[Full-disclosure] MDKSA-2006:018 - Updated kernel packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:018 http://www.mandriva.com/security/ ___ Package : kernel Date: January 20, 2006 Affected: 2006.0 ___ Problem Description: A number of vulnerabilites have been corrected in the Linux kernel: A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783). The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784). A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805). The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifes the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806). An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808). As well, other bugfixes are included in this update: Fixes to swsup and HDA sound fixes (DMA buffer fixes, and fixes for the AD1986a codec, added support for Nvidia chipsets, and new model information for the Gigabyte K8N51). MCP51 forcedeth support has been added. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3527 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3808 ___ Updated Packages: Mandriva Linux 2006.0: c71acedddee438c177e44c59ace9231c 2006.0/RPMS/kernel-2.6.12.15mdk-1-1mdk.i586.rpm be94c46555066619429aba3c11e88c49 2006.0/RPMS/kernel-i586-up-1GB-2.6.12.15mdk-1-1mdk.i586.rpm 0506cd9f49c7fa8998ea9611c22fa33b 2006.0/RPMS/kernel-i686-up-4GB-2.6.12.15mdk-1-1mdk.i586.rpm bdc7d06043c6a98a1a9d1baee3bc47dd 2006.0/RPMS/kernel-smp-2.6.12.15mdk-1-1mdk.i586.rpm e4283335d3c3f2ff679dbaf672e2a288 2006.0/RPMS/kernel-source-2.6-2.6.12-15mdk.i586.rpm 4114739c58dd249e23afbde019ecf5e7 2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-15mdk.i586.rpm f9f5deb668cfdaf90f66a50de54e8e54 2006.0/RPMS/kernel-xbox-2.6.12.15mdk-1-1mdk.i586.rpm bc0bade8d53184908296fac79fc07724 2006.0/RPMS/kernel-xen0-2.6.12.15mdk-1-1mdk.i586.rpm 8e4f4040d6b08d25cf323a451301cfe6 2006.0/RPMS/kernel-xenU-2.6.12.15mdk-1-1mdk.i586.rpm 786b6c30ae9c052de3a856d8933fe2fd 2006.0/SRPMS/kernel-2.6.12.15mdk-1-1mdk.src.rpm Mandriva Linux 2006.0/X86_64: cf1e06a1f851f40a4298b9d7f8135da5 x86_64/2006.0/RPMS/kernel-2.6.12.15mdk-1-1mdk.x86_64.rpm 00a15f173dc072f60c810b8d513987c9 x86_64/2006.0/RPMS/kernel-smp-2.6.12.15mdk-1-1mdk.x86_64.rpm b82e5e65bb03c557a3d1f6f3145a58cd x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-15mdk.x86_64.rpm 6ed321add133142fb3f597e004c9747f x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-15mdk.x86_64.rpm 786b6c30ae9c052de3a856d8933fe2fd x86_64/2006.0/SRPMS/kernel-2.6.12.15mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD0Q4XmqjQ0CJFipgRAr2hAJ91vhSFOR0gbGWyhJ1HEiMdKMaJqgCeLoyJ
[Full-disclosure] MDKSA-2006:019 - Updated kdelibs packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:019 http://www.mandriva.com/security/ ___ Package : kdelibs Date: January 20, 2006 Affected: 2006.0, Corporate 3.0 ___ Problem Description: A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpretter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019 ___ Updated Packages: Mandriva Linux 2006.0: 6d11e781a5112ab7d2c991df1bca4c0d 2006.0/RPMS/kdelibs-common-3.4.2-31.3.20060mdk.i586.rpm 09ddb324793a6af1e5bb55912896a9a1 2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.3.20060mdk.i586.rpm 6211efda291f9327ed98d3aca442b1f0 2006.0/RPMS/libkdecore4-3.4.2-31.3.20060mdk.i586.rpm 77f643da674997a6ae38acd761f3016a 2006.0/RPMS/libkdecore4-devel-3.4.2-31.3.20060mdk.i586.rpm 57fb02e73896d75f28d9f9aad5f5dfef 2006.0/SRPMS/kdelibs-3.4.2-31.3.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 84b25eefbb6fa383dbc4ccf92c873f74 x86_64/2006.0/RPMS/kdelibs-common-3.4.2-31.3.20060mdk.x86_64.rpm c3e42fe27e73df2da68ba768f0dbee4c x86_64/2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.3.20060mdk.x86_64.rpm a6a7258b0990a09b099e039f54db18bb x86_64/2006.0/RPMS/lib64kdecore4-3.4.2-31.3.20060mdk.x86_64.rpm 62a2e822dab43b67f7cdfb9258725d2b x86_64/2006.0/RPMS/lib64kdecore4-devel-3.4.2-31.3.20060mdk.x86_64.rpm 6211efda291f9327ed98d3aca442b1f0 x86_64/2006.0/RPMS/libkdecore4-3.4.2-31.3.20060mdk.i586.rpm 77f643da674997a6ae38acd761f3016a x86_64/2006.0/RPMS/libkdecore4-devel-3.4.2-31.3.20060mdk.i586.rpm 57fb02e73896d75f28d9f9aad5f5dfef x86_64/2006.0/SRPMS/kdelibs-3.4.2-31.3.20060mdk.src.rpm Corporate 3.0: e3b716c3fef88118742882a139d589fa corporate/3.0/RPMS/kdelibs-common-3.2-36.15.C30mdk.i586.rpm 439b0acb1afd62c8f894317ad5922557 corporate/3.0/RPMS/libkdecore4-3.2-36.15.C30mdk.i586.rpm 77e5302db914631a223c7fb6a55c623b corporate/3.0/RPMS/libkdecore4-devel-3.2-36.15.C30mdk.i586.rpm 8399789d3975218e919c7544cf4fff41 corporate/3.0/SRPMS/kdelibs-3.2-36.15.C30mdk.src.rpm Corporate 3.0/X86_64: 04d568123ae0f632020b16d7ca3c79b5 x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.15.C30mdk.x86_64.rpm 6c0451aa188253c07d9865880cb32c35 x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.15.C30mdk.x86_64.rpm 22160903e03c77c575a84ed9ef045ac6 x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.15.C30mdk.x86_64.rpm 439b0acb1afd62c8f894317ad5922557 x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.15.C30mdk.i586.rpm 8399789d3975218e919c7544cf4fff41 x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.15.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD0Wo/mqjQ0CJFipgRAmZ5AJwIj2pNBFllFW3SJGKuFTtDxynGqACg0D5Q gtPHEfoCPKr+iAPlyii2ugE= =6CJe -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:017 - Updated mod_auth_ldap packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:017 http://www.mandriva.com/security/ ___ Package : mod_auth_ldap Date: January 19, 2006 Affected: Corporate 2.1 ___ Problem Description: A format string flaw was discovered in the way that auth_ldap logs information which may allow a remote attacker to execute arbitrary code as the apache user if auth_ldap is used for authentication. This update provides version 1.6.1 of auth_ldap which corrects the problem. Only Corporate Server 2.1 shipped with a supported auth_ldap package. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0150 ___ Updated Packages: Corporate Server 2.1: a579c887e48daaa8281ecdc4e1381fa0 corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.i586.rpm 3af337e3989aed18d9c6e634ecb3e47b corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm Corporate Server 2.1/X86_64: b3c27d91b6fa68e557507318c8e18f0c x86_64/corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.x86_64.rpm 3af337e3989aed18d9c6e634ecb3e47b x86_64/corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDz9lvmqjQ0CJFipgRAhbvAKDejWx5RUTciABT7qVXho9XOyOH5ACgsi58 FLI7qZytVoR7yezzkdYV47M= =GvY0 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:014 - Updated wine packages fix WMF vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:014 http://www.mandriva.com/security/ ___ Package : wine Date: January 16, 2006 Affected: 2006.0, Corporate 3.0 ___ Problem Description: A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly resulting in the execution of arbitrary code with the privileges of the user runing Wine. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106 ___ Updated Packages: Mandriva Linux 2006.0: d4f3baabbba81f1bad315bc79dad7e9c 2006.0/RPMS/libwine1-20050725-6.1.20060mdk.i586.rpm fc810c3d98a537fce73977c5aa6912ea 2006.0/RPMS/libwine1-capi-20050725-6.1.20060mdk.i586.rpm 5663e266c34853af09f421897bd778c7 2006.0/RPMS/libwine1-devel-20050725-6.1.20060mdk.i586.rpm 27052e10ffe276948b7902d9a72aba9a 2006.0/RPMS/libwine1-twain-20050725-6.1.20060mdk.i586.rpm 02f66be98c0d8bde52bcfeb4e4a4ce2d 2006.0/RPMS/wine-20050725-6.1.20060mdk.i586.rpm 37780f9798d8da0c4de0a996f65b41b9 2006.0/SRPMS/wine-20050725-6.1.20060mdk.src.rpm Corporate 3.0: a22d48d27955a0b5c8cf7c872a5332ea corporate/3.0/RPMS/libwine1-20040213-3.1.C30mdk.i586.rpm b0214de7c0416e65330c2aa07c7de5ad corporate/3.0/RPMS/libwine1-capi-20040213-3.1.C30mdk.i586.rpm d9abcd416d2bb0f3d1b892f3c58d3432 corporate/3.0/RPMS/libwine1-devel-20040213-3.1.C30mdk.i586.rpm 6495fbac8ea70deab3b8401b3d83f12d corporate/3.0/RPMS/libwine1-twain-20040213-3.1.C30mdk.i586.rpm 5659cd4b240da12ed15644da93c81723 corporate/3.0/RPMS/wine-20040213-3.1.C30mdk.i586.rpm c32125932c612311afa5c930af3869ab corporate/3.0/RPMS/wine-utils-20040213-3.1.C30mdk.i586.rpm 4611ae314fd47a15f540e1d15021e79d corporate/3.0/SRPMS/wine-20040213-3.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDzAZmmqjQ0CJFipgRAsTIAKCdC5LN/aFvdUrLN6EkdBJhcodGkgCglH2/ ElJAar9JZJxnyaVn7VJyOKA= =Gsty -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:015 - Updated hylafax packages fix eval injection vulnerabilities
/2006.0/RPMS/lib64hylafax4.2.0-devel-4.2.1-2.2.20060mdk.x86_64.rpm 7fa7882271a6486bb797a21ac3621d3c x86_64/2006.0/SRPMS/hylafax-4.2.1-2.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDzAdFmqjQ0CJFipgRAjaCAJ9+YadU465+YmVz9cUfxAGJ1oqYVwCgt/q8 MwhJKlk2ExogvsgfpBxFCy8= =7hXf -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:016 - Updated clamav packages fix vulnerability
/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.i586.rpm ebda4c6c4e070ae0b02327f64ce5f8c1 corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.i586.rpm 2343c8e3cb71f9c1f94a04ea153df0b0 corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.i586.rpm 9b9516676a908e9706070f924d127241 corporate/3.0/RPMS/libclamav1-0.88-0.1.C30mdk.i586.rpm 66c4f79955843bb0dab60021eeda4b89 corporate/3.0/RPMS/libclamav1-devel-0.88-0.1.C30mdk.i586.rpm e670f8e1032dd9cbf38479f5bc695730 corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: cb622db3837b0019ee05fab5b93b3a73 x86_64/corporate/3.0/RPMS/clamav-0.88-0.1.C30mdk.x86_64.rpm e35b47f2bb233a6a63da9111f33d34b1 x86_64/corporate/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.x86_64.rpm 0bd8f3b55cdf12eb23e1450a116f42d1 x86_64/corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.x86_64.rpm c03051f1e521db11b0604ed123caaa24 x86_64/corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.x86_64.rpm d9ad3e9cf881de0185cf58ae80c89391 x86_64/corporate/3.0/RPMS/lib64clamav1-0.88-0.1.C30mdk.x86_64.rpm 0148db41a8e5724cd229ea866b7037ad x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88-0.1.C30mdk.x86_64.rpm e670f8e1032dd9cbf38479f5bc695730 x86_64/corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDzAsDmqjQ0CJFipgRAn+hAKC+LqIePeyGT996WlgEHRz08tKDmgCeLkl9 fRY6yzxeFm2/EAO5B9Q3/to= =F+a3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:013 - Updated kolab packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:013 http://www.mandriva.com/security/ ___ Package : kolab-resource-handlers Date: January 12, 2006 Affected: 2006.0 ___ Problem Description: A problem exists in how the Kolab Server transports emails bigger than 8KB in size and if a dot (.) character exists in the wrong place. If these conditions are met, kolabfilter will double this dot and a modified email will be delivered, which could lead to broken clear-text signatures or broken attachments. The updated packages have been patched to correct these problems. ___ References: http://kolab.org/security/kolab-vendor-notice-07.txt ___ Updated Packages: Mandriva Linux 2006.0: 0ac77fdb0776f06f40dd8ba0ed30d317 2006.0/RPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.noarch.rpm 45f74289423c41ad54d49f7e77899fa8 2006.0/SRPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 2d56dcded06922276579f29129533a1e x86_64/2006.0/RPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.noarch.rpm 45f74289423c41ad54d49f7e77899fa8 x86_64/2006.0/SRPMS/kolab-resource-handlers-0.4.1-0.20050811.2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDxtxEmqjQ0CJFipgRAvydAJkBuhr7Il3CFvXNVgSvOFiUjuRmBwCgpLat n6BrU+moTSBANRjoKIn2+js= =FL1V -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:010 - Updated cups packages fix several vulnerabilities
8dfe2e759e0749cf7b7acdf077fab2e8 x86_64/10.2/RPMS/cups-common-1.1.23-11.2.102mdk.x86_64.rpm 0ae798ff3cad9bf639db492d3717ff99 x86_64/10.2/RPMS/cups-serial-1.1.23-11.2.102mdk.x86_64.rpm b85e0f3831dae734217d76930813909b x86_64/10.2/RPMS/lib64cups2-1.1.23-11.2.102mdk.x86_64.rpm 38f5140a72acf7689b599bef9f923000 x86_64/10.2/RPMS/lib64cups2-devel-1.1.23-11.2.102mdk.x86_64.rpm 5862692ff8114c7f78a808e946c371e6 x86_64/10.2/SRPMS/cups-1.1.23-11.2.102mdk.src.rpm Mandriva Linux 2006.0: 7fa2fe8c6e545eb18fd69f037688d701 2006.0/RPMS/cups-1.1.23-17.1.20060mdk.i586.rpm 045c02e7fe8e5c5a7c19710170892847 2006.0/RPMS/cups-common-1.1.23-17.1.20060mdk.i586.rpm d0246199b3ca4cb26e91490fd85994f4 2006.0/RPMS/cups-serial-1.1.23-17.1.20060mdk.i586.rpm f8b9623d2d7a925196c3496c6f8c491d 2006.0/RPMS/libcups2-1.1.23-17.1.20060mdk.i586.rpm dca5e3b78ef5941f8f6880197e7c02c0 2006.0/RPMS/libcups2-devel-1.1.23-17.1.20060mdk.i586.rpm f54c5483e511e5f94706d25d04b9bed7 2006.0/SRPMS/cups-1.1.23-17.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 2f3de58ff175a564fe4949538632af96 x86_64/2006.0/RPMS/cups-1.1.23-17.1.20060mdk.x86_64.rpm f411ec48c957768194cde193e5693a9e x86_64/2006.0/RPMS/cups-common-1.1.23-17.1.20060mdk.x86_64.rpm 4ca9fcdc1d9c90c0d00cb5ba4c80ad06 x86_64/2006.0/RPMS/cups-serial-1.1.23-17.1.20060mdk.x86_64.rpm c869457a90e4113d284730074dfa8b4e x86_64/2006.0/RPMS/lib64cups2-1.1.23-17.1.20060mdk.x86_64.rpm 98f854ccb1cff62ac98c70213d9da0f8 x86_64/2006.0/RPMS/lib64cups2-devel-1.1.23-17.1.20060mdk.x86_64.rpm f54c5483e511e5f94706d25d04b9bed7 x86_64/2006.0/SRPMS/cups-1.1.23-17.1.20060mdk.src.rpm Corporate Server 2.1: 3a4a7fadc8472a8b9df603d06173a12b corporate/2.1/RPMS/cups-1.1.18-2.12.C21mdk.i586.rpm 8142c0e40cac5993bf87b20867403225 corporate/2.1/RPMS/cups-common-1.1.18-2.12.C21mdk.i586.rpm a4246d3a163aad65368ad436ee271d3d corporate/2.1/RPMS/cups-serial-1.1.18-2.12.C21mdk.i586.rpm 61e710d2dbd5c3b24980a3aee8027609 corporate/2.1/RPMS/libcups1-1.1.18-2.12.C21mdk.i586.rpm 26b64c12e3b8b48e214fd7070f547879 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.12.C21mdk.i586.rpm 06625c0147c5e2aaebd3575ed0133e6b corporate/2.1/SRPMS/cups-1.1.18-2.12.C21mdk.src.rpm Corporate Server 2.1/X86_64: fd0907a5db87cc55f999f05183866f4e x86_64/corporate/2.1/RPMS/cups-1.1.18-2.12.C21mdk.x86_64.rpm 7fb05a22ddee7df584552964b3c29d77 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.12.C21mdk.x86_64.rpm bf0863a6b7616e34678b6866e2c4d6df x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.12.C21mdk.x86_64.rpm d3925af3dc401c15a7d5a5da02b7469b x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.12.C21mdk.x86_64.rpm fdc4cdf8756b835b28b6e6d6945914e4 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.12.C21mdk.x86_64.rpm 06625c0147c5e2aaebd3575ed0133e6b x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.12.C21mdk.src.rpm Corporate 3.0: 18480c0d569725ed5f5542a6e118e01a corporate/3.0/RPMS/cups-1.1.20-5.10.C30mdk.i586.rpm 41eed97b13410174f82c85e43b2b9c9f corporate/3.0/RPMS/cups-common-1.1.20-5.10.C30mdk.i586.rpm c371b67e6315faae8afcd686a5f1affb corporate/3.0/RPMS/cups-serial-1.1.20-5.10.C30mdk.i586.rpm 43f1a46effe9a488642fbe7ba7932477 corporate/3.0/RPMS/libcups2-1.1.20-5.10.C30mdk.i586.rpm da7a75b3e56a8ad8812bd88e078c4567 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.10.C30mdk.i586.rpm 9540dbf56f41e2f77d573ca2798cf306 corporate/3.0/SRPMS/cups-1.1.20-5.10.C30mdk.src.rpm Corporate 3.0/X86_64: fe95777cc7bdfd4b41daf4f9a19186c9 x86_64/corporate/3.0/RPMS/cups-1.1.20-5.10.C30mdk.x86_64.rpm 5e56191f8f14638ab5304ac94df6bb7a x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.10.C30mdk.x86_64.rpm 20f1396cf173d3b58d2a1dc4068770d4 x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.10.C30mdk.x86_64.rpm 6da98153e198cd3b2456280feae5bdba x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.10.C30mdk.x86_64.rpm 83d2c68c0180d8ba395bc9c0cb8b1338 x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.10.C30mdk.x86_64.rpm 9540dbf56f41e2f77d573ca2798cf306 x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.10.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDxCNYmqjQ0CJFipgRAl+eAKDi8lnQXk0D+rUq4UvAl5Le1Ze5oQCfUw+7
[Full-disclosure] MDKSA-2006:011 - Updated tetex packages fix several vulnerabilities
-2.0.2-14.4.C30mdk.x86_64.rpm df38c85b0cb2d498ebf104f7fb81e6a1 x86_64/corporate/3.0/RPMS/tetex-afm-2.0.2-14.4.C30mdk.x86_64.rpm 040e02542890318955af777141ba6812 x86_64/corporate/3.0/RPMS/tetex-context-2.0.2-14.4.C30mdk.x86_64.rpm fd9995939abc6487b32b4866a255fe23 x86_64/corporate/3.0/RPMS/tetex-devel-2.0.2-14.4.C30mdk.x86_64.rpm 1b22e30ac15cb314d7ef6565ef4b8109 x86_64/corporate/3.0/RPMS/tetex-doc-2.0.2-14.4.C30mdk.x86_64.rpm 01b0a67a0b1b6d5089bf1f3c8ac7a0dc x86_64/corporate/3.0/RPMS/tetex-dvilj-2.0.2-14.4.C30mdk.x86_64.rpm b4f357e057da68d83174b3746f2ffd84 x86_64/corporate/3.0/RPMS/tetex-dvipdfm-2.0.2-14.4.C30mdk.x86_64.rpm d13f3f09a1e75608b58dd90f5ea78c9d x86_64/corporate/3.0/RPMS/tetex-dvips-2.0.2-14.4.C30mdk.x86_64.rpm 7faa9bacbcebb61c8ceeff40ff9353e9 x86_64/corporate/3.0/RPMS/tetex-latex-2.0.2-14.4.C30mdk.x86_64.rpm 60b0c4f08c2a7019f67aee48d55b5686 x86_64/corporate/3.0/RPMS/tetex-mfwin-2.0.2-14.4.C30mdk.x86_64.rpm 88c06b65a46fe2fdaf1bd04d03226648 x86_64/corporate/3.0/RPMS/tetex-texi2html-2.0.2-14.4.C30mdk.x86_64.rpm 7204307595c55049e4e1c88c044b9555 x86_64/corporate/3.0/RPMS/tetex-xdvi-2.0.2-14.4.C30mdk.x86_64.rpm 39ba8a172542795047689f5266476ab1 x86_64/corporate/3.0/RPMS/xmltex-1.9-41.4.C30mdk.x86_64.rpm 79a310bfca0fd283f35cd7dae30b22f7 x86_64/corporate/3.0/SRPMS/tetex-2.0.2-14.4.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDxCQHmqjQ0CJFipgRAmtEAJ4gPI7lshEcpZbvAg0fOJJyVWP6NwCcCKO6 bwQoWgG8NUvYQ+NqH/JiabA= =jXRx -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities
for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvs3umqjQ0CJFipgRAsQWAKDhkKglUv6U7HiqveMCZl+UYqSnKQCfRF1P VZDGDCNSiLOLUNqpi69LYE8= =ZQ9V -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:009 - Updated apache2-mod_auth_pgsql packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:009 http://www.mandriva.com/security/ ___ Package : apache2-mod_auth_pgsql Date: January 6, 2006 Affected: 10.1, 10.2, 2006.0 ___ Problem Description: iDefense discovered several format string vulnerabilities in the way that mod_auth_pgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if mod_auth_pgsql is used for user authentication. The provided packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3656 ___ Updated Packages: Mandriva Linux 10.1: 5fd1e2329146f2c03845fe516acaa123 10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.i586.rpm c7cfefd7de46d13ee74f25e35f2fd76a 10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 631ed3b26fddd6f5198d4a33aa31326c x86_64/10.1/RPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.x86_64.rpm c7cfefd7de46d13ee74f25e35f2fd76a x86_64/10.1/SRPMS/apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm Mandriva Linux 10.2: 477fd516e48926f13a66cc0a92366598 10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.i586.rpm 12baf2fcd6739141f29c4f6000f83e28 10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 7d5ba837da8f1681587c431fe219f9fa x86_64/10.2/RPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.x86_64.rpm 12baf2fcd6739141f29c4f6000f83e28 x86_64/10.2/SRPMS/apache2-mod_auth_pgsql-2.0.53_2.0.2b1-6.1.102mdk.src.rpm Mandriva Linux 2006.0: abe116d3afce2e1dd6c29a4a922ecf0a 2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.i586.rpm c6755d865f6de4cf51a9f6918798aafc 2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: a8e95a35a1eda50cc392193496c15721 x86_64/2006.0/RPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.x86_64.rpm c6755d865f6de4cf51a9f6918798aafc x86_64/2006.0/SRPMS/apache-mod_auth_pgsql-2.0.54_2.0.2b1-3.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvvqymqjQ0CJFipgRAl5jAJwInb6yP+dO/9iXRdSeJxETV3Li+wCg7glF tYByE5LQ2FHucxwe8fXvt2A= =DB3Z -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:003 - Updated poppler packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:003 http://www.mandriva.com/security/ ___ Package : poppler Date: January 5, 2006 Affected: 2006.0 ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Poppler uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 ___ Updated Packages: Mandriva Linux 2006.0: eed45eed8ae99ca240c873c03a5cbf40 2006.0/RPMS/libpoppler0-0.4.1-3.1.20060mdk.i586.rpm 8af1cf9763672dd33d2211958a8171ba 2006.0/RPMS/libpoppler0-devel-0.4.1-3.1.20060mdk.i586.rpm 867596ef4e09751ed3d4e1e7a4e640da 2006.0/RPMS/libpoppler-qt0-0.4.1-3.1.20060mdk.i586.rpm fd4736b863ce01d20bd6d2ae1228417a 2006.0/RPMS/libpoppler-qt0-devel-0.4.1-3.1.20060mdk.i586.rpm c40f77c8b63d7af311801ab97ef8f72e 2006.0/SRPMS/poppler-0.4.1-3.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: d4dc20ee3d3cc10d39c3b9a05214ca7c x86_64/2006.0/RPMS/lib64poppler0-0.4.1-3.1.20060mdk.x86_64.rpm 0e577cbd784f733c54369cc153777978 x86_64/2006.0/RPMS/lib64poppler0-devel-0.4.1-3.1.20060mdk.x86_64.rpm 7145106c6988a8b99a0622265cc5b24a x86_64/2006.0/RPMS/lib64poppler-qt0-0.4.1-3.1.20060mdk.x86_64.rpm 913bb80df9cc19fe5948b23633915529 x86_64/2006.0/RPMS/lib64poppler-qt0-devel-0.4.1-3.1.20060mdk.x86_64.rpm c40f77c8b63d7af311801ab97ef8f72e x86_64/2006.0/SRPMS/poppler-0.4.1-3.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvaOlmqjQ0CJFipgRAsisAKC9t
[Full-disclosure] MDKSA-2006:004 - Updated pdftohtml packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:004 http://www.mandriva.com/security/ ___ Package : pdftohtml Date: January 5, 2006 Affected: 2006.0 ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) Pdftohtml uses an embedded copy of the xpdf code, with the same vulnerabilities. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 ___ Updated Packages: Mandriva Linux 2006.0: 1f14f1f733a877f14e5470107ce6eea0 2006.0/RPMS/pdftohtml-0.36-2.1.20060mdk.i586.rpm 535348b440e6a16b800b1fb00b4b8d3e 2006.0/SRPMS/pdftohtml-0.36-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 88b1b1351cda8999e1ae2b0b813798be x86_64/2006.0/RPMS/pdftohtml-0.36-2.1.20060mdk.x86_64.rpm 535348b440e6a16b800b1fb00b4b8d3e x86_64/2006.0/SRPMS/pdftohtml-0.36-2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvaOPmqjQ0CJFipgRAlpnAJ96FyZ3EYC8EuPuV4h3mW1zmcpHOgCgh/DQ t7TrTXVTCMkFNNncK74U8X0= =OJ5N -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:005 http://www.mandriva.com/security/ ___ Package : xpdf Date: January 5, 2006 Affected: 2006.0, Corporate 2.1, Corporate 3.0 ___ Problem Description: Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191) Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193) An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base: Out-of-bounds heap accesses with large or negative parameters to FlateDecode stream. (CVE-2005-3192) Out-of-bounds heap accesses with large or negative parameters to CCITTFaxDecode stream. (CVE-2005-3624) Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625) NULL pointer crash in the FlateDecode stream. (CVE-2005-3626) Overflows of compInfo array in DCTDecode stream. (CVE-2005-3627) Possible to use index past end of array in DCTDecode stream. (CVE-2005-3627) Possible out-of-bounds indexing trouble in DCTDecode stream. (CVE-2005-3627) The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 ___ Updated Packages: Mandriva Linux 2006.0: 9f0d2d83c61f4cab871138ac2866dd30 2006.0/RPMS/xpdf-3.01-1.1.20060mdk.i586.rpm 51daa161fb5581aba221d4be39c5acbc 2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c0eb562149fe7025798ce38ef361d9c7 x86_64/2006.0/RPMS/xpdf-3.01-1.1.20060mdk.x86_64.rpm 51daa161fb5581aba221d4be39c5acbc x86_64/2006.0/SRPMS/xpdf-3.01-1.1.20060mdk.src.rpm Corporate Server 2.1: d35b8a8e201185bff3b6acfa9c3b9186 corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.i586.rpm 1f5f85d3bc3577b1141d3ea54015b63a corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm Corporate Server 2.1/X86_64: f1a715d6a7fe797d09cde9dff6db4800 x86_64/corporate/2.1/RPMS/xpdf-1.01-4.10.C21mdk.x86_64.rpm 1f5f85d3bc3577b1141d3ea54015b63a x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.10.C21mdk.src.rpm Corporate 3.0: bfb96e34ea12293b22cd766b61da64fe corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.i586.rpm 1e4153bea0ed2092819aa88dbc67ade4 corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm Corporate 3.0/X86_64: 0eb5eba5d264041cd67931add3d6e841 x86_64/corporate/3.0/RPMS/xpdf-3.00-5.7.C30mdk.x86_64.rpm 1e4153bea0ed2092819aa88dbc67ade4 x86_64/corporate/3.0/SRPMS/xpdf-3.00-5.7.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security
[Full-disclosure] MDKSA-2006:007 - Updated apache2 packages fix vulnerabilities
-13.2.20060mdk.i586.rpm b5194b3fdc57e710f671695a003d7a86 2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.i586.rpm c15e6970096ec90359fb5f950838c361 2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.i586.rpm f55dcf60da3a4e0bc6a9c7c22f153e32 2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm 377a0a4c5813cca0cfd1ec6c1be57964 2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 19f2682c0c8ea82d5d053057ebbea331 x86_64/2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.x86_64.rpm 3b74fc5aef89568e65f512a52056d98c x86_64/2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.x86_64.rpm 0573fef90fc16c5507371b57b78b8163 x86_64/2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.x86_64.rpm 2322bbe1b74c5ff49d54cc68839e86ce x86_64/2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.x86_64.rpm e318276c19d2d08fafe6f838b459f214 x86_64/2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.x86_64.rpm 109e024c0fc738fd04336f9fe640a704 x86_64/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.x86_64.rpm bec4ad366bf9a556387f36bd4586ee1f x86_64/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.x86_64.rpm aa3de6fb4e051150b8c7afee465ac079 x86_64/2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.x86_64.rpm 7ee80c338ffee9b2e4bcf942a5b4684a x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.x86_64.rpm 65da37880faf3811a35ba596fab84245 x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.x86_64.rpm 17be071c0d39a17f0f6d4c9ddf051c42 x86_64/2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.x86_64.rpm b913963f3ffafce4ddf9d87187f5ccf8 x86_64/2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.x86_64.rpm faf591ab4124eedd3b7121595035087a x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.x86_64.rpm 533dff0067505fc71673a112719a3891 x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.x86_64.rpm 3ea58408fb222e88d7b819967ec5ecf7 x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.x86_64.rpm e2dbb1c9a18e5766a08adc3ddb4f1fb6 x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.x86_64.rpm aa027a7ca0870145495edc79c9e3f7cb x86_64/2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.x86_64.rpm f55dcf60da3a4e0bc6a9c7c22f153e32 x86_64/2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm 377a0a4c5813cca0cfd1ec6c1be57964 x86_64/2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDvaVJmqjQ0CJFipgRAumhAKDP71yr4yV2o8y7Kc28fAfQ7SgSPwCfZ0oH xg4Z4FlR5dChy37D4YzZA2Y= =GH6L -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:001 - Updated tkcvs packages fix insecure temporary file vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:001 http://www.mandriva.com/security/ ___ Package : tkcvs Date: January 3, 2006 Affected: 10.2, 2006.0 ___ Problem Description: Javier Fernandez-Sanguino Pena discovered that tkdiff created temporary files in an insecure manner. The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3343 ___ Updated Packages: Mandriva Linux 10.2: 1176ec289eb9c1db9e0880fecf798b92 10.2/RPMS/tkcvs-7.2.2-1.1.102mdk.noarch.rpm 1ff811e1e7c67367f1b00043f551ca70 10.2/SRPMS/tkcvs-7.2.2-1.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 42894ff4d158649ca7af3c1033129b2b x86_64/10.2/RPMS/tkcvs-7.2.2-1.1.102mdk.noarch.rpm 1ff811e1e7c67367f1b00043f551ca70 x86_64/10.2/SRPMS/tkcvs-7.2.2-1.1.102mdk.src.rpm Mandriva Linux 2006.0: 56564e6af74eab4267dbef2c10024978 2006.0/RPMS/tkcvs-7.2.2-1.1.20060mdk.noarch.rpm bb9113e83db02b3e0c39d3e6a5d072b9 2006.0/SRPMS/tkcvs-7.2.2-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c12cc3ee6e7fb618766533435a018f90 x86_64/2006.0/RPMS/tkcvs-7.2.2-1.1.20060mdk.noarch.rpm bb9113e83db02b3e0c39d3e6a5d072b9 x86_64/2006.0/SRPMS/tkcvs-7.2.2-1.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDuy9fmqjQ0CJFipgRApfPAJ9nHsV5LbVHza/LWtPO3VSi40h6wQCfRjjB ah3AeCsUHGpo4ZjSB3OgoWg= =mkPb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2006:002 - Updated ethereal packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:002 http://www.mandriva.com/security/ ___ Package : ethereal Date: January 3, 2006 Affected: 2006.0 ___ Problem Description: Three vulnerabilities were discovered in Ethereal 0.10.13: The IRC and GTP dissectors could go into an infinite loop. A buffer overflow was discovered by iDefense in the OSPF dissector. Ethereal has been upgraded to 0.10.14 which does not suffer from these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3651 http://www.ethereal.com/appnotes/enpa-sa-00022.html ___ Updated Packages: Mandriva Linux 2006.0: a055efb80c48c277b052ad733a7f8dc9 2006.0/RPMS/ethereal-0.10.14-0.1.20060mdk.i586.rpm acf8e4fc1f1c2d75002c8583474d4f01 2006.0/RPMS/ethereal-tools-0.10.14-0.1.20060mdk.i586.rpm 499b8112338d62b7b2db6ad3f0869109 2006.0/RPMS/libethereal0-0.10.14-0.1.20060mdk.i586.rpm 528f458848c122e2fd42fb3116643fea 2006.0/RPMS/tethereal-0.10.14-0.1.20060mdk.i586.rpm 44c4e7789d3e6b33ec5c4cf077557fc1 2006.0/SRPMS/ethereal-0.10.14-0.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 1a99f01c91cbf6dde19f41d1e3dd27eb x86_64/2006.0/RPMS/ethereal-0.10.14-0.1.20060mdk.x86_64.rpm f628d006ff03fbd21deb47b0387a3388 x86_64/2006.0/RPMS/ethereal-tools-0.10.14-0.1.20060mdk.x86_64.rpm 56cf815f56a5baa86820ed1d9e844066 x86_64/2006.0/RPMS/lib64ethereal0-0.10.14-0.1.20060mdk.x86_64.rpm 1528803d727413623fd5b3f40414f7e1 x86_64/2006.0/RPMS/tethereal-0.10.14-0.1.20060mdk.x86_64.rpm 44c4e7789d3e6b33ec5c4cf077557fc1 x86_64/2006.0/SRPMS/ethereal-0.10.14-0.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDuzhzmqjQ0CJFipgRAsK5AJ9i9DwYIEp47VGYK3PkxP5Brcnp3wCfSgL4 bKz0hFtRmtBUFCtXrR8LmHY= =Lpd+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:238 - Updated php/php-mbstring packages fix mail injection vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:238 http://www.mandriva.com/security/ ___ Package : php Date: December 27, 2005 Affected: 2006.0 ___ Problem Description: A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the To address argument, when using sendmail as the MTA (mail transfer agent). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using service httpd restart in order for the new packages to take effect. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3883 ___ Updated Packages: Mandriva Linux 2006.0: 56df29cd687ea6ebf1cc9a1ae63a57e5 2006.0/RPMS/libphp5_common5-5.0.4-9.2.20060mdk.i586.rpm a11b5e93d7abf400d2d93960ccca1c5d 2006.0/RPMS/php-cgi-5.0.4-9.2.20060mdk.i586.rpm fd780d49c9a03ec0f79c1bdc72e731bd 2006.0/RPMS/php-cli-5.0.4-9.2.20060mdk.i586.rpm ab02893570049594e59ada69226c4c40 2006.0/RPMS/php-devel-5.0.4-9.2.20060mdk.i586.rpm 2034f37afd79db0c9fe9a85638074741 2006.0/RPMS/php-fcgi-5.0.4-9.2.20060mdk.i586.rpm 3c670610b9b775c15b5ff8123053e3d6 2006.0/RPMS/php-mbstring-5.0.4-1.1.20060mdk.i586.rpm 49f649f8e0e6971c9dc57aed47283f33 2006.0/SRPMS/php-5.0.4-9.2.20060mdk.src.rpm 50ff56f7e81807f8b2509b32d0fa779a 2006.0/SRPMS/php-mbstring-5.0.4-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 97ea04332ebbfed112efeb254dc8ecab x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.2.20060mdk.x86_64.rpm 1ceddbff0b0304d86448c8654bed7693 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.2.20060mdk.x86_64.rpm 1782dbfc99e0d183a3bb46723a65f1e2 x86_64/2006.0/RPMS/php-cli-5.0.4-9.2.20060mdk.x86_64.rpm df10015113a4324d3cf8660723052df1 x86_64/2006.0/RPMS/php-devel-5.0.4-9.2.20060mdk.x86_64.rpm 72771069aaa978f51f0a037f348a2be1 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.2.20060mdk.x86_64.rpm 145928c34d497040282e6b05fcb53221 x86_64/2006.0/RPMS/php-mbstring-5.0.4-1.1.20060mdk.x86_64.rpm 49f649f8e0e6971c9dc57aed47283f33 x86_64/2006.0/SRPMS/php-5.0.4-9.2.20060mdk.src.rpm 50ff56f7e81807f8b2509b32d0fa779a x86_64/2006.0/SRPMS/php-mbstring-5.0.4-1.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDsYT/mqjQ0CJFipgRAvyYAJ45bD4urla+HGZRVUSgcCnFiIxggQCeOJHf A47hvb6w9oAx+bGup9p2iBU= =Igz1 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:236 - Updated fetchmail packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:236 http://www.mandriva.com/security/ ___ Package : fetchmail Date: December 23, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 3.0 ___ Problem Description: Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-4348 ___ Updated Packages: Mandriva Linux 10.1: 9c8726e3d841d87b9cc64a9ce3497021 10.1/RPMS/fetchmail-6.2.5-5.3.101mdk.i586.rpm 83258675518c03144515f89ae8c78be4 10.1/RPMS/fetchmailconf-6.2.5-5.3.101mdk.i586.rpm 321a0d1e90bbe0fdb128b96a42ff8e20 10.1/RPMS/fetchmail-daemon-6.2.5-5.3.101mdk.i586.rpm fbfde9ae3b5d9e343282d48b1f1053c8 10.1/SRPMS/fetchmail-6.2.5-5.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: ff6fb1245bcf6edf9247ad71669d4c46 x86_64/10.1/RPMS/fetchmail-6.2.5-5.3.101mdk.x86_64.rpm efb6b95e1ff2c7723460b9c1ac7e4200 x86_64/10.1/RPMS/fetchmailconf-6.2.5-5.3.101mdk.x86_64.rpm 31c794fae961246e263db99fca4308eb x86_64/10.1/RPMS/fetchmail-daemon-6.2.5-5.3.101mdk.x86_64.rpm fbfde9ae3b5d9e343282d48b1f1053c8 x86_64/10.1/SRPMS/fetchmail-6.2.5-5.3.101mdk.src.rpm Mandriva Linux 10.2: 49e0f1a245c001f08117e20542119796 10.2/RPMS/fetchmail-6.2.5-10.4.102mdk.i586.rpm c8d3515770d91ff96190e6e10c400169 10.2/RPMS/fetchmailconf-6.2.5-10.4.102mdk.i586.rpm 34feb39cc4766bdb9e15df201d085ed0 10.2/RPMS/fetchmail-daemon-6.2.5-10.4.102mdk.i586.rpm fbf579f130896de2c645a8460dd88862 10.2/SRPMS/fetchmail-6.2.5-10.4.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 489f797385cc55c378a3faf50faa898e x86_64/10.2/RPMS/fetchmail-6.2.5-10.4.102mdk.x86_64.rpm d6c123681c17748de5f17c2399fdb7c4 x86_64/10.2/RPMS/fetchmailconf-6.2.5-10.4.102mdk.x86_64.rpm 9e6b77b062ab162d4c215032dc7714f3 x86_64/10.2/RPMS/fetchmail-daemon-6.2.5-10.4.102mdk.x86_64.rpm fbf579f130896de2c645a8460dd88862 x86_64/10.2/SRPMS/fetchmail-6.2.5-10.4.102mdk.src.rpm Mandriva Linux 2006.0: e09c0856591976733a1bc8041e8eb93c 2006.0/RPMS/fetchmail-6.2.5-11.2.20060mdk.i586.rpm aba5a8c643b15149976c30ba6540 2006.0/RPMS/fetchmailconf-6.2.5-11.2.20060mdk.i586.rpm d683b66431939e6106b3fee6b8b500f5 2006.0/RPMS/fetchmail-daemon-6.2.5-11.2.20060mdk.i586.rpm bb8c5a81a1299a855594849851615d17 2006.0/SRPMS/fetchmail-6.2.5-11.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 2567bef9f4fc2b8d91fae1e5539d5920 x86_64/2006.0/RPMS/fetchmail-6.2.5-11.2.20060mdk.x86_64.rpm 33a88c8055504ab5c741be8c84ab1a81 x86_64/2006.0/RPMS/fetchmailconf-6.2.5-11.2.20060mdk.x86_64.rpm b2e430f97aed6f30e18144ee57b17b8f x86_64/2006.0/RPMS/fetchmail-daemon-6.2.5-11.2.20060mdk.x86_64.rpm bb8c5a81a1299a855594849851615d17 x86_64/2006.0/SRPMS/fetchmail-6.2.5-11.2.20060mdk.src.rpm Corporate 3.0: 51c54e861eec7692a76b3f5b91bab4b9 corporate/3.0/RPMS/fetchmail-6.2.5-3.3.C30mdk.i586.rpm 41c74970c74af1fce8eae213f60d108e corporate/3.0/RPMS/fetchmailconf-6.2.5-3.3.C30mdk.i586.rpm 53fe277159d6771d83d40c99c3418f51 corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.3.C30mdk.i586.rpm 477f8ec8d7ccaba94a529fd4ead38f11 corporate/3.0/SRPMS/fetchmail-6.2.5-3.3.C30mdk.src.rpm Corporate 3.0/X86_64: 7f806d8e2858a008799f0766503f0c7a x86_64/corporate/3.0/RPMS/fetchmail-6.2.5-3.3.C30mdk.x86_64.rpm cb3793ad31fb347d9daf894d7ec7d318 x86_64/corporate/3.0/RPMS/fetchmailconf-6.2.5-3.3.C30mdk.x86_64.rpm 8030300459d198b72b9e9a83909fc0fb x86_64/corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.3.C30mdk.x86_64.rpm 477f8ec8d7ccaba94a529fd4ead38f11 x86_64/corporate/3.0/SRPMS/fetchmail-6.2.5-3.3.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP
[Full-disclosure] MDKSA-2005:235 - Updated kernel packages fix numerous vulnerabilities
-1-1mdk.x86_64.rpm 0f57a42ee8ef90cf2f60c8f3cc011f26 x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-14mdk.x86_64.rpm 26a234853ea00c0e6f29526e023c26e4 x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-14mdk.x86_64.rpm 6bb497c8205003ffc8538e81cdc2e0f9 x86_64/2006.0/SRPMS/kernel-2.6.12.14mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDqbDLmqjQ0CJFipgRArpbAKDD9dJXm9FTggU6khmIxM31QsbkigCdEd6Y rYVPJj5H9ob4JzlvsWDsQgw= =W8YT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:234 - Updated sudo packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:234 http://www.mandriva.com/security/ ___ Package : sudo Date: December 20, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script. In addition, other environment variables have been included in the patch that remove similar environment variables that could be used in python and ruby, scripts, among others. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-4158 http://www.sudo.ws/sudo/alerts/perl_env.html ___ Updated Packages: Mandriva Linux 10.1: 2516e27be7da2de14cccef0a77adf35a 10.1/RPMS/sudo-1.6.8p1-1.4.101mdk.i586.rpm 3c6e47db109ab754ecfd50037a163fe4 10.1/SRPMS/sudo-1.6.8p1-1.4.101mdk.src.rpm Mandriva Linux 10.1/X86_64: ba79d9f091d06ce3654584e97d6ea695 x86_64/10.1/RPMS/sudo-1.6.8p1-1.4.101mdk.x86_64.rpm 3c6e47db109ab754ecfd50037a163fe4 x86_64/10.1/SRPMS/sudo-1.6.8p1-1.4.101mdk.src.rpm Mandriva Linux 10.2: 8481507149ed3e20e2cb1ee2ac1aac2d 10.2/RPMS/sudo-1.6.8p1-2.3.102mdk.i586.rpm 34401e963a063bd36d580b188fc7d5f4 10.2/SRPMS/sudo-1.6.8p1-2.3.102mdk.src.rpm Mandriva Linux 10.2/X86_64: d105ea0dcf161229cf18bd0b4ad49ae4 x86_64/10.2/RPMS/sudo-1.6.8p1-2.3.102mdk.x86_64.rpm 34401e963a063bd36d580b188fc7d5f4 x86_64/10.2/SRPMS/sudo-1.6.8p1-2.3.102mdk.src.rpm Mandriva Linux 2006.0: da9c44f3f29809e72f0b3eac2ad08237 2006.0/RPMS/sudo-1.6.8p8-2.2.20060mdk.i586.rpm 218a529af57212352cb76bb6dddff6f7 2006.0/SRPMS/sudo-1.6.8p8-2.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 497b26c02a39f889436af1233a3ccf17 x86_64/2006.0/RPMS/sudo-1.6.8p8-2.2.20060mdk.x86_64.rpm 218a529af57212352cb76bb6dddff6f7 x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.2.20060mdk.src.rpm Corporate Server 2.1: a2ff055e40e82badb298e5e43616fa7a corporate/2.1/RPMS/sudo-1.6.6-2.4.C21mdk.i586.rpm 757021ec14b8d6bbf5092a55717fed8e corporate/2.1/SRPMS/sudo-1.6.6-2.4.C21mdk.src.rpm Corporate Server 2.1/X86_64: d8726687c4576fa798d9689a7ca1783f x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.4.C21mdk.x86_64.rpm 757021ec14b8d6bbf5092a55717fed8e x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.4.C21mdk.src.rpm Corporate 3.0: 3f8e7d74cf2a9a1df4558aae11596186 corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.4.C30mdk.i586.rpm 9b06900a06ba7f5185c4d975d6cf5600 corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.4.C30mdk.src.rpm Corporate 3.0/X86_64: c5b266372ba22c8899e35051e844ddca x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.4.C30mdk.x86_64.rpm 9b06900a06ba7f5185c4d975d6cf5600 x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.4.C30mdk.src.rpm Multi Network Firewall 2.0: 13b9e27dd7f1811edce5bba617699ddc mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.4.M20mdk.i586.rpm 65e7086a169fbf3200220e347d6824aa mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.4.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDqDwCmqjQ0CJFipgRAn4HAKCdrQ1nbUpLDexupPOOnGlvmRUDbgCcCxu+ Naj1LKxE/BZ4ZbTw+9at6MA= =miLy -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:233 - Updated apache2 packages fix vulnerability in worker MPM
/2006.0/RPMS/apache-mod_ldap-2.0.54-13.1.20060mdk.x86_64.rpm 20103975292445f4ee9f5447541fa7d4 x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.1.20060mdk.x86_64.rpm 1f666354f9d874b86d2c221214acb456 x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.1.20060mdk.x86_64.rpm b14f7af9d81118e2b04d3ad7e02b28f9 x86_64/2006.0/RPMS/apache-modules-2.0.54-13.1.20060mdk.x86_64.rpm ff61d6d64a8b636df70484c157e25157 x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.1.20060mdk.x86_64.rpm 3f7eab0128ecf4b9f6235549435ee786 x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.1.20060mdk.x86_64.rpm bf107b37c81711c4b1d76d6fe3a33d4e x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.1.20060mdk.x86_64.rpm 907f4bacd887c4c7da3d61f8b0bd5307 x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.1.20060mdk.x86_64.rpm 0d1916804450c4d0e4bdfb72eaee2662 x86_64/2006.0/RPMS/apache-source-2.0.54-13.1.20060mdk.x86_64.rpm b74ea800182ad60fd8f8ae092d7b3964 x86_64/2006.0/SRPMS/apache-2.0.54-13.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDpwLdmqjQ0CJFipgRAsxnAJ4qCp5TBNacrH50QpnTt/keZvwfGwCg2zBV 22XEEzvKprGEQ7WdeMXEz5g= =3EBS -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:227 - Updated ethereal packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:227 http://www.mandriva.com/security/ ___ Package : ethereal Date: December 14, 2005 Affected: 2006.0 ___ Problem Description: A stack-based buffer overflow was discovered in the OSPF dissector in Ethereal. This could potentially be abused to allow remote attackers to execute arbitrary code via crafted packets. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3651 ___ Updated Packages: Mandriva Linux 2006.0: 027fdd01892a957cbd51e12bfb67c5f8 2006.0/RPMS/ethereal-0.10.13-0.5.20060mdk.i586.rpm 73193fe2d3878cecab885d8b6cd6a08a 2006.0/RPMS/ethereal-tools-0.10.13-0.5.20060mdk.i586.rpm 2ec34afc4cdbd31bfa68640f13ff806e 2006.0/RPMS/libethereal0-0.10.13-0.5.20060mdk.i586.rpm 5254cd0a674ed501d25ec42ee4191cf1 2006.0/RPMS/tethereal-0.10.13-0.5.20060mdk.i586.rpm a8c390894b8410e06b12d1f2049db2d6 2006.0/SRPMS/ethereal-0.10.13-0.5.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 09829fadefeb435e75aefa966b51cc56 x86_64/2006.0/RPMS/ethereal-0.10.13-0.5.20060mdk.x86_64.rpm 5c0e3a206220014841a540e149fe96e0 x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.5.20060mdk.x86_64.rpm 7ca64eb45c380c5eccec6d99e4ca9780 x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.5.20060mdk.x86_64.rpm 8510de1e6d3f38ed08d6f863d56c0ee9 x86_64/2006.0/RPMS/tethereal-0.10.13-0.5.20060mdk.x86_64.rpm a8c390894b8410e06b12d1f2049db2d6 x86_64/2006.0/SRPMS/ethereal-0.10.13-0.5.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoICmmqjQ0CJFipgRAoI7AJ9y6m4vBYBTxsqLPS/ieSeSEEr4YACgwMhN 9IHFyD0B6DyavCcao09sVsk= =AKMk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:228 - Updated xine-lib packages fix buffer overflow vulnerability
18132113599b1330359a045d11410d5d x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.7.C30mdk.x86_64.rpm 94beaa6edc2fd1be6badef18d818dc0c x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.7.C30mdk.x86_64.rpm cf0248a3252c55af1e15b01efae50298 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.7.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoIkfmqjQ0CJFipgRAsJPAJ90bC8k3OUmZ0/Ov+j4ART8b4W+9wCg6kdf HQwPF/7Y6E3vpgrdYViCUEk= =MIpp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:229 - Updated xmovie packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:229 http://www.mandriva.com/security/ ___ Package : xmovie Date: December 14, 2005 Affected: 2006.0, Corporate 3.0 ___ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the avcodec_default_get_buffer() function of utils.c in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 .png file containing a palette is read. Xmovie is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 ___ Updated Packages: Mandriva Linux 2006.0: b6b3622d949af833f6fbb5b89a32a10d 2006.0/RPMS/xmovie-1.9.13-2.2.20060mdk.i586.rpm 48f0b55b1d8547eb77d3f4cf9787544b 2006.0/SRPMS/xmovie-1.9.13-2.2.20060mdk.src.rpm Corporate 3.0: 3fae159ac8ab7aa190d341868009e3c6 corporate/3.0/RPMS/xmovie-1.9.11-1.2.C30mdk.i586.rpm 18674dd3aff5f923ac327bbf134aca8c corporate/3.0/SRPMS/xmovie-1.9.11-1.2.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoImJmqjQ0CJFipgRAjvUAKCnN0bVkbd9HsA8+KgveXVd9DVKdwCfa0Hm 7jgGjjBwWM6iVdgSewMJviw= =JTeK -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:232 - Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:232 http://www.mandriva.com/security/ ___ Package : gstreamer-ffmpeg Date: December 14, 2005 Affected: 2006.0 ___ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the avcodec_default_get_buffer() function of utils.c in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 .png file containing a palette is read. Gstreamer-ffmpeg is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 ___ Updated Packages: Mandriva Linux 2006.0: 1e7f7ad8be3efcc5152901d1de9050c7 2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.i586.rpm 2923eb22aafa7aedd073516e47a7d94f 2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 617b165113eb1af7e805d7c2423a771b x86_64/2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.x86_64.rpm 2923eb22aafa7aedd073516e47a7d94f x86_64/2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoI2UmqjQ0CJFipgRAj5nAJ9pHRQCF/d1c0LzB9fbYJjhN3+i/wCgnyv7 vBp5g+DjEjutOTklN3tvNLs= =xQN5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:230 http://www.mandriva.com/security/ ___ Package : mplayer Date: December 14, 2005 Affected: 2006.0, Corporate 3.0 ___ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the avcodec_default_get_buffer() function of utils.c in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 .png file containing a palette is read. Mplayer is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 ___ Updated Packages: Mandriva Linux 2006.0: 0ec3fbc7140878b8852bfe4523bc976f 2006.0/RPMS/libdha1.0-1.0-1.pre7.12.1.20060mdk.i586.rpm 4d06925f029d9cb90de021361ec1eb8a 2006.0/RPMS/libpostproc0-1.0-1.pre7.12.1.20060mdk.i586.rpm 480697743af240b95de26f3ee2ee27bb 2006.0/RPMS/libpostproc0-devel-1.0-1.pre7.12.1.20060mdk.i586.rpm bd5f41b990b0f44258e22574f7995267 2006.0/RPMS/mencoder-1.0-1.pre7.12.1.20060mdk.i586.rpm 2e03b0379a736eeda906f521f51a8aae 2006.0/RPMS/mplayer-1.0-1.pre7.12.1.20060mdk.i586.rpm a0b6a9272cb389107871176acd59374d 2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.1.20060mdk.i586.rpm 598d3194b03a2953478058300e9867be 2006.0/SRPMS/mplayer-1.0-1.pre7.12.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 5ec60b589f7b913e5da5b410d476df34 x86_64/2006.0/RPMS/lib64postproc0-1.0-1.pre7.12.1.20060mdk.x86_64.rpm f169744934c966e9d6f063bdaabe61df x86_64/2006.0/RPMS/lib64postproc0-devel-1.0-1.pre7.12.1.20060mdk.x86_64.rpm e5cd5361fbf279b75adeb038e45f30b3 x86_64/2006.0/RPMS/mencoder-1.0-1.pre7.12.1.20060mdk.x86_64.rpm d955698040d2ccc2999b847b5f2d675b x86_64/2006.0/RPMS/mplayer-1.0-1.pre7.12.1.20060mdk.x86_64.rpm 1f4bdb33c3e36ee18be2caaef670882d x86_64/2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.1.20060mdk.x86_64.rpm 598d3194b03a2953478058300e9867be x86_64/2006.0/SRPMS/mplayer-1.0-1.pre7.12.1.20060mdk.src.rpm Corporate 3.0: 573a0671a726dda3e54147a1c9ba29ed corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.5.C30mdk.i586.rpm aa92e33a95a2e1848b9204fdb7d7e802 corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.5.C30mdk.i586.rpm 52cbda2a1568908abb2b5dfe6e5df742 corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.5.C30mdk.i586.rpm 2d4eef182721451a986db84cd02bb98f corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.5.C30mdk.i586.rpm 74c84c00d4f23cd359b2b86ecd441a35 corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.5.C30mdk.i586.rpm 168340803feefa90fd44204f1a57832e corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.5.C30mdk.i586.rpm 37026a2af62ea105e5191ba63ae7abcc corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.5.C30mdk.src.rpm Corporate 3.0/X86_64: 8fbf576d3d232fcdc273ee79d1b8a411 x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.5.C30mdk.x86_64.rpm bfeeb43e38be402db9a15d09017c57fc x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.5.C30mdk.x86_64.rpm b261ec2a243b557b842372a8500e0102 x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 5ee546e66a0956b4cfcc8f7f76ac5c1b x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 5d079fccbb6aa538e2e462bf8195ccf1 x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.5.C30mdk.x86_64.rpm 37026a2af62ea105e5191ba63ae7abcc x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.5.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoItpmqjQ0CJFipgRAnHYAKD1C/yirdkJgmCCgzHQ3LuPbrCvCQCfdo04 B4ULYp42H7z3rnTp5a+UcVo= =fnux
[Full-disclosure] MDKSA-2005:226 - Updated mozilla-thunderbird package fix vulnerability in enigmail
automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDngX+mqjQ0CJFipgRAsFrAJ9o36+SsC3J4vHtqufdLRK+KhjrlwCdHFTP ltbOZEx/kIvw+O9sBteLQsM= =V712 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:206-1 - Updated openvpn packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:206-1 http://www.mandriva.com/security/ ___ Package : openvpn Date: December 9, 2005 Affected: 2006.0 ___ Problem Description: Two Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client (CVE-2005-3393). The second DoS can occur if when in TCP server mode, OpenVPN received an error on accept(2) and the resulting exception handler causes a segfault (CVE-2005-3409). The updated packages have been patched to correct these problems. Update: Packages are now available for Mandriva Linux 2006. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409 ___ Updated Packages: Mandriva Linux 2006.0: 7804df61685a36064119b813dca83172 2006.0/RPMS/openvpn-2.0.1-2.1.20060mdk.i586.rpm 2feb66835d37f31735746824027a2ef8 2006.0/SRPMS/openvpn-2.0.1-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 9d8cd19c6723507a275649c5d070970d x86_64/2006.0/RPMS/openvpn-2.0.1-2.1.20060mdk.x86_64.rpm 2feb66835d37f31735746824027a2ef8 x86_64/2006.0/SRPMS/openvpn-2.0.1-2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDmlRUmqjQ0CJFipgRAgkCAKCcMP95I+laAQsQu6Cx6tKpX0I2bACgqeMe YfJYw10qYpyzibW/Wrr/VZ4= =IgkA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:224 - Updated curl package fixes format string vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:224 http://www.mandriva.com/security/ ___ Package : curl Date: December 8, 2005 Affected: 10.1, 10.2, 2006.0 ___ Problem Description: Stefan Esser discovered that libcurl's URL parser function can have a malloced buffer overflows in two ways if given a too long URL. It cannot be triggered by a redirect, which makes remote exploitation unlikely, but can be passed directly to libcurl (allowing for local exploitation) and could also be used to break out of PHP's safe_mode/ open_basedir. This vulnerability only exists in libcurl and curl 7.11.2 up to and including 7.15.0, which means that Corporate Server 2.1 and Corporate 3.0 are not vulnerable. The updated packages have been patched to correct the problem. As well, updated php-curl packages are available that provide a new curl PHP module compiled against the fixed code. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077 http://www.dyadsecurity.com/perl-0002.html http://curl.haxx.se/docs/adv_20051207.html ___ Updated Packages: Mandriva Linux 10.1: e338c6fec40f0b5f7c47f01ecfc85fd8 10.1/RPMS/curl-7.12.1-1.3.101mdk.i586.rpm 2c6fc6d5cb9f62c0fd7d0890779167dd 10.1/RPMS/libcurl3-7.12.1-1.3.101mdk.i586.rpm 496b439769425c8a45a15195c9f1a339 10.1/RPMS/libcurl3-devel-7.12.1-1.3.101mdk.i586.rpm 59bc58c52d3c7034e31bf7a5d9e2f845 10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: ecd5b17dd584d8ba4c986437bde4f6fa x86_64/10.1/RPMS/curl-7.12.1-1.3.101mdk.x86_64.rpm d3bb7a56841873696ffd6add01cf8da3 x86_64/10.1/RPMS/lib64curl3-7.12.1-1.3.101mdk.x86_64.rpm f54e7f2fb8a4ad73787ce9af0e65ac41 x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.3.101mdk.x86_64.rpm 59bc58c52d3c7034e31bf7a5d9e2f845 x86_64/10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm Mandriva Linux 10.2: 287e79b91baa16afe1e57944bf8887a4 10.2/RPMS/curl-7.13.1-2.2.102mdk.i586.rpm 6012e004103928ffeb31f8017a08cce1 10.2/RPMS/libcurl3-7.13.1-2.2.102mdk.i586.rpm 60b5868305bda86a04ec63b349a1b45d 10.2/RPMS/libcurl3-devel-7.13.1-2.2.102mdk.i586.rpm f12a43929acf2432a413937b00751f26 10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 6620e61f2dfc0f6b9f8ddb4bb17a9dc8 x86_64/10.2/RPMS/curl-7.13.1-2.2.102mdk.x86_64.rpm bfe67e81d224684763cbbc673df15488 x86_64/10.2/RPMS/lib64curl3-7.13.1-2.2.102mdk.x86_64.rpm 4b601554dd99d63f94b3f35f0924034e x86_64/10.2/RPMS/lib64curl3-devel-7.13.1-2.2.102mdk.x86_64.rpm f12a43929acf2432a413937b00751f26 x86_64/10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm Mandriva Linux 2006.0: 78fe1cf7868e10c17a31adaa01718f1d 2006.0/RPMS/curl-7.14.0-2.2.20060mdk.i586.rpm d6cf997f844557f77ca5b720973f717d 2006.0/RPMS/libcurl3-7.14.0-2.2.20060mdk.i586.rpm 6959638e76f3f2d7c7c8774e4d891b5a 2006.0/RPMS/libcurl3-devel-7.14.0-2.2.20060mdk.i586.rpm 7502a4eb9fe19554714247e4a9a5f176 2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.i586.rpm c04932aea0dc51673585ed68119d518d 2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm 8a30951717cc93a371e07fb95264b007 2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 7401463c8a258183c1f3798b02f3d029 x86_64/2006.0/RPMS/curl-7.14.0-2.2.20060mdk.x86_64.rpm b5d47137d19d7e69a31a50cab4e520b7 x86_64/2006.0/RPMS/lib64curl3-7.14.0-2.2.20060mdk.x86_64.rpm 50ddb76a23cb766bcb99d0ad7ff18492 x86_64/2006.0/RPMS/lib64curl3-devel-7.14.0-2.2.20060mdk.x86_64.rpm a94e9b275b0a661940c4a15fbf63efb9 x86_64/2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.x86_64.rpm c04932aea0dc51673585ed68119d518d x86_64/2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm 8a30951717cc93a371e07fb95264b007 x86_64/2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux
[Full-disclosure] MDKSA-2005:225 - Updated perl package fixes format string vulnerability
/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.x86_64.rpm 1b6f22e9b27bf9dc6e029b129c64f17d x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm Corporate 3.0: 7b1917b673681d9de4e4737af0b121c8 corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.i586.rpm 2ddb28f87a9ab94bfda90fc476da3805 corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.i586.rpm c939615d266f5fa4ed1755ce31915dde corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.i586.rpm ca449fac6c286d5bbd0c3bd137316e98 corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.i586.rpm d3a7de2cfc352459b85cdc261b57d1e6 corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm Corporate 3.0/X86_64: 4578c3ad7a7c4fd87086ac571478ae1b x86_64/corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.x86_64.rpm bbe873bc27e07d05c7d4846edd34acec x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.x86_64.rpm 833889de8df484c212c69a1e658f5ffe x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.x86_64.rpm c9dbf8d3ca9715e33bbc664efc2dca24 x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.x86_64.rpm d3a7de2cfc352459b85cdc261b57d1e6 x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm Multi Network Firewall 2.0: 0f29d338645e61084cf87953c331c87e mnf/2.0/RPMS/perl-5.8.3-5.5.M20mdk.i586.rpm fee6e3863a13cd043b29ae0fcd053221 mnf/2.0/RPMS/perl-base-5.8.3-5.5.M20mdk.i586.rpm be47c56a9ae307c338031dcb5194e491 mnf/2.0/RPMS/perl-devel-5.8.3-5.5.M20mdk.i586.rpm d0c6075c99103eb8b3bea0a38d1c9cdf mnf/2.0/RPMS/perl-doc-5.8.3-5.5.M20mdk.i586.rpm 8ce4eff23c4dd50c5bbaef75b69c5482 mnf/2.0/SRPMS/perl-5.8.3-5.5.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDmHCHmqjQ0CJFipgRAqcOAJ9RYgrQInmj/Zb6GQJ3P/InER45AACdH0Hb 8JyIR1xCBe8esCPSpk2xsl4= =b5Xy -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:221 - Updated spamassassin packages fixes vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:221 http://www.mandriva.com/security/ ___ Package : spamassassin Date: December 2, 2005 Affected: 10.1, 10.2, 2006.0 ___ Problem Description: SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients (To addresses), which triggers a bus error in Perl. Updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351 ___ Updated Packages: Mandriva Linux 10.1: bef6bc710a84e631fdd4d4f94a86248c 10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.101mdk.i586.rpm 6c3246d2e9860379b267593fbdd2be74 10.1/RPMS/spamassassin-3.0.4-0.2.101mdk.i586.rpm 75171a7044be3d193e2f9979fd991e62 10.1/RPMS/spamassassin-spamc-3.0.4-0.2.101mdk.i586.rpm 20f74aae0c01c0819fc0d686a2967979 10.1/RPMS/spamassassin-spamd-3.0.4-0.2.101mdk.i586.rpm 095c5d7c16b74e4004bf731c427c9b0f 10.1/RPMS/spamassassin-tools-3.0.4-0.2.101mdk.i586.rpm c605bdcc9ac46522efaeca7e12c80949 10.1/SRPMS/spamassassin-3.0.4-0.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 18805a860661de486a7ae0a716823da2 x86_64/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.101mdk.x86_64.rpm 3fd255f3e04fc2b4380063a9b4ca7403 x86_64/10.1/RPMS/spamassassin-3.0.4-0.2.101mdk.x86_64.rpm 208127aaeb59bb39b9711b4e260fd47c x86_64/10.1/RPMS/spamassassin-spamc-3.0.4-0.2.101mdk.x86_64.rpm 21c05e1003d08a3a9b869971d713c6a7 x86_64/10.1/RPMS/spamassassin-spamd-3.0.4-0.2.101mdk.x86_64.rpm 086b1cb83ee2f4343116bbece2b37261 x86_64/10.1/RPMS/spamassassin-tools-3.0.4-0.2.101mdk.x86_64.rpm c605bdcc9ac46522efaeca7e12c80949 x86_64/10.1/SRPMS/spamassassin-3.0.4-0.2.101mdk.src.rpm Mandriva Linux 10.2: cc43a9f882ef5a1e20d587d961db8d1a 10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.102mdk.i586.rpm a42113eae2989be9d3af932338535c5d 10.2/RPMS/spamassassin-3.0.4-0.2.102mdk.i586.rpm f294a8ebb83ec6245ee4cb477f01510a 10.2/RPMS/spamassassin-spamc-3.0.4-0.2.102mdk.i586.rpm d017ebbbe4778c147dcc9903473aa092 10.2/RPMS/spamassassin-spamd-3.0.4-0.2.102mdk.i586.rpm bb699d1b5875a53b5daace54ef544d20 10.2/RPMS/spamassassin-tools-3.0.4-0.2.102mdk.i586.rpm eec76ea982c797aaa1b18f6b1c35471c 10.2/SRPMS/spamassassin-3.0.4-0.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: dccacca323368a74af5af12392e1486c x86_64/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.2.102mdk.x86_64.rpm d104a1c344b1616a881e29e8b4cb495c x86_64/10.2/RPMS/spamassassin-3.0.4-0.2.102mdk.x86_64.rpm 410ce462bf261c2e1c73cff6eefa4517 x86_64/10.2/RPMS/spamassassin-spamc-3.0.4-0.2.102mdk.x86_64.rpm b8c5daaf23e58bcf8d344178a6d28b72 x86_64/10.2/RPMS/spamassassin-spamd-3.0.4-0.2.102mdk.x86_64.rpm 04bf196106dfc274c726e9be8bf293ce x86_64/10.2/RPMS/spamassassin-tools-3.0.4-0.2.102mdk.x86_64.rpm eec76ea982c797aaa1b18f6b1c35471c x86_64/10.2/SRPMS/spamassassin-3.0.4-0.2.102mdk.src.rpm Mandriva Linux 2006.0: a4f918d6bf1ca8fedc56537d17a63269 2006.0/RPMS/perl-Mail-SpamAssassin-3.0.4-3.2.20060mdk.i586.rpm 51c25677480258fb2d314bafb0f9dfa8 2006.0/RPMS/spamassassin-3.0.4-3.2.20060mdk.i586.rpm b30bf3189682f28947ede6cc32c23cfe 2006.0/RPMS/spamassassin-spamc-3.0.4-3.2.20060mdk.i586.rpm af129cafa8c0afacf47848248e2a093f 2006.0/RPMS/spamassassin-spamd-3.0.4-3.2.20060mdk.i586.rpm e5c6baedbbb98c975cfdbcfbddf50940 2006.0/RPMS/spamassassin-tools-3.0.4-3.2.20060mdk.i586.rpm 4b6ae867e1bcfc10a29fc13b04d9a1a6 2006.0/SRPMS/spamassassin-3.0.4-3.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: d76d8b497ef31d06b89a3ff3a6c1fbd9 x86_64/2006.0/RPMS/perl-Mail-SpamAssassin-3.0.4-3.2.20060mdk.x86_64.rpm 29b0e1af99bc43c46c3d53b4c9e1ca1d x86_64/2006.0/RPMS/spamassassin-3.0.4-3.2.20060mdk.x86_64.rpm f8239556e3a60e290a51d70ccdc3fc48 x86_64/2006.0/RPMS/spamassassin-spamc-3.0.4-3.2.20060mdk.x86_64.rpm 0f2ac7444f0878e2c6d001d8c52a6bfd x86_64/2006.0/RPMS/spamassassin-spamd-3.0.4-3.2.20060mdk.x86_64.rpm d6770761031d62efcd536f0d087a0f40 x86_64/2006.0/RPMS/spamassassin-tools-3.0.4-3.2.20060mdk.x86_64.rpm 4b6ae867e1bcfc10a29fc13b04d9a1a6 x86_64/2006.0/SRPMS/spamassassin-3.0.4-3.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories
[Full-disclosure] MDKSA-2005:222 - Updated mailman packages fix various vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:222 http://www.mandriva.com/security/ ___ Package : mailman Date: December 2, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 3.0 ___ Problem Description: Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code. Updated packages are patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3573 ___ Updated Packages: Mandriva Linux 10.1: b62f2bdad4a9295bcedec597f5479843 10.1/RPMS/mailman-2.1.5-7.5.101mdk.i586.rpm 4ebd694b50ccbc9f2b602676840c4bc9 10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm Mandriva Linux 10.1/X86_64: a887edf3dd65a418c441fae7588f7e5e x86_64/10.1/RPMS/mailman-2.1.5-7.5.101mdk.x86_64.rpm 4ebd694b50ccbc9f2b602676840c4bc9 x86_64/10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm Mandriva Linux 10.2: 99e3dbde709dfa5eb7bd71041adf41be 10.2/RPMS/mailman-2.1.5-15.2.102mdk.i586.rpm c01867687ff9c78b4c1e2da9d70c4f11 10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: c66dd1916ba0d8ecf8796b1890a064fd x86_64/10.2/RPMS/mailman-2.1.5-15.2.102mdk.x86_64.rpm c01867687ff9c78b4c1e2da9d70c4f11 x86_64/10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm Mandriva Linux 2006.0: f917270b5334f62843bbdb4a06d12ae0 2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.i586.rpm 15bc0be9373657ac39a9e3956de90801 2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: e92b1dd1ae0bfe3bbc61ba5d6f3b52c3 x86_64/2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.x86_64.rpm 15bc0be9373657ac39a9e3956de90801 x86_64/2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm Corporate 3.0: 867bdc1fe018e94eb4d5352fc69747ae corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.i586.rpm 572477eb207dadbabc22b0e53b0c2b2b corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm Corporate 3.0/X86_64: 8a4cc67f45481e9d4b25c41e80f54809 x86_64/corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.x86_64.rpm 572477eb207dadbabc22b0e53b0c2b2b x86_64/corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDkKPamqjQ0CJFipgRAli4AKCLkrxtdpNyvYclD5KxuVVAZFAHCgCgw0NO Uq5wc0mG0ABsi0Kyn7l6xR0= =e/3r -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:223 - Updated webmin package fixes format string vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:223 http://www.mandriva.com/security/ ___ Package : webmin Date: December 2, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0 ___ Problem Description: Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3912 ___ Updated Packages: Mandriva Linux 10.1: 1c75e57f72de9b9eb187d18de15d9a0b 10.1/RPMS/webmin-1.150-3.2.101mdk.noarch.rpm fb3f30131577c5e7e799ee58264055aa 10.1/SRPMS/webmin-1.150-3.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 39782b6c2fe898596023ad384cd2d5ce x86_64/10.1/RPMS/webmin-1.150-3.2.101mdk.noarch.rpm fb3f30131577c5e7e799ee58264055aa x86_64/10.1/SRPMS/webmin-1.150-3.2.101mdk.src.rpm Mandriva Linux 10.2: 5ff784b1c60b7cc2fbc39487c22b6b78 10.2/RPMS/webmin-1.180-1.2.102mdk.noarch.rpm 060c31856652e82003997150f9403021 10.2/SRPMS/webmin-1.180-1.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: a268a1aa09cf68c7727aa7f0f479c8ac x86_64/10.2/RPMS/webmin-1.180-1.2.102mdk.noarch.rpm 060c31856652e82003997150f9403021 x86_64/10.2/SRPMS/webmin-1.180-1.2.102mdk.src.rpm Mandriva Linux 2006.0: 25b784d8c69c42f5f816272f47528156 2006.0/RPMS/webmin-1.220-9.2.20060mdk.noarch.rpm 64772a0268b55e2d2650f4c43f4fe0b2 2006.0/SRPMS/webmin-1.220-9.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: bab0f651f140671b4bb01f65b9799de9 x86_64/2006.0/RPMS/webmin-1.220-9.2.20060mdk.noarch.rpm 64772a0268b55e2d2650f4c43f4fe0b2 x86_64/2006.0/SRPMS/webmin-1.220-9.2.20060mdk.src.rpm Corporate Server 2.1: 303bd86b1156ea7ff6d08654fe824707 corporate/2.1/RPMS/webmin-0.990-6.6.C21mdk.noarch.rpm 0141850dc79c0ef041bd077264213dc9 corporate/2.1/SRPMS/webmin-0.990-6.6.C21mdk.src.rpm Corporate Server 2.1/X86_64: 8bb1b1dd0afea4178626fd6d8470b730 x86_64/corporate/2.1/RPMS/webmin-0.990-6.6.C21mdk.noarch.rpm 0141850dc79c0ef041bd077264213dc9 x86_64/corporate/2.1/SRPMS/webmin-0.990-6.6.C21mdk.src.rpm Corporate 3.0: 5826c5c5fea5793c594d4fa46cae6338 corporate/3.0/RPMS/webmin-1.121-4.5.C30mdk.noarch.rpm d38cdd7a15e0340ca4e5aa95e8a5b5ec corporate/3.0/SRPMS/webmin-1.121-4.5.C30mdk.src.rpm Corporate 3.0/X86_64: abd80f852fa1c5628da3613623a1f1c1 x86_64/corporate/3.0/RPMS/webmin-1.121-4.5.C30mdk.noarch.rpm d38cdd7a15e0340ca4e5aa95e8a5b5ec x86_64/corporate/3.0/SRPMS/webmin-1.121-4.5.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDkKSNmqjQ0CJFipgRAv02AJ9jK/zjwWYPUmxU+eLOPHfHcknTDgCg1wxA OjWMSwu8XOcyXiJlYfhP3eI= =fmDq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:217 - Updated netpbm packages fix pnmtopng vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:217 http://www.mandriva.com/security/ ___ Package : netpbm Date: November 30, 2005 Affected: 10.1, Corporate 2.1, Corporate 3.0 ___ Problem Description: Greg Roelofs discovered and fixed several buffer overflows in pnmtopng which is also included in netpbm, a collection of graphic conversion utilities, that can lead to the execution of arbitrary code via a specially crafted PNM file. Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. (CVE-2005-3632) An off-by-one buffer overflow in pnmtopng, when using the -alpha command line option, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors. (CVE-2005-3662) The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662 ___ Updated Packages: Mandriva Linux 10.1: 550eae5a55b39101687b7a0532219627 10.1/RPMS/libnetpbm9-9.24-8.2.101mdk.i586.rpm b3b2ea4437130703b68a5b3868eaec0b 10.1/RPMS/libnetpbm9-devel-9.24-8.2.101mdk.i586.rpm 653e84715019165ea620d64e5969714f 10.1/RPMS/libnetpbm9-static-devel-9.24-8.2.101mdk.i586.rpm ac1db50f9caf2731a0dbc63e55688ef9 10.1/RPMS/netpbm-9.24-8.2.101mdk.i586.rpm c0b1026156fd6376adba353b4f5d0528 10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: a4fb05222ac3917637ae6a0773f7cdc9 x86_64/10.1/RPMS/lib64netpbm9-9.24-8.2.101mdk.x86_64.rpm 32951fca67c13886bdb779de08f8edf3 x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.2.101mdk.x86_64.rpm dafac5b2622f774bc311ef6004e4fa3e x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.2.101mdk.x86_64.rpm 6984338299c35aca2489b8dae94e9e65 x86_64/10.1/RPMS/netpbm-9.24-8.2.101mdk.x86_64.rpm c0b1026156fd6376adba353b4f5d0528 x86_64/10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm Corporate Server 2.1: cfeeabb6edac6d7234f6e09beb19ff36 corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.i586.rpm 4b34fb42803f511646d0129d7fc7dd2f corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.i586.rpm 89b46b4d6a89797916ee54a48a38a732 corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.i586.rpm c4af1176267c16480c3d15f24dcb5db9 corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.i586.rpm 0bf9af1326905eb13fb3f4fb66424653 corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm Corporate Server 2.1/X86_64: 27b0f5ef22581bc5c5c23bf880302c58 x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.x86_64.rpm 1743d3247a1e3de046fbf31ce37e443d x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.x86_64.rpm 4e67e3d7940f30c3bc86cf5a2f215543 x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.x86_64.rpm 7ab637139c9b1977923cae04dd3cc9de x86_64/corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.x86_64.rpm 0bf9af1326905eb13fb3f4fb66424653 x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm Corporate 3.0: 784b993f4e0409fe5255c3228c72ea3b corporate/3.0/RPMS/libnetpbm9-9.24-8.3.C30mdk.i586.rpm 319272b7f74900cabd06c6fa5e0b52b2 corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.3.C30mdk.i586.rpm e6feb19b8b2c0ac6d522c1a73035811d corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.3.C30mdk.i586.rpm 42406aa8e04afd173d2194b50d11ca13 corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.i586.rpm 17a729bc07c296f77efb87301d122aa6 corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm Corporate 3.0/X86_64: d0f1d6da66166acfc0ce18dfd55548e1 x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.3.C30mdk.x86_64.rpm 9e5d975423d7d00a1cfc5b1ea87c07c4 x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.3.C30mdk.x86_64.rpm f3f7f6ec681c2edbf29e789e1f9e1887 x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.3.C30mdk.x86_64.rpm 5f27304b1b68639211c34e573c163b52 x86_64/corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.x86_64.rpm 17a729bc07c296f77efb87301d122aa6 x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http
[Full-disclosure] MDKSA-2005:219 - Updated kernel packages fix numerous vulnerabilities
automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDjffWmqjQ0CJFipgRAqT9AKCj6LQEho3qcisjiq7+8ongRHGzJACg5Cuy MD+4kCb7IPC636s6mwpEITY= =TuUh -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:220 - Updated kernel packages fix numerous vulnerabilities
user (CVE-2005-3271). The rose_rt_ioctl function rose_route.c in versions prior to 2.6.12 does not properly verify the ndigis argument for a new route, allowing an attacker to trigger array out-of-bounds errors with a large number of digipeats (CVE-2005-3273). A race condition in ip_vs_conn_flush in versions prior to 2.6.13, when running on SMP systems, allows local users to cause a DoS (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired (CVE-2005-3274). The NAT code in versions prior to 2.6.13 incorrectly declares a variable to be static, allowing remote attackers to cause a DoS (memory corruption) by causing two packets for the same protocol to be NATed at the same time (CVE-2005-3275). The sys_get_thread_area function in process.c in versions prior to 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which may allow a user process to obtain sensitive information (CVE-2005-3276). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276 ___ Updated Packages: Mandriva Linux 10.2: 2c46bb090164d04e6c45a0abef9d5756 10.2/RPMS/kernel-2.6.11.13mdk-1-1mdk.i586.rpm 1f527287a66e776825c6a665a9b62ccf 10.2/RPMS/kernel-i586-up-1GB-2.6.11.13mdk-1-1mdk.i586.rpm df151a56daf78664f6ac4dcf99ffbf4a 10.2/RPMS/kernel-i686-up-4GB-2.6.11.13mdk-1-1mdk.i586.rpm b531e97efe37e4cc41fba8fea177317b 10.2/RPMS/kernel-smp-2.6.11.13mdk-1-1mdk.i586.rpm 243fc4fbd27117ecf95a8c9d856a22cb 10.2/RPMS/kernel-source-2.6-2.6.11-13mdk.i586.rpm 841f4b9e8f333ae07af81fbb295e7b89 10.2/RPMS/kernel-source-stripped-2.6-2.6.11-13mdk.i586.rpm dafc4f7aa34f21434ce2d1ec76b8b80f 10.2/RPMS/kernel-xbox-2.6.11.13mdk-1-1mdk.i586.rpm 7369eb7eaf212a81d56f3d3df895f909 10.2/SRPMS/kernel-2.6.11.13mdk-1-1mdk.src.rpm Mandriva Linux 10.2/X86_64: d82156477b51547a270c7cda5a8ac5a1 x86_64/10.2/RPMS/kernel-2.6.11.13mdk-1-1mdk.x86_64.rpm f7e6d8f44813da237726c757cf4a4958 x86_64/10.2/RPMS/kernel-smp-2.6.11.13mdk-1-1mdk.x86_64.rpm b0b6f0422937ce40d421cf607dd5c57b x86_64/10.2/RPMS/kernel-source-2.6-2.6.11-13mdk.x86_64.rpm 42f78955e8bc151d36ae5bb3e1493c25 x86_64/10.2/RPMS/kernel-source-stripped-2.6-2.6.11-13mdk.x86_64.rpm 7369eb7eaf212a81d56f3d3df895f909 x86_64/10.2/SRPMS/kernel-2.6.11.13mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux
[Full-disclosure] MDKSA-2005:216 - Updated fuse packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:216 http://www.mandriva.com/security/ ___ Package : fuse Date: November 24, 2005 Affected: 2006.0 ___ Problem Description: Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set unauthorized mount options. This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux. The updated packages have been patched to address these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3531 ___ Updated Packages: Mandriva Linux 2006.0: a3ae4ac8ed8a96214bbe1801722fd68e 2006.0/RPMS/dkms-fuse-2.3.0-2.1.20060mdk.i586.rpm 7703d6d4e053663bfa3712a6302c07be 2006.0/RPMS/fuse-2.3.0-2.1.20060mdk.i586.rpm 4daead454fd46fb8ea95953d9a1d3b12 2006.0/RPMS/libfuse2-2.3.0-2.1.20060mdk.i586.rpm db457d4c29b4d8d19d34434086e12fc7 2006.0/RPMS/libfuse2-devel-2.3.0-2.1.20060mdk.i586.rpm 86880673c11a93aa8a9001d79416f962 2006.0/RPMS/libfuse2-static-devel-2.3.0-2.1.20060mdk.i586.rpm 88ec22000581f550f0f2c11f29e70b0c 2006.0/SRPMS/fuse-2.3.0-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c94bfcb85845fd023fd2edfe88af55a4 x86_64/2006.0/RPMS/dkms-fuse-2.3.0-2.1.20060mdk.x86_64.rpm bbbfc58364a1ceaeb363428e1cd9423c x86_64/2006.0/RPMS/fuse-2.3.0-2.1.20060mdk.x86_64.rpm 5b0cd9cef709bfcf624b35880c5fab46 x86_64/2006.0/RPMS/lib64fuse2-2.3.0-2.1.20060mdk.x86_64.rpm 80ba54b4cb2467f9d2045114fa859873 x86_64/2006.0/RPMS/lib64fuse2-devel-2.3.0-2.1.20060mdk.x86_64.rpm 8aa436b1cb28f893fd68ba2fa53ae76e x86_64/2006.0/RPMS/lib64fuse2-static-devel-2.3.0-2.1.20060mdk.x86_64.rpm 88ec22000581f550f0f2c11f29e70b0c x86_64/2006.0/SRPMS/fuse-2.3.0-2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDhgLfmqjQ0CJFipgRAgZMAKCoUKqr+XKmjG91tB9as/8jQjIO5wCg7pCN k7oCnFekKIWVLBUz0x1ff+Q= =X3aa -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:214 - Updated gdk-pixbuf/gtk+2.0 packages fix vulnerability
ee3c011a6dcf6c611190d5f303bc8383 x86_64/corporate/2.1/RPMS/libgdk-pixbuf-gnomecanvas1-0.18.0-3.3.C21mdk.x86_64.rpm 67c47c94032b71f70a5614fb5e8f13cf x86_64/corporate/2.1/RPMS/libgdk-pixbuf-xlib2-0.18.0-3.3.C21mdk.x86_64.rpm dfa50729815f5fd71d0c4bace65ff883 x86_64/corporate/2.1/RPMS/libgtk+2.0_0-2.0.6-8.3.C21mdk.x86_64.rpm 05899374ee9599ea2c3060c710be x86_64/corporate/2.1/RPMS/libgtk+2.0_0-devel-2.0.6-8.3.C21mdk.x86_64.rpm 84ea25e7270e21e6bf034ee99f607a6e x86_64/corporate/2.1/RPMS/libgtk+-linuxfb-2.0_0-2.0.6-8.3.C21mdk.x86_64.rpm 0a5501fcb376ae58a91f93603d43c854 x86_64/corporate/2.1/RPMS/libgtk+-linuxfb-2.0_0-devel-2.0.6-8.3.C21mdk.x86_64.rpm 8bfff43656ce1b877d6badd647e4228c x86_64/corporate/2.1/RPMS/libgtk+-x11-2.0_0-2.0.6-8.3.C21mdk.x86_64.rpm 02c5afddb719fb1bd96069da728dee51 x86_64/corporate/2.1/RPMS/libgtk+-x11-2.0_0-devel-2.0.6-8.3.C21mdk.x86_64.rpm 56d389005198b6d590e677c65ddf3fa8 x86_64/corporate/2.1/SRPMS/gdk-pixbuf-0.18.0-3.3.C21mdk.src.rpm c0d4bb29fe970d14be372829fa8bf2f2 x86_64/corporate/2.1/SRPMS/gtk+2.0-2.0.6-8.3.C21mdk.src.rpm Corporate 3.0: cab845d33e298257d8d28eae7832d052 corporate/3.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.5.C30mdk.i586.rpm 1fc6c73c26ec00dc3098d6453bd0ef19 corporate/3.0/RPMS/gtk+2.0-2.2.4-10.5.C30mdk.i586.rpm 4e79270734dfdfe712842181bb94c669 corporate/3.0/RPMS/libgdk_pixbuf2.0_0-2.2.4-10.5.C30mdk.i586.rpm 86de0add553195511d92aff267edeec6 corporate/3.0/RPMS/libgdk_pixbuf2.0_0-devel-2.2.4-10.5.C30mdk.i586.rpm 7055f2c41b4517335c2c4d466feef43b corporate/3.0/RPMS/libgdk-pixbuf2-0.22.0-2.5.C30mdk.i586.rpm f34e1a41a107ca6baaef8b215b861b04 corporate/3.0/RPMS/libgdk-pixbuf2-devel-0.22.0-2.5.C30mdk.i586.rpm 54ca34e11e6ec1ca18fda155d64b77ca corporate/3.0/RPMS/libgdk-pixbuf-gnomecanvas1-0.22.0-2.5.C30mdk.i586.rpm aa6f1f400222f145d8a2478e27bffc61 corporate/3.0/RPMS/libgdk-pixbuf-xlib2-0.22.0-2.5.C30mdk.i586.rpm eb8625a04376a66b8e915eb1cff0bfe6 corporate/3.0/RPMS/libgtk+2.0_0-2.2.4-10.5.C30mdk.i586.rpm 77a87c1fa116f932bed11f0359945c02 corporate/3.0/RPMS/libgtk+2.0_0-devel-2.2.4-10.5.C30mdk.i586.rpm fe25229ee99115542419081eef7c781a corporate/3.0/RPMS/libgtk+-linuxfb-2.0_0-2.2.4-10.5.C30mdk.i586.rpm 441034ec5acb5457ab9a0ea7056b5bad corporate/3.0/RPMS/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.5.C30mdk.i586.rpm 3e401b38c5f473cf141c5fc644061d17 corporate/3.0/RPMS/libgtk+-x11-2.0_0-2.2.4-10.5.C30mdk.i586.rpm 7c8aa1e0b50c0b4c810c009b55ae7199 corporate/3.0/SRPMS/gdk-pixbuf-0.22.0-2.5.C30mdk.src.rpm edec45f53f6c3ffee49e46734c4ef5a9 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.5.C30mdk.src.rpm Corporate 3.0/X86_64: 429118fdbb30b794e29afa5c464828cb x86_64/corporate/3.0/RPMS/gdk-pixbuf-loaders-0.22.0-2.5.C30mdk.x86_64.rpm 46893bdd78f1f384f3e8ef77b03adcfd x86_64/corporate/3.0/RPMS/gtk+2.0-2.2.4-10.5.C30mdk.x86_64.rpm 4f937b2cff87eca1a2f0ee6d40fcdef5 x86_64/corporate/3.0/RPMS/lib64gdk_pixbuf2.0_0-2.2.4-10.5.C30mdk.x86_64.rpm 7185bee3b5b248fd1fd5cf25498b01e6 x86_64/corporate/3.0/RPMS/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.5.C30mdk.x86_64.rpm 7f60d761a707c3b6a6bedf09818a4912 x86_64/corporate/3.0/RPMS/lib64gdk-pixbuf2-0.22.0-2.5.C30mdk.x86_64.rpm dedc5df1fc294bda996217a031d3f486 x86_64/corporate/3.0/RPMS/lib64gdk-pixbuf2-devel-0.22.0-2.5.C30mdk.x86_64.rpm f64a9f5316847db31649b860c1840f05 x86_64/corporate/3.0/RPMS/lib64gdk-pixbuf-gnomecanvas1-0.22.0-2.5.C30mdk.x86_64.rpm 01d40f81c3fcc91c82b6e19f4f7271d5 x86_64/corporate/3.0/RPMS/lib64gdk-pixbuf-xlib2-0.22.0-2.5.C30mdk.x86_64.rpm 9315a737c3b94b8564fbb03ef49a0e3e x86_64/corporate/3.0/RPMS/lib64gtk+2.0_0-2.2.4-10.5.C30mdk.x86_64.rpm b7e6e3abf4687f0aed310c573e37fa24 x86_64/corporate/3.0/RPMS/lib64gtk+2.0_0-devel-2.2.4-10.5.C30mdk.x86_64.rpm b6a0af06cb21b4f18d1e4045646d5399 x86_64/corporate/3.0/RPMS/lib64gtk+-linuxfb-2.0_0-2.2.4-10.5.C30mdk.x86_64.rpm 81ccb39f993742d2d97d00cdd74ba7c6 x86_64/corporate/3.0/RPMS/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.5.C30mdk.x86_64.rpm 3f4881400ba088628c2380037a88f463 x86_64/corporate/3.0/RPMS/lib64gtk+-x11-2.0_0-2.2.4-10.5.C30mdk.x86_64.rpm 7c8aa1e0b50c0b4c810c009b55ae7199 x86_64/corporate/3.0/SRPMS/gdk-pixbuf-0.22.0-2.5.C30mdk.src.rpm edec45f53f6c3ffee49e46734c4ef5a9 x86_64/corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.5.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID
[Full-disclosure] MDKSA-2005:212 - Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities
.C30mdk.noarch.rpm 84f495032f73864c1ca310a318837f31 corporate/3.0/RPMS/egroupware-projects-1.0-0.RC3.1.1.C30mdk.noarch.rpm 3db5f783dcda18436cbf518033f95be3 corporate/3.0/RPMS/egroupware-registration-1.0-0.RC3.1.1.C30mdk.noarch.rpm e8113156f031a132f175176465203169 corporate/3.0/RPMS/egroupware-sitemgr-1.0-0.RC3.1.1.C30mdk.noarch.rpm 29d48e4fe5c5d1b94e59e0cc204e0543 corporate/3.0/RPMS/egroupware-skel-1.0-0.RC3.1.1.C30mdk.noarch.rpm f6289361d472ea1ad5df3d7758f761be corporate/3.0/RPMS/egroupware-stocks-1.0-0.RC3.1.1.C30mdk.noarch.rpm 76a227fd0a41378068f50206988bede3 corporate/3.0/RPMS/egroupware-tts-1.0-0.RC3.1.1.C30mdk.noarch.rpm ec29184df68cc2b948acab7c5f8aeeb9 corporate/3.0/RPMS/egroupware-wiki-1.0-0.RC3.1.1.C30mdk.noarch.rpm 5384f10de57e45eeb12a9dd327ee9c10 corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 2f1b49e341d8edd6c1932003566ffc58 x86_64/corporate/3.0/RPMS/egroupware-1.0-0.RC3.1.1.C30mdk.noarch.rpm 6ccdd0eb824c3e33ec3d563faab7c3d0 x86_64/corporate/3.0/RPMS/egroupware-addressbook-1.0-0.RC3.1.1.C30mdk.noarch.rpm d174b44005b42690b63f579fc52f25a5 x86_64/corporate/3.0/RPMS/egroupware-backup-1.0-0.RC3.1.1.C30mdk.noarch.rpm 7a373d4cd1164b9d224d4994660261be x86_64/corporate/3.0/RPMS/egroupware-bookmarks-1.0-0.RC3.1.1.C30mdk.noarch.rpm c4c7ba83e63d4c020ab727489ca97cf1 x86_64/corporate/3.0/RPMS/egroupware-calendar-1.0-0.RC3.1.1.C30mdk.noarch.rpm 86c6438ad0ba2b49a6cf5ca620029061 x86_64/corporate/3.0/RPMS/egroupware-comic-1.0-0.RC3.1.1.C30mdk.noarch.rpm d89f1c956c5e2cc42814a20acb290687 x86_64/corporate/3.0/RPMS/egroupware-developer_tools-1.0-0.RC3.1.1.C30mdk.noarch.rpm adfbb36bfd59ce3a48dc56b921be2a54 x86_64/corporate/3.0/RPMS/egroupware-email-1.0-0.RC3.1.1.C30mdk.noarch.rpm bfa26dd679f2d5ad73aff923a49e x86_64/corporate/3.0/RPMS/egroupware-emailadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm 413c4f14dab1ec459582e550184642e3 x86_64/corporate/3.0/RPMS/egroupware-etemplate-1.0-0.RC3.1.1.C30mdk.noarch.rpm ef5067cae004fa45cd7bd7139120b889 x86_64/corporate/3.0/RPMS/egroupware-felamimail-1.0-0.RC3.1.1.C30mdk.noarch.rpm f3deac45103897da4f179340270e4aad x86_64/corporate/3.0/RPMS/egroupware-filemanager-1.0-0.RC3.1.1.C30mdk.noarch.rpm 8062cb13302d80aa6bd4e88f9d979b1c x86_64/corporate/3.0/RPMS/egroupware-forum-1.0-0.RC3.1.1.C30mdk.noarch.rpm f7937eb4df7f85c0fe8b379023f2c573 x86_64/corporate/3.0/RPMS/egroupware-ftp-1.0-0.RC3.1.1.C30mdk.noarch.rpm eb8bbcc4b483e98945ee601b15ec7f7d x86_64/corporate/3.0/RPMS/egroupware-fudforum-1.0-0.RC3.1.1.C30mdk.noarch.rpm db6def23bc1ff1b53dcadd2ffdd6a3d0 x86_64/corporate/3.0/RPMS/egroupware-headlines-1.0-0.RC3.1.1.C30mdk.noarch.rpm 1e6cc7a656c68a1ca62e31c12e893a3f x86_64/corporate/3.0/RPMS/egroupware-infolog-1.0-0.RC3.1.1.C30mdk.noarch.rpm 71c547730fcc2bc147443bfedee83d67 x86_64/corporate/3.0/RPMS/egroupware-jinn-1.0-0.RC3.1.1.C30mdk.noarch.rpm c5bec11237069f31df19356273a04630 x86_64/corporate/3.0/RPMS/egroupware-messenger-1.0-0.RC3.1.1.C30mdk.noarch.rpm 447920d7c091917ddf6594748e259d61 x86_64/corporate/3.0/RPMS/egroupware-news_admin-1.0-0.RC3.1.1.C30mdk.noarch.rpm 42c4c60a10da6684116fd3b02015786f x86_64/corporate/3.0/RPMS/egroupware-phpbrain-1.0-0.RC3.1.1.C30mdk.noarch.rpm cc3d269b9c4e0a9c0ba653d43f5e7b07 x86_64/corporate/3.0/RPMS/egroupware-phpldapadmin-1.0-0.RC3.1.1.C30mdk.noarch.rpm 234151d4addd9cc8d1ec9c8d3de20c19 x86_64/corporate/3.0/RPMS/egroupware-phpsysinfo-1.0-0.RC3.1.1.C30mdk.noarch.rpm 2d1ee394139ac708596205c94e6c7787 x86_64/corporate/3.0/RPMS/egroupware-polls-1.0-0.RC3.1.1.C30mdk.noarch.rpm 46ad113c5567a0eb11c5714b0d40d4af x86_64/corporate/3.0/RPMS/egroupware-projects-1.0-0.RC3.1.1.C30mdk.noarch.rpm 7eb518461ed5e14e30050a0029deff78 x86_64/corporate/3.0/RPMS/egroupware-registration-1.0-0.RC3.1.1.C30mdk.noarch.rpm 064cada6a43dca2b008667279fa49b77 x86_64/corporate/3.0/RPMS/egroupware-sitemgr-1.0-0.RC3.1.1.C30mdk.noarch.rpm 0b7e02fb4f16805917ab5bb38e413f46 x86_64/corporate/3.0/RPMS/egroupware-skel-1.0-0.RC3.1.1.C30mdk.noarch.rpm e31a1d779b94b6f8948fd62bf234 x86_64/corporate/3.0/RPMS/egroupware-stocks-1.0-0.RC3.1.1.C30mdk.noarch.rpm bbbfa22769e23adb399ed087872cee89 x86_64/corporate/3.0/RPMS/egroupware-tts-1.0-0.RC3.1.1.C30mdk.noarch.rpm 98edc1ce7c21635f606c714d97c78501 x86_64/corporate/3.0/RPMS/egroupware-wiki-1.0-0.RC3.1.1.C30mdk.noarch.rpm 5384f10de57e45eeb12a9dd327ee9c10 x86_64/corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories
[Full-disclosure] MDKSA-2005:213 - Updated php packages fix multiple vulnerabilities
-5.0.4-9.1.20060mdk.i586.rpm 950c43ac1569610fa31b15803fc50d40 2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.i586.rpm 1a19b2cc5607bf65c3fe7a339f97ce72 2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.i586.rpm e8d70f64d363821fe29e7cf39e93cd71 2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.i586.rpm fe70481a5316019e303e45e5f0e59adb 2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.i586.rpm 9c6a477d87cebf040cee39b75423c040 2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm f2b058c92a3c2107f97a4b07d34dc1c8 2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 044e1542f327cf7552fa4d4124843f1f x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.1.20060mdk.x86_64.rpm 60f4edc9196ea58d9614c3f2ed66a9f6 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.x86_64.rpm 9f6c1eb1a1da44518993957d13eb10bf x86_64/2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.x86_64.rpm 3c5d616931098f198eeb0f41011144aa x86_64/2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.x86_64.rpm d16ba71605fc37881443605025534440 x86_64/2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.x86_64.rpm 0f10f24c8b43317904a79ac66f0405de x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.x86_64.rpm 9c6a477d87cebf040cee39b75423c040 x86_64/2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm f2b058c92a3c2107f97a4b07d34dc1c8 x86_64/2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm Corporate Server 2.1: 18b1c4dab517ae624ee96b7558112d84 corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.i586.rpm 25e79b0cbb0b1ed8c0915db93efe7863 corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.i586.rpm c818089e5fe42953da5ca48855c52a39 corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.i586.rpm aaafac3f547795f1e4ab50094fb05bb8 corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.i586.rpm 590fd7d0a4340ac62e443a1c1543fe60 corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm Corporate Server 2.1/X86_64: d3ad20980ced61773e64fc0cd347dbc0 x86_64/corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.x86_64.rpm 74dc4c2cd5a48ebc77d081ae64fe38cd x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.x86_64.rpm 5acad2f71a4e4728a986f08a7966846a x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.x86_64.rpm 39856102ebde84daad4d917cfa94b067 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.x86_64.rpm 590fd7d0a4340ac62e443a1c1543fe60 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm Corporate 3.0: c2b5c67cd95e5ea7725a98c516b9742f corporate/3.0/RPMS/libphp_common432-4.3.4-4.8.C30mdk.i586.rpm a8eef95a35ce6916836ee78d1d473939 corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.i586.rpm 6c00ce7c4952e9cfcbc654a594d94b18 corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.i586.rpm fad4d2d37aeae89eb52ab10a35b8b3b4 corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.i586.rpm 97ed320ad4011d18f69f8f957295a7d7 corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm Corporate 3.0/X86_64: db82bf6b28383e687974a6e3ea8ef632 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.8.C30mdk.x86_64.rpm 740b5d6160992055e5e84dc03480cf45 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.x86_64.rpm 6e2fd52cca98a8b208acaec013cb7630 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.x86_64.rpm 679c794a8904940946d8cb52e529413a x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.x86_64.rpm 97ed320ad4011d18f69f8f957295a7d7 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm Multi Network Firewall 2.0: 82bae104a4800c62bf0a007d5af84941 mnf/2.0/RPMS/libphp_common432-4.3.4-4.8.M20mdk.i586.rpm b64e2f00d014aa894d94271351b1cef0 mnf/2.0/RPMS/php432-devel-4.3.4-4.8.M20mdk.i586.rpm c306907caa4c66c77653a2f264fdcdbe mnf/2.0/RPMS/php-cgi-4.3.4-4.8.M20mdk.i586.rpm 46b577275216cfc259a6caba5d4b82f3 mnf/2.0/RPMS/php-cli-4.3.4-4.8.M20mdk.i586.rpm c528b16fd83ddd8732609863ffe0a16a mnf/2.0/SRPMS/php-4.3.4-4.8.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDe9IImqjQ0CJFipgRAm1aAJ4lHTfZ0FX+0LkLxE2UZ+3U90NQlgCfW8XP GDuewXy9EIzNQOsJzWNByRY= =UcRs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:211 - Updated lynx packages fix critical vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:211 http://www.mandriva.com/security/ ___ Package : lynx Date: November 12, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: An arbitrary command execution vulnerability was discovered in the lynx lynxcgi: URI handler. An attacker could create a web page that redirects to a malicious URL which could then execute arbitrary code as the user running lynx. The updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2929 ___ Updated Packages: Mandriva Linux 10.1: d159808dc386722d03f80c9e92ec3892 10.1/RPMS/lynx-2.8.5-1.3.101mdk.i586.rpm 8a2235e8844d26d93d68fe8450c173d0 10.1/SRPMS/lynx-2.8.5-1.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 0ffac10c91727b3c3a9b7988ad254b0c x86_64/10.1/RPMS/lynx-2.8.5-1.3.101mdk.x86_64.rpm 8a2235e8844d26d93d68fe8450c173d0 x86_64/10.1/SRPMS/lynx-2.8.5-1.3.101mdk.src.rpm Mandriva Linux 10.2: e4776978467d47534e400d3a26b674d6 10.2/RPMS/lynx-2.8.5-1.3.102mdk.i586.rpm e45d2ae283fa9646076a9d5d9f80938e 10.2/SRPMS/lynx-2.8.5-1.3.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 6ac64a06ce7637ea87040a0631e64ad0 x86_64/10.2/RPMS/lynx-2.8.5-1.3.102mdk.x86_64.rpm e45d2ae283fa9646076a9d5d9f80938e x86_64/10.2/SRPMS/lynx-2.8.5-1.3.102mdk.src.rpm Mandriva Linux 2006.0: 360fdf310e0d9263d3d60b4d9e4190fa 2006.0/RPMS/lynx-2.8.5-4.3.20060mdk.i586.rpm 909b67078592125b37a070d0895fb9ac 2006.0/SRPMS/lynx-2.8.5-4.3.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 5148d3c09eb8b23f4e4c0f7856f4c141 x86_64/2006.0/RPMS/lynx-2.8.5-4.3.20060mdk.x86_64.rpm 909b67078592125b37a070d0895fb9ac x86_64/2006.0/SRPMS/lynx-2.8.5-4.3.20060mdk.src.rpm Corporate Server 2.1: 5722c024a1d5642cbfd93e91a5a11e81 corporate/2.1/RPMS/lynx-2.8.5-0.10.4.C21mdk.dev.8.i586.rpm 7794c13cd786fd5bea163b3128d41253 corporate/2.1/SRPMS/lynx-2.8.5-0.10.4.C21mdk.dev.8.src.rpm Corporate Server 2.1/X86_64: df29c26d3532351e2ba0e23785f6bcd5 x86_64/corporate/2.1/RPMS/lynx-2.8.5-0.10.4.C21mdk.dev.8.x86_64.rpm 7794c13cd786fd5bea163b3128d41253 x86_64/corporate/2.1/SRPMS/lynx-2.8.5-0.10.4.C21mdk.dev.8.src.rpm Corporate 3.0: fcc6ced2d05c127980f5c47ed8b68230 corporate/3.0/RPMS/lynx-2.8.5-1.3.C30mdk.i586.rpm 10408828ef7ed0efc5fe17e641c14556 corporate/3.0/SRPMS/lynx-2.8.5-1.3.C30mdk.src.rpm Corporate 3.0/X86_64: cb70e5d88517bf59cc46ee47de6a6a7e x86_64/corporate/3.0/RPMS/lynx-2.8.5-1.3.C30mdk.x86_64.rpm 10408828ef7ed0efc5fe17e641c14556 x86_64/corporate/3.0/SRPMS/lynx-2.8.5-1.3.C30mdk.src.rpm Multi Network Firewall 2.0: 2b08be7e48f71825de929c00cf7eedc4 mnf/2.0/RPMS/lynx-2.8.5-1.3.M20mdk.i586.rpm 033fa133cbe350604917b941b9ae9716 mnf/2.0/SRPMS/lynx-2.8.5-1.3.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDdj1bmqjQ0CJFipgRAveqAJ99RsrLgL3F0fFiwGLxuPiOsvF7EwCg8vMe mJijApWC1x00fztj0/9gG0A= =RW3o -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:207 - Updated libungif packages fix various vulnerabilities
: 100e1f0098e403f373246b40ad30a26c corporate/3.0/RPMS/libungif4-4.1.0-23.1.C30mdk.i586.rpm 9395faa12299d659e1c21f0710e68d0d corporate/3.0/RPMS/libungif4-devel-4.1.0-23.1.C30mdk.i586.rpm 710f25082b1534ecaed8cd93e925b1ce corporate/3.0/RPMS/libungif4-static-devel-4.1.0-23.1.C30mdk.i586.rpm f1457fe0f7af89d2c4b91b7234264106 corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm Corporate 3.0/X86_64: 4c2dcc592be1b52254a942cfa0771cf9 x86_64/corporate/3.0/RPMS/lib64ungif4-4.1.0-23.1.C30mdk.x86_64.rpm fb7420250a7444c44da3f142a2ffe206 x86_64/corporate/3.0/RPMS/lib64ungif4-devel-4.1.0-23.1.C30mdk.x86_64.rpm b876da48e6fa314cd5f735619d5325ef x86_64/corporate/3.0/RPMS/lib64ungif4-static-devel-4.1.0-23.1.C30mdk.x86_64.rpm f1457fe0f7af89d2c4b91b7234264106 x86_64/corporate/3.0/SRPMS/libungif-4.1.0-23.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcnHamqjQ0CJFipgRAjz+AJ0fjnANDCTPTdvfQWok+vQpdTkpcQCeN4fk nIl7CpNguWyFcs8x8vqGGJA= =0sZZ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:208 - Updated emacs packages fix Lisp vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:208 http://www.mandriva.com/security/ ___ Package : emacs Date: November 9, 2005 Affected: Corporate 2.1 ___ Problem Description: Emacs 21.2 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user- complicit attackers to execute arbitrary commands, as demonstrated using the mode-name variable. The packages have been updated to version 21.3 to correct the problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1232 ___ Updated Packages: Corporate Server 2.1: 48dc24e034b8091dcf425692e3063313 corporate/2.1/RPMS/emacs-21.3-1.1.C21mdk.i586.rpm 2719f8131f4d22cb331e1d9139a5469a corporate/2.1/RPMS/emacs-el-21.3-1.1.C21mdk.i586.rpm 72083c11973082f333e77ab8517ef39d corporate/2.1/RPMS/emacs-leim-21.3-1.1.C21mdk.i586.rpm c08f09ad0fc94583508edd3ba2706743 corporate/2.1/RPMS/emacs-nox-21.3-1.1.C21mdk.i586.rpm 6e6c749452b93361b17270ec94a55f4a corporate/2.1/RPMS/emacs-X11-21.3-1.1.C21mdk.i586.rpm 6a8ed9e75840c8af8c5e498daaa04167 corporate/2.1/SRPMS/emacs-21.3-1.1.C21mdk.src.rpm Corporate Server 2.1/X86_64: 63f47c94136bff5fd82f4486dbef173d x86_64/corporate/2.1/RPMS/emacs-21.3-1.1.C21mdk.x86_64.rpm ea4d960602af4c4f1e7a3899aacbfc38 x86_64/corporate/2.1/RPMS/emacs-el-21.3-1.1.C21mdk.x86_64.rpm 9406e42241f55358662ca7c11afbfbe5 x86_64/corporate/2.1/RPMS/emacs-leim-21.3-1.1.C21mdk.x86_64.rpm 37436bb462c3680e88faf06a8fb71dd7 x86_64/corporate/2.1/RPMS/emacs-nox-21.3-1.1.C21mdk.x86_64.rpm 963f81f300e17c4b72999e146be5f772 x86_64/corporate/2.1/RPMS/emacs-X11-21.3-1.1.C21mdk.x86_64.rpm 6a8ed9e75840c8af8c5e498daaa04167 x86_64/corporate/2.1/SRPMS/emacs-21.3-1.1.C21mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcnJvmqjQ0CJFipgRAluEAJ9L1DMaYAPBpjahC49cWqS1eapENQCePSJo 15EH7mwQZZDnCwfXGIyb/T8= =KrT/ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:209 - Updated fetchmail packages fixes fetchmailconf vulnerability
/3.0/RPMS/fetchmail-daemon-6.2.5-3.2.C30mdk.i586.rpm b54d99d537e7317aa590e6aae57df78b corporate/3.0/SRPMS/fetchmail-6.2.5-3.2.C30mdk.src.rpm Corporate 3.0/X86_64: d4d0d8a6995d5d209a508984b3b0d7d8 x86_64/corporate/3.0/RPMS/fetchmail-6.2.5-3.2.C30mdk.x86_64.rpm 6bf1d33980eb83ec0434a9fbdae1014f x86_64/corporate/3.0/RPMS/fetchmailconf-6.2.5-3.2.C30mdk.x86_64.rpm 62db83cb99470473cf1718fc38aaedc6 x86_64/corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.2.C30mdk.x86_64.rpm b54d99d537e7317aa590e6aae57df78b x86_64/corporate/3.0/SRPMS/fetchmail-6.2.5-3.2.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcnQPmqjQ0CJFipgRAk6dAJ9GH/E98V/wHxCv2SufVnNDGJhHMQCfUpeJ douSyj4gSpEu6e2KCnT8tHk= =Gpyr -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:210 - Updated w3c-libwww packages fixes DoS vulnerability.
-devel-5.4.0-2.1.C30mdk.x86_64.rpm fbcc5c240ba9a1393630d104348b8f0d x86_64/corporate/3.0/SRPMS/w3c-libwww-5.4.0-2.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcnlMmqjQ0CJFipgRAjGwAJ40Z6rAFU0GwRsqzj7lgZX6B531gwCeItNf f2A0d4XLb7CxvwcEU2x/BVs= =81Jq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:206 - Updated openvpn packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:206 http://www.mandriva.com/security/ ___ Package : openvpn Date: November 8, 2005 Affected: Multi Network Firewall 2.0 ___ Problem Description: Two Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client (CVE-2005-3393). The second DoS can occur if when in TCP server mode, OpenVPN received an error on accept(2) and the resulting exception handler causes a segfault (CVE-2005-3409). The updated packages have been patched to correct these problems. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409 ___ Updated Packages: Multi Network Firewall 2.0: 6d05d03341ef7c99bd0c044ac14383c7 mnf/2.0/RPMS/openvpn-2.0.1-0.2.M20mdk.i586.rpm 8882e7500e1fb8a255f5f50885042608 mnf/2.0/SRPMS/openvpn-2.0.1-0.2.M20mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcSaomqjQ0CJFipgRAqpcAKCm5jQa0I3yoYNq2KF/IfE0ygaTdwCgrYlc CH/Ar8bO2UfJ3ciAqdY9jz0= =IPL2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:205 - Updated clamav packages fix multiple vulnerabilities _______________________________________________________________________ Mandriva Linux Security Advisory
/corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.x86_64.rpm 48c8a2961fa704d6953ea5889f105921 x86_64/corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.x86_64.rpm da4c207e3c56196d847570bb29e1832b x86_64/corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.x86_64.rpm b75e29b3640c7751dd33deb67738d111 x86_64/corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.x86_64.rpm a792a67e4ee111a62bfbadc509c3a9e4 x86_64/corporate/3.0/RPMS/lib64clamav1-0.87.1-0.1.C30mdk.x86_64.rpm 8d332c974aa7c208de3c1eb506f57f46 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.87.1-0.1.C30mdk.x86_64.rpm 0645c9be8c4e7d4b1ec8afea8f19d394 x86_64/corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:205 - Updated clamav packages fix multiple vulnerabilities
0c9f263914cda45b4ca018f11f955707 x86_64/2006.0/RPMS/clamav-db-0.87.1-0.1.20060mdk.x86_64.rpm 1df55cff65a82a0cf8f2aae8382f0887 x86_64/2006.0/RPMS/clamav-milter-0.87.1-0.1.20060mdk.x86_64.rpm 17355b44d623045954ef63674a1fc0c4 x86_64/2006.0/RPMS/clamd-0.87.1-0.1.20060mdk.x86_64.rpm e8540c821cf357e1fe11658479a6f987 x86_64/2006.0/RPMS/lib64clamav1-0.87.1-0.1.20060mdk.x86_64.rpm af0724e8ae0a0fe5da725a5ea715a590 x86_64/2006.0/RPMS/lib64clamav1-devel-0.87.1-0.1.20060mdk.x86_64.rpm 6df60c1704c68f55c4340ef390031a45 x86_64/2006.0/SRPMS/clamav-0.87.1-0.1.20060mdk.src.rpm Corporate 3.0: 050c7d954ed3989ad4147a88249badeb corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.i586.rpm a0d523b33847321b3d4e2bcb4871b1c7 corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.i586.rpm 8aaa9765087b3aa3278f5a46d78e corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.i586.rpm 58c653b2328ee65d7cdf1965db708e07 corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.i586.rpm ab6e8b876b55c02e6eba1c81b64992d8 corporate/3.0/RPMS/libclamav1-0.87.1-0.1.C30mdk.i586.rpm 096b42b70415f52cbce650b0a89760aa corporate/3.0/RPMS/libclamav1-devel-0.87.1-0.1.C30mdk.i586.rpm 0645c9be8c4e7d4b1ec8afea8f19d394 corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 5d6e4bf645c047e7336b2a6d9bbf400a x86_64/corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.x86_64.rpm 48c8a2961fa704d6953ea5889f105921 x86_64/corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.x86_64.rpm da4c207e3c56196d847570bb29e1832b x86_64/corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.x86_64.rpm b75e29b3640c7751dd33deb67738d111 x86_64/corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.x86_64.rpm a792a67e4ee111a62bfbadc509c3a9e4 x86_64/corporate/3.0/RPMS/lib64clamav1-0.87.1-0.1.C30mdk.x86_64.rpm 8d332c974aa7c208de3c1eb506f57f46 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.87.1-0.1.C30mdk.x86_64.rpm 0645c9be8c4e7d4b1ec8afea8f19d394 x86_64/corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDb/avmqjQ0CJFipgRAhxaAKCljzEjvPifL9QES8uwp30UfHUQ0gCdH0nW v7gLyAOESkJBj2VLYmfFMIw= =Smy7 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:205 - Updated clamav packages fix multiple vulnerabilities
0c9f263914cda45b4ca018f11f955707 x86_64/2006.0/RPMS/clamav-db-0.87.1-0.1.20060mdk.x86_64.rpm 1df55cff65a82a0cf8f2aae8382f0887 x86_64/2006.0/RPMS/clamav-milter-0.87.1-0.1.20060mdk.x86_64.rpm 17355b44d623045954ef63674a1fc0c4 x86_64/2006.0/RPMS/clamd-0.87.1-0.1.20060mdk.x86_64.rpm e8540c821cf357e1fe11658479a6f987 x86_64/2006.0/RPMS/lib64clamav1-0.87.1-0.1.20060mdk.x86_64.rpm af0724e8ae0a0fe5da725a5ea715a590 x86_64/2006.0/RPMS/lib64clamav1-devel-0.87.1-0.1.20060mdk.x86_64.rpm 6df60c1704c68f55c4340ef390031a45 x86_64/2006.0/SRPMS/clamav-0.87.1-0.1.20060mdk.src.rpm Corporate 3.0: 050c7d954ed3989ad4147a88249badeb corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.i586.rpm a0d523b33847321b3d4e2bcb4871b1c7 corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.i586.rpm 8aaa9765087b3aa3278f5a46d78e corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.i586.rpm 58c653b2328ee65d7cdf1965db708e07 corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.i586.rpm ab6e8b876b55c02e6eba1c81b64992d8 corporate/3.0/RPMS/libclamav1-0.87.1-0.1.C30mdk.i586.rpm 096b42b70415f52cbce650b0a89760aa corporate/3.0/RPMS/libclamav1-devel-0.87.1-0.1.C30mdk.i586.rpm 0645c9be8c4e7d4b1ec8afea8f19d394 corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 5d6e4bf645c047e7336b2a6d9bbf400a x86_64/corporate/3.0/RPMS/clamav-0.87.1-0.1.C30mdk.x86_64.rpm 48c8a2961fa704d6953ea5889f105921 x86_64/corporate/3.0/RPMS/clamav-db-0.87.1-0.1.C30mdk.x86_64.rpm da4c207e3c56196d847570bb29e1832b x86_64/corporate/3.0/RPMS/clamav-milter-0.87.1-0.1.C30mdk.x86_64.rpm b75e29b3640c7751dd33deb67738d111 x86_64/corporate/3.0/RPMS/clamd-0.87.1-0.1.C30mdk.x86_64.rpm a792a67e4ee111a62bfbadc509c3a9e4 x86_64/corporate/3.0/RPMS/lib64clamav1-0.87.1-0.1.C30mdk.x86_64.rpm 8d332c974aa7c208de3c1eb506f57f46 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.87.1-0.1.C30mdk.x86_64.rpm 0645c9be8c4e7d4b1ec8afea8f19d394 x86_64/corporate/3.0/SRPMS/clamav-0.87.1-0.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcAT3mqjQ0CJFipgRAplUAKCNvAK7Trfe2mZby9jaFEWq++lhiQCfQuIC wjwjiR2pWaK3u0ZMlBavfU0= =9y1I -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:202 - Updated squirrelmail packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:202 http://www.mandriva.com/security/ ___ Package : squirrelmail Date: November 1, 2005 Affected: Corporate 3.0 ___ Problem Description: A vulnerability in the way that SquirrelMail handled the $_POST variables was discovered. If a user was tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. This vulnerability is corrected in SquirrelMail 1.4.5 and the updated packages provide the latest stable version. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095 ___ Updated Packages: Corporate 3.0: 81cf3711a3faf9a95c69a8ece4962801 corporate/3.0/RPMS/squirrelmail-1.4.5-1.1.C30mdk.noarch.rpm 20eb541402352ed58b6d9e0ffd051168 corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.1.C30mdk.noarch.rpm c03a4c37539bd9e5aee916946c196366 corporate/3.0/SRPMS/squirrelmail-1.4.5-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 81cf3711a3faf9a95c69a8ece4962801 x86_64/corporate/3.0/RPMS/squirrelmail-1.4.5-1.1.C30mdk.noarch.rpm 20eb541402352ed58b6d9e0ffd051168 x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.1.C30mdk.noarch.rpm c03a4c37539bd9e5aee916946c196366 x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.5-1.1.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZ/g4mqjQ0CJFipgRAng8AJ9Td4JffO2QkmAn6ezcgnc9WiVZ4wCg3j+x hCmXWaPsbKoPp8dPD45Aujw= =ST/9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:203 - Updated gda2.0 packages fix string format vulnerability
-2.2.20060mdk.i586.rpm dd0126df1e10c2f127ebecc5e0a1c26c 2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.i586.rpm 47e6a607eaa3738b4d07adb619232eb1 2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.i586.rpm 4d1f9d08c55ed0a195ca001996f239e3 2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.i586.rpm e9dc80d837f6932969c3601f03707c59 2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.i586.rpm 0ec62e103852325ee70769fe2eadb6c4 2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.i586.rpm a5d3d090e83d080ebf6a1c210aa113f1 2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.i586.rpm a4a8ae72f7cd866183c2e8a4a2e16bd3 2006.0/RPMS/libgda2.0_3-1.2.2-2.2.20060mdk.i586.rpm 2b4c20ea0a38bf22c5aa31da3cd8884f 2006.0/RPMS/libgda2.0_3-devel-1.2.2-2.2.20060mdk.i586.rpm 16c1de82d2b1996adeb4577b1ff9cdcd 2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 36a04443e670524ae0c4d93bf0752e9f x86_64/2006.0/RPMS/gda2.0-1.2.2-2.2.20060mdk.x86_64.rpm d2fecb3c702f5c764c6a67c85e36e448 x86_64/2006.0/RPMS/gda2.0-bdb-1.2.2-2.2.20060mdk.x86_64.rpm 44171de894c358c5bd3d4301b488170e x86_64/2006.0/RPMS/gda2.0-ldap-1.2.2-2.2.20060mdk.x86_64.rpm 863aacd7318479757dc2d2e1ed238418 x86_64/2006.0/RPMS/gda2.0-mysql-1.2.2-2.2.20060mdk.x86_64.rpm a82c2fceef36372b1fc17086b6237293 x86_64/2006.0/RPMS/gda2.0-odbc-1.2.2-2.2.20060mdk.x86_64.rpm 067f1f9a633b3e2dbe8ca08591d48642 x86_64/2006.0/RPMS/gda2.0-postgres-1.2.2-2.2.20060mdk.x86_64.rpm 4b257c7716b6eefcfb0fec95732975a0 x86_64/2006.0/RPMS/gda2.0-sqlite-1.2.2-2.2.20060mdk.x86_64.rpm 9fef9fad9b8d98708c30c87b4bfdbece x86_64/2006.0/RPMS/gda2.0-xbase-1.2.2-2.2.20060mdk.x86_64.rpm 84787803035a7d1ee2bb7b12775ea9f0 x86_64/2006.0/RPMS/lib64gda2.0_3-1.2.2-2.2.20060mdk.x86_64.rpm 3037e49d4a6f17e6b752fcff37f05986 x86_64/2006.0/RPMS/lib64gda2.0_3-devel-1.2.2-2.2.20060mdk.x86_64.rpm 16c1de82d2b1996adeb4577b1ff9cdcd x86_64/2006.0/SRPMS/gda2.0-1.2.2-2.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZ/iMmqjQ0CJFipgRAsECAJ9a/c0Go4Yy9/+4hY/DWo72IrpRSgCgnX3g zDqRFrxHNRzw/J1onPK4fc0= =NhHM -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:204 - Updated wget packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:204 http://www.mandriva.com/security/ ___ Package : wget Date: November 1, 2005 Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: Hugo Vazquez Carames discovered a race condition when writing output files in wget. After wget determined the output file name, but before the file was actually opened, a local attacker with write permissions to the download directory could create a symbolic link with the name of the output file. This could be exploited to overwrite arbitrary files with the permissions of the user invoking wget. The time window of opportunity for the attacker is determined solely by the delay of the first received data packet. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2014 ___ Updated Packages: Mandriva Linux 10.1: 28b67f788c7ed5f28ca7e752b15a9eb8 10.1/RPMS/wget-1.9.1-4.3.101mdk.i586.rpm b0b856e5eeb63f608476877942f6a216 10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: d2fc09595e4bf4267c7cc7d9d5def8ee x86_64/10.1/RPMS/wget-1.9.1-4.3.101mdk.x86_64.rpm b0b856e5eeb63f608476877942f6a216 x86_64/10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm Corporate 3.0: 91f8d363d41afb43943f3f5569e2e83c corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.i586.rpm 8ce78a19c89331fdb7527e6a4674376c corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm Corporate 3.0/X86_64: e3796c54a067d9ef54d08f779fe3ec9d x86_64/corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.x86_64.rpm 8ce78a19c89331fdb7527e6a4674376c x86_64/corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm Multi Network Firewall 2.0: f834aa6b814014c20b6d97fd7a893ea6 mnf/2.0/RPMS/wget-1.9.1-4.3.M20mdk.i586.rpm 00f1b8920df39e3f4fc35eea07879168 mnf/2.0/SRPMS/wget-1.9.1-4.3.M20mdk.src.rpm Mandriva Linux 10.2: 36dfb01a50fcdec20d379001f2054ba4 10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm 82584cb410bcb5104f44d3429675e7e5 10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 36dfb01a50fcdec20d379001f2054ba4 x86_64/10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm 82584cb410bcb5104f44d3429675e7e5 x86_64/10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZ/jemqjQ0CJFipgRAjGJAKDtkgHO1ZWuWus4X5CPffEGbA0FxgCcDaXT yJo8rb9mFDl/0yBiIKUdigo= =y4/v -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:193-2 - Updated ethereal packages fix multiple vulnerabilities
___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZuoymqjQ0CJFipgRAsqOAJ41sPsWmCS/JKBzkv+b542BEtWYOwCdH5iE GE4y/fRelVL1m45Z70hkWIg= =xpyU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:200 - Updated apache-mod_auth_shadow packages fix security restriction bypass issues.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:200 http://www.mandriva.com/security/ ___ Package : apache-mod_auth_shadow Date: October 27, 2005 Affected: 10.1, 10.2, 2006.0 ___ Problem Description: The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions. This update requires an explicit AuthShadow on statement if website authentication should be checked against /etc/shadow. The updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2963 ___ Updated Packages: Mandriva Linux 10.1: 528cdab76158def18a53ce798f06efbf 10.1/RPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.i586.rpm 670e7f53e4d7ec420cc0ce529a11a423 10.1/SRPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 43f45a988397a72e7a00485055f00ca1 x86_64/10.1/RPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.x86_64.rpm 670e7f53e4d7ec420cc0ce529a11a423 x86_64/10.1/SRPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.src.rpm Mandriva Linux 10.2: aa10a068cf7bc453cd8935b48afed141 10.2/RPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.i586.rpm c7d15fcb80581c1169366d6ae56f9a1c 10.2/SRPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: caa1cb7195baf33a5ea8e07f31a84825 x86_64/10.2/RPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.x86_64.rpm c7d15fcb80581c1169366d6ae56f9a1c x86_64/10.2/SRPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.src.rpm Mandriva Linux 2006.0: e720a14ca9e445ae9aca32a8bd077f59 2006.0/RPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.i586.rpm 29be94c1a29d1c1400d84781fe25fd2d 2006.0/SRPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 19778e61e14975aa3f749068d985cf34 x86_64/2006.0/RPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.x86_64.rpm 29be94c1a29d1c1400d84781fe25fd2d x86_64/2006.0/SRPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDYSF4mqjQ0CJFipgRApMhAJwOhHZTL6cM5QtWXwPx7b2UUm+QOwCfTUNS vCWmnkfd7AbnuJXCDlTZMVk= =791Z -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:201 - Updated sudo packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:201 http://www.mandriva.com/security/ ___ Package : sudo Date: October 27, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2959 ___ Updated Packages: Corporate Server 2.1: f7a973c064788876a3927e23698165e7 corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.i586.rpm 9d41a3e0d779287d5d6defe3effeadb6 corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm Corporate Server 2.1/X86_64: 11dee7cd0ef65739fbcb74eb4435abb7 x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.x86_64.rpm 9d41a3e0d779287d5d6defe3effeadb6 x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm Mandriva Linux 10.1: 3ac90a3cd189ea0326d927370fdb250e 10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.i586.rpm d0f1e39453c3efa42829959452b10f85 10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: e4522d2cc1241b549143cdfd384b1e84 x86_64/10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.x86_64.rpm d0f1e39453c3efa42829959452b10f85 x86_64/10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm Corporate 3.0: 7f961e981298b0e17db2206b0c173c94 corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.i586.rpm 541ec48ae7f199c9e02209552541c93a corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm Corporate 3.0/X86_64: 0baca1e5dd528d9a0746812c3f70b6aa x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.x86_64.rpm 541ec48ae7f199c9e02209552541c93a x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm Multi Network Firewall 2.0: 73f5119120b2f173d2a5b529bc4b94b1 mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.3.M20mdk.i586.rpm 6711bd6886115f5e5ec429eb739af719 mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.3.M20mdk.src.rpm Mandriva Linux 10.2: d1145addcb3d305aa1149baaad74bee4 10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.i586.rpm 7cfd46cb455cc00b091849726d4763f5 10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 9d59bab72f413dd21013add16252a48a x86_64/10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.x86_64.rpm 7cfd46cb455cc00b091849726d4763f5 x86_64/10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm Mandriva Linux 2006.0: bf2035af2ac556c3bcb013e80c4fbbd9 2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.i586.rpm 4c708ebf20c38db338e909e6e461888f 2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 569e58db33c0a58b0548e3ea699e86fa x86_64/2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.x86_64.rpm 4c708ebf20c38db338e909e6e461888f x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDYSHOmqjQ0CJFipgRAhsFAKCvJg0ITGiwt0O/0MIrgel7XzsnWwCfWI6V Gg3ko/2ajzrqIcE0Dz+QL0s= =weOX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:186-1 - Updated lynx packages fix remote buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:186-1 http://www.mandriva.com/security/ ___ Package : lynx Date: October 26, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: Ulf Harnhammar discovered a remote buffer overflow in lynx versions 2.8.2 through 2.8.5. When Lynx connects to an NNTP server to fetch information about the available articles in a newsgroup, it will call a function called HTrjis() with the information from certain article headers. The function adds missing ESC characters to certain data, to support Asian character sets. However, it does not check if it writes outside of the char array buf, and that causes a remote stack-based buffer overflow, with full control over EIP, EBX, EBP, ESI and EDI. Two attack vectors to make a victim visit a URL to a dangerous news server are: (a) *redirecting scripts*, where the victim visits some web page and it redirects automatically to a malicious URL, and (b) *links in web pages*, where the victim visits some web page and selects a link on the page to a malicious URL. Attack vector (b) is helped by the fact that Lynx does not automatically display where links lead to, unlike many graphical web browsers. The updated packages have been patched to address this issue. Update: The previous patchset had a bug in the patches themselves, which was uncovered by Klaus Singvogel of Novell/SUSE in auditing crashes on some architectures. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3120 ___ Updated Packages: Corporate Server 2.1: 8f85c354b06417711e13abe45dcbf0d8 corporate/2.1/RPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.i586.rpm 74becbc3b1be96908c069180e36ff3b2 corporate/2.1/SRPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.src.rpm Corporate Server 2.1/X86_64: 0a4e7145d0920dde82734f8036c50baa x86_64/corporate/2.1/RPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.x86_64.rpm 74becbc3b1be96908c069180e36ff3b2 x86_64/corporate/2.1/SRPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.src.rpm Mandriva Linux 10.1: 80e0addf6efd297866bba33f4b8070b6 10.1/RPMS/lynx-2.8.5-1.2.101mdk.i586.rpm 13e5e506a05b448426d639d5e88a8896 10.1/SRPMS/lynx-2.8.5-1.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: db1f977046a8e8abd7d45d7345fde701 x86_64/10.1/RPMS/lynx-2.8.5-1.2.101mdk.x86_64.rpm 13e5e506a05b448426d639d5e88a8896 x86_64/10.1/SRPMS/lynx-2.8.5-1.2.101mdk.src.rpm Corporate 3.0: a8ab3968700c864e01df9c74ccb017ca corporate/3.0/RPMS/lynx-2.8.5-1.2.C30mdk.i586.rpm 221f02f4e097a52c261bb6b3bfc2bbab corporate/3.0/SRPMS/lynx-2.8.5-1.2.C30mdk.src.rpm Corporate 3.0/X86_64: af94e8d31c6a756137dd04351ad61f08 x86_64/corporate/3.0/RPMS/lynx-2.8.5-1.2.C30mdk.x86_64.rpm 221f02f4e097a52c261bb6b3bfc2bbab x86_64/corporate/3.0/SRPMS/lynx-2.8.5-1.2.C30mdk.src.rpm Multi Network Firewall 2.0: 6f0684f762fa2ac999d7ef2517525152 mnf/2.0/RPMS/lynx-2.8.5-1.2.M20mdk.i586.rpm 13cad2c8ec6a61159e5b580758dad58b mnf/2.0/SRPMS/lynx-2.8.5-1.2.M20mdk.src.rpm Mandriva Linux 10.2: d8007bd3e271f0f602babf443d9d2304 10.2/RPMS/lynx-2.8.5-1.2.102mdk.i586.rpm 60109bc6dc9630175c87dd66c23a8e05 10.2/SRPMS/lynx-2.8.5-1.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 9ceb656aac6be9eb6af021a2bfd661a6 x86_64/10.2/RPMS/lynx-2.8.5-1.2.102mdk.x86_64.rpm 60109bc6dc9630175c87dd66c23a8e05 x86_64/10.2/SRPMS/lynx-2.8.5-1.2.102mdk.src.rpm Mandriva Linux 2006.0: f7887db43f04613eef47a56fd175a1cb 2006.0/RPMS/lynx-2.8.5-4.2.20060mdk.i586.rpm b121d10b5f27c29b8096c64c6c4416bb 2006.0/SRPMS/lynx-2.8.5-4.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 55cbe960a042601656919aa944602de2 x86_64/2006.0/RPMS/lynx-2.8.5-4.2.20060mdk.x86_64.rpm b121d10b5f27c29b8096c64c6c4416bb x86_64/2006.0/SRPMS/lynx-2.8.5-4.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
[Full-disclosure] MDKSA-2005:193-1 - Updated ethereal packages fix multiple vulnerabilities
public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDX/V7mqjQ0CJFipgRAgJzAKCS/Qu4ySCH+ysIjUWnVwldSLMcPQCfSe9j cLKewlLPlR86eNfiWtUkavg= =Ofo7 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:194 - Updated php-imap packages fix buffer overflow vulnerabilities.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:194 http://www.mandriva.com/security/ ___ Package : php-imap Date: October 26, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0 ___ Problem Description: infamous41md discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code. php-imap is compiled against the static c-client libs from imap. These packages have been recompiled against the updated imap development packages. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933 ___ Updated Packages: Corporate Server 2.1: 9be9a883ded639585446c6d5de663421 corporate/2.1/RPMS/php-imap-4.2.3-1.1.C21mdk.i586.rpm 4ac16712b0354cd3a3a900a531d18f75 corporate/2.1/SRPMS/php-imap-4.2.3-1.1.C21mdk.src.rpm Corporate Server 2.1/X86_64: 03a4ef56e03fc2ca25a3234af2f3da17 x86_64/corporate/2.1/RPMS/php-imap-4.2.3-1.1.C21mdk.x86_64.rpm 4ac16712b0354cd3a3a900a531d18f75 x86_64/corporate/2.1/SRPMS/php-imap-4.2.3-1.1.C21mdk.src.rpm Mandriva Linux 10.1: 959a1497572aa4f2871b6d2650795883 10.1/RPMS/php-imap-4.3.8-1.1.101mdk.i586.rpm b41e8d05335694fa522c403c96ca3987 10.1/SRPMS/php-imap-4.3.8-1.1.101mdk.src.rpm Mandriva Linux 10.1/X86_64: ebe83f9574925da13ddd1f4b75688fa8 x86_64/10.1/RPMS/php-imap-4.3.8-1.1.101mdk.x86_64.rpm b41e8d05335694fa522c403c96ca3987 x86_64/10.1/SRPMS/php-imap-4.3.8-1.1.101mdk.src.rpm Corporate 3.0: fdd36f4022e376a0df36260ae27d76f1 corporate/3.0/RPMS/php-imap-4.3.4-1.1.C30mdk.i586.rpm 8321651ffc58801ca272b98e64a385d0 corporate/3.0/SRPMS/php-imap-4.3.4-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 44c3cdadf20366f41536cbdc2c1e1748 x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.1.C30mdk.x86_64.rpm 8321651ffc58801ca272b98e64a385d0 x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.1.C30mdk.src.rpm Mandriva Linux 10.2: 7ea50a18385970beb115e262c35bc2fa 10.2/RPMS/php-imap-4.3.10-6.1.102mdk.i586.rpm 78fa0456168d2156594aac90a196cd2b 10.2/SRPMS/php-imap-4.3.10-6.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: fe794754ac58a7f91bffb071175d2176 x86_64/10.2/RPMS/php-imap-4.3.10-6.1.102mdk.x86_64.rpm 78fa0456168d2156594aac90a196cd2b x86_64/10.2/SRPMS/php-imap-4.3.10-6.1.102mdk.src.rpm Mandriva Linux 2006.0: 7ebb8d2b7e9c2c876f4fde7c830aaa45 2006.0/RPMS/php-imap-5.0.4-2.1.20060mdk.i586.rpm 422822aaad1b121dc6cffbea414b33e3 2006.0/SRPMS/php-imap-5.0.4-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 9217687789293eaaca8a66b44c00f196 x86_64/2006.0/RPMS/php-imap-5.0.4-2.1.20060mdk.x86_64.rpm 422822aaad1b121dc6cffbea414b33e3 x86_64/2006.0/SRPMS/php-imap-5.0.4-2.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDX/XOmqjQ0CJFipgRAoc5AJ4l0wV9KTPTBeBaDi4VG6H7P63cwwCeJVQw 8eNfZ0bDyReJDLMmWbVbmhM= =iKZU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:195 - Updated squid packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:195 http://www.mandriva.com/security/ ___ Package : squid Date: October 26, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain odd responses. The updated packages have been patched to address these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3258 ___ Updated Packages: Corporate Server 2.1: f8aca99b670bd1d7cd062d29d6e337c0 corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.i586.rpm 575ebbe6d8c6dd4a88c85763de0955a6 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm Corporate Server 2.1/X86_64: b2bb3b18fbaec34fa4a4de306f7badfa x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.x86_64.rpm 575ebbe6d8c6dd4a88c85763de0955a6 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm Mandriva Linux 10.1: 1aa5389665eb7c44fc1a6f2a62a9c3e4 10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.i586.rpm 9000867a2ad94d095311053f36742abc 10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm Mandriva Linux 10.1/X86_64: d417b0a933c814462ff5bf0d207a x86_64/10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.x86_64.rpm 9000867a2ad94d095311053f36742abc x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm Corporate 3.0: 16a31934c2801715f0cb6290ea1c5c58 corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.i586.rpm aa1042be761e422dbee47cf3b5777b90 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm Corporate 3.0/X86_64: 5c285a1e0df7c5de08424a73438ef094 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.x86_64.rpm aa1042be761e422dbee47cf3b5777b90 x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm Multi Network Firewall 2.0: 92a195660ac40c9b6ae9ca275054c501 mnf/2.0/RPMS/squid-2.5.STABLE9-1.5.M20mdk.i586.rpm 1a97bb3873323ffe64629623c72d28c8 mnf/2.0/SRPMS/squid-2.5.STABLE9-1.5.M20mdk.src.rpm Mandriva Linux 10.2: 442d8df682a4b46ae9f1c2e864b6505d 10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.i586.rpm bd75db1db5949be45168118bf9fd6e80 10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 08dcae009d962753884eb5c11ff1bdf3 x86_64/10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.x86_64.rpm bd75db1db5949be45168118bf9fd6e80 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm Mandriva Linux 2006.0: 6c8f78eaefa702ea819c53cab55ad715 2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.i586.rpm 0b213d4496b8db93581a2b21388900af 2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.i586.rpm 1a242f5c868a63decda6a14c18de0397 2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: a8a30856a40f1067790ffb816c15ae4a x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.x86_64.rpm 7bbf70c2cbe5e22f6a5d9008ca96a887 x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.x86_64.rpm 1a242f5c868a63decda6a14c18de0397 x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDX/YhmqjQ0CJFipgRAunuAKC/rhHWaig0Q45jzSWL/mR5HM7IdgCfcGyZ 1TWq5z48L6oDF1pvHOABkOw= =cZLN -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:196 - Updated perl-Compress-Zlib packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:196 http://www.mandriva.com/security/ ___ Package : perl-Compress-Zlib Date: October 26, 2005 Affected: 10.1, 10.2, Corporate 2.1, Corporate 3.0 ___ Problem Description: The perl Compress::Zlib module contains an internal copy of the zlib library that was vulnerable to CAN-2005-1849 and CAN-2005-2096. This library was updated with version 1.35 of Compress::Zlib. An updated perl-Compress-Zlib package is now available to provide the fixed module. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 ___ Updated Packages: Corporate Server 2.1: c5e5e4bdde847a0a962dd1f0f57180da corporate/2.1/RPMS/perl-Compress-Zlib-1.37-0.1.C21mdk.i586.rpm 7753a97ea1f7f2e635866d1457c08122 corporate/2.1/SRPMS/perl-Compress-Zlib-1.37-0.1.C21mdk.src.rpm Corporate Server 2.1/X86_64: ea6a1a6cc1cdcbc3c23aea81aa0a87d4 x86_64/corporate/2.1/RPMS/perl-Compress-Zlib-1.37-0.1.C21mdk.x86_64.rpm 7753a97ea1f7f2e635866d1457c08122 x86_64/corporate/2.1/SRPMS/perl-Compress-Zlib-1.37-0.1.C21mdk.src.rpm Mandriva Linux 10.1: e7923b362b8ef2fb3d806371a69df7aa 10.1/RPMS/perl-Compress-Zlib-1.37-0.1.101mdk.i586.rpm 0b7fbd7ae4c245b400d46f57ea63bf90 10.1/SRPMS/perl-Compress-Zlib-1.37-0.1.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 8f052c92f3f9d0d7f1ad006356348405 x86_64/10.1/RPMS/perl-Compress-Zlib-1.37-0.1.101mdk.x86_64.rpm 0b7fbd7ae4c245b400d46f57ea63bf90 x86_64/10.1/SRPMS/perl-Compress-Zlib-1.37-0.1.101mdk.src.rpm Corporate 3.0: c33b659717b2723bb1c947ac6441db14 corporate/3.0/RPMS/perl-Compress-Zlib-1.37-0.1.C30mdk.i586.rpm adfd2f029c30a1e289d8f827bba46946 corporate/3.0/SRPMS/perl-Compress-Zlib-1.37-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 0a0e03e272d075dee7345b3196d7b0ea x86_64/corporate/3.0/RPMS/perl-Compress-Zlib-1.37-0.1.C30mdk.x86_64.rpm adfd2f029c30a1e289d8f827bba46946 x86_64/corporate/3.0/SRPMS/perl-Compress-Zlib-1.37-0.1.C30mdk.src.rpm Mandriva Linux 10.2: b4b17d14d3565862ce8368c71734e74c 10.2/RPMS/perl-Compress-Zlib-1.37-0.1.102mdk.i586.rpm 8a4ace379976089460eefea2859a1b31 10.2/SRPMS/perl-Compress-Zlib-1.37-0.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 07b74796e2e3b8a1ea72ef1fbdb8d47b x86_64/10.2/RPMS/perl-Compress-Zlib-1.37-0.1.102mdk.x86_64.rpm 8a4ace379976089460eefea2859a1b31 x86_64/10.2/SRPMS/perl-Compress-Zlib-1.37-0.1.102mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDX/Z1mqjQ0CJFipgRAv4iAJ9SLGTzFhmfx1XA0gzK1ImUSB8ayACfYtne 7b6eyKAsETMLg10hDjxg9CE= =UL6T -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:197 - Updated unzip packages fix suid, permissions vulnerabilities.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:197 http://www.mandriva.com/security/ ___ Package : unzip Date: October 26, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 ___ Problem Description: Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. (CAN-2005-0602) Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user. This affects versions of unzip 5.52 and lower (CAN-2005-2475) The updated packages have been patched to address these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0602 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2475 ___ Updated Packages: Corporate Server 2.1: 7588a2f5d443685a928d3c3feb547aba corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.i586.rpm 7d3e7ef187a36a39b3427d0d38959189 corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm Corporate Server 2.1/X86_64: 79aa9befeb7ed8de2220afc3fb3d1886 x86_64/corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.x86_64.rpm 7d3e7ef187a36a39b3427d0d38959189 x86_64/corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm Mandriva Linux 10.1: cb3280ad8d82e7f7108ed7a5336217ea 10.1/RPMS/unzip-5.51-1.2.101mdk.i586.rpm 0ec9c5f7200a6bc97429408d49f26252 10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 67cb90cf939bd25c74deba5e45d6dbb8 x86_64/10.1/RPMS/unzip-5.51-1.2.101mdk.x86_64.rpm 0ec9c5f7200a6bc97429408d49f26252 x86_64/10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm Corporate 3.0: b17cff4c27c1a268fd3cd7cec5661c12 corporate/3.0/RPMS/unzip-5.50-9.2.C30mdk.i586.rpm 1aedfd6f58ec41f16c72f3581744812e corporate/3.0/SRPMS/unzip-5.50-9.2.C30mdk.src.rpm Corporate 3.0/X86_64: 0b6a7cbd46e1ae821ad90bfc9623d86b x86_64/corporate/3.0/RPMS/unzip-5.50-9.2.C30mdk.x86_64.rpm 1aedfd6f58ec41f16c72f3581744812e x86_64/corporate/3.0/SRPMS/unzip-5.50-9.2.C30mdk.src.rpm Multi Network Firewall 2.0: 09797c30705503bef945eac7ae58e6ba mnf/2.0/RPMS/unzip-5.50-9.2.M20mdk.i586.rpm 81f25b8506bab3e2d467a918247a24ea mnf/2.0/SRPMS/unzip-5.50-9.2.M20mdk.src.rpm Mandriva Linux 10.2: 2fbac32dc8e75c593af39fda3abb2b85 10.2/RPMS/unzip-5.51-1.2.102mdk.i586.rpm 95661a9046eb3b823a631ad85d9e0805 10.2/SRPMS/unzip-5.51-1.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 099a8fe40622a82cabd9495cdf52377a x86_64/10.2/RPMS/unzip-5.51-1.2.102mdk.x86_64.rpm 95661a9046eb3b823a631ad85d9e0805 x86_64/10.2/SRPMS/unzip-5.51-1.2.102mdk.src.rpm Mandriva Linux 2006.0: 36aa8d839b74be9bb71fffd19f55e20c 2006.0/RPMS/unzip-5.52-1.2.20060mdk.i586.rpm 0dce17e0e7ff5040bf7d28802df8de7c 2006.0/SRPMS/unzip-5.52-1.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 10ac5d8076fa230106359170360a5f23 x86_64/2006.0/RPMS/unzip-5.52-1.2.20060mdk.x86_64.rpm 0dce17e0e7ff5040bf7d28802df8de7c x86_64/2006.0/SRPMS/unzip-5.52-1.2.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDX/bHmqjQ0CJFipgRAu/dAKDkvstFLoqaBkWZAJmBF7ymm4SFVgCfSOak 4YlJec53w5WEyuPn7PXTSPE= =prpn -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:198 - Updated uim packages fix suid linking vulnerabilities.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2005:198 http://www.mandriva.com/security/ ___ Package : uim Date: October 26, 2005 Affected: 10.2, 2006.0 ___ Problem Description: Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. The updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3149 ___ Updated Packages: Mandriva Linux 10.2: 0b40b2bf269eebdb578b7ccad6376ee7 10.2/RPMS/libuim0-0.4.6-6.1.102mdk.i586.rpm 0fa0b1b530cbe088168575f93e27af16 10.2/RPMS/libuim0-devel-0.4.6-6.1.102mdk.i586.rpm ff9d291ec6260b7b8dbcb744723c 10.2/RPMS/uim-0.4.6-6.1.102mdk.i586.rpm 58748280b6409a8ad303d373af08f095 10.2/RPMS/uim-anthy-0.4.6-6.1.102mdk.i586.rpm de4817e89863e467f60f0bdfc8e367ee 10.2/RPMS/uim-gtk-0.4.6-6.1.102mdk.i586.rpm 9f604d7675aac699f2415a251ecea3c8 10.2/RPMS/uim-m17nlib-0.4.6-6.1.102mdk.i586.rpm 39ecbe0eba6a0e577fb4964eb056f1be 10.2/RPMS/uim-prime-0.4.6-6.1.102mdk.i586.rpm ba70ceeadff24ddf3116ca7ca896bc29 10.2/RPMS/uim-qt-0.4.6-6.1.102mdk.i586.rpm a4724afdb7fd954d0a5e4cbfe76da9ea 10.2/RPMS/uim-skk-0.4.6-6.1.102mdk.i586.rpm 1aaae40c2eb11aeb27894f0adad90c78 10.2/SRPMS/uim-0.4.6-6.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: a4577bc46ee837064e90d76de15dc0d8 x86_64/10.2/RPMS/lib64uim0-0.4.6-6.1.102mdk.x86_64.rpm 4f5481e87619492b66b872189b64a746 x86_64/10.2/RPMS/lib64uim0-devel-0.4.6-6.1.102mdk.x86_64.rpm b0136005ec97560c3b69f1afe866858c x86_64/10.2/RPMS/uim-0.4.6-6.1.102mdk.x86_64.rpm ec86c03dbc8931b1fafd3afa0ab1076c x86_64/10.2/RPMS/uim-anthy-0.4.6-6.1.102mdk.x86_64.rpm 16eafc984239f9cca8ac8b11ca6add5c x86_64/10.2/RPMS/uim-gtk-0.4.6-6.1.102mdk.x86_64.rpm ff44a9d79f64c4ddf016808c82676248 x86_64/10.2/RPMS/uim-m17nlib-0.4.6-6.1.102mdk.x86_64.rpm cc12102858c03a110123750217e4fe98 x86_64/10.2/RPMS/uim-prime-0.4.6-6.1.102mdk.x86_64.rpm 61e11d3562720bb2899e0847786c61c0 x86_64/10.2/RPMS/uim-qt-0.4.6-6.1.102mdk.x86_64.rpm 72b234c251423aaa12958b726af54e9c x86_64/10.2/RPMS/uim-skk-0.4.6-6.1.102mdk.x86_64.rpm 1aaae40c2eb11aeb27894f0adad90c78 x86_64/10.2/SRPMS/uim-0.4.6-6.1.102mdk.src.rpm Mandriva Linux 2006.0: 13f254622cce2b61e252b85f2b3b89df 2006.0/RPMS/libuim0-0.4.8-4.1.20060mdk.i586.rpm 093f761ec0406e72463d0318cc58484a 2006.0/RPMS/libuim0-devel-0.4.8-4.1.20060mdk.i586.rpm 97bb193739679b4b20312c26e63f750f 2006.0/RPMS/uim-0.4.8-4.1.20060mdk.i586.rpm eef6b766c1283e770d872d440f1ab8dc 2006.0/RPMS/uim-gtk-0.4.8-4.1.20060mdk.i586.rpm 1c2a7bb3cb25ba173289098c3ce80b07 2006.0/RPMS/uim-qt-0.4.8-4.1.20060mdk.i586.rpm ad441f9127511a1e5b0d83472ae54862 2006.0/RPMS/uim-qtimmodule-0.4.8-4.1.20060mdk.i586.rpm 58946cffcb345bbaaae8a3b2e5192a8f 2006.0/SRPMS/uim-0.4.8-4.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 6ccb325145baeed7ea30b78a367941dd x86_64/2006.0/RPMS/lib64uim0-0.4.8-4.1.20060mdk.x86_64.rpm 21465e1d5bb3a169053e5930ef03074d x86_64/2006.0/RPMS/lib64uim0-devel-0.4.8-4.1.20060mdk.x86_64.rpm f0e752e8177553041fefa013ce4598df x86_64/2006.0/RPMS/uim-0.4.8-4.1.20060mdk.x86_64.rpm 3056648cfdbcfdb715106531dda70700 x86_64/2006.0/RPMS/uim-gtk-0.4.8-4.1.20060mdk.x86_64.rpm 3f5264d09059fadc77229b696cbea267 x86_64/2006.0/RPMS/uim-qt-0.4.8-4.1.20060mdk.x86_64.rpm 9d586985de4c10e879bcd699af023cae x86_64/2006.0/RPMS/uim-qtimmodule-0.4.8-4.1.20060mdk.x86_64.rpm 58946cffcb345bbaaae8a3b2e5192a8f x86_64/2006.0/SRPMS/uim-0.4.8-4.1.20060mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDX/cbmqjQ0CJFipgRAmtUAJ9uoYAcWo7lpfRjWo2Ak+rTEMx+EACfdO5R ejHcUW3I/0IxlAoZNN+4qzo= =YxAm -END PGP SIGNATURE
[Full-disclosure] MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: graphviz Advisory ID:MDKSA-2005:188 Date: October 20th, 2005 Affected versions: 10.2, 2006.0 __ Problem Description: Javier Fernández-Sanguino Peña discovered insecure temporary file creation in graphviz, a rich set of graph drawing tools, that can be exploited to overwrite arbitrary files by a local attacker. The updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2965 __ Updated Packages: Mandrivalinux 10.2: 9d0b8399200df96484fd7468a008b76b 10.2/RPMS/graphviz-2.2-3.1.102mdk.i586.rpm 619146bf760e72b75edfc4574fdc4e46 10.2/RPMS/libgraphviz7-2.2-3.1.102mdk.i586.rpm a7be06004d84c8cd9c12e5116ebd4b7c 10.2/RPMS/libgraphviz7-devel-2.2-3.1.102mdk.i586.rpm b84a713fefe4b4a9034fb83d0ce7317d 10.2/RPMS/libgraphviztcl7-2.2-3.1.102mdk.i586.rpm 68b886a29dc2d462f9f244bbac5579db 10.2/RPMS/libgraphviztcl7-devel-2.2-3.1.102mdk.i586.rpm aeb17f5e10328aab9ad91bf0b8cad36e 10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm Mandrivalinux 10.2/X86_64: b9a03ec322f71cdf568cbf34921b2788 x86_64/10.2/RPMS/graphviz-2.2-3.1.102mdk.x86_64.rpm 247106d295206c27fefd346c02cd x86_64/10.2/RPMS/lib64graphviz7-2.2-3.1.102mdk.x86_64.rpm 2c804f5c76a2644f3446c81acdac7aac x86_64/10.2/RPMS/lib64graphviz7-devel-2.2-3.1.102mdk.x86_64.rpm 9d9e27f634afaed1a66d581d578898e9 x86_64/10.2/RPMS/lib64graphviztcl7-2.2-3.1.102mdk.x86_64.rpm a5eab811ca6f0dd579932e441452a130 x86_64/10.2/RPMS/lib64graphviztcl7-devel-2.2-3.1.102mdk.x86_64.rpm aeb17f5e10328aab9ad91bf0b8cad36e x86_64/10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm Mandrivalinux 2006.0: caebfdb43cbd357c8abc549160613983 2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.i586.rpm bf374b0bc329f4dc68b34b9fe3b5fd3e 2006.0/RPMS/libgraphviz7-2.2.1-3.1.20060mdk.i586.rpm d7284cdc65c9f5339d14be05ae1b2136 2006.0/RPMS/libgraphviz7-devel-2.2.1-3.1.20060mdk.i586.rpm 926fa5fdcd6e919205ef50433ecf39a0 2006.0/RPMS/libgraphviztcl7-2.2.1-3.1.20060mdk.i586.rpm 1bd24268a3d2735b47c2492bb21f63bc 2006.0/RPMS/libgraphviztcl7-devel-2.2.1-3.1.20060mdk.i586.rpm 526f759a2f2ec29207c0b8e579ed 2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: 5a015d5e8932b6fa63a5b13eaf285d60 x86_64/2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.x86_64.rpm 3a8a76af72aaa2350f71250e9a3d8bb0 x86_64/2006.0/RPMS/lib64graphviz7-2.2.1-3.1.20060mdk.x86_64.rpm 73cae708e93dbdd454f8c944f3242f19 x86_64/2006.0/RPMS/lib64graphviz7-devel-2.2.1-3.1.20060mdk.x86_64.rpm 7f59d48923080c9f81af0041c2d5a8a4 x86_64/2006.0/RPMS/lib64graphviztcl7-2.2.1-3.1.20060mdk.x86_64.rpm 7e582a89f65b33bf55a28200cef0d51e x86_64/2006.0/RPMS/lib64graphviztcl7-devel-2.2.1-3.1.20060mdk.x86_64.rpm 526f759a2f2ec29207c0b8e579ed x86_64/2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD4DBQFDWIjKmqjQ0CJFipgRAjCgAKDQM6cllVNyPXlVxTD7mgBbkW3giQCY75xo 697WJt3QgPdKwmfLQnIaew== =mwcy -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:189 - Updated imap packages fix buffer overflow vulnerabilities.
/imap-2001a-9.2.C21mdk.src.rpm Corporate 3.0: eaef12eeac790a2880af5ecdc66f7d60 corporate/3.0/RPMS/imap-2002d-8.3.C30mdk.i586.rpm 1adc4061698d3f5835a6b3a10f09cd4d corporate/3.0/RPMS/imap-devel-2002d-8.3.C30mdk.i586.rpm d173305c62e79febec934d8b9195f021 corporate/3.0/RPMS/imap-utils-2002d-8.3.C30mdk.i586.rpm a41bf2dadb63dee7bc838314623d07ea corporate/3.0/SRPMS/imap-2002d-8.3.C30mdk.src.rpm Corporate 3.0/X86_64: 859bb7db71c8329fa11535935e857dea x86_64/corporate/3.0/RPMS/imap-2002d-8.3.C30mdk.x86_64.rpm c558f69d89804030f9526bc3e4bdd76e x86_64/corporate/3.0/RPMS/imap-devel-2002d-8.3.C30mdk.x86_64.rpm d693ca63de12e925105a9e3c2add1088 x86_64/corporate/3.0/RPMS/imap-utils-2002d-8.3.C30mdk.x86_64.rpm a41bf2dadb63dee7bc838314623d07ea x86_64/corporate/3.0/SRPMS/imap-2002d-8.3.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDWIkxmqjQ0CJFipgRAnygAJ9ROqJuSsg6bZSX0uyD/DlSYdilTQCg8eUI WgvNcIR4CbNYTcASoV8UpxY= =hBqw -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:190 - Updated nss_ldap/pam_ldap packages fix privilege vulnerabilities.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: nss_ldap Advisory ID:MDKSA-2005:190 Date: October 20th, 2005 Affected versions: 10.1, 10.2 __ Problem Description: A bug was found in the way the pam_ldap module processed certain failure messages. If the server includes supplemental data in an authentication failure result message, but the data does not include any specific error code, the pam_ldap module would proceed as if the authentication request had succeeded, and authentication would succeed. This affects versions 169 through 179 of pam_ldap. The updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2641 __ Updated Packages: Mandrivalinux 10.1: 3cf5ab097f8e69b9e1ace711537fcb46 10.1/RPMS/nss_ldap-220-3.2.101mdk.i586.rpm e5d3c8684a35cc147943b0b4a1922a42 10.1/RPMS/pam_ldap-170-3.2.101mdk.i586.rpm edad8885447d4d059ff1c689ee6a6f7d 10.1/SRPMS/nss_ldap-220-3.2.101mdk.src.rpm Mandrivalinux 10.1/X86_64: 7b8c8c7c40c30963aff186adffc94324 x86_64/10.1/RPMS/nss_ldap-220-3.2.101mdk.x86_64.rpm ecbaa427c916e7fab0c355a91e04ee98 x86_64/10.1/RPMS/pam_ldap-170-3.2.101mdk.x86_64.rpm edad8885447d4d059ff1c689ee6a6f7d x86_64/10.1/SRPMS/nss_ldap-220-3.2.101mdk.src.rpm Mandrivalinux 10.2: 19950ddbfe52c8f0aa6e11ed93c59737 10.2/RPMS/pam_ldap-170-5.3.102mdk.i586.rpm dab9943bb867001a4a4e514ffc58d84e 10.2/RPMS/nss_ldap-220-5.3.102mdk.i586.rpm 08e82d8a5fdcdd1620d8a22ec002173d 10.2/SRPMS/nss_ldap-220-5.3.102mdk.src.rpm Mandrivalinux 10.2/X86_64: 54ff3f02df2e5f7c11564488784fc3ab x86_64/10.2/RPMS/nss_ldap-220-5.3.102mdk.x86_64.rpm 9d5541f3ac77d8ce6e2b8877b25f8980 x86_64/10.2/RPMS/pam_ldap-170-5.3.102mdk.x86_64.rpm 08e82d8a5fdcdd1620d8a22ec002173d x86_64/10.2/SRPMS/nss_ldap-220-5.3.102mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDWImbmqjQ0CJFipgRAgX8AJ4jyjMmvr+bQ0j4kimAmSySxfnBTACgz4n5 cXO1suU5/bUFVM9e/Q5KKXo= =jVbI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability
cfcc4c2bf95f4ae6b3a0fb7013b25618 corporate/3.0/RPMS/ruby-doc-1.8.1-1.4.C30mdk.i586.rpm 482e8dcdbedcac577f91c9133647c3cc corporate/3.0/RPMS/ruby-tk-1.8.1-1.4.C30mdk.i586.rpm a05a8da48327c79254cabaf42a7002d3 corporate/3.0/SRPMS/ruby-1.8.1-1.4.C30mdk.src.rpm Corporate 3.0/X86_64: 416a775e25eca23fe89314e4f0c1c762 x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.4.C30mdk.x86_64.rpm 9ee750fd72214d68a95e2a45967e4107 x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.4.C30mdk.x86_64.rpm c4e65ac8d2660883cd6f9bb87b33db61 x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.4.C30mdk.x86_64.rpm 871cb8738de7856ab3d5d0602e3bfa10 x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.4.C30mdk.x86_64.rpm a05a8da48327c79254cabaf42a7002d3 x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.4.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDWIoAmqjQ0CJFipgRAmWAAKC2bXtS0hkrz2D8YGR1CPZK1Mb36QCeJ73+ HLz1sPgGs4IBkVKUEn36DsI= =JLok -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:192 - Updated xli packages fix buffer overflow vulnerabilities.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: xli Advisory ID:MDKSA-2005:192 Date: October 20th, 2005 Affected versions: 10.2, 2006.0, Corporate 3.0, Corporate Server 2.1 __ Problem Description: Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code. The updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178 __ Updated Packages: Mandrivalinux 10.2: 934ff40c8d59f0d113abbb0064be5392 10.2/RPMS/xli-1.17.0-8.2.102mdk.i586.rpm 28924458550bcafd6a2432dda2fca55d 10.2/SRPMS/xli-1.17.0-8.2.102mdk.src.rpm Mandrivalinux 10.2/X86_64: 59c2de1a44f737e6c50f8e238e2176e4 x86_64/10.2/RPMS/xli-1.17.0-8.2.102mdk.x86_64.rpm 28924458550bcafd6a2432dda2fca55d x86_64/10.2/SRPMS/xli-1.17.0-8.2.102mdk.src.rpm Mandrivalinux 2006.0: 2574d65860a01e546b8c73cb852d81c5 2006.0/RPMS/xli-1.17.0-8.2.20060mdk.i586.rpm fc2ef038f442fd1a47f3dad7d1761b7e 2006.0/SRPMS/xli-1.17.0-8.2.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: 697bdbad88bdc84815edd227c634911f x86_64/2006.0/RPMS/xli-1.17.0-8.2.20060mdk.x86_64.rpm fc2ef038f442fd1a47f3dad7d1761b7e x86_64/2006.0/SRPMS/xli-1.17.0-8.2.20060mdk.src.rpm Corporate Server 2.1: f241a38c8afb0562d8f1a2a185b2a0b4 corporate/2.1/RPMS/xli-1.17.0-4.2.C21mdk.i586.rpm 795a9753cbd18799da32860f40e280c6 corporate/2.1/SRPMS/xli-1.17.0-4.2.C21mdk.src.rpm Corporate Server 2.1/X86_64: 7434ac7065215eac6b1e1797fcb16bad x86_64/corporate/2.1/RPMS/xli-1.17.0-4.2.C21mdk.x86_64.rpm 795a9753cbd18799da32860f40e280c6 x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.2.C21mdk.src.rpm Corporate 3.0: 8d9782019acde544f2b601f2cf030302 corporate/3.0/RPMS/xli-1.17.0-8.3.C30mdk.i586.rpm 0ab7c839749985bf184f4a8aa45e9bd1 corporate/3.0/SRPMS/xli-1.17.0-8.3.C30mdk.src.rpm Corporate 3.0/X86_64: ebc5619b0dd31c2e45c4ee9b5a0eb48e x86_64/corporate/3.0/RPMS/xli-1.17.0-8.3.C30mdk.x86_64.rpm 0ab7c839749985bf184f4a8aa45e9bd1 x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.3.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDWIpomqjQ0CJFipgRAoSYAJ9/h+k4oFRQxxi3Ho8rUg9gJ2D+KgCg0maJ egAJc9ieveFVseiD6V08RsQ= =Sfa4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:186 - Updated lynx packages fix remote buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: lynx Advisory ID:MDKSA-2005:186 Date: October 17th, 2005 Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0 __ Problem Description: Ulf Harnhammar discovered a remote buffer overflow in lynx versions 2.8.2 through 2.8.5. When Lynx connects to an NNTP server to fetch information about the available articles in a newsgroup, it will call a function called HTrjis() with the information from certain article headers. The function adds missing ESC characters to certain data, to support Asian character sets. However, it does not check if it writes outside of the char array buf, and that causes a remote stack-based buffer overflow, with full control over EIP, EBX, EBP, ESI and EDI. Two attack vectors to make a victim visit a URL to a dangerous news server are: (a) *redirecting scripts*, where the victim visits some web page and it redirects automatically to a malicious URL, and (b) *links in web pages*, where the victim visits some web page and selects a link on the page to a malicious URL. Attack vector (b) is helped by the fact that Lynx does not automatically display where links lead to, unlike many graphical web browsers. The updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3120 __ Updated Packages: Mandrivalinux 10.1: 03a47f29118c2291a3bf9a355273560c 10.1/RPMS/lynx-2.8.5-1.1.101mdk.i586.rpm 0e7e4cd9c64861a7d0a284fb6b9be9e3 10.1/SRPMS/lynx-2.8.5-1.1.101mdk.src.rpm Mandrivalinux 10.1/X86_64: 657c0cd7d9226c5b1f8b57c19e72f657 x86_64/10.1/RPMS/lynx-2.8.5-1.1.101mdk.x86_64.rpm 0e7e4cd9c64861a7d0a284fb6b9be9e3 x86_64/10.1/SRPMS/lynx-2.8.5-1.1.101mdk.src.rpm Mandrivalinux 10.2: e81251fccbdd21bdaebd963e6e2ed1d2 10.2/RPMS/lynx-2.8.5-1.1.102mdk.i586.rpm 6e5cceb1a9bdf36e7f8eab2ecc08799f 10.2/SRPMS/lynx-2.8.5-1.1.102mdk.src.rpm Mandrivalinux 10.2/X86_64: 411f4dc65bf8c58a55a92cdb3be9ef53 x86_64/10.2/RPMS/lynx-2.8.5-1.1.102mdk.x86_64.rpm 6e5cceb1a9bdf36e7f8eab2ecc08799f x86_64/10.2/SRPMS/lynx-2.8.5-1.1.102mdk.src.rpm Mandrivalinux 2006.0: ee92cfae1cce73b8084cf6ad2c6d1381 2006.0/RPMS/lynx-2.8.5-4.1.20060mdk.i586.rpm a022a76a884e198cf4f331a4d71c7d20 2006.0/SRPMS/lynx-2.8.5-4.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: 46833e32f2c958d8fb544654efd4ab83 x86_64/2006.0/RPMS/lynx-2.8.5-4.1.20060mdk.x86_64.rpm a022a76a884e198cf4f331a4d71c7d20 x86_64/2006.0/SRPMS/lynx-2.8.5-4.1.20060mdk.src.rpm Multi Network Firewall 2.0: f43a161be8fb6049d3f2361b5ead799a mnf/2.0/RPMS/lynx-2.8.5-1.1.M20mdk.i586.rpm 570c3679d4d38e62c21e570ab37f5bfe mnf/2.0/SRPMS/lynx-2.8.5-1.1.M20mdk.src.rpm Corporate Server 2.1: b18b5f89f3a8389362a9f67acfb87a2c corporate/2.1/RPMS/lynx-2.8.5-0.10.2.C21mdk.dev.8.i586.rpm 3d6af86d010f884152fd30f7fdd0bcb9 corporate/2.1/SRPMS/lynx-2.8.5-0.10.2.C21mdk.dev.8.src.rpm Corporate Server 2.1/X86_64: d4e5c0107a09cef8d142ca666d049303 x86_64/corporate/2.1/RPMS/lynx-2.8.5-0.10.2.C21mdk.dev.8.x86_64.rpm 3d6af86d010f884152fd30f7fdd0bcb9 x86_64/corporate/2.1/SRPMS/lynx-2.8.5-0.10.2.C21mdk.dev.8.src.rpm Corporate 3.0: 970bef84ca43e8855569efad58455c47 corporate/3.0/RPMS/lynx-2.8.5-1.1.C30mdk.i586.rpm c456757c4be351906911fc7827ffb348 corporate/3.0/SRPMS/lynx-2.8.5-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: 5df091387574a783a1a9cae4008f7dcb x86_64/corporate/3.0/RPMS/lynx-2.8.5-1.1.C30mdk.x86_64.rpm c456757c4be351906911fc7827ffb348 x86_64/corporate/3.0/SRPMS/lynx-2.8.5-1.1.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10
[Full-disclosure] MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability
cd74780d1af1cf4b2303723d87c58c84 x86_64/2006.0/RPMS/koffice-progs-1.4.1-12.1.20060mdk.x86_64.rpm 717cdd1b1c25bdc1f44d3fd429c93a9d x86_64/2006.0/RPMS/lib64koffice2-karbon-1.4.1-12.1.20060mdk.x86_64.rpm c9bbd4568ea4977d5617cd3e619c64e8 x86_64/2006.0/RPMS/lib64koffice2-karbon-devel-1.4.1-12.1.20060mdk.x86_64.rpm 95b2a9d1450b7ba1d9deafa17f749286 x86_64/2006.0/RPMS/lib64koffice2-kexi-1.4.1-12.1.20060mdk.x86_64.rpm a74788f6baa147d8d5ca3405fe9a9ad1 x86_64/2006.0/RPMS/lib64koffice2-kexi-devel-1.4.1-12.1.20060mdk.x86_64.rpm 772f6a8cbd689338ab7de587a47e3cf2 x86_64/2006.0/RPMS/lib64koffice2-kformula-1.4.1-12.1.20060mdk.x86_64.rpm 1eb4e230bd7a58d8fe818afad7734966 x86_64/2006.0/RPMS/lib64koffice2-kformula-devel-1.4.1-12.1.20060mdk.x86_64.rpm 734d78f80525f5486e4935554eddfe54 x86_64/2006.0/RPMS/lib64koffice2-kivio-1.4.1-12.1.20060mdk.x86_64.rpm 5d0db7383f091405fecee6f1c464641b x86_64/2006.0/RPMS/lib64koffice2-kivio-devel-1.4.1-12.1.20060mdk.x86_64.rpm 0cff0b61127119f4d8b3bc5f66629d71 x86_64/2006.0/RPMS/lib64koffice2-koshell-1.4.1-12.1.20060mdk.x86_64.rpm a5d85f5d610fa8406870fd07dfdeb2b4 x86_64/2006.0/RPMS/lib64koffice2-kpresenter-1.4.1-12.1.20060mdk.x86_64.rpm d61cf7db80d6057b166fdd20f883b6ff x86_64/2006.0/RPMS/lib64koffice2-krita-1.4.1-12.1.20060mdk.x86_64.rpm 9ac9ac30946f68c8cec7bb5a89c813a5 x86_64/2006.0/RPMS/lib64koffice2-krita-devel-1.4.1-12.1.20060mdk.x86_64.rpm 00598e66cc402e571b808584a4d8c336 x86_64/2006.0/RPMS/lib64koffice2-kspread-1.4.1-12.1.20060mdk.x86_64.rpm 4ceb67f1c28b9ddf67ee8c71ec440892 x86_64/2006.0/RPMS/lib64koffice2-kspread-devel-1.4.1-12.1.20060mdk.x86_64.rpm cd209d72006ebb9bf73b8b0720f6dec5 x86_64/2006.0/RPMS/lib64koffice2-kugar-1.4.1-12.1.20060mdk.x86_64.rpm 6dafddcacf4c22e7bdd923ea9e539dcf x86_64/2006.0/RPMS/lib64koffice2-kugar-devel-1.4.1-12.1.20060mdk.x86_64.rpm a528f1fdf4b4e58509fbe66466120a47 x86_64/2006.0/RPMS/lib64koffice2-kword-1.4.1-12.1.20060mdk.x86_64.rpm 7903be8ff2a65a3e2934f1aa08a974d3 x86_64/2006.0/RPMS/lib64koffice2-kword-devel-1.4.1-12.1.20060mdk.x86_64.rpm ac688ea6ab8372432714409c2f8da424 x86_64/2006.0/RPMS/lib64koffice2-progs-1.4.1-12.1.20060mdk.x86_64.rpm 86c737e2fba85d3dcd4aab2bc769578c x86_64/2006.0/RPMS/lib64koffice2-progs-devel-1.4.1-12.1.20060mdk.x86_64.rpm 7dd1caa2baf31df5cb439de74b15a28e x86_64/2006.0/SRPMS/koffice-1.4.1-12.1.20060mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDUCK3mqjQ0CJFipgRAnxkAJ9Sgfj4tI1dDGVSev8ePwLStDm/6wCgu07o R0nwfpsi6L3cday2Z/pKShU= =JQQS -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:183 - Updated wget packages fix NTLM authentication vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: wget Advisory ID:MDKSA-2005:183 Date: October 13th, 2005 Affected versions: 2006.0 __ Problem Description: A vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to libcurl that together are longer than 192 bytes or b) allow (lib)curl to follow HTTP redirects and the new URL contains a URL with a user and domain name that together are longer than 192 bytes. Wget, as of version 1.10, uses the NTLM code from libcurl and is also vulnerable to this issue. The updated packages have been patched to address this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3185 http://curl.haxx.se/mail/lib-2005-10/0061.html __ Updated Packages: Mandrivalinux 2006.0: b902b06ea1316dbcdf17796aa548a77e 2006.0/RPMS/wget-1.10-1.1.20060mdk.i586.rpm 08749a1759b1b583b08393411dfced5a 2006.0/SRPMS/wget-1.10-1.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: c885bd2f1e463c7753c7ca562fc20942 x86_64/2006.0/RPMS/wget-1.10-1.1.20060mdk.x86_64.rpm 08749a1759b1b583b08393411dfced5a x86_64/2006.0/SRPMS/wget-1.10-1.1.20060mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDTyZ9mqjQ0CJFipgRAsPWAJwNFU9myzCrq1DK78fYvZnEIZ8lIwCg3Fuf DeWqnJeKb6x3YGE0p8diykg= =vo8Z -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:178 - Updated squirrelmail packages fixes XSS vulberability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: squirrelmail Advisory ID:MDKSA-2005:178 Date: October 11th, 2005 Affected versions: Corporate 3.0 __ Problem Description: A cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. The updated packages have an updated Address Add plugin to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3128 __ Updated Packages: Corporate 3.0: 2341c318bfbd7734dc8b79034069885b corporate/3.0/RPMS/squirrelmail-1.4.2-11.2.C30mdk.noarch.rpm 944a7c659d7dd2ceef0c4eef2876628e corporate/3.0/RPMS/squirrelmail-poutils-1.4.2-11.2.C30mdk.noarch.rpm edf57fba5bb134453ba7dbe8d18339f5 corporate/3.0/SRPMS/squirrelmail-1.4.2-11.2.C30mdk.src.rpm Corporate 3.0/X86_64: ef69fe51a0b58e202cbcec5e9cfcee83 x86_64/corporate/3.0/RPMS/squirrelmail-1.4.2-11.2.C30mdk.noarch.rpm 54244c96e2f1a1c27f074fbe6ed4ea85 x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.2-11.2.C30mdk.noarch.rpm edf57fba5bb134453ba7dbe8d18339f5 x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.2-11.2.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDTKdEmqjQ0CJFipgRAnRBAKDYqQRQRQzg7GouDPkLEnmwzfDo5wCePqcg cD7JMILXF+xFb+8aIyr/bWM= =LyDt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:179 - Updated openssl packages fix vulnerabilities
-2.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: 3b54d300cf1b6889d764e36660d3542d x86_64/2006.0/RPMS/lib64openssl0.9.7-0.9.7g-2.1.20060mdk.x86_64.rpm aa8e520156a9d878ed43179dfcc5210f x86_64/2006.0/RPMS/lib64openssl0.9.7-devel-0.9.7g-2.1.20060mdk.x86_64.rpm 8bece33914331ad81e9e88dfef1b4319 x86_64/2006.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7g-2.1.20060mdk.x86_64.rpm 4a654cfa16e31f450493e59de0cb372c x86_64/2006.0/RPMS/openssl-0.9.7g-2.1.20060mdk.x86_64.rpm fc0ed1a9eab0dfdb3f35c3cdb46004e8 x86_64/2006.0/SRPMS/openssl-0.9.7g-2.1.20060mdk.src.rpm Multi Network Firewall 2.0: 60451a13eb787c55a9463322b6bdb419 mnf/2.0/RPMS/libopenssl0.9.7-0.9.7c-3.3.M20mdk.i586.rpm 3a5dae5ff129437461180df9a8dd5b0b mnf/2.0/RPMS/openssl-0.9.7c-3.3.M20mdk.i586.rpm c89dcc035040ed512ab2823b978b5205 mnf/2.0/SRPMS/openssl-0.9.7c-3.3.M20mdk.src.rpm Corporate Server 2.1: 7ce23e8906c2001f93afdbdb544a5659 corporate/2.1/RPMS/libopenssl0-0.9.6i-1.10.C21mdk.i586.rpm 26e569e8dd0598bd5f55d1a954989e7b corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.10.C21mdk.i586.rpm c54a45b3cf589095382c1399f0435353 corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.10.C21mdk.i586.rpm bc5ff8f4e044678c40b5bae08b263216 corporate/2.1/RPMS/openssl-0.9.6i-1.10.C21mdk.i586.rpm 6fa6d2e82bffdf044663ccd40b14bba3 corporate/2.1/SRPMS/openssl-0.9.6i-1.10.C21mdk.src.rpm Corporate Server 2.1/X86_64: 4b85f119fb4908f785ee5e4cd6f81312 x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.10.C21mdk.x86_64.rpm d366f2f72a511fbb4887de0d17303339 x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.10.C21mdk.x86_64.rpm b3a4d7295c802dc5a486022bffe8f8aa x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.10.C21mdk.x86_64.rpm cd0e605ae88e746d8124f550ff26c723 x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.10.C21mdk.x86_64.rpm 6fa6d2e82bffdf044663ccd40b14bba3 x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.10.C21mdk.src.rpm Corporate 3.0: e77b2aeadf368cac390fda472f96f76d corporate/3.0/RPMS/libopenssl0.9.7-0.9.7c-3.3.C30mdk.i586.rpm e3e077097643c9247b0e866c0ea08c9d corporate/3.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.3.C30mdk.i586.rpm eb61ee6a8464a43e951102fa5a9df4b0 corporate/3.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.3.C30mdk.i586.rpm fa6ce3b5dc685d567040061676d047ba corporate/3.0/RPMS/openssl-0.9.7c-3.3.C30mdk.i586.rpm 502e04472212778c866211c6179f4127 corporate/3.0/SRPMS/openssl-0.9.7c-3.3.C30mdk.src.rpm Corporate 3.0/X86_64: bdc1b94ef64f4c0c02948d8ec08184b1 x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-0.9.7c-3.3.C30mdk.x86_64.rpm f2b65309719e499eb1a9d9f857c51921 x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.3.C30mdk.x86_64.rpm 48e9d2cd78e4a44a4bd61542a47f2d5b x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.3.C30mdk.x86_64.rpm 3aef366b6921b180f304ae1a8c10ba78 x86_64/corporate/3.0/RPMS/openssl-0.9.7c-3.3.C30mdk.x86_64.rpm 502e04472212778c866211c6179f4127 x86_64/corporate/3.0/SRPMS/openssl-0.9.7c-3.3.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDTKeomqjQ0CJFipgRAu3NAKDlk6fzLxUqtjUzDcV7IkgF/vKLdQCgwCki DUI4033wSRXeFbCegR++iRo= =7gQt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:180 - Updated xine-lib packages fixes cddb vulnerability
9768022de3f23e61649671a76de6d4a3 x86_64/10.2/RPMS/xine-arts-1.0-8.2.102mdk.x86_64.rpm 6636acc15686f32d827c367ae0e0af83 x86_64/10.2/RPMS/xine-dxr3-1.0-8.2.102mdk.x86_64.rpm bd80ab843edcb769edbe95bee307848e x86_64/10.2/RPMS/xine-esd-1.0-8.2.102mdk.x86_64.rpm 70c16130252aca43d5cac5d30d258dbc x86_64/10.2/RPMS/xine-flac-1.0-8.2.102mdk.x86_64.rpm 19546fbd231735cdb52488c78bb3138c x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.2.102mdk.x86_64.rpm e14f01a64d3080fc35ee3f7280ae9336 x86_64/10.2/RPMS/xine-plugins-1.0-8.2.102mdk.x86_64.rpm 8281c290d3e926279706b049dd4247da x86_64/10.2/RPMS/xine-polyp-1.0-8.2.102mdk.x86_64.rpm 46f8be45f38977aa67731c5da830c43b x86_64/10.2/RPMS/xine-smb-1.0-8.2.102mdk.x86_64.rpm 3d1f4d92c41f977edf895388f4784337 x86_64/10.2/SRPMS/xine-lib-1.0-8.2.102mdk.src.rpm Mandrivalinux 2006.0: ad0dd01a46c84cb5ce8a28ce5710da28 2006.0/RPMS/libxine1-1.1.0-8.1.20060mdk.i586.rpm b63c878314d9d393a43082f1940fd063 2006.0/RPMS/libxine1-devel-1.1.0-8.1.20060mdk.i586.rpm 77404b4ea4908b51843f26b4face7a21 2006.0/RPMS/xine-aa-1.1.0-8.1.20060mdk.i586.rpm efec9d133963c8c8d1d052ea8d1a811d 2006.0/RPMS/xine-arts-1.1.0-8.1.20060mdk.i586.rpm bb1f5e764c4cc933659ebe7ba2c61d88 2006.0/RPMS/xine-dxr3-1.1.0-8.1.20060mdk.i586.rpm b74cffa6e5683afb50ed01b2afe8 2006.0/RPMS/xine-esd-1.1.0-8.1.20060mdk.i586.rpm f8c48d2fc87e8f562754ce36dcf7f74a 2006.0/RPMS/xine-flac-1.1.0-8.1.20060mdk.i586.rpm b8f365ce839aa783637edd4687f89a64 2006.0/RPMS/xine-gnomevfs-1.1.0-8.1.20060mdk.i586.rpm 2fed4fcf4867293705de055f0b2095d3 2006.0/RPMS/xine-image-1.1.0-8.1.20060mdk.i586.rpm 7ee9724ef73423691f4c2622824d50e3 2006.0/RPMS/xine-plugins-1.1.0-8.1.20060mdk.i586.rpm 732ac66a4b4a8356c8afbfc6770ac6ac 2006.0/RPMS/xine-polyp-1.1.0-8.1.20060mdk.i586.rpm f4afb35e994c48af37529481df73df9c 2006.0/RPMS/xine-smb-1.1.0-8.1.20060mdk.i586.rpm f8551a36e839b1c284f157d042395477 2006.0/SRPMS/xine-lib-1.1.0-8.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: c9e6b7176514f797a6b4d444d630783e x86_64/2006.0/RPMS/lib64xine1-1.1.0-8.1.20060mdk.x86_64.rpm 9997e0b3a7712a94c98964d2a387d010 x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-8.1.20060mdk.x86_64.rpm 8c32b4302fe882f057cc307ef546356e x86_64/2006.0/RPMS/xine-aa-1.1.0-8.1.20060mdk.x86_64.rpm a18e2771a126b49d93d588d7ff57f22d x86_64/2006.0/RPMS/xine-arts-1.1.0-8.1.20060mdk.x86_64.rpm 188e16a6da35e64d77ef1007f770959e x86_64/2006.0/RPMS/xine-dxr3-1.1.0-8.1.20060mdk.x86_64.rpm cd4045af591254a68d48dbceb5885bc5 x86_64/2006.0/RPMS/xine-esd-1.1.0-8.1.20060mdk.x86_64.rpm 40c947de3d1df3e33a0f4c26f096b0c8 x86_64/2006.0/RPMS/xine-flac-1.1.0-8.1.20060mdk.x86_64.rpm cdd6293c4edc8751989f605eb4bb3f45 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-8.1.20060mdk.x86_64.rpm 249af817e4dac7f580ef1d9614ec66da x86_64/2006.0/RPMS/xine-image-1.1.0-8.1.20060mdk.x86_64.rpm 4161debdffeaf757be1d97a28e9d7c02 x86_64/2006.0/RPMS/xine-plugins-1.1.0-8.1.20060mdk.x86_64.rpm 6c5c31192529ddca8794de618f4ce0f4 x86_64/2006.0/RPMS/xine-polyp-1.1.0-8.1.20060mdk.x86_64.rpm eb1a6c7e8297098dff9d2896f83f2f2f x86_64/2006.0/RPMS/xine-smb-1.1.0-8.1.20060mdk.x86_64.rpm f8551a36e839b1c284f157d042395477 x86_64/2006.0/SRPMS/xine-lib-1.1.0-8.1.20060mdk.src.rpm Corporate 3.0: e93f0caab04c2752c07faaff0f97922f corporate/3.0/RPMS/libxine1-1-0.rc3.6.5.C30mdk.i586.rpm b7cc7339b05df194eac9ef7a17878271 corporate/3.0/RPMS/xine-arts-1-0.rc3.6.5.C30mdk.i586.rpm 0e2cfe89dd82835669dcff0780923982 corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.5.C30mdk.i586.rpm 8658f0c1e16ef59142cbe2c685043b26 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.5.C30mdk.src.rpm Corporate 3.0/X86_64: f43b406288771a962829e7b9686c2eba x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.5.C30mdk.x86_64.rpm aa294b88759a08022052f0bdff44ad6a x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.5.C30mdk.x86_64.rpm 27247dc4bb05cef5bfbe97631b12de2e x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.5.C30mdk.x86_64.rpm 8658f0c1e16ef59142cbe2c685043b26 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.5.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDTKgRmqjQ0CJFipgRAjRcAKDV7Nalb4u00rWeG25Tfm/0Plc0HQCfYKUA 2LWSLF4Xu7XaLivCNsmzOvA= =8Q5N -END PGP
[Full-disclosure] MDKSA-2005:181 - Updated squid packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: squid Advisory ID:MDKSA-2005:181 Date: October 11th, 2005 Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0 __ Problem Description: Squid 2.5.9, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). The updated packages have been patched to address these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2917 __ Updated Packages: Mandrivalinux 10.1: 2159ad83fce0c0e07abec59e859173df 10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.i586.rpm c068938f3b353ac957c2781fdf3a668b 10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm Mandrivalinux 10.1/X86_64: 5d348dff4c6af7f6fadb7a082949a625 x86_64/10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.x86_64.rpm c068938f3b353ac957c2781fdf3a668b x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm Mandrivalinux 10.2: c720af4bcd25b1601a78a288207dcbef 10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.i586.rpm 05710a48508987ad1a3f8610befb3545 10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm Mandrivalinux 10.2/X86_64: 6652fcb5d9cb565d66e687ae8cd4621b x86_64/10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.x86_64.rpm 05710a48508987ad1a3f8610befb3545 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm Mandrivalinux 2006.0: b1f84290d8148feeb4243d8662842f1e 2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.i586.rpm 6c1db02fae65e9202b26ecbeb06600f3 2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.i586.rpm 66e697ada09d6727c0b1cce0b535519a 2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: f8d2a35075a4515961707d52a4e54795 x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.x86_64.rpm 7f21b2f3e03ee10535b6e6204bd90f66 x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.x86_64.rpm 66e697ada09d6727c0b1cce0b535519a x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm Multi Network Firewall 2.0: d50ee470ba3e48c31c1d9d182ceb94f4 mnf/2.0/RPMS/squid-2.5.STABLE9-1.4.M20mdk.i586.rpm 28c692f3fe6e26ec18e6f9c5df90247a mnf/2.0/SRPMS/squid-2.5.STABLE9-1.4.M20mdk.src.rpm Corporate Server 2.1: 28f055d1dac940a09bf8d75739640e47 corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.i586.rpm 1f673b3a7aad68b685463b96b8569157 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm Corporate Server 2.1/X86_64: d5d6450ca3c426b16a9c36b9b4030f6c x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.x86_64.rpm 1f673b3a7aad68b685463b96b8569157 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm Corporate 3.0: 5877b6bf476c146d95b78dc62908721a corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.i586.rpm 9ab3c4c41fb8bd2bdeb84f753e270bda corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm Corporate 3.0/X86_64: 0d71ddfef090edb5ed2d0166a688b7a4 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.x86_64.rpm 9ab3c4c41fb8bd2bdeb84f753e270bda x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDTKh5mqjQ0CJFipgRArdZAKDlrB2Rd3kuMYJhukvGlddk6otNOQCg1n0u q4X1pkfIEY9dUrOqLvya22M= =wGZ3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:176 - Updated webmin package fixes authentication bypass vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: webmin Advisory ID:MDKSA-2005:176 Date: October 7th, 2005 Affected versions: 2006.0 __ Problem Description: Miniserv.pl in Webmin 1.220, when full PAM conversations is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). The updated packages have been patched to correct this issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3042 __ Updated Packages: Mandrivalinux 2006.0: a848ccbf6344438775ec1304879aef4d 2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm bd414e303f86c49a7544a9b8bb99d4a9 2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: c9aa3f93679c4aa22d0d56843315bb13 x86_64/2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm bd414e303f86c49a7544a9b8bb99d4a9 x86_64/2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDRu44mqjQ0CJFipgRAq0/AKDpohB/8A32g5rFQWCa/0w807PaVwCcCLg6 u30kTpC0MGvRDwG6VyE/kSk= =6QWG -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:177 - Updated hylafax packages fix temporary file vulnerability
-2.1.20060mdk.src.rpm Corporate Server 2.1: e0e77173d66d6a0c31ffc84cd40a4253 corporate/2.1/RPMS/hylafax-4.1.3-5.3.C21mdk.i586.rpm 6f38a677c369b3a2110bd508a2a439e3 corporate/2.1/RPMS/hylafax-client-4.1.3-5.3.C21mdk.i586.rpm fce937eeb3257adefe370294bbb8516e corporate/2.1/RPMS/hylafax-server-4.1.3-5.3.C21mdk.i586.rpm bfe2fedab3fdbbb726995e4a6e4a93ac corporate/2.1/RPMS/libhylafax4.1.1-4.1.3-5.3.C21mdk.i586.rpm c4b2bb4b1ab084a2949a934978a33d7f corporate/2.1/RPMS/libhylafax4.1.1-devel-4.1.3-5.3.C21mdk.i586.rpm 763f4270d854d27b53c83c378bf81151 corporate/2.1/SRPMS/hylafax-4.1.3-5.3.C21mdk.src.rpm Corporate Server 2.1/X86_64: 213b760b160484b8e17e5da32f974048 x86_64/corporate/2.1/RPMS/hylafax-4.1.3-5.3.C21mdk.x86_64.rpm a4069af7c182c925844fcdcbad0b6ad6 x86_64/corporate/2.1/RPMS/hylafax-client-4.1.3-5.3.C21mdk.x86_64.rpm 840537452b7e5dcc83e36d72e5b9071f x86_64/corporate/2.1/RPMS/hylafax-server-4.1.3-5.3.C21mdk.x86_64.rpm 2897c385ffe1e5c5ee76d01114ad6bee x86_64/corporate/2.1/RPMS/libhylafax4.1.1-4.1.3-5.3.C21mdk.x86_64.rpm 674cef6c3e5b272e048218eb5e6ca8a2 x86_64/corporate/2.1/RPMS/libhylafax4.1.1-devel-4.1.3-5.3.C21mdk.x86_64.rpm 763f4270d854d27b53c83c378bf81151 x86_64/corporate/2.1/SRPMS/hylafax-4.1.3-5.3.C21mdk.src.rpm Corporate 3.0: 2d17a03f1ef3f420981fea8bf5ebc6ff corporate/3.0/RPMS/hylafax-4.1.8-2.3.C30mdk.i586.rpm ef93ab687c830d4699419eed55871c1d corporate/3.0/RPMS/hylafax-client-4.1.8-2.3.C30mdk.i586.rpm 8faf097e36be844cb3c8a4fcc7c75649 corporate/3.0/RPMS/hylafax-server-4.1.8-2.3.C30mdk.i586.rpm 3c90cd27d8ea5425c3ebc9e6ee492b18 corporate/3.0/RPMS/libhylafax4.1.1-4.1.8-2.3.C30mdk.i586.rpm c01ef9626e435416defde272371e87a9 corporate/3.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.3.C30mdk.i586.rpm 97e37c030a7cebe18b11f661f970d23e corporate/3.0/SRPMS/hylafax-4.1.8-2.3.C30mdk.src.rpm Corporate 3.0/X86_64: 1e12ff7fbbcf33edc62482e5335235ae x86_64/corporate/3.0/RPMS/hylafax-4.1.8-2.3.C30mdk.x86_64.rpm 7b519165eb5b6c1fd8f70abc822f44c8 x86_64/corporate/3.0/RPMS/hylafax-client-4.1.8-2.3.C30mdk.x86_64.rpm d83092b4fec23beec97c7fde051d9313 x86_64/corporate/3.0/RPMS/hylafax-server-4.1.8-2.3.C30mdk.x86_64.rpm caf5f33b0eb919237378a1a683d5a933 x86_64/corporate/3.0/RPMS/lib64hylafax4.1.1-4.1.8-2.3.C30mdk.x86_64.rpm 3a5b5836bb53c4ace02d15c1a13d0086 x86_64/corporate/3.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.3.C30mdk.x86_64.rpm 97e37c030a7cebe18b11f661f970d23e x86_64/corporate/3.0/SRPMS/hylafax-4.1.8-2.3.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDRvLhmqjQ0CJFipgRAlULAKCPLF3KhIe4r7m5A5xDmQNy7XovmACgxv5h HW+zpFscZoq4KyAycexh98k= =XtSc -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:172 - Updated openssh packages fix GSSAPI credentials vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: openssh Advisory ID:MDKSA-2005:172 Date: October 6th, 2005 Affected versions: 10.2 __ Problem Description: Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. GSSAPI is only enabled in versions of openssh shipped in LE2005 and greater. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2798 __ Updated Packages: Mandrivalinux 10.2: 5b16f3323d58303c290bf4b8c4e2a4b3 10.2/RPMS/openssh-3.9p1-9.1.102mdk.i586.rpm 2a7fca4e1c99008a53cb9498c1bd9840 10.2/RPMS/openssh-askpass-3.9p1-9.1.102mdk.i586.rpm 65f397d175fb638d0e73912a7e9faa7d 10.2/RPMS/openssh-askpass-gnome-3.9p1-9.1.102mdk.i586.rpm 2733baa7c0258da37920d66a7f1ee9d3 10.2/RPMS/openssh-clients-3.9p1-9.1.102mdk.i586.rpm a93cd3020e41bd6b25c3fa57ca8586f8 10.2/RPMS/openssh-server-3.9p1-9.1.102mdk.i586.rpm f90cfc307f313e14ddd919fc729f1984 10.2/SRPMS/openssh-3.9p1-9.1.102mdk.src.rpm Mandrivalinux 10.2/X86_64: 545f0245578cee586f2ded4b3616061a x86_64/10.2/RPMS/openssh-3.9p1-9.1.102mdk.x86_64.rpm 98962ab477d7cc19338d04acdb462ec1 x86_64/10.2/RPMS/openssh-askpass-3.9p1-9.1.102mdk.x86_64.rpm 0935a8dd00cdb2604e6fd37a6913cb91 x86_64/10.2/RPMS/openssh-askpass-gnome-3.9p1-9.1.102mdk.x86_64.rpm 7c124895fc7fad47d1e88ee3ebe91daf x86_64/10.2/RPMS/openssh-clients-3.9p1-9.1.102mdk.x86_64.rpm 27bc59e934f3d196470611cc4e9dd430 x86_64/10.2/RPMS/openssh-server-3.9p1-9.1.102mdk.x86_64.rpm f90cfc307f313e14ddd919fc729f1984 x86_64/10.2/SRPMS/openssh-3.9p1-9.1.102mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDReVGmqjQ0CJFipgRAgi7AJoDZK/7jx9vTmuREYGwbuuHWPZBpgCeM6Nu tKt935OPASf8jkciIGK6c2w= =ekrb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:174 - Updated mozilla-thunderbird packages fix multiple vulnerabilities
2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.i586.rpm 141909e4e4676c0c8a5525a3e3eb921d 2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.i586.rpm b1db5880eb9ac8792a2f25e547343607 2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: b7e7527e98969ff677e2caf013a84ab7 x86_64/2006.0/RPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.x86_64.rpm 87ca5eace6c6823cda7efac54ffe5945 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmail-1.0.6-7.1.20060mdk.x86_64.rpm 8305e439803991791ca1aff020877274 x86_64/2006.0/RPMS/mozilla-thunderbird-enigmime-1.0.6-7.1.20060mdk.x86_64.rpm b1db5880eb9ac8792a2f25e547343607 x86_64/2006.0/SRPMS/mozilla-thunderbird-1.0.6-7.1.20060mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDReYYmqjQ0CJFipgRAsG2AKDxrB+hRoWVefE3oWKpF24qKNxSFQCg3VPa tPD5MxLMdKTSnycrbjE3h4A= =1IuT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities
/kernel-2.6.3.28mdk-1-1mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD4DBQFDQYqfmqjQ0CJFipgRAtX1AJdFRzM+/cDxTBJOqggaWYJRnx7qAJ9X2Vj+ /YNgKCYAG4fmgHqcRWxRcQ== =CaUY -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:165 - Updated cups packages fix vulnerability
. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDMDt0mqjQ0CJFipgRAvtJAKC6udC6bEZqfHCT/noECHqUCQ8k/gCfV2jb Cjs7UW5/MI0n/H3/xewhT58= =A8ev -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:166 - Updated clamv packages fix vulnerabilities
/corporate/3.0/SRPMS/clamav-0.87-0.1.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDMMjFmqjQ0CJFipgRAi4mAKDi+IhpoZJipa7FHsDsjLS7AmbR+QCgivM1 H8i2PXchCVYAqWKnsG4ADSY= =8Yn2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:167 - Updated util-linux packages fix umount vulnerability
corporate/3.0/SRPMS/util-linux-2.12-2.1.C30mdk.src.rpm Corporate 3.0/X86_64: 3d96c512a6eaf548bef73c7fc3db5012 x86_64/corporate/3.0/RPMS/losetup-2.12-2.1.C30mdk.x86_64.rpm 21d37d4ebb7943cf412a3bb423808fc5 x86_64/corporate/3.0/RPMS/mount-2.12-2.1.C30mdk.x86_64.rpm 75fa21eea372a790a6f1c3a8a120cb7e x86_64/corporate/3.0/RPMS/util-linux-2.12-2.1.C30mdk.x86_64.rpm 28f6b881c65662695c84ac100ea9d012 x86_64/corporate/3.0/SRPMS/util-linux-2.12-2.1.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDMMknmqjQ0CJFipgRApl5AJ0V55xXLK1r3ouZPPIUb8A60mkI7wCgtSbn J05gUpwFuw1ODdAHxOyfYo4= =smMW -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:168 - Updated masqmail packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: masqmail Advisory ID:MDKSA-2005:168 Date: September 20th, 2005 Affected versions: Multi Network Firewall 2.0 __ Problem Description: Jens Steube discovered two vulnerabilities in masqmail: When sending failed mail messages, the address was not properly sanitized which could allow a local attacker to execute arbitrary commands as the mail user (CAN-2005-2662). When opening the log file, masqmail did not relinquish privileges, which could allow a local attacker to overwrite arbitrary files via a symlink attack (CAN-2005-2663). The updated packages have been patched to address these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2663 __ Updated Packages: Multi Network Firewall 2.0: 368d7259f0d1663f24ab0d96ef316520 mnf/2.0/RPMS/masqmail-0.2.18-3.1.M20mdk.i586.rpm 53c6095a108ea52147909091b262517f mnf/2.0/SRPMS/masqmail-0.2.18-3.1.M20mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDMMmGmqjQ0CJFipgRApDXAJwIW99lzHviDg5Obc+gI6a0Me8vCACfUojK iLPXki02usAIVZJBAVGsJgM= =4ieO -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:138-1 - Updated cups packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: cups Advisory ID:MDKSA-2005:138-1 Date: September 19th, 2005 Original Advisory Date: August 11th, 2005 Affected versions: 10.1 __ Problem Description: A vulnerability was discovered in the CUPS printing package where when processing a PDF file, bounds checking was not correctly performed on some fields. As a result, this could cause the pdtops filter to crash. Update: The patch to correct this problem was not properly applied to the Mandriva 10.1 packages. This update properly patches the packages. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 __ Updated Packages: Mandrakelinux 10.1: 29de9c1bdc9c9f3a3b410f4ca28b1fb2 10.1/RPMS/cups-1.1.21-0.rc1.7.7.101mdk.i586.rpm 9a6d74c99272dbf90868c1053499c0da 10.1/RPMS/cups-common-1.1.21-0.rc1.7.7.101mdk.i586.rpm cef4a3e8fc30d6b7656c1edf71c7b40e 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.7.101mdk.i586.rpm e6dd9484b3656447f6e89906081a88d2 10.1/RPMS/libcups2-1.1.21-0.rc1.7.7.101mdk.i586.rpm 91e2fbf59ba9902d02fc2ca1ab834b5e 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.7.101mdk.i586.rpm 4bddcc3a18cbbd4d373d4e812c84e8a5 10.1/SRPMS/cups-1.1.21-0.rc1.7.7.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 680cba4f70d11a3c3d9bba59991ae11f x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm 023b15027bf8e4bad718812e5cf582cf x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm faeeea5056c23e7f9689affe703f47c0 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm 91cb33683bfe1e13d590a6a4c9834b5e x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm c8d6a05f2fa39aff581224d5f53417ae x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm e6dd9484b3656447f6e89906081a88d2 x86_64/10.1/RPMS/libcups2-1.1.21-0.rc1.7.7.101mdk.i586.rpm 4bddcc3a18cbbd4d373d4e812c84e8a5 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.7.101mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDL1fPmqjQ0CJFipgRApexAJ40ISBicb2Jk/CKZZOOSA0cvFS6cwCg8Jwu BnqrzDuwEiAFAROgAVwddl4= =ZpuR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:164 - Updated XFree86/x.org packages fix vulnerability
.C30mdk.x86_64.rpm 3affb3ed2011df03e58142733f9bdfc4 x86_64/corporate/3.0/RPMS/XFree86-4.3-32.5.C30mdk.x86_64.rpm 0ba38ff1f92261c51f5498238870996e x86_64/corporate/3.0/RPMS/XFree86-75dpi-fonts-4.3-32.5.C30mdk.x86_64.rpm da26a29d00921e476cf816141980f28f x86_64/corporate/3.0/RPMS/XFree86-Xnest-4.3-32.5.C30mdk.x86_64.rpm 7d65065bd3d98af49bf3992d5db8812f x86_64/corporate/3.0/RPMS/XFree86-Xvfb-4.3-32.5.C30mdk.x86_64.rpm dbb3bbcf4d8bfead1d5aa1cf25d3189c x86_64/corporate/3.0/RPMS/XFree86-server-4.3-32.5.C30mdk.x86_64.rpm 72c560f4fd536ba44cc19b36a6660773 x86_64/corporate/3.0/RPMS/XFree86-xfs-4.3-32.5.C30mdk.x86_64.rpm 2c84c0d863d2eb49b6057dc0674cad62 x86_64/corporate/3.0/SRPMS/XFree86-4.3-32.5.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDJ8RcmqjQ0CJFipgRApJDAJwIetmgEJzHC/8KkfehKvGorIn3ogCeLKwe E+q3x6fFrGpgG85XjcwJ3ME= =gtqT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:162 - Updated squid packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: squid Advisory ID:MDKSA-2005:162 Date: September 12th, 2005 Affected versions: 10.1, 10.2, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0 __ Problem Description: Two vulnerabilities were recently discovered in squid: The first is a DoS possible via certain aborted requests that trigger an assertion error related to STOP_PENDING (CAN-2005-2794). The second is a DoS caused by certain crafted requests and SSL timeouts (CAN-2005-2796). The updated packages have been patched to address these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796 __ Updated Packages: Mandrakelinux 10.1: fc6ae27559810d7cb00916683bb96091 10.1/RPMS/squid-2.5.STABLE9-1.3.101mdk.i586.rpm 4c76043826e02d944f752fa5b65df065 10.1/SRPMS/squid-2.5.STABLE9-1.3.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 27e142d3fe10a00f53e1b81908623c9d x86_64/10.1/RPMS/squid-2.5.STABLE9-1.3.101mdk.x86_64.rpm 4c76043826e02d944f752fa5b65df065 x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.3.101mdk.src.rpm Mandrakelinux 10.2: 1f1cd358e0c3d5f299310cc0c978bfcc 10.2/RPMS/squid-2.5.STABLE9-1.3.102mdk.i586.rpm fac7af713eab60a0162f1f9db6db59a9 10.2/SRPMS/squid-2.5.STABLE9-1.3.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 961517306d7678b0f708f24d79431246 x86_64/10.2/RPMS/squid-2.5.STABLE9-1.3.102mdk.x86_64.rpm fac7af713eab60a0162f1f9db6db59a9 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.3.102mdk.src.rpm Multi Network Firewall 2.0: 2ce290ea1cd8daa631bb5e7adcde4bc2 mnf/2.0/RPMS/squid-2.5.STABLE9-1.3.M20mdk.i586.rpm 46b958e5ef7c7ead62bb216ea474ae5b mnf/2.0/SRPMS/squid-2.5.STABLE9-1.3.M20mdk.src.rpm Corporate Server 2.1: 3d77f46d83d5f4059801d5cef8619cd0 corporate/2.1/RPMS/squid-2.4.STABLE7-2.8.C21mdk.i586.rpm 86621b440fd1545b3de520d812a2ad84 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.8.C21mdk.src.rpm Corporate Server 2.1/X86_64: a7e76046c6cbdf2096ee0981b873a684 x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.8.C21mdk.x86_64.rpm 86621b440fd1545b3de520d812a2ad84 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.8.C21mdk.src.rpm Corporate 3.0: e25ada5ae035fcc193afe90b5b977588 corporate/3.0/RPMS/squid-2.5.STABLE9-1.3.C30mdk.i586.rpm f47e0db9289695e0d1ac8ca80ed4d5a1 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.3.C30mdk.src.rpm Corporate 3.0/X86_64: 75553a5ca63867a16bfbb8d58621e328 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.3.C30mdk.x86_64.rpm f47e0db9289695e0d1ac8ca80ed4d5a1 x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.3.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDJmwNmqjQ0CJFipgRAopxAJ9oq3Kxmclch173mRHahrAxSi048gCgoUuY Uvnav2q4Ib6qbfdDJ4LVyto= =1NpH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:161 - Updated apache2 packages to address multiple vulnerabilities
/corporate/3.0/RPMS/apache2-modules-2.0.48-6.11.C30mdk.x86_64.rpm f1f046407392a27a740a5a63270b0ed3 x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.11.C30mdk.x86_64.rpm d9878cfe7baf397d8380155859a44f94 x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.11.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDIJLkmqjQ0CJFipgRAkBjAKDtyVdb8XvLgewd//Fuo4pakvM47QCg1Z9f kc38SoVUAbx1Bks6HJIPtFE= =LTDR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:156 - Updated ntp packages fix small security-related issue.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: ntp Advisory ID:MDKSA-2005:156 Date: September 6th, 2005 Affected versions: 10.2 __ Problem Description: When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2496 __ Updated Packages: Mandrakelinux 10.2: f8c40868f356423814da1ed1c96fa467 10.2/RPMS/ntp-4.2.0-18.1.102mdk.i586.rpm bbfded59532b51fb226f4a1d770b17ad 10.2/RPMS/ntp-client-4.2.0-18.1.102mdk.i586.rpm fa12c82a51e78230bedfb1b60bfd2076 10.2/SRPMS/ntp-4.2.0-18.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 11d77745e05f559a9e3fa1beb2b19187 x86_64/10.2/RPMS/ntp-4.2.0-18.1.102mdk.x86_64.rpm c64b3db1d415c80e76fab18066ef05ef x86_64/10.2/RPMS/ntp-client-4.2.0-18.1.102mdk.x86_64.rpm fa12c82a51e78230bedfb1b60bfd2076 x86_64/10.2/SRPMS/ntp-4.2.0-18.1.102mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDHi/lmqjQ0CJFipgRAm4fAJ4my6q6rPk6yZRlZ/vmmvQ3forMlQCgp6m8 GDByBPfVvou7Yw7BDqEJD48= =HKXB -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:157 - Updated smb4k packages fix vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: smb4k Advisory ID:MDKSA-2005:157 Date: September 6th, 2005 Affected versions: 10.1, 10.2 __ Problem Description: A severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/super.tab being a symlink to FILE. Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K. The updated packages have been patched to correct this problem. ___ References: http://smb4k.berlios.de __ Updated Packages: Mandrakelinux 10.1: dd4471a3de6feb035637f15dd75d8d56 10.1/RPMS/smb4k-0.4.0-3.1.101mdk.i586.rpm d56d014b32bf1ec767fc018f0e40c245 10.1/SRPMS/smb4k-0.4.0-3.1.101mdk.src.rpm Mandrakelinux 10.2: a1fd04d53c4c32d69f74bf17a255c250 10.2/RPMS/smb4k-0.5.1-1.1.102mdk.i586.rpm 30d1745f5dafea4c2d12c7b6a7c09526 10.2/SRPMS/smb4k-0.5.1-1.1.102mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDHjBumqjQ0CJFipgRAk6nAJ9lLZZfz5V94G5hrFoXykPhnEApqQCg42LN oIBjiPeXR1fx2HmsY3mGD2w= =H49x -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:159 - Updated kdeedu packages fix tempfile vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: kdeedu Advisory ID:MDKSA-2005:159 Date: September 6th, 2005 Affected versions: 10.1, 10.2 __ Problem Description: Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fernández-Sanguino Peña. The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user (manually) invoking the conversion script. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2101 http://www.kde.org/info/security/advisory-20050815-1.txt __ Updated Packages: Mandrakelinux 10.1: 22f08da9f14236b97f67c5976eda26d8 10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.i586.rpm da6b340e1110607e71c3997030e6ff52 10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm 895a59f03e50cfa3976a4b023e6f944d 10.1/RPMS/libkdeedu1-devel-3.2.3-7.1.101mdk.i586.rpm fab7de15f23ba02676b302e9b9f4606f 10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: e689e0327fe6656afe4427dbde6531b4 x86_64/10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.x86_64.rpm 737170e6d672711c36cb2b2e83243172 x86_64/10.1/RPMS/lib64kdeedu1-3.2.3-7.1.101mdk.x86_64.rpm de170bee8d5bbf97b5d0159865e6414f x86_64/10.1/RPMS/lib64kdeedu1-devel-3.2.3-7.1.101mdk.x86_64.rpm da6b340e1110607e71c3997030e6ff52 x86_64/10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm fab7de15f23ba02676b302e9b9f4606f x86_64/10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm Mandrakelinux 10.2: 04f206d950e469d65fa244fabf3607e1 10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.i586.rpm 1d62bb60fb8e272e8ae9aa7ec4476631 10.2/RPMS/libkdeedu1-3.3.2-9.1.102mdk.i586.rpm d268b14834e1b89e55630bc33d26df15 10.2/RPMS/libkdeedu1-devel-3.3.2-9.1.102mdk.i586.rpm ab09fc314b45a9ab535b0ec9dcf848a0 10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 9d2ae377f8c640ec006a3de8f7773a5a x86_64/10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.x86_64.rpm 54c81580deb3f2b06944046334759ce3 x86_64/10.2/RPMS/lib64kdeedu1-3.3.2-9.1.102mdk.x86_64.rpm d200247c5318c421ded410f0c80e1f4c x86_64/10.2/RPMS/lib64kdeedu1-devel-3.3.2-9.1.102mdk.x86_64.rpm ab09fc314b45a9ab535b0ec9dcf848a0 x86_64/10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDHmKWmqjQ0CJFipgRAo6cAJ0cy86w1K8QsXRKPHll+L7yUkIhZgCglNSK oLKFVwNPXfUQZodkiSlohS8= =udO9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerability
65c533e7edca8091e398e5632bdc0a4f corporate/3.0/RPMS/kdebase-progs-3.2-79.15.C30mdk.i586.rpm 24f93afd0d620488555d0d4f0a141d95 corporate/3.0/RPMS/libkdebase4-3.2-79.15.C30mdk.i586.rpm 66465a760c0c47f41ae01151ff58e9ff corporate/3.0/RPMS/libkdebase4-kate-3.2-79.15.C30mdk.i586.rpm 5a4e2d25ad889c6d2d7ef54f2b6328d9 corporate/3.0/RPMS/libkdebase4-kmenuedit-3.2-79.15.C30mdk.i586.rpm 1d14512ed592fe30afc82478738224f7 corporate/3.0/RPMS/libkdebase4-konsole-3.2-79.15.C30mdk.i586.rpm 64f65eb5d0a37a2cedb127a6fb791156 corporate/3.0/RPMS/libkdebase4-nsplugins-3.2-79.15.C30mdk.i586.rpm f4009c97636ea98bee4a8c0e59d4deff corporate/3.0/SRPMS/kdebase-3.2-79.15.C30mdk.src.rpm Corporate 3.0/X86_64: 765b9e68c3f33a9bdee7614a3763c08b x86_64/corporate/3.0/RPMS/kdebase-3.2-79.15.C30mdk.x86_64.rpm 8209c85a7d1ff5b5671da87da35e284f x86_64/corporate/3.0/RPMS/kdebase-common-3.2-79.15.C30mdk.x86_64.rpm 108339dbdd9f77a3970dfe4d69fefd2c x86_64/corporate/3.0/RPMS/kdebase-kate-3.2-79.15.C30mdk.x86_64.rpm ba0c970fd675e1cbe8a9a7f04d1b9654 x86_64/corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.15.C30mdk.x86_64.rpm 1e86eb77ceb9ba139aaf63fad755f18c x86_64/corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.15.C30mdk.x86_64.rpm 4f118f3483d2edb8ffc999f9643dfe22 x86_64/corporate/3.0/RPMS/kdebase-kdm-3.2-79.15.C30mdk.x86_64.rpm 0cab09bb2a12aeb3167eeafa8edf21fa x86_64/corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.15.C30mdk.x86_64.rpm 253479b917bab26432f972283dab4959 x86_64/corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.15.C30mdk.x86_64.rpm 747401c57ca0ba41c58255efffae1f0b x86_64/corporate/3.0/RPMS/kdebase-konsole-3.2-79.15.C30mdk.x86_64.rpm 2b9012cad5af77f1dbb3b40a2f4f49cf x86_64/corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.15.C30mdk.x86_64.rpm 7635c3c9b477579a7d08734b638d3da2 x86_64/corporate/3.0/RPMS/kdebase-progs-3.2-79.15.C30mdk.x86_64.rpm b78dc26632d1fb48d63e062b0369e83e x86_64/corporate/3.0/RPMS/lib64kdebase4-3.2-79.15.C30mdk.x86_64.rpm 249473e7032d316eb6c6e46dd14d72ea x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-3.2-79.15.C30mdk.x86_64.rpm 6aa270ce944bc6a65a58b8503abdf82d x86_64/corporate/3.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.15.C30mdk.x86_64.rpm ca68112054d1b9f43edfca85837ce946 x86_64/corporate/3.0/RPMS/lib64kdebase4-konsole-3.2-79.15.C30mdk.x86_64.rpm a74132dd02854d83c4079554b1e24adc x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-3.2-79.15.C30mdk.x86_64.rpm f4009c97636ea98bee4a8c0e59d4deff x86_64/corporate/3.0/SRPMS/kdebase-3.2-79.15.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDHmL/mqjQ0CJFipgRAqNuAKCuNsRQrtNvVyEJz2Sk9h3Zscuh1wCfWFbI kNL0wKiOW06YZS+6Sq+YnrQ= =8611 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:155 - Updated apache2 packages fix integer overflow vulnerability
-2.0.48-6.10.M20mdk.i586.rpm e8497128965023773b924dd5184c117e mnf/2.0/RPMS/apache2-modules-2.0.48-6.10.M20mdk.i586.rpm f76df0da42e2e53066dcc7e2c155efa6 mnf/2.0/RPMS/libapr0-2.0.48-6.10.M20mdk.i586.rpm cd715c544eef0a8fcc5679e5d99bf367 mnf/2.0/SRPMS/apache2-2.0.48-6.10.M20mdk.src.rpm Corporate 3.0: 948e7fd54b52dd426feeef80851a92a3 corporate/3.0/RPMS/apache2-2.0.48-6.10.C30mdk.i586.rpm 00035b7b4a06cd0b0eab2c9f7c77ad08 corporate/3.0/RPMS/apache2-common-2.0.48-6.10.C30mdk.i586.rpm 697959b3821dfb4269364fbfeab1fca6 corporate/3.0/RPMS/apache2-manual-2.0.48-6.10.C30mdk.i586.rpm 5117e0e63770b39125ba5d1daed9a73b corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.10.C30mdk.i586.rpm e94b4e2d3a554c70917442aef200a492 corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.10.C30mdk.i586.rpm 88ac11a73700157d43c8997333e905a2 corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.10.C30mdk.i586.rpm 4192805bccf577c7358ae6635af5e534 corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.10.C30mdk.i586.rpm bb4cf932da2eb9602e715faa934767a9 corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.10.C30mdk.i586.rpm 0079565a79878ba35b704e4276860e5a corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.10.C30mdk.i586.rpm 6b9c6a04b228369dff41e18636318202 corporate/3.0/RPMS/apache2-modules-2.0.48-6.10.C30mdk.i586.rpm 1ce5739d3bb178e57b7e2d0cfe13eb7b corporate/3.0/RPMS/libapr0-2.0.48-6.10.C30mdk.i586.rpm eaca583e9f7ac8ac977055f72ef0ec8d corporate/3.0/SRPMS/apache2-2.0.48-6.10.C30mdk.src.rpm Corporate 3.0/X86_64: abdd3378c0c6637864bf17d99940a2e1 x86_64/corporate/3.0/RPMS/apache2-2.0.48-6.10.C30mdk.x86_64.rpm 7b0da940e23e91b4a2a88bdd9c49b023 x86_64/corporate/3.0/RPMS/apache2-common-2.0.48-6.10.C30mdk.x86_64.rpm ba3ec5e6b91f34dd663454f47a063fbc x86_64/corporate/3.0/RPMS/apache2-manual-2.0.48-6.10.C30mdk.x86_64.rpm 74718f83dcae78613638098ea9228f4b x86_64/corporate/3.0/RPMS/apache2-mod_cache-2.0.48-6.10.C30mdk.x86_64.rpm 3457b4a346899d2e83aaa6b16175bdc4 x86_64/corporate/3.0/RPMS/apache2-mod_dav-2.0.48-6.10.C30mdk.x86_64.rpm f5f35188da9a02797dff8363b1b111f5 x86_64/corporate/3.0/RPMS/apache2-mod_disk_cache-2.0.48-6.10.C30mdk.x86_64.rpm 7d0e9ce91f83cd14410634b7896d945c x86_64/corporate/3.0/RPMS/apache2-mod_ldap-2.0.48-6.10.C30mdk.x86_64.rpm 75e816d1d0d9b34f47067732ca70fd76 x86_64/corporate/3.0/RPMS/apache2-mod_proxy-2.0.48-6.10.C30mdk.x86_64.rpm 428a10d1da9e7450350987d069ab52b8 x86_64/corporate/3.0/RPMS/apache2-mod_ssl-2.0.48-6.10.C30mdk.x86_64.rpm 7da21cde4fd9e8aebde63cfb1dc58439 x86_64/corporate/3.0/RPMS/apache2-modules-2.0.48-6.10.C30mdk.x86_64.rpm 2e0f026f8d6714f68f0c46670142a1e3 x86_64/corporate/3.0/RPMS/lib64apr0-2.0.48-6.10.C30mdk.x86_64.rpm eaca583e9f7ac8ac977055f72ef0ec8d x86_64/corporate/3.0/SRPMS/apache2-2.0.48-6.10.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDE5u5mqjQ0CJFipgRAlmrAKDU1vSR5kkH2lvkIG8sZQI9ke86hgCeKfiG FmVlkbTXGPG1HfDEtSGSYcs= =ECBd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:150 - Updated bluez-utils packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: bluez-utils Advisory ID:MDKSA-2005:150 Date: August 25th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0 __ Problem Description: A vulnerability in bluez-utils was discovered by Henryk Plotz. Due to missing input sanitizing, it was possible for an attacker to execute arbitrary commands supplied as a device name from the remote bluetooth device. The updated packages have been patched to correct this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547 __ Updated Packages: Mandrakelinux 10.0: a363e2012cbf365604147ea094d48e51 10.0/RPMS/bluez-utils-2.4-4.1.100mdk.i586.rpm b9836323e7edaefa139dbf803ed5b11a 10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 0c14d3c62ccbb9c53f88f41129883226 amd64/10.0/RPMS/bluez-utils-2.4-4.1.100mdk.amd64.rpm b9836323e7edaefa139dbf803ed5b11a amd64/10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm Mandrakelinux 10.1: ae95bbad5bb67d20a6d209500c729062 10.1/RPMS/bluez-utils-2.10-3.1.101mdk.i586.rpm 15c9d82af6f029699f5f17901277b4f5 10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.i586.rpm e612f6d35745cba68c362003a4c163e4 10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: c63fc9b66c8a6886602fcc34dcc82f0b x86_64/10.1/RPMS/bluez-utils-2.10-3.1.101mdk.x86_64.rpm d27d581f66ed0f4d23ad627f836e86f1 x86_64/10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.x86_64.rpm e612f6d35745cba68c362003a4c163e4 x86_64/10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm Mandrakelinux 10.2: f909df9003986b72b21a95044298ddba 10.2/RPMS/bluez-utils-2.14-1.1.102mdk.i586.rpm c3a06b22a142cb1a5b3f9d07e7acc65f 10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.i586.rpm c8e48eedc86d6f3dc5e1aa97d4b819fd 10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 1dccad3836e309b8046d677eccc96cc5 x86_64/10.2/RPMS/bluez-utils-2.14-1.1.102mdk.x86_64.rpm 76ace2f605fccfb1570c3f74d6c1a5ef x86_64/10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.x86_64.rpm c8e48eedc86d6f3dc5e1aa97d4b819fd x86_64/10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm Corporate 3.0: e9db54c7ed37293e88f9a6a296ef5aa2 corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.i586.rpm 68ecbc8a999f219d5613b5ddc3aed4df corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm Corporate 3.0/X86_64: 6cd0acb52a764d5ed594b616c0947db4 x86_64/corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.x86_64.rpm 68ecbc8a999f219d5613b5ddc3aed4df x86_64/corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDDkoGmqjQ0CJFipgRAnlNAKCF87ZavpMhfLYGibRLgs4xgSEheQCg6j8f OVri7gtCTXz7Kn58ruNfTEI= =BEvC -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:151 - Updated pcre packages fix integer overflow vulnerability
bc0dae706980d75df70c6080cb1968a4 x86_64/corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.x86_64.rpm e9f3f1d4a19b0396481871aa0c398c16 x86_64/corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDDkpnmqjQ0CJFipgRAu+AAJ4rpwF57tztJVaEmZcskC8xc1QhoQCfaFCK Co3E1meGMO7bWPtcuVYDSi4= =JArc -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:152 - Updated php packages fix integer overflow vulnerability
.C21mdk.x86_64.rpm 8eed243db07e3b87186598d050dcee8b x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.x86_64.rpm 839e1b9811714d35ce87b6d7bdd4a326 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.x86_64.rpm 0b15baacbb3243b46143fd041a8dd8f4 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm Corporate 3.0: 0058c2f1310f1d9d96699565d285a9f2 corporate/3.0/RPMS/libphp_common432-4.3.4-4.6.C30mdk.i586.rpm 6d8a5bad11aa6891a21ed9ad3da4dc45 corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.i586.rpm 12c74a0af4df6572420c5ba18881cc3c corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.i586.rpm e1e8b213071496d8bcd20d8c54288b4a corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.i586.rpm d29855cc6df3d29b38eba206acf7c1d2 corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm Corporate 3.0/X86_64: de5bbf1a212dda1610ba9cb39429ee03 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.6.C30mdk.x86_64.rpm bb62cee7751251be364cb9a42467066b x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.x86_64.rpm 28a83cd6fdf175ea0e7f0907b708acd4 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.x86_64.rpm 91d3df83d21e58d339ac5f84e97b7386 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.x86_64.rpm d29855cc6df3d29b38eba206acf7c1d2 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDDkrImqjQ0CJFipgRAmZsAJwPg2M9yYquQzxTwFsfTR/zeDpRjwCfU/25 0iO114SDZxGvdjZiNj6oj3k= =M1FP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:145 - Updated openvpn packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: openvpn Advisory ID:MDKSA-2005:145 Date: August 22nd, 2005 Affected versions: Multi Network Firewall 2.0 __ Problem Description: A number of vulnerabilities were discovered in OpenVPN that were fixed in the 2.0.1 release: A DoS attack against the server when run with verb 0 and without tls-auth when a client connection to the server fails certificate verification, the OpenSSL error queue is not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client (CAN-2005-2531). A DoS attack against the server by an authenticated client that sends a packet which fails to decrypt on the server, the OpenSSL error queue was not properly flushed. This could result in another unrelated client instance on the server seeing the error and responding to it, resulting in a disconnection of the unrelated client (CAN-2005-2532). A DoS attack against the server by an authenticated client is possible in dev tap ethernet bridging mode where a malicious client could theoretically flood the server with packets appearing to come from hundreds of thousands of different MAC addresses, resulting in the OpenVPN process exhausting system virtual memory (CAN-2005-2533). If two or more client machines tried to connect to the server at the same time via TCP, using the same client certificate, a race condition could crash the server if --duplicate-cn is not enabled on the server (CAN-2005-2534). This update provides OpenVPN 2.0.1 which corrects these issues as well as a number of other bugs. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2531 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2532 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2533 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2534 __ Updated Packages: Multi Network Firewall 2.0: 20daf4b6f9dbc1c53f3b4f4d375262d4 mnf/2.0/RPMS/openvpn-2.0.1-0.1.M20mdk.i586.rpm a92bbc0c8285fecfbe3f439d18a62580 mnf/2.0/SRPMS/openvpn-2.0.1-0.1.M20mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDCnF2mqjQ0CJFipgRAncMAJ9HH4kwuZzIMOYfijt1PO9Q2K7ZVQCg70j+ r9EN5k2ZS+HuS3TwSzt1yaA= =OHbk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:146 - Updated php-pear packages fix more PEAR XML-RPC vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: php-pear Advisory ID:MDKSA-2005:146 Date: August 22nd, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0 __ Problem Description: A problem was discovered in the PEAR XML-RPC Server package included in the php-pear package. If a PHP script which implements the XML-RPC Server is used, it would be possible for a remote attacker to construct an XML-RPC request which would cause PHP to execute arbitrary commands as the 'apache' user. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498 __ Updated Packages: Mandrakelinux 10.0: ad5790382b19a06f31d341d7eba05fb6 10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm 7d41047a2fb997725773ae9dccd76ff9 10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: ad5790382b19a06f31d341d7eba05fb6 amd64/10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm 7d41047a2fb997725773ae9dccd76ff9 amd64/10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm Mandrakelinux 10.1: 3c0b4ed15139d42df9be6ed177a571d6 10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm ffd4b96fe8e05b7246eccd881563229d 10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 3c0b4ed15139d42df9be6ed177a571d6 x86_64/10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm ffd4b96fe8e05b7246eccd881563229d x86_64/10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm Mandrakelinux 10.2: 484af9862c08f5fdec98007d74fdcf8c 10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm 28e358ce40a0561251ba34d909a7c617 10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 484af9862c08f5fdec98007d74fdcf8c x86_64/10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm 28e358ce40a0561251ba34d909a7c617 x86_64/10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm Corporate 3.0: 4f1eede09f0e47209b13e7c8168bcb79 corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm e5e1fa37415a8761c2b25799ef8fffb5 corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm Corporate 3.0/X86_64: 4f1eede09f0e47209b13e7c8168bcb79 x86_64/corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm e5e1fa37415a8761c2b25799ef8fffb5 x86_64/corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDCnHYmqjQ0CJFipgRAp+VAKDW9kEg9S9oQ8msSkqy2lDZ0ufSvwCgwO2g 3cyMki9MOeXvAD6wNsY8AN4= =ZKfT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:147 - Updated slocate packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: slocate Advisory ID:MDKSA-2005:147 Date: August 22nd, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 __ Problem Description: A bug was discovered in the way that slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its filesystem scan, resulting in an incomplete database. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2499 __ Updated Packages: Mandrakelinux 10.0: 8b492b8674dcd11652f28b267f314f89 10.0/RPMS/slocate-2.7-4.1.100mdk.i586.rpm 752863ae586d26b93bc4833967d4c5cd 10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: abd885edd206419961702efee3b76f16 amd64/10.0/RPMS/slocate-2.7-4.1.100mdk.amd64.rpm 752863ae586d26b93bc4833967d4c5cd amd64/10.0/SRPMS/slocate-2.7-4.1.100mdk.src.rpm Mandrakelinux 10.1: c5eb5da64a9500f2917467380ec2016b 10.1/RPMS/slocate-2.7-4.1.101mdk.i586.rpm 734eb05ad18bd9c4955a29574b2bebd0 10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 2d7791f13424975932551dc9e83bfceb x86_64/10.1/RPMS/slocate-2.7-4.1.101mdk.x86_64.rpm 734eb05ad18bd9c4955a29574b2bebd0 x86_64/10.1/SRPMS/slocate-2.7-4.1.101mdk.src.rpm Mandrakelinux 10.2: fd8bf38e59bb05eea611de5b2ae70255 10.2/RPMS/slocate-2.7-4.1.102mdk.i586.rpm 37c7654356b72327dd028e2ce3b1e9f0 10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 8344b2bece3dca3cac1d3afbe5774936 x86_64/10.2/RPMS/slocate-2.7-4.1.102mdk.x86_64.rpm 37c7654356b72327dd028e2ce3b1e9f0 x86_64/10.2/SRPMS/slocate-2.7-4.1.102mdk.src.rpm Corporate Server 2.1: 57e13aee8eb5547443b1d6df1897a5a4 corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.i586.rpm e827615678546ce552ddea3784ea7651 corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm Corporate Server 2.1/X86_64: be3dab7dac13c4a873296f9f81d8c893 x86_64/corporate/2.1/RPMS/slocate-2.7-2.2.C21mdk.x86_64.rpm e827615678546ce552ddea3784ea7651 x86_64/corporate/2.1/SRPMS/slocate-2.7-2.2.C21mdk.src.rpm Corporate 3.0: 6410921b0027b5fbfd6357934eb8283e corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.i586.rpm cfd5b24994f7c16a10e0fbafd86f8e47 corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm Corporate 3.0/X86_64: 0cfb14d70b0fd89f49e5ed9b42d98782 x86_64/corporate/3.0/RPMS/slocate-2.7-4.1.C30mdk.x86_64.rpm cfd5b24994f7c16a10e0fbafd86f8e47 x86_64/corporate/3.0/SRPMS/slocate-2.7-4.1.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDCnI3mqjQ0CJFipgRAn6tAJ9kpzfcxtinuFWwFWaRBM2eKMKk8ACePKVp +9rx3np+kcbkXnUFnZu72pI= =cxE3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MDKSA-2005:148 - Updated vim packages fix vulnerability
944de1a2b8348726c6fbe3bc5c7eb719 x86_64/corporate/2.1/SRPMS/vim-6.1-34.5.C21mdk.src.rpm Corporate 3.0: f9487b4995c1f64b176feec5e93775cb corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.i586.rpm 3d33b7f4c3685c1874b2ca6150b9bf1a corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.i586.rpm 9cb2997766630fed03f1da93a874e662 corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.i586.rpm c98990ae777f2d6a16f259412e61b6be corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.i586.rpm 08174e3db0af720dd3bd8f8ac2492def corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm Corporate 3.0/X86_64: 52175513104bf687a0dc7002e5d2374f x86_64/corporate/3.0/RPMS/vim-X11-6.2-14.4.C30mdk.x86_64.rpm 719644f6a0b76baa21d0d950b80df548 x86_64/corporate/3.0/RPMS/vim-common-6.2-14.4.C30mdk.x86_64.rpm c5e65cec1752232eb0123bd5e02970e1 x86_64/corporate/3.0/RPMS/vim-enhanced-6.2-14.4.C30mdk.x86_64.rpm ef9cdaf59ea64f6abe526c430c368926 x86_64/corporate/3.0/RPMS/vim-minimal-6.2-14.4.C30mdk.x86_64.rpm 08174e3db0af720dd3bd8f8ac2492def x86_64/corporate/3.0/SRPMS/vim-6.2-14.4.C30mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDCnKUmqjQ0CJFipgRAoY4AJwPOXIT8ne8SqI5ZlivuG/6/0MKogCgtRvH H0rWdeUWG8I62xMkYC4zx4I= =0T8l -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
