12 matches found
MDKA-2007:037 : initscripts
The text message printed over the bootsplash image was always displayed in English during shutdown or reboot, never being translated using the system's locale settings. This update package resolves the problem. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated...
Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:221)
Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Networ...
Mandrake Linux Security Advisory : libwmf (MDKSA-2007:123)
A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Libwmf uses an embedde...
Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2006:174)
Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified...
Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:164-1)
Local exploitation of an integer overflow vulnerability in the 'CIDAFM' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root CVE-2006-3739. Local exploitation of an integer overflow vulnerability in the...
Mandrake Linux Security Advisory : MySQL (MDKSA-2006:111)
Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service crash via a NULL second argument to the strtodate function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been...
Mandrake Linux Security Advisory : xmovie (MDKSA-2005:229)
Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodecdefaultgetbuffer' function of 'utils.c' i...
Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:012)
Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code Stream.cc in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service heap corruption and possibly execute arbitrary code via...
Mandrake Linux Security Advisory : gtk+2.0 (MDKSA-2005:068)
A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0. The updated packages have been patched to correct these issues. %NASLMINLEVEL 70300 C Tenable Network Securit...
Mandrake Linux Security Advisory : krb5 (MDKSA-2003:021)
A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system call. This could allow a malicious remote FTP server to write to files outside o...
Mandrake Linux Security Advisory : netpbm (MDKSA-2003:036)
Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scrip...
Mandrake Linux Security Advisory : gzip (MDKSA-2002:011)
There are two problems with the gzip archiving program; the first is a crash when an input file name is over 1020 characters, and the second is a buffer overflow that could be exploited if gzip is run on a server such as an FTP server. The patch applied is from the gzip developers and the problem...