Section: .. / 1001-advisories /
| /// File Name: |
MDVSA-2010-007.txt |
Description:
|
Mandriva Linux Security Advisory 2010-007 - The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3509 | | Related CVE(s): | CVE-2007-5898, CVE-2009-2626, CVE-2009-4142 | | Last Modified: | Jan 15 19:34:19 2010 |
| MD5 Checksum: | 13194dccfcf5d6fe0f4480b1cb1f6b2c |
|
| /// File Name: |
MDVSA-2010-008.txt |
Description:
|
Mandriva Linux Security Advisory 2010-008 - The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 39443 | | Related CVE(s): | CVE-2009-2626, CVE-2009-4142 | | Last Modified: | Jan 15 19:40:23 2010 |
| MD5 Checksum: | 255d28778c94f59a3f2ad6327849b2e3 |
|
| /// File Name: |
MDVSA-2010-009.txt |
Description:
|
Mandriva Linux Security Advisory 2010-009 - The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 26049 | | Related CVE(s): | CVE-2009-4142 | | Last Modified: | Jan 15 20:00:20 2010 |
| MD5 Checksum: | 3bc2c39f69446ef0aee711c725b25958 |
|
| /// File Name: |
MDVSA-2010-010.txt |
Description:
|
Mandriva Linux Security Advisory 2010-010 - Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6165 | | Related CVE(s): | CVE-2009-4012 | | Last Modified: | Jan 17 18:16:43 2010 |
| MD5 Checksum: | 4a079fe63662c9f178336daa17afaba7 |
|
| /// File Name: |
MDVSA-2010-013.txt |
Description:
|
Mandriva Linux Security Advisory 2010-013 - Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2767 | | Related CVE(s): | CVE-2009-1757, CVE-2010-0012 | | Last Modified: | Jan 18 20:40:58 2010 |
| MD5 Checksum: | 97ea92440a429610c6ab9786872455cd |
|
| /// File Name: |
MDVSA-2010-014.txt |
Description:
|
Mandriva Linux Security Advisory 2010-014 - Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3240 | | Related CVE(s): | CVE-2010-0012 | | Last Modified: | Jan 18 20:56:54 2010 |
| MD5 Checksum: | 2eccb95035df0fd74d46b91d37f106c6 |
|
| /// File Name: |
MDVSA-2010-017.txt |
Description:
|
Mandriva Linux Security Advisory 2010-017 - WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7982 | | Related CVE(s): | CVE-2009-4492 | | Last Modified: | Jan 19 21:34:25 2010 |
| MD5 Checksum: | ad3fb8446a6e09d3a0439005fc00ce20 |
|
| /// File Name: |
MDVSA-2010-018.txt |
Description:
|
Mandriva Linux Security Advisory 2010-018 - libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. This update provides phpMyAdmin 2.11.10, which is not vulnerable to these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3270 | | Related CVE(s): | CVE-2008-7251, CVE-2008-7252, CVE-2009-4605 | | Last Modified: | Jan 19 22:25:05 2010 |
| MD5 Checksum: | 536666fd7cbfdf7e9284fc94f424b54d |
|
| /// File Name: |
MDVSA-2010-019.txt |
Description:
|
Mandriva Linux Security Advisory 2010-019 - An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2684 | | Related CVE(s): | CVE-2010-0001 | | Last Modified: | Jan 20 18:01:14 2010 |
| MD5 Checksum: | 08232545156670be800dbe98a0b70a94 |
|
| /// File Name: |
MDVSA-2010-020.txt |
Description:
|
Mandriva Linux Security Advisory 2010-020 - A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip. An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4800 | | Related CVE(s): | CVE-2009-2624, CVE-2010-0001 | | Last Modified: | Jan 20 19:16:02 2010 |
| MD5 Checksum: | 933882bda129a66438d0f43b8f7dea15 |
|
| /// File Name: |
MDVSA-2010-021.txt |
Description:
|
Mandriva Linux Security Advisory 2010-021 - The original fix for was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally BIND has been upgraded to the latest patch release version.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8310 | | Related CVE(s): | CVE-2009-4022, CVE-2010-0097, CVE-2010-0290 | | Last Modified: | Jan 20 21:28:29 2010 |
| MD5 Checksum: | 1a8619a7db70f008a98849880689c8f0 |
|
| /// File Name: |
MDVSA-2010-022.txt |
Description:
|
Mandriva Linux Security Advisory 2010-022 - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct thies issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7373 | | Related CVE(s): | CVE-2009-4355 | | Last Modified: | Jan 22 01:38:14 2010 |
| MD5 Checksum: | fdb2aaebfd656adeaa8421e92c498f67 |
|
| /// File Name: |
MDVSA-2010-023.txt |
Description:
|
Mandriva Linux Security Advisory 2010-023 - Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a. (dot dot) in the cmd parameter. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2465 | | Related CVE(s): | CVE-2009-4427 | | Last Modified: | Jan 22 02:42:48 2010 |
| MD5 Checksum: | d57d68676444cb6c0441ee33777a93fd |
|
| /// File Name: |
MDVSA-2010-024.txt |
Description:
|
Mandriva Linux Security Advisory 2010-024 - The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5856 | | Related CVE(s): | CVE-2009-4135 | | Last Modified: | Jan 24 15:21:47 2010 |
| MD5 Checksum: | a55733d45e7f598733e912fa99dd2508 |
|
| /// File Name: |
MDVSA-2010-025.txt |
Description:
|
Mandriva Linux Security Advisory 2010-025 - Multiple vulnerabilities were discovered and corrected in php-pear. Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 f for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5120 | | Related CVE(s): | CVE-2009-4023, CVE-2009-4111 | | Last Modified: | Jan 26 02:10:58 2010 |
| MD5 Checksum: | fdfa2b23dd57c214cfddf100b22c67fb |
|
| /// File Name: |
MDVSA-2010-026.txt |
Description:
|
Mandriva Linux Security Advisory 2010-026 - libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \\'\\0\\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 11703 | | Related CVE(s): | CVE-2009-3767 | | Last Modified: | Jan 27 09:51:43 2010 |
| MD5 Checksum: | c176c41813f12012f69c5dfb63a904a6 |
|
| /// File Name: |
MDVSA-2010-027.txt |
Description:
|
Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 11062 | | Related CVE(s): | CVE-2009-2702, CVE-2009-1687, CVE-2009-1725, CVE-2009-1690, CVE-2009-1698, CVE-2009-2537, CVE-2009-0689, CVE-2009-0945 | | Last Modified: | Jan 27 10:51:58 2010 |
| MD5 Checksum: | 71dd2ef10df3ead3da1c7f0863e27e61 |
|
| /// File Name: |
MDVSA-2010-028.txt |
Description:
|
Mandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8680 | | Related CVE(s): | CVE-2009-2702, CVE-2009-2537, CVE-2009-0689 | | Last Modified: | Jan 27 13:32:08 2010 |
| MD5 Checksum: | ca72b5b5176f9490073325867040e938 |
|
| /// File Name: |
MDVSA-2010-029.txt |
Description:
|
Mandriva Linux Security Advisory 2010-029 - The rootcerts package was added in Mandriva in 2005 and was meant to be updated when necessary. The provided rootcerts packages has been upgraded using the latest certdata.txt file from the mozilla cvs repdata.txt file. The rootcerts package provides the /etc/pki/tls/certs/ca-bundle.crt file which most softwares in Mandriva, and where applicable is sharing such as KDE, curl, pidgin, neon, and more. The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9662 | | Last Modified: | Jan 29 19:20:44 2010 |
| MD5 Checksum: | 3d67fd7196559417c415a15d780d6703 |
|
| /// File Name: |
micrologix-pwn.txt |
Description:
|
Micrologix 1100 and 1400 controllers suffer from multiple vulnerabilities that allow unauthorized control of the PLC. Details of these vulnerabilities will be disclosed only to legitimate parties such as asset owners (utilities), after receiving the approval of the local CERT or any other local official entity.
| | Author: | Eyal Udassin | | Homepage: | http://www.c4-security.com/ | | File Size: | 2962 | | Last Modified: | Jan 15 19:28:18 2010 |
| MD5 Checksum: | e652a3e99f4038663eb45e3f82b16eb1 |
|
| /// File Name: |
MITKRB5-SA-2009-004.txt |
Description:
|
MIT krb5 Security Advisory 2009-004 - Integer underflow bugs in the AES and RC4 decryption operations of the crypto library of the MIT Kerberos software can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution. Only releases krb5-1.3 and later are vulnerable, as earlier releases did not contain the functionality implemented by the vulnerable code.
| | Homepage: | http://web.mit.edu/ | | File Size: | 7436 | | Related CVE(s): | CVE-2009-4212 | | Last Modified: | Jan 13 21:16:36 2010 |
| MD5 Checksum: | 3409a3e1b976b767c31a20823989740a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
