.0-0.RC3.1.1.C30mdk.noarch.rpm d89f1c956c5e2cc42814a20acb290687 x86_64/corporate/3.0/RPMS/egroupware-developer_tools-1.0-0.RC3.1.1.C30mdk.noarch.rpm adfbb36bfd59ce3a48dc56b921be2a54 x86_64/corporate/3.0/RPMS/egroupware-email-1.0-0.RC3.1.1.C30mdk.noarch.rpm bfa26dd679f2d5ad73aff923a49e x86_64/corporate/3.0/RPMS/egroupware-emailadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm 413c4f14dab1ec459582e550184642e3 x86_64/corporate/3.0/RPMS/egroupware-etemplate-1.0-0.RC3.1.1.C30mdk.noarch.rpm ef5067cae004fa45cd7bd7139120b889 x86_64/corporate/3.0/RPMS/egroupware-felamimail-1.0-0.RC3.1.1.C30mdk.noarch.rpm f3deac45103897da4f179340270e4aad x86_64/corporate/3.0/RPMS/egroupware-filemanager-1.0-0.RC3.1.1.C30mdk.noarch.rpm 8062cb13302d80aa6bd4e88f9d979b1c x86_64/corporate/3.0/RPMS/egroupware-forum-1.0-0.RC3.1.1.C30mdk.noarch.rpm f7937eb4df7f85c0fe8b379023f2c573 x86_64/corporate/3.0/RPMS/egroupware-ftp-1.0-0.RC3.1.1.C30mdk.noarch.rpm eb8bbcc4b483e98945ee601b15ec7f7d x86_64/corporate/3.0/RPMS/egroupware-fudforum-1.0-0.RC3.1.1.C30mdk.noarch.rpm db6def23bc1ff1b53dcadd2ffdd6a3d0 x86_64/corporate/3.0/RPMS/egroupware-headlines-1.0-0.RC3.1.1.C30mdk.noarch.rpm 1e6cc7a656c68a1ca62e31c12e893a3f x86_64/corporate/3.0/RPMS/egroupware-infolog-1.0-0.RC3.1.1.C30mdk.noarch.rpm 71c547730fcc2bc147443bfedee83d67 x86_64/corporate/3.0/RPMS/egroupware-jinn-1.0-0.RC3.1.1.C30mdk.noarch.rpm c5bec11237069f31df19356273a04630 x86_64/corporate/3.0/RPMS/egroupware-messenger-1.0-0.RC3.1.1.C30mdk.noarch.rpm 447920d7c091917ddf6594748e259d61 x86_64/corporate/3.0/RPMS/egroupware-news_admin-1.0-0.RC3.1.1.C30mdk.noarch.rpm 42c4c60a10da6684116fd3b02015786f x86_64/corporate/3.0/RPMS/egroupware-phpbrain-1.0-0.RC3.1.1.C30mdk.noarch.rpm cc3d269b9c4e0a9c0ba653d43f5e7b07 x86_64/corporate/3.0/RPMS/egroupware-phpldapadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm 234151d4addd9cc8d1ec9c8d3de20c19 x86_64/corporate/3.0/RPMS/egroupware-phpsysinfo-1.0-0.RC3.1.1.C30mdk.noarch.rpm 2d1ee394139ac708596205c94e6c7787 x86_64/corporate/3.0/RPMS/egroupware-polls-1.0-0.RC3.1.1.C30mdk.noarch.rpm 46ad113c5567a0eb11c5714b0d40d4af x86_64/corporate/3.0/RPMS/egroupware-projects-1.0-0.RC3.1.1.C30mdk.noarch.rpm 7eb518461ed5e14e30050a0029deff78 x86_64/corporate/3.0/RPMS/egroupware-registration-1.0-0.RC3.1.1.C30mdk.noarch.rpm 064cada6a43dca2b008667279fa49b77 x86_64/corporate/3.0/RPMS/egroupware-sitemgr-1.0-0.RC3.1.1.C30mdk.noarch.rpm 0b7e02fb4f16805917ab5bb38e413f46 x86_64/corporate/3.0/RPMS/egroupware-skel-1.0-0.RC3.1.1.C30mdk.noarch.rpm e31a1d779b94b6f8948fd62bf234 x86_64/corporate/3.0/RPMS/egroupware-stocks-1.0-0.RC3.1.1.C30mdk.noarch.rpm bbbfa22769e23adb399ed087872cee89 x86_64/corporate/3.0/RPMS/egroupware-tts-1.0-0.RC3.1.1.C30mdk.noarch.rpm 98edc1ce7c21635f606c714d97c78501 x86_64/corporate/3.0/RPMS/egroupware-wiki-1.0-0.RC3.1.1.C30mdk.noarch.rpm 5384f10de57e45eeb12a9dd327ee9c10 x86_64/corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories
MDKSA-2005:209 - Updated fetchmail packages fixes fetchmailconf vulnerability
/3.0/RPMS/fetchmail-daemon-6.2.5-3.2.C30mdk.i586.rpm b54d99d537e7317aa590e6aae57df78b corporate/3.0/SRPMS/fetchmail-6.2.5-3.2.C30mdk.src.rpm Corporate 3.0/X86_64: d4d0d8a6995d5d209a508984b3b0d7d8 x86_64/corporate/3.0/RPMS/fetchmail-6.2.5-3.2.C30mdk.x86_64.rpm 6bf1d33980eb83ec0434a9fbdae1014f x86_64/corporate/3.0/RPMS/fetchmailconf-6.2.5-3.2.C30mdk.x86_64.rpm 62db83cb99470473cf1718fc38aaedc6 x86_64/corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.2.C30mdk.x86_64.rpm b54d99d537e7317aa590e6aae57df78b x86_64/corporate/3.0/SRPMS/fetchmail-6.2.5-3.2.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcnQPmqjQ0CJFipgRAk6dAJ9GH/E98V/wHxCv2SufVnNDGJhHMQCfUpeJ douSyj4gSpEu6e2KCnT8tHk= =Gpyr -END PGP SIGNATURE-
MDKSA-2005:210 - Updated w3c-libwww packages fixes DoS vulnerability.
-devel-5.4.0-2.1.C30mdk.x86_64.rpm fbcc5c240ba9a1393630d104348b8f0d x86_64/corporate/3.0/SRPMS/w3c-libwww-5.4.0-2.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcnlMmqjQ0CJFipgRAjGwAJ40Z6rAFU0GwRsqzj7lgZX6B531gwCeItNf f2A0d4XLb7CxvwcEU2x/BVs= =81Jq -END PGP SIGNATURE-
MDKSA-2005:206 - Updated openvpn packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:206 http://www.mandriva.com/security/ ___ Package : openvpn Date: November 8, 2005 Affected: Multi Network Firewall 2.0 ___ Problem Description: Two Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client (CVE-2005-3393). The second DoS can occur if when in TCP server mode, OpenVPN received an error on accept(2) and the resulting exception handler causes a segfault (CVE-2005-3409). The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409 ___ Updated Packages: Multi Network Firewall 2.0: 6d05d03341ef7c99bd0c044ac14383c7 mnf/2.0/RPMS/openvpn-2.0.1-0.2.M20mdk.i586.rpm 8882e7500e1fb8a255f5f50885042608 mnf/2.0/SRPMS/openvpn-2.0.1-0.2.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcSaomqjQ0CJFipgRAqpcAKCm5jQa0I3yoYNq2KF/IfE0ygaTdwCgrYlc CH/Ar8bO2UfJ3ciAqdY9jz0= =IPL2 -END PGP SIGNATURE-
MDKSA-2005:205 - Updated clamav packages fix multiple vulnerabilities
0c9f263914cda45b4ca018f11f955707 x86_64/2006.0/RPMS/clamav-db-0.87.1-0.1.20060mdk.x86_64.rpm 1df55cff65a82a0cf8f2aae8382f0887 x86_64/2006.0/RPMS/clamav-milter-0.87.1-0.1.20060mdk.x86_64.rpm 17355b44d623045954ef63674a1fc0c4 x86_64/2006.0/RPMS/clamd-0.87.1-0.1.20060mdk.x86_64.rpm e8540c821cf357e1fe11658479a6f987 x86_64/2006.0/RPMS/lib64clamav1-0.87.1-0.1.20060mdk.x86_64.rpm af0724e8ae0a0fe5da725a5ea715a590 x86_64/2006.0/RPMS/lib64clamav1-devel-0.87.1-0.1.20060mdk.x86_64.rpm 6df60c1704c68f55c4340ef390031a45 x86_64/2006.0/SRPMS/clamav-0.87.1-0.1.20060mdk.src.rpm Corporate 3.0: 050c7d954ed3989ad4147a88249badeb corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.i586.rpm a0d523b33847321b3d4e2bcb4871b1c7 corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.i586.rpm 8aaa9765087b3aa3278f5a46d78e corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.i586.rpm 58c653b2328ee65d7cdf1965db708e07 corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.i586.rpm ab6e8b876b55c02e6eba1c81b64992d8 corporate/3.0/RPMS/libclamav1-0.87.1-0.1.C30mdk.i586.rpm 096b42b70415f52cbce650b0a89760aa corporate/3.0/RPMS/libclamav1-devel-0.87.1-0.1.C30mdk.i586.rpm 0645c9be8c4e7d4b1ec8afea8f19d394 corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 5d6e4bf645c047e7336b2a6d9bbf400a x86_64/corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.x86_64.rpm 48c8a2961fa704d6953ea5889f105921 x86_64/corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.x86_64.rpm da4c207e3c56196d847570bb29e1832b x86_64/corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.x86_64.rpm b75e29b3640c7751dd33deb67738d111 x86_64/corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.x86_64.rpm a792a67e4ee111a62bfbadc509c3a9e4 x86_64/corporate/3.0/RPMS/lib64clamav1-0.87.1-0.1.C30mdk.x86_64.rpm 8d332c974aa7c208de3c1eb506f57f46 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.87.1-0.1.C30mdk.x86_64.rpm 0645c9be8c4e7d4b1ec8afea8f19d394 x86_64/corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDb/avmqjQ0CJFipgRAhxaAKCljzEjvPifL9QES8uwp30UfHUQ0gCdH0nW v7gLyAOESkJBj2VLYmfFMIw= =Smy7 -END PGP SIGNATURE-
MDKSA-2005:203 - Updated gda2.0 packages fix string format vulnerability
-2.2.20060mdk.i586.rpm dd0126df1e10c2f127ebecc5e0a1c26c 2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.i586.rpm 47e6a607eaa3738b4d07adb619232eb1 2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.i586.rpm 4d1f9d08c55ed0a195ca001996f239e3 2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.i586.rpm e9dc80d837f6932969c3601f03707c59 2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.i586.rpm 0ec62e103852325ee70769fe2eadb6c4 2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.i586.rpm a5d3d090e83d080ebf6a1c210aa113f1 2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.i586.rpm a4a8ae72f7cd866183c2e8a4a2e16bd3 2006.0/RPMS/libgda2.0_3-1.2.2-2.2.20060mdk.i586.rpm 2b4c20ea0a38bf22c5aa31da3cd8884f 2006.0/RPMS/libgda2.0_3-devel-1.2.2-2.2.20060mdk.i586.rpm 16c1de82d2b1996adeb4577b1ff9cdcd 2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 36a04443e670524ae0c4d93bf0752e9f x86_64/2006.0/RPMS/gda2.0-1.2.2-2.2.20060mdk.x86_64.rpm d2fecb3c702f5c764c6a67c85e36e448 x86_64/2006.0/RPMS/gda2.0-bdb-1.2.2-2.2.20060mdk.x86_64.rpm 44171de894c358c5bd3d4301b488170e x86_64/2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.x86_64.rpm 863aacd7318479757dc2d2e1ed238418 x86_64/2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.x86_64.rpm a82c2fceef36372b1fc17086b6237293 x86_64/2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.x86_64.rpm 067f1f9a633b3e2dbe8ca08591d48642 x86_64/2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.x86_64.rpm 4b257c7716b6eefcfb0fec95732975a0 x86_64/2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.x86_64.rpm 9fef9fad9b8d98708c30c87b4bfdbece x86_64/2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.x86_64.rpm 84787803035a7d1ee2bb7b12775ea9f0 x86_64/2006.0/RPMS/lib64gda2.0_3-1.2.2-2.2.20060mdk.x86_64.rpm 3037e49d4a6f17e6b752fcff37f05986 x86_64/2006.0/RPMS/lib64gda2.0_3-devel-1.2.2-2.2.20060mdk.x86_64.rpm 16c1de82d2b1996adeb4577b1ff9cdcd x86_64/2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZ/iMmqjQ0CJFipgRAsECAJ9a/c0Go4Yy9/+4hY/DWo72IrpRSgCgnX3g zDqRFrxHNRzw/J1onPK4fc0= =NhHM -END PGP SIGNATURE-
MDKSA-2005:202 - Updated squirrelmail packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:202 http://www.mandriva.com/security/ ___ Package : squirrelmail Date: November 1, 2005 Affected: Corporate 3.0 ___ Problem Description: A vulnerability in the way that SquirrelMail handled the $_POST variables was discovered. If a user was tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. This vulnerability is corrected in SquirrelMail 1.4.5 and the updated packages provide the latest stable version. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095 ___ Updated Packages: Corporate 3.0: 81cf3711a3faf9a95c69a8ece4962801 corporate/3.0/RPMS/squirrelmail-1.4.5-1.1.C30mdk.noarch.rpm 20eb541402352ed58b6d9e0ffd051168 corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.1.C30mdk.noarch.rpm c03a4c37539bd9e5aee916946c196366 corporate/3.0/SRPMS/squirrelmail-1.4.5-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 81cf3711a3faf9a95c69a8ece4962801 x86_64/corporate/3.0/RPMS/squirrelmail-1.4.5-1.1.C30mdk.noarch.rpm 20eb541402352ed58b6d9e0ffd051168 x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.1.C30mdk.noarch.rpm c03a4c37539bd9e5aee916946c196366 x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.5-1.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZ/g4mqjQ0CJFipgRAng8AJ9Td4JffO2QkmAn6ezcgnc9WiVZ4wCg3j+x hCmXWaPsbKoPp8dPD45Aujw= =ST/9 -END PGP SIGNATURE-
MDKSA-2005:204 - Updated wget packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:204 http://www.mandriva.com/security/ ___ Package : wget Date: November 1, 2005 Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: Hugo Vazquez Carames discovered a race condition when writing output files in wget. After wget determined the output file name, but before the file was actually opened, a local attacker with write permissions to the download directory could create a symbolic link with the name of the output file. This could be exploited to overwrite arbitrary files with the permissions of the user invoking wget. The time window of opportunity for the attacker is determined solely by the delay of the first received data packet. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2014 ___ Updated Packages: Mandriva Linux 10.1: 28b67f788c7ed5f28ca7e752b15a9eb8 10.1/RPMS/wget-1.9.1-4.3.101mdk.i586.rpm b0b856e5eeb63f608476877942f6a216 10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: d2fc09595e4bf4267c7cc7d9d5def8ee x86_64/10.1/RPMS/wget-1.9.1-4.3.101mdk.x86_64.rpm b0b856e5eeb63f608476877942f6a216 x86_64/10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm Corporate 3.0: 91f8d363d41afb43943f3f5569e2e83c corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.i586.rpm 8ce78a19c89331fdb7527e6a4674376c corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm Corporate 3.0/X86_64: e3796c54a067d9ef54d08f779fe3ec9d x86_64/corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.x86_64.rpm 8ce78a19c89331fdb7527e6a4674376c x86_64/corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm Multi Network Firewall 2.0: f834aa6b814014c20b6d97fd7a893ea6 mnf/2.0/RPMS/wget-1.9.1-4.3.M20mdk.i586.rpm 00f1b8920df39e3f4fc35eea07879168 mnf/2.0/SRPMS/wget-1.9.1-4.3.M20mdk.src.rpm Mandriva Linux 10.2: 36dfb01a50fcdec20d379001f2054ba4 10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm 82584cb410bcb5104f44d3429675e7e5 10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 36dfb01a50fcdec20d379001f2054ba4 x86_64/10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm 82584cb410bcb5104f44d3429675e7e5 x86_64/10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZ/jemqjQ0CJFipgRAjGJAKDtkgHO1ZWuWus4X5CPffEGbA0FxgCcDaXT yJo8rb9mFDl/0yBiIKUdigo= =y4/v -END PGP SIGNATURE-