MDKA-2007:037 : initscripts

The text message printed over the bootsplash image was always displayed in English during shutdown or reboot, never being translated using the system's locale settings. This update package resolves the problem. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated...

MDKA-2007:111 : glibc

Two issues were discovered in the glibc package, after Mandriva Linux 2008.0 release. First is a bug, reported in glibc-utils package, that cause the memusage and xtrace utilities to not run correctly. The second is a minor problem with file integrity check when using rpm -V, that gives a false...

MDKA-2007:106 : autofs

The autofs init script was missing a dependency on ypbind, preventing a correct initialisation order in parallel mode, when storing autofs configuration in NIS bug 34559. The updated package fixes this issue. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patc...

MDKA-2007:137 : nss_ldap

This update corrects an issue in nssldap when handling SIGPIPE, which could manifest itself in many different ways in systems running with nssldap installed and configured, such as a simple application silent error to a complete abort. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:221)

Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Networ...

MDKA-2007:083 : imap

Due to the configuration of the xinetd configuration files included in the imap package, initial connections to the IMAP and/or POP3 services would have a substantial delay due to xinetd attempting to perform ident lookups. This update has corrected xinetd configuration files that remove the iden...

Mandrake Linux Security Advisory : libwmf (MDKSA-2007:123)

A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Libwmf uses an embedde...

MDKA-2007:027 : php-session

The php-session package includes a cron setting to remove PHP sessions that are no longer in use. Previously, it could expire the session even if it was still in use. This update will prevent the cron job from removing sessions that are still actively being used, and will only expire after the la...

Mandrake Linux Security Advisory : file (MDKSA-2007:067)

Jean-Sebastien Guay-Leroux discovered an integer underflow in the fileprintf function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Updated packages have been patched to address this issue. %NASLMINLEVEL...

Mandrake Linux Security Advisory : postgresql (MDKSA-2006:194)

A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users to cause a Denial of Service daemon crash via certain aggregate functions in an UPDATE statement which were not handled correctly CVE-2006-5540. Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote...

Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2006:174)

Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:024)

The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 craft...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:164-1)

Local exploitation of an integer overflow vulnerability in the 'CIDAFM' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root CVE-2006-3739. Local exploitation of an integer overflow vulnerability in the...

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:111)

Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service crash via a NULL second argument to the strtodate function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been...

MDKSA-2006:022 : perl-Convert-UUlib

A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation. This update provides version 1.051 which is not vulnerable to this flaw. %NASLMINLEVEL 999999...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:012)

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code Stream.cc in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service heap corruption and possibly execute arbitrary code via...

Mandrake Linux Security Advisory : xmovie (MDKSA-2005:229)

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodecdefaultgetbuffer' function of 'utils.c' i...

Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:228)

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodecdefaultgetbuffer' function of 'utils.c' i...

Mandrake Linux Security Advisory : gtk+2.0 (MDKSA-2005:068)

A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0. The updated packages have been patched to correct these issues. %NASLMINLEVEL 70300 C Tenable Network Securit...

Mandrake Linux Security Advisory : zhcon (MDKSA-2005:012)

Erik Sjolund discovered that zhcon accesses a user-controlled configuration file with elevated privileges which could make it possible to read arbitrary files. The updated packages have been patched to prevent these problems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...