http://www.mandriva.com/en/security/advisories Mandriva security advisories en-us http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:233 A heap overflow was found in the CDDB retrieval code of libcdaudio,<br /> which could result in the execution of arbitrary code (CVE-2008-5030).<br /> <br /> In addition, the fixes for CVE-2005-0706 were not applied to newer<br /> libcdaudio packages as shipped with Mandriva Linux, so the patch to fix<br /> that issue has been applied to 2008.1 and 2009.0 (this was originally<br /> fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found<br /> by Joseph VanAndel. Corporate 3.0 has this fix already applied.<br /> <br /> The updated packages have been patched to prevent these issues. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:177 The LIRC packages included with Mandriva Linux 2008 and Mandriva Linux<br /> 2008 Spring did not include the 'commandir' module, which is necessary<br /> (along with the 'lirc_cmdir' module) to properly support CommandIR<br /> remote controls.<br /> <br /> These updated packages do include the module. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:232 The ACL plugin in dovecot prior to version 1.1.4 treated negative<br /> access rights as though they were positive access rights, which allowed<br /> attackers to bypass intended access restrictions (CVE-2008-4577).<br /> <br /> The ACL plugin in dovecot prior to version 1.1.4 allowed attackers to<br /> bypass intended access restrictions by using the 'k' right to create<br /> unauthorized 'parent/child/child' mailboxes (CVE-2008-4578).<br /> <br /> In addition, two bugs were discovered in the dovecot package shipped<br /> with Mandriva Linux 2009.0. The default permissions on the dovecot.conf<br /> configuration file were too restrictive, which prevents the use of<br /> dovecot's 'deliver' command as a non-root user. Secondly, dovecot<br /> should not start until after ntpd, if ntpd is active, because if ntpd<br /> corrects the time backwards while dovecot is running, dovecot will<br /> quit automatically, with the log message 'Time just moved backwards<br /> by X seconds. This might cause a lot of problems, so I'll just kill<br /> myself now.' The update resolves both these problems. The default<br /> permissions on dovecot.conf now allow the 'deliver' command to read the<br /> file. Note that if you edited dovecot.conf at all prior to installing<br /> the update, the new permissions may not be applied. If you find the<br /> 'deliver' command still does not work following the update, please<br /> run these commands as root:<br /> <br /> # chmod 0640 /etc/dovecot.conf<br /> # chown root:mail /etc/dovecot.conf<br /> <br /> Dovecot's initialization script now configures it to start after the<br /> ntpd service, to ensure ntpd resetting the clock does not interfere<br /> with Dovecot operation.<br /> <br /> This package corrects the above-noted bugs and security issues by<br /> upgrading to the latest dovecot 1.1.6, which also provides additional<br /> bug fixes. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:220-1 Some vulnerabilities were discovered and corrected in the Linux<br /> 2.6 kernel:<br /> <br /> The snd_seq_oss_synth_make_info function in<br /> sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux<br /> kernel before 2.6.27-rc2 does not verify that the device number is<br /> within the range defined by max_synthdev before returning certain<br /> data to the caller, which allows local users to obtain sensitive<br /> information. (CVE-2008-3272)<br /> <br /> Unspecified vulnerability in the 32-bit and 64-bit emulation in the<br /> Linux kernel 2.6.9, 2.6.18, and probably other versions allows local<br /> users to read uninitialized memory via unknown vectors involving a<br /> crafted binary. (CVE-2008-0598)<br /> <br /> The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c<br /> in the vfs implementation in the Linux kernel before 2.6.25.15 does<br /> not prevent creation of a child dentry for a deleted (aka S_DEAD)<br /> directory, which allows local users to cause a denial of service<br /> (overflow of the UBIFS orphan area) via a series of attempted file<br /> creations within deleted directories. (CVE-2008-3275)<br /> <br /> Integer overflow in the sctp_setsockopt_auth_key function in<br /> net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)<br /> implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows<br /> remote attackers to cause a denial of service (panic) or possibly have<br /> unspecified other impact via a crafted sca_keylength field associated<br /> with the SCTP_AUTH_KEY option. (CVE-2008-3525)<br /> <br /> fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23<br /> does not properly zero out the dio struct, which allows local users<br /> to cause a denial of service (OOPS), as demonstrated by a certain<br /> fio test. (CVE-2007-6716)<br /> <br /> fs/open.c in the Linux kernel before 2.6.22 does not properly strip<br /> setuid and setgid bits when there is a write to a file, which allows<br /> local users to gain the privileges of a different group, and obtain<br /> sensitive information or possibly have unspecified other impact,<br /> by creating an executable file in a setgid directory through the (1)<br /> truncate or (2) ftruncate function in conjunction with memory-mapped<br /> I/O. (CVE-2008-4210)<br /> <br /> Additionaly, support for Intel's ICH9 controller was added, and 'tg3'<br /> driver was updated to version 3.71b.<br /> <br /> To update your kernel, please follow the directions located at:<br /> <br /> http://www.mandriva.com/en/security/kernelupdate<br /> <br /> Update:<br /> <br /> Support for Intel's ICH9 controller and the updated 'tg3' driver were<br /> actually missing in the previous update, this new update adds them. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:176 mdadm would crash during bootup when trying to activate several raid10<br /> devices, dropping the system in maintenance mode, where you had to<br /> manually reactivate the missing raid10 sets in order to continue<br /> the boot.<br /> <br /> The updated mdadm fixes this issue, allowing systems with raid10 to<br /> boot normally. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:175 Since version 6.14.9 Urpmi would spontaneously un-ignore any updated<br /> medias.<br /> <br /> This update fixes that regression. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:174 This update fixes errors in be-latin1, be2-latin1, ro-comma,<br /> ro-academic, and gr-utf8 keymaps, shipped on Mandriva Linux 2008<br /> Spring and Mandriva Linux 2009. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:173 Under certain conditions, imwheel would enter an infinite loop and<br /> force the X server to consume a lot of CPU time, rendering the system<br /> unusable.<br /> <br /> This update fixes the issue. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:172 The kdeeject command did not work, which resulted in a user being<br /> able to unmount, but not eject, removable devices. This package<br /> update corrects the issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:231 Drew Yao of the Apple Product Security Team found two flaws in libxml2.<br /> The first is a denial of service flaw in libxml2's XML parser. If an<br /> application linked against libxml2 were to process certain malformed<br /> XML content, it cause the application to enter an infinite loop<br /> (CVE-2008-4225).<br /> <br /> The second is an integer overflow that caused a heap-based buffer<br /> overflow in libxml2's XML parser. If an application linked against<br /> libxml2 were to process certain malformed XML content, it could<br /> cause the application to crash or possibly execute arbitrary code<br /> (CVE-2008-4226).<br /> <br /> The updated packages have been patched to correct these issues.