Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : clamav (MDKSA-2006:016)

A heap-based buffer overflow was discovered in ClamAV versions prior to 0.88 which allows remote attackers to cause a crash and possibly execute arbitrary code via specially crafted UPX files. This update provides ClamAV 0.88 which corrects this issue and also fixes some other...

Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2005:232)

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodec_default_get_buffer()' function of...

Mandrake Linux Security Advisory : ethereal (MDKSA-2005:193-2)

Ethereal 0.10.13 is now available fixing a number of security vulnerabilities in various dissectors : the ISAKMP dissector could exhaust system memory the FC-FCS dissector could exhaust system memory the RSVP dissector could exhaust system memory the ISIS LSP dissector could exhaust system...

Mandrake Linux Security Advisory : wget (MDKSA-2005:183)

A vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to libcurl that together are longer than 192 bytes or b) allow (lib)curl to follow HTTP redirects...

Mandrake Linux Security Advisory : clamav (MDKSA-2005:205)

A number of vulnerabilities were discovered in ClamAV versions prior to 0.87.1 : The OLE2 unpacker in clamd allows remote attackers to cause a DoS (segfault) via a DOC file with an invalid property tree (CVE-2005-3239) The FSG unpacker allows remote attackers to cause 'memory corruption' and...

Mandrake Linux Security Advisory : gdk-pixbuf (MDKSA-2005:214)

A heap overflow vulnerability in the GTK+ gdk-pixbuf XPM image rendering library could allow for arbitrary code execution. This allows an attacker to provide a carefully crafted XPM image which could possibly allow for arbitrary code execution in the context of the user viewing the image....

Mandrake Linux Security Advisory : php (MDKSA-2005:213)

A number of vulnerabilities were discovered in PHP : An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1. An issue with the apache2handler...

Mandrake Linux Security Advisory : tkcvs (MDKSA-2006:001)

Javier Fernandez-Sanguino Pena discovered that tkdiff created temporary files in an insecure manner. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : spamassassin (MDKSA-2005:221)

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ('To' addresses), which triggers a bus error in Perl. Updated packages have been patched to address this...

Mandrake Linux Security Advisory : fuse (MDKSA-2005:216)

Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set...

Mandrake Linux Security Advisory : mailman (MDKSA-2005:222)

Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on....

Mandrake Linux Security Advisory : netpbm (MDKSA-2005:217)

Greg Roelofs discovered and fixed several buffer overflows in pnmtopng which is also included in netpbm, a collection of graphic conversion utilities, that can lead to the execution of arbitrary code via a specially crafted PNM file. Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier....

Mandrake Linux Security Advisory : ethereal (MDKSA-2006:002)

Three vulnerabilities were discovered in Ethereal 0.10.13 : The IRC and GTP dissectors could go into an infinite loop. A buffer overflow was discovered by iDefense in the OSPF dissector. Ethereal has been upgraded to 0.10.14 which does not suffer from these...

Mandrake Linux Security Advisory : koffice (MDKSA-2005:185)

Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. An attacker could provide a specially crafted RTF file, which when opened in KWord can cause execution of arbitrary code. The updated packages are patched to deal with these...

Mandrake Linux Security Advisory : xli (MDKSA-2005:192)

Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : tetex (MDKSA-2006:011)

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code.....

Mandrake Linux Security Advisory : fetchmail (MDKSA-2005:236)

Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : kolab-resource-handlers (MDKSA-2006:013)

A problem exists in how the Kolab Server transports emails bigger than 8KB in size and if a dot ('.') character exists in the wrong place. If these conditions are met, kolabfilter will double this dot and a modified email will be delivered, which could lead to broken clear-text signatures or...

Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:228)

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodec_default_get_buffer()' function of...

Mandrake Linux Security Advisory : xmovie (MDKSA-2005:229)

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodec_default_get_buffer()' function of...

Mandrake Linux Security Advisory : kernel (MDKSA-2005:235)

Multiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected in this update : A stack-based buffer overflow in the sendmsg function call in versions prior to 2.6.13.1 allow local users to execute arbitrary code by calling sendmsg and modifying the message contents in another....

Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)

A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352)....

Mandrake Linux Security Advisory : lynx (MDKSA-2005:211)

An arbitrary command execution vulnerability was discovered in the lynx 'lynxcgi:' URI handler. An attacker could create a web page that redirects to a malicious URL which could then execute arbitrary code as the user running lynx. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2005:173)

New updates are available for Mozilla Firefox : A regression in the LE2005 Firefox package caused problems with cursor movement that has been fixed. The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174)

Updated Mozilla Thunderbird packages fix various vulnerabilities : The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files (CVE-2005-2353). A bug in the way Thunderbird processes XBM images could be...

Mandrake Linux Security Advisory : cups (MDKSA-2006:010)

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code.....

Mandrake Linux Security Advisory : php (MDKSA-2005:238)

A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the 'To' address argument, when using sendmail as the MTA (mail transfer agent). The updated packages have been patched to address.....

Mandrake Linux Security Advisory : ffmpeg (MDKSA-2005:231)

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodec_default_get_buffer()' function of...

Mandrake Linux Security Advisory : curl (MDKSA-2005:224)

Stefan Esser discovered that libcurl's URL parser function can have a malloced buffer overflows in two ways if given a too long URL. It cannot be triggered by a redirect, which makes remote exploitation unlikely, but can be passed directly to libcurl (allowing for local exploitation) and could...

Mandrake Linux Security Advisory : openvpn (MDKSA-2005:206-1)

Two Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client (CVE-2005-3393). The second DoS can occur if when in TCP server mode, OpenVPN received an error on accept(2) and the resulting exception handler causes....

Mandrake Linux Security Advisory : printer-filters-utils (MDKSA-2005:239)

'newbug' discovered a local root vulnerability in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges. Mandriva encourages all users to upgrade immediately. The updated packages have been.....

Mandrake Linux Security Advisory : binutils (MDKSA-2005:215)

Integer overflows in various applications in the binutils package may allow attackers to execute arbitrary code via a carefully crafted object file. The updated packages have been patched to help address these...

Mandrake Linux Security Advisory : webmin (MDKSA-2005:223)

Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format....

Mandrake Linux Security Advisory : perl (MDKSA-2005:225)

Jack Louis discovered a new way to exploit format string errors in the Perl programming language that could lead to the execution of arbitrary code. The updated packages are patched to close the particular exploit vector in Perl itself, to mitigate the risk of format string programming errors,...

Mandrake Linux Security Advisory : gda2.0 (MDKSA-2005:203)

Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library. The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : uim (MDKSA-2005:198)

Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : w3c-libwww (MDKSA-2005:210)

Sam Varshavchik discovered the HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. The updated packages have been patched.....

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:226)

A bug in enigmail, the GPG support extension for Mozilla MailNews and Mozilla Thunderbird was discovered that could lead to the encryption of an email with the wrong public key. This could potentially disclose confidential data to unintended recipients. The updated packages have been patched to...

Mandrake Linux Security Advisory : apache2-mod_auth_pgsql (MDKSA-2006:009)

iDefense discovered several format string vulnerabilities in the way that mod_auth_pgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if mod_auth_pgsql is used for user authentication. The provided packages have been patched to.....

Mandrake Linux Security Advisory : sudo (MDKSA-2005:234)

Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library.....

Mandrake Linux Security Advisory : graphviz (MDKSA-2005:188)

Javier Fernández-Sanguino Peña discovered insecure temporary file creation in graphviz, a rich set of graph drawing tools, that can be exploited to overwrite arbitrary files by a local attacker. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : cpio (MDKSA-2005:237)

A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits. The updated packages have been patched to correct these...

Mandrake Linux Security Advisory : mplayer (MDKSA-2005:230)

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the 'avcodec_default_get_buffer()' function of...

Mandrake Linux Security Advisory : ethereal (MDKSA-2005:227)

A stack-based buffer overflow was discovered in the OSPF dissector in Ethereal. This could potentially be abused to allow remote attackers to execute arbitrary code via crafted packets. The updated packages have been patched to prevent this...

Mandrake Linux Security Advisory : dia (MDKSA-2005:187)

Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitise data read from an SVG file and is hence vulnerable to execute arbitrary Python code. The updated packages have been patched to address this...

Mandrake Linux Security Advisory : libungif (MDKSA-2005:207)

Several bugs have been discovered in the way libungif decodes GIF images. These allow an attacker to create a carefully crafted GIF image file in such a way that it could cause applications linked with libungif to crash or execute arbitrary code when the file is opened by the user. The updated...

Mandrake Linux Security Advisory : webmin (MDKSA-2005:176)

Miniserv.pl in Webmin 1.220, when 'full PAM conversations' is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). The updated packages have been patched to correct this...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:012)

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code.....

Mandrake Linux Security Advisory : netpbm (MDKSA-2005:199)

Pnmtopng in netpbm 10.2X, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack. Netpbm 9.2X is not affected by this...

Mandrake Linux Security Advisory : kernel (MDKSA-2005:219)

Multiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected in this update : An integer overflow in vc_resize (CVE-2004-1333). A race condition in the sysfs_read_file and sysfs_write_file functions in 2.6.10 and earlier allows local users to read kernel memory and cause a...