Mandriva

This updated x11-server-xorg package provides the following fixes:

The OpenOffice.org application menu would trigger a bug in the X
server's xkb cache code causing it to crash (segfault).

Fake key events generated by the XTest extension would not change
the state of the keyboard leds. This would cause the numlock led to
be inverted when the enable_X11_numlock program was used (Mandriva's
default behaviour).

This update corrects both issues.

This update fixes several minor issues with rpmdrake:

- it stops running with debuging perl pragmas, which should speed up
some things
- it makes edit-urpm-sources not drop the 'ignore' flag when updating
a medium (bug #44930)
- it makes edit-urpm-sources display the right type of altered
mirrorlist media (bug #44930)
- it makes rpmdrake list plasma applets in GUI package list too
(bug #45835)

It also enhances searching in rpmdrake by fixing a rare crash on
searching (bug #46225), by scrolling the group list to the search
category when displaying results, and by updating the GUI package list.

This update fixes a crash in draksnapshot when hal is confused
(bug #44966).

This update fixes the following two issues with msec:

- when changing to a higher security level, permit_root_login is not
handled correctly (bug #19726)
- daily reports with multi-byte characters are not sent correctly
(bug #26773)

The dos2unix command removes the last line of a file if no newline
character(s) follow. This package fixes the issue.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The chip_command function in drivers/media/video/tvaudio.c in the
Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7,
and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of
service (NULL function pointer dereference and OOPS) via unknown
vectors. (CVE-2008-5033)

Stack-based buffer overflow in the hfs_cat_find_brec function
in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows
attackers to cause a denial of service (memory corruption or system
crash) via an hfs filesystem image with an invalid catalog namelength
field, a related issue to CVE-2008-4933. (CVE-2008-5025)

Additionally, added enhancements for a newer revision of Nokia models
6300, XpressMusic 5200, 5610 and 7610, the support for the ub USB
module was disabled, added fixes for the Wake On LAN feature of the
r8169 module, added fixes for suspend and resume on the i915 module,
added ALSA fixes for Intel HDA, added workaround for a bug on iwlagn,
added the m5602 driver, fixed a crash on the ppscsi module, added
fixes to the uvcvideo module.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Security vulnerabilities have been discovered and corrected in
the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500,
CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506,
CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513).

This update provides the latest Mozilla Firefox 3.x to correct
these issues.

Security vulnerabilities have been discovered and corrected in
the latest Mozilla Firefox 2.x, version 2.0.0.19 (CVE-2008-5500,
CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507,
CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512,
CVE-2008-5513).

This update provides the latest Mozilla Firefox 2.x to correct
these issues.

Local users can use symlink attacks throughout a flaw on
trend-autoupdate script of MailScanner by using /tmp/opr.ini.#####
or /tmp/lpt temporary file (CVE-2008-5140).

Local users can use symlink attacks throughout flaws on
clamav-autoupdate, panda-autoupdate and rav-autoupdate scripts of
MailScanner by using ClamAV.update.log, pav.zip and RavBusy.lock
temporary files (CVE-2008-5312).

Local users can use symlink attacks throughout flaws on
kaspersky-wrapper, bitdefender-wrapper, rav-wrapper scripts and
Quarentine.pm, TNEF.pm, SA.pm, WorkArea.pm MailScanner perl modules
by using kavoutput.tmp.27073, log.bdc.27073, report.vir.27073,
MailScanner.ownertest.27073, tnef.27073 and MS.bayes.rebuild.lock
temporary files (CVE-2008-5313).

Further MailScanner had symlink flaws on antivir-autoupdate,
bitdefender-autoupdate, clamav-autoupdate, etrust-autoupdate,
generic-autoupdate, inoculan-autoupdate, kaspersky-autoupdate,
nod32-autoupdate, norman-autoupdate, rav-autoupdate,
sophos-autoupdate, symscanengine-autoupdate, vexira-autoupdate,
f-prot-autoupdate and css-autoupdate scripts under following
temporary vulnerable files: AntiVirBusy.lock, BitDefenderBusy.lock,
ClamAVBusy.lock, eTrustBusy.lock, GenericBusy.lock, InoculanBusy.lock,
KasperskyBusy.lock, Nod32Busy.lock, NormanBusy.lock, RavBusy.lock,
SophosBusy.lock, SymScanEngineBusy.lock, VexiraBusy.lock,
FProtBusy.lock and SYMCScan.lock.

This update provides fix for all symlink flaws described on this
security advisory.

Drakfirewall, as shipped with Mandriva Linux 2009.0, was not able
to save the firewall configuration after changing port selection.
This update fixes the issue.

This package update adds support for automatically configuring
additional software repositories (Restricted / Restricted Updates)
for registered Powerpack users.

This update provides the latest version of the JACK audio server.
It is not provided to fix any specific bugs, but due to the
recommendation of the JACK development community that all users should
upgrade to 0.116.0 or later, as announced at http://jackaudio.org/.
The release fixes many bugs and adds new features, most important
among them being the integration of netjack functionality.

The kde4-splash-mdv package in Mandriva Linux 2009.0 was not
translated. This package update adds translations at the KDE4
start screen.

Two buffer overflow vulnerabilities were discovered in GNU enscript,
which could allow an attacker to execute arbitrary commands via a
specially crafted ASCII file, if the file were opened with the -e or
--escapes option enabled (CVE-2008-3863, CVE-2008-4306).

The updated packages have been patched to prevent these issues.

Two vulnerabilities were discovered in Wireshark. The first is a
vulnerability in the SMTP dissector that could cause it to consume
excessive CPU and memory via a long SMTP request (CVE-2008-5285).

The second is an issue with the WLCCP dissector that could cause it
to go into an infinite loop.

This update also provides a patch to fix a potential freeze during
capture interface selection.

This update provides Wireshark 1.0.5, which is not vulnerable to
these issues.

This update is the Mandriva OpenOffice.org 3.0 stable official release
on Mandriva Linux 2009.0 and it holds some of following explained
bug fixes related to openoffice.org-3.0-0.rc2.1mdv2009 packages:

OpenOffice.org crashes on start up when the user interface is
changed to the Greek language, thus preventing Greek users from using
OpenOffice.org in their language (bug #44821).

The PyUno function loadComponentFromUrl is missing. This made it
not possible in some ways to extend OpenOffice.org using Python
through PyUno. Further, some OpenOffice.org extensions written in
Python may not work as well (bug #45445).

Clip art in the clipart-opencliparts-1.8 package are unreachable
by OpenOffice.org. This prevented users from using a lot of clip
art provided by the clipart-opencliart-1.8 package (bug #45196).

Since no l10n package is installed by default with OpenOffice.org, it
used en_US (American English) as the default user interface language
and the openoffice.org-help-en_US package should be installed by
default to enable users to view OpenOffice.org help. This is the
default behavior for other l10n OpenOffice.org language packages:
always when an l10n package is installed, the respective help package
is also installed (bug #44809).

The default user desktop e-mail program configured according to the
FreeDesktop.org standard tools should be used for OpenOffice.org when
e-mail URI embedded in documents are accessed (bug #43917).

OpenOffice.org installed a misplaced file on the root file system.
This file is called ooobuildtime.log and it should not be there.

The updated packages provide the final OpenOffice.org 3.0 release
and fix the noted issues.

Alfredo Ortega found a flaw in how Vinagre uses format strings.
A remote attacker could exploit this vulnerability if they were able to
trick a user into connecting to a malicious VNC server, or opening a
specially crafted URI with Vinagre. With older versions of Vinagre,
it was possible to execute arbitrary code with user privileges.
In later versions, Vinagre would abort, leading to a denial of service.

The updated packages have been patched to prevent this issue.

On Mandriva Linux 2009.0, every time a web page was opened under
Konqueror, or opened in a new tab, it showed the HTML code in an
editor instead of the website. This update makes Konqueror display
websites correctly instead of pure HTML code.

Nasm, as shipped with Mandriva Linux 2009.0, produced bad code on the
x86_64 platform in certain cases. This update corrects the problem.