%package pam_krb5 Update: Mon Oct 06 10:55:22 2008 Importance: security ID: MDVSA-2008:209-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:209-1 %pre Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache (CVE-2008-3825). The updated packages have been patched to prevent this issue. Update: An updated package for Mandriva Linux 2009.0 is now available. %description This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV tickets. The included pam_krb5afs module also gets AFS tokens if so configured. %package drakx-finish-install drakx-kbd-mouse-x11 drakxtools drakxtools-backend drakxtools-curses drakxtools-http gurpmi harddrake harddrake-ui mdkonline rpmdrake urpmi urpmi-ldap urpmi-parallel-ka-run urpmi-parallel-ssh urpmi-recover Update: Thu Oct 09 09:35:10 2008 Importance: normal ID: MDVA-2008:137 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:137 %pre These updated packages improve the urpmi graphical interface and add support for online distribution upgrades. %description urpmi is Mandriva Linux's console-based software installation tool. You can use it to install software from the console in the same way as you use the graphical Install Software tool (rpmdrake) to install software from the desktop. urpmi will follow package dependencies -- in other words, it will install all the other software required by the software you ask it to install -- and it's capable of obtaining packages from a variety of media, including the Mandriva Linux installation CD-ROMs, your local hard disk, and remote sources such as web or FTP sites. %package draksnapshot Update: Thu Oct 09 10:50:41 2008 Importance: bugfix ID: MDVA-2008:135-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:135-1 %pre This update fixes several issues in draksnapshot: The draksnapshot applet received the following fixes: - on desktop startup, it will wait for 30s before checking for available disc so that notification is positioned at the right place, on the applet icon - it prevents crashing if DBus is not reachable, and reports DBus errors - it prevents crashing if DBus is active, but HAL is not (#44434) - if all discs are unmounted, the applet will hide (#41176) - it prevents running more than once - it uses HAL in order to detect discs available for backup, thus fixing detecting some internal SATA discs as discs available for backup (#41107) It also uses new icons from Mandriva Linux 2009.0. The draksnapshot configuration tool also received the following fixes: - it stops saving config when clicking Close (#39790); one has to click on Apply in order to save the config - on first run, it offers backup in mounted disc path, instead of defaulting to some place in the root filesystem which could previously be filled up (#39802) - it no longer offers to configure some obscure advanced options - it now allows for disabling backups - it generates anacron-friendly cron files Update: An updated draksnapshot is now available for Mandriva Linux 2009.0. %description This is a backup program that uses rsync to take backup snapshots of filesystems. It uses hard links to save space on disk. %package dkms-lirc dkms-lirc-gpio dkms-lirc-parallel liblirc0 liblirc-devel lirc Update: Thu Oct 09 11:23:56 2008 Importance: bugfix ID: MDVA-2008:139 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:139 %pre The lirc_dev module contained in the dkms-lirc package shipped with Mandriva Linux 2009 contains a bug which would cause it to crash (oops) immediately on load. The result of this is that lirc is unusable, and if you have dkms-lirc installed and the 'lircd' service enabled, the system may fail to boot correctly. The updated package fixes this bug and provides a set of lirc modules that load and work correctly. Please note that this issue only affects systems with the actual IR hardware that lirc works with. %description LIRC is a package that allows you to decode and send infra-red signals of many (but not all) commonly used remote controls. Configuration files for many remotes are locate in lirc-remotes package %package symlinks Update: Thu Oct 09 11:51:20 2008 Importance: bugfix ID: MDVA-2008:140 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:140 %pre The symlinks program did not work on files larger than 2GB, reporting the error Value too large for defined data type. This update fixes this issue in addition to an error where symlinks converted from absolute to relative paths were not shortened (Red Hat bug #89655). %description The symlinks utility performs maintenance on symbolic links. Symlinks checks for symlink problems, including dangling symlinks which point to nonexistent files. Symlinks can also automatically convert absolute symlinks to relative symlinks. Install the symlinks package if you need a program for maintaining symlinks on your system. %package mdkonline Update: Fri Oct 10 10:06:02 2008 Importance: bugfix ID: MDVA-2008:141 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:141 %pre This update ensures distribution upgrade notification is not detected in incorrect cases and the distribution upgrade confirmation dialog is not displayed after security updates are applied. %description The Mandriva Online tool allows users to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Update daemon which allows you to install security updates automatically, * A KDE/Gnome/IceWM compliant applet for security updates notification and installation. %package cups cups-common cups-serial libcups2 libcups2-devel php-cups Update: Fri Oct 10 23:20:09 2008 Importance: security ID: MDVSA-2008:211 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:211 %pre A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An attacker could create malicious SGI image files that could possibly execute arbitrary code if the file was printed (CVE-2008-3639). An integer overflow flaw leading to a heap buffer overflow was found in the Text-to-PostScript texttops filter. An attacker could create a malicious text file that could possibly execute arbitrary code if the file was printed (CVE-2008-3640). Finally, an insufficient buffer bounds checking flaw was found in the HP-GL/2-to-PostScript hpgltops filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code if the file was printed (CVE-2008-3641). The updated packages have been patched to prevent this issue; for Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided that corrects these issues and also provides other bug fixes. %description CUPS 1.2 is fully compatible with CUPS-1.1 machines in the network and with software built against CUPS-1.1 libraries. The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package jay libmono0 libmono-devel mono mono-bytefx-data-mysql mono-data mono-data-firebird mono-data-oracle mono-data-postgresql mono-data-sqlite mono-data-sybase mono-doc mono-extras mono-ibm-data-db2 mono-jscript mono-locale-extras mono-nunit mono-web mono-winforms Update: Sat Oct 11 08:50:13 2008 Importance: security ID: MDVSA-2008:210-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:210-1 %pre CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. Update: This update was too late for inclusion in Mandriva Linux 2009, so it is being released now for that version. %description Mono is an implementation of the ECMA Common Language Infrastructure, it contains both a just-in-time compiler for maximum performance, and an interpeter. It can also be used to run programs from the .NET Framework. This package contains the core of the Mono runtime including its Virtual Machine, Just-in-time compiler, C# compiler, security tools and libraries (corlib, XML, System.Security, System.Drawing, ZipLib, I18N, Cairo and Mono.*). %package x11-driver-video-intel Update: Wed Oct 15 08:33:55 2008 Importance: bugfix ID: MDVA-2008:143 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:143 %pre Some recent intel graphics cards (Series 4) triggered a random freeze or a reboot of some machines when the graphical interface was loaded. Some affected machines include the Dell Latitude E6500 and Lenovo Thinkpad X200. %description x11-driver-video-intel is the X.org driver for Intel video chipsets. %package libxml2_2 libxml2-devel libxml2-python libxml2-utils Update: Wed Oct 15 08:55:18 2008 Importance: security ID: MDVSA-2008:212 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:212 %pre libxml2 version 2.7.0 and 2.7.1 did not properly handle predefined entities definitions in entities, which allowed context-dependent attackers to cause a denial of service (memory consumption and application crash) via certain XML documents (CVE-2008-4409). The updated packages have been patched to prevent this issue. %description This library allows you to manipulate XML files. It includes support for reading, modifying and writing XML and HTML files. There is DTDs support: this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM-like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to a URI library. %package dbus dbus-x11 libdbus-1_3 libdbus-1-devel Update: Wed Oct 15 11:30:03 2008 Importance: security ID: MDVSA-2008:213 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:213 %pre The D-Bus library did not correctly validate certain corrupted signatures which could cause a crash of applications linked against the D-Bus library if a local user were to send a specially crafted D-Bus request (CVE-2008-3834). The updated packages have been patched to prevent this issue. %description D-Bus is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. %package libopensc2 libopensc-devel mozilla-plugin-opensc opensc Update: Wed Oct 15 12:46:16 2008 Importance: bugfix ID: MDVA-2008:145 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:145 %pre OpenSC is missing openct linking. As a result, no cards using openct are seen and therefore cannot be used. This update builds OpenSC with openct linking. %description opensc is a library for accessing smart card devices using PC/SC Lite middleware package. It is also the core library of the OpenSC project. Basic functionality (e.g. SELECT FILE, READ BINARY) should work on any ISO 7816-4 compatible smart card. Encryption and decryption using private keys on the SmartCard is at the moment possible only with PKCS #15 compatible cards. %package bovo katomic kbattleship kblackbox kblocks kbounce kbreakout kdegames4 kdegames4-core kdegames4-devel kdiamond kfourinline kgoldrunner kiriki kjumpingcube klines kmahjongg kmines knetwalk kolf kollision konquest kpat kreversi ksame kshisen ksirk kspaceduel ksquares ktuberling kubrick libkdegames4 libkggzgames4 libkggzmod4 libkggznet4 libkmahjongglib4 libkolfprivate4 lskat Update: Wed Oct 15 12:47:53 2008 Importance: bugfix ID: MDVA-2008:146 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:146 %pre The kdegames4 package included in 2009.0 contains a bug, where the kdegames4-devel package did not require corresponding library packages, leading to broken symbolic links when linking kdegames. Thus, packages based on kdegames4 cannot be built correctly. This update corrects the problem. %description Games for the K Desktop Environment. This is a compilation of various games for KDE project - katomic: build complex atoms with a minimal amount of moves - kbattleship: battleship game with built-in game server - kblackbox: find atoms in a grid by shooting electrons - kbounce: claim areas and don't get disturbed - klines: place 5 equal pieces together, but wait, there are 3 new ones - mahjongg: a tile laying patience - kmines: the classical mine sweeper - kolf: a golf game - konquest: conquer the planets of your enemy - kpat: several patience card games - kreversi: the old reversi board game, also known as othello - ksame: collect pieces of the same color - kshisen: patience game where you take away all pieces - kspaceduel: two player game with shooting spaceships flying around a sun - ktuberling: kids game: make your own potato (NO french fries!) - kfourinline: place 4 pieces in a row - Lskat: lieutnant skat - KGoldrunner: a game of action and puzzle solving. - KTuberling: "potato editor" game - Kiriki: Close of Yahtzee - Kjumpingcube: a tactical game for number-crunchers - Bovo: classic pen and paper game - KSquares: an implementation of the popular paper based game squares - Knetwalk: Turn the board pieces to get all computers connected %package libpulseaudio0 libpulseaudio-devel libpulsecore5 libpulseglib20 libpulsezeroconf0 pulseaudio pulseaudio-esound-compat pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils Update: Fri Oct 17 08:35:14 2008 Importance: bugfix ID: MDVA-2008:148 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:148 %pre Some issues relating to thread cancellation have been discovered in the pulseaudio package shipped with Mandriva Linux 2009.0. These issues could result in the crash of an application acting as a pulseaudio client. This condition is greatly exacerbated when the client is unable to connect to the pulseaudio server. Due to the fact that libcanberra is used to play event sounds in GTK apps, this problem could present itself when running GTK applications as root which, under some circumstances, was unable to connect to the user's pulseaudio daemon. The problems were traced to the use of libasycns in pulseaudio and this updated package is compiled without support for this library (it is not essential to pulseaudio operation). In addition, the version of pulseaudio shipped in Mandriva Linux 2009.0 used wallclock time to determine when a misbehaving daemon was overloading the CPU (under which circumstances the daemon terminated). This can cause problems when the time is changed manually or when daylight savings kick in. This package also contains an upstream fix to use monotonic time which does not suffer from this limitation. %description pulseaudio is a sound server for Linux and other Unix like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (EsounD). In addition to the features EsounD provides pulseaudio has: * Extensible plugin architecture (by loading dynamic loadable modules with dlopen()) * Support for more than one sink/source * Better low latency behaviour * Embedabble into other software (the core is available as C library) * Completely asynchronous C API * Simple command line interface for reconfiguring the daemon while running * Flexible, implicit sample type conversion and resampling * "Zero-Copy" architecture * Module autoloading * Very accurate latency measurement for playback and recording. * May be used to combine multiple sound cards to one (with sample rate adjustment) * Client side latency interpolation %package banshee banshee-doc banshee-ipod banshee-mtp Update: Mon Oct 20 09:29:06 2008 Importance: bugfix ID: MDVA-2008:150 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:150 %pre Banshee failed on initial startup from the menu, due to its configuration directory to be missing. This update fixes the problem. %description With Banshee you can easily import, manage, and play selections from your music collection. Banshee allows you to import CDs, sync your music collection to an mobile device, play music directly from an mobile player, create playlists with songs from your library, and create audio and MP3 CDs from subsets of your library. %package timezone timezone-java Update: Mon Oct 20 10:32:29 2008 Importance: normal ID: MDVA-2008:151 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:151 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package libtotem-plparser12 libtotem-plparser-devel libtotem-plparser-mini12 totem-pl-parser-i18n Update: Mon Oct 20 12:27:23 2008 Importance: bugfix ID: MDVA-2008:152 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:152 %pre The totem playlist parser library was not exporting a symbol required by the python binding. This update adds the symbol and fixes several other bugs. %description Shared library used by totem. %package libphonon4 libphononexperimental4 phonon-devel phonon-gstreamer Update: Mon Oct 20 12:48:16 2008 Importance: bugfix ID: MDVA-2008:153 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:153 %pre In Mandriva Linux 2009.0, phonon's signal availableAudioCaptureDevicesChanged was not connected, causing the KDE4 desktop to be unable to play OGG files. This update corrects the issue. %description Phonon is the KDE4 Multimedia Framework %package util-linux-ng Update: Tue Oct 21 15:34:30 2008 Importance: bugfix ID: MDVA-2008:154 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:154 %pre Several bugs were found in util-linux-ng package: - Using an offset on loopback device was broken - Creating an encrypted loopback with losetup -e was broken - Using fdisk to modify the partition table of an image file did not write the changes The updated package fixes these issues. %description The util-linux-ng package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux-ng contains the fdisk configuration tool and the login program. %package kdebase4-runtime kdebase4-runtime-devel libkaudiodevicelist4 oxygen-icon-theme phonon-xine Update: Tue Oct 21 19:25:20 2008 Importance: bugfix ID: MDVA-2008:155 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:155 %pre When an attachment file is opened in a KDE4 application, it is copied to a temporary directory and opened by a 'kioexec' process. When you close the application, the 'kioexec' process should automatically close after some minutes of inactivity in the temporary file. The kdebase4-runtime package released in Mandriva Linux 2009 has a bug which prevents the 'kioexec' process from closing. This update fixes the problem. %description KDE 4 application runtime components. %package kdebase4-workspace kdebase4-workspace-devel kdm libkdecorations4 libkfontinst4 libkfontinstui4 libkhotkeysprivate4 libkscreensaver5 libksgrd4 libkwineffects1 libkwinnvidiahack4 libkworkspace4 libplasma2 libplasmaclock4 libprocesscore4 libprocessui4 libsolidcontrol4 libsolidcontrolifaces4 libtaskmanager4 libweather_ion4 Update: Wed Oct 22 13:40:22 2008 Importance: bugfix ID: MDVA-2008:156 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:156 %pre This update adds the auto-hide feature to the KDE4 desktop panel. %description This package contains the KDE 4 application workspace components. %package mandriva-kde-translation Update: Fri Oct 24 09:14:10 2008 Importance: bugfix ID: MDVA-2008:156-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:156-1 %pre This update adds the auto-hide feature to the KDE4 desktop panel. Update: MDVA-2008:156 was released missing the mandriva-kde-translation packages. This update fixes that. %description This package includes that translations that have been added on Mandriva KDE. %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Mon Oct 27 08:27:41 2008 Importance: security ID: MDVSA-2008:215 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:215 %pre A number of vulnerabilities were discovered in Wireshark that could cause it to crash or abort while processing malicious packets (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685). This update provides Wireshark 1.0.4, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package curl curl-examples libcurl4 libcurl-devel Update: Mon Oct 27 12:54:49 2008 Importance: bugfix ID: MDVA-2008:159 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:159 %pre An idiosyncratic feature of the Turkish language is that the letter 'i' in Turkish is not the lower-case version of the letter 'I'. This issue breaks standard POSIX string case comparison on strings containing the character 'i'. This issue affected the curl package shipped with Mandriva Linux 2009, which ultimately caused it to be incapable of handling URIs of the form file:///somefile in Turkish locales. In turn, curl is used by webkit, which is used by the Mandriva Linux Control Center, ultimately resulting in the Control Center not rendering icons in its user interface when run in Turkish locales. The bug likely also has other implications for curl-based applications in Turkish locales. The fixed package includes a fix for this issue, so that curl will correctly handle file:///somefile URIs in Turkish locales. As a consequence, the Mandriva Linux Control Center now properly renders icons in Turkish locales. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with SSL (https) support. %package mandriva-doc-common mandriva-doc-Drakxtools-Guide-en mandriva-doc-Drakxtools-Guide-fr mandriva-doc-Drakxtools-Guide-pt_br mandriva-doc-installer-help mandriva-doc-Introducing-en mandriva-doc-Introducing-fr mandriva-doc-Introducing-pt_br mandriva-doc-Mastering-Manual-en mandriva-doc-Mastering-Manual-fr Update: Mon Oct 27 17:40:40 2008 Importance: normal ID: MDVA-2008:160 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:160 %pre This update of the Mandriva Linux 2009 documentation provides a major update to the french release. %description This package contains some useful documentation for Mandriva Linux systems. This documentation is directly accessible through the menus. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird-beagle Update: Tue Oct 28 09:06:04 2008 Importance: normal ID: MDVA-2008:161 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:161 %pre Beagle's Mozilla Thunderbird extension was not built for the correct version of Mozilla Thunderbird. This update builds it against the correct version so the extension is made available in Mozilla Thunderbird. %description Beagle is an indexing sub-system and search aggregator built on top of Lucene.Net. It can index your files, mailboxes, your web browsing behaviour and other things. %package lynx Update: Tue Oct 28 11:58:31 2008 Importance: security ID: MDVSA-2008:218 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 %pre A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode (CVE-2008-4690). This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted. %description This a terminal based WWW browser. While it does not make any attempt at displaying graphics, it has good support for HTML text formatting, forms, and tables. This version includes support for SSL encryption. WARNING: In some countries, it is illegal to export this package. In some countries, it may even be illegal to use it. %package mencoder mplayer mplayer-doc mplayer-gui Update: Wed Oct 29 14:04:48 2008 Importance: security ID: MDVSA-2008:219 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:219 %pre A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer (CVE-2008-0073). Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These vulnerabilities could allow an attacker to cause a crash or possibly execute arbitrary code by supplying a malicious crafted video file (CVE-2008-3827). The updated packages have been patched to fix these issues. Note that CVE-2008-3827 was already corrected in the Mandriva Linux 2009 packages. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer10GOLD/codecs %package aria2 gurpmi mdkonline perl-URPM rpmdrake urpmi urpmi-ldap urpmi-parallel-ka-run urpmi-parallel-ssh urpmi-recover Update: Thu Oct 30 11:21:55 2008 Importance: bugfix ID: MDVA-2008:163 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:163 %pre This update ensures that the distribution upgrade notification is not detected in incorrect cases, and ensures that a distribution upgrade is only suggested after all security updates have been applied. It also improves the distribution upgrade confirmation dialog and reliability of network package installation. %description urpmi is Mandriva Linux's console-based software installation tool. You can use it to install software from the console in the same way as you use the graphical Install Software tool (rpmdrake) to install software from the desktop. urpmi will follow package dependencies -- in other words, it will install all the other software required by the software you ask it to install -- and it's capable of obtaining packages from a variety of media, including the Mandriva Linux installation CD-ROMs, your local hard disk, and remote sources such as web or FTP sites. %package gnome-power-manager Update: Thu Oct 30 18:59:23 2008 Importance: bugfix ID: MDVA-2008:165 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:165 %pre Some button press events where handled two times because they were reported both by X and by Hal. This update adds some code to detect them and ignore the duplicate events. This update also adds a gconf key /schemas/apps/gnome-power-manager/general/logout_command to allow using gnome-power-manager outside gnome session. %description GNOME Power Manager uses the information and facilities provided by HAL displaying icons and handling user callbacks in an interactive GNOME session. GNOME Power Preferences allows authorised users to set policy and change preferences. %package dkms-libafs libopenafs1 libopenafs-devel openafs openafs-client openafs-doc openafs-server Update: Thu Oct 30 20:48:11 2008 Importance: bugfix ID: MDVA-2008:166 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:166 %pre Openafs 1.4.7, included in Mandriva Linux 2009.0, doesn't support kernels >= 2.6.26. As a result, the dkms module doesn't build because of interface changes. This update corrects the problem. %description AFS is a distributed filesystem allowing cross-platform sharing of files among multiple computers. Facilities are provided for access control, authentication, backup and administrative management. This package provides common files shared across all the various OpenAFS packages but are not necessarily tied to a client or server. %package alsa_raoppcm-kernel-2.6.27.4-desktop-1mnb alsa_raoppcm-kernel-2.6.27.4-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.4-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.4-desktop-1mnb drm-experimental-kernel-2.6.27.4-desktop586-1mnb drm-experimental-kernel-2.6.27.4-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.4-desktop-1mnb et131x-kernel-2.6.27.4-desktop586-1mnb et131x-kernel-2.6.27.4-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.4-desktop-1mnb fcpci-kernel-2.6.27.4-desktop586-1mnb fcpci-kernel-2.6.27.4-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.4-desktop-1mnb fglrx-kernel-2.6.27.4-desktop586-1mnb fglrx-kernel-2.6.27.4-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.4-desktop-1mnb gnbd-kernel-2.6.27.4-desktop586-1mnb gnbd-kernel-2.6.27.4-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.4-desktop-1mnb hcfpcimodem-kernel-2.6.27.4-desktop586-1mnb hcfpcimodem-kernel-2.6.27.4-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.4-desktop-1mnb hsfmodem-kernel-2.6.27.4-desktop586-1mnb hsfmodem-kernel-2.6.27.4-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.4-desktop-1mnb hso-kernel-2.6.27.4-desktop586-1mnb hso-kernel-2.6.27.4-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.4-desktop-1mnb iscsitarget-kernel-2.6.27.4-desktop586-1mnb iscsitarget-kernel-2.6.27.4-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.4-1mnb kernel-desktop-2.6.27.4-1mnb kernel-desktop586-2.6.27.4-1mnb kernel-desktop586-devel-2.6.27.4-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.4-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.4-1mnb kernel-server-devel-2.6.27.4-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.4-1mnb kernel-source-latest kqemu-kernel-2.6.27.4-desktop-1mnb kqemu-kernel-2.6.27.4-desktop586-1mnb kqemu-kernel-2.6.27.4-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.4-desktop-1mnb lirc-kernel-2.6.27.4-desktop586-1mnb lirc-kernel-2.6.27.4-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.4-desktop-1mnb lzma-kernel-2.6.27.4-desktop586-1mnb lzma-kernel-2.6.27.4-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.4-desktop-1mnb madwifi-kernel-2.6.27.4-desktop586-1mnb madwifi-kernel-2.6.27.4-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.4-desktop-1mnb nvidia173-kernel-2.6.27.4-desktop586-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.4-desktop-1mnb nvidia71xx-kernel-2.6.27.4-desktop586-1mnb nvidia71xx-kernel-2.6.27.4-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.4-desktop-1mnb nvidia96xx-kernel-2.6.27.4-desktop586-1mnb nvidia96xx-kernel-2.6.27.4-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.4-desktop-1mnb nvidia-current-kernel-2.6.27.4-desktop586-1mnb nvidia-current-kernel-2.6.27.4-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.4-desktop-1mnb omfs-kernel-2.6.27.4-desktop586-1mnb omfs-kernel-2.6.27.4-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.4-desktop-1mnb omnibook-kernel-2.6.27.4-desktop586-1mnb omnibook-kernel-2.6.27.4-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.4-desktop-1mnb opencbm-kernel-2.6.27.4-desktop586-1mnb opencbm-kernel-2.6.27.4-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.4-desktop-1mnb ov51x-jpeg-kernel-2.6.27.4-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.4-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.4-desktop-1mnb qc-usb-kernel-2.6.27.4-desktop586-1mnb qc-usb-kernel-2.6.27.4-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.4-desktop-1mnb rt2860-kernel-2.6.27.4-desktop586-1mnb rt2860-kernel-2.6.27.4-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.4-desktop-1mnb rt2870-kernel-2.6.27.4-desktop586-1mnb rt2870-kernel-2.6.27.4-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.4-desktop-1mnb rtl8187se-kernel-2.6.27.4-desktop586-1mnb rtl8187se-kernel-2.6.27.4-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.4-desktop-1mnb slmodem-kernel-2.6.27.4-desktop586-1mnb slmodem-kernel-2.6.27.4-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.4-desktop-1mnb squashfs-lzma-kernel-2.6.27.4-desktop586-1mnb squashfs-lzma-kernel-2.6.27.4-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.4-desktop-1mnb tp_smapi-kernel-2.6.27.4-desktop586-1mnb tp_smapi-kernel-2.6.27.4-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.4-desktop-1mnb vboxadd-kernel-2.6.27.4-desktop586-1mnb vboxadd-kernel-2.6.27.4-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.4-desktop-1mnb vboxvfs-kernel-2.6.27.4-desktop586-1mnb vboxvfs-kernel-2.6.27.4-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.4-desktop-1mnb vhba-kernel-2.6.27.4-desktop586-1mnb vhba-kernel-2.6.27.4-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.4-desktop-1mnb virtualbox-kernel-2.6.27.4-desktop586-1mnb virtualbox-kernel-2.6.27.4-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.4-desktop-1mnb vpnclient-kernel-2.6.27.4-desktop586-1mnb vpnclient-kernel-2.6.27.4-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Tue Nov 04 13:20:02 2008 Importance: security ID: MDVSA-2008:224 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:224 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. (CVE-2008-3528) The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. (CVE-2008-3831) The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. (CVE-2008-4554) Additionaly, a problem with TCP options ordering, which could manifest as connection problems with many websites (bug #43372), was solved, a number of fixes for Intel HDA were added, another number of fixes for issues on Asus EEE PC, Panasonic Let's Note, Acer One, Dell XPS, and others, were also added. Check package changelog for more information. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package libnet-snmp15 libnet-snmp-devel libnet-snmp-static-devel net-snmp net-snmp-mibs net-snmp-tkmib net-snmp-trapd net-snmp-utils perl-NetSNMP Update: Wed Nov 05 10:16:28 2008 Importance: security ID: MDVSA-2008:225 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:225 %pre A denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially-crafted request which would cause snmpd to crash (CVE-2008-4309). Please note that for this to be successfully exploited, an attacker must have read access to the SNMP server. By default, the public community name grants read-only access, however it is recommended that the default community name be changed in production. The updated packages have been patched to correct this issue. %description SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. %package alsa_raoppcm-kernel-2.6.27.4-desktop-2mnb alsa_raoppcm-kernel-2.6.27.4-desktop586-2mnb alsa_raoppcm-kernel-2.6.27.4-server-2mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.4-desktop-2mnb drm-experimental-kernel-2.6.27.4-desktop586-2mnb drm-experimental-kernel-2.6.27.4-server-2mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.4-desktop-2mnb et131x-kernel-2.6.27.4-desktop586-2mnb et131x-kernel-2.6.27.4-server-2mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.4-desktop-2mnb fcpci-kernel-2.6.27.4-desktop586-2mnb fcpci-kernel-2.6.27.4-server-2mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.4-desktop-2mnb fglrx-kernel-2.6.27.4-desktop586-2mnb fglrx-kernel-2.6.27.4-server-2mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.4-desktop-2mnb gnbd-kernel-2.6.27.4-desktop586-2mnb gnbd-kernel-2.6.27.4-server-2mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.4-desktop-2mnb hcfpcimodem-kernel-2.6.27.4-desktop586-2mnb hcfpcimodem-kernel-2.6.27.4-server-2mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.4-desktop-2mnb hsfmodem-kernel-2.6.27.4-desktop586-2mnb hsfmodem-kernel-2.6.27.4-server-2mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.4-desktop-2mnb hso-kernel-2.6.27.4-desktop586-2mnb hso-kernel-2.6.27.4-server-2mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.4-desktop-2mnb iscsitarget-kernel-2.6.27.4-desktop586-2mnb iscsitarget-kernel-2.6.27.4-server-2mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.4-2mnb kernel-desktop-2.6.27.4-2mnb kernel-desktop586-2.6.27.4-2mnb kernel-desktop586-devel-2.6.27.4-2mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.4-2mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.4-2mnb kernel-server-devel-2.6.27.4-2mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.4-2mnb kernel-source-latest kqemu-kernel-2.6.27.4-desktop-2mnb kqemu-kernel-2.6.27.4-desktop586-2mnb kqemu-kernel-2.6.27.4-server-2mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.4-desktop-2mnb lirc-kernel-2.6.27.4-desktop586-2mnb lirc-kernel-2.6.27.4-server-2mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.4-desktop-2mnb lzma-kernel-2.6.27.4-desktop586-2mnb lzma-kernel-2.6.27.4-server-2mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.4-desktop-2mnb madwifi-kernel-2.6.27.4-desktop586-2mnb madwifi-kernel-2.6.27.4-server-2mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.4-desktop-2mnb nvidia173-kernel-2.6.27.4-desktop586-2mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.4-desktop-2mnb nvidia71xx-kernel-2.6.27.4-desktop586-2mnb nvidia71xx-kernel-2.6.27.4-server-2mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.4-desktop-2mnb nvidia96xx-kernel-2.6.27.4-desktop586-2mnb nvidia96xx-kernel-2.6.27.4-server-2mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.4-desktop-2mnb nvidia-current-kernel-2.6.27.4-desktop586-2mnb nvidia-current-kernel-2.6.27.4-server-2mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.4-desktop-2mnb omfs-kernel-2.6.27.4-desktop586-2mnb omfs-kernel-2.6.27.4-server-2mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.4-desktop-2mnb omnibook-kernel-2.6.27.4-desktop586-2mnb omnibook-kernel-2.6.27.4-server-2mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.4-desktop-2mnb opencbm-kernel-2.6.27.4-desktop586-2mnb opencbm-kernel-2.6.27.4-server-2mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.4-desktop-2mnb ov51x-jpeg-kernel-2.6.27.4-desktop586-2mnb ov51x-jpeg-kernel-2.6.27.4-server-2mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.4-desktop-2mnb qc-usb-kernel-2.6.27.4-desktop586-2mnb qc-usb-kernel-2.6.27.4-server-2mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.4-desktop-2mnb rt2860-kernel-2.6.27.4-desktop586-2mnb rt2860-kernel-2.6.27.4-server-2mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.4-desktop-2mnb rt2870-kernel-2.6.27.4-desktop586-2mnb rt2870-kernel-2.6.27.4-server-2mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.4-desktop-2mnb rtl8187se-kernel-2.6.27.4-desktop586-2mnb rtl8187se-kernel-2.6.27.4-server-2mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.4-desktop-2mnb slmodem-kernel-2.6.27.4-desktop586-2mnb slmodem-kernel-2.6.27.4-server-2mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.4-desktop-2mnb squashfs-lzma-kernel-2.6.27.4-desktop586-2mnb squashfs-lzma-kernel-2.6.27.4-server-2mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.4-desktop-2mnb tp_smapi-kernel-2.6.27.4-desktop586-2mnb tp_smapi-kernel-2.6.27.4-server-2mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.4-desktop-2mnb vboxadd-kernel-2.6.27.4-desktop586-2mnb vboxadd-kernel-2.6.27.4-server-2mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.4-desktop-2mnb vboxvfs-kernel-2.6.27.4-desktop586-2mnb vboxvfs-kernel-2.6.27.4-server-2mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.4-desktop-2mnb vhba-kernel-2.6.27.4-desktop586-2mnb vhba-kernel-2.6.27.4-server-2mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.4-desktop-2mnb virtualbox-kernel-2.6.27.4-desktop586-2mnb virtualbox-kernel-2.6.27.4-server-2mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.4-desktop-2mnb vpnclient-kernel-2.6.27.4-desktop586-2mnb vpnclient-kernel-2.6.27.4-server-2mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Fri Nov 07 07:54:24 2008 Importance: security ID: MDVSA-2008:224-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:224-1 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. (CVE-2008-3528) The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. (CVE-2008-3831) The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. (CVE-2008-4554) Additionaly, a problem with TCP options ordering, which could manifest as connection problems with many websites (bug #43372), was solved, a number of fixes for Intel HDA were added, another number of fixes for issues on Asus EEE PC, Panasonic Let's Note, Acer One, Dell XPS, and others, were also added. Check package changelog for more information. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Update: The previous update included a patch which introduced a bug that would make the boot process to stop halfway in several machines. That patch has been removed in this new update, to avoid that problem. %description %package libltdl3 libltdl3-devel libtool libtool-base Update: Fri Nov 07 15:27:11 2008 Importance: bugfix ID: MDVA-2008:167 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:167 %pre The libtool package shipped with Mandriva Linux 2009 was built with an older version of GCC, and was built in a such a way that it depended on the specific version of GCC it was built with when linking against GCC internals. The updated package is built with the current GCC in Mandriva Linux 2009, and has also been changed so it does not depend on a specific version of GCC. %description The libtool package contains the GNU libtool, a set of shell scripts which automatically configure UNIX and UNIX-like architectures to generically build shared libraries. Libtool provides a consistent, portable interface which simplifies the process of using shared libraries. If you are developing programs which will use shared libraries, you should install libtool. %package sound-scripts Update: Fri Nov 07 15:35:15 2008 Importance: bugfix ID: MDVA-2008:168 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:168 %pre The sound initialization scripts provided with Mandriva Linux 2009 activate the Analog Loopback channel when it is present. This channel is present on most audio chipsets supported by the snd-hda-intel driver, which are commonly used on recent systems. When active, this channel plays back the sound received by the line-in and mic-in channels. If nothing is actually connected to these channels, this can result in an unpleasant loud noise over the speakers or headphones connected to the line-out or speaker-out connector. This update adjusts the sound initialization scripts to mute this channel by default. Unfortunately, this change will not be applied automatically on already-installed systems, as existing settings are automatically stored at shutdown and re-applied at startup on Mandriva Linux. If you are suffering from this issue, then you can run the command 'reset_sound' as root after installing this update, and it should resolve the issue. Alternatively, you can simply disable / mute the Analog Loopback channel yourself, using a mixer application. %description The sound-scripts package contains the basic system scripts used: - to setup default sound mixer on first boot - save sound mixer level on shutdown - restore sound mixer on bootstrapping %package gnutls libgnutls26 libgnutls-devel Update: Wed Nov 12 16:24:13 2008 Importance: security ID: MDVSA-2008:227 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:227 %pre Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates (CVE-2008-4989). The updated packages have been patched to correct this issue. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package f-spot f-spot-beagle Update: Fri Nov 14 10:05:38 2008 Importance: bugfix ID: MDVA-2008:169 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:169 %pre f-spot as released with Mandriva Linux 2009.0 presented a misleading dialog when connecting a digital camera. It could also potentially hang when upgrading its database from an earlier version. This update fixes both problems. %description F-Spot is a full-featured personal photo management application for the GNOME desktop. Features: * Simple user interface * Photo editor * Color adjustments * Tag icon editor * Create photo cd * Export to web %package alsa-plugins-doc alsa-plugins-pulse-config libalsa-plugins libalsa-plugins-jack libalsa-plugins-pulseaudio Update: Fri Nov 14 10:08:35 2008 Importance: bugfix ID: MDVA-2008:170 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:170 %pre The version of alsa-plugins provided with Mandriva Linux 2009.0 fails when trying to record sound via alsa using pulseaudio. This updated package contains an upstream patch to fix this bug. %description Advanced Linux Sound Architecture (ALSA) utilities. Modularized architecture with support for a large range of ISA and PCI cards. Fully compatible with OSS/Lite (kernel sound drivers), but contains many enhanced features. This is the plugins package, which allows you to manipulate ALSA settings. %package clamav clamav-db clamd libclamav5 libclamav-devel Update: Fri Nov 14 11:35:10 2008 Importance: security ID: MDVSA-2008:229 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:229 %pre An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file (CVE-2008-5050). Other bugs have also been corrected in 0.94.1 which is being provided with this update. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package gnutls libgnutls26 libgnutls-devel Update: Mon Nov 17 12:39:47 2008 Importance: security ID: MDVSA-2008:227-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:227-1 %pre Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates (CVE-2008-4989). Update: It was found that the previously-published patch to correct this issue caused a regression when dealing with self-signed certificates. An updated patch that fixes the security issue and resolves the regression issue has been applied to these packages. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-thunderbird-beagle xulrunner yelp Update: Mon Nov 17 16:00:36 2008 Importance: security ID: MDVSA-2008:230 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.4 (CVE-2008-0017, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024). This update provides the latest Mozilla Firefox 3.x to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package libxml2_2 libxml2-devel libxml2-python libxml2-utils Update: Tue Nov 18 14:38:15 2008 Importance: security ID: MDVSA-2008:231 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:231 %pre Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop (CVE-2008-4225). The second is an integer overflow that caused a heap-based buffer overflow in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it could cause the application to crash or possibly execute arbitrary code (CVE-2008-4226). The updated packages have been patched to correct these issues. %description This library allows you to manipulate XML files. It includes support for reading, modifying and writing XML and HTML files. There is DTDs support: this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM-like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to a URI library. %package dovecot dovecot-devel dovecot-plugins-gssapi dovecot-plugins-ldap Update: Wed Nov 19 10:59:16 2008 Importance: security ID: MDVSA-2008:232 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:232 %pre The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions (CVE-2008-4577). The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes (CVE-2008-4578). In addition, two bugs were discovered in the dovecot package shipped with Mandriva Linux 2009.0. The default permissions on the dovecot.conf configuration file were too restrictive, which prevents the use of dovecot's 'deliver' command as a non-root user. Secondly, dovecot should not start until after ntpd, if ntpd is active, because if ntpd corrects the time backwards while dovecot is running, dovecot will quit automatically, with the log message 'Time just moved backwards by X seconds. This might cause a lot of problems, so I'll just kill myself now.' The update resolves both these problems. The default permissions on dovecot.conf now allow the 'deliver' command to read the file. Note that if you edited dovecot.conf at all prior to installing the update, the new permissions may not be applied. If you find the 'deliver' command still does not work following the update, please run these commands as root: # chmod 0640 /etc/dovecot.conf # chown root:mail /etc/dovecot.conf Dovecot's initialization script now configures it to start after the ntpd service, to ensure ntpd resetting the clock does not interfere with Dovecot operation. This package corrects the above-noted bugs and security issues by upgrading to the latest dovecot 1.1.6, which also provides additional bug fixes. %description Dovecot is an IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Although it's written with C, it uses several coding techniques to avoid most of the common pitfalls. Dovecot can work with standard mbox and maildir formats and it's fully compatible with UW-IMAP and Courier IMAP servers as well as mail clients accessing the mailboxes directly. You can build dovecot with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] gssapi GSSAPI support (enabled) --with[out] ldap LDAP support (enabled) --with[out] lucene Lucene support (enabled) --with[out] mysql MySQL support (enabled) --with[out] pgsql PostgreSQL support (enabled) --with[out] sasl Cyrus SASL 2 library support (enabled) %package kbd Update: Wed Nov 19 14:50:12 2008 Importance: bugfix ID: MDVA-2008:174 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:174 %pre This update fixes errors in be-latin1, be2-latin1, ro-comma, ro-academic, and gr-utf8 keymaps, shipped on Mandriva Linux 2008 Spring and Mandriva Linux 2009. %description This package contains utilities to load console fonts and keyboard maps. It also includes a number of different fonts and keyboard maps. %package gurpmi urpmi urpmi-ldap urpmi-parallel-ka-run urpmi-parallel-ssh urpmi-recover Update: Wed Nov 19 16:04:50 2008 Importance: bugfix ID: MDVA-2008:175 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:175 %pre Since version 6.14.9 Urpmi would spontaneously un-ignore any updated medias. This update fixes that regression. %description urpmi is Mandriva Linux's console-based software installation tool. You can use it to install software from the console in the same way as you use the graphical Install Software tool (rpmdrake) to install software from the desktop. urpmi will follow package dependencies -- in other words, it will install all the other software required by the software you ask it to install -- and it's capable of obtaining packages from a variety of media, including the Mandriva Linux installation CD-ROMs, your local hard disk, and remote sources such as web or FTP sites. %package mdadm Update: Wed Nov 19 16:19:59 2008 Importance: bugfix ID: MDVA-2008:176 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:176 %pre mdadm would crash during bootup when trying to activate several raid10 devices, dropping the system in maintenance mode, where you had to manually reactivate the missing raid10 sets in order to continue the boot. The updated mdadm fixes this issue, allowing systems with raid10 to boot normally. %description mdadm is a program that can be used to create, manage, and monitor Linux MD (Software RAID) devices. As such is provides similar functionality to the raidtools packages. The particular differences to raidtools is that mdadm is a single program, and it can perform (almost) all functions without a configuration file (that a config file can be used to help with some common tasks). %package libcdaudio1 libcdaudio1-devel Update: Thu Nov 20 11:40:17 2008 Importance: security ID: MDVSA-2008:233 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:233 %pre A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. %description libcdaudio is a library for controlling CD-ROM devices %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-beagle mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Fri Nov 21 12:52:39 2008 Importance: security ID: MDVSA-2008:235 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.18 (CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5052). This update provides the latest Thunderbird to correct these issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package alsa_raoppcm-kernel-2.6.27.5-desktop-2mnb alsa_raoppcm-kernel-2.6.27.5-desktop586-2mnb alsa_raoppcm-kernel-2.6.27.5-server-2mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.5-desktop-2mnb drm-experimental-kernel-2.6.27.5-desktop586-2mnb drm-experimental-kernel-2.6.27.5-server-2mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.5-desktop-2mnb et131x-kernel-2.6.27.5-desktop586-2mnb et131x-kernel-2.6.27.5-server-2mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.5-desktop-2mnb fcpci-kernel-2.6.27.5-desktop586-2mnb fcpci-kernel-2.6.27.5-server-2mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.5-desktop-2mnb fglrx-kernel-2.6.27.5-desktop586-2mnb fglrx-kernel-2.6.27.5-server-2mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.5-desktop-2mnb gnbd-kernel-2.6.27.5-desktop586-2mnb gnbd-kernel-2.6.27.5-server-2mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.5-desktop-2mnb hcfpcimodem-kernel-2.6.27.5-desktop586-2mnb hcfpcimodem-kernel-2.6.27.5-server-2mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.5-desktop-2mnb hsfmodem-kernel-2.6.27.5-desktop586-2mnb hsfmodem-kernel-2.6.27.5-server-2mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.5-desktop-2mnb hso-kernel-2.6.27.5-desktop586-2mnb hso-kernel-2.6.27.5-server-2mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.5-desktop-2mnb iscsitarget-kernel-2.6.27.5-desktop586-2mnb iscsitarget-kernel-2.6.27.5-server-2mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.5-2mnb kernel-desktop-2.6.27.5-2mnb kernel-desktop586-2.6.27.5-2mnb kernel-desktop586-devel-2.6.27.5-2mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.5-2mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.5-2mnb kernel-server-devel-2.6.27.5-2mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.5-2mnb kernel-source-latest kqemu-kernel-2.6.27.5-desktop-2mnb kqemu-kernel-2.6.27.5-desktop586-2mnb kqemu-kernel-2.6.27.5-server-2mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.5-desktop-2mnb lirc-kernel-2.6.27.5-desktop586-2mnb lirc-kernel-2.6.27.5-server-2mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.5-desktop-2mnb lzma-kernel-2.6.27.5-desktop586-2mnb lzma-kernel-2.6.27.5-server-2mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.5-desktop-2mnb madwifi-kernel-2.6.27.5-desktop586-2mnb madwifi-kernel-2.6.27.5-server-2mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.5-desktop-2mnb nvidia173-kernel-2.6.27.5-desktop586-2mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.5-desktop-2mnb nvidia71xx-kernel-2.6.27.5-desktop586-2mnb nvidia71xx-kernel-2.6.27.5-server-2mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.5-desktop-2mnb nvidia96xx-kernel-2.6.27.5-desktop586-2mnb nvidia96xx-kernel-2.6.27.5-server-2mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.5-desktop-2mnb nvidia-current-kernel-2.6.27.5-desktop586-2mnb nvidia-current-kernel-2.6.27.5-server-2mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.5-desktop-2mnb omfs-kernel-2.6.27.5-desktop586-2mnb omfs-kernel-2.6.27.5-server-2mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.5-desktop-2mnb omnibook-kernel-2.6.27.5-desktop586-2mnb omnibook-kernel-2.6.27.5-server-2mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.5-desktop-2mnb opencbm-kernel-2.6.27.5-desktop586-2mnb opencbm-kernel-2.6.27.5-server-2mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.5-desktop-2mnb ov51x-jpeg-kernel-2.6.27.5-desktop586-2mnb ov51x-jpeg-kernel-2.6.27.5-server-2mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.5-desktop-2mnb qc-usb-kernel-2.6.27.5-desktop586-2mnb qc-usb-kernel-2.6.27.5-server-2mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.5-desktop-2mnb rt2860-kernel-2.6.27.5-desktop586-2mnb rt2860-kernel-2.6.27.5-server-2mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.5-desktop-2mnb rt2870-kernel-2.6.27.5-desktop586-2mnb rt2870-kernel-2.6.27.5-server-2mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.5-desktop-2mnb rtl8187se-kernel-2.6.27.5-desktop586-2mnb rtl8187se-kernel-2.6.27.5-server-2mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.5-desktop-2mnb slmodem-kernel-2.6.27.5-desktop586-2mnb slmodem-kernel-2.6.27.5-server-2mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.5-desktop-2mnb squashfs-lzma-kernel-2.6.27.5-desktop586-2mnb squashfs-lzma-kernel-2.6.27.5-server-2mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.5-desktop-2mnb tp_smapi-kernel-2.6.27.5-desktop586-2mnb tp_smapi-kernel-2.6.27.5-server-2mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.5-desktop-2mnb vboxadd-kernel-2.6.27.5-desktop586-2mnb vboxadd-kernel-2.6.27.5-server-2mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.5-desktop-2mnb vboxvfs-kernel-2.6.27.5-desktop586-2mnb vboxvfs-kernel-2.6.27.5-server-2mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.5-desktop-2mnb vhba-kernel-2.6.27.5-desktop586-2mnb vhba-kernel-2.6.27.5-server-2mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.5-desktop-2mnb virtualbox-kernel-2.6.27.5-desktop586-2mnb virtualbox-kernel-2.6.27.5-server-2mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.5-desktop-2mnb vpnclient-kernel-2.6.27.5-desktop586-2mnb vpnclient-kernel-2.6.27.5-server-2mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest x11-driver-video-intel x11-driver-video-intel-fast-i830 Update: Fri Nov 21 15:14:38 2008 Importance: security ID: MDVSA-2008:234 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:234 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. (CVE-2008-4933) The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. (CVE-2008-4934) The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. (CVE-2008-5029) Additionaly, support for a broadcom bluetooth dongle was added to btusb driver, an eeepc shutdown hang caused by snd-hda-intel was fixed, a Realtek auto-mute bug was fixed, the pcspkr driver was reenabled, and more. Check the changelog and related bugs for more details. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description x11-driver-video-intel is the X.org driver for Intel video chipsets. %package openvpn Update: Fri Nov 21 16:49:40 2008 Importance: bugfix ID: MDVA-2008:178 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:178 %pre The OpenVPN package that shipped with Mandriva Linux 2009.0 does not come with pkcs11 support, which meant that pkcs11 could not be used together with OpenVPN. This updated package fixes this problem. %description OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP port. This package contains the auth-ldap plugin %package gstreamer0.10-a52dec gstreamer0.10-cdio gstreamer0.10-mpeg gstreamer0.10-plugins-ugly gstreamer0.10-sid Update: Tue Nov 25 10:14:50 2008 Importance: bugfix ID: MDVA-2008:181 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:181 %pre A bug in the ASF demuxer in gstreamer0.10-plugins-ugly prevented video players like Totem from seeking in WMV files, causing an error message Internal data stream error. This updated package contains a patch fixing this problem. %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of plug-ins that have good quality and correct functionality, but distributing them might pose problems. The license on either the plug-ins or the supporting libraries might not be how the GStreamer authors like. The code might be widely known to present patent problems. %package evince libevince0 libevince-devel Update: Tue Nov 25 10:25:50 2008 Importance: bugfix ID: MDVA-2008:182 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:182 %pre Evince would sometimes crash when searching in a PDF document. This update fixes the bug. %description Evince is the GNOME Document viewer. Its supports PDF, PostScript and other formats. %package live live-devel Update: Tue Nov 25 18:17:55 2008 Importance: bugfix ID: MDVA-2008:183 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:183 %pre Live, as shipped with Mandriva Linux 2009.0, was missing the main executable: live555MediaServer. This update provides the program. %description This code forms a set of C++ libraries for multimedia streaming, using open standard protocols (RTP/RTCP, RTSP, SIP). These libraries - which can be compiled for Unix (including Linux and Mac OS X), Windows, and QNX (and other POSIX-compliant systems) - can be used to build streaming applications. This package contains the example apps of LIVE555. %package kdevelop kdevelop-doc libkdevelop3 libkdevelop-devel Update: Tue Nov 25 19:43:44 2008 Importance: bugfix ID: MDVA-2008:184 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:184 %pre KDevelop as shipped in Mandriva Linux 2009.0 contains a build time bug, which led to subversion support not being correctly compiled. As a result, it was not possible to use subversion as the version control system for projects in KDevelop. The updated package fixes this problem. %description The KDevelop Integrated Development Environment provides many features that developers need as well as providing a unified interface to programs like gdb, the C/C++ compiler, and make. KDevelop manages or provides: * All development tools needed for C++ programming like Compiler, Linker, automake and autoconf * KAppWizard, which generates complete, ready-to-go sample applications * Classgenerator, for creating new classes and integrating them into the current project * File management for sources, headers, documentation etc. to be included in the project * The creation of User-Handbooks written with SGML and the automatic generation of HTML-output with the KDE look and feel * Automatic HTML-based API-documentation for your project's classes with cross-references to the used libraries; Internationalization support for your application, allowing translators to easily add their target language to a project * WYSIWYG (What you see is what you get) creation of user interfaces with a built-in dialog editor * Debugging your application by integrating KDbg * Editing of project-specific pixmaps with KIconEdit * The inclusion of any other program you need for development by adding it to the "Tools" menu according to your individual needs. %package akregator amarok amarok-scripts amor ark blinken bovo cervisia dolphin dragonplayer gwenview juk kaddressbook kalarm kalgebra kalzium kamera kanagram kappfinder kapptemplate kate katomic kbattleship kblackbox kblocks kbounce kbreakout kbruch kbugbuster kcachegrind kcalc kcharselect kcolorchooser kcron kde4-audiocd kde4-filesharing kde4-l10n-bg kde4-l10n-ca kde4-l10n-cs kde4-l10n-csb kde4-l10n-da kde4-l10n-de kde4-l10n-el kde4-l10n-en_GB kde4-l10n-eo kde4-l10n-es kde4-l10n-et kde4-l10n-fi kde4-l10n-fr kde4-l10n-fy kde4-l10n-ga kde4-l10n-gl kde4-l10n-hi kde4-l10n-hu kde4-l10n-it kde4-l10n-ja kde4-l10n-kk kde4-l10n-km kde4-l10n-ko kde4-l10n-ku kde4-l10n-lt kde4-l10n-lv kde4-l10n-mk kde4-l10n-ml kde4-l10n-nb kde4-l10n-nds kde4-l10n-nl kde4-l10n-nn kde4-l10n-pa kde4-l10n-pl kde4-l10n-pt kde4-l10n-pt_BR kde4-l10n-ru kde4-l10n-sl kde4-l10n-sr kde4-l10n-sv kde4-l10n-ta kde4-l10n-th kde4-l10n-tr kde4-l10n-uk kde4-l10n-wa kde4-l10n-zh_CN kde4-l10n-zh_TW kde4-lilo kde4-nsplugins kdeaccessibility4 kdeaccessibility4-core kdeaccessibility4-devel kdeadmin4 kdeartwork4 kdeartwork4-color-schemes kdeartwork4-core kdeartwork4-emoticons kdeartwork4-kscreensaver kdeartwork4-kwin-icewm-themes kdeartwork4-kworldclock kdeartwork4-sounds kdeartwork4-styles kdeartwork4-wallpapers kdebase4 kdebase4-devel kdebase4-runtime kdebase4-runtime-devel kdebase4-workspace kdebase4-workspace-devel kdeedu4 kdeedu4-core kdeedu4-devel kdegames4 kdegames4-core kdegames4-devel kdegraphics4 kdegraphics4-core kdegraphics4-devel kdelibs4-core kdelibs4-devel kdemultimedia4 kdemultimedia4-core kdemultimedia4-devel kdenetwork4 kdenetwork4-core kdenetwork4-devel kdepasswd kdepim4 kdepim4-akonadi kdepim4-core kdepim4-devel kdepim4-kresources kdepim4-wizards kdepimlibs4-core kdepimlibs4-devel kdeplasma-addons kdeplasma-addons-devel kdesdk4 kdesdk4-core kdesdk4-devel kdesdk4-po2xml kdesdk4-scripts kdesdk4-strigi-analyzer kdessh kdetoys4-devel kdeutils4 kdeutils4-core kdewebdev4-devel kdf kdialog kdiamond kdm kdnssd keditbookmarks kfilereplace kfind kfloppy kfourinline kgamma kgeography kget kgoldrunner kgpg khangman kig kimagemapeditor kinfocenter kipi-common kiriki kiten kjots kjumpingcube kleopatra klettres klines klinkstatus kmag kmahjongg kmail kmailcvt kmines kmix kmousetool kmouth kmplot kmtrace knetwalk knetworkconf knewsticker knode knotes kode kolf kollision kolourpaint kommander kompare konqueror konquest konsole kontact kopete korganizer kpat kpercentage kppp kppp-provider krdc kreversi krfb kruler ksame kscd kshisen ksirk ksnapshot kspaceduel ksquares kstars ksudoku ksystemlog kteatime ktimer ktimetracker ktouch kttsd ktuberling kturtle ktux kubrick kuiviewer kuser kwallet kwallet-daemon kweather kwordquiz kwrite kxsldbg libakonadi-kabc4 libakonadi-kcal4 libakonadi-kde4 libakonadi-kmime4 libakregatorinterfaces4 libakregatorprivate4 libamarok-devel libamaroklib1 libamarokplasma2 libamarokpud1 libamarok_taglib1 libanalitza4 libantlr4 libaudiocdplugins4 libavogadro-kalzium0 libcompoundviewer4 libdolphinprivate4 libgadu_kopete1 libgpgme++2 libgwenviewlib4 libgwsoap4 libimap4 libiris_kopete1 libkabc4 libkabc_file_core4 libkabc_groupdav4 libkabc_groupwise4 libkabckolab4 libkabcommon4 libkabcscalix4 libkabc_slox4 libkabc_xmlrpc4 libkabinterfaces4 libkaddressbookprivate4 libkalarm_resources4 libkateinterfaces4 libkaudiodevicelist4 libkblog4 libkcal4 libkcal_groupdav4 libkcal_groupwise4 libkcalkolab4 libkcal_resourceblog4 libkcal_resourcefeatureplan4 libkcal_resourceremote4 libkcalscalix4 libkcal_slox4 libkcal_xmlrpc4 libkcddb4 libkcompactdisc4 libkdcraw7 libkdcraw-common libkde3support4 libkdecorations4 libkdecore5 libkdeeduui4 libkdefakes5 libkdegames4 libkdepim4 libkdesu5 libkdeui5 libkdnssd4 libkeduvocdocument4 libkerfuffle4 libkexiv2_7 libkfile4 libkfontinst4 libkfontinstui4 libkgetcore4 libkggzgames4 libkggzmod4 libkggznet4 libkgroupwarebase4 libkgroupwaredav4 libkholidays4 libkhotkeysprivate4 libkhtml5 libkimap4 libkimproxy4 libkio5 libkipi5 libkiten4 libkjs4 libkjsapi4 libkjsembed4 libkldap4 libkleo4 libkleopatraclientcore4 libkleopatraclientgui4 libklinkstatuscommon4 libkmahjongglib4 libkmailprivate4 libkmediaplayer4 libkmime4 libknewstuff24 libknodecommon4 libknoteskolab4 libknotesscalix4 libknotes_xmlrpc4 libknotifyconfig4 libkntlm4 libkocorehelper4 libkode4 libkolfprivate4 libkolourpaint_lgpl4 libkommandercore4 libkommanderwidgets4 libkomparedialogpages4 libkomparediff24 libkompareinterface4 libkonq5 libkonqsidebarplugin4 libkonquerorprivate4 libkontactinterfaces4 libkontactprivate4 libkopete4 libkopeteaddaccountwizard1 libkopetechatwindow_shared1 libkopeteidentity1 libkopete_msn_shared4 libkopete_oscar4 libkopete_otr_shared1 libkopeteprivacy1 libkopetestatusmenu1 libkopete_videodevice4 libkorganizer_calendar4 libkorganizer_eventviewer4 libkorganizer_interfaces4 libkorganizerprivate4 libkorg_stdprinting4 libkparts4 libkpgp4 libkpimidentities4 libkpimutils4 libkpty4 libkresources4 libkrosscore4 libkrossui4 libksane0 libkschema4 libkschemawidgets4 libkscreensaver5 libksgrd4 libksieve4 libkslox4 libkstartperf4 libktexteditor4 libktnef4 libktrace4 libkttsd4 libkunittest4 libkutils4 libkwalletbackend4 libkwineffects1 libkwinnvidiahack4 libkworkspace4 libkxmlcommon4 libkxmlrpcclient4 libkyahoo1 liblancelot0 libmaildir4 libmailtransport4 libmarblewidget4 libmimelib4 libnepomuk4 liboktetacore4 liboktetagui4 libokularcore1 liboscar1 libplasma2 libplasmaappletdialog4 libplasmaclock4 libplasmacomicprovidercore1 libprocesscore4 libprocessui4 libqgpgme1 libSatLib4 libsbigudrv1 libschema4 libscience4 libsolid4 libsolidcontrol4 libsolidcontrolifaces4 libsuperkaramba4 libsyndication4 libtaskmanager4 libthreadweaver4 libweather_ion4 libwscl4 libwsdl4 lokalize lskat marble okteta okular oxygen-icon-theme parley phonon-xine plasma-applet-binaryclock plasma-applet-calculator plasma-applet-comic plasma-applet-dict plasma-applet-fifteenpuzzle plasma-applet-filewatcher plasma-applet-folderview plasma-applet-frame plasma-applet-fuzzy-clock plasma-applet-kolourpicker plasma-applet-konqprofiles plasma-applet-konsoleprofiles plasma-applet-lancelot plasma-applet-luna plasma-applet-notes plasma-applet-nowplaying plasma-applet-showdashboard plasma-applet-showdesktop plasma-applet-twitter plasma-dataengine-comic plasma-dataengine-twitter plasma-desktoptheme-aya plasma-desktoptheme-default plasma-desktoptheme-elegance plasma-desktoptheme-heron plasma-desktoptheme-silicon plasma-desktoptheme-slim-glow plasma-runner-contacts plasma-runner-converter quanta step superkaramba sweeper task-kde4 task-kde4-devel task-kde4-minimal umbrello Update: Fri Nov 28 13:13:32 2008 Importance: normal ID: MDVA-2008:185 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:185 %pre Mandriva Linux 2009.0 shipped with KDE 4.1.2. This update provides the full KDE 4.1.3 for Mandriva Linux 2009.0 which brings with it numerous enhancements and bugfixes. %description Software Development Kit for the K Desktop Environment. %package evolution evolution-data-server evolution-devel evolution-exchange evolution-mono evolution-pilot gtkhtml-3.14 libcamel14 libebackend0 libebook9 libecal7 libedata-book2 libedata-cal6 libedataserver11 libedataserver-devel libedataserverui8 libegroupwise13 libexchange-storage3 libgdata1 libgtkhtml-3.14_19 libgtkhtml-3.14-devel Update: Mon Dec 01 12:02:12 2008 Importance: bugfix ID: MDVA-2008:186 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:186 %pre Outgoing mails sent through the Evolution Exchange plugin were not always sent properly. Spell checking was not working properly when two different languages were enabled, causing all words to be detected as mistyped. Those bugs are fixed by this package updates, as well as massive performance improvements in IMAP handling, additional translations and many bug fixes from GNOME 2.24.2. %description GtkHTML is a HTML rendering/editing library. GtkHTML is not designed to be the ultimate HTML browser/editor: instead, it is designed to be easily embedded into applications that require lightweight HTML functionality. GtkHTML was originally based on KDE's KHTMLW widget, but is now developed independently of it. The most important difference between KHTMLW and GtkHTML, besides being GTK-based, is that GtkHTML is also an editor. Thanks to the Bonobo editor component that comes with the library, it's extremely simple to add HTML editing to an existing application. %package evolution evolution-devel evolution-mono evolution-pilot Update: Tue Dec 02 10:50:51 2008 Importance: bugfix ID: MDVA-2008:186-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:186-1 %pre Outgoing mails sent through the Evolution Exchange plugin were not always sent properly. Spell checking was not working properly when two different languages were enabled, causing all words to be detected as mistyped. Those bugs are fixed by this package updates, as well as massive performance improvements in IMAP handling, additional translations and many bug fixes from GNOME 2.24.2. Update: The previous update provided Evolution built against the wrong verion of the libcamel library, which would cause Evolution to segfault on startup.. This update corrects the problem. %description Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. %package vim-common vim-enhanced vim-minimal vim-X11 Update: Wed Dec 03 17:57:24 2008 Importance: security ID: MDVSA-2008:236 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 %pre Several vulnerabilities were found in the vim editor: A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712). Ulf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953). A flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074). A flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075). A number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076). A number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101). A vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677). This update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package kdewebdev4 kdewebdev4-devel kfilereplace kimagemapeditor klinkstatus kommander kxsldbg libklinkstatuscommon4 libkommandercore4 libkommanderwidgets4 quanta Update: Thu Dec 04 10:05:49 2008 Importance: bugfix ID: MDVA-2008:188 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:188 %pre The kdewebdev4 package shipped in Mandriva Linux 2009.0 contained several packaging bugs. One is that kfilereplace and kxsldbg had file conflicts on icons, and the other was that no meta package called 'kdewebdev4' was provided. The latter issue would cause kdewebdev4-devel to be installed when asking to install kdewebdev4. The updated packages fix these packaging bugs. %description A web editor for the KDE Desktop Environment %package bluez-utils bluez-utils-alsa bluez-utils-cups bluez-utils-gstreamer Update: Fri Dec 05 13:28:09 2008 Importance: bugfix ID: MDVA-2008:189 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:189 %pre An incorrect configuration was preventing PIN authentication for Bluetooth devices under GNOME and KDE4. This package updates fixes the issue. %description These are the official Bluetooth utilities for Linux. Warning: it is Highly recommanded to change your system Bluetooth PIN code in /etc/bluetooth/pin. %package debugmode drakx-net drakx-net-text initscripts libdrakx-net Update: Fri Dec 05 13:52:05 2008 Importance: bugfix ID: MDVA-2008:190 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:190 %pre This update adds support for ATM bridging in the network configuration tools and backend. It is mostly used for ADSL pppoe connections with USB modems (bug #35797). %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package clamav clamav-db clamd libclamav5 libclamav-devel Update: Fri Dec 05 16:22:59 2008 Importance: security ID: MDVSA-2008:239 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:239 %pre Ilja van Sprundel found that ClamAV contained a denial of service vulnerability in how it handled processing JPEG files, due to it not limiting the recursion depth when processing JPEG thumbnails (CVE-2008-5314). Other bugs have also been corrected in 0.94.2 which is being provided with this update. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package vim-common vim-enhanced vim-minimal vim-X11 Update: Mon Dec 08 16:18:52 2008 Importance: security ID: MDVSA-2008:236-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236-1 %pre Several vulnerabilities were found in the vim editor: A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712). Ulf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953). A flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074). A flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075). A number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076). A number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101). A vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677). This update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes. Update: The previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package enchant libenchant1 libenchant-devel Update: Tue Dec 09 08:50:15 2008 Importance: bugfix ID: MDVA-2008:191 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:191 %pre A bug in the enchant spell checker made several applications crash on startup. This update prevents the crashing. %description A library that wraps other spell checking backends. %package mandriva-release-common mandriva-release-Flash mandriva-release-Free mandriva-release-Mini mandriva-release-One mandriva-release-Powerpack Update: Tue Dec 09 08:52:55 2008 Importance: normal ID: MDVA-2008:192 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:192 %pre This update introduces a new mandriva-release-Mini package to be used for the Mandriva Mini flavor of the Mandriva Linux distribution. %description Mandriva Linux release file. %package kernel-headers Update: Tue Dec 09 09:39:05 2008 Importance: bugfix ID: MDVA-2008:193 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:193 %pre This update provides the latest headers exported by kernel 2.6.27.5-2mnb2 which includes a fix for building some samba versions. %description Kernel-headers includes the C header files from the Linux kernel. The header files define structures and constants that are needed for building most standard programs. %package compositing-wm-common libmetisse1 libmetisse-devel metisse metisse-fvwm x11-server-xmetisse Update: Tue Dec 09 09:40:53 2008 Importance: bugfix ID: MDVA-2008:194 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:194 %pre Metisse was not able to start properly when using KDE4 as the desktop environment. This package update fixes the issue. %description Metisse is an experimental X desktop with some OpenGL capacity. It consists of a virtual X server called Xmetisse, a special version of FVWM, and a FVWM module FvwmCompositor. %package timezone timezone-java Update: Tue Dec 09 10:34:23 2008 Importance: normal ID: MDVA-2008:195 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:195 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package vinagre Update: Wed Dec 10 10:53:33 2008 Importance: security ID: MDVSA-2008:240 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:240 %pre Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue. %description Vinagre is a VNC Client for the GNOME Desktop. Features: * You can connect to several machines at the same time, we like tabs * You can keep track of your most used connections, we like favorites * You can browse your network for VNC servers, we like avahi * You don't need to supply the password on every connection, we like GNOME Keyring (well, this is not yet implemented) * It's still in alpha stage (but usable), so, bugs are around %package nasm nasm-doc nasm-rdoff Update: Wed Dec 10 12:02:15 2008 Importance: bugfix ID: MDVA-2008:196 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:196 %pre Nasm, as shipped with Mandriva Linux 2009.0, produced bad code on the x86_64 platform in certain cases. This update corrects the problem. %description NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. %package flash-kde-config free-kde-config mandriva-kde-config-common mandriva-kdm-config one-kde-config powerpack-kde-config Update: Wed Dec 10 12:05:29 2008 Importance: bugfix ID: MDVA-2008:197 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:197 %pre On Mandriva Linux 2009.0, every time a web page was opened under Konqueror, or opened in a new tab, it showed the HTML code in an editor instead of the website. This update makes Konqueror display websites correctly instead of pure HTML code. %description This package regroups all specific Mandriva config file for KDE. (kicker config etc.) %package openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-devel openoffice.org-devel-doc openoffice.org-draw openoffice.org-filter-binfilter openoffice.org-gnome openoffice.org-help-af openoffice.org-help-ar openoffice.org-help-bg openoffice.org-help-br openoffice.org-help-bs openoffice.org-help-ca openoffice.org-help-cs openoffice.org-help-cy openoffice.org-help-da openoffice.org-help-de openoffice.org-help-el openoffice.org-help-en_GB openoffice.org-help-en_US openoffice.org-help-es openoffice.org-help-et openoffice.org-help-eu openoffice.org-help-fi openoffice.org-help-fr openoffice.org-help-he openoffice.org-help-hi openoffice.org-help-hu openoffice.org-help-it openoffice.org-help-ja openoffice.org-help-ko openoffice.org-help-mk openoffice.org-help-nb openoffice.org-help-nl openoffice.org-help-nn openoffice.org-help-pl openoffice.org-help-pt openoffice.org-help-pt_BR openoffice.org-help-ru openoffice.org-help-sk openoffice.org-help-sl openoffice.org-help-sv openoffice.org-help-ta openoffice.org-help-tr openoffice.org-help-zh_CN openoffice.org-help-zh_TW openoffice.org-help-zu openoffice.org-impress openoffice.org-java-common openoffice.org-l10n-af openoffice.org-l10n-ar openoffice.org-l10n-bg openoffice.org-l10n-br openoffice.org-l10n-bs openoffice.org-l10n-ca openoffice.org-l10n-cs openoffice.org-l10n-cy openoffice.org-l10n-da openoffice.org-l10n-de openoffice.org-l10n-el openoffice.org-l10n-en_GB openoffice.org-l10n-es openoffice.org-l10n-et openoffice.org-l10n-eu openoffice.org-l10n-fi openoffice.org-l10n-fr openoffice.org-l10n-he openoffice.org-l10n-hi openoffice.org-l10n-hu openoffice.org-l10n-it openoffice.org-l10n-ja openoffice.org-l10n-ko openoffice.org-l10n-mk openoffice.org-l10n-nb openoffice.org-l10n-nl openoffice.org-l10n-nn openoffice.org-l10n-pl openoffice.org-l10n-pt openoffice.org-l10n-pt_BR openoffice.org-l10n-ru openoffice.org-l10n-sk openoffice.org-l10n-sl openoffice.org-l10n-sv openoffice.org-l10n-ta openoffice.org-l10n-tr openoffice.org-l10n-zh_CN openoffice.org-l10n-zh_TW openoffice.org-l10n-zu openoffice.org-math openoffice.org-mono openoffice.org-openclipart openoffice.org-pyuno openoffice.org-style-crystal openoffice.org-style-galaxy openoffice.org-style-hicontrast openoffice.org-style-industrial openoffice.org-style-tango openoffice.org-testtool openoffice.org-writer Update: Fri Dec 12 10:11:35 2008 Importance: bugfix ID: MDVA-2008:198 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:198 %pre This update is the Mandriva OpenOffice.org 3.0 stable official release on Mandriva Linux 2009.0 and it holds some of following explained bug fixes related to openoffice.org-3.0-0.rc2.1mdv2009 packages: OpenOffice.org crashes on start up when the user interface is changed to the Greek language, thus preventing Greek users from using OpenOffice.org in their language (bug #44821). The PyUno function loadComponentFromUrl is missing. This made it not possible in some ways to extend OpenOffice.org using Python through PyUno. Further, some OpenOffice.org extensions written in Python may not work as well (bug #45445). Clip art in the clipart-opencliparts-1.8 package are unreachable by OpenOffice.org. This prevented users from using a lot of clip art provided by the clipart-opencliart-1.8 package (bug #45196). Since no l10n package is installed by default with OpenOffice.org, it used en_US (American English) as the default user interface language and the openoffice.org-help-en_US package should be installed by default to enable users to view OpenOffice.org help. This is the default behavior for other l10n OpenOffice.org language packages: always when an l10n package is installed, the respective help package is also installed (bug #44809). The default user desktop e-mail program configured according to the FreeDesktop.org standard tools should be used for OpenOffice.org when e-mail URI embedded in documents are accessed (bug #43917). OpenOffice.org installed a misplaced file on the root file system. This file is called ooobuildtime.log and it should not be there. The updated packages provide the final OpenOffice.org 3.0 release and fix the noted issues. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Mon Dec 15 11:23:02 2008 Importance: security ID: MDVSA-2008:242 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:242 %pre Two vulnerabilities were discovered in Wireshark. The first is a vulnerability in the SMTP dissector that could cause it to consume excessive CPU and memory via a long SMTP request (CVE-2008-5285). The second is an issue with the WLCCP dissector that could cause it to go into an infinite loop. This update also provides a patch to fix a potential freeze during capture interface selection. This update provides Wireshark 1.0.5, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package enscript Update: Mon Dec 15 13:14:34 2008 Importance: security ID: MDVSA-2008:243 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:243 %pre Two buffer overflow vulnerabilities were discovered in GNU enscript, which could allow an attacker to execute arbitrary commands via a specially crafted ASCII file, if the file were opened with the -e or --escapes option enabled (CVE-2008-3863, CVE-2008-4306). The updated packages have been patched to prevent these issues. %description GNU enscript is a free replacement for Adobe's Enscript program. Enscript converts ASCII files to PostScript(TM) and spools generated PostScript output to the specified printer or saves it to a file. Enscript can be extended to handle different output media and includes many options for customizing printouts. %package kde4-splash-mdv Update: Mon Dec 15 15:57:14 2008 Importance: bugfix ID: MDVA-2008:199 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:199 %pre The kde4-splash-mdv package in Mandriva Linux 2009.0 was not translated. This package update adds translations at the KDE4 start screen. %description Splash Screen Engine for KDE4 supporting SVG files on the theme %package jackit jackit-example-clients libjack0 libjack-devel Update: Mon Dec 15 18:23:59 2008 Importance: normal ID: MDVA-2008:200 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:200 %pre This update provides the latest version of the JACK audio server. It is not provided to fix any specific bugs, but due to the recommendation of the JACK development community that all users should upgrade to 0.116.0 or later, as announced at http://jackaudio.org/. The release fixes many bugs and adds new features, most important among them being the integration of netjack functionality. %description JACK is a low-latency audio server, written primarily for the Linux operating system. It can connect a number of different applications to an audio device, as well as allowing them to share audio between themselves. Its clients can run in their own processes (ie. as a normal application), or can they can run within a JACK server (ie. a "plugin"). JACK is different from other audio server efforts in that it has been designed from the ground up to be suitable for professional audio work. This means that it focuses on two key areas: synchronous execution of all clients, and low latency operation. %package mdkonline Update: Wed Dec 17 18:47:22 2008 Importance: normal ID: MDVA-2008:201 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:201 %pre This package update adds support for automatically configuring additional software repositories (Restricted / Restricted Updates) for registered Powerpack users. %description The Mandriva Online tool allows users to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Update daemon which allows you to install security updates automatically, * A KDE/Gnome/IceWM compliant applet for security updates notification and installation. %package drakx-net drakx-net-text libdrakx-net Update: Wed Dec 17 18:49:16 2008 Importance: normal ID: MDVA-2008:202 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:202 %pre Drakfirewall, as shipped with Mandriva Linux 2009.0, was not able to save the firewall configuration after changing port selection. This update fixes the issue. %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-thunderbird-beagle xulrunner yelp Update: Wed Dec 17 18:51:41 2008 Importance: security ID: MDVSA-2008:245 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513). This update provides the latest Mozilla Firefox 3.x to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package alsa_raoppcm-kernel-2.6.27.7-desktop-1mnb alsa_raoppcm-kernel-2.6.27.7-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.7-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.7-desktop-1mnb drm-experimental-kernel-2.6.27.7-desktop586-1mnb drm-experimental-kernel-2.6.27.7-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.7-desktop-1mnb et131x-kernel-2.6.27.7-desktop586-1mnb et131x-kernel-2.6.27.7-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.7-desktop-1mnb fcpci-kernel-2.6.27.7-desktop586-1mnb fcpci-kernel-2.6.27.7-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.7-desktop-1mnb fglrx-kernel-2.6.27.7-desktop586-1mnb fglrx-kernel-2.6.27.7-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.7-desktop-1mnb gnbd-kernel-2.6.27.7-desktop586-1mnb gnbd-kernel-2.6.27.7-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.7-desktop-1mnb hcfpcimodem-kernel-2.6.27.7-desktop586-1mnb hcfpcimodem-kernel-2.6.27.7-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.7-desktop-1mnb hsfmodem-kernel-2.6.27.7-desktop586-1mnb hsfmodem-kernel-2.6.27.7-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.7-desktop-1mnb hso-kernel-2.6.27.7-desktop586-1mnb hso-kernel-2.6.27.7-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.7-desktop-1mnb iscsitarget-kernel-2.6.27.7-desktop586-1mnb iscsitarget-kernel-2.6.27.7-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.7-1mnb kernel-desktop-2.6.27.7-1mnb kernel-desktop586-2.6.27.7-1mnb kernel-desktop586-devel-2.6.27.7-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.7-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.7-1mnb kernel-server-devel-2.6.27.7-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.7-1mnb kernel-source-latest kqemu-kernel-2.6.27.7-desktop-1mnb kqemu-kernel-2.6.27.7-desktop586-1mnb kqemu-kernel-2.6.27.7-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.7-desktop-1mnb lirc-kernel-2.6.27.7-desktop586-1mnb lirc-kernel-2.6.27.7-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.7-desktop-1mnb lzma-kernel-2.6.27.7-desktop586-1mnb lzma-kernel-2.6.27.7-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.7-desktop-1mnb madwifi-kernel-2.6.27.7-desktop586-1mnb madwifi-kernel-2.6.27.7-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.7-desktop-1mnb nvidia173-kernel-2.6.27.7-desktop586-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.7-desktop-1mnb nvidia71xx-kernel-2.6.27.7-desktop586-1mnb nvidia71xx-kernel-2.6.27.7-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.7-desktop-1mnb nvidia96xx-kernel-2.6.27.7-desktop586-1mnb nvidia96xx-kernel-2.6.27.7-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.7-desktop-1mnb nvidia-current-kernel-2.6.27.7-desktop586-1mnb nvidia-current-kernel-2.6.27.7-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.7-desktop-1mnb omfs-kernel-2.6.27.7-desktop586-1mnb omfs-kernel-2.6.27.7-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.7-desktop-1mnb omnibook-kernel-2.6.27.7-desktop586-1mnb omnibook-kernel-2.6.27.7-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.7-desktop-1mnb opencbm-kernel-2.6.27.7-desktop586-1mnb opencbm-kernel-2.6.27.7-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.7-desktop-1mnb ov51x-jpeg-kernel-2.6.27.7-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.7-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.7-desktop-1mnb qc-usb-kernel-2.6.27.7-desktop586-1mnb qc-usb-kernel-2.6.27.7-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.7-desktop-1mnb rt2860-kernel-2.6.27.7-desktop586-1mnb rt2860-kernel-2.6.27.7-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.7-desktop-1mnb rt2870-kernel-2.6.27.7-desktop586-1mnb rt2870-kernel-2.6.27.7-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.7-desktop-1mnb rtl8187se-kernel-2.6.27.7-desktop586-1mnb rtl8187se-kernel-2.6.27.7-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.7-desktop-1mnb slmodem-kernel-2.6.27.7-desktop586-1mnb slmodem-kernel-2.6.27.7-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.7-desktop-1mnb squashfs-lzma-kernel-2.6.27.7-desktop586-1mnb squashfs-lzma-kernel-2.6.27.7-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.7-desktop-1mnb tp_smapi-kernel-2.6.27.7-desktop586-1mnb tp_smapi-kernel-2.6.27.7-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.7-desktop-1mnb vboxadd-kernel-2.6.27.7-desktop586-1mnb vboxadd-kernel-2.6.27.7-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.7-desktop-1mnb vboxvfs-kernel-2.6.27.7-desktop586-1mnb vboxvfs-kernel-2.6.27.7-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.7-desktop-1mnb vhba-kernel-2.6.27.7-desktop586-1mnb vhba-kernel-2.6.27.7-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.7-desktop-1mnb virtualbox-kernel-2.6.27.7-desktop586-1mnb virtualbox-kernel-2.6.27.7-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.7-desktop-1mnb vpnclient-kernel-2.6.27.7-desktop586-1mnb vpnclient-kernel-2.6.27.7-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Mon Dec 29 06:40:01 2008 Importance: security ID: MDVSA-2008:246 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:246 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors. (CVE-2008-5033) Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. (CVE-2008-5025) Additionally, added enhancements for a newer revision of Nokia models 6300, XpressMusic 5200, 5610 and 7610, the support for the ub USB module was disabled, added fixes for the Wake On LAN feature of the r8169 module, added fixes for suspend and resume on the i915 module, added ALSA fixes for Intel HDA, added workaround for a bug on iwlagn, added the m5602 driver, fixed a crash on the ppscsi module, added fixes to the uvcvideo module. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package dos2unix Update: Mon Jan 05 12:07:34 2009 Importance: bugfix ID: MDVA-2009:001 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:001 %pre The dos2unix command removes the last line of a file if no newline character(s) follow. This package fixes the issue. %description hd2u is "Hany's Dos2Unix converter". It provides 'dos2unix'. 'dos2unix' is filter used to convert DOS-style EOLs to UNIX-style EOLs and vice versa (EOL - End Of Line character). %package msec Update: Mon Jan 05 12:08:57 2009 Importance: bugfix ID: MDVA-2009:002 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:002 %pre This update fixes the following two issues with msec: - when changing to a higher security level, permit_root_login is not handled correctly (bug #19726) - daily reports with multi-byte characters are not sent correctly (bug #26773) %description The Mandriva Linux Security package is designed to provide generic secure level to the Mandriva Linux users... It will permit you to choose between level 0 to 5 for a less -> more secured distribution. This packages includes several programs that will be run periodically in order to test the security of your system and alert you if needed. %package draksnapshot Update: Mon Jan 05 12:10:16 2009 Importance: bugfix ID: MDVA-2009:003 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:003 %pre This update fixes a crash in draksnapshot when hal is confused (bug #44966). %description This is a backup program that uses rsync to take backup snapshots of filesystems. It uses hard links to save space on disk. %package rpmdrake Update: Mon Jan 05 12:12:06 2009 Importance: bugfix ID: MDVA-2009:004 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:004 %pre This update fixes several minor issues with rpmdrake: - it stops running with debuging perl pragmas, which should speed up some things - it makes edit-urpm-sources not drop the 'ignore' flag when updating a medium (bug #44930) - it makes edit-urpm-sources display the right type of altered mirrorlist media (bug #44930) - it makes rpmdrake list plasma applets in GUI package list too (bug #45835) It also enhances searching in rpmdrake by fixing a rare crash on searching (bug #46225), by scrolling the group list to the search category when displaying results, and by updating the GUI package list. %description This package contains the Mandriva graphical software manipulation tools. Rpmdrake provides a simple interface that makes it easy to install and remove software. MandrivaUpdate is a single-purpose application for keeping your system up to date with the latest official updates. There is also a tool for configuring package sources (medias), which can be run independently or accessed from within rpmdrake. %package x11-server x11-server-common x11-server-devel x11-server-xdmx x11-server-xephyr x11-server-xfake x11-server-xfbdev x11-server-xnest x11-server-xorg x11-server-xsdl x11-server-xvfb x11-server-xvnc Update: Mon Jan 05 12:14:22 2009 Importance: bugfix ID: MDVA-2009:005 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:005 %pre This updated x11-server-xorg package provides the following fixes: The OpenOffice.org application menu would trigger a bug in the X server's xkb cache code causing it to crash (segfault). Fake key events generated by the XTest extension would not change the state of the keyboard leds. This would cause the numlock led to be inverted when the enable_X11_numlock program was used (Mandriva's default behaviour). This update corrects both issues. %description X11 servers %package kernel-xen-2.6.18.8-xen-3.3.0-7mdv kernel-xen-devel-2.6.18.8-xen-3.3.0-7mdv libxen3.0 libxen-devel xen xen-doc Update: Tue Jan 06 09:45:51 2009 Importance: bugfix ID: MDVA-2009:006 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:006 %pre %description The basic tools for managing XEN virtual machines. %package amarok amarok-scripts libamarok-devel libamaroklib1 libamarokplasma2 libamarokpud1 libamarok_taglib1 Update: Thu Jan 08 17:55:35 2009 Importance: bugfix ID: MDVA-2009:008 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:008 %pre Mandriva Linux 2009.0 shipped with a pre-release version of Amarok. This update provides the final Amarok 2.0 release. %description Feature Overview * Music Collection: You have a huge music library and want to locate tracks quickly? Let amaroK's powerful Collection take care of that! It's a database powered music store, which keeps track of your complete music library, allowing you to find any title in a matter of seconds. * Intuitive User Interface: You will be amazed to see how easy amaroK is to use! Simply drag-and-drop files into the playlist. No hassle with complicated buttons or tangled menus. Listening to music has never been easier! * Streaming Radio: Web streams take radio to the next level: Listen to thousands of great radio stations on the internet, for free! amaroK provides excellent streaming support, with advanced features, such as displaying titles of the currently playing songs. * Context Browser: This tool provides useful information on the music you are currently listening to, and can make listening suggestions, based on your personal music taste. An innovate and unique feature. * Visualizations: amaroK is compatible with XMMS visualization plugins. Allows you to use the great number of stunning visualizations available on the net. 3d visualizations with OpenGL are a great way to enhance your music experience. %package kdemultimedia kdemultimedia-arts kdemultimedia-common kdemultimedia-juk kdemultimedia-kaboodle kdemultimedia-kaudiocreator kdemultimedia-kmid kdemultimedia-kmix kdemultimedia-krec kdemultimedia-kscd kdemultimedia-noatun libkdemultimedia1-arts libkdemultimedia1-arts-devel libkdemultimedia1-common libkdemultimedia1-common-devel libkdemultimedia1-noatun libkdemultimedia1-noatun-devel Update: Thu Jan 08 17:58:40 2009 Importance: bugfix ID: MDVA-2009:009 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:009 %pre A bug in KDE 3.5.10 as shipped with Mandriva Linux 2009.0, using the lame encode with the audiocd kioslave gives a noise sound as output. This updates fixes the issue. %description Multimedia tools for the K Desktop Environment. - noatun: a multimedia player for sound and movies, very extensible due to it's plugin interface - kaudiocreator: CD ripper and audio encoder frontend. - kaboodle: light media player - kmid: A standalone and embeddable midi player, includes a karaoke-mode - kmix: the audio mixer as a standalone program and Kicker applet - kscd: A CD player with an interface to the internet CDDB database - krec: A recording frontend using aRts %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Thu Jan 08 18:02:16 2009 Importance: security ID: MDVSA-2009:001 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:001 %pre A vulnerability was found by the Google Security Team with how OpenSSL checked the verification of certificates. An attacker in control of a malicious server or able to effect a man-in-the-middle attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, which would then bypass the certificate validation (CVE-2008-5077). The updated packages have been patched to prevent this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %package libpython2.5 libpython2.5-devel python python-base python-docs tkinter tkinter-apps Update: Fri Jan 09 15:01:00 2009 Importance: security ID: MDVSA-2009:003 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:003 %pre Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. (CVE-2008-4864) Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031) The updated Python packages have been patched to correct these issues. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package pam_mount Update: Fri Jan 09 18:35:06 2009 Importance: security ID: MDVSA-2009:004 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:004 %pre passwdehd script in pam_mount would allow local users to overwrite arbitrary files via a symlink attack on a temporary file. The updated packages have been patched to prevent this. %description Pam_mount is a PAM module that allows dynamic remote volume mounting. It is mainly useful for users that have private volumes in Samba / Windows NT / Netware servers and need access to them during a Unix session. %package bind bind-devel bind-doc bind-utils Update: Fri Jan 09 22:20:40 2009 Importance: security ID: MDVSA-2009:002 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:002 %pre A flaw was found in how BIND checked the return value of the OpenSSL DSA_do_verify() function. On systems that use DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, which would allow for spoofing attacks (CVE-2009-0025). The updated packages have been patched to prevent this issue. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package xterm Update: Sun Jan 11 17:05:42 2009 Importance: security ID: MDVSA-2009:005 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:005 %pre A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the more command in xterm (CVE-2008-2383). The updated packages have been patched to prevent this. %description The XTerm program is the standard terminal emulator for the X Window System. It provides DEC VT102/VT220 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. If the underlying operating system supports terminal resizing capabilities (for example, the SIGWINCH signal in systems derived from 4.3bsd), xterm will use the facilities to notify programs running in the window whenever it is resized. The xterm included in this package has support for 256 colors enabled. %package bind bind-devel bind-doc bind-utils Update: Mon Jan 12 15:18:54 2009 Importance: bugfix ID: MDVA-2009:010 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:010 %pre A build issue with the BIND9 packages in Mandriva Linux 2009.0 prevents IPv6 from working correctly. This is due to POSIX not including the IPv6 Advanced Socket API, so glibc hides parts of this API as a result. The end result is a breakage in how IPv6 works. Compiling BIND9 with -D_GNU_SOURCE fixes this issue, and the updated packages use this additional flag. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package ntp ntp-client ntp-doc Update: Tue Jan 13 15:27:30 2009 Importance: security ID: MDVSA-2009:007 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:007 %pre A flaw was found in how NTP checked the return value of signature verification. A remote attacker could use this to bypass certificate validation by using a malformed SSL/TLS signature (CVE-2009-0021). The updated packages have been patched to prevent this issue. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package dkms-kqemu qemu qemu-img Update: Tue Jan 13 19:43:59 2009 Importance: security ID: MDVSA-2009:008 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:008 %pre Security vulnerabilities have been discovered and corrected in VNC server of qemu version 0.9.1 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. %description QEMU is a FAST! processor emulator. By using dynamic translation it achieves a reasonnable speed while being easy to port on new host CPUs. QEMU has two operating modes: * User mode emulation. In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. Linux system calls are converted because of endianness and 32/64 bit mismatches. Wine (Windows emulation) and DOSEMU (DOS emulation) are the main targets for QEMU. * Full system emulation. In this mode, QEMU emulates a full system, including a processor and various peripherials. Currently, it is only used to launch an x86 Linux kernel on an x86 Linux system. It enables easier testing and debugging of system code. It can also be used to provide virtual hosting of several virtual PC on a single server. This QEMU package provides support for KQEMU, the QEMU Accelerator module. %package kvm Update: Tue Jan 13 19:56:34 2009 Importance: security ID: MDVSA-2009:009 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:009 %pre Security vulnerabilities have been discovered and corrected in VNC server of kvm version 79 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. %description KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. %package dkms-vboxadd dkms-vboxvfs dkms-virtualbox virtualbox virtualbox-guest-additions x11-driver-input-vboxmouse x11-driver-video-vboxvideo Update: Wed Jan 14 16:11:47 2009 Importance: security ID: MDVSA-2009:011 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:011 %pre A vulnerability have been discovered and corrected in VirtualBox, affecting versions prior to 2.0.6, which allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-qateam-ipc/lock temporary file (CVE-2008-5256). The updated packages have been patched to prevent this. %description VirtualBox Open Source Edition (OSE) is a general-purpose full virtualizer for x86 hardware. %package gwenview kamera kcolorchooser kdegraphics4 kdegraphics4-core kdegraphics4-devel kgamma kipi-common kolourpaint kruler ksnapshot libgwenviewlib4 libkdcraw7 libkdcraw-common libkexiv2_7 libkipi6 libkolourpaint_lgpl4 libksane0 libokularcore1 okular Update: Thu Jan 15 11:40:13 2009 Importance: bugfix ID: MDVA-2009:011 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:011 %pre This package updates the libkdraw and libkexiv2 libraries making it possible to build newer versions of digikam. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications %package kphotoalbum Update: Thu Jan 15 11:45:45 2009 Importance: bugfix ID: MDVA-2009:012 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:012 %pre Kphotoalbum in Mandriva Linux 2009.0 had some unimplemented functions that could lead to crashes. This new package implements those functions and fixes the crashes. %description Image database for KDE4 %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-beagle mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Thu Jan 15 11:53:33 2009 Importance: security ID: MDVSA-2009:012 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.19 (CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512). This update provides the latest Thunderbird to correct these issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package mencoder mplayer mplayer-doc mplayer-gui Update: Thu Jan 15 17:38:23 2009 Importance: security ID: MDVSA-2009:013 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 %pre Several vulnerabilities have been discovered in mplayer, which could allow remote attackers to execute arbitrary code via a malformed TwinVQ file (CVE-2008-5616), and in ffmpeg, as used by mplayer, related to the execution of DTS generation code (CVE-2008-4866) and incorrect handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867). The updated packages have been patched to prevent this. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer10GOLD/codecs %package ffmpeg libavformats52 libavutil49 libffmpeg51 libffmpeg-devel libffmpeg-static-devel libswscaler0 Update: Thu Jan 15 18:39:57 2009 Importance: security ID: MDVSA-2009:015 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:015 %pre Several vulnerabilities have been discovered in ffmpeg, related to the execution of DTS generation code (CVE-2008-4866) and incorrect handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867). The updated packages have been patched to prevent this. %description ffmpeg is a hyper fast realtime audio/video encoder, a streaming server and a generic audio and video file converter. It can grab from a standard Video4Linux video source and convert it into several file formats based on DCT/motion compensation encoding. Sound is compressed in MPEG audio layer 2 or using an AC3 compatible stream. %package imlib2-data libimlib2_1 libimlib2_1-filters libimlib2_1-loaders libimlib2-devel Update: Mon Jan 19 09:08:11 2009 Importance: security ID: MDVSA-2009:019 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:019 %pre A vulnerability have been discovered in the load function of the XPM loader for imlib2, which allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file (CVE-2008-5187). The updated packages have been patched to prevent this. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. Build Options: --with mmx Enable mmx cpu detection (10% - 30% speedup) %package libphonon4 libphononexperimental4 phonon-devel phonon-gstreamer Update: Mon Jan 19 13:57:51 2009 Importance: bugfix ID: MDVA-2009:013 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:013 %pre Phonon in Mandriva Linux 2009.0 was not able to read files with a bracket in their filename. This update corrects the issue. %description Phonon is the KDE4 Multimedia Framework %package libxine1 libxine-devel xine-aa xine-caca xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-jack xine-plugins xine-pulse xine-sdl xine-smb xine-wavpack Update: Wed Jan 21 12:27:41 2009 Importance: security ID: MDVSA-2009:020 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 %pre Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-3231). Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files (CVE: CVE-2008-5233). Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata (CVE-2008-5234). Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files (CVE-2008-5236). Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-5237). Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Further this problem can even lead attackers to cause denial of service (CVE-2008-5239). Heap-based overflow allows attackers to execute arbitrary code by using crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry element). Further a failure on handling of Real media files (CONT_TAG header) can lead to a denial of service attack (CVE-2008-5240). Integer underflow allows remote attackers to cause denial of service by using Quicktime media files (CVE-2008-5241). Failure on manipulation of Real media files can lead remote attackers to cause a denial of service by indexing an allocated buffer with a certain input value in a crafted file (CVE-2008-5243). Vulnerabilities of unknown impact - possibly buffer overflow - caused by a condition of video frame preallocation before ascertaining the required length in V4L video input plugin (CVE-2008-5245). Heap-based overflow allows remote attackers to execute arbitrary code by using crafted media files. This vulnerability is in the manipulation of ID3 audio file data tagging mainly used in MP3 file formats (CVE-2008-5246). This update provides the fix for all these security issues found in xine-lib 1.1.11 of Mandriva 2008.1. The vulnerabilities: CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5243 are found in xine-lib 1.1.15 of Mandriva 2009.0 and are also fixed by this update. %description xine is a free gpl-licensed video player for unix-like systems. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Wed Jan 21 12:55:44 2009 Importance: security ID: MDVSA-2009:021 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:021 %pre A buffer overflow in the imageloadfont() function in PHP allowed context-dependent attackers to cause a denial of service (crash) and potentially execute arbitrary code via a crafted font file (CVE-2008-3658). A buffer overflow in the memnstr() function allowed context-dependent attackers to cause a denial of service (crash) and potentially execute arbitrary code via the delimiter argument to the explode() function (CVE-2008-3659). PHP, when used as a FastCGI module, allowed remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension (CVE-2008-3660). An array index error in the imageRotate() function in PHP allowed context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument to the function for an indexed image (CVE-2008-5498). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package cups cups-common cups-serial libcups2 libcups2-devel php-cups Update: Sat Jan 24 08:40:35 2009 Importance: security ID: MDVSA-2009:027 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:027 %pre A vulnerability has been discovered in CUPS shipped with Mandriva Linux which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file (CVE-2009-0032). The updated packages have been patched to prevent this. %description CUPS 1.2 is fully compatible with CUPS-1.1 machines in the network and with software built against CUPS-1.1 libraries. The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package amarok amarok-scripts libamarok-devel libamaroklib1 libamarokplasma2 libamarokpud1 libamarok_taglib1 Update: Tue Jan 27 06:01:59 2009 Importance: security ID: MDVSA-2009:030 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:030 %pre Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code (CVE-2009-0135). Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file (CVE-2009-0136). This update provide the fix for these security issues. %description Feature Overview * Music Collection: You have a huge music library and want to locate tracks quickly? Let amaroK's powerful Collection take care of that! It's a database powered music store, which keeps track of your complete music library, allowing you to find any title in a matter of seconds. * Intuitive User Interface: You will be amazed to see how easy amaroK is to use! Simply drag-and-drop files into the playlist. No hassle with complicated buttons or tangled menus. Listening to music has never been easier! * Streaming Radio: Web streams take radio to the next level: Listen to thousands of great radio stations on the internet, for free! amaroK provides excellent streaming support, with advanced features, such as displaying titles of the currently playing songs. * Context Browser: This tool provides useful information on the music you are currently listening to, and can make listening suggestions, based on your personal music taste. An innovate and unique feature. * Visualizations: amaroK is compatible with XMMS visualization plugins. Allows you to use the great number of stunning visualizations available on the net. 3d visualizations with OpenGL are a great way to enhance your music experience. %package drak3d Update: Thu Jan 29 19:07:32 2009 Importance: bugfix ID: MDVA-2009:014 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:014 %pre This update fixes several minor issues with drak3: - allow to show only installed WMs in interactive mode (for finish-install) - add --force option to force 3D desktop enabling even if not supported - check if system supports command line options before applying them - blacklist geode driver - do not die in automatic mode if there is no control terminal - set gstreamer videosink to ximagesink when using 3D desktop (based on patch from Caio Begotti, #25572) - add --auto/--method=/--wm= command line options %description Drak3d enables to configure 3D desktop effects. %package avahi avahi-dnsconfd avahi-python avahi-sharp avahi-sharp-doc avahi-x11 libavahi-client3 libavahi-client-devel libavahi-common3 libavahi-common-devel libavahi-compat-howl0 libavahi-compat-howl-devel libavahi-compat-libdns_sd1 libavahi-compat-libdns_sd-devel libavahi-core5 libavahi-core-devel libavahi-glib1 libavahi-glib-devel libavahi-gobject0 libavahi-gobject-devel libavahi-qt3_1 libavahi-qt3-devel libavahi-qt4_1 libavahi-qt4-devel libavahi-ui1 libavahi-ui-devel Update: Fri Jan 30 18:31:00 2009 Importance: security ID: MDVSA-2009:031 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:031 %pre A vulnerability has been discovered in Avahi before 0.6.24, which allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0 (CVE-2008-5081). The updated packages have been patched to prevent this. %description Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in MacOS X (branded 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very convenient. %package avahi avahi-dnsconfd avahi-python avahi-sharp avahi-sharp-doc avahi-x11 libavahi-client3 libavahi-client-devel libavahi-common3 libavahi-common-devel libavahi-compat-howl0 libavahi-compat-howl-devel libavahi-compat-libdns_sd1 libavahi-compat-libdns_sd-devel libavahi-core5 libavahi-core-devel libavahi-glib1 libavahi-glib-devel libavahi-gobject0 libavahi-gobject-devel libavahi-qt3_1 libavahi-qt3-devel libavahi-qt4_1 libavahi-qt4-devel libavahi-ui1 libavahi-ui-devel Update: Fri Jan 30 18:32:05 2009 Importance: security ID: MDVSA-2009:031 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:031 %pre A vulnerability has been discovered in Avahi before 0.6.24, which allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0 (CVE-2008-5081). The updated packages have been patched to prevent this. %description Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in MacOS X (branded 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very convenient. %package alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.10-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.10-desktop-1mnb drm-experimental-kernel-2.6.27.10-desktop586-1mnb drm-experimental-kernel-2.6.27.10-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.10-desktop-1mnb et131x-kernel-2.6.27.10-desktop586-1mnb et131x-kernel-2.6.27.10-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.10-desktop-1mnb fcpci-kernel-2.6.27.10-desktop586-1mnb fcpci-kernel-2.6.27.10-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.10-desktop-1mnb fglrx-kernel-2.6.27.10-desktop586-1mnb fglrx-kernel-2.6.27.10-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.10-desktop-1mnb gnbd-kernel-2.6.27.10-desktop586-1mnb gnbd-kernel-2.6.27.10-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.10-desktop-1mnb hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb hcfpcimodem-kernel-2.6.27.10-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.10-desktop-1mnb hsfmodem-kernel-2.6.27.10-desktop586-1mnb hsfmodem-kernel-2.6.27.10-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.10-desktop-1mnb hso-kernel-2.6.27.10-desktop586-1mnb hso-kernel-2.6.27.10-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.10-desktop-1mnb iscsitarget-kernel-2.6.27.10-desktop586-1mnb iscsitarget-kernel-2.6.27.10-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.10-1mnb kernel-desktop-2.6.27.10-1mnb kernel-desktop586-2.6.27.10-1mnb kernel-desktop586-devel-2.6.27.10-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.10-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.10-1mnb kernel-server-devel-2.6.27.10-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.10-1mnb kernel-source-latest kqemu-kernel-2.6.27.10-desktop-1mnb kqemu-kernel-2.6.27.10-desktop586-1mnb kqemu-kernel-2.6.27.10-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.10-desktop-1mnb lirc-kernel-2.6.27.10-desktop586-1mnb lirc-kernel-2.6.27.10-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.10-desktop-1mnb lzma-kernel-2.6.27.10-desktop586-1mnb lzma-kernel-2.6.27.10-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.10-desktop-1mnb madwifi-kernel-2.6.27.10-desktop586-1mnb madwifi-kernel-2.6.27.10-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.10-desktop-1mnb nvidia173-kernel-2.6.27.10-desktop586-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.10-desktop-1mnb nvidia71xx-kernel-2.6.27.10-desktop586-1mnb nvidia71xx-kernel-2.6.27.10-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.10-desktop-1mnb nvidia96xx-kernel-2.6.27.10-desktop586-1mnb nvidia96xx-kernel-2.6.27.10-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.10-desktop-1mnb nvidia-current-kernel-2.6.27.10-desktop586-1mnb nvidia-current-kernel-2.6.27.10-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.10-desktop-1mnb omfs-kernel-2.6.27.10-desktop586-1mnb omfs-kernel-2.6.27.10-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.10-desktop-1mnb omnibook-kernel-2.6.27.10-desktop586-1mnb omnibook-kernel-2.6.27.10-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.10-desktop-1mnb opencbm-kernel-2.6.27.10-desktop586-1mnb opencbm-kernel-2.6.27.10-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.10-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.10-desktop-1mnb qc-usb-kernel-2.6.27.10-desktop586-1mnb qc-usb-kernel-2.6.27.10-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.10-desktop-1mnb rt2860-kernel-2.6.27.10-desktop586-1mnb rt2860-kernel-2.6.27.10-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.10-desktop-1mnb rt2870-kernel-2.6.27.10-desktop586-1mnb rt2870-kernel-2.6.27.10-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.10-desktop-1mnb rtl8187se-kernel-2.6.27.10-desktop586-1mnb rtl8187se-kernel-2.6.27.10-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.10-desktop-1mnb slmodem-kernel-2.6.27.10-desktop586-1mnb slmodem-kernel-2.6.27.10-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.10-desktop-1mnb squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb squashfs-lzma-kernel-2.6.27.10-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.10-desktop-1mnb tp_smapi-kernel-2.6.27.10-desktop586-1mnb tp_smapi-kernel-2.6.27.10-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.10-desktop-1mnb vboxadd-kernel-2.6.27.10-desktop586-1mnb vboxadd-kernel-2.6.27.10-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.10-desktop-1mnb vboxvfs-kernel-2.6.27.10-desktop586-1mnb vboxvfs-kernel-2.6.27.10-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.10-desktop-1mnb vhba-kernel-2.6.27.10-desktop586-1mnb vhba-kernel-2.6.27.10-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.10-desktop-1mnb virtualbox-kernel-2.6.27.10-desktop586-1mnb virtualbox-kernel-2.6.27.10-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.10-desktop-1mnb vpnclient-kernel-2.6.27.10-desktop586-1mnb vpnclient-kernel-2.6.27.10-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Fri Jan 30 23:25:34 2009 Importance: security ID: MDVSA-2009:032 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:032 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. (CVE-2008-5079) Linux kernel 2.6.28 allows local users to cause a denial of service (soft lockup and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. (CVE-2008-5300) Additionaly, wireless and hotkeys support for Asus EEE were fixed, systems with HDA sound needing MSI support were added to the quirks list to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA support was enhanced and fixed, support for HDA sound on Acer Aspire 8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS filesystem should now work with Kerberos, and a few more things. Check the package changelog for details. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package libopenct1 libopenct-devel openct Update: Mon Feb 02 17:38:46 2009 Importance: bugfix ID: MDVA-2009:015 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:015 %pre This update fixes issue with a non-LSB initscript of openct, which could cause init to switch to non LSB compat mode, and result in a loop between resolvconf and network (bug #47299). %description This is OpenCT, a middleware framework for smart card terminals. %package at Update: Mon Feb 02 22:08:37 2009 Importance: bugfix ID: MDVA-2009:016 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:016 %pre The 'at' command scheduler in Mandriva Linux 2009 failed to work at all for users other than root, due to a permission error. This update fixes the issue, making it possible for regular users to run at jobs. %description At and batch read commands from standard input or from a specified file. At allows you to specify that a command will be run at a particular time (now or a specified time in the future). Batch will execute commands when the system load levels drop to a particular level. Both commands use /bin/sh to run the commands. You should install the at package if you need a utility that will do time-oriented job control. Note: you should use crontab instead, if it is a recurring job that will need to be repeated at the same time every day/week/etc. %package sudo Update: Wed Feb 04 12:38:11 2009 Importance: security ID: MDVSA-2009:033 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:033 %pre A vulnerability has been identified in sudo which allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root (CVE-2009-0034). The updated packages have been patched to prevent this. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package glibc glibc-devel glibc-doc glibc-doc-pdf glibc-i18ndata glibc-profile glibc-static-devel glibc-utils nscd Update: Fri Feb 06 08:55:05 2009 Importance: bugfix ID: MDVA-2009:017 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:017 %pre regexp.h header shipped with glibc 2.8, in Mandriva Linux 2009, had an error which caused the build of programs using the regexp compile function to fail. This update addresses the issue. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. This package now also provides ldconfig which was package seperately in the past. Ldconfig is a basic system program which determines run-time link bindings between ld.so and shared libraries. Ldconfig scans a running system and sets up the symbolic links that are used to load shared libraries properly. It also creates a cache (/etc/ld.so.cache) which speeds the loading of programs which use shared libraries. %package clamav clamav-db clamav-milter clamd libclamav5 libclamav-devel Update: Fri Feb 06 18:27:24 2009 Importance: bugfix ID: MDVA-2009:018 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:018 %pre This update fixes several issues with clamav: - update unexpectely changes location of clamd socket (#46459) - clamav-milter was not built (#46555) - Clamav-milter wanted to remove postfix (#46556) %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package clamav clamav-db clamav-milter clamd libclamav5 libclamav-devel Update: Fri Feb 06 18:35:52 2009 Importance: bugfix ID: MDVA-2009:018 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:018 %pre This update fixes several issues with clamav: - update unexpectely changes location of clamd socket (#46459) - clamav-milter was not built (#46555) - Clamav-milter wanted to remove postfix (#46556) %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package clamav clamav-db clamav-milter clamd libclamav5 libclamav-devel Update: Fri Feb 06 18:47:01 2009 Importance: bugfix ID: MDVA-2009:018 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:018 %pre This update fixes several issues with clamav: - update unexpectely changes location of clamd socket (#46459) - clamav-milter was not built (#46555) - Clamav-milter wanted to remove postfix (#46556) - Scanning mail with clamav leaves a big temporary folder (#46642) - Build fails if invoked with --with milter, in a configure stage (#46554) - Jpeg parsing denial-of-service crash in clamav 0.94-1 and earlier (#46199) %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package squid squid-cachemgr Update: Tue Feb 10 16:09:36 2009 Importance: security ID: MDVSA-2009:034 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 %pre Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client to perform a denial of service attack on the Squid service (CVE-2009-0478). The updated packages have been patched to adress this. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package gstreamer0.10-aalib gstreamer0.10-caca gstreamer0.10-dv gstreamer0.10-esound gstreamer0.10-flac gstreamer0.10-plugins-good gstreamer0.10-pulse gstreamer0.10-raw1394 gstreamer0.10-soup gstreamer0.10-speex gstreamer0.10-wavpack Update: Wed Feb 11 02:07:54 2009 Importance: security ID: MDVSA-2009:035 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:035 %pre Security vulnerabilities have been discovered and corrected in gstreamer0.10-plugins-good, might allow remote attackers to execute arbitrary code via a malformed QuickTime media file (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397). The updated packages have been patched to prevent this. %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of plug-ins that are considered to have good quality code, correct functionality, the preferred license (LGPL for the plug-in code, LGPL or LGPL-compatible for the supporting library). People writing elements should base their code on these elements. %package librhythmbox0 rhythmbox rhythmbox-mozilla rhythmbox-upnp Update: Thu Feb 12 03:33:40 2009 Importance: bugfix ID: MDVA-2009:020 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:020 %pre Rhythmbox could crash when handling removable devices and media players, like ipods. This update fixes the problem. %description Music Management application with support for ripping audio-cd's, playback of Ogg Vorbis and Mp3 and burning of CD-Rs. %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Thu Feb 12 03:52:57 2009 Importance: bugfix ID: MDVA-2009:021 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:021 %pre This update fixes several minor issues with drakxtools: - it prevents the harddrake service to uselessly backup xorg.conf when not configuring the driver - it fixes a couple minor issues with diskdrake: o stop crashing when udev & diskdrake are competing in order to create a device node (#41832) o --dav: handle davfs2 credentials in /etc/davfs2/secrets (#44190) o --dav: handle https o --nfs: handle host:/ (#44320) o --smb: cifs must be used instead of smbfs (#42483) o lookup for Samba master browsers too - it fixes displaying various devices in their proper category in the harddrake GUI - it handle a couple of new network driver - finish-install: o show only installed 3D desktops o adapt to new Xconfig::glx API (drak3d 1.21) o use /dev/urandom instead of /dev/random to generate salt for passwords (since reading on /dev/random can block boot process) - prevent mdkapplet from crashing (#46477) - smb: fix netbios name resolution (#42483, thanks to Derek Jennings) %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package x11-data-xkbdata Update: Thu Feb 12 04:08:45 2009 Importance: bugfix ID: MDVA-2009:022 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:022 %pre Wrong directory permissions would prevent the compilation of keyboard mappings. This update fixes this issue. %description Xkeyboard-config provides consistent, well-structured, frequently released of X keyboard configuration data (XKB) for various X Window System implementations. %package db4.6 db4.6-javadoc db46-utils libdb4.6 libdb4.6-devel libdb4.6-static-devel libdbcxx4.6 libdbnss4.6 libdbnss4.6-devel libdbtcl4.6 Update: Thu Feb 12 04:41:36 2009 Importance: bugfix ID: MDVA-2009:023 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:023 %pre Additional official patches have been released for db 4.6 after Mandriva release. They fix the following issues: - There was the possibility that the wrong number of mutexes would be allocated. This issue could cause applications with multiple cache regions to see undefined behavior in rare cases under load - Replication clients should be able to open a sequence %description The Berkeley Database (Berkeley DB) is a programmatic toolkit that provides embedded database support for both traditional and client/server applications. Berkeley DB is used by many applications, including Python and Perl, so this should be installed on all systems. %package gnome-python-gconf libbaconvideowidget-gstreamer0 libbaconvideowidget-xine0 python-gdata totem-common totem-gstreamer totem-mozilla totem-nautilus totem-xine Update: Thu Feb 12 05:36:13 2009 Importance: bugfix ID: MDVA-2009:024 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:024 %pre Changes on the Youtube web site prevented the youtube totem plugin in Mandriva Linux 2009 from working. Also, totem wouldn't allow setting the colour balance sliders to the minimum or maximum settings. This update fixes both issues. %description Totem is simple movie player for the GNOME desktop. It features a simple playlist, a full-screen mode, seek and volume controls, as well as a pretty complete keyboard navigation. This version is based on the xine backend. %package bind bind-devel bind-doc bind-utils Update: Mon Feb 16 11:41:32 2009 Importance: security ID: MDVSA-2009:037 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:037 %pre Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function (CVE-2009-0265). %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package blender Update: Mon Feb 16 14:39:44 2009 Importance: security ID: MDVSA-2009:038 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:038 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory (CVE-2008-4863). This update provides fix for that vulnerability. %description Blender is the in-house software of a high quality animation studio. It has proven to be an extremely fast and versatile design instrument. The software has a personal touch, offering a unique approach to the world of three dimensions. Blender can be used to create TV commercials, to make technical visualizations or business graphics, to do some morphing, or to design user interfaces. Developers can easily build and manage complex environments. The renderer is versatile and extremely fast. All basic animation principles (curves and keys) are implemented. Please note that the ability of Blender to export to h.264 and Xvid video formats, and MP3 audio format, has been disabled in this build due to patent issues. %package gedit gedit-devel Update: Mon Feb 16 15:46:30 2009 Importance: security ID: MDVSA-2009:039 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:039 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current gedit working directory (CVE-2009-0314). This update provides fix for that vulnerability. %description gEdit is a small but powerful text editor designed expressly for GNOME. It includes such features as split-screen mode, a plugin API, which allows gEdit to be extended to support many features while remaining small at its core, multiple document editing through the use of a 'tabbed' notebook and many more functions. %package dia Update: Mon Feb 16 21:23:50 2009 Importance: security ID: MDVSA-2009:040 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:040 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory (CVE-2008-5984). This update provides fix for that vulnerability. %description Dia is a program designed to be much like the Windows program 'Visio'. It can be used to draw different kind of diagrams. In this first version there is support for UML static structure diagrams (class diagrams) and Network diagrams. It can currently load and save diagrams to a custom fileformat and export to postscript. %package jhead Update: Tue Feb 17 16:13:05 2009 Importance: security ID: MDVSA-2009:041 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:041 %pre Security vulnerabilies have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) (CVE-2008-4575). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file (CVE-2008-4639). Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename (CVE-2008-4640). jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input (CVE-2008-4641). This update provides the latest Jhead to correct these issues. %description Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. In contrary to the tools "exif" and "gexif" (and all other libexif-based tools as "gphoto2") this tool gives a much easier readable summary of camera settings (shutter speed in 1/x sec, focal length (also the 35-mm camera equivalent), focal distance, ...), EXIF header manipulation as stripping off the thumbnail and other info not needed, stripping off the complete header, applying arbitrary conversion tools to the JPEG image and conserving the header, renaming JPEG images with the capture date stored in the header, and even turning the images upright when the camera has an orientation sensor (as Canon Digital IXUS 400) ... The tool is very compact, the executable has only a size of around 35 kb, the whole package (with documentation) occupies 60 kb. See /usr/share/doc/jhead-2.86/usage.html for how to use this program. %package keyutils libkeyutils1 libkeyutils-devel libkeyutils-static-devel Update: Wed Feb 18 14:36:24 2009 Importance: bugfix ID: MDVA-2009:025 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:025 %pre This update fixes two minor issues with keyutils. request-key was installed in /usr/sbin while the kernel expect it in /sbin directory. keyctl was installed in /usr/bin instead of /bin. This update also add lines to /etc/request-key.conf for cifs.upcall required for krb5 support for mount.cifs. This update fixes both issues. %description Utilities to control the kernel key management facility and to provide a mechanism by which the kernel call back to userspace to get a key instantiated. %package libnetapi0 libnetapi-devel libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel libsmbsharemodes0 libsmbsharemodes-devel libtalloc1 libtalloc-devel libtdb1 libtdb-devel libwbclient0 libwbclient-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Update: Wed Feb 18 17:45:29 2009 Importance: security ID: MDVSA-2009:042 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:042 %pre Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name (CVE-2009-0022). This update provides samba 3.2.7 to address this issue. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package keyutils libkeyutils1 libkeyutils-devel libkeyutils-static-devel Update: Wed Feb 18 22:13:48 2009 Importance: bugfix ID: MDVA-2009:025-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:025-1 %pre This update fixes two minor issues with keyutils. request-key was installed in /usr/sbin while the kernel expect it in /sbin directory. keyctl was installed in /usr/bin instead of /bin. This update also add lines to /etc/request-key.conf for cifs.upcall required for krb5 support for mount.cifs. This update fixes both issues. Update: The previous update had the release number set to lower than what was expected by the samba security update, causing that one to fail. This new update fixes the release number, thus fixing the samba upgrade. %description Utilities to control the kernel key management facility and to provide a mechanism by which the kernel call back to userspace to get a key instantiated. %package libnetapi0 libnetapi-devel libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel libsmbsharemodes0 libsmbsharemodes-devel libtalloc1 libtalloc-devel libtdb1 libtdb-devel libwbclient0 libwbclient-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Update: Thu Feb 19 11:47:46 2009 Importance: bugfix ID: MDVA-2009:026 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:026 %pre This update fixes two minor issues with samba. Package does not install from update because of missing dependency (#47979). Fix dependencies because /usr/include/tdb.h was moved from libsmbclient0-devel to libtdb-devel and this led to a file conflict and prevented a smooth upgrade. This update fixes both issues. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package libnetapi0 libnetapi-devel libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel libsmbsharemodes0 libsmbsharemodes-devel libtalloc1 libtalloc-devel libtdb1 libtdb-devel libwbclient0 libwbclient-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Update: Thu Feb 19 13:46:23 2009 Importance: bugfix ID: MDVA-2009:026-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:026-1 %pre This update fixes two minor issues with samba. Package does not install from update because of missing dependency (#47979). Fix dependencies because /usr/include/tdb.h was moved from libsmbclient0-devel to libtdb-devel and this led to a file conflict and prevented a smooth upgrade. This update fixes both issues. Update: The previous update packages wasn't signed, this time they are. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package libnetapi0 libnetapi-devel libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel libsmbsharemodes0 libsmbsharemodes-devel libtalloc1 libtalloc-devel libtdb1 libtdb-devel libwbclient0 libwbclient-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Update: Thu Feb 19 14:14:13 2009 Importance: bugfix ID: MDVA-2009:026-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:026-1 %pre This update fixes two minor issues with samba. Package does not install from update because of missing dependency (#47979). Fix dependencies because /usr/include/tdb.h was moved from libsmbclient0-devel to libtdb-devel and this led to a file conflict and prevented a smooth upgrade. This update fixes both issues. Update: The previous update packages wasn't signed, this time they are. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package gnumeric libspreadsheet1.9.2 libspreadsheet-devel Update: Thu Feb 19 20:52:41 2009 Importance: security ID: MDVSA-2009:043 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:043 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Gnumeric working directory (CVE-2009-0318). This update provides fix for that vulnerability. %description This is the Gnumeric, the GNOME spreadsheet program. If you are familiar with Excel, you should be ready to use Gnumeric. It tries to clone all of the good features and stay as compatible as possible with Excel in terms of usability. Hopefully the bugs have been left behind :). %package alsa_raoppcm-kernel-2.6.27.14-desktop-1mnb alsa_raoppcm-kernel-2.6.27.14-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.14-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.14-desktop-1mnb drm-experimental-kernel-2.6.27.14-desktop586-1mnb drm-experimental-kernel-2.6.27.14-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.14-desktop-1mnb et131x-kernel-2.6.27.14-desktop586-1mnb et131x-kernel-2.6.27.14-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.14-desktop-1mnb fcpci-kernel-2.6.27.14-desktop586-1mnb fcpci-kernel-2.6.27.14-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.14-desktop-1mnb fglrx-kernel-2.6.27.14-desktop586-1mnb fglrx-kernel-2.6.27.14-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.14-desktop-1mnb gnbd-kernel-2.6.27.14-desktop586-1mnb gnbd-kernel-2.6.27.14-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.14-desktop-1mnb hcfpcimodem-kernel-2.6.27.14-desktop586-1mnb hcfpcimodem-kernel-2.6.27.14-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.14-desktop-1mnb hsfmodem-kernel-2.6.27.14-desktop586-1mnb hsfmodem-kernel-2.6.27.14-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.14-desktop-1mnb hso-kernel-2.6.27.14-desktop586-1mnb hso-kernel-2.6.27.14-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.14-desktop-1mnb iscsitarget-kernel-2.6.27.14-desktop586-1mnb iscsitarget-kernel-2.6.27.14-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.14-1mnb kernel-desktop-2.6.27.14-1mnb kernel-desktop586-2.6.27.14-1mnb kernel-desktop586-devel-2.6.27.14-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.14-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.14-1mnb kernel-server-devel-2.6.27.14-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.14-1mnb kernel-source-latest kqemu-kernel-2.6.27.14-desktop-1mnb kqemu-kernel-2.6.27.14-desktop586-1mnb kqemu-kernel-2.6.27.14-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.14-desktop-1mnb lirc-kernel-2.6.27.14-desktop586-1mnb lirc-kernel-2.6.27.14-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.14-desktop-1mnb lzma-kernel-2.6.27.14-desktop586-1mnb lzma-kernel-2.6.27.14-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.14-desktop-1mnb madwifi-kernel-2.6.27.14-desktop586-1mnb madwifi-kernel-2.6.27.14-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.14-desktop-1mnb nvidia173-kernel-2.6.27.14-desktop586-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.14-desktop-1mnb nvidia71xx-kernel-2.6.27.14-desktop586-1mnb nvidia71xx-kernel-2.6.27.14-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.14-desktop-1mnb nvidia96xx-kernel-2.6.27.14-desktop586-1mnb nvidia96xx-kernel-2.6.27.14-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.14-desktop-1mnb nvidia-current-kernel-2.6.27.14-desktop586-1mnb nvidia-current-kernel-2.6.27.14-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.14-desktop-1mnb omfs-kernel-2.6.27.14-desktop586-1mnb omfs-kernel-2.6.27.14-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.14-desktop-1mnb omnibook-kernel-2.6.27.14-desktop586-1mnb omnibook-kernel-2.6.27.14-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.14-desktop-1mnb opencbm-kernel-2.6.27.14-desktop586-1mnb opencbm-kernel-2.6.27.14-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.14-desktop-1mnb ov51x-jpeg-kernel-2.6.27.14-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.14-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.14-desktop-1mnb qc-usb-kernel-2.6.27.14-desktop586-1mnb qc-usb-kernel-2.6.27.14-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.14-desktop-1mnb rt2860-kernel-2.6.27.14-desktop586-1mnb rt2860-kernel-2.6.27.14-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.14-desktop-1mnb rt2870-kernel-2.6.27.14-desktop586-1mnb rt2870-kernel-2.6.27.14-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.14-desktop-1mnb rtl8187se-kernel-2.6.27.14-desktop586-1mnb rtl8187se-kernel-2.6.27.14-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.14-desktop-1mnb slmodem-kernel-2.6.27.14-desktop586-1mnb slmodem-kernel-2.6.27.14-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.14-desktop-1mnb squashfs-lzma-kernel-2.6.27.14-desktop586-1mnb squashfs-lzma-kernel-2.6.27.14-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.14-desktop-1mnb tp_smapi-kernel-2.6.27.14-desktop586-1mnb tp_smapi-kernel-2.6.27.14-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.14-desktop-1mnb vboxadd-kernel-2.6.27.14-desktop586-1mnb vboxadd-kernel-2.6.27.14-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.14-desktop-1mnb vboxvfs-kernel-2.6.27.14-desktop586-1mnb vboxvfs-kernel-2.6.27.14-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.14-desktop-1mnb vhba-kernel-2.6.27.14-desktop586-1mnb vhba-kernel-2.6.27.14-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.14-desktop-1mnb virtualbox-kernel-2.6.27.14-desktop586-1mnb virtualbox-kernel-2.6.27.14-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.14-desktop-1mnb vpnclient-kernel-2.6.27.14-desktop586-1mnb vpnclient-kernel-2.6.27.14-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Fri Feb 20 06:06:34 2009 Importance: security ID: MDVA-2009:027 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:027 %pre Some problems were discovered and corrected in the Linux 2.6 kernel: Support was added for Intel 82567LM-3/82567LF-3/82567LM-4 network adapters, a bug in sunrpc causing oops when restarting nfsd was fixed, a bug in Walkman devices was workarounded, the sound drivers got some fixes, and a few more things were fixed. Check the package changelog for details. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-thunderbird-beagle xulrunner yelp Update: Fri Feb 20 07:53:09 2009 Importance: security ID: MDVSA-2009:044 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358). This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package apache-mod_php libmbfl1 libmbfl-devel libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Fri Feb 20 18:31:37 2009 Importance: security ID: MDVSA-2009:045 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 %pre A number of vulnerabilities have been found and corrected in PHP: improve mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c (CVE-2008-5557). Additionally on Mandriva Linux 2009.0 and up the php-mbstring module is linked against a separate shared libmbfl library that also have been patched to address CVE-2008-5557. Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. (CVE-2008-5658) make sure the page_uid and page_gid get initialized properly in ext/standard/basic_functions.c. Also, init server_context before processing config variables in sapi/apache/mod_php5.c (CVE-2008-5624). enforce restrictions when merging in dir entry in sapi/apache/mod_php5.c and sapi/apache2handler/apache_config.c (CVE-2008-5625). On 2008.1, 2009.0 and cooker (2009.1) seen on x86_64 and with the latest phpmyadmin 3.1.2 software made apache+php segfault (#26274, #45864). This problem has been addressed by using -O0 for compiler optimization and by using -fno-strict-aliasing. Either the bug is in php and/or in gcc 4.3.2. Preferable just make it work as expected for now. In addition, the updated packages provide a number of bug fixes. The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package vim-common vim-enhanced vim-minimal vim-X11 Update: Fri Feb 20 19:05:45 2009 Importance: security ID: MDVSA-2009:047 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:047 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory (CVE-2009-0316). This update provides fix for that vulnerability. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package epiphany epiphany-devel Update: Fri Feb 20 21:13:31 2009 Importance: security ID: MDVSA-2009:048 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:048 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory (CVE-2008-5985). This update provides fix for that vulnerability. %description Epiphany is a GNOME web browser based on the mozilla rendering engine. The name meaning: "An intuitive grasp of reality through something (as an event) usually simple and striking" %package pycrypto Update: Fri Feb 20 21:37:42 2009 Importance: security ID: MDVSA-2009:049 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:049 %pre A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. %description The Toolkit is a collection of cryptographic algorithms and protocols, implemented for use from Python. The current release is 1.9alpha6. Among the contents of the package: * Hash functions: MD2, MD4, RIPEMD. * Block encryption algorithms: AES, ARC2, Blowfish, CAST, DES, Triple- DES, IDEA, RC5. * Stream encryption algorithms: ARC4, simple XOR. * Public-key algorithms: RSA, DSA, ElGamal, qNEW. * Protocols: All-or-nothing transforms, chaffing/winnowing. * Miscellaneous: RFC1751 module for converting 128-key keys into a set of English words, primality testing. * Some demo programs (currently all quite old and outdated). %package python-pycrypto Update: Fri Feb 20 22:01:19 2009 Importance: security ID: MDVSA-2009:050 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:050 %pre A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. %description The Toolkit is a collection of cryptographic algorithms and protocols, implemented for use from Python. The current release is 1.9alpha6. Among the contents of the package: * Hash functions: MD2, MD4, RIPEMD. * Block encryption algorithms: AES, ARC2, Blowfish, CAST, DES, Triple- DES, IDEA, RC5. * Stream encryption algorithms: ARC4, simple XOR. * Public-key algorithms: RSA, DSA, ElGamal, qNEW. * Protocols: All-or-nothing transforms, chaffing/winnowing. * Miscellaneous: RFC1751 module for converting 128-key keys into a set of English words, primality testing. * Some demo programs (currently all quite old and outdated). %package python-pycrypto Update: Mon Feb 23 17:50:01 2009 Importance: security ID: MDVSA-2009:050-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:050-1 %pre A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. Update: The previous update package was not signed. %description The Toolkit is a collection of cryptographic algorithms and protocols, implemented for use from Python. The current release is 1.9alpha6. Among the contents of the package: * Hash functions: MD2, MD4, RIPEMD. * Block encryption algorithms: AES, ARC2, Blowfish, CAST, DES, Triple- DES, IDEA, RC5. * Stream encryption algorithms: ARC4, simple XOR. * Public-key algorithms: RSA, DSA, ElGamal, qNEW. * Protocols: All-or-nothing transforms, chaffing/winnowing. * Miscellaneous: RFC1751 module for converting 128-key keys into a set of English words, primality testing. * Some demo programs (currently all quite old and outdated). %package python-pycrypto Update: Mon Feb 23 17:54:17 2009 Importance: security ID: MDVSA-2009:050-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:050-1 %pre A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. Update: The previous update package was not signed. %description The Toolkit is a collection of cryptographic algorithms and protocols, implemented for use from Python. The current release is 1.9alpha6. Among the contents of the package: * Hash functions: MD2, MD4, RIPEMD. * Block encryption algorithms: AES, ARC2, Blowfish, CAST, DES, Triple- DES, IDEA, RC5. * Stream encryption algorithms: ARC4, simple XOR. * Public-key algorithms: RSA, DSA, ElGamal, qNEW. * Protocols: All-or-nothing transforms, chaffing/winnowing. * Miscellaneous: RFC1751 module for converting 128-key keys into a set of English words, primality testing. * Some demo programs (currently all quite old and outdated). %package libpng3 libpng-devel libpng-source libpng-static-devel Update: Mon Feb 23 18:18:13 2009 Importance: security ID: MDVSA-2009:051 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 %pre A number of vulnerabilities have been found and corrected in libpng: Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was allready fixed in Mandriva Linux 2009.0. Fix the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0 (CVE-2008-5907). Fix a potential DoS (Denial of Service) or to potentially compromise an application using the library (CVE-2009-0040). The updated packages have been patched to prevent this. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package pycrypto Update: Mon Feb 23 21:52:17 2009 Importance: security ID: MDVSA-2009:049-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:049-1 %pre A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. Update: The previous update package was not signed. %description The Toolkit is a collection of cryptographic algorithms and protocols, implemented for use from Python. The current release is 1.9alpha6. Among the contents of the package: * Hash functions: MD2, MD4, RIPEMD. * Block encryption algorithms: AES, ARC2, Blowfish, CAST, DES, Triple- DES, IDEA, RC5. * Stream encryption algorithms: ARC4, simple XOR. * Public-key algorithms: RSA, DSA, ElGamal, qNEW. * Protocols: All-or-nothing transforms, chaffing/winnowing. * Miscellaneous: RFC1751 module for converting 128-key keys into a set of English words, primality testing. * Some demo programs (currently all quite old and outdated). %package epiphany epiphany-devel Update: Tue Feb 24 12:21:42 2009 Importance: security ID: MDVSA-2009:048-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:048-1 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory (CVE-2008-5985). This update provides fix for that vulnerability. Update: The previous update package was not built against the correct (latest) libxulrunner-1.9.0.6 library (fixes #48163) %description Epiphany is a GNOME web browser based on the mozilla rendering engine. The name meaning: "An intuitive grasp of reality through something (as an event) usually simple and striking" %package php-smarty php-smarty-manual Update: Tue Feb 24 17:43:02 2009 Importance: security ID: MDVSA-2009:052 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:052 %pre A vulnerability has been identified and corrected in php-smarty: The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka php executed in templates %description Smarty is a template engine for PHP. More specifically, it facilitates a manageable way to separate application logic and content from its presentation. This is best described in a situation where the application programmer and the template designer play different roles, or in most cases are not the same person. For example, let's say you are creating a web page that is displaying a newspaper article. The article headline, tagline, author and body are content elements, they contain no information about how they will be presented. They are passed into Smarty by the application, then the template designer edits the templates and uses a combination of HTML tags and template tags to format the presentation of these elements (HTML tables, background colors, font sizes, style sheets, etc.) One day the programmer needs to change the way the article content is retrieved (a change in application logic.) This change does not affect the template designer, the content will still arrive in the template exactly the same. Likewise, if the template designer wants to completely redesign the templates, this requires no changes to the application logic. Therefore, the programmer can make changes to the application logic without the need to restructure templates, and the template designer can make changes to templates without breaking application logic. %package audacity audacity-debug Update: Wed Feb 25 17:02:50 2009 Importance: security ID: MDVSA-2009:055 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:055 %pre A vulnerability has been identified and corrected in audacity: Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string (CVE-2009-0490). The updated packages have been patched to prevent this. %description Audacity is a program that lets you manipulate digital audio waveforms. In addition to letting you record sounds directly from within the program, it imports many sound file formats, including WAV, AIFF, MP3 and Ogg/Vorbis. It supports all common editing operations such as Cut, Copy, and Paste, plus it will mix tracks and let you apply plug-in effects to any part of a sound. It also has a built-in amplitude envelope editor, a customizable spectrogram mode and a frequency analysis window for audio analysis applications. %package libnet-snmp15 libnet-snmp-devel libnet-snmp-static-devel net-snmp net-snmp-debug net-snmp-mibs net-snmp-tkmib net-snmp-trapd net-snmp-utils perl-NetSNMP Update: Wed Feb 25 23:18:43 2009 Importance: security ID: MDVSA-2009:056 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:056 %pre A vulnerability has been identified and corrected in net-snmp: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123) The updated packages have been patched to prevent this. %description SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. %package valgrind Update: Thu Feb 26 13:29:48 2009 Importance: security ID: MDVSA-2009:057 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:057 %pre A vulnerability has been identified and corrected in valgrind: Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario. (CVE-2008-4865) The updated packages have been patched to prevent this. %description When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. As a result, Valgrind can detect problems such as: * Use of uninitialised memory * Reading/writing memory after it has been free'd * Reading/writing off the end of malloc'd blocks * Reading/writing inappropriate areas on the stack * Memory leaks -- where pointers to malloc'd blocks are lost forever * Passing of uninitialised and/or unaddressible memory to system calls * Mismatched use of malloc/new/new [] vs free/delete/delete [] %package drakx-net drakx-net-text libdrakx-net Update: Thu Feb 26 20:14:57 2009 Importance: bugfix ID: MDVA-2009:031 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:031 %pre This update several minor issues with Mandriva Network tools (drakx-net). - drakroam would crash if no wireless interface is present on the system. - Cancel button of Interactive Firewall configuration screen of drakfirewall was not handled correctly (bug #46256) - Interactive Firewall settings were not applied immediately after changing firewall configuration (bug #47370) - Unicode dates were not displayed correctly in drakids (bug #39914) - Network interface name was not displayed in drakconnect, leading to confusion when several identical cards are present in the system (bug #45881) - When guessing DNS and GW addresses for static address connections, the guessed IPs were different (bug #7041) - Network monitor would display negative traffic amount when transferring over 4GB of data (bug #46398) - Custom MTU values were not preserved when changing network configuration using drakconnect (bug #45969) - The excessive number of failed connection attempts to ADSL networks could lead to extremely long boot times (bug #28087). %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Thu Feb 26 23:37:07 2009 Importance: security ID: MDVSA-2009:058 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:058 %pre Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. (CVE-2009-0599) Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. (CVE-2009-0600) Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. (CVE-2009-0601) This update provides Wireshark 1.0.6, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package xchat xchat-debug xchat-devel xchat-perl xchat-python xchat-tcl Update: Fri Feb 27 18:43:55 2009 Importance: security ID: MDVSA-2009:059 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:059 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory (CVE-2009-0315). This update provides fix for that vulnerability. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package xchat xchat-debug xchat-devel xchat-perl xchat-python xchat-tcl Update: Fri Feb 27 21:16:27 2009 Importance: security ID: MDVSA-2009:059 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:059 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory (CVE-2009-0315). This update provides fix for that vulnerability. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package proftpd proftpd-debug proftpd-devel proftpd-mod_autohost proftpd-mod_ban proftpd-mod_case proftpd-mod_ctrls_admin proftpd-mod_gss proftpd-mod_ifsession proftpd-mod_ldap proftpd-mod_load proftpd-mod_quotatab proftpd-mod_quotatab_file proftpd-mod_quotatab_ldap proftpd-mod_quotatab_radius proftpd-mod_quotatab_sql proftpd-mod_radius proftpd-mod_ratio proftpd-mod_rewrite proftpd-mod_shaper proftpd-mod_site_misc proftpd-mod_sql proftpd-mod_sql_mysql proftpd-mod_sql_postgres proftpd-mod_time proftpd-mod_tls proftpd-mod_vroot proftpd-mod_wrap proftpd-mod_wrap_file proftpd-mod_wrap_sql Update: Fri Feb 27 23:35:37 2009 Importance: security ID: MDVSA-2009:061 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 %pre %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package shadow-utils shadow-utils-debug Update: Mon Mar 02 19:45:28 2009 Importance: security ID: MDVSA-2009:062 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:062 %pre A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry (CVE-2008-5394). The updated packages have been patched to prevent this. Note: Mandriva Linux is using login application from util-linux-ng by default, and therefore is not affected by this issue on default configuration. %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %package shadow-utils shadow-utils-debug Update: Mon Mar 02 19:46:15 2009 Importance: security ID: MDVSA-2009:062 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:062 %pre A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry (CVE-2008-5394). The updated packages have been patched to prevent this. Note: Mandriva Linux is using login application from util-linux-ng by default, and therefore is not affected by this issue on default configuration. %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %package eog eog-debug eog-devel Update: Mon Mar 02 21:32:21 2009 Importance: security ID: MDVSA-2009:063 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:063 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current eog working directory (CVE-2008-5987). This update provides fix for that vulnerability. %description This is the Eye of Gnome, an image viewer program. It is meant to be a fast and functional image viewer as well as an image cataloging program. It does proper handling of large images and images with full opacity information, and can zoom and scroll images quickly while keeping memory usage constant. %package tomboy tomboy-debug Update: Thu Mar 05 08:33:55 2009 Importance: bugfix ID: MDVA-2009:033 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:033 %pre The synchronization feature in Tomboy would sometimes delete the wrong note. This update fixes the synchronization logic. %description Tomboy is a desktop note-taking application for Linux and Unix. Simple and easy to use, but with potential to help you organize the ideas and information you deal with every day. The key to Tomboy's usefulness lies in the ability to relate notes and ideas together. Using a WikiWiki-like linking system, organizing ideas is as simple as typing a name. Branching an idea off is easy as pressing the Link button. And links between your ideas won't break, even when renaming and reorganizing them. %package ac3dec aica-firmware alsaconf alsa-plugins-debug alsa-plugins-doc alsa-plugins-pulse-config alsa-tools-debug alsa-utils alsa-utils-debug as10k1 asihpi-firmware echomixer emagic-firmware emu1010-firmware envy24control hdspconf hdsploader hdspmixer korg1212-firmware ld10k1 libalsa2 libalsa2-debug libalsa2-devel libalsa2-docs libalsa2-static-devel libalsa-data libalsa-plugins libalsa-plugins-jack libalsa-plugins-pulseaudio liblo10k10 liblo10k10-devel maestro3-firmware mixartloader pcxhrloader rmedigicontrol sb16_csp sb16-firmware sbiload speaker-test sscape_ctl turtlebeach-firmware us428control usx2yloader vxloader yamaha-firmware Update: Thu Mar 05 09:05:59 2009 Importance: bugfix ID: MDVA-2009:034 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:034 %pre This update upgrades ALSA packages to version 1.0.18, with minor bug fixes and enhancements, which can be looked in detail at http://www.alsa-project.org/main/index.php/Changes_v1.0.18rc3_v1.0.18. Updated libalsa2 also contains fixes affecting, for example, the speaker-testing tool not working correctly in some scenarios. %description Advanced Linux Sound Architecture (ALSA) utils. Modularized architecture with support for a large range of ISA and PCI cards. Fully compatible with OSS/Lite (kernel sound drivers), but contains many enhanced features. This source rpm package provides several sub packages: * ac3dec - A free AC-3 stream decoder * as10k1 - AS10k1 Assembler version A0.99 * cspctl - Sound Blaster 16 ASP/CSP control program * envy24control - Control tool for Envy24 (ice1712) based soundcards * hdsploader - Firmware loader for RME Hammerfall cards * hdspmixer - Mixer for the RME Hammerfall DSP cards * mixartloader - Firmware loader for Digigram's miXart * rmedigicontrol - Control panel for RME Hammerfall cards * sbiload - An OPL2/3 FM instrument loader for ALSA sequencer * sscape_ctl - ALSA SoundScape control utility * us428control - Control tool for Tascam 428 * usx2yloader - Firmware loader for Tascam USX2Y USB soundcards * vxloader - Firmware loader for Digigram's VX-board %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-debug php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Thu Mar 05 19:04:39 2009 Importance: security ID: MDVSA-2009:066 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:066 %pre PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server (CVE-2009-0754). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libsndfile1 libsndfile-debug libsndfile-devel libsndfile-progs libsndfile-static-devel Update: Thu Mar 05 21:25:33 2009 Importance: security ID: MDVSA-2009:067 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:067 %pre Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow (CVE-2009-0186). This update provides fix for that vulnerability. %description libsndfile is a C library for reading and writing sound files such as AIFF, AU and WAV files through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32-bit floating point WAV files and a number of compressed formats. %package libpoppler3 libpoppler-devel libpoppler-glib3 libpoppler-glib-devel libpoppler-qt2 libpoppler-qt4-3 libpoppler-qt4-devel libpoppler-qt-devel poppler poppler-debug Update: Fri Mar 06 19:13:36 2009 Importance: security ID: MDVSA-2009:068 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:068 %pre A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method (CVE-2009-0755). A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used (CVE-2009-0756). This update provides fixes for those vulnerabilities. Update: This update does not apply for CVE-2009-0755 under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4. %description Poppler is a PDF rendering library based on the xpdf-3.0 code base. %package libpostfix1 postfix postfix-debug postfix-ldap postfix-mysql postfix-pcre postfix-pgsql Update: Fri Mar 06 21:46:32 2009 Importance: bugfix ID: MDVA-2009:036 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:036 %pre Postfix as shipped with Mandriva Linux 2009.0 fails to install if rsyslog logging daemon is installed. This updated package adds support for correct Postfix integration with rsyslog. %description Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. PLEASE READ THE /usr/share/doc/postfix/README.MDK FILE. This rpm supports different build time options, to enable or disable these features you must rebuild the source rpm using the --with ... or --without ... rpm option. Currently postfix has been built with: Smtpd multiline greeting: --without multiline Virtual Delivery Agent: --without VDA Munge bare CR: --without barecr TLS support: --with tls IPV6 support: --with ipv6 CDB support: --without cdb Chroot by default: --with chroot Multi Instance Support: --without multi_instance %package curl curl-debug curl-examples libcurl4 libcurl-devel Update: Fri Mar 06 22:33:16 2009 Importance: security ID: MDVSA-2009:069 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:069 %pre A security vulnerability has been identified and fixed in curl, which could allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL (CVE-2009-0037). The updated packages have been patched to prevent this. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with SSL (https) support. %package libpoppler3 libpoppler-devel libpoppler-glib3 libpoppler-glib-devel libpoppler-qt2 libpoppler-qt4-3 libpoppler-qt4-devel libpoppler-qt-devel poppler poppler-debug Update: Sat Mar 07 00:53:33 2009 Importance: security ID: MDVSA-2009:068-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:068-1 %pre A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method (CVE-2009-0755). A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used (CVE-2009-0756). This update provides fixes for those vulnerabilities. This update does not apply for CVE-2009-0755 under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4. Update: The previous packages were not signed, this new update fixes that issue. %description Poppler is a PDF rendering library based on the xpdf-3.0 code base. %package php-ssh2 php-ssh2-debug Update: Mon Mar 09 13:09:13 2009 Importance: bugfix ID: MDVA-2009:037 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:037 %pre This update upgrades the php-ssh2 package to version 0.11.0 (stable) to address intermittent segfaults (#39079). %description Provides bindings to the libssh2 library which provide access to resources (shell, remote exec, tunneling, file transfer) on a remote machine using a secure cryptographic transport. %package alsa_raoppcm-kernel-2.6.27.19-desktop-1mnb alsa_raoppcm-kernel-2.6.27.19-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.19-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.19-desktop-1mnb drm-experimental-kernel-2.6.27.19-desktop586-1mnb drm-experimental-kernel-2.6.27.19-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.19-desktop-1mnb et131x-kernel-2.6.27.19-desktop586-1mnb et131x-kernel-2.6.27.19-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.19-desktop-1mnb fcpci-kernel-2.6.27.19-desktop586-1mnb fcpci-kernel-2.6.27.19-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.19-desktop-1mnb fglrx-kernel-2.6.27.19-desktop586-1mnb fglrx-kernel-2.6.27.19-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.19-desktop-1mnb gnbd-kernel-2.6.27.19-desktop586-1mnb gnbd-kernel-2.6.27.19-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.19-desktop-1mnb hcfpcimodem-kernel-2.6.27.19-desktop586-1mnb hcfpcimodem-kernel-2.6.27.19-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.19-desktop-1mnb hsfmodem-kernel-2.6.27.19-desktop586-1mnb hsfmodem-kernel-2.6.27.19-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.19-desktop-1mnb hso-kernel-2.6.27.19-desktop586-1mnb hso-kernel-2.6.27.19-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.19-desktop-1mnb iscsitarget-kernel-2.6.27.19-desktop586-1mnb iscsitarget-kernel-2.6.27.19-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.19-1mnb kernel-desktop-2.6.27.19-1mnb kernel-desktop586-2.6.27.19-1mnb kernel-desktop586-devel-2.6.27.19-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.19-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.19-1mnb kernel-server-devel-2.6.27.19-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.19-1mnb kernel-source-latest kqemu-kernel-2.6.27.19-desktop-1mnb kqemu-kernel-2.6.27.19-desktop586-1mnb kqemu-kernel-2.6.27.19-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.19-desktop-1mnb lirc-kernel-2.6.27.19-desktop586-1mnb lirc-kernel-2.6.27.19-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.19-desktop-1mnb lzma-kernel-2.6.27.19-desktop586-1mnb lzma-kernel-2.6.27.19-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.19-desktop-1mnb madwifi-kernel-2.6.27.19-desktop586-1mnb madwifi-kernel-2.6.27.19-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.19-desktop-1mnb nvidia173-kernel-2.6.27.19-desktop586-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.19-desktop-1mnb nvidia71xx-kernel-2.6.27.19-desktop586-1mnb nvidia71xx-kernel-2.6.27.19-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.19-desktop-1mnb nvidia96xx-kernel-2.6.27.19-desktop586-1mnb nvidia96xx-kernel-2.6.27.19-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.19-desktop-1mnb nvidia-current-kernel-2.6.27.19-desktop586-1mnb nvidia-current-kernel-2.6.27.19-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.19-desktop-1mnb omfs-kernel-2.6.27.19-desktop586-1mnb omfs-kernel-2.6.27.19-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.19-desktop-1mnb omnibook-kernel-2.6.27.19-desktop586-1mnb omnibook-kernel-2.6.27.19-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.19-desktop-1mnb opencbm-kernel-2.6.27.19-desktop586-1mnb opencbm-kernel-2.6.27.19-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.19-desktop-1mnb ov51x-jpeg-kernel-2.6.27.19-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.19-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.19-desktop-1mnb qc-usb-kernel-2.6.27.19-desktop586-1mnb qc-usb-kernel-2.6.27.19-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.19-desktop-1mnb rt2860-kernel-2.6.27.19-desktop586-1mnb rt2860-kernel-2.6.27.19-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.19-desktop-1mnb rt2870-kernel-2.6.27.19-desktop586-1mnb rt2870-kernel-2.6.27.19-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.19-desktop-1mnb rtl8187se-kernel-2.6.27.19-desktop586-1mnb rtl8187se-kernel-2.6.27.19-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.19-desktop-1mnb slmodem-kernel-2.6.27.19-desktop586-1mnb slmodem-kernel-2.6.27.19-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.19-desktop-1mnb squashfs-lzma-kernel-2.6.27.19-desktop586-1mnb squashfs-lzma-kernel-2.6.27.19-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.19-desktop-1mnb tp_smapi-kernel-2.6.27.19-desktop586-1mnb tp_smapi-kernel-2.6.27.19-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.19-desktop-1mnb vboxadd-kernel-2.6.27.19-desktop586-1mnb vboxadd-kernel-2.6.27.19-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.19-desktop-1mnb vboxvfs-kernel-2.6.27.19-desktop586-1mnb vboxvfs-kernel-2.6.27.19-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.19-desktop-1mnb vhba-kernel-2.6.27.19-desktop586-1mnb vhba-kernel-2.6.27.19-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.19-desktop-1mnb virtualbox-kernel-2.6.27.19-desktop586-1mnb virtualbox-kernel-2.6.27.19-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.19-desktop-1mnb vpnclient-kernel-2.6.27.19-desktop586-1mnb vpnclient-kernel-2.6.27.19-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Tue Mar 10 16:59:31 2009 Importance: security ID: MDVSA-2009:071 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:071 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an inverted logic issue. (CVE-2009-0675) The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. (CVE-2009-0676) Additionaly, this update provides stable 1.0.18 ALSA updates/fixes, STAC92HD71Bx/STAC92HD75Bx hda-intel support changes/fixes (affects sound chip codecs used on several HP dv laptop series), fixes/enhancements for HP Educ.ar machine HDA sound support, minor alsa hda-intel code cleanup for ALC888 6stack-dell model, to stop printing uneeded output to kernel log, and a few more things. Check the package changelog for details. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package perl-MDK-Common Update: Wed Mar 11 17:14:19 2009 Importance: security ID: MDVSA-2009:072 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:072 %pre Some vulnerabilities were discovered and corrected in perl-MDK-Common: The functions used to write strings into shell like configuration files by Mandriva tools were not taking care of some special characters. This could lead to some bugs (like wireless keys containing certain characters not working), and privilege escalation. This update fixes that issue by ensuring proper protection of strings. The updated packages have been patched to correct these issues. %description Various simple functions created for DrakX %package coreutils coreutils-debug coreutils-doc Update: Fri Mar 13 09:32:39 2009 Importance: bugfix ID: MDVA-2009:039 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:039 %pre The coreutils package released with Mandriva Linux 2009 makes use of a syscall unavailable in Xen dom0 kernel. Thus, when used on top of that kernel, the provided programs might fail in non-obvious ways. This update fixes that. %description These are the GNU core utilities. This package is the union of the old GNU fileutils, sh-utils, and textutils packages. These tools are the GNU versions of common useful and popular file & text utilities which are used for: - file management - shell scripts - modifying text file (spliting, joining, comparing, modifying, ...) Most of these programs have significant advantages over their Unix counterparts, such as greater speed, additional options, and fewer arbitrary limits. %package beagle beagle-crawl-system beagle-debug beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-debug devhelp-plugins epiphany epiphany-debug epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-debug firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-ext-mozvoikko-debug firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-extras-debug gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-blogrovr-debug mozilla-firefox-ext-foxmarks mozilla-firefox-ext-foxmarks-debug mozilla-firefox-ext-scribefire mozilla-firefox-ext-scribefire-debug mozilla-thunderbird-beagle xulrunner xulrunner-debug yelp yelp-debug Update: Fri Mar 13 18:42:47 2009 Importance: security ID: MDVSA-2009:075 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.7 (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777). This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring. Additionally some softwares has also been rebuilt against Mozilla Firefox 3.0.7 which should take care of upgrade problems. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package libdvdread4 libdvdread-debug libdvdread-devel Update: Fri Mar 13 22:59:26 2009 Importance: bugfix ID: MDVA-2009:040 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:040 %pre dvdbackup in Mandriva Linux 2009.0 relies on a libdvdread API version older than the one released. This update patches libdvdread for ensuring backwards compatibility. %description libdvdread provides a simple foundation for reading DVD-Video images. %package avahi avahi-debug avahi-dnsconfd avahi-python avahi-sharp avahi-sharp-doc avahi-x11 libavahi-client3 libavahi-client-devel libavahi-common3 libavahi-common-devel libavahi-compat-howl0 libavahi-compat-howl-devel libavahi-compat-libdns_sd1 libavahi-compat-libdns_sd-devel libavahi-core5 libavahi-core-devel libavahi-glib1 libavahi-glib-devel libavahi-gobject0 libavahi-gobject-devel libavahi-qt3_1 libavahi-qt3-devel libavahi-qt4_1 libavahi-qt4-devel libavahi-ui1 libavahi-ui-devel Update: Fri Mar 13 23:50:38 2009 Importance: security ID: MDVSA-2009:076 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:076 %pre A security vulnerability has been identified and fixed in avahi which could allow remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet (CVE-2009-0758). The updated packages have been patched to prevent this. %description Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in MacOS X (branded 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very convenient. %package libphp5_common5 libxml2_2 libxml2-debug libxml2-devel libxml2-python libxml2-utils php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-debug php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Tue Mar 17 12:43:25 2009 Importance: bugfix ID: MDVA-2009:041 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:041 %pre The previous fix for addressing Bug 43486 (XML parsing ignores encoded elements in character data (e.g. > < etc.)) broke the php-wddx extension. This bugfix release uses backported upstream fixes for both php and libxml2 to address the following Mandriva bugs: - Bug 43486 - XML parsing ignores encoded elements in character data (e.g. > < etc.) - Bug 48707 - Installation of php-wddx doesn't seems to work %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package clamav clamav-db clamav-debug clamav-milter clamd libclamav5 libclamav-devel Update: Wed Mar 18 14:14:20 2009 Importance: bugfix ID: MDVA-2009:018-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:018-1 %pre This update fixes several issues with clamav: - update unexpectely changes location of clamd socket (#46459) - clamav-milter was not built (#46555) - Clamav-milter wanted to remove postfix (#46556) - Scanning mail with clamav leaves a big temporary folder (#46642) - Build fails if invoked with --with milter, in a configure stage (#46554) - Jpeg parsing denial-of-service crash in clamav 0.94-1 and earlier (#46199) Update: The previous package introduced a patch that broke the clamav-milter, this update addresses this problem: - Bug 48633 - Fix for -Werror=format-security breaks clamav-milter %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package rpmdrake Update: Wed Mar 18 23:40:03 2009 Importance: bugfix ID: MDVA-2009:042 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:042 %pre This update fixes several minor issues with rpmdrake: - it makes the media manager use scrolling bars when the list of media to remove is too big (#46773) - it fixes MandrivaUpdate not updating media anymore on startup since urpmi-6.14.12 upgrade (#47209) - MandrivaUpdate now advices to reboot when needed (eg after installing new kernel packages) - MandrivaUpdate now honnors the list of selected updates (bug #29835) - mdkapplet will not try to update debug backports media in order to be able to list backports Several minor issues are fixed in the media manager too: - a different shortcut is used for Add a specific media mirror and _Add a custom medium menu entries (#46027) - its honnors canceling when the user closed the updates/full_sources dialog (#47125) - it honnors canceling when the user refused to access the network when adding a specific mirror from the menubar (#46027) %description This package contains the Mandriva graphical software manipulation tools. Rpmdrake provides a simple interface that makes it easy to install and remove software. MandrivaUpdate is a single-purpose application for keeping your system up to date with the latest official updates. There is also a tool for configuring package sources (medias), which can be run independently or accessed from within rpmdrake. %package libmodprobe1 libmodprobe1-devel module-init-tools module-init-tools-debug Update: Wed Mar 18 23:50:32 2009 Importance: bugfix ID: MDVA-2009:043 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:043 %pre This stable update for module-init-tools fixes a number of problems found since the initial Mandriva Linux 2009 release, the most important ones are: - depmod may corrupt dependency files (#46884) - mkinitrd crash when adding AES encryption modules (#46260) - mkinitrd failure when installing recent kernels (#47188) %description This package contains a set of programs for loading, inserting, and removing kernel modules for Linux (versions 2.5.47 and above). It serves the same function that the "modutils" package serves for Linux 2.4. %package dhcp-client dhcp-common dhcp-debug dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Fri Mar 20 20:45:27 2009 Importance: bugfix ID: MDVA-2009:045 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:045 %pre dhclient-script, in dhcp-client package as released with Mandriva Linux 2009, would put the network interface down on some circumstances, as part of it's workings. Coupled with a bug in the kernel wireless stack, when done on wireless interfaces this could cause the wireless association to be lost and never automatically remade. This update fixes dhcp-client to use a better way instead of putting the interface down, working around the wireless stack bug, fixing many cases of the lost association problem. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package finch libfinch0 libpurple0 libpurple-devel pidgin pidgin-bonjour pidgin-client pidgin-debug pidgin-gevolution pidgin-i18n pidgin-meanwhile pidgin-mono pidgin-perl pidgin-plugins pidgin-silc pidgin-tcl Update: Sat Mar 21 13:28:29 2009 Importance: bugfix ID: MDVA-2009:046 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:046 %pre Protocol changes on the ICQ servers made pidgin incompatible. This update upgrades pidgin to version 2.5.5 which will take care of this problem. %description Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. %package drakconf drakconf-debug drakconf-icons Update: Sat Mar 21 13:52:32 2009 Importance: bugfix ID: MDVA-2009:047 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:047 %pre This update prevents drakconf from crashing if the tool currently embedded within drakconf segfaulted in some rare case (bug #48080). %description drakconf includes the Mandriva Linux Control Center which is an interface to multiple utilities from DrakXtools. %package libpam0 libpam-devel pam pam-debug pam-doc Update: Sat Mar 21 17:10:09 2009 Importance: security ID: MDVSA-2009:077 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:077 %pre A security vulnerability has been identified and fixed in pam: Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt (CVE-2009-0887). The updated packages have been patched to prevent this. Additionally some development packages were missing that are required to build pam for CS4, these are also provided with this update. %description PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. %package evolution-data-server evolution-data-server-debug libcamel14 libebackend0 libebook9 libecal7 libedata-book2 libedata-cal6 libedataserver11 libedataserver-devel libedataserverui8 libegroupwise13 libexchange-storage3 libgdata1 Update: Mon Mar 23 15:25:34 2009 Importance: security ID: MDVSA-2009:078 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 %pre A wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy (CVE-2009-0547). Crafted authentication challange packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client (CVE-2009-0582). Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0587). This update provides fixes for those vulnerabilities. Update: evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587. %description Evolution Data Server provides a central location for your addressbook and calendar in the gnome desktop. %package libecpg8.3_6 libpq8.3_5 postgresql8.3 postgresql8.3-contrib postgresql8.3-debug postgresql8.3-devel postgresql8.3-docs postgresql8.3-pl postgresql8.3-plperl postgresql8.3-plpgsql postgresql8.3-plpython postgresql8.3-pltcl postgresql8.3-server Update: Mon Mar 23 15:39:07 2009 Importance: security ID: MDVSA-2009:079 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:079 %pre PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests (CVE-2009-0922). This update provides a fix for this vulnerability. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package glib2.0-common glib2.0-debug glib-gettextize libgio2.0_0 libglib2.0_0 libglib2.0-devel Update: Thu Mar 26 19:38:45 2009 Importance: security ID: MDVSA-2009:080 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:080 %pre Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input (CVE-2008-4316). This update provide the fix for that security issue. %description Glib is a handy library of utility functions. This C library is designed to solve some portability problems and provide other useful functionality which most programs require. Glib is used by GDK, GTK+ and many applications. You should install Glib because many of your applications will depend on this library. %package ftp-client-krb5 ftp-server-krb5 krb5 krb5-debug krb5-server krb5-workstation libkrb53 libkrb53-devel telnet-client-krb5 telnet-server-krb5 Update: Mon Mar 30 13:59:37 2009 Importance: security ID: MDVSA-2009:082 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:082 %pre The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845). This update provides the fix for that security issue. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package beagle beagle-crawl-system beagle-debug beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-beagle mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-debug mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-l10n-debug mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-ga mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-l10n-debug mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-moztraybiff-debug mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Wed Apr 01 11:30:32 2009 Importance: security ID: MDVSA-2009:083 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 %pre A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionaly, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architechture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package beagle beagle-crawl-system beagle-debug beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-debug devhelp-plugins epiphany epiphany-debug epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-debug firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-ext-mozvoikko-debug firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-extras-debug gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-blogrovr-debug mozilla-firefox-ext-foxmarks mozilla-firefox-ext-foxmarks-debug mozilla-firefox-ext-scribefire mozilla-firefox-ext-scribefire-debug mozilla-thunderbird-beagle xulrunner xulrunner-debug yelp yelp-debug Update: Wed Apr 01 12:30:21 2009 Importance: security ID: MDVSA-2009:084 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:084 %pre Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8 (CVE-2009-1044, CVE-2009-1169). This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package gstreamer0.10-cdparanoia gstreamer0.10-gnomevfs gstreamer0.10-libvisual gstreamer0.10-plugins-base gstreamer0.10-plugins-base-debug libgstreamer-plugins-base0.10 libgstreamer-plugins-base0.10-devel Update: Thu Apr 02 14:18:34 2009 Importance: security ID: MDVSA-2009:085 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:085 %pre Integer overflows in gstreamer0.10-plugins-base Base64 encoding and decoding functions (related with glib2.0 issue CVE-2008-4316) may lead attackers to cause denial of service. Altough vector attacks are not known yet (CVE-2009-0586). This update provide the fix for that security issue. %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of reference plugins, base classes for other plugins, and helper libraries: * device plugins: x(v)imagesink, alsa, v4lsrc, cdparanoia * containers: ogg * codecs: vorbis, theora * text: textoverlay, subparse * sources: audiotestsrc, videotestsrc, gnomevfssrc * network: tcp * typefind * audio processing: audioconvert, adder, audiorate, audioscale, volume * visualisation: libvisual * video processing: ffmpegcolorspace * aggregate elements: decodebin, playbin %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl openssl-debug Update: Fri Apr 03 21:23:20 2009 Importance: security ID: MDVSA-2009:087 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:087 %pre A security vulnerability has been identified and fixed in OpenSSL, which could crash applications using OpenSSL library when parsing malformed certificates (CVE-2009-0590). The updated packages have been patched to prevent this. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl openssl-debug Update: Fri Apr 03 21:23:56 2009 Importance: security ID: MDVSA-2009:087 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:087 %pre A security vulnerability has been identified and fixed in OpenSSL, which could crash applications using OpenSSL library when parsing malformed certificates (CVE-2009-0590). The updated packages have been patched to prevent this. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %package mdkonline Update: Tue Apr 07 02:33:30 2009 Importance: bugfix ID: MDVA-2009:049 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:049 %pre This update fixes an issue which could cause mdkonline to fail when attempting to setup restricted resources. %description The Mandriva Online tool allows users to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Update daemon which allows you to install security updates automatically, * A KDE/Gnome/IceWM compliant applet for security updates notification and installation. %package libtommath0 libtommath-debug libtommath-devel libtommath-static-devel Update: Tue Apr 07 14:04:35 2009 Importance: bugfix ID: MDVA-2009:050 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:050 %pre The tommath library will be needed for future clamav updates. %description A free open source portable number theoretic multiple-precision integer library written entirely in C. (phew!). The library is designed to provide a simple to work with API that provides fairly efficient routines that build out of the box without configuration. %package perl-Crypt-SSLeay perl-Crypt-SSLeay-debug Update: Tue Apr 07 19:17:12 2009 Importance: bugfix ID: MDVA-2009:051 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:051 %pre This update provides updated perl-Crypt-SSLeay, required for mdkonline to work with restricted resources. %description This perl module provides support for the https protocol under LWP, so that a LWP::UserAgent can make https GET & HEAD requests. The Crypt::SSLeay package contains Net::SSL, which is automatically loaded by LWP::Protocol::https on https requests, and provides the necessary SSL glue for that module to work via these deprecated modules: This product includes cryptographic software written by Eric Young (eay@cryptsoft.com) %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-debug wireshark-tools Update: Thu Apr 09 17:27:29 2009 Importance: security ID: MDVSA-2009:088 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:088 %pre Multiple vulnerabilities has been identified and corrected in wireshark: o The PROFINET dissector was vulnerable to a format string overflow (CVE-2009-1210). o The Check Point High-Availability Protocol (CPHAP) dissecto could crash (CVE-2009-1268). o Wireshark could crash while loading a Tektronix .rf5 file (CVE-2009-1269). This update provides Wireshark 1.0.7, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package libopensc2 libopensc-devel mozilla-plugin-opensc opensc opensc-debug Update: Fri Apr 10 01:00:16 2009 Importance: security ID: MDVSA-2009:089 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:089 %pre OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. The updated packages fix the issue. %description opensc is a library for accessing smart card devices using PC/SC Lite middleware package. It is also the core library of the OpenSC project. Basic functionality (e.g. SELECT FILE, READ BINARY) should work on any ISO 7816-4 compatible smart card. Encryption and decryption using private keys on the SmartCard is at the moment possible only with PKCS #15 compatible cards. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Fri Apr 10 15:04:40 2009 Importance: security ID: MDVSA-2009:090 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:090 %pre A vulnerability has been found and corrected in PHP: The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function (CVE-2009-1271). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package apache-mod_perl apache-mod_perl-devel Update: Sun Apr 12 11:12:46 2009 Importance: security ID: MDVSA-2009:091 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:091 %pre A vulnerability has been found and corrected in mod_perl v1.x and v2.x: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI (CVE-2009-0796). The updated packages have been patched to correct these issues. %description apache-mod_perl incorporates a Perl interpreter into the apache web server, so that the Apache web server can directly execute Perl code. Mod_perl links the Perl runtime library into the apache web server and provides an object-oriented Perl interface for apache's C language API. The end result is a quicker CGI script turnaround process, since no external Perl interpreter has to be started. Install apache-mod_perl if you're installing the apache web server and you'd like for it to directly incorporate a Perl interpreter. You can build apache-mod_perl with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] debug Compile with debugging code (forces --with test) --with[out] test Initiate a Apache-Test run %package ntp ntp-client ntp-doc Update: Mon Apr 13 18:05:48 2009 Importance: security ID: MDVSA-2009:092 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:092 %pre A vulnerability has been found and corrected in ntp: Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution (CVE-2009-0159). The updated packages have been patched to correct this issue. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package libmpg123_0 libmpg123-devel mpg123 mpg123-arts mpg123-esd mpg123-jack mpg123-nas mpg123-portaudio mpg123-pulse mpg123-sdl Update: Wed Apr 22 06:58:44 2009 Importance: security ID: MDVSA-2009:093 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:093 %pre A vulnerability has been found and corrected in mpg123: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information (CVE-2009-1301). The updated packages have been patched to correct this issue. %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org %package ldetect libldetect0.7 libldetect-devel Update: Wed Apr 22 07:25:47 2009 Importance: bugfix ID: MDVA-2009:053 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:053 %pre Some bugs in getting information from /proc/bus/usb/devices prevent some USB devices from being supported correctly. This update fixes them. %description The hardware device lists provided by this package are used as lookup table to get hardware autodetection %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Wed Apr 22 15:28:37 2009 Importance: security ID: MDVSA-2009:094 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 %pre Multiple vulnerabilities has been found and corrected in mysql: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement (CVE-2008-3963). MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079 (CVE-2008-4097). MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097 (CVE-2008-4098). Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document (CVE-2008-4456). bugs in the Mandriva Linux 2008.1 packages that has been fixed: o upstream fix for mysql bug35754 (#38398, #44691) o fix #46116 (initialization file mysqld-max don't show correct application status) o fix upstream bug 42366 bugs in the Mandriva Linux 2009.0 packages that has been fixed: o upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097, CVE-2008-4098) o no need to workaround #38398, #44691 anymore (since 5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file mysqld-max don't show correct application status) o sphinx-0.9.8.1 bugs in the Mandriva Linux Corporate Server 4 packages that has been fixed: o fix upstream bug 42366 o fix #46116 (initialization file mysqld-max don't show correct application status) The updated packages have been patched to correct these issues. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. Please see the documentation and the manual for more information. %package iproute2 iproute2-doc libiproute2-static-devel Update: Thu Apr 23 15:28:45 2009 Importance: bugfix ID: MDVA-2009:054 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:054 %pre iproute2 package shipped with Mandriva Linux 2009.0 installed outdated manual pages. This update installs correct manual pages instead. %description The iproute package contains networking utilities (ip, tc and rtmon, for example) which are designed to use the advanced networking capabilities of the Linux 2.2.x kernels and later, such as policy routing, fast NAT and packet scheduling. %package webmin Update: Thu Apr 23 15:38:18 2009 Importance: bugfix ID: MDVA-2009:055 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:055 %pre Webmin shipped with Mandriva Linux 2009.0 used crypt method for password creation, which prevented usage of passwords longer than 8 character. This update configures webmin to create MD5 passwords for new users by default. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package ghostscript ghostscript-common ghostscript-doc ghostscript-dvipdf ghostscript-module-X ghostscript-X libgs8 libgs8-devel libijs1 libijs1-devel Update: Fri Apr 24 17:39:01 2009 Importance: security ID: MDVSA-2009:095 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 %pre A buffer underflow in Ghostscript's CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file (CVE-2007-6725). Buffer overflow in Ghostscript's BaseFont writer module allows remote attackers to cause a denial of service and possibly to execute arbitrary code via a crafted Postscript file (CVE-2008-6679). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images (CVE-2009-0583, CVE-2009-0584). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 (CVE-2009-0792). Heap-based overflow in Ghostscript's JBIG2 decoding library allows attackers to cause denial of service and possibly to execute arbitrary code by using a crafted PDF file (CVE-2009-0196). This update provides fixes for that vulnerabilities. Update: gostscript packages from Mandriva Linux 2009.0 distribution are not affected by CVE-2007-6725. %description Ghostscript is a set of software tools that provide a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped and vector formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. You should install ghostscript if you need to display PostScript or PDF files, or if you have a non-PostScript printer. %package clamav clamav-db clamav-milter clamd libclamav6 libclamav-devel Update: Fri Apr 24 20:43:28 2009 Importance: security ID: MDVSA-2009:097 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:097 %pre Multiple vulnerabilities has been found and corrected in clamav: Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241). libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680). libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270). The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371). Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372). Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. This update provides clamav 0.95.1, which is not vulnerable to these issues. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package ftp-client-krb5 ftp-server-krb5 krb5 krb5-server krb5-workstation libkrb53 libkrb53-devel telnet-client-krb5 telnet-server-krb5 Update: Mon Apr 27 15:03:21 2009 Importance: security ID: MDVSA-2009:098 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:098 %pre Multiple vulnerabilities has been found and corrected in krb5: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read (CVE-2009-0844). The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer (CVE-2009-0846). The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic (CVE-2009-0847). The updated packages have been patched to correct these issues. Update: krb5 packages for Mandriva Linux Corporate Server 3 and 4 are not affected by CVE-2009-0844 and CVE-2009-0845 %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package x11-driver-video-intel x11-driver-video-intel-fast-i830 Update: Mon Apr 27 16:30:39 2009 Importance: bugfix ID: MDVA-2009:056 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:056 %pre The intel driver shipped wtih 2009.0 had problems when sealing with some Intel x4500MHD graphics chips like that found on Sony Vaio FW series laptops. This package includes an upstream fix for this issue. %description x11-driver-video-intel is the X.org driver for Intel video chipsets. %package dkms-libafs libopenafs1 libopenafs-devel openafs openafs-client openafs-doc openafs-server Update: Mon Apr 27 22:05:50 2009 Importance: security ID: MDVSA-2009:099 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:099 %pre Multiple vulnerabilities has been found and corrected in openafs: The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro (CVE-2009-1250). Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays (CVE-2009-1251). The updated packages have been patched to correct these issues. %description AFS is a distributed filesystem allowing cross-platform sharing of files among multiple computers. Facilities are provided for access control, authentication, backup and administrative management. This package provides common files shared across all the various OpenAFS packages but are not necessarily tied to a client or server. %package xpdf xpdf-common Update: Tue Apr 28 21:49:09 2009 Importance: security ID: MDVSA-2009:101 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 %pre Multiple buffer overflows in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0146). Multiple integer overflows in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0147). An integer overflow in the JBIG2 decoder has unspecified impact. (CVE-2009-0165). A free of uninitialized memory flaw in the the JBIG2 decoder allows remote to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0166). Multiple input validation flaws in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-0800). An out-of-bounds read flaw in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0799). An integer overflow in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-1179). A free of invalid data flaw in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180). A NULL pointer dereference flaw in the JBIG2 decoder allows remote attackers to cause denial of service (crash) via a crafted PDF file (CVE-2009-1181). Multiple buffer overflows in the JBIG2 MMR decoder allows remote attackers to cause denial of service or to execute arbitrary code via a crafted PDF file (CVE-2009-1182, CVE-2009-1183). This update provides fixes for that vulnerabilities. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package usermode usermode-consoleonly Update: Tue Apr 28 23:43:25 2009 Importance: security ID: MDVA-2009:057 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:057 %pre A configuration error in usermode was preventing some Mandriva graphical tools requiring superuser privileges to be started correctly if session was started from KDM. This updates fixes this issue. %description The usermode package contains several graphical tools for users: userinfo, usermount and userpasswd. Userinfo allows users to change their finger information. Usermount lets users mount, unmount, and format filesystems. Userpasswd allows users to change their passwords. Install the usermode package if you would like to provide users with graphical tools for certain account management tasks. %package libudev0 libudev0-devel libvolume_id1 libvolume_id1-devel udev udev-doc Update: Fri May 01 01:52:56 2009 Importance: security ID: MDVSA-2009:103 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:103 %pre Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space (CVE-2009-1185). Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments (CVE-2009-1186). The updated packages have been patched to prevent this. %description Udev is an implementation of devfs/devfsd in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly. Like devfs, udev dynamically creates and removes device nodes from /dev/. It responds to /sbin/hotplug device events. %package memcached Update: Mon May 04 11:58:37 2009 Importance: security ID: MDVSA-2009:105 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:105 %pre The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494). The updated packages have been patched to prevent this. %description memcached is a flexible memory object caching daemon designed to alleviate database load in dynamic web applications by storing objects in memory. It's based on libevent to scale to any size needed, and is specifically optimized to avoid swapping and always use non-blocking I/O. The memcached server binary comes in two flavours: o memcached - with threading support o memcached-replication - with replication support %package libSDL1.2_0 libSDL-devel Update: Mon May 04 21:37:30 2009 Importance: bugfix ID: MDVA-2009:058 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:058 %pre The SDL12 package shipped in 2008.1 and 2009.0 have a bug which will cause segment fault error on some games such as ri-li. %description This is the Simple DirectMedia Layer, a generic API that provides low level access to audio, keyboard, mouse, and display framebuffer across multiple platforms. %package libwmf0.2_7 libwmf0.2_7-devel libwmf Update: Tue May 05 20:50:07 2009 Importance: security ID: MDVSA-2009:106 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:106 %pre Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364). The updated packages have been patched to prevent this. %description libwmf is a library for unix like machines that can convert wmf files into other formats, currently it supports a gd binding to convert to gif, and an X one to draw direct to an X window or pixmap. %package evolution evolution-data-server evolution-devel evolution-exchange evolution-mono evolution-pilot gtkhtml-3.14 libcamel14 libebackend0 libebook9 libecal7 libedata-book2 libedata-cal6 libedataserver11 libedataserver-devel libedataserverui8 libegroupwise13 libexchange-storage3 libgdata1 libgtkhtml-3.14_19 libgtkhtml-3.14-devel Update: Wed May 06 13:12:36 2009 Importance: bugfix ID: MDVA-2009:104 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:104 %pre This package updates Evolution mail suite to latest stable 2.24 branch release, fixes many stability and performance issues and updates translations. %description GtkHTML is a HTML rendering/editing library. GtkHTML is not designed to be the ultimate HTML browser/editor: instead, it is designed to be easily embedded into applications that require lightweight HTML functionality. GtkHTML was originally based on KDE's KHTMLW widget, but is now developed independently of it. The most important difference between KHTMLW and GtkHTML, besides being GTK-based, is that GtkHTML is also an editor. Thanks to the Bonobo editor component that comes with the library, it's extremely simple to add HTML editing to an existing application. %package fuse libfuse2 libfuse-devel libfuse-static-devel Update: Wed May 06 13:32:31 2009 Importance: bugfix ID: MDVA-2009:104 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:104 %pre FUSE default setup was requiring non privileged users to be added manually to fuse group to be able to use fuse feature and this feature was not available immediatly after fuse package installation. This package updates ensure fuse is now immediatly available after package installation and for all users on the system. %description FUSE (Filesystem in USErspace) is a simple interface for userspace programs to export a virtual filesystem to the linux kernel. FUSE also aims to provide a secure method for non privileged users to create and mount their own filesystem implementations. %package acpid Update: Wed May 06 21:40:31 2009 Importance: security ID: MDVSA-2009:107 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:107 %pre The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop (CVE-2009-0798). The updated packages have been patched to prevent this. %description The ACPI specification defines power and system management functions for each computer, in a generic manner. The ACPI daemon coordinates the management of power and system functions when ACPI kernel support is enabled (kernel 2.3.x or later). %package zsh zsh-doc Update: Thu May 07 11:53:01 2009 Importance: security ID: MDVSA-2009:108 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:108 %pre A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service (zsh crash), when providing a specially-crafted string as input to the zsh shell (CVE-2009-1214, CVE-2009-1215). The updated packages have been patched to prevent this. %description Zsh is a UNIX command interpreter (shell) usable as an interactive login shell and as a shell script command processor. Of the standard shells, zsh most closely resembles ksh but includes many enhancements. Zsh has command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and a lots of other features Install the zsh package if you'd like to try out a different shell. %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Tue May 12 19:35:51 2009 Importance: bugfix ID: MDVA-2009:106 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:106 %pre This update provides mysql-5.0.81 (Community Server) with the latest bugfixes for mysql-5.0.x. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. Please see the documentation and the manual for more information. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-ext-beagle firefox-ext-mozvoikko firefox-theme-kde4ff gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-thunderbird-beagle xulrunner yelp Update: Wed May 13 01:12:00 2009 Importance: security ID: MDVSA-2009:111 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 %pre Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313) This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package drakx-net drakx-net-text libdrakx-net Update: Wed May 13 01:52:07 2009 Importance: bugfix ID: MDVA-2009:059 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:059 %pre This bugfix update for draxk-net fixes several minor issues with Mandriva Linux network tools: - e1000e network card was added to the list of cards requiring additional initialization time (#49335). - network adapters which do not have a complete /sysfs/ (such as b43 cards) entry are properly detected (#44740) - the NETWORKING=yes configuration is properly saved when configuring the network connection - support for broadcom-wl driver was added %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package debugmode initscripts Update: Wed May 13 01:55:16 2009 Importance: bugfix ID: MDVA-2009:060 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:060 %pre The network-up service, shipped with Mandriva Linux 2009.0, was not waiting for the network to be available in some cases, which could lead the services which depend on it to fail starting. %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW Update: Wed May 13 12:13:58 2009 Importance: security ID: MDVSA-2009:111-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:111-1 %pre Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313) This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. Update: The recent Mozilla Firefox update missed the Firefox language packs for Mandriva Linux 2009. This update provides them, fixing the issue. %description Localizations for Firefox web browser. %package portreserve Update: Wed May 13 12:42:15 2009 Importance: bugfix ID: MDVA-2009:061 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:061 %pre In some cases, CUPS in Mandriva Linux 2009 would start but be unavailable, due to the possibility that 'portreserve' service was started at the wrong time, thus being unable to do its job. This update fixes that, by making sure portreserve start at the right time during system initialization. %description The portreserve program aims to help services with well-known ports that lie in the portmap range. It prevents portmap from a real service's port by occupying it itself, until the real service tells it to release the port (generally in the init script). %package bash bash-doc Update: Wed May 13 16:03:22 2009 Importance: bugfix ID: MDVA-2009:062 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:062 %pre Bash as shipped with Mandriva Linux 2009.0 was executing keychain for new users even if the application was not installed. This updated package prevents this from happening. %description Bash is a GNU project sh-compatible shell or command language interpreter. Bash (Bourne Again shell) incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. Bash offers several improvements over sh, including command line editing, unlimited size command history, job control, shell functions and aliases, indexed arrays of unlimited size and integer arithmetic in any base from two to 64. Bash is ultimately intended to conform to the IEEE POSIX P1003.2/ISO 9945.2 Shell and Tools standard. %package flex ipsec-tools libipsec0 libipsec-devel Update: Wed May 13 20:33:14 2009 Importance: security ID: MDVSA-2009:112 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:112 %pre racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference (CVE-2009-1574). Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous bugfixes over the previous 0.7.1 version, and also corrects this issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been patched to address this issue. Additionally the flex package required for building ipsec-tools has been fixed due to ipsec-tools build problems and is also available with this update. %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.6 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %package cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-ldapdb libsasl2-plug-login libsasl2-plug-ntlm libsasl2-plug-otp libsasl2-plug-plain libsasl2-plug-sasldb libsasl2-plug-sql Update: Mon May 18 10:55:17 2009 Importance: security ID: MDVSA-2009:113 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:113 %pre Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c (CVE-2009-0688). The updated packages have been patched to prevent this. %description SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. To actually use SASL you must install at least one of the libsasl2-plug-XXXX authentication plugin, such as libsasl2-plug-plain. The SQL auxprop plugin can be rebuild with different database backends: --with srp SRP support (disabled) --with mysql MySQL support (enabled) --with pgsql Postgres SQL support (disabled) --with sqlite SQLite support (disabled) %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Mon May 18 13:07:14 2009 Importance: bugfix ID: MDVA-2009:067 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:067 %pre This update fixes several issues with drakxtools: o diskdrake: - allow LVM in non expert mode - allow Encrypted partition inside LVM - allow creating partition starting after 1TB - don't crash when creating a partition in LVM with the partition type buttons (#38078) o harddrake service: - prevent wrongly notifying we switched from proprietary to free driver (anssi, #41969) (regression introduced in 11.70 on 16 October 2008) %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package gnutls libgnutls26 libgnutls-devel Update: Mon May 18 14:06:18 2009 Importance: security ID: MDVSA-2009:116 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 %pre Multiple vulnerabilities has been found and corrected in gnutls: lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415). lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416). gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). The updated packages have been patched to prevent this. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package gnutls libgnutls26 libgnutls-devel Update: Mon May 18 14:06:39 2009 Importance: security ID: MDVSA-2009:116 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 %pre Multiple vulnerabilities has been found and corrected in gnutls: lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415). lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416). gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). The updated packages have been patched to prevent this. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package podsleuth Update: Tue May 19 09:30:55 2009 Importance: bugfix ID: MDVA-2009:071 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:071 %pre The podsleuth binary was packaged in the wrong directory on x86_64 architecture, breaking iPod support in Banshee. This update corrects the problem. %description PodSleuth is a tool to discover detailed model information about an Apple (TM) iPod (TM). Its primary role is to be run as a callout by HAL (http://freedesktop.org/wiki/Software_2fhal) because root access is needed to scan the device for required information. When the model information is discovered, it is merged into HAL as properties for other applications to use. %package amarok amarok-scripts libamarok-devel libamaroklib1 libamarokplasma2 libamarokpud1 libamarok_taglib1 Update: Tue May 19 09:56:56 2009 Importance: bugfix ID: MDVA-2009:073 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:073 %pre Amarok 2 stopped scrobbling played music to last.fm. A patch has been applied fixing this issue, Amarok2 is scrobbling the songs to last.fm fine with this updated package. %description Feature Overview * Music Collection: You have a huge music library and want to locate tracks quickly? Let amaroK's powerful Collection take care of that! It's a database powered music store, which keeps track of your complete music library, allowing you to find any title in a matter of seconds. * Intuitive User Interface: You will be amazed to see how easy amaroK is to use! Simply drag-and-drop files into the playlist. No hassle with complicated buttons or tangled menus. Listening to music has never been easier! * Streaming Radio: Web streams take radio to the next level: Listen to thousands of great radio stations on the internet, for free! amaroK provides excellent streaming support, with advanced features, such as displaying titles of the currently playing songs. * Context Browser: This tool provides useful information on the music you are currently listening to, and can make listening suggestions, based on your personal music taste. An innovate and unique feature. * Visualizations: amaroK is compatible with XMMS visualization plugins. Allows you to use the great number of stunning visualizations available on the net. 3d visualizations with OpenGL are a great way to enhance your music experience. %package x11-server x11-server-common x11-server-devel x11-server-xdmx x11-server-xephyr x11-server-xfake x11-server-xfbdev x11-server-xnest x11-server-xorg x11-server-xsdl x11-server-xvfb x11-server-xvnc Update: Tue May 19 10:11:30 2009 Importance: bugfix ID: MDVA-2009:074 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:074 %pre In Mandriva Linux 2009.0, pressing modifier keys such as Ctrl, Alt or Shift after a keyboard layout change would turn off the indicator leds (numlock and capslock) regardless of the respective keyboard state. This update fixes the issue. %description X11 servers %package ntp ntp-client ntp-doc Update: Tue May 19 13:36:52 2009 Importance: security ID: MDVSA-2009:117 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:117 %pre A vulnerability has been found and corrected in ntp: A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd (CVE-2009-1252). The updated packages have been patched to prevent this. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package kdelibs-common kdelibs-devel-doc libkdecore4 libkdecore4-devel Update: Tue May 19 17:04:54 2009 Importance: bugfix ID: MDVA-2009:076 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:076 %pre On Mandriva Linux 2009.0, installing a KDE3 package wouldn't automatically install the locales package for the system's language. This update fixes the issue. %description Libraries for the K Desktop Environment. %package kdevelop kdevelop-doc libkdevelop3 libkdevelop-devel Update: Tue May 19 17:21:37 2009 Importance: bugfix ID: MDVA-2009:077 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:077 %pre This update provides the latest kdevelop release, which contains only bugfixes. %description The KDevelop Integrated Development Environment provides many features that developers need as well as providing a unified interface to programs like gdb, the C/C++ compiler, and make. KDevelop manages or provides: * All development tools needed for C++ programming like Compiler, Linker, automake and autoconf * KAppWizard, which generates complete, ready-to-go sample applications * Classgenerator, for creating new classes and integrating them into the current project * File management for sources, headers, documentation etc. to be included in the project * The creation of User-Handbooks written with SGML and the automatic generation of HTML-output with the KDE look and feel * Automatic HTML-based API-documentation for your project's classes with cross-references to the used libraries; Internationalization support for your application, allowing translators to easily add their target language to a project * WYSIWYG (What you see is what you get) creation of user interfaces with a built-in dialog editor * Debugging your application by integrating KDbg * Editing of project-specific pixmaps with KIconEdit * The inclusion of any other program you need for development by adding it to the "Tools" menu according to your individual needs. %package alsa_raoppcm-kernel-2.6.27.21-desktop-1mnb alsa_raoppcm-kernel-2.6.27.21-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.21-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.21-desktop-1mnb drm-experimental-kernel-2.6.27.21-desktop586-1mnb drm-experimental-kernel-2.6.27.21-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.21-desktop-1mnb et131x-kernel-2.6.27.21-desktop586-1mnb et131x-kernel-2.6.27.21-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.21-desktop-1mnb fcpci-kernel-2.6.27.21-desktop586-1mnb fcpci-kernel-2.6.27.21-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.21-desktop-1mnb fglrx-kernel-2.6.27.21-desktop586-1mnb fglrx-kernel-2.6.27.21-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.21-desktop-1mnb gnbd-kernel-2.6.27.21-desktop586-1mnb gnbd-kernel-2.6.27.21-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.21-desktop-1mnb hcfpcimodem-kernel-2.6.27.21-desktop586-1mnb hcfpcimodem-kernel-2.6.27.21-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.21-desktop-1mnb hsfmodem-kernel-2.6.27.21-desktop586-1mnb hsfmodem-kernel-2.6.27.21-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.21-desktop-1mnb hso-kernel-2.6.27.21-desktop586-1mnb hso-kernel-2.6.27.21-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.21-desktop-1mnb iscsitarget-kernel-2.6.27.21-desktop586-1mnb iscsitarget-kernel-2.6.27.21-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.21-1mnb kernel-desktop-2.6.27.21-1mnb kernel-desktop586-2.6.27.21-1mnb kernel-desktop586-devel-2.6.27.21-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.21-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.21-1mnb kernel-server-devel-2.6.27.21-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.21-1mnb kernel-source-latest kqemu-kernel-2.6.27.21-desktop-1mnb kqemu-kernel-2.6.27.21-desktop586-1mnb kqemu-kernel-2.6.27.21-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.21-desktop-1mnb lirc-kernel-2.6.27.21-desktop586-1mnb lirc-kernel-2.6.27.21-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.21-desktop-1mnb lzma-kernel-2.6.27.21-desktop586-1mnb lzma-kernel-2.6.27.21-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.21-desktop-1mnb madwifi-kernel-2.6.27.21-desktop586-1mnb madwifi-kernel-2.6.27.21-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.21-desktop-1mnb nvidia173-kernel-2.6.27.21-desktop586-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.21-desktop-1mnb nvidia71xx-kernel-2.6.27.21-desktop586-1mnb nvidia71xx-kernel-2.6.27.21-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.21-desktop-1mnb nvidia96xx-kernel-2.6.27.21-desktop586-1mnb nvidia96xx-kernel-2.6.27.21-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.21-desktop-1mnb nvidia-current-kernel-2.6.27.21-desktop586-1mnb nvidia-current-kernel-2.6.27.21-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.21-desktop-1mnb omfs-kernel-2.6.27.21-desktop586-1mnb omfs-kernel-2.6.27.21-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.21-desktop-1mnb omnibook-kernel-2.6.27.21-desktop586-1mnb omnibook-kernel-2.6.27.21-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.21-desktop-1mnb opencbm-kernel-2.6.27.21-desktop586-1mnb opencbm-kernel-2.6.27.21-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.21-desktop-1mnb ov51x-jpeg-kernel-2.6.27.21-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.21-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.21-desktop-1mnb qc-usb-kernel-2.6.27.21-desktop586-1mnb qc-usb-kernel-2.6.27.21-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.21-desktop-1mnb rt2860-kernel-2.6.27.21-desktop586-1mnb rt2860-kernel-2.6.27.21-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.21-desktop-1mnb rt2870-kernel-2.6.27.21-desktop586-1mnb rt2870-kernel-2.6.27.21-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.21-desktop-1mnb rtl8187se-kernel-2.6.27.21-desktop586-1mnb rtl8187se-kernel-2.6.27.21-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.21-desktop-1mnb slmodem-kernel-2.6.27.21-desktop586-1mnb slmodem-kernel-2.6.27.21-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.21-desktop-1mnb squashfs-lzma-kernel-2.6.27.21-desktop586-1mnb squashfs-lzma-kernel-2.6.27.21-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.21-desktop-1mnb tp_smapi-kernel-2.6.27.21-desktop586-1mnb tp_smapi-kernel-2.6.27.21-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.21-desktop-1mnb vboxadd-kernel-2.6.27.21-desktop586-1mnb vboxadd-kernel-2.6.27.21-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.21-desktop-1mnb vboxvfs-kernel-2.6.27.21-desktop586-1mnb vboxvfs-kernel-2.6.27.21-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.21-desktop-1mnb vhba-kernel-2.6.27.21-desktop586-1mnb vhba-kernel-2.6.27.21-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.21-desktop-1mnb virtualbox-kernel-2.6.27.21-desktop586-1mnb virtualbox-kernel-2.6.27.21-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.21-desktop-1mnb vpnclient-kernel-2.6.27.21-desktop586-1mnb vpnclient-kernel-2.6.27.21-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Tue May 19 17:53:49 2009 Importance: security ID: MDVSA-2009:118 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:118 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. (CVE-2009-0028) fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. (CVE-2009-0269) The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. (CVE-2009-0834) The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. (CVE-2009-0835) The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21. (CVE-2009-1184) Additionally, along with other things, this kernel update adds support for D-Link DWM 652 3.5G, some Intel gigabit network chipsets, Avermedia PCI pure analog (M135A), fixes a bug causing SQLite performance regression, and has some updated ALSA drivers. Check the package changelog for details. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package drakguard Update: Thu May 21 05:08:55 2009 Importance: bugfix ID: MDVA-2009:079 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:079 %pre Parental control application available in Mandriva Linux was not detecting the previously configured parental control level correctly. This update fixes this issue. %description This tool allows to configure parental control. It can block access to web sites and restrict connection during a specified timeframe. %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Thu May 21 15:01:45 2009 Importance: security ID: MDVSA-2009:120 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 %pre Multiple security vulnerabilities has been identified and fixed in OpenSSL: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) The updated packages have been patched to prevent this. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %package lcms liblcms1 liblcms-devel python-lcms Update: Thu May 21 20:09:51 2009 Importance: security ID: MDVSA-2009:121 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 %pre Multiple security vulnerabilities has been identified and fixed in Little cms: A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). This update provides fixes for these issues. %description Little cms is a color management library. Implements fast transforms between ICC profiles. It is focused on speed, and is portable across several platforms. %package armagetron Update: Tue May 26 11:19:22 2009 Importance: bugfix ID: MDVA-2009:083 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:083 %pre Armagetron crashes when the users try to play online (except for the first connexion). This update fixes the crash so that users can play online again. %description Another very nice and networked Tron game using OpenGL. Armagetron Advanced is the continuation of the original Armagetron game. %package kdelibs-common kdelibs-devel-doc libkdecore4 libkdecore4-devel Update: Sat May 30 00:21:32 2009 Importance: bugfix ID: MDVA-2009:076-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:076-1 %pre On Mandriva Linux 2009.0, installing a KDE3 package wouldn't automatically install the locales package for the system's language. This update fixes the issue. Update: On the previous kdelibs update we added a require on kde-i18n. After some discussion it appears that adding a suggests is a better choice. This also fixes the update, which would not work via MandrivaUpdate. %description Libraries for the K Desktop Environment. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Sun May 31 14:07:24 2009 Importance: security ID: MDVSA-2009:124 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 %pre Multiple vulnerabilities has been found and corrected in apache: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). This update provides fixes for these vulnerabilities. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Sun May 31 18:48:24 2009 Importance: security ID: MDVSA-2009:125 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:125 %pre A vulnerability has been identified and corrected in wireshark: o Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets (CVE-2009-1829). This update provides Wireshark 1.0.8, which is not vulnerable to this issue. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package eggdrop Update: Mon Jun 01 22:03:40 2009 Importance: security ID: MDVSA-2009:126 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:126 %pre mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807 (CVE-2009-1789). %description Eggdrop is an IRC bot, written in C. If you don't know what IRC is, this is probably not whatever you're looking for! Eggdrop, being a bot, sits on a channel and takes protective measures: to keep the channel from being taken over (in the few ways that anything CAN), to recognize banished users or sites and reject them, to recognize privileged users and let them gain ops, etc. %package libmodplug0 libmodplug0-devel Update: Thu Jun 04 16:12:37 2009 Importance: security ID: MDVSA-2009:128 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:128 %pre Multiple security vulnerabilities has been identified and fixed in libmodplug: Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow (CVE-2009-1438). Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name (CVE-2009-1513). The updated packages have been patched to prevent this. %description Olivier Lapicque, author of Modplug, which is arguably the best quality MOD-playing software available, has placed his sound rendering code in the public domain. This library and plugin is based on that code. It can play 22 different mod formats, including: MOD, S3M, XM, IT, 669, AMF (both of them), AMS, DBM, DMF, DSM, FAR, MDL, MED, MTM, OKT, PTM, STM, ULT, UMX, MT2, PSM %package gstreamer0.10-aalib gstreamer0.10-caca gstreamer0.10-dv gstreamer0.10-esound gstreamer0.10-flac gstreamer0.10-plugins-good gstreamer0.10-pulse gstreamer0.10-raw1394 gstreamer0.10-soup gstreamer0.10-speex gstreamer0.10-wavpack Update: Fri Jun 05 19:35:39 2009 Importance: security ID: MDVSA-2009:130 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:130 %pre Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow (CVE-2009-1932). %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of plug-ins that are considered to have good quality code, correct functionality, the preferred license (LGPL for the plug-in code, LGPL or LGPL-compatible for the supporting library). People writing elements should base their code on these elements. %package apr-util-dbd-freetds apr-util-dbd-ldap apr-util-dbd-mysql apr-util-dbd-odbc apr-util-dbd-pgsql apr-util-dbd-sqlite3 libapr-util1 libapr-util-devel Update: Sat Jun 06 21:15:44 2009 Importance: security ID: MDVSA-2009:131 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:131 %pre Multiple security vulnerabilities has been identified and fixed in apr-util: The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, related to an underflow flaw. (CVE-2009-0023). The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564 (CVE-2009-1955). Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input (CVE-2009-1956). The updated packages have been patched to prevent this. %description The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. %package codeina Update: Sun Jun 07 11:28:44 2009 Importance: bugfix ID: MDVA-2009:092 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:092 %pre A bug in codeina could prevent its cache to not be flushed properly on errors, preventing it to work properly if a erronous file was downloaded previously. This package update fixes this issue and increase startup delay to 30s to improve login time. %description Codeina installs codecs from the Fluendo webshop or distribution package for GStreamer. %package libsndfile1 libsndfile-devel libsndfile-progs libsndfile-static-devel Update: Sun Jun 07 15:10:54 2009 Importance: security ID: MDVSA-2009:132 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:132 %pre Multiple vulnerabilities has been found and corrected in libsndfile: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value (CVE-2009-1788). Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value (CVE-2009-1791). This update provides fixes for these vulnerabilities. %description libsndfile is a C library for reading and writing sound files such as AIFF, AU and WAV files through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32-bit floating point WAV files and a number of compressed formats. %package ipset Update: Tue Jun 09 09:51:52 2009 Importance: bugfix ID: MDVA-2009:093 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:093 %pre ipset released in Mandriva 2009 has a bug leading to a non working status, instead starting it gives the following error message as output: undefined symbol: __stack_chk_fail_local. This update fixes the problem making ipset work fine. %description IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. ipset may be the proper tool for you, if you want to o store multiple IP addresses or port numbers and match against the collection by iptables at one swoop; o dynamically update iptables rules against IP addresses or ports without performance penalty; o express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets %package dansguardian Update: Tue Jun 09 10:30:11 2009 Importance: bugfix ID: MDVA-2009:094 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:094 %pre There was a bug with the dansguardian build where the path to /var/lib/dansguardian was wrongly set to /var/dansguardian. The libclamav support has been disabled because of too frequent changes in the clamav API, the preferred way to use clamav is to use clamd. This update fixes these problems. %description DansGuardian is a filtering proxy for Linux, FreeBSD, OpenBSD and Solaris. It filters using multiple methods. These methods include URL and domain filtering, content phrase filtering, PICS filtering, MIME filtering, file extension filtering, POST filtering. The content phrase filtering will check for pages that contain profanities and phrases often associated with pornography and other undesirable content. The POST filtering allows you to block or limit web upload. The URL and domain filtering is able to handle huge lists and is significantly faster than squidGuard. The filtering has configurable domain, user and ip exception lists. SSL Tunneling is supported. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Wed Jun 10 15:12:23 2009 Importance: bugfix ID: MDVA-2009:095 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:095 %pre The CVE-2009-1195 patch broke the mod_perl build. Patches from upstream svn has been applied to this update that fixes the issue. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package perl-MDK-Common Update: Wed Jun 10 17:30:47 2009 Importance: bugfix ID: MDVA-2009:096 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:096 %pre Mandriva system library (perl-MDK-Common) was not handling configuration files that had '#' character inside parameters correctly. This update fixes the issue. %description Various simple functions created for DrakX %package drakx-net drakx-net-text libdrakx-net Update: Wed Jun 10 17:43:53 2009 Importance: bugfix ID: MDVA-2009:098 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:098 %pre This bugfix update to drakx-net fixes a number of issues: - wireless passwords with '#' character were not properly handled (bug #50670) - wireless connection settings were not preserved for different connections (bug #46010) %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package ntp ntp-client ntp-doc Update: Wed Jun 10 19:54:07 2009 Importance: bugfix ID: MDVA-2009:099 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:099 %pre This bugfix release makes it possible to pass additional options to the ntpdate utility and for the releases lacking it the ntpd server by utilizing the /etc/sysconfig/ntpd file while starting the ntp service. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package clamav clamav-db clamav-milter clamd libclamav6 libclamav-devel Update: Thu Jun 11 15:48:40 2009 Importance: bugfix ID: MDVA-2009:100 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:100 %pre This bugfix release makes it possible to pass additional options to the freshclam utility and the clamd server by utilizing the /etc/sysconfig/freshclam and /etc/sysconfig/clamd files while starting the services. The clamav packages has also been upgraded to the latest version 0.95.2 that also has a number of upstream fixes. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package gurpmi urpmi urpmi-ldap urpmi-parallel-ka-run urpmi-parallel-ssh urpmi-recover Update: Thu Jun 11 17:53:16 2009 Importance: bugfix ID: MDVA-2009:101 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:101 %pre This update fixes minor issue with urpmi: - some signatures are sometimes wrongly considered as invalid (when the same package exists in 2 different media) - no error message and 0 exit code when using CD/DVD media and hal isn't running %description urpmi is Mandriva Linux's console-based software installation tool. You can use it to install software from the console in the same way as you use the graphical Install Software tool (rpmdrake) to install software from the desktop. urpmi will follow package dependencies -- in other words, it will install all the other software required by the software you ask it to install -- and it's capable of obtaining packages from a variety of media, including the Mandriva Linux installation CD-ROMs, your local hard disk, and remote sources such as web or FTP sites. %package grep grep-doc Update: Thu Jun 11 19:41:43 2009 Importance: bugfix ID: MDVA-2009:102 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:102 %pre This update fixes a minor issue with grep: During LSB 4.0 tests grep was failing with the -i option and with certain locales. The new version 2.5.4 passes the LSB 4.0 tests without problems. %description The GNU versions of commonly used grep utilities. Grep searches one or more input files for lines which contain a match to a specified pattern and then prints the matching lines. GNU's grep utilities include grep, egrep and fgrep. You should install grep on your system, because it is a very useful utility for searching through text files, for system administration tasks, etc. %package libudev0 libudev0-devel libvolume_id1 libvolume_id1-devel udev udev-doc Update: Fri Jun 12 09:54:20 2009 Importance: bugfix ID: MDVA-2009:107 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:107 %pre udev network hotplug scripts before this update doesn't ignore tmpbridge interface, created by xen network-bridge script. This makes bridged xen network setup to fail. The update addresses the issue, making network hotplug ignore tmpbridge interface. Affects only xen users using bridges for network setup. %description Udev is an implementation of devfs/devfsd in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly. Like devfs, udev dynamically creates and removes device nodes from /dev/. It responds to /sbin/hotplug device events. %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Fri Jun 12 20:07:47 2009 Importance: bugfix ID: MDVA-2009:109 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:109 %pre This update provides mysql-5.0.83 (Community Server) with the latest bugfixes for mysql-5.0.x. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. Please see the documentation and the manual for more information. %package libdesignercore1 libeditor1 libqassistantclient1 libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql libqt3-sqlite libqt3-static-devel qt3-assistant qt3-common qt3-doc qt3-example qt3-linguist qt3-tutorial Update: Mon Jun 15 17:59:43 2009 Importance: bugfix ID: MDVA-2009:110 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:110 %pre During the LSB 4.0 validation tests it was discovered a single patch added to the Mandriva qt3 package made the test suite fail. The patch was only a cosmetic related patch, and when removed the qt3 packages passed the tests. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ %package lemon libsqlite3_0 libsqlite3-devel libsqlite3-static-devel sqlite3-tools tcl-sqlite3 Update: Tue Jun 16 01:43:09 2009 Importance: bugfix ID: MDVA-2009:111 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:111 %pre This update provides latest sqlite3 package, which is required by Firefox 3.0.11 and xulrunner 1.9.0.11 update. %description SQLite is a C library that implements an embeddable SQL database engine. Programs that link with the SQLite library can have SQL database access without running a separate RDBMS process. The distribution comes with a standalone command-line access program (sqlite) that can be used to administer an SQLite database and which serves as an example of how to use the SQLite library. %package irssi irssi-devel irssi-perl Update: Tue Jun 16 12:53:42 2009 Importance: security ID: MDVSA-2009:133 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:133 %pre A vulnerability has been found and corrected in irssi: Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow (CVE-2009-1959). This update provides fixes for this vulnerability. %description Irssi is a modular and flexible IRC client for UNIX that has only a text mode user interface (but as 80-90% of the code isn't text mode specific, other UIs could be created pretty easily). Also, Irssi isn't really even IRC specific anymore, there are already working SILC and ICB modules available. Support for other protocols like ICQ and Jabber could be created some day too. Irssi is one of the most popular IRC clients at the moment. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-thunderbird-beagle xulrunner yelp Update: Wed Jun 17 14:47:35 2009 Importance: security ID: MDVSA-2009:134 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:134 %pre Security vulnerabilities have been discovered and corrected in Mozilla Firefox 3.x: CVE-2009-1392: Firefox browser engine crashes CVE-2009-1832: Firefox double frame construction flaw CVE-2009-1833: Firefox JavaScript engine crashes CVE-2009-1834: Firefox URL spoofing with invalid unicode characters CVE-2009-1835: Firefox Arbitrary domain cookie access by local file: resources CVE-2009-1836: Firefox SSL tampering via non-200 responses to proxy CONNECT requests CVE-2009-1837: Firefox Race condition while accessing the private data of a NPObject JS wrapper class object CVE-2009-1838: Firefox arbitrary code execution flaw CVE-2009-1839: Firefox information disclosure flaw CVE-2009-1840: Firefox XUL scripts skip some security checks CVE-2009-1841: Firefox JavaScript arbitrary code execution CVE-2009-2043: firefox - remote TinyMCE denial of service CVE-2009-2044: firefox - remote GIF denial of service CVE-2009-2061: firefox - man-in-the-middle exploit CVE-2009-2065: firefox - man-in-the-middle exploit This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package alsa_raoppcm-kernel-2.6.27.24-desktop-1mnb alsa_raoppcm-kernel-2.6.27.24-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.24-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.24-desktop-1mnb drm-experimental-kernel-2.6.27.24-desktop586-1mnb drm-experimental-kernel-2.6.27.24-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.24-desktop-1mnb et131x-kernel-2.6.27.24-desktop586-1mnb et131x-kernel-2.6.27.24-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.24-desktop-1mnb fcpci-kernel-2.6.27.24-desktop586-1mnb fcpci-kernel-2.6.27.24-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.24-desktop-1mnb fglrx-kernel-2.6.27.24-desktop586-1mnb fglrx-kernel-2.6.27.24-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.24-desktop-1mnb gnbd-kernel-2.6.27.24-desktop586-1mnb gnbd-kernel-2.6.27.24-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.24-desktop-1mnb hcfpcimodem-kernel-2.6.27.24-desktop586-1mnb hcfpcimodem-kernel-2.6.27.24-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.24-desktop-1mnb hsfmodem-kernel-2.6.27.24-desktop586-1mnb hsfmodem-kernel-2.6.27.24-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.24-desktop-1mnb hso-kernel-2.6.27.24-desktop586-1mnb hso-kernel-2.6.27.24-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.24-desktop-1mnb iscsitarget-kernel-2.6.27.24-desktop586-1mnb iscsitarget-kernel-2.6.27.24-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.24-1mnb kernel-desktop-2.6.27.24-1mnb kernel-desktop586-2.6.27.24-1mnb kernel-desktop586-devel-2.6.27.24-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.24-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.24-1mnb kernel-server-devel-2.6.27.24-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.24-1mnb kernel-source-latest kqemu-kernel-2.6.27.24-desktop-1mnb kqemu-kernel-2.6.27.24-desktop586-1mnb kqemu-kernel-2.6.27.24-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.24-desktop-1mnb lirc-kernel-2.6.27.24-desktop586-1mnb lirc-kernel-2.6.27.24-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.24-desktop-1mnb lzma-kernel-2.6.27.24-desktop586-1mnb lzma-kernel-2.6.27.24-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.24-desktop-1mnb madwifi-kernel-2.6.27.24-desktop586-1mnb madwifi-kernel-2.6.27.24-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.24-desktop-1mnb nvidia173-kernel-2.6.27.24-desktop586-1mnb nvidia173-kernel-2.6.27.24-server-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia173-kernel-server-latest nvidia71xx-kernel-2.6.27.24-desktop-1mnb nvidia71xx-kernel-2.6.27.24-desktop586-1mnb nvidia71xx-kernel-2.6.27.24-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.24-desktop-1mnb nvidia96xx-kernel-2.6.27.24-desktop586-1mnb nvidia96xx-kernel-2.6.27.24-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.24-desktop-1mnb nvidia-current-kernel-2.6.27.24-desktop586-1mnb nvidia-current-kernel-2.6.27.24-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.24-desktop-1mnb omfs-kernel-2.6.27.24-desktop586-1mnb omfs-kernel-2.6.27.24-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.24-desktop-1mnb omnibook-kernel-2.6.27.24-desktop586-1mnb omnibook-kernel-2.6.27.24-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.24-desktop-1mnb opencbm-kernel-2.6.27.24-desktop586-1mnb opencbm-kernel-2.6.27.24-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.24-desktop-1mnb ov51x-jpeg-kernel-2.6.27.24-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.24-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.24-desktop-1mnb qc-usb-kernel-2.6.27.24-desktop586-1mnb qc-usb-kernel-2.6.27.24-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.24-desktop-1mnb rt2860-kernel-2.6.27.24-desktop586-1mnb rt2860-kernel-2.6.27.24-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.24-desktop-1mnb rt2870-kernel-2.6.27.24-desktop586-1mnb rt2870-kernel-2.6.27.24-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.24-desktop-1mnb rtl8187se-kernel-2.6.27.24-desktop586-1mnb rtl8187se-kernel-2.6.27.24-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.24-desktop-1mnb slmodem-kernel-2.6.27.24-desktop586-1mnb slmodem-kernel-2.6.27.24-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.24-desktop-1mnb squashfs-lzma-kernel-2.6.27.24-desktop586-1mnb squashfs-lzma-kernel-2.6.27.24-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.24-desktop-1mnb tp_smapi-kernel-2.6.27.24-desktop586-1mnb tp_smapi-kernel-2.6.27.24-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.24-desktop-1mnb vboxadd-kernel-2.6.27.24-desktop586-1mnb vboxadd-kernel-2.6.27.24-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.24-desktop-1mnb vboxvfs-kernel-2.6.27.24-desktop586-1mnb vboxvfs-kernel-2.6.27.24-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.24-desktop-1mnb vhba-kernel-2.6.27.24-desktop586-1mnb vhba-kernel-2.6.27.24-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.24-desktop-1mnb virtualbox-kernel-2.6.27.24-desktop586-1mnb virtualbox-kernel-2.6.27.24-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.24-desktop-1mnb vpnclient-kernel-2.6.27.24-desktop586-1mnb vpnclient-kernel-2.6.27.24-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Wed Jun 17 17:54:51 2009 Importance: security ID: MDVSA-2009:135 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21. (CVE-2009-1184) The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. (CVE-2009-1337) The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. (CVE-2009-1192) The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call. (CVE-2009-0029) The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets. (CVE-20090-1360) The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. (CVE-2009-1961) Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. (CVE-2009-1385) The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. (CVE-2009-1630) Additionally, the kernel package was updated to the Linux upstream stable version 2.6.27.24. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package drakx-net drakx-net-text libdrakx-net Update: Thu Jun 18 01:47:52 2009 Importance: bugfix ID: MDVA-2009:112 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:112 %pre In some cases, the wpa_supplicant configuration file would not be read correctly by drakx-net, mostly with WPA-Enterprise networks. This update fixes the issue. %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package glibc glibc-devel glibc-doc glibc-doc-pdf glibc-i18ndata glibc-profile glibc-static-devel glibc-utils nscd Update: Thu Jun 18 13:09:19 2009 Importance: bugfix ID: MDVA-2009:116 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:116 %pre New glibc release to fix some issues found in glibc 2.8 present in Mandriva 2009.0: - ulimit(UL_SETFSIZE) does not return the integer part of the new file size limit divided by 512 (http://linuxtesting.org/results/report?num=S0167, Mandriva bug #51685) - When including pthread.h and using pthread_cleanup_pop or pthread_cleanup_pop_restore_np macros, a compiler warning is issued or build error happens if -Werror is used (http://sourceware.org/bugzilla/show_bug.cgi?id=7056, Mandriva bug #49142) %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. This package now also provides ldconfig which was package seperately in the past. Ldconfig is a basic system program which determines run-time link bindings between ld.so and shared libraries. Ldconfig scans a running system and sets up the symbolic links that are used to load shared libraries properly. It also creates a cache (/etc/ld.so.cache) which speeds the loading of programs which use shared libraries. %package java-1.6.0-openjdk java-1.6.0-openjdk-demo java-1.6.0-openjdk-devel java-1.6.0-openjdk-javadoc java-1.6.0-openjdk-plugin java-1.6.0-openjdk-src rhino rhino-demo rhino-javadoc rhino-manual Update: Fri Jun 19 16:41:43 2009 Importance: security ID: MDVSA-2009:137 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 %pre Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK: A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). Further security fixes in the JRE and in the Java API of OpenJDK: A flaw in handling temporary font files by the Java Virtual Machine (JVM) allows remote attackers to cause denial of service (CVE-2006-2426). An integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service (CVE-2009-0794). A flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service (CVE-2009-1093). A flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response (CVE-2009-1094). Buffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet (CVE-2009-1095, CVE-2009-1096). A buffer overflow in the splash screen processing allows a attackers to execute arbitrary code (CVE-2009-1097). A buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image (CVE-2009-1098). A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling allows remote attackers to cause a denial of service on the service endpoint's server side (CVE-2009-1101). A flaw in the Java Runtime Environment Virtual Machine code generation allows remote attackers to execute arbitrary code via a crafted applet (CVE-2009-1102). This update provides fixes for these issues. Update: java-1.6.0-openjdk requires rhino packages and these has been further updated. %description Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. This version contains Dojo's JavaScript compression patch. This version does not contain E4X due to missing xmlbeans/xbean.jar. %package tomcat5 tomcat5-admin-webapps tomcat5-common-lib tomcat5-jasper tomcat5-jasper-eclipse tomcat5-jasper-javadoc tomcat5-jsp-2.0-api tomcat5-jsp-2.0-api-javadoc tomcat5-server-lib tomcat5-servlet-2.4-api tomcat5-servlet-2.4-api-javadoc tomcat5-webapps Update: Mon Jun 22 22:56:27 2009 Importance: security ID: MDVSA-2009:136 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 %pre Multiple security vulnerabilities has been identified and fixed in tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580). The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783). The updated packages have been patched to prevent this. Additionally Apache Tomcat has been upgraded to the latest 5.5.27 version for 2009.0. %description Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. %package akonadi-common akonadi-devel akregator amarok amarok-scripts amor ark blinken bomber bovo cervisia cmake cmake-qtgui digikam dolphin dragonplayer exiv2 exiv2-doc flash-kde4-config free-kde4-config google-gadgets google-gadgets-gtk google-gadgets-qt gwenview juk k3b k3b-devel kaddressbook kalarm kalgebra kalzium kamera kanagram kapman kappfinder kapptemplate kate katomic kbattleship kblackbox kblocks kbounce kbreakout kbruch kbugbuster kcachegrind kcalc kcharselect kcolorchooser kcron kde4-audiocd kde4-filesharing kde4-l10n-ar kde4-l10n-bg kde4-l10n-ca kde4-l10n-cs kde4-l10n-csb kde4-l10n-da kde4-l10n-de kde4-l10n-el kde4-l10n-en_GB kde4-l10n-eo kde4-l10n-es kde4-l10n-et kde4-l10n-eu kde4-l10n-fi kde4-l10n-fr kde4-l10n-fy kde4-l10n-ga kde4-l10n-gl kde4-l10n-gu kde4-l10n-he kde4-l10n-hi kde4-l10n-hu kde4-l10n-is kde4-l10n-it kde4-l10n-ja kde4-l10n-kk kde4-l10n-km kde4-l10n-kn kde4-l10n-ko kde4-l10n-ku kde4-l10n-lt kde4-l10n-lv kde4-l10n-mai kde4-l10n-mk kde4-l10n-ml kde4-l10n-nb kde4-l10n-nds kde4-l10n-nl kde4-l10n-nn kde4-l10n-pa kde4-l10n-pl kde4-l10n-pt kde4-l10n-pt_BR kde4-l10n-ro kde4-l10n-ru kde4-l10n-sl kde4-l10n-sr kde4-l10n-sv kde4-l10n-ta kde4-l10n-tg kde4-l10n-th kde4-l10n-tr kde4-l10n-uk kde4-l10n-wa kde4-l10n-zh_CN kde4-l10n-zh_TW kde4-lilo kde4-macros kde4-nsplugins kde4-style-iaora kde4-style-iaora-common kdeaccessibility4 kdeaccessibility4-core kdeaccessibility4-devel kdeadmin4 kdeartwork4 kdeartwork4-color-schemes kdeartwork4-emoticons kdeartwork4-icons-theme-kdeclassic kdeartwork4-kscreensaver kdeartwork4-sounds kdeartwork4-styles kdeartwork4-wallpapers kdebase4 kdebase4-devel kdebase4-runtime kdebase4-runtime-devel kdebase4-workspace kdebase4-workspace-devel kdeedu4 kdeedu4-core kdeedu4-devel kdegames4 kdegames4-core kdegames4-devel kdegraphics4 kdegraphics4-core kdegraphics4-devel kdelibs4-core kdelibs4-devel kdemultimedia4 kdemultimedia4-core kdemultimedia4-devel kdenetwork4 kdenetwork4-core kdenetwork4-devel kdenetwork4-kopete-latex kdepasswd kdepim4 kdepim4-akonadi kdepim4-core kdepim4-devel kdepim4-kresources kdepim4-wizards kdepimlibs4-core kdepimlibs4-devel kdeplasma-addons kdeplasma-addons-devel kdesdk4 kdesdk4-core kdesdk4-devel kdesdk4-po2xml kdesdk4-scripts kdesdk4-strigi-analyzer kdessh kdetoys4-devel kdeutils4 kdeutils4-core kdevelop4 kdevelop4-devel kdevelop4-doc kdevplatform4 kdewebdev4 kdewebdev4-devel kdf kdialog kdiamond kdm kdnssd keditbookmarks kfilereplace kfind kfloppy kfourinline kgamma kgeography kget kgoldrunner kgpg khangman kig killbots kimagemapeditor kimono kimono-devel kinfocenter kipi-common kipi-plugins kipi-plugins-devel kiriki kiten kjots kjumpingcube kleopatra klettres klines klinkstatus kmag kmahjongg kmail kmailcvt kmines kmix kmousetool kmouth kmplot kmtrace knetwalk knetworkconf knode knotes kode kolf kollision kolourpaint kommander kompare konqueror konquest konsole kontact kopete korganizer kpat kpilot kppp kppp-provider krdc kreversi krfb kruler ksame kscd ksendemail kshisen ksirk ksnapshot kspaceduel ksquares kstars ksudoku ksystemlog kteatime ktimer ktimetracker ktorrent ktorrent-devel ktouch kttsd ktuberling kturtle ktux kubrick kuiviewer kuser kwallet kwallet-daemon kweather kwordquiz kwrite kxsldbg libakonadi-kabc4 libakonadi-kabccommon4 libakonadi-kcal4 libakonadi-kde4 libakonadi-kmime4 libakonadiprivate1 libakonadiprotocolinternals1 libakregatorinterfaces4 libakregatorprivate4 libamarok-devel libamaroklib1 libamarokpud1 libanalitza4 libantlr4 libaudiocdplugins4 libavogadro-kalzium0 libbtcore9 libcompoundviewer4 libcv2 libcvaux2 libcxcore2 libdigikamcore1 libdigikamdatabase1 libdigikam-devel libdolphinprivate4 libexiv2_5 libexiv2-devel libgadu_kopete1 libggadget1.0_0 libggadget-gtk1.0_0 libggadget-npapi1.0_0 libggadget-qt1.0_0 libgoogle-gadgets-devel libgpgme++2 libgpod libgpod4 libgpod-devel libgwenviewlib4 libgwsoap4 libhighgui2 libical0 libical-devel libicalss0 libicalvcal0 libimap4 libiris_kopete1 libiris_ksirk2 libk3b4 libk3bdevice6 libkabc4 libkabc_file_core4 libkabc_groupdav4 libkabc_groupwise4 libkabckolab4 libkabcommon4 libkabcscalix4 libkabc_slox4 libkabc_xmlrpc4 libkabinterfaces4 libkaddressbookprivate4 libkalarm_resources4 libkateinterfaces4 libkblog4 libkcal4 libkcal_groupdav4 libkcal_groupwise4 libkcalkolab4 libkcal_resourceblog4 libkcal_resourcefeatureplan4 libkcal_resourceremote4 libkcalscalix4 libkcal_slox4 libkcal_xmlrpc4 libkcddb4 libkcompactdisc4 libkdcraw7 libkdcraw-common libkde3support4 libkdecorations4 libkdecore5 libkdeeduui4 libkdefakes5 libkdegames5 libkdepim4 libkdesu5 libkdeui5 libkdevplatform4-devel libkdevplatforminterfaces1 libkdevplatformlanguage1 libkdevplatformoutputview1 libkdevplatformproject1 libkdevplatformshell1 libkdevplatformtestshell1 libkdevplatformutil1 libkdevplatformvcs1 libkdevplatformveritas1 libkdnssd4 libkeduvocdocument4 libkephal4 libkerfuffle4 libkexiv2_7 libkfile4 libkfontinst4 libkfontinstui4 libkgetcore4 libkggzgames4 libkggzmod4 libkggznet4 libkgroupwarebase4 libkgroupwaredav4 libkholidays4 libkhotkeysprivate4 libkhtml5 libkimap4 libkimproxy4 libkio5 libkipi6 libkipiplugins1 libkiten4 libkjs4 libkjsapi4 libkjsembed4 libkldap4 libkleo4 libkleopatraclientcore4 libkleopatraclientgui4 libklinkstatuscommon4 libkmahjongglib4 libkmailprivate4 libkmediaplayer4 libkmime4 libknewstuff2_4 libknodecommon4 libknoteskolab4 libknotesscalix4 libknotes_xmlrpc4 libknotifyconfig4 libkntlm4 libkocorehelper4 libkode4 libkolfprivate4 libkolourpaint_lgpl4 libkommandercore4 libkommanderwidgets4 libkomparedialogpages4 libkomparediff24 libkompareinterface4 libkonq5 libkonqsidebarplugin4 libkonquerorprivate4 libkontactinterfaces4 libkontactprivate4 libkopete4 libkopeteaddaccountwizard1 libkopetechatwindow_shared1 libkopeteidentity1 libkopete_oscar4 libkopete_otr_shared1 libkopeteprivacy1 libkopetestatusmenu1 libkopete_videodevice4 libkorganizer_calendar4 libkorganizer_eventviewer4 libkorganizer_interfaces4 libkorganizerprivate4 libkorg_stdprinting4 libkparts4 libkpgp4 libkpilot5 libkpimidentities4 libkpimutils4 libkpty4 libkresources4 libkrosscore4 libkrossui4 libksane0 libkschema4 libkschemawidgets4 libkscreensaver5 libksgrd4 libksieve4 libkslox4 libkstartperf4 libktcore8 libktexteditor4 libktnef4 libktrace4 libkttsd4 libktupnp4 libkunittest4 libkutils4 libkwalletbackend4 libkwineffects1 libkwinnvidiahack4 libkworkspace4 libkxmlcommon4 libkxmlrpcclient4 libkyahoo1 liblancelot0 liblsofui4 libmaildir4 libmailtransport4 libmarblewidget4 libmediadevicelib1 libmimelib4 libml2 libmsn0 libmsn-devel libmsn-test libnepomuk4 libnepomukpeopletag0 libnepomukquery4 libnepomukqueryclient4 liboktetacore4 liboktetagui4 libokularcore1 liboscar1 libphonon4 libphononexperimental4 libplasma3 libplasma_applet_system_monitor4 libplasmaclock4 libplasmacomicprovidercore1 libplasmaconverter4 libprocesscore4 libprocessui4 libqassistant4 libqgpgme1 libqt3support4 libqt4-devel libqtclucene4 libqtcore4 libqtdbus4 libqtdesigner4 libqtgui4 libqthelp4 libqtnetwork4 libqtopengl4 libqtruby4shared2 libqtscript4 libqtscripttools4 libqtsql4 libqtsvg4 libqttest4 libqtwebkit4 libqtxml4 libqtxmlpatterns4 libqyotoshared1 libSatLib4 libschema4 libscience4 libsearchclient0 libsmokeakonadi2 libsmokekde2 libsmokekhtml2 libsmokenepomuk2 libsmokeplasma2 libsmokeqsci2 libsmokeqt2 libsmokeqtscript2 libsmokeqttest2 libsmokeqtuitools2 libsmokeqtwebkit2 libsmokesolid2 libsmokesoprano2 libsmoketexteditor2 libsolid4 libsolidcontrol4 libsolidcontrolifaces4 libsoprano4 libsopranoclient1 libsopranoindex1 libsopranoserver1 libstreamanalyzer0 libstreams0 libstrigihtmlgui0 libstrigiqtdbusclient0 libsublime1 libsuperkaramba4 libsyndication4 libtaskmanager4 libthreadweaver4 libunicap2 libunicap-devel libweather_ion4 libwscl4 libwsdl4 lokalize lskat mandriva-kde4-config-common mandriva-kde-translation mandriva-kdm4-config marble marble-common nepomuk-kde nepomuk-kde-devel okteta okular one-kde4-config opencv-devel opencv-doc opencv-samples oxygen-icon-theme parley phonon-devel phonon-gstreamer phonon-xine phpqt pinentry-curses pinentry-gtk2 pinentry-qt pinentry-qt4 plasma-applet-battery plasma-applet-bball plasma-applet-binaryclock plasma-applet-bluemarble plasma-applet-calculator plasma-applet-calendar plasma-applet-charselect plasma-applet-comic plasma-applet-dict plasma-applet-didyouknow plasma-applet-eyes plasma-applet-fifteenpuzzle plasma-applet-filewatcher plasma-applet-folderview plasma-applet-frame plasma-applet-fuzzy-clock plasma-applet-incomingmsg plasma-applet-kolourpicker plasma-applet-konqprofiles plasma-applet-konsoleprofiles plasma-applet-kworldclock plasma-applet-lancelot plasma-applet-leavenote plasma-applet-life plasma-applet-luna plasma-applet-news plasma-applet-notes plasma-applet-nowplaying plasma-applet-paste plasma-applet-pastebin plasma-applet-previewer plasma-applet-quicklaunch plasma-applet-rssnow plasma-applet-showdashboard plasma-applet-showdesktop plasma-applet-system-monitor-cpu plasma-applet-system-monitor-hdd plasma-applet-system-monitor-hwinfo plasma-applet-system-monitor-net plasma-applet-system-monitor-temperature plasma-applet-timer plasma-applet-twitter plasma-applet-weatherstation plasma-applet-webbrowser plasma-dataengine-comic plasma-dataengine-twitter plasma-desktoptheme-aya plasma-desktoptheme-clean-blend plasma-desktoptheme-default plasma-desktoptheme-elegance plasma-desktoptheme-heron plasma-desktoptheme-silicon plasma-desktoptheme-slim-glow plasma-engine-kalzium plasma-krunner-powerdevil plasma-runner-browserhistory plasma-runner-contacts plasma-runner-converter plasma-runner-katesessions plasma-runner-konquerorsessions plasma-runner-konsolesessions plasma-runner-places plasma-runner-spellchecker powerpack-kde4-config python-gpod python-kde4 python-kde4-doc python-opencv python-qt4 python-qt4-assistant python-qt4-core python-qt4-designer python-qt4-devel python-qt4-gui python-qt4-help python-qt4-network python-qt4-opengl python-qt4-script python-qt4-sql python-qt4-svg python-qt4-test python-qt4-webkit python-qt4-xml python-qt4-xmlpatterns python-sip qt4-accessibility-plugin qt4-assistant qt4-common qt4-database-plugin-mysql qt4-database-plugin-odbc qt4-database-plugin-pgsql qt4-database-plugin-sqlite qt4-database-plugin-tds qt4-designer qt4-doc qt4-examples qt4-graphicssystems-plugin qt4-linguist qt4-qdoc3 qt4-qtconfig qt4-qtdbus qt4-qvfb qt4-style-iaora qt4-xmlpatterns qtscriptbindings qtscriptgenerator quassel quassel-client quassel-common quassel-core qyoto qyoto-devel ruby-kde4 ruby-kde4-devel ruby-qt4 ruby-qt4-devel smoke4-devel soprano soprano-devel step strigi strigi-devel strigi-gui superkaramba sweeper taglib-extras taglib-extras-devel task-kde4 task-kde4-devel task-kde4-minimal umbrello Update: Tue Jun 23 07:15:45 2009 Importance: bugfix ID: MDVA-2009:118 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:118 %pre Mandriva Linux 2009 was released with KDE4 version 4.1. This update upgrades KDE4 in Mandriva Linux 2009 to version 4.2, which brings many bugfixes and overall improvements. %description Software Development Kit for the K Desktop Environment. %package aspell-nb Update: Fri Jun 26 14:15:55 2009 Importance: bugfix ID: MDVA-2009:120 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:120 %pre The outdated aspell-no package was deprecated due to change of the 'no' (Norwegian) language code to 'nb' (Norwegian Bokml) resulting in breakage with tools attempting to use the 'nb' dictionary. %description A Norwegian Bokmaal dictionary for use with aspell, a spelling checker. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-beagle mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-ga mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Fri Jun 26 15:50:55 2009 Importance: security ID: MDVSA-2009:083 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 %pre A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionaly, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architechture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-beagle mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-ga mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Fri Jun 26 15:51:28 2009 Importance: security ID: MDVSA-2009:083 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 %pre A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionaly, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architechture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package jasper libjasper1 libjasper1-devel libjasper1-static-devel Update: Fri Jun 26 20:51:54 2009 Importance: security ID: MDVSA-2009:142 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 %pre Multiple security vulnerabilities has been identified and fixed in jasper: The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert (CVE-2007-2721). Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). The jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). The updated packages have been patched to prevent this. %description JasPer is a software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard (i.e., ISO/IEC 15444-1). This package contains tools for working with JPEG-2000 images. %package boost-examples libboost1.36.0 libboost-devel libboost-static-devel libmeanwhile1 libmeanwhile1-devel libmeanwhile1-doc libmesagl1 libmesagl1-devel libmesaglu1 libmesaglu1-devel libmesaglut3 libmesaglut3-devel libmesaglw1 libmesaglw1-devel mesa mesa-common-devel mesa-demos mesa-source Update: Fri Jun 26 21:50:17 2009 Importance: bugfix ID: MDVA-2009:118-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:118-1 %pre Mandriva Linux 2009 was released with KDE4 version 4.1. This update upgrades KDE4 in Mandriva Linux 2009 to version 4.2, which brings many bugfixes and overall improvements. Update: The previous kde4 update added additional dependencies that was not fulfilled. This fixes the update, which would not work via MandrivaUpdate. %description Mesa is an OpenGL 2.1 compatible 3D graphics library. %package ghostscript ghostscript-common ghostscript-doc ghostscript-dvipdf ghostscript-module-X ghostscript-X libgs8 libgs8-devel libijs1 libijs1-devel Update: Sat Jun 27 17:53:37 2009 Importance: security ID: MDVSA-2009:144 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 %pre Multiple security vulnerabilities has been identified and fixed in ghostscript: Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. %description Ghostscript is a set of software tools that provide a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped and vector formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. You should install ghostscript if you need to display PostScript or PDF files, or if you have a non-PostScript printer. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Sun Jun 28 16:37:04 2009 Importance: security ID: MDVSA-2009:145 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:145 %pre A vulnerability has been found and corrected in PHP: - Fixed upstream bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libc-client0 libc-client-devel Update: Mon Jun 29 15:10:24 2009 Importance: security ID: MDVSA-2009:146 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:146 %pre Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program (CVE-2008-5005). smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code (CVE-2008-5006). Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow (CVE-2008-5514). The updated packages have been patched to prevent this. Note that the software was renamed to c-client starting from Mandriva Linux 2009.0 and only provides the shared c-client library for the imap functions in PHP. %description The c-client library is a common API for accessing mailboxes developed at the University of Washington. It is used mainly by php in Mandriva Linux. %package timezone timezone-java Update: Mon Jun 29 16:19:11 2009 Importance: normal ID: MDVA-2009:122 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:122 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package finch libfinch0 libpurple0 libpurple-devel pidgin pidgin-bonjour pidgin-client pidgin-gevolution pidgin-i18n pidgin-meanwhile pidgin-mono pidgin-perl pidgin-plugins pidgin-silc pidgin-tcl Update: Tue Jun 30 19:13:36 2009 Importance: security ID: MDVSA-2009:147 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:147 %pre Security vulnerabilities has been identified and fixed in pidgin: Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information (CVE-2009-1373). Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet (CVE-2009-1374). The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol (CVE-2009-1375). Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927 (CVE-2009-1376). This update provides pidgin 2.5.8, which is not vulnerable to these issues. %description Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. %package digikam libdigikamcore1 libdigikamdatabase1 libdigikam-devel Update: Sat Jul 04 17:44:51 2009 Importance: bugfix ID: MDVA-2009:127 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:127 %pre With the last major KDE4 upgrade in Mandriva 2009 digikam stopped to work, this update rebuilds digikam to the new Qt4 version making digikam work again. %description DigiKam is an advanced digital photo management application for KDE. Photos can be collected into albums which can be sorted chronologically, by directory layout or by custom collections. DigiKam also provides tagging functionality. Images can be tagged despite of their position and digiKam provides fast and intuitive ways to browse them. User comments and customized meta-information added to images, are stored into a database and retrieved to make them available into the user interface. As soon as the camera is plugged in digikam allows you to preview, download, upload and delete images. Digikam also includes tools like Image Editor, to modify photos using plugins such as red eye correction or Gamma correction, exif management,... Light Table to make artistic photos and an external image editor such as Showfoto. Digikam also uses KIPI plugins (KDE Image Plugin Interface) to increase its functionalities. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Thu Jul 09 13:58:40 2009 Importance: security ID: MDVSA-2009:149 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:149 %pre Multiple vulnerabilities has been found and corrected in apache: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). This update provides fixes for these vulnerabilities. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Thu Jul 09 14:00:20 2009 Importance: security ID: MDVSA-2009:149 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:149 %pre Multiple vulnerabilities has been found and corrected in apache: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). This update provides fixes for these vulnerabilities. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Update: Mon Jul 13 19:25:59 2009 Importance: security ID: MDVSA-2009:150 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:150 %pre Multiple vulnerabilities has been found and corrected in libtiff: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package null null-dummy Update: Mon Jul 13 22:26:18 2009 Importance: bugfix ID: MDVA-2009:999 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:999 %pre Testing mkadvisory for MES5. %description Dummy package. %package dhcp-client dhcp-common dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Wed Jul 15 19:29:11 2009 Importance: security ID: MDVSA-2009:151 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:151 %pre A vulnerability has been found and corrected in ISC DHCP: Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option (CVE-2009-0692). This update provides fixes for this vulnerability. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package libpulseaudio0 libpulseaudio-devel libpulsecore5 libpulseglib20 libpulsezeroconf0 pulseaudio pulseaudio-esound-compat pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils Update: Fri Jul 17 14:18:02 2009 Importance: security ID: MDVSA-2009:152 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:152 %pre A vulnerability has been found and corrected in pulseaudio: Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link (CVE-2009-1894). This update provides fixes for this vulnerability. %description pulseaudio is a sound server for Linux and other Unix like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (EsounD). In addition to the features EsounD provides pulseaudio has: * Extensible plugin architecture (by loading dynamic loadable modules with dlopen()) * Support for more than one sink/source * Better low latency behaviour * Embedabble into other software (the core is available as C library) * Completely asynchronous C API * Simple command line interface for reconfiguring the daemon while running * Flexible, implicit sample type conversion and resampling * "Zero-Copy" architecture * Module autoloading * Very accurate latency measurement for playback and recording. * May be used to combine multiple sound cards to one (with sample rate adjustment) * Client side latency interpolation %package libpulseaudio0 libpulseaudio-devel libpulsecore5 libpulseglib20 libpulsezeroconf0 pulseaudio pulseaudio-esound-compat pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils Update: Fri Jul 17 14:25:03 2009 Importance: security ID: MDVSA-2009:152 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:152 %pre A vulnerability has been found and corrected in pulseaudio: Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link (CVE-2009-1894). This update provides fixes for this vulnerability. %description pulseaudio is a sound server for Linux and other Unix like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (EsounD). In addition to the features EsounD provides pulseaudio has: * Extensible plugin architecture (by loading dynamic loadable modules with dlopen()) * Support for more than one sink/source * Better low latency behaviour * Embedabble into other software (the core is available as C library) * Completely asynchronous C API * Simple command line interface for reconfiguring the daemon while running * Flexible, implicit sample type conversion and resampling * "Zero-Copy" architecture * Module autoloading * Very accurate latency measurement for playback and recording. * May be used to combine multiple sound cards to one (with sample rate adjustment) * Client side latency interpolation %package dhcp-client dhcp-common dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Sun Jul 19 15:57:36 2009 Importance: security ID: MDVSA-2009:154 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:154 %pre A vulnerability has been found and corrected in ISC DHCP: ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). This update provides fixes for this vulnerability. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package dhcp-client dhcp-common dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Sun Jul 19 16:11:00 2009 Importance: security ID: MDVSA-2009:154 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:154 %pre A vulnerability has been found and corrected in ISC DHCP: ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). This update provides fixes for this vulnerability. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package perl-Compress-Raw-Zlib Update: Sun Jul 19 22:43:32 2009 Importance: security ID: MDVSA-2009:157 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:157 %pre A vulnerability has been found and corrected in perl-Compress-Raw-Zlib: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009 (CVE-2009-1391). This update provides fixes for this vulnerability. %description Low-Level Interface to zlib compression library. %package libpango1.0_0 libpango1.0_0-modules libpango1.0-devel pango pango-doc Update: Thu Jul 23 23:57:27 2009 Importance: security ID: MDVA-2009:158 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:158 %pre Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. %description A library to handle unicode strings as well as complex bidirectional or context dependent shaped strings. It is the next step on Gtk+ internationalization. %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Mon Jul 27 14:06:18 2009 Importance: security ID: MDVSA-2009:159 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:159 %pre A vulnerability has been found and corrected in mysql: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information (CVE-2009-2446). This update provides fixes for this vulnerability. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. Please see the documentation and the manual for more information. %package ruby ruby-devel ruby-doc ruby-tk Update: Mon Jul 27 21:25:32 2009 Importance: security ID: MDVSA-2009:160 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:160 %pre The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package squid squid-cachemgr Update: Mon Jul 27 22:39:07 2009 Importance: security ID: MDVSA-2009:161 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 %pre Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses. Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses. This update provides fixes for these vulnerabilities. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package debugmode initscripts Update: Tue Jul 28 22:05:00 2009 Importance: security ID: MDVSA-2009:170 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:170 %pre Mandriva Security team has identified and fixed a vulnerability in initscripts which could lead to partial wireless password disclosure for WPA/WPA2 passwords of certain length which contained spaces. This update fixes the vulnerability. %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package debugmode initscripts Update: Tue Jul 28 22:06:48 2009 Importance: security ID: MDVSA-2009:170 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:170 %pre Mandriva Security team has identified and fixed a vulnerability in initscripts which could lead to partial wireless password disclosure for WPA/WPA2 passwords of certain length which contained spaces. This update fixes the vulnerability. %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package bind bind-devel bind-doc bind-utils Update: Wed Jul 29 19:36:07 2009 Importance: security ID: MDVSA-2009:181 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:181 %pre A vulnerability has been found and corrected in ISC BIND: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009 (CVE-2009-0696). This update provides fixes for this vulnerability. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-thunderbird-beagle xulrunner yelp Update: Fri Jul 31 02:13:59 2009 Importance: security ID: MDVSA-2009:182 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:182 %pre Security vulnerabilities have been discovered and corrected in Mozilla Firefox 3.0.x: Several flaws were discovered in the Firefox browser and JavaScript engines, which could allow a malicious website to cause a denial of service or possibly execute arbitrary code with user privileges. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2468, CVE-2009-2471) Attila Suszter discovered a flaw in the way Firefox processed Flash content, which could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2467) It was discovered that Firefox did not properly handle some SVG content, which could lead to a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2469) A flaw was discovered in the JavaScript engine which could be used to perform cross-site scripting attacks. (CVE-2009-2472) This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package apache-mod_auth_mysql Update: Sat Aug 01 13:16:14 2009 Importance: security ID: MDVSA-2009:189 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:189 %pre A vulnerability has been found and corrected in mod_auth_mysql: SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input (CVE-2008-2384). This update provides fixes for this vulnerability. %description mod_auth_mysql is an Apache module to authenticate users and authorize access through a MySQL database. It is flexible and support several encryption methods. %package libOpenEXR6 libOpenEXR-devel OpenEXR Update: Sun Aug 02 21:09:21 2009 Importance: security ID: MDVSA-2009:190 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:190 %pre Multiple vulnerabilities has been found and corrected in OpenEXR: Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information (CVE-2009-1720). The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer (CVE-2009-1721). This update provides fixes for these vulnerabilities. %description Industrial Light & Magic developed the OpenEXR format in response to the demand for higher color fidelity in the visual effects industry. %package ruby ruby-devel ruby-doc ruby-tk Update: Wed Aug 05 21:53:07 2009 Importance: security ID: MDVSA-2009:193 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:193 %pre ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. This update corrects the problem, including for older ruby versions. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Thu Aug 06 02:07:13 2009 Importance: security ID: MDVSA-2009:194 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:194 %pre Vulnerabilities have been discovered in wireshark package, which could lead to application crash via radius, infiniband and afs dissectors (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563). This update provides a fix for those vulnerabilities. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package apr-util-dbd-freetds apr-util-dbd-ldap apr-util-dbd-mysql apr-util-dbd-odbc apr-util-dbd-pgsql apr-util-dbd-sqlite3 libapr1 libapr-devel libapr-util1 libapr-util-devel Update: Thu Aug 06 13:38:29 2009 Importance: security ID: MDVSA-2009:195 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:195 %pre A vulnerability has been identified and corrected in apr and apr-util: Fix potential overflow in pools (apr) and rmm (apr-util), where size alignment was taking place (CVE-2009-2412). This update provides fixes for these vulnerabilities. %description The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. %package libnetapi0 libnetapi-devel libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel libsmbsharemodes0 libsmbsharemodes-devel libtalloc1 libtalloc-devel libtdb1 libtdb-devel libwbclient0 libwbclient-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Update: Fri Aug 07 15:38:03 2009 Importance: security ID: MDVSA-2009:196 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 %pre Multiple vulnerabilities has been found and corrected in samba: Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename (CVE-2009-1886). The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory (CVE-2009-1888). This update provides samba 3.2.13 to address these issues. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package libnspr4 libnspr-devel libnss3 libnss-devel libnss-static-devel nss Update: Fri Aug 07 20:51:03 2009 Importance: security ID: MDVSA-2009:197 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 %pre Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. For detailed information on standards supported, see http://www.mozilla.org/projects/security/pki/nss/overview.html. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-thunderbird-beagle xulrunner yelp Update: Fri Aug 07 21:07:52 2009 Importance: security ID: MDVSA-2009:198 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:198 %pre Security issues were identified and fixed in firefox 3.0.x: Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location (CVE-2009-2654). Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client (CVE-2009-2404). IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions (CVE-2009-2408). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package squid squid-cachemgr Update: Sat Aug 08 10:46:46 2009 Importance: security ID: MDVSA-2009:178-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:178-1 %pre Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses (CVE-2009-2621). Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses (CVE-2009-2622). This update provides fixes for these vulnerabilities. Update: Additional upstream security patches were applied: Debug warnings fills up the logs. Upstream Bug 2728: regression: assertion failed: http.cc:705: !eof %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package squid squid-cachemgr Update: Sat Aug 08 10:54:47 2009 Importance: security ID: MDVSA-2009:178-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:178-1 %pre Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses (CVE-2009-2621). Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses (CVE-2009-2622). This update provides fixes for these vulnerabilities. Update: Additional upstream security patches were applied: Debug warnings fills up the logs. Upstream Bug 2728: regression: assertion failed: http.cc:705: !eof %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package squid squid-cachemgr Update: Sat Aug 08 11:03:02 2009 Importance: security ID: MDVSA-2009:161-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:161-1 %pre Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses (CVE-2009-2621). Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses (CVE-2009-2622). This update provides fixes for these vulnerabilities. Update: Additional upstream security patches were applied: Debug warnings fills up the logs. Upstream Bug 2728: regression: assertion failed: http.cc:705: !eof %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package libv4l0 libv4l libv4l-devel libv4l-wrappers Update: Sat Aug 08 12:13:23 2009 Importance: bugfix ID: MDVA-2009:144 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:144 %pre This update addresses the issue of urpmi preventing installation of both i586/x86_64 versions of libv4l wrappers (Mandriva bug #45316). Updated packages are provided to fix this issue. %description libv4l is a collection of libraries which adds a thin abstraction layer on top of video4linux2 devices. The purpose of this (thin) layer is to make it easy for application writers to support a wide variety of devices without having to write separate code for different devices in the same class. %package apache-mod_dav_svn apache-mod_dontdothat libsvn0 libsvnjavahl0 perl-SVN python-svn ruby-svn subversion subversion-devel subversion-doc subversion-server subversion-tools svn-javahl Update: Sat Aug 08 22:11:46 2009 Importance: security ID: MDVSA-2009:199 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:199 %pre A vulnerability has been found and corrected in subversion: Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412 (CVE-2009-2411). This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed. %description Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion also keeps a log of who, when, and why changes occured. As such it basically does the same thing CVS does (Concurrent Versioning System) but has major enhancements compared to CVS and fixes a lot of the annoyances that CVS users face. This package contains the client, if you're looking for the server end of things you want subversion-repos. %package coreutils coreutils-doc Update: Sun Aug 09 14:34:04 2009 Importance: bugfix ID: MDVA-2009:146 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:146 %pre There is no man page for the su command. This update fixes this problem making the man page for the su command show again. %description These are the GNU core utilities. This package is the union of the old GNU fileutils, sh-utils, and textutils packages. These tools are the GNU versions of common useful and popular file & text utilities which are used for: - file management - shell scripts - modifying text file (spliting, joining, comparing, modifying, ...) Most of these programs have significant advantages over their Unix counterparts, such as greater speed, additional options, and fewer arbitrary limits. %package indilib libfli1 libfli-devel libindi0 libindi-devel Update: Mon Aug 10 15:23:15 2009 Importance: bugfix ID: MDVA-2009:147 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:147 %pre urpmi kstars or urpmi kdeedu4 results in dependency problems. This update addresses this issue. %description INDI is an instrument neutral distributed interface control protocol that aims to provide backend driver support and automation for a wide range of Astronomical devices (telescopes, focusers, CCDs..etc). %package libxml1 libxml1-devel libxml2_2 libxml2-devel libxml2-python libxml2-utils Update: Wed Aug 12 13:25:36 2009 Importance: security ID: MDVSA-2009:200 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:200 %pre Multiple vulnerabilities has been found and corrected in libxml: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2414). Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). This update provides a solution to these vulnerabilities. %description This library allows you to manipulate XML files. It includes support for reading, modifying and writing XML and HTML files. There is DTDs support: this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM-like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to a URI library. %package fetchmail fetchmailconf fetchmail-daemon Update: Wed Aug 12 18:59:32 2009 Importance: security ID: MDVSA-2009:201 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:201 %pre A vulnerability has been found and corrected in fetchmail: socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2666). This update provides a solution to this vulnerability. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package libnetapi0 libnetapi-devel libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel libsmbsharemodes0 libsmbsharemodes-devel libtalloc1 libtalloc-devel libtdb1 libtdb-devel libwbclient0 libwbclient-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Update: Fri Aug 14 14:53:56 2009 Importance: bugfix ID: MDVA-2009:151 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:151 %pre This is the last upstream maintenance release of the Samba 3.2 series. Major enhancements in 3.2.14 include: o Fix SAMR access checks (e.g. bugs #6089 and #6112). o Fix 'force user' (bug #6291). o Improve Win7 support (bug #6099). o Fix posix ACLs when setting an ACL without explicit ACE for the owner (bug #2346). %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package memcached Update: Fri Aug 14 17:07:12 2009 Importance: security ID: MDVSA-2009:202 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:202 %pre A vulnerability has been found and corrected in memcached: Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows (CVE-2009-2415). This update provides a solution to this vulnerability. Additionally memcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5 that contains a number of upstream fixes, the repcached patch has been upgraded to 2.2 as well. %description memcached is a flexible memory object caching daemon designed to alleviate database load in dynamic web applications by storing objects in memory. It's based on libevent to scale to any size needed, and is specifically optimized to avoid swapping and always use non-blocking I/O. The memcached server binary comes in two flavours: o memcached - with threading support o memcached-replication - with replication support %package memcached Update: Fri Aug 14 17:08:14 2009 Importance: security ID: MDVSA-2009:202 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:202 %pre A vulnerability has been found and corrected in memcached: Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows (CVE-2009-2415). This update provides a solution to this vulnerability. Additionally memcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5 that contains a number of upstream fixes, the repcached patch has been upgraded to 2.2 as well. %description memcached is a flexible memory object caching daemon designed to alleviate database load in dynamic web applications by storing objects in memory. It's based on libevent to scale to any size needed, and is specifically optimized to avoid swapping and always use non-blocking I/O. The memcached server binary comes in two flavours: o memcached - with threading support o memcached-replication - with replication support %package memcached Update: Fri Aug 14 17:13:12 2009 Importance: security ID: MDVSA-2009:202 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:202 %pre A vulnerability has been found and corrected in memcached: Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows (CVE-2009-2415). This update provides a solution to this vulnerability. Additionally memcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5 that contains a number of upstream fixes, the repcached patch has been upgraded to 2.2 as well. %description memcached is a flexible memory object caching daemon designed to alleviate database load in dynamic web applications by storing objects in memory. It's based on libevent to scale to any size needed, and is specifically optimized to avoid swapping and always use non-blocking I/O. The memcached server binary comes in two flavours: o memcached - with threading support o memcached-replication - with replication support %package curl curl-examples libcurl4 libcurl-devel Update: Sat Aug 15 14:46:56 2009 Importance: security ID: MDVSA-2009:203 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:203 %pre A vulnerability has been found and corrected in curl: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2417). This update provides a solution to this vulnerability. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with SSL (https) support. %package libwxgtk2.6 libwxgtk2.6-devel libwxgtk2.8 libwxgtk2.8-devel libwxgtkgl2.6 libwxgtkgl2.8 libwxgtkglu2.6 libwxgtkglu2.8 libwxgtku2.6 libwxgtku2.6-devel libwxgtku2.8 libwxgtku2.8-devel wxGTK2.6 wxgtk2.8 Update: Sun Aug 16 22:57:20 2009 Importance: security ID: MDVSA-2009:204 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:204 %pre A vulnerability has been found and corrected in wxgtk: Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information (CVE-2009-2369). This update provides a solution to this vulnerability. %description wxWidgets is a free C++ library for cross-platform GUI development. With wxWidgets, you can create applications for different GUIs (GTK+, Motif/LessTif, MS Windows, Mac) from the same source code. %package alsa_raoppcm-kernel-2.6.27.24-desktop-2mnb alsa_raoppcm-kernel-2.6.27.24-desktop586-2mnb alsa_raoppcm-kernel-2.6.27.24-server-2mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.24-desktop-2mnb drm-experimental-kernel-2.6.27.24-desktop586-2mnb drm-experimental-kernel-2.6.27.24-server-2mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.24-desktop-2mnb et131x-kernel-2.6.27.24-desktop586-2mnb et131x-kernel-2.6.27.24-server-2mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.24-desktop-2mnb fcpci-kernel-2.6.27.24-desktop586-2mnb fcpci-kernel-2.6.27.24-server-2mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.24-desktop-2mnb fglrx-kernel-2.6.27.24-desktop586-2mnb fglrx-kernel-2.6.27.24-server-2mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.24-desktop-2mnb gnbd-kernel-2.6.27.24-desktop586-2mnb gnbd-kernel-2.6.27.24-server-2mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.24-desktop-2mnb hcfpcimodem-kernel-2.6.27.24-desktop586-2mnb hcfpcimodem-kernel-2.6.27.24-server-2mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.24-desktop-2mnb hsfmodem-kernel-2.6.27.24-desktop586-2mnb hsfmodem-kernel-2.6.27.24-server-2mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.24-desktop-2mnb hso-kernel-2.6.27.24-desktop586-2mnb hso-kernel-2.6.27.24-server-2mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.24-desktop-2mnb iscsitarget-kernel-2.6.27.24-desktop586-2mnb iscsitarget-kernel-2.6.27.24-server-2mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.24-2mnb kernel-desktop-2.6.27.24-2mnb kernel-desktop586-2.6.27.24-2mnb kernel-desktop586-devel-2.6.27.24-2mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.24-2mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.24-2mnb kernel-server-devel-2.6.27.24-2mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.24-2mnb kernel-source-latest kqemu-kernel-2.6.27.24-desktop-2mnb kqemu-kernel-2.6.27.24-desktop586-2mnb kqemu-kernel-2.6.27.24-server-2mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.24-desktop-2mnb lirc-kernel-2.6.27.24-desktop586-2mnb lirc-kernel-2.6.27.24-server-2mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.24-desktop-2mnb lzma-kernel-2.6.27.24-desktop586-2mnb lzma-kernel-2.6.27.24-server-2mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.24-desktop-2mnb madwifi-kernel-2.6.27.24-desktop586-2mnb madwifi-kernel-2.6.27.24-server-2mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.24-desktop-2mnb nvidia173-kernel-2.6.27.24-desktop586-2mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.24-desktop-2mnb nvidia71xx-kernel-2.6.27.24-desktop586-2mnb nvidia71xx-kernel-2.6.27.24-server-2mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.24-desktop-2mnb nvidia96xx-kernel-2.6.27.24-desktop586-2mnb nvidia96xx-kernel-2.6.27.24-server-2mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.24-desktop-2mnb nvidia-current-kernel-2.6.27.24-desktop586-2mnb nvidia-current-kernel-2.6.27.24-server-2mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.24-desktop-2mnb omfs-kernel-2.6.27.24-desktop586-2mnb omfs-kernel-2.6.27.24-server-2mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.24-desktop-2mnb omnibook-kernel-2.6.27.24-desktop586-2mnb omnibook-kernel-2.6.27.24-server-2mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.24-desktop-2mnb opencbm-kernel-2.6.27.24-desktop586-2mnb opencbm-kernel-2.6.27.24-server-2mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.24-desktop-2mnb ov51x-jpeg-kernel-2.6.27.24-desktop586-2mnb ov51x-jpeg-kernel-2.6.27.24-server-2mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.24-desktop-2mnb qc-usb-kernel-2.6.27.24-desktop586-2mnb qc-usb-kernel-2.6.27.24-server-2mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.24-desktop-2mnb rt2860-kernel-2.6.27.24-desktop586-2mnb rt2860-kernel-2.6.27.24-server-2mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.24-desktop-2mnb rt2870-kernel-2.6.27.24-desktop586-2mnb rt2870-kernel-2.6.27.24-server-2mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.24-desktop-2mnb rtl8187se-kernel-2.6.27.24-desktop586-2mnb rtl8187se-kernel-2.6.27.24-server-2mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.24-desktop-2mnb slmodem-kernel-2.6.27.24-desktop586-2mnb slmodem-kernel-2.6.27.24-server-2mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.24-desktop-2mnb squashfs-lzma-kernel-2.6.27.24-desktop586-2mnb squashfs-lzma-kernel-2.6.27.24-server-2mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.24-desktop-2mnb tp_smapi-kernel-2.6.27.24-desktop586-2mnb tp_smapi-kernel-2.6.27.24-server-2mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.24-desktop-2mnb vboxadd-kernel-2.6.27.24-desktop586-2mnb vboxadd-kernel-2.6.27.24-server-2mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.24-desktop-2mnb vboxvfs-kernel-2.6.27.24-desktop586-2mnb vboxvfs-kernel-2.6.27.24-server-2mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.24-desktop-2mnb vhba-kernel-2.6.27.24-desktop586-2mnb vhba-kernel-2.6.27.24-server-2mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.24-desktop-2mnb virtualbox-kernel-2.6.27.24-desktop586-2mnb virtualbox-kernel-2.6.27.24-server-2mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.24-desktop-2mnb vpnclient-kernel-2.6.27.24-desktop586-2mnb vpnclient-kernel-2.6.27.24-server-2mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Mon Aug 17 23:10:41 2009 Importance: security ID: MDVSA-2009:205 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:205 %pre A vulnerability was discovered and corrected in the Linux 2.6 kernel: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation on a PF_PPPOX socket. (CVE-2009-2692) To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package wget Update: Tue Aug 18 22:13:07 2009 Importance: security ID: MDVSA-2009:206 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:206 %pre A vulnerability has been found and corrected in wget: SUSE discovered a security issue in wget related to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 This update provides a solution to this vulnerability. %description GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. %package iptables libiptables0 libiptables-devel Update: Thu Aug 20 12:07:18 2009 Importance: bugfix ID: MDVA-2009:152 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:152 %pre This is a version update of iptables 1.4.1.1 to 1.4.2 and is provided to support all new features of the 2.6.27 kernel. %description iptables controls the Linux kernel network packet filtering code. It allows you to set up firewalls and IP masquerading, etc. Install iptables if you need to set up firewalling for your network. %package libgadu3 libgadu-devel Update: Thu Aug 20 16:24:16 2009 Importance: security ID: MDVSA-2009:208 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:208 %pre A vulnerability has been found and corrected in libgadu: libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read (CVE-2008-4776). This update provides a solution to this vulnerability. %description The libgadu is intended to make it easy to add Gadu-Gadu communication support to your software. %package java-1.6.0-openjdk java-1.6.0-openjdk-demo java-1.6.0-openjdk-devel java-1.6.0-openjdk-javadoc java-1.6.0-openjdk-plugin java-1.6.0-openjdk-src Update: Thu Aug 20 23:45:00 2009 Importance: security ID: MDVSA-2009:209 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 %pre Multiple Java OpenJDK security vulnerabilities has been identified and fixed: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation specifies an HMAC truncation length (HMACOutputLength) but does not require a minimum for its length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits (CVE-2009-0217). The Java Web Start framework does not properly check all application jar files trust and this allows context-dependent attackers to execute arbitrary code via a crafted application, related to NetX (CVE-2009-1896). Some variables and data structures without the final keyword definition allows context-depend attackers to obtain sensitive information. The target variables and data structures are stated as follow: (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475). The Java Management Extensions (JMX) implementation does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object (CVE-2009-2476). A flaw in the Xerces2 as used in OpenJDK allows remote attackers to cause denial of service via a malformed XML input (CVE-2009-2625). The audio system does not prevent access to java.lang.System properties either by untrusted applets and Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties (CVE-2009-2670). A flaw in the SOCKS proxy implementation allows remote attackers to discover the user name of the account that invoked either an untrusted applet or Java Web Start application via unspecified vectors (CVE-2009-2671). A flaw in the proxy mechanism implementation allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword (CVE-2009-2673). An integer overflow in the JPEG images parsing allows context-dependent attackers to gain privileges via an untrusted Java Web Start application that grants permissions to itself (CVE-2009-2674). An integer overflow in the unpack200 utility decompression allows context-dependent attackers to gain privileges via vectors involving either an untrusted applet or Java Web Start application that grants permissions to itself (CVE-2009-2675). A flaw in the JDK13Services.getProviders grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions either via an untrusted applet or application (CVE-2009-2689). A flaw in the OpenJDK's encoder, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information either via an untrusted applet or application (CVE-2009-2690). %description The OpenJDK runtime environment. This version is built without netbeans, so jvisualvm is disabled. %package gnutls libgnutls26 libgnutls-devel Update: Fri Aug 21 02:19:44 2009 Importance: security ID: MDVSA-2009:210 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:210 %pre A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). This update fixes this vulnerability. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package expat libexpat1 libexpat1-devel Update: Sun Aug 23 16:19:10 2009 Importance: security ID: MDVSA-2009:211 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:211 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. %description Expat is an XML 1.0 parser written in C by James Clark. It aims to be fully conforming. It is currently not a validating XML parser. %package libpython2.5 libpython2.5-devel python python-base python-docs tkinter tkinter-apps Update: Sun Aug 23 16:53:25 2009 Importance: security ID: MDVSA-2009:212 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:212 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package libpython2.5 libpython2.5-devel python python-base python-docs tkinter tkinter-apps Update: Sun Aug 23 16:53:45 2009 Importance: security ID: MDVSA-2009:212 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:212 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package libwxgtk2.6 libwxgtk2.6-devel libwxgtk2.8 libwxgtk2.8-devel libwxgtkgl2.6 libwxgtkgl2.8 libwxgtkglu2.6 libwxgtkglu2.8 libwxgtku2.6 libwxgtku2.6-devel libwxgtku2.8 libwxgtku2.8-devel wxGTK2.6 wxgtk2.8 Update: Sun Aug 23 17:43:31 2009 Importance: security ID: MDVSA-2009:213 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:213 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description wxWidgets is a free C++ library for cross-platform GUI development. With wxWidgets, you can create applications for different GUIs (GTK+, Motif/LessTif, MS Windows, Mac) from the same source code. %package python-celementtree Update: Sun Aug 23 19:25:07 2009 Importance: security ID: MDVSA-2009:214 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:214 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description This is an add-on to the standard ElementTree package, which adds a very fast and memory-efficient alternative implementation of the ElementTree API. %package audacity Update: Sun Aug 23 20:13:43 2009 Importance: security ID: MDVSA-2009:215 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:215 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description Audacity is a program that lets you manipulate digital audio waveforms. In addition to letting you record sounds directly from within the program, it imports many sound file formats, including WAV, AIFF, MP3 and Ogg/Vorbis. It supports all common editing operations such as Cut, Copy, and Paste, plus it will mix tracks and let you apply plug-in effects to any part of a sound. It also has a built-in amplitude envelope editor, a customizable spectrogram mode and a frequency analysis window for audio analysis applications. %package mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-ga mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Sun Aug 23 21:04:55 2009 Importance: security ID: MDVSA-2009:217 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 %pre A number of security vulnerabilities have been discovered in Mozilla Thunderbird: Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408). A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package kompozer kompozer-devel Update: Mon Aug 24 17:10:12 2009 Importance: security ID: MDVSA-2009:219 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:219 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. Additionally on 2009.0 a patch was added to prevent kompozer from crashing (#44830), on 2009.1 a format string patch was added to make it build with the -Wformat -Werror=format-security gcc optimization switch added in 2009.1 This update fixes these issues. %description Kompozer is a complete Web authoring system that combines web file management and easy-to-use WYSIWYG web page editing. Kompozer is designed to be extremely easy to use, making it ideal for non-technical computer users who want to create an attractive, professional-looking web site without needing to know HTML or web coding. Kompozer is an unofficial continuation of nvu, which was apparently abandoned in 2005. %package davfs Update: Mon Aug 24 18:07:09 2009 Importance: security ID: MDVSA-2009:220 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:220 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description WebDAV is an acronym for Web-based Distributed Authoring and Versioning. Usually http is a read only protocol, but if you install DAV on your web server, it becomes writable. Furthermore, if you use DAVfs, you can mount your web server onto your filesystem and can use it as a normal disk. %package libneon0.27 libneon0.27-devel libneon0.27-static-devel Update: Mon Aug 24 22:07:00 2009 Importance: security ID: MDVSA-2009:221 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:221 %pre Multiple vulnerabilities has been found and corrected in libneon0.27: neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564 (CVE-2009-2473). neon before 0.28.6, when OpenSSL is used, does not properly handle a '\0' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2474). This update provides a solution to these vulnerabilities. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package timezone timezone-java Update: Tue Aug 25 15:45:57 2009 Importance: bugfix ID: MDVA-2009:154 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:154 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird-beagle Update: Wed Aug 26 16:34:07 2009 Importance: security ID: MDVSA-2009:217-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:217-1 %pre A number of security vulnerabilities have been discovered in Mozilla Thunderbird: Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408). A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues. Update: The mozilla-thunderbird-beagle package was not rebuilt for mozilla-thunderbird 2.0.0.23. This update solves this issue. %description Beagle is an indexing sub-system and search aggregator built on top of Lucene.Net. It can index your files, mailboxes, your web browsing behaviour and other things. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird-beagle Update: Wed Aug 26 16:35:09 2009 Importance: security ID: MDVSA-2009:217-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:217-1 %pre A number of security vulnerabilities have been discovered in Mozilla Thunderbird: Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408). A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues. Update: The mozilla-thunderbird-beagle package was not rebuilt for mozilla-thunderbird 2.0.0.23. This update solves this issue. %description Beagle is an indexing sub-system and search aggregator built on top of Lucene.Net. It can index your files, mailboxes, your web browsing behaviour and other things. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird-beagle Update: Wed Aug 26 16:40:10 2009 Importance: bugfix ID: MDVA-2009:155 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:155 %pre The mozilla-thunderbird-beagle package was not rebuilt for mozilla-thunderbird 2.0.0.23. This update solves this issue. %description Beagle is an indexing sub-system and search aggregator built on top of Lucene.Net. It can index your files, mailboxes, your web browsing behaviour and other things. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox-ext-beagle mozilla-thunderbird-beagle Update: Wed Aug 26 16:40:38 2009 Importance: bugfix ID: MDVA-2009:155 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:155 %pre The mozilla-thunderbird-beagle package was not rebuilt for mozilla-thunderbird 2.0.0.23. This update solves this issue. %description Beagle is an indexing sub-system and search aggregator built on top of Lucene.Net. It can index your files, mailboxes, your web browsing behaviour and other things. %package akregator bomber bovo dolphin dragonplayer gwenview juk kaddressbook kalarm kamera kapman kappfinder katomic kbattleship kblackbox kblocks kbounce kbreakout kcolorchooser kde4-audiocd kde4-filesharing kde4-nsplugins kdebase4 kdebase4-devel kdebase4-workspace kdebase4-workspace-devel kdegames4 kdegames4-core kdegames4-devel kdegraphics4 kdegraphics4-core kdegraphics4-devel kdemultimedia4 kdemultimedia4-core kdemultimedia4-devel kdenetwork4 kdenetwork4-core kdenetwork4-devel kdenetwork4-kopete-latex kdepasswd kdepim4 kdepim4-akonadi kdepim4-core kdepim4-devel kdepim4-kresources kdepim4-wizards kdialog kdiamond kdm kdnssd keditbookmarks kfind kfourinline kgamma kget kgoldrunner killbots kinfocenter kipi-common kiriki kjots kjumpingcube kleopatra klines kmahjongg kmail kmailcvt kmines kmix knetwalk knode knotes kode kolf kollision kolourpaint konqueror konquest konsole kontact kopete korganizer kpat kpilot kppp kppp-provider krdc kreversi krfb kruler ksame kscd ksendemail kshisen ksirk ksnapshot kspaceduel ksquares ksudoku ktimetracker ktuberling kubrick kwrite libakonadi-kabccommon4 libakonadi-kcal4 libakregatorinterfaces4 libakregatorprivate4 libaudiocdplugins4 libdolphinprivate4 libgadu_kopete1 libgwenviewlib4 libgwsoap4 libimap4 libiris_kopete1 libiris_ksirk2 libkabc_groupdav4 libkabc_groupwise4 libkabckolab4 libkabcommon4 libkabcscalix4 libkabc_slox4 libkabc_xmlrpc4 libkabinterfaces4 libkaddressbookprivate4 libkalarm_resources4 libkcal_groupdav4 libkcal_groupwise4 libkcalkolab4 libkcal_resourceblog4 libkcal_resourcefeatureplan4 libkcal_resourceremote4 libkcalscalix4 libkcal_slox4 libkcal_xmlrpc4 libkcddb4 libkcompactdisc4 libkdcraw7 libkdcraw-common libkdecorations4 libkdegames5 libkdepim4 libkephal4 libkexiv2_7 libkfontinst4 libkfontinstui4 libkgetcore4 libkggzgames4 libkggzmod4 libkggznet4 libkgroupwarebase4 libkgroupwaredav4 libkholidays4 libkhotkeysprivate4 libkipi6 libkleo4 libkleopatraclientcore4 libkleopatraclientgui4 libkmahjongglib4 libkmailprivate4 libknodecommon4 libknoteskolab4 libknotesscalix4 libknotes_xmlrpc4 libkocorehelper4 libkode4 libkolfprivate4 libkolourpaint_lgpl4 libkonq5 libkonqsidebarplugin4 libkonquerorprivate4 libkontactinterfaces4 libkontactprivate4 libkopete4 libkopeteaddaccountwizard1 libkopetechatwindow_shared1 libkopeteidentity1 libkopete_oscar4 libkopete_otr_shared1 libkopeteprivacy1 libkopetestatusmenu1 libkopete_videodevice4 libkorganizer_calendar4 libkorganizer_eventviewer4 libkorganizer_interfaces4 libkorganizerprivate4 libkorg_stdprinting4 libkpgp4 libkpilot5 libksane0 libkschema4 libkschemawidgets4 libkscreensaver5 libksgrd4 libksieve4 libkslox4 libkwineffects1 libkwinnvidiahack4 libkworkspace4 libkxmlcommon4 libkyahoo1 liblsofui4 libmaildir4 libmimelib4 libnepomukquery4 libnepomukqueryclient4 libokularcore1 liboscar1 libplasma_applet_system_monitor4 libplasmaclock4 libprocesscore4 libprocessui4 libqassistant4 libqt3support4 libqt4-devel libqtclucene4 libqtcore4 libqtdbus4 libqtdesigner4 libqtgui4 libqthelp4 libqtnetwork4 libqtopengl4 libqtscript4 libqtscripttools4 libqtsql4 libqtsvg4 libqttest4 libqtwebkit4 libqtxml4 libqtxmlpatterns4 libschema4 libsolidcontrol4 libsolidcontrolifaces4 libtaskmanager4 libweather_ion4 libwscl4 libwsdl4 lskat okular plasma-applet-battery plasma-applet-calendar plasma-applet-folderview plasma-applet-quicklaunch plasma-applet-system-monitor-cpu plasma-applet-system-monitor-hdd plasma-applet-system-monitor-hwinfo plasma-applet-system-monitor-net plasma-applet-system-monitor-temperature plasma-applet-webbrowser plasma-krunner-powerdevil plasma-runner-places python-qt4 python-qt4-assistant python-qt4-core python-qt4-designer python-qt4-devel python-qt4-gui python-qt4-help python-qt4-network python-qt4-opengl python-qt4-script python-qt4-scripttools python-qt4-sql python-qt4-svg python-qt4-test python-qt4-webkit python-qt4-xml python-qt4-xmlpatterns python-sip qt4-accessibility-plugin qt4-assistant qt4-common qt4-database-plugin-mysql qt4-database-plugin-odbc qt4-database-plugin-pgsql qt4-database-plugin-sqlite qt4-database-plugin-tds qt4-designer qt4-doc qt4-examples qt4-graphicssystems-plugin qt4-linguist qt4-qdoc3 qt4-qtconfig qt4-qtdbus qt4-qvfb qt4-xmlpatterns Update: Fri Aug 28 16:14:00 2009 Importance: bugfix ID: MDVA-2009:156 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:156 %pre KDE 3 multiple removal fix Some packages from KDE 4 updates remove partial KDE 3 installation. New update packages has been built with proper removed obsoletes. %description Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt applications, as well as the README files for Qt. %package libxerces-c0 libxerces-c0-devel libxerces-c28 libxerces-c-devel xerces-c-doc xerces-c-doc Update: Sun Aug 30 16:45:47 2009 Importance: security ID: MDVSA-2009:223 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:223 %pre A vulnerability has been found and corrected in xerces-c: Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in simply nested DTD structures, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-1885). This update provides a solution to this vulnerability. %description Xerces-C++ is a validating XML parser written in a portable subset of C++. Xerces-C++ makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. The parser provides high performance, modularity, and scalability. Source code, samples and API documentation are provided with the parser. For portability, care has been taken to make minimal use of templates, no RTTI, and minimal use of #ifdefs. %package libxmlrpc-c3 libxmlrpc-c-devel xmlrpc-c Update: Thu Sep 03 16:21:49 2009 Importance: bugfix ID: MDVA-2009:158 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:158 %pre This update resolves a missing dependency for the recent KDE4 updates. %description XML-RPC is a quick-and-easy way to make procedure calls over the Internet. It converts the procedure call into XML document, sends it to a remote server using HTTP, and gets back the response as XML. This library provides a modular implementation of XML-RPC for C and C++. %package libqassistant4 libqt3support4 libqt4-devel libqtclucene4 libqtcore4 libqtdbus4 libqtdesigner4 libqtgui4 libqthelp4 libqtnetwork4 libqtopengl4 libqtscript4 libqtscripttools4 libqtsql4 libqtsvg4 libqttest4 libqtwebkit4 libqtxml4 libqtxmlpatterns4 qt4-accessibility-plugin qt4-assistant qt4-common qt4-database-plugin-mysql qt4-database-plugin-odbc qt4-database-plugin-pgsql qt4-database-plugin-sqlite qt4-database-plugin-tds qt4-designer qt4-doc qt4-examples qt4-graphicssystems-plugin qt4-linguist qt4-qdoc3 qt4-qtconfig qt4-qtdbus qt4-qvfb qt4-xmlpatterns Update: Tue Sep 08 15:10:25 2009 Importance: security ID: MDVSA-2009:225 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:225 %pre A vulnerability has been found and corrected in qt4: src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2700). This update provides a solution to this vulnerability. %description Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt applications, as well as the README files for Qt. %package aria2 Update: Wed Sep 09 16:26:30 2009 Importance: security ID: MDVSA-2009:226 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:226 %pre A vulnerability has been found and corrected in aria2: aria2 has a buffer overflow which makes it crashing at least on mips. This update provides a solution to this vulnerability. %description Aria2 has segmented downloading engine in its core. It can download one file from multiple URLs or multiple connections from one URL. This results in very high speed downloading, very much faster than ordinary browsers. This engine is implemented with a single-thread model. It can also download BitTorrent files and supports Metalink version 3.0. %package hplip hplip-doc hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data libhpip0 libhpip0-devel libsane-hpaio1 Update: Thu Sep 10 13:37:58 2009 Importance: bugfix ID: MDVA-2009:159 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:159 %pre This update resolves a runtime error with hplip found after the KDE4 updates and in conjunction with the newer python-qt4-gui package. This version upgrade provides hplip v3.9.2 that addresses this problem. %description This is the HP driver package to supply Linux support for most Hewlett-Packard DeskJet, LaserJet, PSC, OfficeJet, and PhotoSmart printers and all-in-one peripherals (also known as Multi-Function Peripherals or MFPs), which can print, scan, copy, fax, and/or access flash memory cards. It is work in progress, but printing, scanning, memory card access, ink/toner/battery/consumable level checking, and inkjet printer maintenance are supported on most models, when either connected to the USB or LAN (built-in interfaces or selected HP JetDirect models) on a Linux workstation with CUPS printing system. For status and consumable checking and also for inkjet maintenance there is the graphical tool "hp-toolbox" available (Menu: "System"/"Monitoring"/"HP Printer Toolbox"). %package cyrus-imapd cyrus-imapd-devel cyrus-imapd-murder cyrus-imapd-nntp cyrus-imapd-utils perl-Cyrus Update: Fri Sep 11 12:13:02 2009 Importance: security ID: MDVSA-2009:229 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:229 %pre A vulnerability has been found and corrected in cyrus-imapd: Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability. %description The Cyrus IMAP Server is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across multiple servers. It differs from other IMAP server implementations in that it is run on "sealed" servers, where users are not normally permitted to log in. The mailbox database is stored in parts of the filesystem that are private to the Cyrus IMAP system. All user access to mail is through software using the IMAP, POP3, or KPOP protocols. TLSv1 and SSL are supported for security. This is the main package, install also the cyrus-imapd-utils package (it contains server administration tools and depends on the perl-Cyrus package). %package finch libfinch0 libpurple0 libpurple-devel pidgin pidgin-bonjour pidgin-client pidgin-gevolution pidgin-i18n pidgin-meanwhile pidgin-mono pidgin-perl pidgin-plugins pidgin-silc pidgin-tcl Update: Fri Sep 11 14:47:04 2009 Importance: security ID: MDVSA-2009:230 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:230 %pre Security vulnerabilities has been identified and fixed in pidgin: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376 (CVE-2009-2694). Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM (CVE-2009-3025) protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the require TLS/SSL preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions (CVE-2009-3026). libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string (CVE-2009-2703). The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client (CVE-2009-3083). The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect UTF16-LE charset name (CVE-2009-3084). The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images (CVE-2009-3085). This update provides pidgin 2.6.2, which is not vulnerable to these issues. %description Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. %package htmldoc htmldoc-nogui Update: Fri Sep 11 16:24:11 2009 Importance: security ID: MDVSA-2009:231 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:231 %pre A security vulnerability has been identified and fixed in htmldoc: Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries (CVE-2009-3050). This update provides a solution to this vulnerability. %description HTMLDOC allow you to convert Html documents into PDF or PS format. Links and somes specific things of PDF format can be used. %package libneon0.26 libneon0.26-devel libneon0.26-static-devel Update: Fri Sep 11 17:08:59 2009 Importance: security ID: MDVSA-2009:228 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:228 %pre A vulnerability has been found and corrected in neon: neon before 0.28.6, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2009-2474) This update provides a solution to this vulnerability. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package libsamplerate0 libsamplerate-devel libsamplerate-progs Update: Fri Sep 11 19:03:44 2009 Importance: security ID: MDVSA-2009:232 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:232 %pre A security vulnerability has been identified and fixed in libsamplerate: Lev Givon discovered a buffer overflow in libsamplerate that could lead to a segfault with specially crafted python code. This problem has been fixed with libsamplerate-0.1.7 but older versions are affected. This update provides a solution to this vulnerability. %description Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. One example of where such a thing would be useful is converting audio from the CD sample rate of 44.1kHz to the 48kHz sample rate used by DAT players. SRC is capable of arbitrary and time varying conversions ; from downsampling by a factor of 12 to upsampling by the same factor. Arbitrary in this case means that the ratio of input and output sample rates can be an irrational number. The conversion ratio can also vary with time for speeding up and slowing down effects. SRC provides a small set of converters to allow quality to be traded off against computation cost. The current best converter provides a signal-to-noise ratio of 97dB with -3dB passband extending from DC to 96% of the theoretical best bandwidth for a given pair of input and output sample rates. %package libsilc1.1_2 libsilcclient1.1_2 silc-toolkit silc-toolkit-devel Update: Tue Sep 15 15:00:30 2009 Importance: security ID: MDVSA-2009:234 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 %pre Multiple vulnerabilities was discovered and corrected in silc-toolkit: Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions (CVE-2009-3051). The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string (CVE-2008-7159). The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string (CVE-2008-7160). Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users (CVE-2009-3163). This update provides a solution to these vulnerabilities. %description SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services on the Internet over insecure channel. SILC is IRC-like software although internally they are very different. The biggest similarity between SILC and IRC is that they both provide conferencing services and that SILC has almost the same commands as IRC. Other than that they are nothing alike. Major differences are that SILC is secure what IRC is not in any way. The network model is also entirely different compared to IRC. This package provides development related files for any application that has SILC support. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui beagle-gui-qt beagle-libs devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-mozvoikko firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-theme-kde4ff firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-thunderbird-beagle xulrunner yelp Update: Sun Sep 20 13:48:02 2009 Importance: security ID: MDVSA-2009:236 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:236 %pre Security issues were identified and fixed in firefox 3.0.x: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3069, CVE-2009-3070, CVE-2009-3071, CVE-2009-3072). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3073, CVE-2009-3074, CVE-2009-3075). Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module (CVE-2009-3076). Mozilla Firefox before 3.0.14 does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability. (CVE-2009-3077). Visual truncation vulnerability in Mozilla Firefox before 3.0.14 allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property (CVE-2009-3078). Unspecified vulnerability in Mozilla Firefox before 3.0.14 allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter (CVE-2009-3079). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Mon Sep 21 18:24:26 2009 Importance: security ID: MDVSA-2009:238 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:238 %pre Multiple vulnerabilities was discovered and corrected in openssl: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate (CVE-2009-1379). ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello (CVE-2009-1386). The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large (CVE-2009-2409). This update provides a solution to these vulnerabilities. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Tue Sep 22 14:06:07 2009 Importance: security ID: MDVSA-2009:240 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:240 %pre Multiple vulnerabilities was discovered and corrected in apache: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094). The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095). This update provides a solution to these vulnerabilities. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package cfengine-base cfengine-cfagent cfengine-cfenvd cfengine-cfexecd cfengine-cfservd libcfengine1 libcfengine-devel Update: Tue Sep 22 14:50:34 2009 Importance: bugfix ID: MDVA-2009:165 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:165 %pre The 'recurse' keyword in any editfile action trigger the following warning, for each file found: cfengine:hostname: Unknown action in editing of file XYZ. This update fixes this issue. %description Cfengine, the configuration engine, is a very high level language for simplifying the task of administrating and configuring large numbers of workstations. Cfengine uses the idea of classes and a primitive form of intelligence to define and automate the configuration of large systems in the most economical way possible. %package dovecot dovecot-devel dovecot-plugins-gssapi dovecot-plugins-ldap Update: Tue Sep 22 17:11:05 2009 Importance: security ID: MDVSA-2009:242 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:242 %pre A vulnerability was discovered and corrected in dovecot: Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). This update provides a solution to this vulnerability. %description Dovecot is an IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Although it's written with C, it uses several coding techniques to avoid most of the common pitfalls. Dovecot can work with standard mbox and maildir formats and it's fully compatible with UW-IMAP and Courier IMAP servers as well as mail clients accessing the mailboxes directly. You can build dovecot with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] gssapi GSSAPI support (enabled) --with[out] ldap LDAP support (enabled) --with[out] lucene Lucene support (enabled) --with[out] mysql MySQL support (enabled) --with[out] pgsql PostgreSQL support (enabled) --with[out] sasl Cyrus SASL 2 library support (enabled) %package libfreetype6 libfreetype6-devel libfreetype6-static-devel Update: Tue Sep 22 23:41:06 2009 Importance: security ID: MDVSA-2009:243 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:243 %pre Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem. %description The FreeType2 engine is a free and portable TrueType font rendering engine. It has been developed to provide TT support to a great variety of platforms and environments. Note that FreeType2 is a library, not a stand-alone application, though some utility applications are included %package setup Update: Wed Sep 23 14:49:43 2009 Importance: bugfix ID: MDVA-2009:166 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:166 %pre There was a small typo in /etc/services conserning the xmpp services. This update addresses this problem. %description The setup package contains a set of very important system configuration and setup files, such as passwd, group, profile and more. You should install the setup package because you will find yourself using its many features for system administration. %package librrdtool4 librrdtool-devel perl-rrdtool python-rrdtool rrdtool tcl-rrdtool Update: Wed Sep 23 20:03:30 2009 Importance: bugfix ID: MDVA-2009:168 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:168 %pre This update addresses a problem where rrdtool-1.3.x required a font installed like for example the DejaVuSansMono.ttf font. A dependancy was added on fonts-ttf-dejavu to address this problem. %description RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data (i.e. network bandwidth, machine-room temperature, server load average). It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data to enforce a certain data density. It can be used either via simple wrapper scripts (from shell or Perl) or via frontends that poll network devices and put a friendly user interface on it. %package glib2.0-common glib-gettextize libgio2.0_0 libglib2.0_0 libglib2.0-devel Update: Thu Sep 24 12:35:13 2009 Importance: security ID: MDVSA-2009:245 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:245 %pre A vulnerability was discovered and corrected in glib2.0: The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory (CVE-2009-3289). This update provides a solution to this vulnerability. %description Glib is a handy library of utility functions. This C library is designed to solve some portability problems and provide other useful functionality which most programs require. Glib is used by GDK, GTK+ and many applications. You should install Glib because many of your applications will depend on this library. %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Thu Sep 24 13:36:56 2009 Importance: bugfix ID: MDVA-2009:169 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:169 %pre These updated packages fix a bug preventing the use of firefox if the user had seen the help of drak3d in the drak3d session before first running firefox (bug #29775). These updated packages also adds support for VirtIO devices. Last but not least it ensures we have a recent enough perl-Gtk2 binding (eg: after failed KDE3 upgrade (bug #51870)). %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package drakx-installer-binaries drakx-installer-binaries-probe drakx-installer-images drakx-installer-stage2 Update: Thu Sep 24 15:51:27 2009 Importance: bugfix ID: MDVA-2009:169-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:169-1 %pre These updated packages fix a bug preventing the use of firefox if the user had seen the help of drak3d in the drak3d session before first running firefox (bug #29775). These updated packages also adds support for VirtIO devices. Last but not least it ensures we have a recent enough perl-Gtk2 binding (eg: after failed KDE3 upgrade (bug #51870)). Update: The previous update was incomplete, this update corrects this. %description This is the stage2 image for Mandriva DrakX installer. %package ldetect libldetect0.7 libldetect-devel Update: Thu Sep 24 16:21:45 2009 Importance: bugfix ID: MDVA-2009:170 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:170 %pre This update fixes a very trivial issue with lspcidrake displaying warnings about some USB devices. %description The hardware device lists provided by this package are used as lookup table to get hardware autodetection %package ldetect-lst ldetect-lst-devel Update: Thu Sep 24 16:33:01 2009 Importance: bugfix ID: MDVA-2009:171 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:171 %pre This makes the configuration tools use the proper driver for two Matrox cards (bug #53564) %description The hardware device lists provided by this package are used as lookup table to get hardware autodetection. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Fri Sep 25 18:11:51 2009 Importance: security ID: MDVSA-2009:247 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:247 %pre Multiple vulnerabilities was discovered and corrected in php: The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file (CVE-2008-7068). The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates (CVE-2009-3291). Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. (CVE-2009-3292) Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. (CVE-2009-3293). However in Mandriva we don't use the bundled libgd source in php per default, there is a unsupported package in contrib named php-gd-bundled that eventually will get updated to pickup these fixes. This update provides a solution to these vulnerabilities. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libnewt0.52 libnewt0.52-devel newt Update: Sun Sep 27 14:49:05 2009 Importance: security ID: MDVSA-2009:249 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:249 %pre A vulnerability was discovered and corrected in newt: A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library (CVE-2009-2905). This update provides a solution to this vulnerability. %description Newt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces. This package contains a /usr/bin/dialog replacement called whiptail. Newt is based on the slang library. %package akregator kaddressbook kalarm kdepim4 kdepim4-akonadi kdepim4-core kdepim4-devel kdepim4-kresources kdepim4-wizards kjots kleopatra kmail kmailcvt knode knotes kode kontact korganizer kpilot ksendemail ktimetracker libakonadi-kabccommon4 libakonadi-kcal4 libakregatorinterfaces4 libakregatorprivate4 libgwsoap4 libimap4 libkabc_groupdav4 libkabc_groupwise4 libkabckolab4 libkabcommon4 libkabcscalix4 libkabc_slox4 libkabc_xmlrpc4 libkabinterfaces4 libkaddressbookprivate4 libkalarm_resources4 libkcal_groupdav4 libkcal_groupwise4 libkcalkolab4 libkcal_resourceblog4 libkcal_resourcefeatureplan4 libkcal_resourceremote4 libkcalscalix4 libkcal_slox4 libkcal_xmlrpc4 libkdepim4 libkgroupwarebase4 libkgroupwaredav4 libkholidays4 libkleo4 libkleopatraclientcore4 libkleopatraclientgui4 libkmailprivate4 libknodecommon4 libknoteskolab4 libknotesscalix4 libknotes_xmlrpc4 libkocorehelper4 libkode4 libkontactinterfaces4 libkontactprivate4 libkorganizer_calendar4 libkorganizer_eventviewer4 libkorganizer_interfaces4 libkorganizerprivate4 libkorg_stdprinting4 libkpgp4 libkpilot5 libkschema4 libkschemawidgets4 libksieve4 libkslox4 libkxmlcommon4 libmaildir4 libmimelib4 libschema4 libwscl4 libwsdl4 Update: Tue Sep 29 18:12:00 2009 Importance: bugfix ID: MDVA-2009:175 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:175 %pre Kmail users using DIMAP ( Disconected IMAP ) can have occasional deletion of folder emails in server in situations of local/server name move. This fix solves this major bug. %description Information Management applications for the K Desktop Environment. - kaddressbook: The KDE addressbook application. - korganizer: a calendar-of-events and todo-list manager - kpilot: to sync with your PalmPilot - kalarm: gui for setting up personal alarm/reminder messages - kalarmd: personal alarm/reminder messages daemon, shared by korganizer and kalarm. - kaplan: A shell for the PIM apps, still experimental. - ktimetracker: Time tracker. - kfile-plugins: vCard KFIleItem plugin. - knotes: yellow notes application - konsolecalendar: Command line tool for accessing calendar files. - kmail: universal mail client - kmailcvt: converst addressbooks to kmail format %package libecpg8.3_6 libpq8.3_5 postgresql8.3 postgresql8.3-contrib postgresql8.3-devel postgresql8.3-docs postgresql8.3-pl postgresql8.3-plperl postgresql8.3-plpgsql postgresql8.3-plpython postgresql8.3-pltcl postgresql8.3-server Update: Wed Sep 30 18:03:06 2009 Importance: security ID: MDVSA-2009:177 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:177 %pre The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by re-LOAD-ing libraries from a certain plugins directory (CVE-2009-3229). The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230). The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password (CVE-2009-3231). This update provides a fix for this vulnerability. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package perl-IO-Socket-SSL Update: Wed Sep 30 21:12:10 2009 Importance: security ID: MDVSA-2009:178 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 %pre A vulnerability was discovered and corrected in perl-IO-Socket-SSL: The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate (CVE-2009-3024). This update provides a fix for this vulnerability. %description %package graphviz graphviz-doc libgraphviz4 libgraphviz-devel libgraphvizlua0 libgraphvizocaml0 libgraphvizperl0 libgraphvizphp0 libgraphvizpython0 libgraphvizr0 libgraphvizruby0 libgraphviz-static-devel libgraphviztcl0 Update: Thu Oct 01 17:10:56 2009 Importance: security ID: MDVSA-2009:254 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:254 %pre A vulnerability was discovered and corrected in graphviz: Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements (CVE-2008-4555). This update provides a fix for this vulnerability. %description A collection of tools for the manipulation and layout of graphs (as in nodes and edges, not as in barcharts). %package libmesagl1 libmesagl1-devel libmesaglu1 libmesaglu1-devel libmesaglut3 libmesaglut3-devel libmesaglw1 libmesaglw1-devel mesa mesa-common-devel mesa-demos mesa-source Update: Fri Oct 02 13:52:44 2009 Importance: bugfix ID: MDVA-2009:179 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:179 %pre There was a minor problem with a faulty path in the generated pkg-config (*.pc) files. This update addresses this problem. %description Mesa is an OpenGL 2.1 compatible 3D graphics library. %package dbus dbus-x11 libdbus-1_3 libdbus-1-devel Update: Tue Oct 06 19:44:58 2009 Importance: security ID: MDVSA-2009:256 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:256 %pre A vulnerability was discovered and corrected in dbus: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 (CVE-2009-1189). This update provides a fix for this vulnerability. %description D-Bus is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. %package dkms-kqemu qemu qemu-img Update: Tue Oct 06 20:06:29 2009 Importance: security ID: MDVSA-2009:257 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:257 %pre Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. (CVE-2008-0928) The updated packages have been patched to prevent this. %description QEMU is a FAST! processor emulator. By using dynamic translation it achieves a reasonnable speed while being easy to port on new host CPUs. QEMU has two operating modes: * User mode emulation. In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. Linux system calls are converted because of endianness and 32/64 bit mismatches. Wine (Windows emulation) and DOSEMU (DOS emulation) are the main targets for QEMU. * Full system emulation. In this mode, QEMU emulates a full system, including a processor and various peripherials. Currently, it is only used to launch an x86 Linux kernel on an x86 Linux system. It enables easier testing and debugging of system code. It can also be used to provide virtual hosting of several virtual PC on a single server. This QEMU package provides support for KQEMU, the QEMU Accelerator module. %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Wed Oct 07 15:33:00 2009 Importance: security ID: MDVSA-2009:258 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 %pre A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %package gnucash gnucash-hbci gnucash-ofx gnucash-sql libgnucash0 libgnucash-devel Update: Wed Oct 07 20:13:28 2009 Importance: bugfix ID: MDVA-2009:182 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:182 %pre The widget to change a date field in gnucash did not react to keyboard input. This upgrades to the fixed version 2.2.7. %description GnuCash is a personal finance manager. A check-book like register GUI allows you to enter and track bank accounts, stocks, income and even currency trades. The interface is designed to be simple and easy to use, but is backed with double-entry accounting principles to ensure balanced books. %package imagemagick imagemagick-desktop imagemagick-doc libmagick1 libmagick-devel perl-Image-Magick Update: Fri Oct 09 02:04:10 2009 Importance: security ID: MDVSA-2009:260 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:260 %pre A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. ImageMagick can make use of the following delegate programs, available as packages in Mandriva Linux: curl enscript ffmpeg ghostscript ghostscript-X gimp gnuplot graphviz html2ps mplayer ncompress netpbm sane-backends tetex-dvips transfig ufraw xdg-utils zip autotrace povray %package graphicsmagick graphicsmagick-doc libgraphicsmagick2 libgraphicsmagick-devel libgraphicsmagickwand1 perl-Graphics-Magick Update: Fri Oct 09 02:04:48 2009 Importance: security ID: MDVSA-2009:261 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:261 %pre A vulnerability has been found and corrected in GraphicsMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. %description GraphicsMagick is the swiss army knife of image processing. It provides a robust collection of tools and libraries which support reading, writing, and manipulating an image in over 88 major formats including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, SVG, and TIFF. GraphicsMagick supports huge images on systems that support large files, and has been tested with gigapixel-size images. GraphicsMagick can create new images on the fly, making it suitable for building dynamic Web applications. GraphicsMagick may be used to resize, rotate, sharpen, color reduce, or add special effects to an image and save the result in the same or differing image format. Image processing operations are available from the command line, as well as through C, C++, Perl, or Windows COM programming interfaces. Extensions are available from third-parties to support programming in Python, Tcl, and Ruby. With some modification, language extensions for ImageMagick may be used. %package libnetpbm10 libnetpbm-devel libnetpbm-static-devel netpbm Update: Fri Oct 09 13:08:08 2009 Importance: security ID: MDVSA-2009:262 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:262 %pre A vulnerability has been found and corrected in netpbm: pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read (CVE-2008-4799). This update fixes this vulnerability. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package libxmlsec1-1 libxmlsec1-devel libxmlsec1-gnutls1 libxmlsec1-gnutls-devel libxmlsec1-nss1 libxmlsec1-nss-devel libxmlsec1-openssl1 libxmlsec1-openssl-devel xmlsec1 Update: Sat Oct 10 15:48:35 2009 Importance: security ID: MDVSA-2009:267 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:267 %pre A vulnerability has been found and corrected in xmlsec1: A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). This update fixes this vulnerability. %description XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". %package jay libmono0 libmono-devel mono mono-bytefx-data-mysql mono-data mono-data-firebird mono-data-oracle mono-data-postgresql mono-data-sqlite mono-data-sybase mono-doc mono-extras mono-ibm-data-db2 mono-jscript mono-locale-extras mono-nunit mono-web mono-winforms Update: Mon Oct 12 12:30:06 2009 Importance: security ID: MDVSA-2009:268 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:268 %pre Multiple vulnerabilities has been found and corrected in mono: Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren) (CVE-2008-3422). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes these vulnerabilities. %description Mono is an implementation of the ECMA Common Language Infrastructure, it contains both a just-in-time compiler for maximum performance, and an interpeter. It can also be used to run programs from the .NET Framework. This package contains the core of the Mono runtime including its Virtual Machine, Just-in-time compiler, C# compiler, security tools and libraries (corlib, XML, System.Security, System.Drawing, ZipLib, I18N, Cairo and Mono.*). %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Mon Oct 12 15:52:31 2009 Importance: security ID: MDVSA-2009:270 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:270 %pre A vulnerability has been found and corrected in wireshark: Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets (CVE-2009-3241). This update fixes this vulnerability. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package libmikmod3 libmikmod-devel Update: Mon Oct 12 19:29:13 2009 Importance: security ID: MDVSA-2009:272 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:272 %pre Multiple vulnerabilities has been found and corrected in libmikmod: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720). libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179). This update fixes these vulnerabilities. %description Libmikmod is a portable sound library, capable of playing samples as well as module files, originally written by Jean-Paul Mikkers (MikMak) for DOS. It has subsequently been hacked by many hands and now runs on many Unix flavours. It uses the OSS /dev/dsp driver including in all recent kernels for output, as well as ALSA and EsounD, and will also write wav files. Supported file formats include 669, AMF, APUN, DSM, FAR, GDM, IT, IMF,MOD, MED, MTM, OKT, S3M, STM, STX, ULT, UNI and XM. Full source included, use of this library for music/sound effects in your own programs is encouraged ! %package python-django Update: Tue Oct 13 15:58:10 2009 Importance: security ID: MDVSA-2009:276 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:276 %pre Multiple vulnerabilities has been found and corrected in python-django: The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL (CVE-2009-2659). Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression (CVE-2009-3695). The versions of Django shipping with Mandriva Linux have been updated to the latest patched version that include the fix for this issue. In addition, they provide other bug fixes. %description Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Developed and used over the past two years by a fast-moving online-news operation, Django was designed from scratch to handle two challenges: the intensive deadlines of a newsroom and the stringent requirements of experienced Web developers. It has convenient niceties for developing content-management systems, but it's an excellent tool for building any Web site. Django focuses on automating as much as possible and adhering to the DRY principle. %package libnetapi0 libnetapi-devel libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel libsmbsharemodes0 libsmbsharemodes-devel libtalloc1 libtalloc-devel libtdb1 libtdb-devel libwbclient0 libwbclient-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Update: Wed Oct 14 13:28:10 2009 Importance: security ID: MDVSA-2009:277 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:277 %pre Multiple vulnerabilities has been found and corrected in samba: The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows File Sharing is enabled, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories (CVE-2009-2813). smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet (CVE-2009-2906). mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option (CVE-2009-2948). The versions of samba shipping with Mandriva Linux CS4/MES5/2008.1/2009.0/2009.1 have been updated to the latest version that includes the fixes for these issues. Additionally for 2009.1 the version upgrade provides many upstream bug fixes such as improved Windows(tm) 7 support. The version for CS3 has been patched to address these security issues. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package compiz-fusion-plugins-main compiz-fusion-plugins-main-devel Update: Wed Oct 14 17:06:50 2009 Importance: security ID: MDVSA-2009:278 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:278 %pre A vulnerability has been found and corrected in compiz-fusion-plugins-main: The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920 (CVE-2008-6514). This update fixes this vulnerability. %description This is the main plugin set from the Compiz Fusion community. This is a combination of the Compiz Extras and Beryl communities %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Mon Oct 19 11:44:14 2009 Importance: bugfix ID: MDVA-2009:182 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:182 %pre This update provides mysql-5.0.86 (Community Server) with the latest bugfixes for mysql-5.0.x. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. Please see the documentation and the manual for more information. %package acl cups cups-common cups-serial libacl1 libacl-devel libcups2 libcups2-devel libpoppler3 libpoppler-devel libpoppler-glib3 libpoppler-glib-devel libpoppler-qt2 libpoppler-qt4-3 libpoppler-qt4-devel libpoppler-qt-devel php-cups poppler Update: Mon Oct 19 23:41:21 2009 Importance: security ID: MDVSA-2009:282 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:282 %pre Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147) Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. (CVE-2009-0163) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. (CVE-2009-0165) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. (CVE-2009-0166) Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments (CVE-2009-0195). Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. (CVE-2009-0799) Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-0800) The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1179) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. (CVE-2009-1180) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. (CVE-2009-1181) Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1182) The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. (CVE-2009-1183) Two integer overflow flaws were found in the CUPS pdftops filter. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2009-3608, CVE-2009-3609) This update corrects the problems. %description Poppler is a PDF rendering library based on the xpdf-3.0 code base. %package gd-utils libgd2 libgd-devel libgd-static-devel Update: Tue Oct 20 13:44:38 2009 Importance: security ID: MDVSA-2009:284 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:284 %pre A vulnerability has been found and corrected in gd: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information (CVE-2009-3546). This update fixes this vulnerability. %description gd is a graphics library. It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. This is particularly useful in World Wide Webapplications, where PNG and JPEG are two of the formats accepted for inlineimages by most browsers. gd is not a paint program. If you are looking for a paint program, you are looking in the wrong place. If you are not a programmer, you are looking in the wrong place. gd does not provide for every possible desirable graphics operation. It is not necessary or desirable for gd to become a kitchen-sink graphics package, but version 1.7.3 incorporates most of the commonly requested features for an 8-bit 2D package. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Tue Oct 20 19:28:46 2009 Importance: security ID: MDVSA-2009:285 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:285 %pre Multiple vulnerabilities has been found and corrected in php: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information (CVE-2009-3546). Added two upstream patches to address a bypass vulnerability in open_basedir and safe_mode. Additionally on CS4 a regression was found and fixed when using the gd-bundled.so variant from the php-gd package. This update fixes these vulnerabilities. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package xpdf xpdf-common Update: Thu Oct 22 15:51:52 2009 Importance: security ID: MDVSA-2009:287 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 %pre Multiple vulnerabilities has been found and corrected in xpdf: Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603). The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow (CVE-2009-3604). Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3606). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read (CVE-2009-3609). This update fixes these vulnerabilities. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package xpdf xpdf-common Update: Thu Oct 22 15:52:13 2009 Importance: security ID: MDVSA-2009:287 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:287 %pre Multiple vulnerabilities has been found and corrected in xpdf: Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603). The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow (CVE-2009-3604). Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3606). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read (CVE-2009-3609). This update fixes these vulnerabilities. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package proftpd proftpd-devel proftpd-mod_autohost proftpd-mod_ban proftpd-mod_case proftpd-mod_ctrls_admin proftpd-mod_gss proftpd-mod_ifsession proftpd-mod_ldap proftpd-mod_load proftpd-mod_quotatab proftpd-mod_quotatab_file proftpd-mod_quotatab_ldap proftpd-mod_quotatab_radius proftpd-mod_quotatab_sql proftpd-mod_radius proftpd-mod_ratio proftpd-mod_rewrite proftpd-mod_shaper proftpd-mod_site_misc proftpd-mod_sql proftpd-mod_sql_mysql proftpd-mod_sql_postgres proftpd-mod_time proftpd-mod_tls proftpd-mod_vroot proftpd-mod_wrap proftpd-mod_wrap_file proftpd-mod_wrap_sql Update: Fri Oct 23 22:15:02 2009 Importance: security ID: MDVSA-2009:288 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:288 %pre A vulnerability has been identified and corrected in proftpd: The mod_tls module in proftpd < 1.3.2b is vulnerable to a similar security issue as CVE-2009-2408. This update fixes these vulnerability. %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package alsa_raoppcm-kernel-2.6.27.37-desktop-1mnb alsa_raoppcm-kernel-2.6.27.37-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.37-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.37-desktop-1mnb drm-experimental-kernel-2.6.27.37-desktop586-1mnb drm-experimental-kernel-2.6.27.37-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.37-desktop-1mnb et131x-kernel-2.6.27.37-desktop586-1mnb et131x-kernel-2.6.27.37-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.37-desktop-1mnb fcpci-kernel-2.6.27.37-desktop586-1mnb fcpci-kernel-2.6.27.37-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.37-desktop-1mnb fglrx-kernel-2.6.27.37-desktop586-1mnb fglrx-kernel-2.6.27.37-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.37-desktop-1mnb gnbd-kernel-2.6.27.37-desktop586-1mnb gnbd-kernel-2.6.27.37-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.37-desktop-1mnb hcfpcimodem-kernel-2.6.27.37-desktop586-1mnb hcfpcimodem-kernel-2.6.27.37-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.37-desktop-1mnb hsfmodem-kernel-2.6.27.37-desktop586-1mnb hsfmodem-kernel-2.6.27.37-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.37-desktop-1mnb hso-kernel-2.6.27.37-desktop586-1mnb hso-kernel-2.6.27.37-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.37-desktop-1mnb iscsitarget-kernel-2.6.27.37-desktop586-1mnb iscsitarget-kernel-2.6.27.37-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.37-1mnb kernel-desktop-2.6.27.37-1mnb kernel-desktop586-2.6.27.37-1mnb kernel-desktop586-devel-2.6.27.37-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.37-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.37-1mnb kernel-server-devel-2.6.27.37-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.37-1mnb kernel-source-latest kqemu-kernel-2.6.27.37-desktop-1mnb kqemu-kernel-2.6.27.37-desktop586-1mnb kqemu-kernel-2.6.27.37-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.37-desktop-1mnb lirc-kernel-2.6.27.37-desktop586-1mnb lirc-kernel-2.6.27.37-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.37-desktop-1mnb lzma-kernel-2.6.27.37-desktop586-1mnb lzma-kernel-2.6.27.37-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.37-desktop-1mnb madwifi-kernel-2.6.27.37-desktop586-1mnb madwifi-kernel-2.6.27.37-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.37-desktop-1mnb nvidia173-kernel-2.6.27.37-desktop586-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.37-desktop-1mnb nvidia71xx-kernel-2.6.27.37-desktop586-1mnb nvidia71xx-kernel-2.6.27.37-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.37-desktop-1mnb nvidia96xx-kernel-2.6.27.37-desktop586-1mnb nvidia96xx-kernel-2.6.27.37-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.37-desktop-1mnb nvidia-current-kernel-2.6.27.37-desktop586-1mnb nvidia-current-kernel-2.6.27.37-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.37-desktop-1mnb omfs-kernel-2.6.27.37-desktop586-1mnb omfs-kernel-2.6.27.37-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.37-desktop-1mnb omnibook-kernel-2.6.27.37-desktop586-1mnb omnibook-kernel-2.6.27.37-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.37-desktop-1mnb opencbm-kernel-2.6.27.37-desktop586-1mnb opencbm-kernel-2.6.27.37-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.37-desktop-1mnb ov51x-jpeg-kernel-2.6.27.37-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.37-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.37-desktop-1mnb qc-usb-kernel-2.6.27.37-desktop586-1mnb qc-usb-kernel-2.6.27.37-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.37-desktop-1mnb rt2860-kernel-2.6.27.37-desktop586-1mnb rt2860-kernel-2.6.27.37-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.37-desktop-1mnb rt2870-kernel-2.6.27.37-desktop586-1mnb rt2870-kernel-2.6.27.37-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.37-desktop-1mnb rtl8187se-kernel-2.6.27.37-desktop586-1mnb rtl8187se-kernel-2.6.27.37-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.37-desktop-1mnb slmodem-kernel-2.6.27.37-desktop586-1mnb slmodem-kernel-2.6.27.37-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.37-desktop-1mnb squashfs-lzma-kernel-2.6.27.37-desktop586-1mnb squashfs-lzma-kernel-2.6.27.37-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.37-desktop-1mnb tp_smapi-kernel-2.6.27.37-desktop586-1mnb tp_smapi-kernel-2.6.27.37-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.37-desktop-1mnb vboxadd-kernel-2.6.27.37-desktop586-1mnb vboxadd-kernel-2.6.27.37-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.37-desktop-1mnb vboxvfs-kernel-2.6.27.37-desktop586-1mnb vboxvfs-kernel-2.6.27.37-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.37-desktop-1mnb vhba-kernel-2.6.27.37-desktop586-1mnb vhba-kernel-2.6.27.37-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.37-desktop-1mnb virtualbox-kernel-2.6.27.37-desktop586-1mnb virtualbox-kernel-2.6.27.37-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.37-desktop-1mnb vpnclient-kernel-2.6.27.37-desktop586-1mnb vpnclient-kernel-2.6.27.37-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Tue Oct 27 18:11:22 2009 Importance: security ID: MDVSA-2009:289 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:289 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). (CVE-2009-1895) Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. (CVE-2009-2406) Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. (CVE-2009-2407) The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a negative dentry and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount. (CVE-2009-2908) The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified random addresses. (CVE-2009-3290) Additionaly, it includes the fixes from the stable kernel version 2.6.27.37. It also fixes also fixes IBM x3650 M2 hanging when using both network interfaces and Wake on Lan problems on r8169. For details, check the package changelog. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package jetty5 jetty5-demo jetty5-javadoc jetty5-manual Update: Thu Oct 29 17:54:17 2009 Importance: security ID: MDVSA-2009:291 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:291 %pre A vulnerability has been identified and corrected in jetty5: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote attackers to access arbitrary files via directory traversal sequences in the URI (CVE-2009-1523). This update fixes this vulnerability. %description Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server (like Apache) in order to use java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate server/container solutions, this means that your web server and web application run in the same process, without interconnection overheads and complications. Furthermore, as a pure java component, Jetty can be simply included in your application for demonstration, distribution or deployment. Jetty is available on all Java supported platforms. %package squidGuard Update: Tue Nov 03 16:15:16 2009 Importance: security ID: MDVSA-2009:293 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:293 %pre Multiple vulnerabilities has been found and corrected in squidGuard: Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. (CVE-2009-3700). Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL (CVE-2009-3826). squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities. %description SquidGuard is a combined filter, redirector and access controller plugin for Squid. It is free, very flexible, extremely fast, easily installed, portable. SquidGuard can be used to - limit the web access for some users to a list of accepted/well known web servers and/or URLs only. - block access to some listed or blacklisted web servers and/or URLs for some users. - block access to URLs matching a list of regular expressions or words for some users. - enforce the use of domainnames/prohibit the use of IP address in URLs. - redirect blocked URLs to an "intelligent" CGI based info page. - redirect unregistered user to a registration form. - redirect popular downloads like Netscape, MSIE etc. to local copies. - redirect banners to an empty GIF. - have different access rules based on time of day, day of the week, date etc. - have different rules for different user groups. Neither squidGuard nor Squid can be used to - filter/censor/edit text inside documents - filter/censor/edit embeded scripting languages like JavaScript or VBscript inside HTML %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Sun Nov 08 19:03:54 2009 Importance: security ID: MDVSA-2009:295 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:295 %pre A vulnerability was discovered and corrected in apache: Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1. This update provides a solution to this vulnerability. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Thu Nov 12 18:09:20 2009 Importance: bugfix ID: MDVA-2009:198 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:198 %pre The mod_authnz_ldap module causes a segfault if the apr-util-dbd-ldap package is not installed, this update addresses the problem. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package squid squid-cachemgr Update: Thu Nov 12 18:23:33 2009 Importance: bugfix ID: MDVA-2009:199 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:199 %pre This is a bugfix and maintenance release for squid that upgrades squid to 3.0.STABLE20 and fixes some bugs: An outstanding issue with code 304 and code 200 replies being mixed up has now been resolved. This means requests which need to refresh cache objects will not cause temporary client software failures. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 8192 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 8192 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package squid squid-cachemgr Update: Thu Nov 12 18:26:33 2009 Importance: bugfix ID: MDVA-2009:199 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:199 %pre This is a bugfix and maintenance release for squid that upgrades squid to 3.0.STABLE20 and fixes some bugs: An outstanding issue with code 304 and code 200 replies being mixed up has now been resolved. This means requests which need to refresh cache objects will not cause temporary client software failures. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 8192 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 8192 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package ffmpeg libavformats52 libavutil49 libffmpeg51 libffmpeg-devel libffmpeg-static-devel libswscaler0 Update: Fri Nov 13 21:52:54 2009 Importance: security ID: MDVSA-2009:297 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 %pre Vulnerabilities have been discovered and corrected in ffmpeg: - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file (CVE-2008-3230) - FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. (CVE-2008-4869) - Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference (CVE-2009-0385) The updated packages fix this issue. %description ffmpeg is a hyper fast realtime audio/video encoder, a streaming server and a generic audio and video file converter. It can grab from a standard Video4Linux video source and convert it into several file formats based on DCT/motion compensation encoding. Sound is compressed in MPEG audio layer 2 or using an AC3 compatible stream. %package ffmpeg libavformats52 libavutil49 libffmpeg51 libffmpeg-devel libffmpeg-static-devel libswscaler0 Update: Fri Nov 13 22:11:52 2009 Importance: security ID: MDVSA-2009:297 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 %pre Vulnerabilities have been discovered and corrected in ffmpeg: - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file (CVE-2008-3230) - FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. (CVE-2008-4869) - Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference (CVE-2009-0385) The updated packages fix this issue. %description ffmpeg is a hyper fast realtime audio/video encoder, a streaming server and a generic audio and video file converter. It can grab from a standard Video4Linux video source and convert it into several file formats based on DCT/motion compensation encoding. Sound is compressed in MPEG audio layer 2 or using an AC3 compatible stream. %package libxine1 libxine-devel xine-aa xine-caca xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-jack xine-plugins xine-pulse xine-sdl xine-smb xine-wavpack Update: Fri Nov 13 22:22:03 2009 Importance: security ID: MDVSA-2009:299 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:299 %pre Vulnerabilities have been discovered and corrected in xine-lib: - Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow (CVE-2009-1274) - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698) This update fixes these issues. %description xine is a free gpl-licensed video player for unix-like systems. %package apache-conf Update: Sun Nov 15 16:09:41 2009 Importance: security ID: MDVSA-2009:300 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:300 %pre A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software (CVE-2009-2823). This update provides a solution to this vulnerability. %description This package contains configuration files for apache. It is necessary for operation of the apache webserver. Having those files into a separate modules provides better customization for OEMs and ISPs, who can modify the look and feel of the apache webserver without having to re-compile the whole suite to change a logo or config file. %package aoss libalsa-oss0 libalsa-oss-devel Update: Wed Nov 18 00:35:00 2009 Importance: bugfix ID: MDVA-2009:208 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:208 %pre The aoss script which redirect OSS sound output to Alsa contains an error which makes it fail to preload the correct library. Because of this error, old applications using OSS may fail to play sound if PulseAudio is not used. This update corrects this error. %description Advanced Linux Sound Architecture (ALSA) is a modularized architecture which supports quite a large range of ISA and PCI cards. It's fully compatible with old OSS drivers (either OSS/Lite, OSS/commercial). To use the features of alsa, one can either use: - the old OSS api - the new ALSA api that provides many enhanced features. Using the ALSA api requires to use the ALSA library. This library provides oss compatibility %package libxcb1 libxcb-devel libxcb-static-devel Update: Tue Nov 24 23:20:42 2009 Importance: bugfix ID: MDVA-2009:219 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:219 %pre Due to a packaging problem, the development version of the libxcb package on 64 bit systems could lead to file conflicts during the installation because it was not providing the libxcb-devel package. This update fixes this issue. %description the X protocol C-language Binding (XCB) is a replacement for Xlib featuring a small footprint, latency hiding, direct access to the protocol, improved threading support, and extensibility. %package libxt6 libxt6-devel libxt6-static-devel Update: Tue Nov 24 23:37:36 2009 Importance: bugfix ID: MDVA-2009:220 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:220 %pre Due to a packaging problem, the development version of the libxt package on 64 bit systems could lead to file conflicts during the installation because it was not providing the libxt6-devel package. This update fixes this issue. %description X Toolkit Library %package perl perl-base perl-devel perl-doc perl-suid Update: Tue Nov 24 23:39:38 2009 Importance: bugfix ID: MDVA-2009:221 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:221 %pre This update fixes several bugs in the perl interpreter that can lead to crashes or to segfaults. %description Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications (and what it excels at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. You need perl-base to have a full perl. %package bind bind-devel bind-doc bind-utils Update: Thu Nov 26 17:26:41 2009 Importance: security ID: MDVSA-2009:304 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:304 %pre Some vulnerabilities were discovered and corrected in bind: Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO). (CVE-2009-4022). Additionally BIND has been upgraded to the latest point release or closest supported version by ISC. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-ini php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Sun Nov 29 14:40:58 2009 Importance: security ID: MDVSA-2009:304 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:304 %pre Some vulnerabilities were discovered and corrected in php: PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017). The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable (CVE-2009-4018). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Sun Nov 29 19:32:04 2009 Importance: bugfix ID: MDVA-2009:226 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:226 %pre This is a minor bugfix release for apache (mod_ssl): The openssl and makedev packages is needed at install time from cdrom medias in %post for the apache-mod_ssl sub package in order to be able to generate the dummy ssl certificate (fixes #55951) The packages provided with this update addresses this problem. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package gcc gcc-c++ gcc-cpp gcc-doc gcc-doc-pdf gcc-gfortran gcc-gnat gcc-java gcc-objc gcc-objc++ gcj-tools graphicsmagick graphicsmagick-doc heartbeat heartbeat-ldirectord heartbeat-pils heartbeat-stonith imagemagick imagemagick-desktop imagemagick-doc libbraille14 libbraille-devel libffi4 libffi4-devel libgcc1 libgcj9 libgcj9-base libgcj9-src libgcj-devel libgcj-static-devel libgfortran3 libgnat1 libgomp1 libgomp-devel libgraphicsmagick2 libgraphicsmagick-devel libgraphicsmagickwand1 libheartbeat1 libheartbeat1-devel libheartbeat-apphb0 libheartbeat-pils1 libheartbeat-pils1-devel libheartbeat-stonith1 libheartbeat-stonith1-devel libltdl3 libltdl3-devel libmagick1 libmagick-devel libmudflap0 libmudflap-devel libobjc2 libprelude2 libprelude-devel libprelude-static-devel libsane1 libsane1-devel libstdc++6 libstdc++-devel libstdc++-static-devel libtool libtool-base libtunepimp5 libtunepimp-devel libxmlsec1-1 libxmlsec1-devel libxmlsec1-gnutls1 libxmlsec1-gnutls-devel libxmlsec1-nss1 libxmlsec1-nss-devel libxmlsec1-openssl1 libxmlsec1-openssl-devel perl-Graphics-Magick perl-Image-Magick perl-prelude prelude-tools proftpd proftpd-devel proftpd-mod_autohost proftpd-mod_ban proftpd-mod_case proftpd-mod_ctrls_admin proftpd-mod_gss proftpd-mod_ifsession proftpd-mod_ldap proftpd-mod_load proftpd-mod_quotatab proftpd-mod_quotatab_file proftpd-mod_quotatab_ldap proftpd-mod_quotatab_radius proftpd-mod_quotatab_sql proftpd-mod_radius proftpd-mod_ratio proftpd-mod_rewrite proftpd-mod_shaper proftpd-mod_site_misc proftpd-mod_sql proftpd-mod_sql_mysql proftpd-mod_sql_postgres proftpd-mod_time proftpd-mod_tls proftpd-mod_vroot proftpd-mod_wrap proftpd-mod_wrap_file proftpd-mod_wrap_sql python-braille python-prelude python-tunepimp sane-backends sane-backends-doc sane-backends-iscan saned smalltalk smalltalk-devel smalltalk-emacs tunepimp-plugins tunepimp-utils xmlsec1 Update: Mon Nov 30 15:33:28 2009 Importance: security ID: MDVSA-2009:307 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:307 %pre A vulnerability was discovered and corrected in libtool: All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736). This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue. %description XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". %package freeradius freeradius-krb5 freeradius-ldap freeradius-mysql freeradius-postgresql freeradius-unixODBC freeradius-web libfreeradius1 libfreeradius-devel Update: Tue Dec 01 20:19:22 2009 Importance: bugfix ID: MDVA-2009:235 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:235 %pre The cron files included in freeradius-web package were syntactically invalid, by lacking mention of the user expected to run the task. %description The FreeRADIUS Server Project is a high-performance and highly configurable GPL'd RADIUS server. It is somewhat similar to the Livingston 2.0 RADIUS server, but has many more features, and is much more configurable. %package expat libexpat1 libexpat1-devel Update: Sat Dec 05 13:00:04 2009 Importance: security ID: MDVSA-2009:316 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:316 %pre A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. %description Expat is an XML 1.0 parser written in C by James Clark. It aims to be fully conforming. It is currently not a validating XML parser. %package perl-IO-Socket-SSL Update: Sat Dec 05 16:05:55 2009 Importance: security ID: MDVSA-2009:252-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:252-1 %pre A vulnerability was discovered and corrected in perl-IO-Socket-SSL: The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate (CVE-2009-3024). This update provides a fix for this vulnerability. Update: Packages were missing for 2009.0, this update addresses the problem. %description IO::Socket::SSL is a class implementing an object oriented interface to SSL sockets. The class is a descendent of IO::Socket::INET and provides a subset of the base class's interface methods. %package doxygen doxygen-doxywizard Update: Mon Dec 07 15:55:30 2009 Importance: bugfix ID: MDVA-2009:240 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:240 %pre doxygen was segfaulting while generating HTML documentation and therefore it has been backported from Mandriva Linux 2010.0 that is proven to work. %description Doxygen is a documentation system for C, C++ and IDL. It can generate an on-line class browser (in HTML) and/or an off-line reference manual (in LaTeX) from a set of documented source files. There is also support for generating man lpages and for converting the generated output into Postscript, hyperlinked PDF or compressed HTML. The documentation is extracted directly from the sources. Doxygen can also be configured to extract the code-structure from undocumented source files. This can be very useful to quickly find your way in large source distributions. %package shorewall shorewall-common shorewall-doc shorewall-lite shorewall-perl shorewall-shell Update: Tue Dec 08 13:37:51 2009 Importance: bugfix ID: MDVA-2009:241 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:241 %pre This update upgrades the shorewall package to the 4.0.15 version, which is the latest version in the shorewall-4.0 series. %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package ntp ntp-client ntp-doc Update: Wed Dec 09 00:02:24 2009 Importance: security ID: MDVSA-2009:328 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:328 %pre A vulnerability has been found and corrected in ntp: Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages (CVE-2009-3563). This update provides a solution to this vulnerability. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package mdkonline Update: Thu Dec 10 21:55:23 2009 Importance: bugfix ID: MDVA-2009:249 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:249 %pre This update fixes several issues regarding the live upgrade to a more recent distribution, notably: - new distributions are now only presented after all updates were applied. - if current distribution is no more supported, we will warn about it and offer to upgrade to a newer release - makes the new config tool backported from 2010.0 to work on 2009.0 too (due to older drakxtools API) - update the authentication scheme for MES5 It also fix a couple crashes: - a rare crash (bug #55346) - gracefully handle (rare) server issues (bugs #51299 & #51548) Now passwords with special caracters are properly managed. For security, we now access api.mandriva.com through the https protocol. The applet now offer to configure a couple settings. It has now more efficient system power usage. %description The Mandriva Online tool allows users to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Update daemon which allows you to install security updates automatically, * A KDE/Gnome/IceWM compliant applet for security updates notification and installation. %package libmpg123_0 libmpg123-devel mpg123 mpg123-arts mpg123-esd mpg123-jack mpg123-nas mpg123-portaudio mpg123-pulse mpg123-sdl Update: Mon Dec 14 12:01:12 2009 Importance: bugfix ID: MDVA-2009:253 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:253 %pre A regression was found and fixed for mpg123 while attempting to load the mpg123 modules. This regression stems from MDVSA-2009:307 (libtool ltdl). %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org %package libecpg8.3_6 libpq8.3_5 postgresql8.3 postgresql8.3-contrib postgresql8.3-devel postgresql8.3-docs postgresql8.3-pl postgresql8.3-plperl postgresql8.3-plpgsql postgresql8.3-plpython postgresql8.3-pltcl postgresql8.3-server Update: Tue Dec 15 16:02:53 2009 Importance: security ID: MDVSA-2009:333 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 %pre Multiple vulnerabilities was discovered and corrected in postgresql: NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue (CVE-2009-4034). Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package ffmpeg libavformats52 libavutil49 libffmpeg51 libffmpeg-devel libffmpeg-static-devel libswscaler0 Update: Thu Dec 17 16:50:09 2009 Importance: security ID: MDVSA-2009:335 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:335 %pre A vulnerability was discovered and corrected in ffmpeg: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718 (CVE-2008-4610). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to this vulnerability. %description ffmpeg is a hyper fast realtime audio/video encoder, a streaming server and a generic audio and video file converter. It can grab from a standard Video4Linux video source and convert it into several file formats based on DCT/motion compensation encoding. Sound is compressed in MPEG audio layer 2 or using an AC3 compatible stream. %package proftpd proftpd-devel proftpd-mod_autohost proftpd-mod_ban proftpd-mod_case proftpd-mod_ctrls_admin proftpd-mod_gss proftpd-mod_ifsession proftpd-mod_ldap proftpd-mod_load proftpd-mod_quotatab proftpd-mod_quotatab_file proftpd-mod_quotatab_ldap proftpd-mod_quotatab_radius proftpd-mod_quotatab_sql proftpd-mod_radius proftpd-mod_ratio proftpd-mod_rewrite proftpd-mod_shaper proftpd-mod_site_misc proftpd-mod_sql proftpd-mod_sql_mysql proftpd-mod_sql_postgres proftpd-mod_time proftpd-mod_tls proftpd-mod_vroot proftpd-mod_wrap proftpd-mod_wrap_file proftpd-mod_wrap_sql Update: Tue Dec 22 12:33:20 2009 Importance: security ID: MDVSA-2009:337 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:337 %pre A vulnerability has been identified and corrected in proftpd: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue (CVE-2009-3555). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update fixes this vulnerability. %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package drakx-net drakx-net-text libdrakx-net Update: Tue Dec 22 13:50:49 2009 Importance: bugfix ID: MDVA-2009:263 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:263 %pre There was a problem with inversion in the detection of network cards between the moment when the system is being installed and the state of the installed system. This update solves the problem. %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package acpid Update: Sat Dec 26 20:34:59 2009 Importance: security ID: MDVSA-2009:343 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:343 %pre A vulnerability has been found and corrected in acpid: acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033 (CVE-2009-4235). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a solution to this vulnerability. %description The ACPI specification defines power and system management functions for each computer, in a generic manner. The ACPI daemon coordinates the management of power and system functions when ACPI kernel support is enabled (kernel 2.3.x or later). %package acl libacl1 libacl-devel Update: Mon Dec 28 22:19:25 2009 Importance: security ID: MDVSA-2009:345 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:345 %pre A vulnerability was discovered and corrected in acl: The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack (CVE-2009-4411). This update provides a fix for this vulnerability. %description This package contains the getfacl and setfacl utilities needed for manipulating access control lists. %package timezone timezone-java Update: Wed Jan 06 14:54:16 2010 Importance: bugfix ID: MDVA-2010:006 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:006 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package apache-conf Update: Thu Jan 07 13:32:50 2010 Importance: bugfix ID: MDVA-2010:011 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:011 %pre This is a maintenance and bugfix release of apache-conf that mainly fixes so that the httpd service is handled more gracefully when reloading the apache server (#56857). Other fixes (where appliable): - fix #53887 (obsolete favicon.ico file in Apache default www pages) - workaround #47992 (apache does not start occasionally) - added logic to make it possible to set limits from the init script in an attempt to address #30849 and similar problems - added logic to easy debugging with gdb in the initscript Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. %description This package contains configuration files for apache. It is necessary for operation of the apache webserver. Having those files into a separate modules provides better customization for OEMs and ISPs, who can modify the look and feel of the apache webserver without having to re-compile the whole suite to change a logo or config file. %package davfs libpython2.5 libpython2.5-devel libwxgtk2.6 libwxgtk2.6-devel libwxgtk2.8 libwxgtk2.8-devel libwxgtkgl2.6 libwxgtkgl2.8 libwxgtkglu2.6 libwxgtkglu2.8 libwxgtku2.6 libwxgtku2.6-devel libwxgtku2.8 libwxgtku2.8-devel python python-base python-celementtree python-docs tkinter tkinter-apps wxGTK2.6 wxgtk2.8 Update: Fri Jan 08 14:18:03 2010 Importance: security ID: MDVSA-2009:316-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:316-1 %pre A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Update: This vulnerability was discovered in the bundled expat code in various softwares besides expat itself. As a precaution the affected softwares has preemptively been patched to prevent presumptive future exploitations of this issue. %description wxWidgets is a free C++ library for cross-platform GUI development. With wxWidgets, you can create applications for different GUIs (GTK+, Motif/LessTif, MS Windows, Mac) from the same source code. %package davfs libpython2.5 libpython2.5-devel libwxgtk2.6 libwxgtk2.6-devel libwxgtk2.8 libwxgtk2.8-devel libwxgtkgl2.6 libwxgtkgl2.8 libwxgtkglu2.6 libwxgtkglu2.8 libwxgtku2.6 libwxgtku2.6-devel libwxgtku2.8 libwxgtku2.8-devel python python-base python-celementtree python-docs tkinter tkinter-apps wxGTK2.6 wxgtk2.8 Update: Sat Jan 09 01:58:32 2010 Importance: security ID: MDVSA-2009:316-2 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:316-2 %pre A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Update: SUSE discovered a regression with the previous patch fixing CVE-2009-3560. This regression is now being addressed with this update. %description wxWidgets is a free C++ library for cross-platform GUI development. With wxWidgets, you can create applications for different GUIs (GTK+, Motif/LessTif, MS Windows, Mac) from the same source code. %package expat libexpat1 libexpat1-devel Update: Sun Jan 10 11:40:11 2010 Importance: security ID: MDVSA-2009:316-3 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:316-3 %pre A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Update: The previous (MDVSA-2009:316-2) updates provided packages for 2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased release number which prevented the packages from hitting the mirrors. %description Expat is an XML 1.0 parser written in C by James Clark. It aims to be fully conforming. It is currently not a validating XML parser. %package perl-Mail-SpamAssassin perl-Mail-SpamAssassin-Spamd spamassassin spamassassin-sa-compile spamassassin-spamc spamassassin-spamd spamassassin-tools Update: Sun Jan 10 17:54:30 2010 Importance: bugfix ID: MDVA-2010:014 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:014 %pre A bug was discovered in the FH_DATE_PAST_20XX rules that affects vanilla spamassassin 3.2 installations after the first of January 2010 (aka. the y2k10 rule bug). This update fixes this issue. %description SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. SpamAssassin also includes support for reporting spam messages automatically, and/or manually, to collaborative filtering databases such as Vipul's Razor, DCC or pyzor. Install perl-Razor-Agent package to get Vipul's Razor support. Install dcc package to get Distributed Checksum Clearinghouse (DCC) support. Install pyzor package to get Pyzor support. Install perl-Mail-SPF-Query package to get SPF support. To enable spamassassin, if you are receiving mail locally, simply add this line to your ~/.procmailrc: INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc To filter spam for all users, add that line to /etc/procmailrc (creating if necessary). %package sendmail sendmail-cf sendmail-devel sendmail-doc Update: Tue Jan 12 16:12:15 2010 Importance: security ID: MDVSA-2010:003 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:003 %pre A security vulnerability has been identified and fixed in sendmail: sendmail before 8.14.4 does not properly handle a '\0' (NUL) character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-4565). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for this vulnerability. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package bash bash-doc Update: Wed Jan 13 16:15:03 2010 Importance: security ID: MDVSA-2010:004 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:004 %pre A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences (CVE-2010-0002). This update fixes the issue by disabling the display of control characters by default. Additionally, this update fixes the unsafe file creation in bash-doc sample scripts (CVE-2008-5374). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. %description Bash is a GNU project sh-compatible shell or command language interpreter. Bash (Bourne Again shell) incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. Bash offers several improvements over sh, including command line editing, unlimited size command history, job control, shell functions and aliases, indexed arrays of unlimited size and integer arithmetic in any base from two to 64. Bash is ultimately intended to conform to the IEEE POSIX P1003.2/ISO 9945.2 Shell and Tools standard. %package bash bash-doc Update: Wed Jan 13 16:16:25 2010 Importance: security ID: MDVSA-2010:004 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:004 %pre A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences (CVE-2010-0002). This update fixes the issue by disabling the display of control characters by default. Additionally, this update fixes the unsafe file creation in bash-doc sample scripts (CVE-2008-5374). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. %description Bash is a GNU project sh-compatible shell or command language interpreter. Bash (Bourne Again shell) incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. Bash offers several improvements over sh, including command line editing, unlimited size command history, job control, shell functions and aliases, indexed arrays of unlimited size and integer arithmetic in any base from two to 64. Bash is ultimately intended to conform to the IEEE POSIX P1003.2/ISO 9945.2 Shell and Tools standard. %package ftp-client-krb5 ftp-server-krb5 krb5 krb5-server krb5-workstation libkrb53 libkrb53-devel telnet-client-krb5 telnet-server-krb5 Update: Thu Jan 14 00:03:08 2010 Importance: security ID: MDVSA-2010:006 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:006 %pre A vulnerability has been found and corrected in krb5: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid (CVE-2009-4212). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package libnet-snmp15 libnet-snmp-devel libnet-snmp-static-devel net-snmp net-snmp-mibs net-snmp-tkmib net-snmp-trapd net-snmp-utils perl-NetSNMP Update: Fri Jan 15 13:52:09 2010 Importance: bugfix ID: MDVA-2010:027 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:027 %pre This is a minor bugfix release for net-snmp: The /etc/snmp/snmp.local.conf file contains a line that enable quickprinting features that breaks the output from snmpget for the nagios plugins using it. The packages provided with this update addresses this problem. %description SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Fri Jan 15 21:03:46 2010 Importance: security ID: MDVSA-2010:008 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:008 %pre Multiple vulnerabilities has been found and corrected in php: The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable (CVE-2009-2626). The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Fri Jan 15 21:04:31 2010 Importance: security ID: MDVSA-2010:008 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:008 %pre Multiple vulnerabilities has been found and corrected in php: The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable (CVE-2009-2626). The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libthai0 libthai-devel thai-data Update: Sat Jan 16 16:20:02 2010 Importance: security ID: MDVSA-2010:010 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:010 %pre Multiple vulnerabilities has been found and corrected in libthai: Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string (CVE-2009-4012). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. %description LibThai is a set of Thai language support routines aimed to ease developers' tasks to incorporate Thai language support in their applications. It includes important Thai-specific functions e.g. word breaking, input and output methods as well as basic character and string supports. %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Sun Jan 17 19:56:29 2010 Importance: security ID: MDVSA-2010:011 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:011 %pre Multiple vulnerabilities has been found and corrected in mysql: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019). The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028). MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. Additionally for 2009.0 and MES5 mysql has also been upgraded to the last stable 5.0 release (5.0.89). %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. Please see the documentation and the manual for more information. %package ruby ruby-devel ruby-doc ruby-tk Update: Tue Jan 19 15:40:36 2010 Importance: security ID: MDVSA-2010:017 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:017 %pre A vulnerability has been found and corrected in ruby: WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator (CVE-2009-4492). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package debugmode initscripts Update: Wed Jan 20 13:25:12 2010 Importance: bugfix ID: MDVA-2010:036 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:036 %pre The network detection routine could not detect the network connection properly in some cases, resulting in premature termination with incorrect return code. This could result in failure on startup for services which depend on network to be up, such as apache2 server. This update fixes this issue. %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package gzip Update: Wed Jan 20 16:38:03 2010 Importance: security ID: MDVSA-2010:020 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:020 %pre Multiple vulnerabilities has been found and corrected in gzip: A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip (CVE-2009-26244). An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandriva Linux system, because it is a very commonly used data compression program. %package bind bind-devel bind-doc bind-utils Update: Wed Jan 20 18:02:25 2010 Importance: security ID: MDVSA-2010:021 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:021 %pre Some vulnerabilities were discovered and corrected in bind: The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries (CVE-2010-0290). There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally BIND has been upgraded to the latest patch release version. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Thu Jan 21 10:52:46 2010 Importance: security ID: MDVSA-2010:022 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:022 %pre Some vulnerabilities were discovered and corrected in openssl: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678 (CVE-2009-4355). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct thies issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %package coreutils coreutils-doc Update: Sat Jan 23 20:25:21 2010 Importance: security ID: MDVSA-2010:024 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:024 %pre A vulnerability were discovered and corrected in coreutils: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp (CVE-2009-4135). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description These are the GNU core utilities. This package is the union of the old GNU fileutils, sh-utils, and textutils packages. These tools are the GNU versions of common useful and popular file & text utilities which are used for: - file management - shell scripts - modifying text file (spliting, joining, comparing, modifying, ...) Most of these programs have significant advantages over their Unix counterparts, such as greater speed, additional options, and fewer arbitrary limits. %package php-pear Update: Mon Jan 25 13:32:04 2010 Importance: security ID: MDVSA-2010:025 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:025 %pre Multiple vulnerabilities were discovered and corrected in php-pear (Mail): Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, a different vector than CVE-2009-4111 (CVE-2009-4023). Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023 (CVE-2009-4111). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. %description PEAR is short for "PHP Extension and Application Repository" and is pronounced just like the fruit. The purpose of PEAR is to provide: * A structured library of open-sourced code for PHP users * A system for code distribution and package maintenance * A standard style for code written in PHP, specified here * The PHP Foundation Classes (PFC), see more below * The PHP Extension Code Library (PECL), see more below * A web site, mailing lists and download mirrors to support the PHP/PEAR community %package libldap2.4_2 libldap2.4_2-devel libldap2.4_2-static-devel openldap openldap-clients openldap-doc openldap-servers openldap-testprogs openldap-tests Update: Tue Jan 26 16:00:23 2010 Importance: security ID: MDVSA-2010:026 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:026 %pre A vulnerability was discovered and corrected in openldap: libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \'\0\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-3767). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd) which is in the -servers package, libraries for implementing the LDAP protocol (in the lib packages), and utilities, tools, and sample clients (in the -clients package). The openldap binary package includes only configuration files used by the libraries. Install openldap if you need LDAP applications and tools. %package gurpmi urpmi urpmi-ldap urpmi-parallel-ka-run urpmi-parallel-ssh urpmi-recover Update: Wed Jan 27 16:30:44 2010 Importance: bugfix ID: MDVA-2010:045 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:045 %pre There was a small typo in the french translation. The update packages addresses this issue. %description urpmi is Mandriva Linux's console-based software installation tool. You can use it to install software from the console in the same way as you use the graphical Install Software tool (rpmdrake) to install software from the desktop. urpmi will follow package dependencies -- in other words, it will install all the other software required by the software you ask it to install -- and it's capable of obtaining packages from a variety of media, including the Mandriva Linux installation CD-ROMs, your local hard disk, and remote sources such as web or FTP sites. %package libnss3 libnss-devel libnss-static-devel nss rootcerts rootcerts-java Update: Thu Jan 28 22:12:17 2010 Importance: security ID: MDVSA-2010:029 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:029 %pre The rootcerts package was added in Mandriva in 2005 and was meant to be updated when nessesary. The provided rootcerts packages has been upgraded using the latest certdata.txt file from the mozilla cvs repository, as of 2009/12/03. In Mandriva a number of additional CA root certificates has been added such as ICP-Brasil (Brazil government CA), cacert.org, IGC/A CA (French government CA). The IGC/A CA one was recently added upstream in the mozilla certdata.txt file. The rootcerts package provides the /etc/pki/tls/certs/ca-bundle.crt file which most sofwares in Mandriva, and where appliable is sharing such as KDE, curl, pidgin, neon, and more. The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided. %description This is a bundle of X.509 certificates of public Certificate Authorities (CA). These were automatically extracted from Mozilla's root CA list (the file "certdata.txt"). It contains the certificates in both plain text and PEM format and therefore can be directly used with an Apache/mod_ssl webserver for SSL client authentication. Just configure this file as the SSLCACertificateFile. %package kernel-2.6.27.45-1mnb kernel-desktop-2.6.27.45-1mnb kernel-desktop586-2.6.27.45-1mnb kernel-desktop586-devel-2.6.27.45-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.45-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.45-1mnb kernel-server-devel-2.6.27.45-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.45-1mnb kernel-source-latest Update: Mon Feb 01 19:35:11 2010 Importance: security ID: MDVSA-2010:030 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:030 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) An issue was discovered in 2.6.32.x kernels, which sets unsecure permission for devtmpfs file system by default. (CVE-2010-0299) Additionally, it was added support for Atheros AR2427 Wireless Network Adapter. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Manbo Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/en/security/kernelupdate %package libnss3 libnss-devel libnss-static-devel nss rootcerts rootcerts-java Update: Thu Feb 04 13:40:33 2010 Importance: security ID: MDVSA-2010:032 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:032 %pre It was brought to our attention by Ludwig Nussel at SUSE the md5 collision certificate should not be included. This update removes the offending certificate. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided. %description This is a bundle of X.509 certificates of public Certificate Authorities (CA). These were automatically extracted from Mozilla's root CA list (the file "certdata.txt"). It contains the certificates in both plain text and PEM format and therefore can be directly used with an Apache/mod_ssl webserver for SSL client authentication. Just configure this file as the SSLCACertificateFile. %package squid squid-cachemgr Update: Fri Feb 05 17:18:53 2010 Importance: security ID: MDVSA-2010:033 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:033 %pre A vulnerability have been discovered and corrected in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header (CVE-2010-0308). This update provides a fix to this vulnerability. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 8192 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 8192 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package alsa_raoppcm-kernel-2.6.27.45-desktop-1mnb alsa_raoppcm-kernel-2.6.27.45-desktop586-1mnb alsa_raoppcm-kernel-2.6.27.45-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.27.45-desktop-1mnb drm-experimental-kernel-2.6.27.45-desktop586-1mnb drm-experimental-kernel-2.6.27.45-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-server-latest et131x-kernel-2.6.27.45-desktop-1mnb et131x-kernel-2.6.27.45-desktop586-1mnb et131x-kernel-2.6.27.45-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-server-latest fcpci-kernel-2.6.27.45-desktop-1mnb fcpci-kernel-2.6.27.45-desktop586-1mnb fcpci-kernel-2.6.27.45-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-server-latest fglrx-kernel-2.6.27.45-desktop-1mnb fglrx-kernel-2.6.27.45-desktop586-1mnb fglrx-kernel-2.6.27.45-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-server-latest gnbd-kernel-2.6.27.45-desktop-1mnb gnbd-kernel-2.6.27.45-desktop586-1mnb gnbd-kernel-2.6.27.45-server-1mnb gnbd-kernel-desktop586-latest gnbd-kernel-desktop-latest gnbd-kernel-server-latest hcfpcimodem-kernel-2.6.27.45-desktop-1mnb hcfpcimodem-kernel-2.6.27.45-desktop586-1mnb hcfpcimodem-kernel-2.6.27.45-server-1mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.27.45-desktop-1mnb hsfmodem-kernel-2.6.27.45-desktop586-1mnb hsfmodem-kernel-2.6.27.45-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-server-latest hso-kernel-2.6.27.45-desktop-1mnb hso-kernel-2.6.27.45-desktop586-1mnb hso-kernel-2.6.27.45-server-1mnb hso-kernel-desktop586-latest hso-kernel-desktop-latest hso-kernel-server-latest iscsitarget-kernel-2.6.27.45-desktop-1mnb iscsitarget-kernel-2.6.27.45-desktop586-1mnb iscsitarget-kernel-2.6.27.45-server-1mnb iscsitarget-kernel-desktop586-latest iscsitarget-kernel-desktop-latest iscsitarget-kernel-server-latest kernel-2.6.27.45-1mnb kernel-desktop-2.6.27.45-1mnb kernel-desktop586-2.6.27.45-1mnb kernel-desktop586-devel-2.6.27.45-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.27.45-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-server-2.6.27.45-1mnb kernel-server-devel-2.6.27.45-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.27.45-1mnb kernel-source-latest kqemu-kernel-2.6.27.45-desktop-1mnb kqemu-kernel-2.6.27.45-desktop586-1mnb kqemu-kernel-2.6.27.45-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-server-latest lirc-kernel-2.6.27.45-desktop-1mnb lirc-kernel-2.6.27.45-desktop586-1mnb lirc-kernel-2.6.27.45-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-server-latest lzma-kernel-2.6.27.45-desktop-1mnb lzma-kernel-2.6.27.45-desktop586-1mnb lzma-kernel-2.6.27.45-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-server-latest madwifi-kernel-2.6.27.45-desktop-1mnb madwifi-kernel-2.6.27.45-desktop586-1mnb madwifi-kernel-2.6.27.45-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-server-latest nvidia173-kernel-2.6.27.45-desktop-1mnb nvidia173-kernel-2.6.27.45-desktop586-1mnb nvidia173-kernel-desktop586-latest nvidia173-kernel-desktop-latest nvidia71xx-kernel-2.6.27.45-desktop-1mnb nvidia71xx-kernel-2.6.27.45-desktop586-1mnb nvidia71xx-kernel-2.6.27.45-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.27.45-desktop-1mnb nvidia96xx-kernel-2.6.27.45-desktop586-1mnb nvidia96xx-kernel-2.6.27.45-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.27.45-desktop-1mnb nvidia-current-kernel-2.6.27.45-desktop586-1mnb nvidia-current-kernel-2.6.27.45-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.27.45-desktop-1mnb omfs-kernel-2.6.27.45-desktop586-1mnb omfs-kernel-2.6.27.45-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-server-latest omnibook-kernel-2.6.27.45-desktop-1mnb omnibook-kernel-2.6.27.45-desktop586-1mnb omnibook-kernel-2.6.27.45-server-1mnb omnibook-kernel-desktop586-latest omnibook-kernel-desktop-latest omnibook-kernel-server-latest opencbm-kernel-2.6.27.45-desktop-1mnb opencbm-kernel-2.6.27.45-desktop586-1mnb opencbm-kernel-2.6.27.45-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.27.45-desktop-1mnb ov51x-jpeg-kernel-2.6.27.45-desktop586-1mnb ov51x-jpeg-kernel-2.6.27.45-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-server-latest qc-usb-kernel-2.6.27.45-desktop-1mnb qc-usb-kernel-2.6.27.45-desktop586-1mnb qc-usb-kernel-2.6.27.45-server-1mnb qc-usb-kernel-desktop586-latest qc-usb-kernel-desktop-latest qc-usb-kernel-server-latest rt2860-kernel-2.6.27.45-desktop-1mnb rt2860-kernel-2.6.27.45-desktop586-1mnb rt2860-kernel-2.6.27.45-server-1mnb rt2860-kernel-desktop586-latest rt2860-kernel-desktop-latest rt2860-kernel-server-latest rt2870-kernel-2.6.27.45-desktop-1mnb rt2870-kernel-2.6.27.45-desktop586-1mnb rt2870-kernel-2.6.27.45-server-1mnb rt2870-kernel-desktop586-latest rt2870-kernel-desktop-latest rt2870-kernel-server-latest rtl8187se-kernel-2.6.27.45-desktop-1mnb rtl8187se-kernel-2.6.27.45-desktop586-1mnb rtl8187se-kernel-2.6.27.45-server-1mnb rtl8187se-kernel-desktop586-latest rtl8187se-kernel-desktop-latest rtl8187se-kernel-server-latest slmodem-kernel-2.6.27.45-desktop-1mnb slmodem-kernel-2.6.27.45-desktop586-1mnb slmodem-kernel-2.6.27.45-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-server-latest squashfs-lzma-kernel-2.6.27.45-desktop-1mnb squashfs-lzma-kernel-2.6.27.45-desktop586-1mnb squashfs-lzma-kernel-2.6.27.45-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-server-latest tp_smapi-kernel-2.6.27.45-desktop-1mnb tp_smapi-kernel-2.6.27.45-desktop586-1mnb tp_smapi-kernel-2.6.27.45-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-server-latest vboxadd-kernel-2.6.27.45-desktop-1mnb vboxadd-kernel-2.6.27.45-desktop586-1mnb vboxadd-kernel-2.6.27.45-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.45-desktop-1mnb vboxvfs-kernel-2.6.27.45-desktop586-1mnb vboxvfs-kernel-2.6.27.45-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest vhba-kernel-2.6.27.45-desktop-1mnb vhba-kernel-2.6.27.45-desktop586-1mnb vhba-kernel-2.6.27.45-server-1mnb vhba-kernel-desktop586-latest vhba-kernel-desktop-latest vhba-kernel-server-latest virtualbox-kernel-2.6.27.45-desktop-1mnb virtualbox-kernel-2.6.27.45-desktop586-1mnb virtualbox-kernel-2.6.27.45-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.27.45-desktop-1mnb vpnclient-kernel-2.6.27.45-desktop586-1mnb vpnclient-kernel-2.6.27.45-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-server-latest Update: Mon Feb 08 17:02:53 2010 Importance: security ID: MDVSA-2010:034 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:034 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) Additionally, the Linux kernel was updated to the stable release 2.6.27.45. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package libnetapi0 libnetapi-devel libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel libsmbsharemodes0 libsmbsharemodes-devel libtalloc1 libtalloc-devel libtdb1 libtdb-devel libwbclient0 libwbclient-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Update: Thu Feb 11 11:55:29 2010 Importance: bugfix ID: MDVA-2010:056 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:056 %pre This is a maintenance update of samba in order to support Windows 7 hosts integration in Samba domain. Additionally on 2009.0 and MES5 samba has been upgraded from 3.2.15 to 3.3.10 which brings many upstream fixes besides those that mainly conserns Windows 7 interoperabilities. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package webmin Update: Fri Feb 12 18:50:59 2010 Importance: security ID: MDVSA-2010:036 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 %pre This advisory updates webmin to the latest version 1.500, fixing several bugs and a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (CVE-2009-4568). %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package webmin Update: Fri Feb 12 18:51:31 2010 Importance: security ID: MDVSA-2010:036 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 %pre This advisory updates webmin to the latest version 1.500, fixing several bugs and a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (CVE-2009-4568). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package pptp-linux Update: Mon Feb 15 18:25:17 2010 Importance: bugfix ID: MDVA-2010:064 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:064 %pre The pptp-linux packages in Mandriva Linux 2009.0, MES5, 2009.1 and 2010.0 try to call /bin/ip instead of /sbin/ip. The updated packages fix this issue. %description PPTP-linux allows you to connect to a PPTP server from a Linux or other Unix box (ports of pptp-linuxto other Unix variants should be trivial, but have not yet been performed). See the IPfwd page (http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd) for information on tunnelling PPTP through Linux firewalls. %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Tue Feb 16 10:32:29 2010 Importance: bugfix ID: MDVA-2010:066 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:066 %pre Some bugs were found in drakxtools code dropping privileges to display help or other web pages. This updates make it more reliable on 2009.0 and 2009.1, and make it actually drop privileges on 2008.0. Additionally it fixes drakbug on 2008.0 to actually open the bug when launching the browser. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package mdkonline Update: Tue Feb 16 11:17:54 2010 Importance: bugfix ID: MDVA-2010:067 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:067 %pre The new mdkonline packages adds the extended maintenance support to mdkonline. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. %description The Mandriva Online tool allows users to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Update daemon which allows you to install security updates automatically, * A KDE/Gnome/IceWM compliant applet for security updates notification and installation. %package drakconf drakconf-icons Update: Tue Feb 16 11:51:22 2010 Importance: bugfix ID: MDVA-2010:068 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:068 %pre The new drakconf packages adds extended maintainance access support to drakconf. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers as well as for official 2008.0 updates. %description drakconf includes the Mandriva Linux Control Center which is an interface to multiple utilities from DrakXtools. %package eject Update: Tue Feb 16 15:55:49 2010 Importance: bugfix ID: MDVA-2010:071 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:071 %pre The eject package shipped in Mandriva Linux 2009.0, 2009.1, 2010.0 contains a bug which will lead to a failure when ejecting a DVD which has space characters within its name. The updated package fixes this problem. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. %description The eject program allows the user to eject removable media (typically CD-ROMs, floppy disks or Iomega Jaz or Zip disks) using software control. Eject can also control some multi- disk CD changers and even some devices' auto-eject features. Install eject if you'd like to eject removable media using software control. %package libnetpbm10 libnetpbm-devel libnetpbm-static-devel netpbm Update: Wed Feb 17 16:00:07 2010 Importance: security ID: MDVSA-2010:039 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:039 %pre A vulnerability have been discovered and corrected in netpbm: Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value (CVE-2009-4274). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package dhcp-client dhcp-common dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Thu Feb 18 17:38:37 2010 Importance: bugfix ID: MDVA-2010:073 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:073 %pre The DHCP client ignores the interface-mtu option set by server. This update fixes the issue. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package libtheora0 libtheoradec1 libtheora-devel libtheoraenc1 Update: Fri Feb 19 17:11:07 2010 Importance: security ID: MDVSA-2010:043 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:043 %pre A vulnerability have been discovered and corrected in libtheora: Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions (CVE-2009-3389). The updated packages have been patched to correct this issue. %description Ogg Theora is a fully open, non-proprietary, patent-and-royalty-free, general-purpose compressed video format. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Tue Feb 23 11:43:10 2010 Importance: security ID: MDVSA-2010:045 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 %pre A vulnerability has been found and corrected in php: PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive (CVE-2009-4143). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package ipxutils libncpfs2.3 libncpfs-devel ncpfs Update: Tue Feb 23 17:33:58 2010 Importance: security ID: MDVSA-2010:046 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:046 %pre A vulnerability has been found in ncpfs which can be exploited by local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges (CVE-2009-3297). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description Ncpfs is a filesystem which understands the Novell NetWare(TM) NCP protocol. Functionally, NCP is used for NetWare the way NFS is used in the TCP/IP world. For a Linux system to mount a NetWare filesystem, it needs a special mount program. The ncpfs package contains such a mount program plus other tools for configuring and using the ncpfs filesystem. Install the ncpfs package if you need to use the ncpfs filesystem to use Novell NetWare files or services. %package fuse libfuse2 libfuse-devel libfuse-static-devel Update: Tue Feb 23 18:09:51 2010 Importance: security ID: MDVSA-2010:047 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:047 %pre A race condition has been found in fuse that could escalate privileges for local users and lead to a DoS (Denial of Service) (CVE-2009-3297). The updated packages have been patched to correct this issue. %description FUSE (Filesystem in USErspace) is a simple interface for userspace programs to export a virtual filesystem to the linux kernel. FUSE also aims to provide a secure method for non privileged users to create and mount their own filesystem implementations. %package msec Update: Thu Feb 25 14:52:47 2010 Importance: bugfix ID: MDVA-2010:078 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:078 %pre This update allows msec to properly set special file permissions (such as SUID bits) when changing security levels (bug #57793). %description The Mandriva Linux Security package is designed to provide generic secure level to the Mandriva Linux users... It will permit you to choose between level 0 to 5 for a less -> more secured distribution. This packages includes several programs that will be run periodically in order to test the security of your system and alert you if needed. %package sudo Update: Thu Feb 25 19:23:29 2010 Importance: security ID: MDVSA-2010:049 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:049 %pre A vulnerabilitiy has been found and corrected in sudo: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory (CVE-2010-0426). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Thu Feb 25 20:12:49 2010 Importance: bugfix ID: MDVA-2010:082 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:082 %pre When LDAP authentication is configured using the drakauth application, it could result in several bogus error messages related to '/var/lib/misc/group.db: file not found'. This update fixes this issue. %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package debugmode initscripts Update: Fri Feb 26 13:07:54 2010 Importance: bugfix ID: MDVA-2010:083 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:083 %pre Add a loop around SIGCONT to resume all SIGSTOP'ed process to be able to process SIGTERM. It will not run SIGKILL if there's no process left and avoid Sending all processes the KILL signal... [FAILED] message. %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package irqbalance Update: Mon Mar 01 12:15:24 2010 Importance: bugfix ID: MDVA-2010:086 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:086 %pre This update fixes a bug in irqbalance that makes it to fail to spread IRQs in a SMP or a muli core machine (#57523) %description irqbalance is a daemon that evenly distributes IRQ load across multiple CPUs for enhanced performance. %package sudo Update: Mon Mar 01 19:47:48 2010 Importance: security ID: MDVSA-2010:052 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:052 %pre A vulnerabilitiy has been found and corrected in sudo: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command (CVE-2010-0427). The updated packages have been patched to correct this issue. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Tue Mar 02 18:02:46 2010 Importance: security ID: MDVSA-2010:053 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:053 %pre A vulnerabilitiy has been found and corrected in apache: mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR (CVE-2010-0408). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package openssh openssh-askpass openssh-askpass-common openssh-askpass-gnome openssh-clients openssh-server Update: Wed Mar 03 12:46:50 2010 Importance: bugfix ID: MDVA-2010:090 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:090 %pre This bugfix release addresses a long standing problem when issuing the halt or reboot commands on a remote Mandriva system. This led to that the session wasn't closed properly. This advisory corrects this problem. %description Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. You can build openssh with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] skey smartcard support (disabled) --with[out] krb5 kerberos support (enabled) --with[out] watchdog watchdog support (disabled) --with[out] x11askpass X11 ask pass support (enabled) --with[out] gnomeaskpass Gnome ask pass support (enabled) --with[out] ldap OpenLDAP support (disabled) --with[out] sftpcontrol sftp file control support (disabled) --with[out] hpn HPN ssh/scp support (disabled) --with[out] audit audit support (disabled) --with[out] libedit libedit support in sftp (enabled) %package pam_krb5 Update: Thu Mar 04 14:11:15 2010 Importance: security ID: MDVSA-2010:054 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:054 %pre Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames (CVE-2009-1384). This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue. %description This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV tickets. The included pam_krb5afs module also gets AFS tokens if so configured. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source Update: Sat Mar 06 20:00:36 2010 Importance: security ID: MDVSA-2010:057 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:057 %pre A vulnerabilitiy has been found and corrected in apache: The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request (CVE-2010-0434). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package gurpmi urpmi urpmi-ldap urpmi-parallel-ka-run urpmi-parallel-ssh urpmi-recover Update: Tue Mar 09 15:07:56 2010 Importance: bugfix ID: MDVA-2010:098 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:098 %pre Fix packages signature management when a package is in 2 sub-repositories same version but different signature. This problem occured when local media were used. %description urpmi is Mandriva Linux's console-based software installation tool. You can use it to install software from the console in the same way as you use the graphical Install Software tool (rpmdrake) to install software from the desktop. urpmi will follow package dependencies -- in other words, it will install all the other software required by the software you ask it to install -- and it's capable of obtaining packages from a variety of media, including the Mandriva Linux installation CD-ROMs, your local hard disk, and remote sources such as web or FTP sites. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Tue Mar 09 17:23:28 2010 Importance: security ID: MDVSA-2010:058 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:058 %pre Multiple vulnerabilities has been found and corrected in php: * Improved LCG entropy. (Rasmus, Samy Kamkar) * Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) * Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia) Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package dkms-vboxadd dkms-vboxvfs dkms-virtualbox vboxadd-kernel-2.6.27.45-desktop-1mnb vboxadd-kernel-2.6.27.45-desktop586-1mnb vboxadd-kernel-2.6.27.45-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.27.45-desktop-1mnb vboxvfs-kernel-2.6.27.45-desktop586-1mnb vboxvfs-kernel-2.6.27.45-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-server-latest virtualbox virtualbox-guest-additions virtualbox-kernel-2.6.27.45-desktop-1mnb virtualbox-kernel-2.6.27.45-desktop586-1mnb virtualbox-kernel-2.6.27.45-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-server-latest x11-driver-input-vboxmouse x11-driver-video-vboxvideo Update: Wed Mar 10 16:55:48 2010 Importance: security ID: MDVSA-2010:059 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:059 %pre A vulnerability has been found and corrected in virtualbox: Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors (CVE-2009-3940). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description VirtualBox Open Source Edition (OSE) is a general-purpose full virtualizer for x86 hardware. %package squid squid-cachemgr Update: Wed Mar 10 19:40:19 2010 Importance: security ID: MDVSA-2010:060 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:060 %pre A vulnerability has been found and corrected in squid: The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference (CVE-2010-0639). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 8192 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 8192 filedescriptors. You can build squid with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] test Initiate the test suite %package ipxutils libncpfs2.3 libncpfs-devel ncpfs Update: Thu Mar 11 17:39:38 2010 Importance: security ID: MDVSA-2010:061 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:061 %pre Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name (CVE-2010-0790). The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits (CVE-2010-0791). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. %description Ncpfs is a filesystem which understands the Novell NetWare(TM) NCP protocol. Functionally, NCP is used for NetWare the way NFS is used in the TCP/IP world. For a Linux system to mount a NetWare filesystem, it needs a special mount program. The ncpfs package contains such a mount program plus other tools for configuring and using the ncpfs filesystem. Install the ncpfs package if you need to use the ncpfs filesystem to use Novell NetWare files or services. %package libnss3 libnss-devel libnss-static-devel nss rootcerts rootcerts-java Update: Fri Mar 12 17:33:32 2010 Importance: bugfix ID: MDVA-2010:100 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:100 %pre The Adobe Flash plugin has https support, but only searches for SSL certificates in /etc/ssl/certs. This advisory provides a compatibility symlink at /etc/ssl/certs pointing to /etc/pki/tls/certs to remedy this problem. Additionally this advisory also brings the latest root CA certs from the mozilla cvs dated 2010-02-16. The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. %description This is a bundle of X.509 certificates of public Certificate Authorities (CA). These were automatically extracted from Mozilla's root CA list (the file "certdata.txt"). It contains the certificates in both plain text and PEM format and therefore can be directly used with an Apache/mod_ssl webserver for SSL client authentication. Just configure this file as the SSLCACertificateFile. %package timezone timezone-java Update: Mon Mar 15 14:51:22 2010 Importance: bugfix ID: MDVA-2010:101 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:101 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package timezone timezone-java Update: Mon Mar 15 15:30:53 2010 Importance: bugfix ID: MDVA-2010:101 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:101 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package curl curl-examples libcurl4 libcurl-devel Update: Fri Mar 19 22:47:32 2010 Importance: security ID: MDVSA-2010:062 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:062 %pre A vulnerability has been found and corrected in curl: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit (CVE-2010-0734). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct theis issue. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with SSL (https) support. %package libpng3 libpng-devel libpng-source libpng-static-devel Update: Tue Mar 23 10:40:13 2010 Importance: security ID: MDVSA-2010:064 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:064 %pre A vulnerability has been found and corrected in libpng: The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a decompression bomb attack (CVE-2010-0205). The updated packages have been patched to correct this issue. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package cpio tar Update: Tue Mar 23 11:39:36 2010 Importance: security ID: MDVSA-2010:065 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:065 %pre A vulnerability has been found and corrected in cpio and tar: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character (CVE-2010-0624). The Tar package as shipped with Mandriva Linux is not affected by this vulnerability, but it was patched nonetheless in order to provide additional security to customers who recompile the package while having the rsh package installed. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description The GNU tar program saves many files together into one archive and can restore individual files (or all of the files) from the archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive compression/ decompression, the ability to perform remote archives and the ability to perform incremental and full backups. If you want to use Tar for remote backups, you'll also need to install the rmt package. You should install the tar package, because you'll find its compression and decompression utilities essential for working with files. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Sat Mar 27 13:18:31 2010 Importance: security ID: MDVSA-2010:068 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:068 %pre A vulnerability has been found and corrected in php: The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument (CVE-2010-0397). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sybase php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Sat Mar 27 16:35:43 2010 Importance: security ID: MDVSA-2010:068 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:068 %pre A vulnerability has been found and corrected in php: The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument (CVE-2010-0397). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libnspr4 libnspr-devel libnss3 libnss-devel libnss-static-devel nss Update: Tue Apr 06 23:15:20 2010 Importance: security ID: MDVSA-2010:069 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:069 %pre A vulnerability has been found and corrected in nss: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue (CVE-2009-3555). Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. For detailed information on standards supported, see http://www.mozilla.org/projects/security/pki/nss/overview.html. %package ftp-client-krb5 ftp-server-krb5 krb5 krb5-server krb5-workstation libkrb53 libkrb53-devel telnet-client-krb5 telnet-server-krb5 Update: Tue Apr 13 20:39:40 2010 Importance: security ID: MDVSA-2010:071 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:071 %pre A vulnerability has been found and corrected in krb5: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number (CVE-2010-0629). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package timezone timezone-java Update: Wed Apr 14 06:18:10 2010 Importance: bugfix ID: MDVA-2010:116 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:116 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package idn libcap2 libcap-devel libcap-utils libidn11 libidn11-java libidn11-mono libidn-devel libssh2_1 libssh2-devel pam_cap Update: Wed Apr 14 08:49:54 2010 Importance: bugfix ID: MDVA-2010:117 URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:117 %pre Dependency problems was discovered on Mandriva Linux 2009.0 Powerpack x86_64 which prevented the flashplayer and libsmbclient0 packages to install smoothly using MandrivaUpdate. This advisory provides the missing packages. %description libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities. %package cups cups-common cups-serial libcups2 libcups2-devel php-cups Update: Wed Apr 14 14:49:59 2010 Importance: security ID: MDVSA-2010:073 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:073 %pre Multiple vulnerabilities has been found and corrected in cups: CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs (CVE-2009-2820). Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information (CVE-2009-3553). Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553 (CVE-2010-0302). The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers (CVE-2010-0393). The updated packages have been patched to correct these issues. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package cups cups-common cups-serial libcups2 libcups2-devel php-cups Update: Wed Apr 14 15:04:54 2010 Importance: security ID: MDVSA-2010:073 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:073 %pre Multiple vulnerabilities has been found and corrected in cups: CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs (CVE-2009-2820). Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information (CVE-2009-3553). Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553 (CVE-2010-0302). The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers (CVE-2010-0393). The updated packages have been patched to correct these issues. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file.