Next Page >>
Updated Packages
session.save_path directive (CVE-2009-4143).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143
allows remote attackers to execute arbitrary SQL commands via the
rra_id parameter in a GET request in conjunction with a valid rra_id
value in a POST request or a cookie, which bypasses the validation
routine (CVE-2010-2092).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2092
have unspecified other impact via a crafted argument (CVE-2010-0397).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0397
References:
http://www.wireshark.org/security/wnpa-sec-2010-06.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
0149a3fead677c67a65d689ca5d14003 2009.1/i586/dumpcap-1.0.14-0.1mdv2009.1.i586.rpm
11cc457d2403d1528a21ffe5b9ac7262 2009.1/i586/libwireshark0-1.0.14-0.1mdv2009.1.i586.rpm
f21953c954858ae6a42ac17c2652cfd3 2009.1/i586/libwireshark-devel-1.0.14-0.1mdv2009.1.i586.rpm
via a crafted PostScript file (CVE-2010-1869).
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1640
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
befa2aace21d5723723bb3a93444fff6 2008.0/i586/clamav-0.96.1-0.1mdv2008.0.i586.rpm
91de0b1b1d3717b02c5ec78f40b60068 2008.0/i586/clamav-db-0.96.1-0.1mdv2008.0.i586.rpm
5e63fa6565cbfaa4cc4000f77524a181 2008.0/i586/clamav-milter-0.96.1-0.1mdv2008.0.i586.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
cd6dc1cbf8e2ecaea0e4d5374ea30d32 2010.0/i586/openoffice.org-3.1.1-2.5mdv2010.0.i586.rpm
7e8ffaacefef338a34b2b7c04f3901c9 2010.0/i586/openoffice.org-base-3.1.1-2.5mdv2010.0.i586.rpm
30df88c90092d7ad7bb71c5242fbb146 2010.0/i586/openoffice.org-calc-3.1.1-2.5mdv2010.0.i586.rpm
a different vulnerability than CVE-2010-0426 (CVE-2010-1163).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
Update:
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0831
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0732
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
c3a29224a7ab7f869fad3541908f6eff 2008.0/i586/gtk+2.0-2.12.1-2.2mdv2008.0.i586.rpm
f3b1608da1dce0eb474b1f21bd77d75b 2008.0/i586/libgdk_pixbuf2.0_0-2.12.1-2.2mdv2008.0.i586.rpm
040a1ca71f7eadb280de43c92e49c17d 2008.0/i586/libgdk_pixbuf2.0_0-devel-2.12.1-2.2mdv2008.0.i586.rpm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2823
http://www.kb.cert.org/vuls/id/867593
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
d20085bdf2db6c017ae2bbd1e66b95a3 2009.1/i586/apache-conf-2.2.11-5.1mdv2009.1.i586.rpm
528faefad6aa4272aa1f4eb028ffa738 2009.1/SRPMS/apache-conf-2.2.11-5.1mdv2009.1.src.rpm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0414
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
1d4b1a2c33e12fd99fb45415359cb308 2010.0/i586/gnome-screensaver-2.28.3-1.1mdv2010.0.i586.rpm
cf9bb84668b17fb497752472aa7be1fb 2010.0/SRPMS/gnome-screensaver-2.28.3-1.1mdv2010.0.src.rpm
(CVE-2009-3297).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
19efa81835c23a398b2838a12c402cfc 2008.0/i586/dumpcap-1.0.11-0.1mdv2008.0.i586.rpm
e2ebbdf9c799d040c484c766f7f77ce1 2008.0/i586/libwireshark0-1.0.11-0.1mdv2008.0.i586.rpm
bbdc06654f2ca5508368a09197f68453 2008.0/i586/libwireshark-devel-1.0.11-0.1mdv2008.0.i586.rpm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
1f42cf30ee84314be4125a070709d239 2009.0/i586/libopenssl0.9.8-0.9.8h-3.7mdv2009.0.i586.rpm
372bffd962ced1965c33b752def70b8b 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.7mdv2009.0.i586.rpm
ace965066796e71bf4ecf4af6bc831c5 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.i586.rpm
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote
attackers to cause a denial of service (server exit) via a zero-length
client ID (CVE-2010-2156).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2156
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html
https://qa.mandriva.com/58862
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
251035832a8d039e5ad54c17284737ab 2008.0/i586/mozilla-thunderbird-3.0.4-0.4mdv2008.0.i586.rpm
6588883b720252b4f2dad5961fbe0047 2008.0/i586/mozilla-thunderbird-af-3.0.4-0.3mdv2008.0.i586.rpm
899a16f12eab4deed4ce7c4065a287a0 2008.0/i586/mozilla-thunderbird-ar-3.0.4-0.3mdv2008.0.i586.rpm
Problem Description:
A race condition has been found in fuse that could escalate privileges
for local users and lead to a DoS (Denial of Service) (CVE-2009-3297).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3297
(CVE-2010-0734).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct theis issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734
extension identified by Grzegorz Stachowiak. (Ilia)
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://www.php.net/ChangeLog-5.php#5.2.13
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423
http://pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
7b6b149b6d3b66ac216ffdb39366d122 2008.0/i586/finch-2.6.6-0.1mdv2008.0.i586.rpm
f8ef6b0bfb06eb0617fe0056b61838fc 2008.0/i586/libfinch0-2.6.6-0.1mdv2008.0.i586.rpm
c9f08705a68c551450888cbd383f8e56 2008.0/i586/libpurple0-2.6.6-0.1mdv2008.0.i586.rpm
related to an incorrect RPATH setting (CVE-2008-3279).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3279
libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working
directory, which allows local users to obtain sensitive information
via a symlink attack involving a setgid or setuid application that
uses this module (CVE-2010-0826).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0826
character, related to a decompression bomb attack (CVE-2010-0205).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
8ac346a8c93d555e564c99ea9f85bdf8 2009.0/i586/jackit-0.116.1-1.1mdv2009.0.i586.rpm
652f86a7c84446c820735ae2467978f2 2009.0/i586/jackit-example-clients-0.116.1-1.1mdv2009.0.i586.rpm
c92a223d3b70e3491aec828262d42d5c 2009.0/i586/libjack0-0.116.1-1.1mdv2009.0.i586.rpm
1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable
to determine the file that provides localized message strings, which
allows local users to gain privileges via a file that contains crafted
localization data with format string specifiers (CVE-2010-0393).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820
more specific port scanning tools are freely available, we consider
this vulnerability to be of very low severity. It has been fixed by
restricting the allowable POP port numbers (with an administrator
configuration override available) (CVE-2010-1637).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637
client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users
to mount a CIFS share on an arbitrary mountpoint, and gain privileges,
via a symlink attack on the mountpoint directory file (CVE-2010-0747).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
subsequently called (CVE-2009-1571).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
94ba6cbecf2c45ea2ddea01e17265a28 mes5/i586/gnome-vfsmm2.6-doc-2.24.0-1.1mdvmes5.i586.rpm
9519cafc3ff6c599b0e103bd2f0950f6 mes5/i586/icu-4.0-2.1mdvmes5.i586.rpm
53db7d0a238be955661c190c40413a44 mes5/i586/icu-doc-4.0-2.1mdvmes5.i586.rpm
Next Page>>
|
