%package audispd-plugins audit libaudit0 libaudit-devel libaudit-static-devel python-audit system-config-audit Update: Wed Apr 09 13:50:07 2008 Importance: security ID: MDVSA-2008:083 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:083 %pre Joe Nall reported a stack-based buffer overflow in Audit's log handling that could allow remote attackers to execute arbitrary code via a long command argument (CVE-2008-1628). The updated packages have been patched to correct this issue. %description The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. %package rsync Update: Fri Apr 11 14:01:56 2008 Importance: security ID: MDVSA-2008:084 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:084 %pre Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash (CVE-2008-1720). The updated packages have been patched to correct this issue. %description %package rsync Update: Fri Apr 11 14:10:42 2008 Importance: security ID: MDVSA-2008:084 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:084 %pre Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash (CVE-2008-1720). The updated packages have been patched to correct this issue. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. This rpm has these patches applied from rsync tree: - acl: allow to mirror acl Rebuild the source rpm with `--without patches' if you don't want these patches %package libpython2.5 libpython2.5-devel python python-base python-docs tkinter tkinter-apps Update: Tue Apr 15 00:26:34 2008 Importance: security ID: MDVSA-2008:085 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:085 %pre Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. The updated packages have been patched to prevent this issue. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package drakbt Update: Wed Apr 16 13:34:50 2008 Importance: bugfix ID: MDVA-2008:045 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:045 %pre A bug with drakbt caused it to crash when selecting private torrents. This update corrects the problem. %description Drakbt reports status information for a given torrent file or URL. It can connect automatically to Mandriva Linux websites to grab and display available torrents. You should provide login and password if you want to connect to club member restricted torrents. After all checks are done, you can trigger the download process from drakbt. Information displayed are : - current number of complete copies (seeds) - incomplete copies (leeches) currently active. - Bittorrent port reachability - Hash info .... %package libpolkit2 libpolkit-devel policykit policykit-docs Update: Wed Apr 16 16:01:57 2008 Importance: security ID: MDVSA-2008:087 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:087 %pre A format string vulnerability in the grant helper, in PolicyKit 0.7 and earlier, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password. The updated package has been patched to correct this issue. %description PolicyKit is a toolkit for defining and handling authorizations. It is used to allows unprivileged processes to speak to privileged processes. %package clamav clamav-db clamav-milter clamd clamdmon dansguardian klamav libclamav4 libclamav-devel Update: Thu Apr 17 15:18:01 2008 Importance: security ID: MDVSA-2008:088 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 %pre Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.93 release, including: ClamAV 0.92 allowed local users to overwrite arbitrary files via a symlink attack on temporary files or on .ascii files in sigtool, when utf16-decode is enabled (CVE-2007-6595). A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary (CVE-2008-0314). An integer overflow in libclamav prior to 0.92.1 allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggered a heap-based buffer overflow (CVE-2008-0318). An unspecified vulnerability in ClamAV prior to 0.92.1 triggered heap corruption (CVE-2008-0728). A buffer overflow in ClamAV 0.92 and 0.92.1 allowed remote attackers to execute arbitrary code via a crafted Upack PE file (CVE-2008-1100). ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive (CVE-2008-1387). A heap-based buffer overflow in ClamAV 0.92.1 allowed remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary (CVE-2008-1833). ClamAV prior to 0.93 allowed remote attackers to bypass the scanning engine via a RAR file with an invalid version number (CVE-2008-1835). A vulnerability in rfc2231 handling in ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (crash) via a crafted message that produced a string that was not null terminated, triggering a buffer over-read (CVE-2008-1836). A vulnerability in libclamunrar in ClamAV prior to 0.93 allowed remote attackers to cause a denial of service (crash) via a crafted RAR file (CVE-2008-1837). Other bugs have also been corrected in 0.93 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Thu Apr 24 16:02:23 2008 Importance: security ID: MDVSA-2008:091 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:091 %pre A few vulnerabilities were found in Wireshark, that could cause it to crash or hang under certain conditions. This update provides Wireshark 1.0.0, which is not vulnerable to the issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package x11-driver-video Update: Fri Apr 25 11:18:28 2008 Importance: bugfix ID: MDVA-2008:048 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:048 %pre The virtual package x11-driver-video would incorrectly require sparc specific video drivers on a x86 architecture computer. The updated package fixes the issue. %description X11 video drivers metapackage. This package contains no files, but depends on all free X.org video drivers. %package gstreamer0.10-aalib gstreamer0.10-caca gstreamer0.10-dv gstreamer0.10-esound gstreamer0.10-flac gstreamer0.10-plugins-good gstreamer0.10-raw1394 gstreamer0.10-speex gstreamer0.10-wavpack Update: Tue Apr 29 12:27:34 2008 Importance: security ID: MDVSA-2008:092 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:092 %pre A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The speex plugin in the gstreamer-plugins-good package is similarly affected by this issue. The updated packages have been patched to correct this issue. %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of plug-ins that are considered to have good quality code, correct functionality, the preferred license (LGPL for the plug-in code, LGPL or LGPL-compatible for the supporting library). People writing elements should base their code on these elements. %package vorbis-tools Update: Tue Apr 29 12:29:48 2008 Importance: security ID: MDVSA-2008:093 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:093 %pre A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The ogg123 application in vorbis-tools is similarly affected by this issue. The updated packages have been patched to correct this issue. %description This package contains oggenc (encoder), oggdec, ogg123 (command line player) vorbiscomment (metadata editor) and vcut (cut tool). Find some free Ogg Vorbis music here: http://www.vorbis.com/music/ %package libspeex1 libspeex-devel libspeex-static-devel speex Update: Tue Apr 29 12:33:09 2008 Importance: security ID: MDVSA-2008:094 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:094 %pre A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The updated packages have been patched to correct this issue. %description Speex is a patent-free audio codec designed especially for voice (unlike Vorbis which targets general audio) signals and providing good narrowband and wideband quality. This project aims to be complementary to the Vorbis codec. %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Tue Apr 29 15:54:13 2008 Importance: bugfix ID: MDVA-2008:049 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:049 %pre A new version of drakxtools is available that fixes detecting device.map inconsistencies when /boot and / are not on the same physical drive, especially when / is LVM and /boot is not. As well, it fixes an inconsistency in device.map detection when /boot, or /, is on Linux software RAID (/dev/mdX). %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package x11-driver-video-mga Update: Tue Apr 29 18:04:03 2008 Importance: bugfix ID: MDVA-2008:050 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:050 %pre An updated x11-driver-video-mga package is available that corrects a problem where an earlier version was used to update the mga driver version 1.47, instead of the proper 1.4.8 version. %description The X.org driver for Matrox Cards %package libsilc1.1_2 libsilcclient1.1_2 silc-toolkit silc-toolkit-devel Update: Tue Apr 29 21:01:17 2008 Importance: bugfix ID: MDVA-2008:051 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:051 %pre The silc libraries for Mandriva Linux 2008.1 contained an obsolete patch for a bug that was already fixed, preventing the libraries from connecting to the silc network. This update removes the obsolete patch, restoring correct functionality of the libraries. %description SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services on the Internet over insecure channel. SILC is IRC-like software although internally they are very different. The biggest similarity between SILC and IRC is that they both provide conferencing services and that SILC has almost the same commands as IRC. Other than that they are nothing alike. Major differences are that SILC is secure what IRC is not in any way. The network model is also entirely different compared to IRC. This package provides development related files for any application that has SILC support. %package libmesagl1 libmesagl1-devel libmesaglu1 libmesaglu1-devel libmesaglut3 libmesaglut3-devel libmesaglw1 libmesaglw1-devel mesa mesa-common-devel mesa-demos mesa-source Update: Wed Apr 30 11:48:24 2008 Importance: bugfix ID: MDVA-2008:052 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:052 %pre Updated Mesa packages are available that correct a problem of reversed logic in Mesa 7.0.3rc2 on Intel i965 cards. %description Mesa is an OpenGL 2.1 compatible 3D graphics library. %package notification-daemon Update: Wed Apr 30 12:05:20 2008 Importance: bugfix ID: MDVA-2008:053 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:053 %pre The last line in notification bubbles created by programs like gnome-power-manager was truncated. This update makes those notifications readable. %description A daemon that displays passive pop-up notifications as per the Desktop Notifications spec (http://galago.info/specs/notification/index.php). %package freeradius freeradius-krb5 freeradius-ldap freeradius-mysql freeradius-postgresql freeradius-unixODBC libfreeradius1 libfreeradius-devel Update: Wed Apr 30 13:12:22 2008 Importance: bugfix ID: MDVA-2008:054 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:054 %pre The freeradius package included in Mandriva Linux 2008.1 had hardcoded the use of the '-y' option in its initscript, which is no longer a valid option in the new major version of 2.0. As a result, the initscript was unable to launch the service correctly. As well, a file name error in the EAP module configuration triggered an error at launch. Both issues are corrected with this update package. %description The FreeRADIUS Server Project is a high-performance and highly configurable GPL'd RADIUS server. It is somewhat similar to the Livingston 2.0 RADIUS server, but has many more features, and is much more configurable. %package x11-data-xkbdata Update: Wed Apr 30 13:46:52 2008 Importance: bugfix ID: MDVA-2008:055 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:055 %pre Mandriva Linux 2008.1 introduced an improved Finnish default keyboard layout called Kotoistus. This layout adds altgr-space as a key combination for non-breaking space. However, that key combination can be easily hit accidentally when a normal space was intended instead, especially after typing the pipe character. This update removes the new key combination. Non-breaking space can still be typed via the traditional combination altgr-shift-space. %description Xkeyboard-config provides consistent, well-structured, frequently released of X keyboard configuration data (XKB) for various X Window System implementations. %package librhythmbox0 rhythmbox rhythmbox-mozilla rhythmbox-upnp Update: Wed Apr 30 21:24:23 2008 Importance: bugfix ID: MDVA-2008:056 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:056 %pre Amazon.com has removed support for the cover image fetching API used in rhythmbox. This updates to the new API to make cover image support work again. %description Music Management application with support for ripping audio-cd's, playback of Ogg Vorbis and Mp3 and burning of CD-Rs. %package libwine1 libwine-devel wine Update: Fri May 02 19:42:12 2008 Importance: bugfix ID: MDVA-2008:057 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:057 %pre Some commercial Windows programs did not run under previous builds of Wine, producing an error message notifying the user that a debugger has been detected. This update corrects the issue. %description Wine is a program which allows running Microsoft Windows programs (including DOS, Windows 3.x and Win32 executables) on Unix. It consists of a program loader which loads and executes a Microsoft Windows binary, and a library (called Winelib) that implements Windows API calls using their Unix or X11 equivalents. The library may also be used for porting Win32 code into native Unix executables. %package emacs emacs-common emacs-doc emacs-el emacs-gtk emacs-leim emacs-nox Update: Tue May 06 13:16:09 2008 Importance: security ID: MDVSA-2008:096 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:096 %pre Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program (CVE-2008-1694). The updated packages have been patched to correct this issue. %description Emacs-X11 includes the Emacs text editor program for use with the X Window System (it provides support for the mouse and other GUI elements). Emacs-X11 will also run Emacs outside of X, but it has a larger memory footprint than the 'non-X' Emacs package (emacs-nox). Install emacs if you are going to use Emacs with the X Window System. You should also install emacs if you're going to run Emacs both with and without X (it will work fine both ways). You'll also need to install the emacs-common package in order to run Emacs. %package kdelibs-common kdelibs-devel-doc libkdecore4 libkdecore4-devel Update: Tue May 06 15:02:17 2008 Importance: security ID: MDVSA-2008:097 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:097 %pre A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code (CVE-2008-1671). By default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated packages have been patched to correct this issue. %description Libraries for the K Desktop Environment. %package openssh openssh-askpass openssh-askpass-common openssh-askpass-gnome openssh-clients openssh-server Update: Tue May 06 15:04:02 2008 Importance: security ID: MDVSA-2008:098 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:098 %pre A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc (CVE-2008-1657). The updated packages have been patched to correct this issue. %description Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. You can build openssh with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] skey smartcard support (disabled) --with[out] krb5 kerberos support (enabled) --with[out] watchdog watchdog support (disabled) --with[out] x11askpass X11 ask pass support (enabled) --with[out] gnomeaskpass Gnome ask pass support (enabled) --with[out] ldap OpenLDAP support (disabled) --with[out] sftpcontrol sftp file control support (disabled) --with[out] chroot chroot support (disabled) --with[out] hpn HPN ssh/scp support (disabled) %package rpmdrake Update: Thu May 15 15:17:44 2008 Importance: bugfix ID: MDVA-2008:063 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:063 %pre This update fixes several minor issues in rpmdrake: - it prevents crashing if the RPM database is locked when trying to install some packages (bug #40244) - it fixes a crash when the default view is unknown (bug #39626) - it enables searching also with the numeric pad's Enter key (bug #40659) - it makes rpmdrake not list backports as (unselected) updates, like MandrivaUpdate does It also makes MandrivaUpdate fit in laptops screen (eg when resolution only has 480 horizontal lines) %description This package contains the Mandriva graphical software manipulation tools. Rpmdrake provides a simple interface that makes it easy to install and remove software. MandrivaUpdate is a single-purpose application for keeping your system up to date with the latest official updates. There is also a tool for configuring package sources (medias), which can be run independently or accessed from within rpmdrake. %package draksnapshot Update: Thu May 15 15:34:43 2008 Importance: bugfix ID: MDVA-2008:064 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:064 %pre This update fixes a few issues in draksnapshot. It prevents the applet from crashing if DBUS is not accessible (bug #40031). The applet will also now ignore the root disc, if it's USB. The configurator will now prevent to recursively backup the backup directory (bug #39801). Last but not least, it will default to /media instead of /home when offering a backup point. (bug #39802) %description This is a backup program that uses rsync to take backup snapshots of filesystems. It uses hard links to save space on disk. %package iproute2 iproute2-doc Update: Thu May 15 16:27:53 2008 Importance: bugfix ID: MDVA-2008:065 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:065 %pre The iproute2 package released with mandriva 2008.1 had a problem which prevented its usage with kernels of versions 2.6.21 and older, notably the Xen kernel (2.6.18). This update fixes the issue. %description The iproute package contains networking utilities (ip, tc and rtmon, for example) which are designed to use the advanced networking capabilities of the Linux 2.2.x kernels and later, such as policy routing, fast NAT and packet scheduling. %package rdesktop Update: Fri May 16 11:33:33 2008 Importance: security ID: MDVSA-2008:101 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:101 %pre Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a denial of service (crash) and possibly execute arbitrary code with the privileges of the logged-in user (CVE-2008-1801). A buffer overflow vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user (CVE-2008-1802). An integer signedness vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user (CVE-2008-1803). In order for these vulnerabilities to be exploited, an attacker must persuade a targeted user to connect to a malicious RDP server. The updated packages have been patched to correct these issues. %description rdesktop is an open source client for Windows NT Terminal Server and Windows 2000 Terminal Services, capable of natively speaking Remote Desktop Protocol (RDP) in order to present the user's NT desktop. Unlike Citrix ICA, no server extensions are required. rdesktop currently runs on most UNIX based platforms with the X Window System, and other ports should be fairly straightforward. rdesktop is used through rfbdrake. %package libvorbis0 libvorbis-devel libvorbisenc2 libvorbisfile3 Update: Fri May 16 11:43:29 2008 Importance: security ID: MDVSA-2008:102 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:102 %pre Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefuly crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitray code when opened (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423). The updated packages have been patched to correct these issues. %description Ogg Vorbis is a fully open, non-proprietary, patent-and-royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. Find some free Ogg Vorbis music here: http://www.vorbis.com/music.html %package libid3tag0 libid3tag-devel Update: Mon May 19 11:54:59 2008 Importance: security ID: MDVSA-2008:103 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:103 %pre field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop. The updated packages have been patched to correct this. %description %package xinitrc Update: Mon May 19 14:05:30 2008 Importance: bugfix ID: MDVA-2008:066 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:066 %pre This update corrects a problem where an incorrect path was being used to execute xdm scripts. %description The xinitrc package contains the xinitrc file, a script which is used to configure your X Window System session or to start a window manager. %package ksplash-engine-moodin Update: Mon May 19 14:22:29 2008 Importance: bugfix ID: MDVA-2008:067 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:067 %pre ksplash-engine-moodin has some background caching routines for simulating the transparency and the fade-in effect of the loading steps. When the session loading happens too fast, the first steps don't have enough time to finish the caching before the later steps start to happen, showing some images that look cut. This update corrects the problem. %description Splash Screen Engine for KDE Heavily customizable engine for various types of themes FEATURES: - Scale cache - Fading images - Use current icon set or custom images - Unlimited Custom text labels - Set fading delay and length - Custom image arrangement - Resolution independent themes %package flash-kde-config free-kde-config mandriva-kde-config-common mandriva-kdm-config one-kde-config powerpack-kde-config Update: Mon May 19 14:51:03 2008 Importance: bugfix ID: MDVA-2008:068 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:068 %pre This is an updated mandriva-kde-config package containing the new artwork for the next Mandriva Flash. %description This package regroups all specific Mandriva config file for KDE. (kicker config etc.) %package initscripts Update: Mon May 19 15:07:48 2008 Importance: bugfix ID: MDVA-2008:069 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:069 %pre The bootsplash text messages were not correctly appearing at startup (bug #38882). The /dev/fb0 device was missing in early boot and bootsplash initialization was complaining about it (bug #38338). The shutdown process of network services could be troublesome, because resolvconf would be stopped too early. The updated package fixes these issues. %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package actuator-kernel-2.6.24.4-desktop-3mnb actuator-kernel-2.6.24.4-desktop586-3mnb actuator-kernel-2.6.24.4-laptop-3mnb actuator-kernel-2.6.24.4-server-3mnb actuator-kernel-desktop586-latest actuator-kernel-desktop-latest actuator-kernel-laptop-latest actuator-kernel-server-latest alsa_raoppcm-kernel-2.6.24.4-desktop-3mnb alsa_raoppcm-kernel-2.6.24.4-desktop586-3mnb alsa_raoppcm-kernel-2.6.24.4-laptop-3mnb alsa_raoppcm-kernel-2.6.24.4-server-3mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-laptop-latest alsa_raoppcm-kernel-server-latest dkms-pcc-acpi-kernel-2.6.24.4-desktop-3mnb dkms-pcc-acpi-kernel-2.6.24.4-desktop586-3mnb dkms-pcc-acpi-kernel-2.6.24.4-laptop-3mnb dkms-pcc-acpi-kernel-2.6.24.4-server-3mnb dkms-pcc-acpi-kernel-desktop586-latest dkms-pcc-acpi-kernel-desktop-latest dkms-pcc-acpi-kernel-laptop-latest dkms-pcc-acpi-kernel-server-latest drm-experimental-kernel-2.6.24.4-desktop-3mnb drm-experimental-kernel-2.6.24.4-desktop586-3mnb drm-experimental-kernel-2.6.24.4-laptop-3mnb drm-experimental-kernel-2.6.24.4-server-3mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-laptop-latest drm-experimental-kernel-server-latest em8300-kernel-2.6.24.4-desktop-3mnb em8300-kernel-2.6.24.4-desktop586-3mnb em8300-kernel-2.6.24.4-laptop-3mnb em8300-kernel-2.6.24.4-server-3mnb em8300-kernel-desktop586-latest em8300-kernel-desktop-latest em8300-kernel-laptop-latest em8300-kernel-server-latest et131x-kernel-2.6.24.4-desktop-3mnb et131x-kernel-2.6.24.4-desktop586-3mnb et131x-kernel-2.6.24.4-laptop-3mnb et131x-kernel-2.6.24.4-server-3mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-laptop-latest et131x-kernel-server-latest fcdsl2-kernel-2.6.24.4-desktop-3mnb fcdsl2-kernel-2.6.24.4-desktop586-3mnb fcdsl2-kernel-2.6.24.4-laptop-3mnb fcdsl2-kernel-2.6.24.4-server-3mnb fcdsl2-kernel-desktop586-latest fcdsl2-kernel-desktop-latest fcdsl2-kernel-laptop-latest fcdsl2-kernel-server-latest fcdsl-kernel-2.6.24.4-desktop-3mnb fcdsl-kernel-2.6.24.4-desktop586-3mnb fcdsl-kernel-2.6.24.4-laptop-3mnb fcdsl-kernel-2.6.24.4-server-3mnb fcdsl-kernel-desktop586-latest fcdsl-kernel-desktop-latest fcdsl-kernel-laptop-latest fcdsl-kernel-server-latest fcdslsl-kernel-2.6.24.4-desktop-3mnb fcdslsl-kernel-2.6.24.4-desktop586-3mnb fcdslsl-kernel-2.6.24.4-laptop-3mnb fcdslsl-kernel-2.6.24.4-server-3mnb fcdslsl-kernel-desktop586-latest fcdslsl-kernel-desktop-latest fcdslsl-kernel-laptop-latest fcdslsl-kernel-server-latest fcdslslusb-kernel-2.6.24.4-desktop-3mnb fcdslslusb-kernel-2.6.24.4-desktop586-3mnb fcdslslusb-kernel-2.6.24.4-laptop-3mnb fcdslslusb-kernel-2.6.24.4-server-3mnb fcdslslusb-kernel-desktop586-latest fcdslslusb-kernel-desktop-latest fcdslslusb-kernel-laptop-latest fcdslslusb-kernel-server-latest fcdslusb2-kernel-2.6.24.4-desktop-3mnb fcdslusb2-kernel-2.6.24.4-desktop586-3mnb fcdslusb2-kernel-2.6.24.4-laptop-3mnb fcdslusb2-kernel-2.6.24.4-server-3mnb fcdslusb2-kernel-desktop586-latest fcdslusb2-kernel-desktop-latest fcdslusb2-kernel-laptop-latest fcdslusb2-kernel-server-latest fcdslusba-kernel-2.6.24.4-desktop-3mnb fcdslusba-kernel-2.6.24.4-desktop586-3mnb fcdslusba-kernel-2.6.24.4-laptop-3mnb fcdslusba-kernel-2.6.24.4-server-3mnb fcdslusba-kernel-desktop586-latest fcdslusba-kernel-desktop-latest fcdslusba-kernel-laptop-latest fcdslusba-kernel-server-latest fcdslusb-kernel-2.6.24.4-desktop-3mnb fcdslusb-kernel-2.6.24.4-desktop586-3mnb fcdslusb-kernel-2.6.24.4-laptop-3mnb fcdslusb-kernel-2.6.24.4-server-3mnb fcdslusb-kernel-desktop586-latest fcdslusb-kernel-desktop-latest fcdslusb-kernel-laptop-latest fcdslusb-kernel-server-latest fcpci-kernel-2.6.24.4-desktop-3mnb fcpci-kernel-2.6.24.4-desktop586-3mnb fcpci-kernel-2.6.24.4-laptop-3mnb fcpci-kernel-2.6.24.4-server-3mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-laptop-latest fcpci-kernel-server-latest fcusb2-kernel-2.6.24.4-desktop-3mnb fcusb2-kernel-2.6.24.4-desktop586-3mnb fcusb2-kernel-2.6.24.4-laptop-3mnb fcusb2-kernel-2.6.24.4-server-3mnb fcusb2-kernel-desktop586-latest fcusb2-kernel-desktop-latest fcusb2-kernel-laptop-latest fcusb2-kernel-server-latest fcusb-kernel-2.6.24.4-desktop-3mnb fcusb-kernel-2.6.24.4-desktop586-3mnb fcusb-kernel-2.6.24.4-laptop-3mnb fcusb-kernel-2.6.24.4-server-3mnb fcusb-kernel-desktop586-latest fcusb-kernel-desktop-latest fcusb-kernel-laptop-latest fcusb-kernel-server-latest fglrx-kernel-2.6.24.4-desktop-3mnb fglrx-kernel-2.6.24.4-desktop586-3mnb fglrx-kernel-2.6.24.4-laptop-3mnb fglrx-kernel-2.6.24.4-server-3mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-laptop-latest fglrx-kernel-server-latest fxusb_CZ-kernel-2.6.24.4-desktop-3mnb fxusb_CZ-kernel-2.6.24.4-desktop586-3mnb fxusb_CZ-kernel-2.6.24.4-laptop-3mnb fxusb_CZ-kernel-2.6.24.4-server-3mnb fxusb_CZ-kernel-desktop586-latest fxusb_CZ-kernel-desktop-latest fxusb_CZ-kernel-laptop-latest fxusb_CZ-kernel-server-latest fxusb-kernel-2.6.24.4-desktop-3mnb fxusb-kernel-2.6.24.4-desktop586-3mnb fxusb-kernel-2.6.24.4-laptop-3mnb fxusb-kernel-2.6.24.4-server-3mnb fxusb-kernel-desktop586-latest fxusb-kernel-desktop-latest fxusb-kernel-laptop-latest fxusb-kernel-server-latest gspca-kernel-2.6.24.4-desktop-3mnb gspca-kernel-2.6.24.4-desktop586-3mnb gspca-kernel-2.6.24.4-laptop-3mnb gspca-kernel-2.6.24.4-server-3mnb gspca-kernel-desktop586-latest gspca-kernel-desktop-latest gspca-kernel-laptop-latest gspca-kernel-server-latest hsfmodem-kernel-2.6.24.4-desktop-3mnb hsfmodem-kernel-2.6.24.4-desktop586-3mnb hsfmodem-kernel-2.6.24.4-laptop-3mnb hsfmodem-kernel-2.6.24.4-server-3mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-laptop-latest hsfmodem-kernel-server-latest ipw3945-kernel-2.6.24.4-desktop-3mnb ipw3945-kernel-2.6.24.4-desktop586-3mnb ipw3945-kernel-2.6.24.4-laptop-3mnb ipw3945-kernel-2.6.24.4-server-3mnb ipw3945-kernel-desktop586-latest ipw3945-kernel-desktop-latest ipw3945-kernel-laptop-latest ipw3945-kernel-server-latest iwlwifi-kernel-2.6.24.4-desktop-3mnb iwlwifi-kernel-2.6.24.4-desktop586-3mnb iwlwifi-kernel-2.6.24.4-laptop-3mnb iwlwifi-kernel-2.6.24.4-server-3mnb iwlwifi-kernel-desktop586-latest iwlwifi-kernel-desktop-latest iwlwifi-kernel-laptop-latest iwlwifi-kernel-server-latest kernel-2.6.24.4-3mnb kernel-desktop-2.6.24.4-3mnb kernel-desktop586-2.6.24.4-3mnb kernel-desktop586-devel-2.6.24.4-3mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.24.4-3mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-laptop-2.6.24.4-3mnb kernel-laptop-devel-2.6.24.4-3mnb kernel-laptop-devel-latest kernel-laptop-latest kernel-server-2.6.24.4-3mnb kernel-server-devel-2.6.24.4-3mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.24.4-3mnb kernel-source-latest kqemu-kernel-2.6.24.4-desktop-3mnb kqemu-kernel-2.6.24.4-desktop586-3mnb kqemu-kernel-2.6.24.4-laptop-3mnb kqemu-kernel-2.6.24.4-server-3mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-laptop-latest kqemu-kernel-server-latest libafs-kernel-2.6.24.4-desktop-3mnb libafs-kernel-2.6.24.4-desktop586-3mnb libafs-kernel-2.6.24.4-laptop-3mnb libafs-kernel-2.6.24.4-server-3mnb libafs-kernel-desktop586-latest libafs-kernel-desktop-latest libafs-kernel-laptop-latest libafs-kernel-server-latest lirc-kernel-2.6.24.4-desktop-3mnb lirc-kernel-2.6.24.4-desktop586-3mnb lirc-kernel-2.6.24.4-laptop-3mnb lirc-kernel-2.6.24.4-server-3mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-laptop-latest lirc-kernel-server-latest lzma-kernel-2.6.24.4-desktop-3mnb lzma-kernel-2.6.24.4-desktop586-3mnb lzma-kernel-2.6.24.4-laptop-3mnb lzma-kernel-2.6.24.4-server-3mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-laptop-latest lzma-kernel-server-latest m560x-kernel-2.6.24.4-desktop-3mnb m560x-kernel-2.6.24.4-desktop586-3mnb m560x-kernel-2.6.24.4-laptop-3mnb m560x-kernel-2.6.24.4-server-3mnb m560x-kernel-desktop586-latest m560x-kernel-desktop-latest m560x-kernel-laptop-latest m560x-kernel-server-latest madwifi-kernel-2.6.24.4-desktop-3mnb madwifi-kernel-2.6.24.4-desktop586-3mnb madwifi-kernel-2.6.24.4-laptop-3mnb madwifi-kernel-2.6.24.4-server-3mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-laptop-latest madwifi-kernel-server-latest ndiswrapper-kernel-2.6.24.4-desktop-3mnb ndiswrapper-kernel-2.6.24.4-desktop586-3mnb ndiswrapper-kernel-2.6.24.4-laptop-3mnb ndiswrapper-kernel-2.6.24.4-server-3mnb ndiswrapper-kernel-desktop586-latest ndiswrapper-kernel-desktop-latest ndiswrapper-kernel-laptop-latest ndiswrapper-kernel-server-latest nvidia71xx-kernel-2.6.24.4-desktop-3mnb nvidia71xx-kernel-2.6.24.4-desktop586-3mnb nvidia71xx-kernel-2.6.24.4-laptop-3mnb nvidia71xx-kernel-2.6.24.4-server-3mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-laptop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.24.4-desktop-3mnb nvidia96xx-kernel-2.6.24.4-desktop586-3mnb nvidia96xx-kernel-2.6.24.4-laptop-3mnb nvidia96xx-kernel-2.6.24.4-server-3mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-laptop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.24.4-desktop-3mnb nvidia-current-kernel-2.6.24.4-desktop586-3mnb nvidia-current-kernel-2.6.24.4-laptop-3mnb nvidia-current-kernel-2.6.24.4-server-3mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-laptop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.24.4-desktop-3mnb omfs-kernel-2.6.24.4-desktop586-3mnb omfs-kernel-2.6.24.4-laptop-3mnb omfs-kernel-2.6.24.4-server-3mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-laptop-latest omfs-kernel-server-latest opencbm-kernel-2.6.24.4-desktop-3mnb opencbm-kernel-2.6.24.4-desktop586-3mnb opencbm-kernel-2.6.24.4-laptop-3mnb opencbm-kernel-2.6.24.4-server-3mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-laptop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.24.4-desktop-3mnb ov51x-jpeg-kernel-2.6.24.4-desktop586-3mnb ov51x-jpeg-kernel-2.6.24.4-laptop-3mnb ov51x-jpeg-kernel-2.6.24.4-server-3mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-laptop-latest ov51x-jpeg-kernel-server-latest qc-usb-messenger-kernel-2.6.24.4-desktop-3mnb qc-usb-messenger-kernel-2.6.24.4-desktop586-3mnb qc-usb-messenger-kernel-2.6.24.4-laptop-3mnb qc-usb-messenger-kernel-2.6.24.4-server-3mnb qc-usb-messenger-kernel-desktop586-latest qc-usb-messenger-kernel-desktop-latest qc-usb-messenger-kernel-laptop-latest qc-usb-messenger-kernel-server-latest r5u870-kernel-2.6.24.4-desktop-3mnb r5u870-kernel-2.6.24.4-desktop586-3mnb r5u870-kernel-2.6.24.4-laptop-3mnb r5u870-kernel-2.6.24.4-server-3mnb r5u870-kernel-desktop586-latest r5u870-kernel-desktop-latest r5u870-kernel-laptop-latest r5u870-kernel-server-latest realcrypt-kernel-2.6.24.4-desktop-3mnb realcrypt-kernel-2.6.24.4-desktop586-3mnb realcrypt-kernel-2.6.24.4-laptop-3mnb realcrypt-kernel-2.6.24.4-server-3mnb realcrypt-kernel-desktop586-latest realcrypt-kernel-desktop-latest realcrypt-kernel-laptop-latest realcrypt-kernel-server-latest slmodem-kernel-2.6.24.4-desktop-3mnb slmodem-kernel-2.6.24.4-desktop586-3mnb slmodem-kernel-2.6.24.4-laptop-3mnb slmodem-kernel-2.6.24.4-server-3mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-laptop-latest slmodem-kernel-server-latest squashfs-kernel-2.6.24.4-desktop-3mnb squashfs-kernel-2.6.24.4-desktop586-3mnb squashfs-kernel-2.6.24.4-laptop-3mnb squashfs-kernel-2.6.24.4-server-3mnb squashfs-kernel-desktop586-latest squashfs-kernel-desktop-latest squashfs-kernel-laptop-latest squashfs-kernel-server-latest squashfs-lzma-kernel-2.6.24.4-desktop-3mnb squashfs-lzma-kernel-2.6.24.4-desktop586-3mnb squashfs-lzma-kernel-2.6.24.4-laptop-3mnb squashfs-lzma-kernel-2.6.24.4-server-3mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-laptop-latest squashfs-lzma-kernel-server-latest syntek-kernel-2.6.24.4-desktop-3mnb syntek-kernel-2.6.24.4-desktop586-3mnb syntek-kernel-2.6.24.4-laptop-3mnb syntek-kernel-2.6.24.4-server-3mnb syntek-kernel-desktop586-latest syntek-kernel-desktop-latest syntek-kernel-laptop-latest syntek-kernel-server-latest tp_smapi-kernel-2.6.24.4-desktop-3mnb tp_smapi-kernel-2.6.24.4-desktop586-3mnb tp_smapi-kernel-2.6.24.4-laptop-3mnb tp_smapi-kernel-2.6.24.4-server-3mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-laptop-latest tp_smapi-kernel-server-latest unicorn-kernel-2.6.24.4-desktop-3mnb unicorn-kernel-2.6.24.4-desktop586-3mnb unicorn-kernel-2.6.24.4-laptop-3mnb unicorn-kernel-2.6.24.4-server-3mnb unicorn-kernel-desktop586-latest unicorn-kernel-desktop-latest unicorn-kernel-laptop-latest unicorn-kernel-server-latest unionfs-kernel-2.6.24.4-desktop-3mnb unionfs-kernel-2.6.24.4-desktop586-3mnb unionfs-kernel-2.6.24.4-laptop-3mnb unionfs-kernel-2.6.24.4-server-3mnb unionfs-kernel-desktop586-latest unionfs-kernel-desktop-latest unionfs-kernel-laptop-latest unionfs-kernel-server-latest vboxadd-kernel-2.6.24.4-desktop-3mnb vboxadd-kernel-2.6.24.4-desktop586-3mnb vboxadd-kernel-2.6.24.4-laptop-3mnb vboxadd-kernel-2.6.24.4-server-3mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-laptop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.24.4-desktop-3mnb vboxvfs-kernel-2.6.24.4-desktop586-3mnb vboxvfs-kernel-2.6.24.4-laptop-3mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-laptop-latest virtualbox-kernel-2.6.24.4-desktop-3mnb virtualbox-kernel-2.6.24.4-desktop586-3mnb virtualbox-kernel-2.6.24.4-laptop-3mnb virtualbox-kernel-2.6.24.4-server-3mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-laptop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.24.4-desktop-3mnb vpnclient-kernel-2.6.24.4-desktop586-3mnb vpnclient-kernel-2.6.24.4-laptop-3mnb vpnclient-kernel-2.6.24.4-server-3mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-laptop-latest vpnclient-kernel-server-latest Update: Tue May 20 13:16:52 2008 Importance: security ID: MDVSA-2008:104 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:104 %pre A race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. (CVE-2008-1375) The Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain re-ordered access to the descriptor table. (CVE-2008-1669) Additionaly, the updated kernel for Mandriva Linux 2008.0 has bug fixes for sound on NEC S970 systems, an oops in module rt73, and the -devel package fixes DKMS builds. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package gnutls libgnutls26 libgnutls-devel Update: Fri May 23 16:14:58 2008 Importance: security ID: MDVSA-2008:106 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:106 %pre Flaws discovered in versions prior to 2.2.4 (stable) and 2.3.10 (development) of GnuTLS allow an attacker to cause denial of service (application crash), and maybe (so far undetermined) execute arbitrary code. The updated packages have been patched to fix these flaws. Note that any applications using this library must be restarted for the update to take effect. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package dkms dkms-minimal Update: Mon May 26 09:53:03 2008 Importance: bugfix ID: MDVA-2008:070 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:070 %pre The dkms-minimal package in Mandriva Linux 2008 Spring did not require lsb-release. If lsb-release was not installed, the dkms modules were installed in the standard location, instead of the intended /dkms or /dkms-binary. This update fixes that issue. Due to another bug, dkms would consider older installed binary dkms modules as original modules when installing a newer version of the module as a source dkms package, thus wrongly moving the binary modules around. This update disables original_module handling, not needed anymore since the rework of dkms system in 2008 Spring. Dkms would also print an error message during an upgrade of binary module packages, and under certain conditions an additional warning message regarding multiple modules being found. This update removes those harmless messages when they are not appropriate. %description This package contains the framework for the Dynamic Kernel Module Support (DKMS) method for installing module RPMS as originally developed by the Dell Computer Corporation. This package is intended for building binary kernel modules with dkms source packages installed %package nfs-utils nfs-utils-clients Update: Mon May 26 10:09:17 2008 Importance: bugfix ID: MDVA-2008:071 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:071 %pre The nfs server initscript in Mandriva Linux 2008 and 2008 Spring releases lacked support for NFS quota, preventing quota information to be available on user side. The updated packages fix this issue. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package x11-server x11-server-common x11-server-devel x11-server-xati x11-server-xchips x11-server-xephyr x11-server-xepson x11-server-xfake x11-server-xfbdev x11-server-xi810 x11-server-xmach64 x11-server-xmga x11-server-xnest x11-server-xnvidia x11-server-xorg x11-server-xpm2 x11-server-xr128 x11-server-xsdl x11-server-xsmi x11-server-xvesa x11-server-xvfb x11-server-xvia x11-server-xvnc Update: Mon May 26 15:00:11 2008 Importance: bugfix ID: MDVA-2008:072 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:072 %pre On certain circumstances, specially when using Wine, keys would get stuck, and stay so, even after quitting the application, requiring the user to restart Xorg. The updated packages fix this issue. %description X11 servers %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Wed May 28 09:00:21 2008 Importance: security ID: MDVSA-2008:107 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:107 %pre Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause a crash. (CVE-2008-0891) Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash. (CVE-2008-1672) The updated packages have been patched to fix these flaws. Note that any applications using this library must be restarted for the update to take effect. %description %package hal-info Update: Wed May 28 09:18:27 2008 Importance: bugfix ID: MDVA-2008:073 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:073 %pre This package adds quirks to fix suspend/resume on Airis Kira, Asus EEE PC. It also ensure fake CDROM on Option/Huawei 3G keys are ignored, and fix Delete key not working properly on Acer Extensa 5220. %description hal-info contains device information for HAL. %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Wed May 28 10:16:12 2008 Importance: bugfix ID: MDVA-2008:074 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:074 %pre This update fixes a few minor issues with draksound: - it greys PulseAudio options in the GUI if PulseAudio is disabled - it disables PulseAudio routing when PulseAudio is disabled (bug #40219) %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-smbldap-tools samba-swat samba-vscan-clamav samba-vscan-icap samba-winbind Update: Wed May 28 14:47:47 2008 Importance: security ID: MDVSA-2008:108 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:108 %pre %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package drakconf drakconf-icons Update: Wed May 28 16:24:11 2008 Importance: bugfix ID: MDVA-2008:075 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:075 %pre This update fixes a crash that some users saw, which resulted in either a segfault or a strange perl error (bug #34505). %description drakconf includes the Mandriva Linux Control Center which is an interface to multiple utilities from DrakXtools. %package krandr Update: Thu May 29 01:36:49 2008 Importance: bugfix ID: MDVA-2008:076 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:076 %pre Display session in Krandr-config window could hang the X server. This update fixes that bug. %description KRandr is an applet for configuring screen size and rotation through the XRandR extension. %package gnome-settings-daemon gnome-settings-daemon-devel Update: Thu May 29 08:06:59 2008 Importance: bugfix ID: MDVA-2008:077 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:077 %pre Gnome-settings-daemon was not respecting correctly user settings when disabling the background completely. This bug has been sfixed, improvement have been made in the time needed to display background when nautilus is used by the system, additional bugfixes and translations have been integrated in this updated package. %description GNOME settings daemon manages the configuration of the desktop in the background. %package kdebase kdebase-common kdebase-devel-doc kdebase-kate kdebase-kdeprintfax kdebase-kdm kdebase-kmenuedit kdebase-konsole kdebase-ksysguard kdebase-nsplugins kdebase-progs kdebase-session-plugins libkdebase4 libkdebase4-devel libkdebase4-kate libkdebase4-kmenuedit libkdebase4-konsole Update: Thu May 29 11:52:00 2008 Importance: bugfix ID: MDVA-2008:078 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:078 %pre Keject would not raise an error when trying to eject USB devices. Kdesktop was using too much CPU every minute and wasting power. This update fixes these bugs. %description Core applications for the K Desktop Environment. Here is an overview of the directories: - drkonqi: if ever an app crashes (heaven forbid!) then Dr.Konqi will be so kind and make a stack trace. This is a great help for the developers to fix the bug. - kappfinder: searches your hard disk for non-KDE applications, e.g. Acrobat Reader (tm) and installs those apps under the K start button - kate: a fast and advanced text editor with nice plugins - kcheckpass: small program to enter and check passwords, only to be used by other programs - kcontrol: the KDE Control Center allows you to tweak the KDE settings - kdcop: GUI app to browse for DCOP interfaces, can also execute them - kdebugdialog: allows you to specify which debug messages you want to see - kdeprint: the KDE printing system - kdesktop: you guessed it: the desktop above the panel - kdesu: a graphical front end to "su" - kdm: replacement for XDM, for those people that like graphical logins - kfind: find files - khelpcenter: the app to read all great documentation about KDE - khotkeys: intercepts keys and can call applications - kicker: the panel at the botton with the K start button and the taskbar etc - kioslave: infrastructure that helps make every application internet enabled e.g. to directly save a file to ftp://place.org/dir/file.txt - klipper: enhances and extenses the X clipboard - kmenuedit: edit for the menu below the K start button - konqueror: the file manager and web browser you get easily used to - kpager: applet to show the contents of the virtual desktops - kpersonalizer: the customization wizard you get when you first start KDE - kreadconfig: a tool for shell scripts to get info from KDE's config files - kscreensaver: the KDE screensaver environment and lot's of savers - ksmserver: the KDE session manager (saves program status on login, restarts those program at the next login) - ksplash: the screen displayed while KDE starts - kstart: to launch applications with special window properties such as iconified etc - ksysguard: task manager and system monitor, even for remote systems - ksystraycmd: allows to run any application in the system tray - ktip: gives you tips how to use KDE - kwin: the KDE window manager - kxkb: a keyboard map tool - legacyimport: odd name for a cute program to load GTK themes - libkonq: some libraries needed by Konqueror - nsplugins: together with OSF/Motif or Lesstif allows you to use Netscape (tm) plugins in Konqueror %package kdegraphics kdegraphics-common kdegraphics-kcolorchooser kdegraphics-kcoloredit kdegraphics-kdvi kdegraphics-kfax kdegraphics-kghostview kdegraphics-kiconedit kdegraphics-kolourpaint kdegraphics-kooka kdegraphics-kpdf kdegraphics-kpovmodeler kdegraphics-kruler kdegraphics-ksnapshot kdegraphics-ksvg kdegraphics-kuickshow kdegraphics-kview kdegraphics-mrmlsearch libkdegraphics0-common libkdegraphics0-common-devel libkdegraphics0-kghostview libkdegraphics0-kghostview-devel libkdegraphics0-kooka libkdegraphics0-kooka-devel libkdegraphics0-kpovmodeler libkdegraphics0-kpovmodeler-devel libkdegraphics0-ksvg libkdegraphics0-ksvg-devel libkdegraphics0-kview libkdegraphics0-kview-devel Update: Fri May 30 14:50:45 2008 Importance: bugfix ID: MDVA-2008:079 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:079 %pre Display session in Kdesktop preference window would hang the X server. This update fixes this bug. %description Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package gnome-themes-extras Update: Mon Jun 02 14:02:51 2008 Importance: bugfix ID: MDVA-2008:080 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:080 %pre A typo in the Darklooks GTK theme definition file made this theme unusable. This update fixes it. %description Additional themes collection for GNOME: this package contains the Darklooks metatheme and the Foxtrot, Gion and Neu icon themes for GNOME2. %package flash-kde-config free-kde-config mandriva-kde-config-common mandriva-kdm-config one-kde-config powerpack-kde-config Update: Mon Jun 02 14:18:26 2008 Importance: bugfix ID: MDVA-2008:081 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:081 %pre This update changes konqueror's default search-engine to ask.com, and adds Exalead.com to the search-engine list. %description This package regroups all specific Mandriva config file for KDE. (kicker config etc.) %package timezone timezone-java Update: Mon Jun 02 15:27:43 2008 Importance: normal ID: MDVA-2008:082 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:082 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package actuator-kernel-2.6.24.5-desktop-1mnb actuator-kernel-2.6.24.5-desktop586-1mnb actuator-kernel-2.6.24.5-laptop-1mnb actuator-kernel-2.6.24.5-server-1mnb actuator-kernel-desktop586-latest actuator-kernel-desktop-latest actuator-kernel-laptop-latest actuator-kernel-server-latest alsa_raoppcm-kernel-2.6.24.5-desktop-1mnb alsa_raoppcm-kernel-2.6.24.5-desktop586-1mnb alsa_raoppcm-kernel-2.6.24.5-laptop-1mnb alsa_raoppcm-kernel-2.6.24.5-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-laptop-latest alsa_raoppcm-kernel-server-latest drm-experimental-kernel-2.6.24.5-desktop-1mnb drm-experimental-kernel-2.6.24.5-desktop586-1mnb drm-experimental-kernel-2.6.24.5-laptop-1mnb drm-experimental-kernel-2.6.24.5-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-laptop-latest drm-experimental-kernel-server-latest em8300-kernel-2.6.24.5-desktop-1mnb em8300-kernel-2.6.24.5-desktop586-1mnb em8300-kernel-2.6.24.5-laptop-1mnb em8300-kernel-2.6.24.5-server-1mnb em8300-kernel-desktop586-latest em8300-kernel-desktop-latest em8300-kernel-laptop-latest em8300-kernel-server-latest fcdsl2-kernel-2.6.24.5-desktop-1mnb fcdsl2-kernel-2.6.24.5-desktop586-1mnb fcdsl2-kernel-2.6.24.5-laptop-1mnb fcdsl2-kernel-2.6.24.5-server-1mnb fcdsl2-kernel-desktop586-latest fcdsl2-kernel-desktop-latest fcdsl2-kernel-laptop-latest fcdsl2-kernel-server-latest fcdsl-kernel-2.6.24.5-desktop-1mnb fcdsl-kernel-2.6.24.5-desktop586-1mnb fcdsl-kernel-2.6.24.5-laptop-1mnb fcdsl-kernel-2.6.24.5-server-1mnb fcdsl-kernel-desktop586-latest fcdsl-kernel-desktop-latest fcdsl-kernel-laptop-latest fcdsl-kernel-server-latest fcdslsl-kernel-2.6.24.5-desktop-1mnb fcdslsl-kernel-2.6.24.5-desktop586-1mnb fcdslsl-kernel-2.6.24.5-laptop-1mnb fcdslsl-kernel-2.6.24.5-server-1mnb fcdslsl-kernel-desktop586-latest fcdslsl-kernel-desktop-latest fcdslsl-kernel-laptop-latest fcdslsl-kernel-server-latest fcdslslusb-kernel-2.6.24.5-desktop-1mnb fcdslslusb-kernel-2.6.24.5-desktop586-1mnb fcdslslusb-kernel-2.6.24.5-laptop-1mnb fcdslslusb-kernel-2.6.24.5-server-1mnb fcdslslusb-kernel-desktop586-latest fcdslslusb-kernel-desktop-latest fcdslslusb-kernel-laptop-latest fcdslslusb-kernel-server-latest fcdslusb2-kernel-2.6.24.5-desktop-1mnb fcdslusb2-kernel-2.6.24.5-desktop586-1mnb fcdslusb2-kernel-2.6.24.5-laptop-1mnb fcdslusb2-kernel-2.6.24.5-server-1mnb fcdslusb2-kernel-desktop586-latest fcdslusb2-kernel-desktop-latest fcdslusb2-kernel-laptop-latest fcdslusb2-kernel-server-latest fcdslusba-kernel-2.6.24.5-desktop-1mnb fcdslusba-kernel-2.6.24.5-desktop586-1mnb fcdslusba-kernel-2.6.24.5-laptop-1mnb fcdslusba-kernel-2.6.24.5-server-1mnb fcdslusba-kernel-desktop586-latest fcdslusba-kernel-desktop-latest fcdslusba-kernel-laptop-latest fcdslusba-kernel-server-latest fcdslusb-kernel-2.6.24.5-desktop-1mnb fcdslusb-kernel-2.6.24.5-desktop586-1mnb fcdslusb-kernel-2.6.24.5-laptop-1mnb fcdslusb-kernel-2.6.24.5-server-1mnb fcdslusb-kernel-desktop586-latest fcdslusb-kernel-desktop-latest fcdslusb-kernel-laptop-latest fcdslusb-kernel-server-latest fcpci-kernel-2.6.24.5-desktop-1mnb fcpci-kernel-2.6.24.5-desktop586-1mnb fcpci-kernel-2.6.24.5-laptop-1mnb fcpci-kernel-2.6.24.5-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-laptop-latest fcpci-kernel-server-latest fcusb2-kernel-2.6.24.5-desktop-1mnb fcusb2-kernel-2.6.24.5-desktop586-1mnb fcusb2-kernel-2.6.24.5-laptop-1mnb fcusb2-kernel-2.6.24.5-server-1mnb fcusb2-kernel-desktop586-latest fcusb2-kernel-desktop-latest fcusb2-kernel-laptop-latest fcusb2-kernel-server-latest fcusb-kernel-2.6.24.5-desktop-1mnb fcusb-kernel-2.6.24.5-desktop586-1mnb fcusb-kernel-2.6.24.5-laptop-1mnb fcusb-kernel-2.6.24.5-server-1mnb fcusb-kernel-desktop586-latest fcusb-kernel-desktop-latest fcusb-kernel-laptop-latest fcusb-kernel-server-latest fglrx-kernel-2.6.24.5-desktop-1mnb fglrx-kernel-2.6.24.5-desktop586-1mnb fglrx-kernel-2.6.24.5-laptop-1mnb fglrx-kernel-2.6.24.5-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-laptop-latest fglrx-kernel-server-latest fxusb_CZ-kernel-2.6.24.5-desktop-1mnb fxusb_CZ-kernel-2.6.24.5-desktop586-1mnb fxusb_CZ-kernel-2.6.24.5-laptop-1mnb fxusb_CZ-kernel-2.6.24.5-server-1mnb fxusb_CZ-kernel-desktop586-latest fxusb_CZ-kernel-desktop-latest fxusb_CZ-kernel-laptop-latest fxusb_CZ-kernel-server-latest fxusb-kernel-2.6.24.5-desktop-1mnb fxusb-kernel-2.6.24.5-desktop586-1mnb fxusb-kernel-2.6.24.5-laptop-1mnb fxusb-kernel-2.6.24.5-server-1mnb fxusb-kernel-desktop586-latest fxusb-kernel-desktop-latest fxusb-kernel-laptop-latest fxusb-kernel-server-latest hsfmodem-kernel-2.6.24.5-desktop-1mnb hsfmodem-kernel-2.6.24.5-desktop586-1mnb hsfmodem-kernel-2.6.24.5-laptop-1mnb hsfmodem-kernel-2.6.24.5-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-laptop-latest hsfmodem-kernel-server-latest ipw3945-kernel-2.6.24.5-desktop-1mnb ipw3945-kernel-2.6.24.5-desktop586-1mnb ipw3945-kernel-2.6.24.5-laptop-1mnb ipw3945-kernel-2.6.24.5-server-1mnb ipw3945-kernel-desktop586-latest ipw3945-kernel-desktop-latest ipw3945-kernel-laptop-latest ipw3945-kernel-server-latest iwlwifi-kernel-2.6.24.5-desktop-1mnb iwlwifi-kernel-2.6.24.5-desktop586-1mnb iwlwifi-kernel-2.6.24.5-laptop-1mnb iwlwifi-kernel-2.6.24.5-server-1mnb iwlwifi-kernel-desktop586-latest iwlwifi-kernel-desktop-latest iwlwifi-kernel-laptop-latest iwlwifi-kernel-server-latest kernel-2.6.24.5-1mnb kernel-desktop-2.6.24.5-1mnb kernel-desktop586-2.6.24.5-1mnb kernel-desktop586-devel-2.6.24.5-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.24.5-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-laptop-2.6.24.5-1mnb kernel-laptop-devel-2.6.24.5-1mnb kernel-laptop-devel-latest kernel-laptop-latest kernel-server-2.6.24.5-1mnb kernel-server-devel-2.6.24.5-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.24.5-1mnb kernel-source-latest kqemu-kernel-2.6.24.5-desktop-1mnb kqemu-kernel-2.6.24.5-desktop586-1mnb kqemu-kernel-2.6.24.5-laptop-1mnb kqemu-kernel-2.6.24.5-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-laptop-latest kqemu-kernel-server-latest libafs-kernel-2.6.24.5-desktop-1mnb libafs-kernel-2.6.24.5-desktop586-1mnb libafs-kernel-2.6.24.5-laptop-1mnb libafs-kernel-2.6.24.5-server-1mnb libafs-kernel-desktop586-latest libafs-kernel-desktop-latest libafs-kernel-laptop-latest libafs-kernel-server-latest lirc-kernel-2.6.24.5-desktop-1mnb lirc-kernel-2.6.24.5-desktop586-1mnb lirc-kernel-2.6.24.5-laptop-1mnb lirc-kernel-2.6.24.5-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-laptop-latest lirc-kernel-server-latest lzma-kernel-2.6.24.5-desktop-1mnb lzma-kernel-2.6.24.5-desktop586-1mnb lzma-kernel-2.6.24.5-laptop-1mnb lzma-kernel-2.6.24.5-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-laptop-latest lzma-kernel-server-latest m560x-kernel-2.6.24.5-desktop-1mnb m560x-kernel-2.6.24.5-desktop586-1mnb m560x-kernel-2.6.24.5-laptop-1mnb m560x-kernel-2.6.24.5-server-1mnb m560x-kernel-desktop586-latest m560x-kernel-desktop-latest m560x-kernel-laptop-latest m560x-kernel-server-latest madwifi-kernel-2.6.24.5-desktop-1mnb madwifi-kernel-2.6.24.5-desktop586-1mnb madwifi-kernel-2.6.24.5-laptop-1mnb madwifi-kernel-2.6.24.5-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-laptop-latest madwifi-kernel-server-latest ndiswrapper-kernel-2.6.24.5-desktop-1mnb ndiswrapper-kernel-2.6.24.5-desktop586-1mnb ndiswrapper-kernel-2.6.24.5-laptop-1mnb ndiswrapper-kernel-2.6.24.5-server-1mnb ndiswrapper-kernel-desktop586-latest ndiswrapper-kernel-desktop-latest ndiswrapper-kernel-laptop-latest ndiswrapper-kernel-server-latest nvidia71xx-kernel-2.6.24.5-desktop-1mnb nvidia71xx-kernel-2.6.24.5-desktop586-1mnb nvidia71xx-kernel-2.6.24.5-laptop-1mnb nvidia71xx-kernel-2.6.24.5-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-laptop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.24.5-desktop-1mnb nvidia96xx-kernel-2.6.24.5-desktop586-1mnb nvidia96xx-kernel-2.6.24.5-laptop-1mnb nvidia96xx-kernel-2.6.24.5-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-laptop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.24.5-desktop-1mnb nvidia-current-kernel-2.6.24.5-desktop586-1mnb nvidia-current-kernel-2.6.24.5-laptop-1mnb nvidia-current-kernel-2.6.24.5-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-laptop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.24.5-desktop-1mnb omfs-kernel-2.6.24.5-desktop586-1mnb omfs-kernel-2.6.24.5-laptop-1mnb omfs-kernel-2.6.24.5-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-laptop-latest omfs-kernel-server-latest opencbm-kernel-2.6.24.5-desktop-1mnb opencbm-kernel-2.6.24.5-desktop586-1mnb opencbm-kernel-2.6.24.5-laptop-1mnb opencbm-kernel-2.6.24.5-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-laptop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.24.5-desktop-1mnb ov51x-jpeg-kernel-2.6.24.5-desktop586-1mnb ov51x-jpeg-kernel-2.6.24.5-laptop-1mnb ov51x-jpeg-kernel-2.6.24.5-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-laptop-latest ov51x-jpeg-kernel-server-latest qc-usb-messenger-kernel-2.6.24.5-desktop-1mnb qc-usb-messenger-kernel-2.6.24.5-desktop586-1mnb qc-usb-messenger-kernel-2.6.24.5-laptop-1mnb qc-usb-messenger-kernel-2.6.24.5-server-1mnb qc-usb-messenger-kernel-desktop586-latest qc-usb-messenger-kernel-desktop-latest qc-usb-messenger-kernel-laptop-latest qc-usb-messenger-kernel-server-latest r5u870-kernel-2.6.24.5-desktop-1mnb r5u870-kernel-2.6.24.5-desktop586-1mnb r5u870-kernel-2.6.24.5-laptop-1mnb r5u870-kernel-2.6.24.5-server-1mnb r5u870-kernel-desktop586-latest r5u870-kernel-desktop-latest r5u870-kernel-laptop-latest r5u870-kernel-server-latest realcrypt-kernel-2.6.24.5-desktop-1mnb realcrypt-kernel-2.6.24.5-desktop586-1mnb realcrypt-kernel-2.6.24.5-laptop-1mnb realcrypt-kernel-2.6.24.5-server-1mnb realcrypt-kernel-desktop586-latest realcrypt-kernel-desktop-latest realcrypt-kernel-laptop-latest realcrypt-kernel-server-latest squashfs-kernel-2.6.24.5-desktop-1mnb squashfs-kernel-2.6.24.5-desktop586-1mnb squashfs-kernel-2.6.24.5-laptop-1mnb squashfs-kernel-2.6.24.5-server-1mnb squashfs-kernel-desktop586-latest squashfs-kernel-desktop-latest squashfs-kernel-laptop-latest squashfs-kernel-server-latest squashfs-lzma-kernel-2.6.24.5-desktop-1mnb squashfs-lzma-kernel-2.6.24.5-desktop586-1mnb squashfs-lzma-kernel-2.6.24.5-laptop-1mnb squashfs-lzma-kernel-2.6.24.5-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-laptop-latest squashfs-lzma-kernel-server-latest syntek-kernel-2.6.24.5-desktop-1mnb syntek-kernel-2.6.24.5-desktop586-1mnb syntek-kernel-2.6.24.5-laptop-1mnb syntek-kernel-2.6.24.5-server-1mnb syntek-kernel-desktop586-latest syntek-kernel-desktop-latest syntek-kernel-laptop-latest syntek-kernel-server-latest tp_smapi-kernel-2.6.24.5-desktop-1mnb tp_smapi-kernel-2.6.24.5-desktop586-1mnb tp_smapi-kernel-2.6.24.5-laptop-1mnb tp_smapi-kernel-2.6.24.5-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-laptop-latest tp_smapi-kernel-server-latest unicorn-kernel-2.6.24.5-desktop-1mnb unicorn-kernel-2.6.24.5-desktop586-1mnb unicorn-kernel-2.6.24.5-laptop-1mnb unicorn-kernel-2.6.24.5-server-1mnb unicorn-kernel-desktop586-latest unicorn-kernel-desktop-latest unicorn-kernel-laptop-latest unicorn-kernel-server-latest unionfs-kernel-2.6.24.5-desktop-1mnb unionfs-kernel-2.6.24.5-desktop586-1mnb unionfs-kernel-2.6.24.5-laptop-1mnb unionfs-kernel-2.6.24.5-server-1mnb unionfs-kernel-desktop586-latest unionfs-kernel-desktop-latest unionfs-kernel-laptop-latest unionfs-kernel-server-latest vboxadd-kernel-2.6.24.5-desktop-1mnb vboxadd-kernel-2.6.24.5-desktop586-1mnb vboxadd-kernel-2.6.24.5-laptop-1mnb vboxadd-kernel-2.6.24.5-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-laptop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.24.5-desktop-1mnb vboxvfs-kernel-2.6.24.5-desktop586-1mnb vboxvfs-kernel-2.6.24.5-laptop-1mnb vboxvfs-kernel-2.6.24.5-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-laptop-latest vboxvfs-kernel-server-latest virtualbox-kernel-2.6.24.5-desktop-1mnb virtualbox-kernel-2.6.24.5-desktop586-1mnb virtualbox-kernel-2.6.24.5-laptop-1mnb virtualbox-kernel-2.6.24.5-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-laptop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.24.5-desktop-1mnb vpnclient-kernel-2.6.24.5-desktop586-1mnb vpnclient-kernel-2.6.24.5-laptop-1mnb vpnclient-kernel-2.6.24.5-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-laptop-latest vpnclient-kernel-server-latest Update: Tue Jun 03 11:42:09 2008 Importance: security ID: MDVSA-2008:109 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:109 %pre A vulnerability was discovered and corrected in the Linux 2.6 kernel: The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. (CVE-2008-1675) Additionaly, some fixes were made, related to: iwlwifi (small bug interacting with drakconnect interface detection), brightness handling on EeePc, uvcvideo on Thinkpad X300, sound for TOSHIBA Satellite Pro A200 and A210, RealTek 8169 ethernet, unionfs, and more. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package libvolume_id0 libvolume_id0-devel udev udev-doc udev-tools Update: Tue Jun 03 15:31:40 2008 Importance: bugfix ID: MDVA-2008:084 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:084 %pre The udev rules for network interfaces used to write persistent settings for hso devices in /etc/udev/rules.d/61-net_config.rules, which is wrong since their MAC address is random (#39977). The udev rules for automatic driver loading used to load video drivers during the dkms service start, which could break Xorg start if the loaded driver was not configured. This update fixes both issues. %description Udev is an implementation of devfs/devfsd in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly. Like devfs, udev dynamically creates and removes device nodes from /dev/. It responds to /sbin/hotplug device events. %package drakconf drakconf-icons drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Tue Jun 03 15:34:44 2008 Importance: bugfix ID: MDVA-2008:086 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:086 %pre This drakxtools and drakconf update provides fixes for the harddrake auto-configuration tool (mostly for live systems) and for the live system installer. It also allows mounting ntfs-3g partitions from diskdrake. Finally, it detects the USB cellular devices controlled by the hso driver. %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package ppp ppp-devel ppp-dhcp ppp-pppoatm ppp-pppoe ppp-radius Update: Tue Jun 03 15:40:33 2008 Importance: bugfix ID: MDVA-2008:087 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:087 %pre This update of the ppp package introduces a new multipledefaultroutes option, which allows pppd to add a default route even if one already exists. This allows ppp and ethernet connections to cohabit smoothly. %description The ppp package contains the PPP (Point-to-Point Protocol) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. The ppp package should be installed if your machine need to support the PPP protocol. %package drakx-net drakx-net-text libdrakx-net Update: Tue Jun 03 15:43:17 2008 Importance: bugfix ID: MDVA-2008:088 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:088 %pre This drakx-net update provides new features for cellular connections and fixes (mainly for wireless connections). It adds support for more cellular devices (using cdc_acm and hso drivers), and makes the network center easier to use with cellular devices. It detects better the wireless signal strength for some drivers, and handles better the switch to a roaming daemon. %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package initscripts Update: Tue Jun 03 15:47:14 2008 Importance: bugfix ID: MDVA-2008:085 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:085 %pre This initscripts update provides fixes for ppp connections, fixes for automatic configuration of ethernet interfaces, and support for 3G devices using the hso driver. The ppp connections can now cohabit with ethernet connections with their own routes, and the PIN code is automatically set up if configured (#40531). %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package timezone timezone-java Update: Thu Jun 05 14:59:59 2008 Importance: normal ID: MDVA-2008:082-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:082-1 %pre Automatic mirror geolocation in drakxtools-backend in Mandriva Linux 2008.1 would fail for some locales, because it uses backward compatibility timezone names for which there were no zone.tab entries in timezone (bug #40184), this makes software like urpmi to not select optimal mirrors in its automatic media/mirrors addition mode. This update makes timezone provide backward timezone name entries in zone.tab file to solve this issue. Additionaly, updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. Update: The previous timezone update for Mandriva Linux 2008 Spring triggered a bug in gnome-panel, making it immediately crash when the Gnome session was started. This new update works around the gnome-panel bug. %description This package contains data files with rules for various timezones around the world. %package devhelp devhelp-plugins epiphany epiphany-devel galeon gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libmozilla-firefox2.0.0.14 libmozilla-firefox-devel mozilla-firefox mozilla-firefox-af mozilla-firefox-ar mozilla-firefox-be mozilla-firefox-bg mozilla-firefox-br_FR mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-el mozilla-firefox-en_GB mozilla-firefox-es_AR mozilla-firefox-es_ES mozilla-firefox-et_EE mozilla-firefox-eu mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-fy mozilla-firefox-ga mozilla-firefox-gnome-support mozilla-firefox-gu_IN mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ka mozilla-firefox-ko mozilla-firefox-ku mozilla-firefox-lt mozilla-firefox-mk mozilla-firefox-mn mozilla-firefox-nb_NO mozilla-firefox-nl mozilla-firefox-nn_NO mozilla-firefox-pa_IN mozilla-firefox-pl mozilla-firefox-pt_BR mozilla-firefox-pt_PT mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv_SE mozilla-firefox-theme-gnome mozilla-firefox-theme-kdeff mozilla-firefox-tr mozilla-firefox-uk mozilla-firefox-zh_CN mozilla-firefox-zh_TW totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer yelp Update: Thu Jun 05 20:29:40 2008 Importance: security ID: MDVSA-2008:110 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:110 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.14. This update provides the latest Firefox to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package evolution evolution-devel evolution-mono evolution-pilot Update: Tue Jun 10 10:53:28 2008 Importance: security ID: MDVSA-2008:111 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:111 %pre Alan Rad Pop of Secunia Research discovered the following two vulnerabilities in Evolution: Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the Itip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges (CVE-2008-1108). Evolution also did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges (CVE-2008-1109). In addition, Matej Cepl found that Evolution did not properly validate date fields when processing iCalendar attachments, which could lead to a denial of service if the user viewed a crafted iCalendar attachment with the Itip Formatter plugin disabled. Mandriva Linux has the Itip Formatter plugin enabled by default. The updated packages have been patched to prevent these issues. %description Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. %package gvfs libgvfs0 libgvfs-devel libnautilus1 libnautilus-devel nautilus Update: Wed Jun 11 09:03:03 2008 Importance: bugfix ID: MDVA-2008:090 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:090 %pre A regression was introduced in the Mandriva Linux GNOME package while fixing CD-ROM drives ejecting when using the hardware button when the CD-ROM drive was present in the system fstab. This regression caused an error popup to appear when using the eject hardware button on CD-ROM drives not present in the system fstab. This package update fixes this regression and includes many stability and bug fixes, as well as translation updates from the GNOME 2.22.2 release of nautilus and gvfs. %description Nautilus is an excellent file manager for the GNOME desktop environment. %package gnome-applets gnome-panel libgweather1 libgweather libgweather-devel libpanel-applet-2_0 libpanel-applet-2-devel Update: Wed Jun 11 12:23:03 2008 Importance: bugfix ID: MDVA-2008:091 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:091 %pre The clock applet in GNOME could crash when using some specific locations or when using updated timezone data. The Recent Documents menu was not always able to start the right application for a specific document. Updated packages for gnome-panel, libgweather, and gnome-applets fix these issues and include many other bug fixes and translation updates from GNOME 2.22.2. %description GNOME (GNU Network Object Model Environment) is a user-friendly set of applications and desktop tools to be used in conjunction with a window manager for the X Window System. GNOME is similar in purpose and scope to CDE and KDE, but GNOME is based completely on free software. The GNOME panel packages provides the gnome panel, menus and some basic applets for the panel. %package kdesdk kdesdk-cervisia kdesdk-devel kdesdk-kbabel kdesdk-kcachegrind kdesdk-kompare kdesdk-po2xml kdesdk-umbrello libkdesdk1 libkdesdk1-cervisia libkdesdk1-kbabel Update: Wed Jun 11 14:58:52 2008 Importance: bugfix ID: MDVA-2008:093 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:093 %pre kdesdk packages in Mandriva Linux 2008 and 2008 Spring had packaging bugs which led to the subversion ioslave to not build and thus not be provided. The updated packages fixed the bugs and provide the subversion access ioslave. %description Software Development Kit for the K Desktop Environment. %package actuator-kernel-2.6.24.5-desktop-2mnb actuator-kernel-2.6.24.5-desktop586-2mnb actuator-kernel-2.6.24.5-laptop-2mnb actuator-kernel-2.6.24.5-server-2mnb actuator-kernel-desktop586-latest actuator-kernel-desktop-latest actuator-kernel-laptop-latest actuator-kernel-server-latest alsa_raoppcm-kernel-2.6.24.5-desktop-2mnb alsa_raoppcm-kernel-2.6.24.5-desktop586-2mnb alsa_raoppcm-kernel-2.6.24.5-laptop-2mnb alsa_raoppcm-kernel-2.6.24.5-server-2mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-laptop-latest alsa_raoppcm-kernel-server-latest dkms-pcc-acpi-kernel-2.6.24.5-desktop-2mnb dkms-pcc-acpi-kernel-2.6.24.5-desktop586-2mnb dkms-pcc-acpi-kernel-2.6.24.5-laptop-2mnb dkms-pcc-acpi-kernel-2.6.24.5-server-2mnb dkms-pcc-acpi-kernel-desktop586-latest dkms-pcc-acpi-kernel-desktop-latest dkms-pcc-acpi-kernel-laptop-latest dkms-pcc-acpi-kernel-server-latest drm-experimental-kernel-2.6.24.5-desktop-2mnb drm-experimental-kernel-2.6.24.5-desktop586-2mnb drm-experimental-kernel-2.6.24.5-laptop-2mnb drm-experimental-kernel-2.6.24.5-server-2mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-laptop-latest drm-experimental-kernel-server-latest em8300-kernel-2.6.24.5-desktop-2mnb em8300-kernel-2.6.24.5-desktop586-2mnb em8300-kernel-2.6.24.5-laptop-2mnb em8300-kernel-2.6.24.5-server-2mnb em8300-kernel-desktop586-latest em8300-kernel-desktop-latest em8300-kernel-laptop-latest em8300-kernel-server-latest et131x-kernel-2.6.24.5-desktop-2mnb et131x-kernel-2.6.24.5-desktop586-2mnb et131x-kernel-2.6.24.5-laptop-2mnb et131x-kernel-2.6.24.5-server-2mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-laptop-latest et131x-kernel-server-latest fcdsl2-kernel-2.6.24.5-desktop-2mnb fcdsl2-kernel-2.6.24.5-desktop586-2mnb fcdsl2-kernel-2.6.24.5-laptop-2mnb fcdsl2-kernel-2.6.24.5-server-2mnb fcdsl2-kernel-desktop586-latest fcdsl2-kernel-desktop-latest fcdsl2-kernel-laptop-latest fcdsl2-kernel-server-latest fcdsl-kernel-2.6.24.5-desktop-2mnb fcdsl-kernel-2.6.24.5-desktop586-2mnb fcdsl-kernel-2.6.24.5-laptop-2mnb fcdsl-kernel-2.6.24.5-server-2mnb fcdsl-kernel-desktop586-latest fcdsl-kernel-desktop-latest fcdsl-kernel-laptop-latest fcdsl-kernel-server-latest fcdslsl-kernel-2.6.24.5-desktop-2mnb fcdslsl-kernel-2.6.24.5-desktop586-2mnb fcdslsl-kernel-2.6.24.5-laptop-2mnb fcdslsl-kernel-2.6.24.5-server-2mnb fcdslsl-kernel-desktop586-latest fcdslsl-kernel-desktop-latest fcdslsl-kernel-laptop-latest fcdslsl-kernel-server-latest fcdslslusb-kernel-2.6.24.5-desktop-2mnb fcdslslusb-kernel-2.6.24.5-desktop586-2mnb fcdslslusb-kernel-2.6.24.5-laptop-2mnb fcdslslusb-kernel-2.6.24.5-server-2mnb fcdslslusb-kernel-desktop586-latest fcdslslusb-kernel-desktop-latest fcdslslusb-kernel-laptop-latest fcdslslusb-kernel-server-latest fcdslusb2-kernel-2.6.24.5-desktop-2mnb fcdslusb2-kernel-2.6.24.5-desktop586-2mnb fcdslusb2-kernel-2.6.24.5-laptop-2mnb fcdslusb2-kernel-2.6.24.5-server-2mnb fcdslusb2-kernel-desktop586-latest fcdslusb2-kernel-desktop-latest fcdslusb2-kernel-laptop-latest fcdslusb2-kernel-server-latest fcdslusba-kernel-2.6.24.5-desktop-2mnb fcdslusba-kernel-2.6.24.5-desktop586-2mnb fcdslusba-kernel-2.6.24.5-laptop-2mnb fcdslusba-kernel-2.6.24.5-server-2mnb fcdslusba-kernel-desktop586-latest fcdslusba-kernel-desktop-latest fcdslusba-kernel-laptop-latest fcdslusba-kernel-server-latest fcdslusb-kernel-2.6.24.5-desktop-2mnb fcdslusb-kernel-2.6.24.5-desktop586-2mnb fcdslusb-kernel-2.6.24.5-laptop-2mnb fcdslusb-kernel-2.6.24.5-server-2mnb fcdslusb-kernel-desktop586-latest fcdslusb-kernel-desktop-latest fcdslusb-kernel-laptop-latest fcdslusb-kernel-server-latest fcpci-kernel-2.6.24.5-desktop-2mnb fcpci-kernel-2.6.24.5-desktop586-2mnb fcpci-kernel-2.6.24.5-laptop-2mnb fcpci-kernel-2.6.24.5-server-2mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-laptop-latest fcpci-kernel-server-latest fcusb2-kernel-2.6.24.5-desktop-2mnb fcusb2-kernel-2.6.24.5-desktop586-2mnb fcusb2-kernel-2.6.24.5-laptop-2mnb fcusb2-kernel-2.6.24.5-server-2mnb fcusb2-kernel-desktop586-latest fcusb2-kernel-desktop-latest fcusb2-kernel-laptop-latest fcusb2-kernel-server-latest fcusb-kernel-2.6.24.5-desktop-2mnb fcusb-kernel-2.6.24.5-desktop586-2mnb fcusb-kernel-2.6.24.5-laptop-2mnb fcusb-kernel-2.6.24.5-server-2mnb fcusb-kernel-desktop586-latest fcusb-kernel-desktop-latest fcusb-kernel-laptop-latest fcusb-kernel-server-latest fglrx-kernel-2.6.24.5-desktop-2mnb fglrx-kernel-2.6.24.5-desktop586-2mnb fglrx-kernel-2.6.24.5-laptop-2mnb fglrx-kernel-2.6.24.5-server-2mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-laptop-latest fglrx-kernel-server-latest fxusb_CZ-kernel-2.6.24.5-desktop-2mnb fxusb_CZ-kernel-2.6.24.5-desktop586-2mnb fxusb_CZ-kernel-2.6.24.5-laptop-2mnb fxusb_CZ-kernel-2.6.24.5-server-2mnb fxusb_CZ-kernel-desktop586-latest fxusb_CZ-kernel-desktop-latest fxusb_CZ-kernel-laptop-latest fxusb_CZ-kernel-server-latest fxusb-kernel-2.6.24.5-desktop-2mnb fxusb-kernel-2.6.24.5-desktop586-2mnb fxusb-kernel-2.6.24.5-laptop-2mnb fxusb-kernel-2.6.24.5-server-2mnb fxusb-kernel-desktop586-latest fxusb-kernel-desktop-latest fxusb-kernel-laptop-latest fxusb-kernel-server-latest hsfmodem-kernel-2.6.24.5-desktop-2mnb hsfmodem-kernel-2.6.24.5-desktop586-2mnb hsfmodem-kernel-2.6.24.5-laptop-2mnb hsfmodem-kernel-2.6.24.5-server-2mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-laptop-latest hsfmodem-kernel-server-latest ipw3945-kernel-2.6.24.5-desktop-2mnb ipw3945-kernel-2.6.24.5-desktop586-2mnb ipw3945-kernel-2.6.24.5-laptop-2mnb ipw3945-kernel-2.6.24.5-server-2mnb ipw3945-kernel-desktop586-latest ipw3945-kernel-desktop-latest ipw3945-kernel-laptop-latest ipw3945-kernel-server-latest iwlwifi-kernel-2.6.24.5-desktop-2mnb iwlwifi-kernel-2.6.24.5-desktop586-2mnb iwlwifi-kernel-2.6.24.5-laptop-2mnb iwlwifi-kernel-2.6.24.5-server-2mnb iwlwifi-kernel-desktop586-latest iwlwifi-kernel-desktop-latest iwlwifi-kernel-laptop-latest iwlwifi-kernel-server-latest kernel-2.6.24.5-2mnb kernel-desktop-2.6.24.5-2mnb kernel-desktop586-2.6.24.5-2mnb kernel-desktop586-devel-2.6.24.5-2mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.24.5-2mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-laptop-2.6.24.5-2mnb kernel-laptop-devel-2.6.24.5-2mnb kernel-laptop-devel-latest kernel-laptop-latest kernel-server-2.6.24.5-2mnb kernel-server-devel-2.6.24.5-2mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.24.5-2mnb kernel-source-latest kqemu-kernel-2.6.24.5-desktop-2mnb kqemu-kernel-2.6.24.5-desktop586-2mnb kqemu-kernel-2.6.24.5-laptop-2mnb kqemu-kernel-2.6.24.5-server-2mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-laptop-latest kqemu-kernel-server-latest libafs-kernel-2.6.24.5-desktop-2mnb libafs-kernel-2.6.24.5-desktop586-2mnb libafs-kernel-2.6.24.5-laptop-2mnb libafs-kernel-2.6.24.5-server-2mnb libafs-kernel-desktop586-latest libafs-kernel-desktop-latest libafs-kernel-laptop-latest libafs-kernel-server-latest lirc-kernel-2.6.24.5-desktop-2mnb lirc-kernel-2.6.24.5-desktop586-2mnb lirc-kernel-2.6.24.5-laptop-2mnb lirc-kernel-2.6.24.5-server-2mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-laptop-latest lirc-kernel-server-latest lzma-kernel-2.6.24.5-desktop-2mnb lzma-kernel-2.6.24.5-desktop586-2mnb lzma-kernel-2.6.24.5-laptop-2mnb lzma-kernel-2.6.24.5-server-2mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-laptop-latest lzma-kernel-server-latest m560x-kernel-2.6.24.5-desktop-2mnb m560x-kernel-2.6.24.5-desktop586-2mnb m560x-kernel-2.6.24.5-laptop-2mnb m560x-kernel-2.6.24.5-server-2mnb m560x-kernel-desktop586-latest m560x-kernel-desktop-latest m560x-kernel-laptop-latest m560x-kernel-server-latest madwifi-kernel-2.6.24.5-desktop-2mnb madwifi-kernel-2.6.24.5-desktop586-2mnb madwifi-kernel-2.6.24.5-laptop-2mnb madwifi-kernel-2.6.24.5-server-2mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-laptop-latest madwifi-kernel-server-latest ndiswrapper-kernel-2.6.24.5-desktop-2mnb ndiswrapper-kernel-2.6.24.5-desktop586-2mnb ndiswrapper-kernel-2.6.24.5-laptop-2mnb ndiswrapper-kernel-2.6.24.5-server-2mnb ndiswrapper-kernel-desktop586-latest ndiswrapper-kernel-desktop-latest ndiswrapper-kernel-laptop-latest ndiswrapper-kernel-server-latest nvidia71xx-kernel-2.6.24.5-desktop-2mnb nvidia71xx-kernel-2.6.24.5-desktop586-2mnb nvidia71xx-kernel-2.6.24.5-laptop-2mnb nvidia71xx-kernel-2.6.24.5-server-2mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-laptop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.24.5-desktop-2mnb nvidia96xx-kernel-2.6.24.5-desktop586-2mnb nvidia96xx-kernel-2.6.24.5-laptop-2mnb nvidia96xx-kernel-2.6.24.5-server-2mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-laptop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.24.5-desktop-2mnb nvidia-current-kernel-2.6.24.5-desktop586-2mnb nvidia-current-kernel-2.6.24.5-laptop-2mnb nvidia-current-kernel-2.6.24.5-server-2mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-laptop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.24.5-desktop-2mnb omfs-kernel-2.6.24.5-desktop586-2mnb omfs-kernel-2.6.24.5-laptop-2mnb omfs-kernel-2.6.24.5-server-2mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-laptop-latest omfs-kernel-server-latest opencbm-kernel-2.6.24.5-desktop-2mnb opencbm-kernel-2.6.24.5-desktop586-2mnb opencbm-kernel-2.6.24.5-laptop-2mnb opencbm-kernel-2.6.24.5-server-2mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-laptop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.24.5-desktop-2mnb ov51x-jpeg-kernel-2.6.24.5-desktop586-2mnb ov51x-jpeg-kernel-2.6.24.5-laptop-2mnb ov51x-jpeg-kernel-2.6.24.5-server-2mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-laptop-latest ov51x-jpeg-kernel-server-latest qc-usb-messenger-kernel-2.6.24.5-desktop-2mnb qc-usb-messenger-kernel-2.6.24.5-desktop586-2mnb qc-usb-messenger-kernel-2.6.24.5-laptop-2mnb qc-usb-messenger-kernel-2.6.24.5-server-2mnb qc-usb-messenger-kernel-desktop586-latest qc-usb-messenger-kernel-desktop-latest qc-usb-messenger-kernel-laptop-latest qc-usb-messenger-kernel-server-latest r5u870-kernel-2.6.24.5-desktop-2mnb r5u870-kernel-2.6.24.5-desktop586-2mnb r5u870-kernel-2.6.24.5-laptop-2mnb r5u870-kernel-2.6.24.5-server-2mnb r5u870-kernel-desktop586-latest r5u870-kernel-desktop-latest r5u870-kernel-laptop-latest r5u870-kernel-server-latest realcrypt-kernel-2.6.24.5-desktop-2mnb realcrypt-kernel-2.6.24.5-desktop586-2mnb realcrypt-kernel-2.6.24.5-laptop-2mnb realcrypt-kernel-2.6.24.5-server-2mnb realcrypt-kernel-desktop586-latest realcrypt-kernel-desktop-latest realcrypt-kernel-laptop-latest realcrypt-kernel-server-latest slmodem-kernel-2.6.24.5-desktop-2mnb slmodem-kernel-2.6.24.5-desktop586-2mnb slmodem-kernel-2.6.24.5-laptop-2mnb slmodem-kernel-2.6.24.5-server-2mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-laptop-latest slmodem-kernel-server-latest squashfs-kernel-2.6.24.5-desktop-2mnb squashfs-kernel-2.6.24.5-desktop586-2mnb squashfs-kernel-2.6.24.5-laptop-2mnb squashfs-kernel-2.6.24.5-server-2mnb squashfs-kernel-desktop586-latest squashfs-kernel-desktop-latest squashfs-kernel-laptop-latest squashfs-kernel-server-latest squashfs-lzma-kernel-2.6.24.5-desktop-2mnb squashfs-lzma-kernel-2.6.24.5-desktop586-2mnb squashfs-lzma-kernel-2.6.24.5-laptop-2mnb squashfs-lzma-kernel-2.6.24.5-server-2mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-laptop-latest squashfs-lzma-kernel-server-latest syntek-kernel-2.6.24.5-desktop-2mnb syntek-kernel-2.6.24.5-desktop586-2mnb syntek-kernel-2.6.24.5-laptop-2mnb syntek-kernel-2.6.24.5-server-2mnb syntek-kernel-desktop586-latest syntek-kernel-desktop-latest syntek-kernel-laptop-latest syntek-kernel-server-latest tp_smapi-kernel-2.6.24.5-desktop-2mnb tp_smapi-kernel-2.6.24.5-desktop586-2mnb tp_smapi-kernel-2.6.24.5-laptop-2mnb tp_smapi-kernel-2.6.24.5-server-2mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-laptop-latest tp_smapi-kernel-server-latest unicorn-kernel-2.6.24.5-desktop-2mnb unicorn-kernel-2.6.24.5-desktop586-2mnb unicorn-kernel-2.6.24.5-laptop-2mnb unicorn-kernel-2.6.24.5-server-2mnb unicorn-kernel-desktop586-latest unicorn-kernel-desktop-latest unicorn-kernel-laptop-latest unicorn-kernel-server-latest unionfs-kernel-2.6.24.5-desktop-2mnb unionfs-kernel-2.6.24.5-desktop586-2mnb unionfs-kernel-2.6.24.5-laptop-2mnb unionfs-kernel-2.6.24.5-server-2mnb unionfs-kernel-desktop586-latest unionfs-kernel-desktop-latest unionfs-kernel-laptop-latest unionfs-kernel-server-latest vboxadd-kernel-2.6.24.5-desktop-2mnb vboxadd-kernel-2.6.24.5-desktop586-2mnb vboxadd-kernel-2.6.24.5-laptop-2mnb vboxadd-kernel-2.6.24.5-server-2mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-laptop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.24.5-desktop-2mnb vboxvfs-kernel-2.6.24.5-desktop586-2mnb vboxvfs-kernel-2.6.24.5-laptop-2mnb vboxvfs-kernel-2.6.24.5-server-2mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-laptop-latest vboxvfs-kernel-server-latest virtualbox-kernel-2.6.24.5-desktop-2mnb virtualbox-kernel-2.6.24.5-desktop586-2mnb virtualbox-kernel-2.6.24.5-laptop-2mnb virtualbox-kernel-2.6.24.5-server-2mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-laptop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.24.5-desktop-2mnb vpnclient-kernel-2.6.24.5-desktop586-2mnb vpnclient-kernel-2.6.24.5-laptop-2mnb vpnclient-kernel-2.6.24.5-server-2mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-laptop-latest vpnclient-kernel-server-latest Update: Fri Jun 13 12:54:44 2008 Importance: security ID: MDVSA-2008:113 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:113 %pre A vulnerability was discovered and corrected in the Linux 2.6 kernel: The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package util-linux-ng Update: Fri Jun 13 15:14:51 2008 Importance: security ID: MDVSA-2008:114 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:114 %pre Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events. The updated packages have been patched to fix the issue. %description The util-linux-ng package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux-ng contains the fdisk configuration tool and the login program. %package kdesdk kdesdk-cervisia kdesdk-devel kdesdk-kbabel kdesdk-kcachegrind kdesdk-kompare kdesdk-po2xml kdesdk-umbrello libkdesdk1 libkdesdk1-cervisia libkdesdk1-kbabel Update: Sat Jun 14 08:35:06 2008 Importance: bugfix ID: MDVA-2008:093-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:093-1 %pre kdesdk packages in Mandriva Linux 2008 and 2008 Spring had packaging bugs which led to the subversion ioslave to not build and thus not be provided. The updated packages fixed the bugs and provide the subversion access ioslave. Update: The previous kdesdk update placed subversion-related files in such a way that they conflicted with kdesvn. This update corrects that issue. %description Software Development Kit for the K Desktop Environment. %package libcairo2 libcairo-devel libcairo-static-devel Update: Sat Jun 14 08:59:11 2008 Importance: bugfix ID: MDVA-2008:094 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:094 %pre A bug in cairo library could incorrectly position text when printing PDF files with evince (and other applications). This update to latest stable version of cairo fixes this issue, as well as removing incorrect dependency on standard C++ library and includes stability fixes for usage with old X servers. %description Cairo provides anti-aliased vector-based rendering for X. Paths consist of line segments and cubic splines and can be rendered at any width with various join and cap styles. All colors may be specified with optional translucence (opacity/alpha) and combined using the extended Porter/Duff compositing algebra as found in the X Render Extension. Cairo exports a stateful rendering API similar in spirit to the path construction, text, and painting operators of PostScript, (with the significant addition of translucence in the imaging model). When complete, the API is intended to support the complete imaging model of PDF 1.4. Cairo relies on the Xc library for backend rendering. Xc provides an abstract interface for rendering to multiple target types. As of this writing, Xc allows Cairo to target X drawables as well as generic image buffers. Future backends such as PostScript, PDF, and perhaps OpenGL are currently being planned. %package rsh rsh-server Update: Sat Jun 14 09:14:51 2008 Importance: bugfix ID: MDVA-2008:095 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:095 %pre A bug in the rsh package prevented it from having the alternatives symlinks created if installed via auto_inst.cfg.pl. This update corrects the issue. %description The rsh package contains a set of programs which allow users to run commmands on remote machines, login to other machines and copy files between machines (rsh, rlogin and rcp). All three of these commands use rhosts style authentication. This package contains the clients needed for all of these services. The rsh package should be installed to enable remote access to other machines. %package ntfs-3g ntfs-3g-devel Update: Sat Jun 14 10:00:52 2008 Importance: bugfix ID: MDVA-2008:096 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:096 %pre In certain rare circumstances, any area of an NTFS volume, excluding the NTFS boot sector, could get corrupted. The chances for this to happen are greater when the disk is close to full utilization and when using one of the more uncommon, less than 4096 byte cluster sizes. The updated packages correct this issue. %description The ntfs-3g package contains NTFS filesystem driver with read and write support. It provides safe and fast handling of MS Windows Vista, XP, 2000 and Server 2003 NTFS file systems. Most POSIX file system operations are supported, with the exceptions of full file ownership and access right support. %package x11-server x11-server-common x11-server-devel x11-server-xati x11-server-xchips x11-server-xephyr x11-server-xepson x11-server-xfake x11-server-xfbdev x11-server-xgl x11-server-xi810 x11-server-xmach64 x11-server-xmga x11-server-xnest x11-server-xnvidia x11-server-xorg x11-server-xpm2 x11-server-xr128 x11-server-xsdl x11-server-xsmi x11-server-xvesa x11-server-xvfb x11-server-xvia x11-server-xvnc Update: Mon Jun 16 10:59:20 2008 Importance: security ID: MDVSA-2008:116 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 %pre An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server (CVE-2008-1377). An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server (CVE-2008-1379). Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could explot these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361, CVE-2008-2362). In addition, this update corrects a problem that could cause memory corruption or segfaults in the render code of the vnc server on Mandriva Linux 2008.1 The updated packages have been patched to prevent these issues. %description X11 servers %package fetchmail fetchmailconf fetchmail-daemon Update: Thu Jun 19 19:45:41 2008 Importance: security ID: MDVSA-2008:117 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:117 %pre A flaw in fetchmail was discovered that allowed remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed message with long headers. The crash only occured when fetchmail was called in '-v -v' mode (CVE-2008-2711). The updated packages have been patched to prevent this issue. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package libnet-snmp15 libnet-snmp-devel libnet-snmp-static-devel net-snmp net-snmp-mibs net-snmp-tkmib net-snmp-trapd net-snmp-utils perl-NetSNMP Update: Fri Jun 20 12:15:23 2008 Importance: security ID: MDVSA-2008:118 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:118 %pre A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet (CVE-2008-0960). A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convince an application using the Net-SNMP perl modules to connect to a malicious SNMP agent (CVE-2008-2292). The updated packages have been patched to prevent these issues. %description SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. %package exiv2 libexiv2_2 libexiv2_2-devel Update: Fri Jun 20 21:05:14 2008 Importance: security ID: MDVSA-2008:119 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:119 %pre A flaw was found in exiv2 that would cause exiv2, or applictions linked to libexiv2, to crash on image files with certain metadata in the image (CVE-2008-2696). The updated packages have been patched to prevent this issue. %description Exiv2 is a command line utility to access image metadata: * print the Exif metadata of JPEG, TIFF and several RAW image formats as summary info, interpreted values, or the plain data for each tag (a sample is here) * print the IPTC metadata of JPEG images * print, set and delete the JPEG comment of JPEG images * set, add and delete Exif and IPTC metadata of JPEG images * adjust the Exif timestamp (that's how it all started...) * rename Exif image files according to the Exif timestamp * extract, insert and delete Exif metadata, IPTC metadata and JPEG comments * extract, insert and delete the thumbnail image embedded in the Exif metadata * fix the Exif ISO setting of picture taken with Nikon cameras %package nasm nasm-doc nasm-rdoff Update: Sat Jun 21 10:38:42 2008 Importance: security ID: MDVSA-2008:120 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:120 %pre An off-by-one error was found in nasm 2.02 that allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow (CVE-2008-2719). The updated packages have been patched to prevent this issue. %description NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. %package libfreetype6 libfreetype6-devel libfreetype6-static-devel Update: Mon Jun 23 12:10:40 2008 Importance: security ID: MDVSA-2008:121 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:121 %pre Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808). The updated packages have been patched to prevent this issue. %description The FreeType2 engine is a free and portable TrueType font rendering engine. It has been developed to provide TT support to a great variety of platforms and environments. Note that FreeType2 is a library, not a stand-alone application, though some utility applications are included %package clamav clamav-db clamav-milter clamd libclamav4 libclamav-devel Update: Tue Jun 24 10:09:53 2008 Importance: security ID: MDVSA-2008:122 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:122 %pre A vulnerability was discovered in ClamAV and corrected with the 0.93.1 release: libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. (CVE-2008-2713) Other bugs have also been corrected in 0.93.1 which is being provided with this update. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package imlib2-data libimlib2_1 libimlib2_1-filters libimlib2_1-loaders libimlib2-devel Update: Wed Jun 25 10:01:51 2008 Importance: security ID: MDVSA-2008:123 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:123 %pre Stefan Cornelius discovered two buffer overflows in Imlib's image loaders for PNM and XPM images, which could possibly result in the execution of arbitrary code (CVE-2008-2426). The updated packages have been patched to prevent this issue. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. Build Options: --with mmx Enable mmx cpu detection (10% - 30% speedup) %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui mozilla-firefox-ext-beagle mozilla-thunderbird-beagle Update: Thu Jun 26 10:58:01 2008 Importance: bugfix ID: MDVA-2008:097 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:097 %pre Beagle was looking for the static indexes generated by beagle-crawl-system in the wrong directory. This update corrects the problem. %description Beagle is an indexing sub-system and search aggregator built on top of Lucene.Net. It can index your files, mailboxes, your web browsing behaviour and other things. %package gnome-session Update: Thu Jun 26 10:58:47 2008 Importance: bugfix ID: MDVA-2008:098 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:098 %pre Gnome-session was not migrating files from the old GNOME trash system to its new location at login, preventing old trash management with Nautilus. This package fixes the issue and provides new translations from GNOME 2.22.2. %description GNOME (GNU Network Object Model Environment) is a user-friendly set of applications and desktop tools to be used in conjunction with a window manager for the X Window System. The GNOME Session Manager restores a set session (group of applications) when you log into GNOME. %package swi-prolog swi-prolog-jpl swi-prolog-xpce Update: Thu Jun 26 12:28:04 2008 Importance: bugfix ID: MDVA-2008:099 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:099 %pre The package included with Mandriva Linux 2008 Spring for swi-prolog could not be installed due to an incorrect dependency. This updated package removes the incorrect dependency and can be installed as normal. %description Edinburgh-style Prolog compiler including modules, autoload, libraries, Garbage-collector, stack-expandor, C-interface, GNU-readline and GNU-Emacs interface, very fast compiler. %package libxine1 libxine-devel xine-aa xine-caca xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-jack xine-plugins xine-pulse xine-sdl xine-smb xine-wavpack Update: Thu Jun 26 13:58:17 2008 Importance: security ID: MDVSA-2008:124 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:124 %pre A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). Xine-lib is similarly affected by this issue. As well, the previous version of xine as provided in Mandriva Linux 2008.1 would crash when playing matroska files, and a regression was introduced that prevented Amarok from playing m4a files. The updated packages have been patched to correct this issue. %description xine is a free gpl-licensed video player for unix-like systems. %package libgnomeui2_0 libgnomeui2 libgnomeui2-devel Update: Mon Jun 30 14:51:43 2008 Importance: bugfix ID: MDVA-2008:100 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:100 %pre A missing initialization was preventing correct text rendering in the GTK2 file selector, when using non-UTF8 locales. This updated package fixes this issue, as well as memory leaks and also includes new translations from the GNOME 2.22.2 release. %description Data files for the GNOME UI library such as translations. %package evince libevince0 libevince-devel Update: Mon Jun 30 14:53:12 2008 Importance: bugfix ID: MDVA-2008:101 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:101 %pre Evince was not properly handling multi-page TIFF files and was crashing under specific conditions when requesting printing. This package update fixes those issues and includes additional translations from the GNOME 2.22.2 release. %description Evince is the GNOME Document viewer. Its supports PDF, PostScript and other formats. %package libbdevid-python mkinitrd mkinitrd-devel nash Update: Wed Jul 02 10:32:48 2008 Importance: bugfix ID: MDVA-2008:102 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:102 %pre This mkinitrd update fixes issues with systems using dmraid. It makes sure that the modules for the disk controllers used by a dmraid array are included in the initrd. %description mkinitrd creates filesystem images for use as initial ram filesystem (initramfs) images. These images are used to find and mount the root filesystem. %package finch libfinch0 libpurple0 libpurple-devel pidgin pidgin-bonjour pidgin-client pidgin-gevolution pidgin-i18n pidgin-meanwhile pidgin-mono pidgin-perl pidgin-silc pidgin-tcl Update: Thu Jul 03 13:45:41 2008 Importance: bugfix ID: MDVA-2008:103 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:103 %pre A protocol change at the ICQ servers made it impossible to connect with Pidgin. This update adapts Pidgin to the new protocol version. %description Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Thu Jul 03 15:04:32 2008 Importance: security ID: MDVSA-2008:128 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 %pre A number of vulnerabilities have been found and corrected in PHP: php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors (CVE-2008-0599). The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829). In addition, the updated packages provide a number of bug fixes. The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package devhelp devhelp-plugins epiphany epiphany-devel galeon gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libmozilla-firefox2.0.0.15 libmozilla-firefox-devel mozilla-firefox mozilla-firefox-af mozilla-firefox-ar mozilla-firefox-be mozilla-firefox-bg mozilla-firefox-br_FR mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-el mozilla-firefox-en_GB mozilla-firefox-es_AR mozilla-firefox-es_ES mozilla-firefox-et_EE mozilla-firefox-eu mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-fy mozilla-firefox-ga mozilla-firefox-gnome-support mozilla-firefox-gu_IN mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ka mozilla-firefox-ko mozilla-firefox-ku mozilla-firefox-lt mozilla-firefox-mk mozilla-firefox-mn mozilla-firefox-nb_NO mozilla-firefox-nl mozilla-firefox-nn_NO mozilla-firefox-pa_IN mozilla-firefox-pl mozilla-firefox-pt_BR mozilla-firefox-pt_PT mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv_SE mozilla-firefox-theme-gnome mozilla-firefox-theme-kdeff mozilla-firefox-tr mozilla-firefox-uk mozilla-firefox-zh_CN mozilla-firefox-zh_TW totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer yelp Update: Tue Jul 08 12:21:54 2008 Importance: security ID: MDVSA-2008:136 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.15 (CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811). This update provides the latest Firefox to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-devel openoffice.org-devel-doc openoffice.org-draw openoffice.org-dtd-officedocument1.0 openoffice.org-filter-binfilter openoffice.org-gnome openoffice.org-help-af openoffice.org-help-ar openoffice.org-help-bg openoffice.org-help-br openoffice.org-help-bs openoffice.org-help-ca openoffice.org-help-cs openoffice.org-help-cy openoffice.org-help-da openoffice.org-help-de openoffice.org-help-el openoffice.org-help-en_GB openoffice.org-help-es openoffice.org-help-et openoffice.org-help-eu openoffice.org-help-fi openoffice.org-help-fr openoffice.org-help-he openoffice.org-help-hi openoffice.org-help-hu openoffice.org-help-it openoffice.org-help-ja openoffice.org-help-ko openoffice.org-help-mk openoffice.org-help-nb openoffice.org-help-nl openoffice.org-help-nn openoffice.org-help-pl openoffice.org-help-pt openoffice.org-help-pt_BR openoffice.org-help-ru openoffice.org-help-sk openoffice.org-help-sl openoffice.org-help-sv openoffice.org-help-ta openoffice.org-help-tr openoffice.org-help-zh_CN openoffice.org-help-zh_TW openoffice.org-help-zu openoffice.org-impress openoffice.org-java-common openoffice.org-kde openoffice.org-l10n-af openoffice.org-l10n-ar openoffice.org-l10n-bg openoffice.org-l10n-br openoffice.org-l10n-bs openoffice.org-l10n-ca openoffice.org-l10n-cs openoffice.org-l10n-cy openoffice.org-l10n-da openoffice.org-l10n-de openoffice.org-l10n-el openoffice.org-l10n-en_GB openoffice.org-l10n-es openoffice.org-l10n-et openoffice.org-l10n-eu openoffice.org-l10n-fi openoffice.org-l10n-fr openoffice.org-l10n-he openoffice.org-l10n-hi openoffice.org-l10n-hu openoffice.org-l10n-it openoffice.org-l10n-ja openoffice.org-l10n-ko openoffice.org-l10n-mk openoffice.org-l10n-nb openoffice.org-l10n-nl openoffice.org-l10n-nn openoffice.org-l10n-pl openoffice.org-l10n-pt openoffice.org-l10n-pt_BR openoffice.org-l10n-ru openoffice.org-l10n-sk openoffice.org-l10n-sl openoffice.org-l10n-sv openoffice.org-l10n-ta openoffice.org-l10n-tr openoffice.org-l10n-zh_CN openoffice.org-l10n-zh_TW openoffice.org-l10n-zu openoffice.org-math openoffice.org-mono openoffice.org-openclipart openoffice.org-pyuno openoffice.org-style-andromeda openoffice.org-style-crystal openoffice.org-style-hicontrast openoffice.org-style-industrial openoffice.org-style-tango openoffice.org-testtool openoffice.org-writer Update: Tue Jul 08 15:21:09 2008 Importance: security ID: MDVSA-2008:137 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:137 %pre Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. (CVE-2008-2152) Also, according to bug #38874 decimal numbers on Hebrew documents would appear as Arabic characters. Another issue (#39799) is with measurements units configuration to format paragraphs on the menu: (Tools -> Options -> OpenOffice.org Writer -> General). Even setting to centimeters on (Indent & Spacing) option it shows as characters (ch) on (Indents & Spacing) configuration on the menu: (Format -> Paragraph -> Indents & Spacing). Moreover, a document holding Notes edited on Microsoft Office would not show when opened with OpenOffice. These and a number of other OpenOffice.org issues were fixed by the new version provided in this update. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. %package bind bind-devel bind-doc bind-utils Update: Wed Jul 09 11:40:45 2008 Importance: security ID: MDVSA-2008:139 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:139 %pre A weakness was found in the DNS protocol by Dan Kaminsky. A remote attacker could exploit this weakness to spoof DNS entries and poison DNS caches. This could be used to misdirect users and services; i.e. for web and email traffic (CVE-2008-1447). This update provides the latest stable BIND releases for all platforms except Corporate Server/Desktop 3.0 and MNF2, which have been patched to correct the issue. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package ruby ruby-devel ruby-doc ruby-tk Update: Wed Jul 09 16:42:37 2008 Importance: security ID: MDVSA-2008:140 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:140 %pre Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. (CVE-2008-1891) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package finch libfinch0 libpurple0 libpurple-devel pidgin pidgin-bonjour pidgin-client pidgin-gevolution pidgin-i18n pidgin-meanwhile pidgin-mono pidgin-perl pidgin-silc pidgin-tcl Update: Thu Jul 10 17:45:20 2008 Importance: security ID: MDVSA-2008:143 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:143 %pre An integer overflow flaw was found in Pidgin's MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message (CVE-2008-2927). In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVA-2008:103 (updated pidgin for 2008.1). The updated packages have been patched to correct this issue. %description Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. %package x11-driver-input-evdev Update: Thu Jul 10 18:08:58 2008 Importance: bugfix ID: MDVA-2008:104 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:104 %pre This update corrects two issues with the evdev driver Xorg. The first is that button events were not generated for mice with more than seven buttons (bug #39014); the second is that the pointer did not cross screens using the evdev driver. This update corrects both issues. %description Evdev is an Xorg input driver for Linux's generic event devices. It therefore supports all input devices that the kernel knows about, including most mice and keyboards. %package locales locales-aa locales-af locales-am locales-ar locales-as locales-az locales-be locales-ber locales-bg locales-bn locales-br locales-bs locales-ca locales-cs locales-cy locales-da locales-de locales-dz locales-el locales-en locales-eo locales-es locales-et locales-eu locales-fa locales-fi locales-fo locales-fr locales-fur locales-fy locales-ga locales-gd locales-gl locales-gu locales-gv locales-ha locales-he locales-hi locales-hr locales-hsb locales-hu locales-hy locales-id locales-ig locales-ik locales-is locales-it locales-iu locales-ja locales-ka locales-kk locales-kl locales-km locales-kn locales-ko locales-ku locales-kw locales-ky locales-lg locales-li locales-lo locales-lt locales-lv locales-mg locales-mi locales-mk locales-ml locales-mn locales-mr locales-ms locales-mt locales-nds locales-ne locales-nl locales-no locales-nr locales-nso locales-oc locales-pa locales-pap locales-pl locales-pt locales-ro locales-ru locales-rw locales-sc locales-se locales-si locales-sk locales-sl locales-so locales-sq locales-sr locales-ss locales-st locales-sv locales-sw locales-ta locales-te locales-tg locales-th locales-tk locales-tl locales-tn locales-tr locales-ts locales-tt locales-ug locales-uk locales-ur locales-uz locales-ve locales-vi locales-wa locales-xh locales-yi locales-yo locales-zh locales-zu Update: Thu Jul 10 23:59:48 2008 Importance: bugfix ID: MDVA-2008:105 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:105 %pre A flaw in the locales packages could make the spell checker in OpenOffice.org and other programs to not work as intended (bug #39789). This was a side-effect of the locales packges not updating the _install_langs rpm macro on the system with provided locale variants for some cases. This update also contains additional fixes for issues that affect the stable releases of Mandriva 2008.0 and 2008.1. %description These are the base files for language localization. You also need to install the specific locales-?? for the language(s) you want. Then the user need to set the LANG variable to their preferred language in their ~/.profile configuration file. %package openoffice.org-voikko Update: Fri Jul 11 10:11:44 2008 Importance: bugfix ID: MDVA-2008:106 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:106 %pre openoffice.org-voikko provides Finnish spellchecker and hyphenator component for OpenOffice.org. The package is being updated for the new OpenOffice.org version. %description Finnish spellchecker and hyphenator component for OpenOffice.org. Usually Voikko is automatically activated after the installation. If that won't happen, you can manually activate it from the Writing Aids section of the OpenOffice.org options. %package libldap2.4_2 libldap2.4_2-devel libldap2.4_2-static-devel openldap openldap-clients openldap-doc openldap-servers openldap-testprogs openldap-tests Update: Fri Jul 11 21:07:14 2008 Importance: security ID: MDVSA-2008:144 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:144 %pre A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon (CVE-2008-2952). The updated packages have been patched to correct this issue. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd) which is in the -servers package, libraries for implementing the LDAP protocol (in the lib packages), and utilities, tools, and sample clients (in the -clients package). The openldap binary package includes only configuration files used by the libraries. Install openldap if you need LDAP applications and tools. %package bluez-utils bluez-utils-alsa bluez-utils-cups bluez-utils-gstreamer libbluez2 libbluez-devel Update: Mon Jul 14 19:45:52 2008 Importance: security ID: MDVSA-2008:145 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 %pre An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon (CVE-2008-2374). The updated packages have been patched to correct this issue. %description These are the official Bluetooth communication libraries for Linux. %package libpoppler2 libpoppler-devel libpoppler-glib2 libpoppler-glib-devel libpoppler-qt2 libpoppler-qt4-2 libpoppler-qt4-devel libpoppler-qt-devel poppler Update: Tue Jul 15 14:55:59 2008 Importance: security ID: MDVSA-2008:146 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:146 %pre A memory management issue was found in libpoppler by Felipe Andres Manzano that could allow for the execution of arbitrary code with the privileges of the user running a poppler-based application, if they opened a specially crafted PDF file (CVE-2008-2950). The updated packages have been patched to correct this issue. %description Poppler is a PDF rendering library based on the xpdf-3.0 code base. %package myspell-af_ZA myspell-am_AM myspell-ar_AR myspell-az_AZ myspell-bg_BG myspell-bn_BN myspell-ca_ES myspell-cop_EG myspell-csb_CSB myspell-cs_CZ myspell-cy_GB myspell-da_DK myspell-de_AT myspell-de_CH myspell-de_DE myspell-el_GR myspell-en_AU myspell-en_CA myspell-en_GB myspell-en_NZ myspell-en_US myspell-en_ZA myspell-eo_EO myspell-es_ES myspell-es_MX myspell-et_EE myspell-eu_ES myspell-fa_FA myspell-fa_IR myspell-fi_FI myspell-fj_FJ myspell-fo_FO myspell-fr_BE myspell-fr_FR myspell-fur_IT myspell-fy_NL myspell-ga_IE myspell-gd_GB myspell-gl_ES myspell-gsc_FR myspell-he_IL myspell-hi_IN myspell-hr_HR myspell-hu_HU myspell-hy_AM myspell-id_ID myspell-is_IS myspell-it_IT myspell-km_KH myspell-ku_TR myspell-la_LA myspell-lt_LT myspell-lv_LV myspell-mg_MG myspell-mi_NZ myspell-mn_MN myspell-mr_IN myspell-ms_MY myspell-nb_NO myspell-ne_NP myspell-nl_NL myspell-nn_NO myspell-nr_ZA myspell-ns_ZA myspell-ny_MW myspell-oc_FR myspell-or_OR myspell-pa_PA myspell-pl_PL myspell-pt_BR myspell-pt_PT myspell-qu_BO myspell-ro_RO myspell-ru_RU myspell-rw_RW myspell-sk_SK myspell-sl_SI myspell-ss_ZA myspell-st_ZA myspell-sv_SE myspell-sw_KE myspell-sw_TZ myspell-ta_TA myspell-tet_ID myspell-th_TH myspell-tl_PH myspell-tn_ZA myspell-ts_ZA myspell-uk_UA myspell-uz_UZ myspell-ve_ZA myspell-vi_VI myspell-xh_ZA myspell-zu_ZA Update: Tue Jul 15 15:43:43 2008 Importance: bugfix ID: MDVA-2008:107 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:107 %pre Some thesaurus files of some languages were not properly working witn Mandriva Linux 2008.1. The thesaurus would not bring out the meaning and synonym for any searched word for the following languages: American English, Spanish, French, German, Polish, Czeck, Slovakian, and Hungarian. This release updates the thesaurus files for these languages so that they will work with the Mandriva OpenOffice.org version 2.4.1.5. %description myspell-* packages contain spell checking data to be used by OpenOffice.org or any other MySpell-capable application, like Mozilla. myspell-hyph-* packages contain hyphenation dictionaries for a particular set of languages. %package x11-server x11-server-common x11-server-devel x11-server-xati x11-server-xchips x11-server-xephyr x11-server-xepson x11-server-xfake x11-server-xfbdev x11-server-xi810 x11-server-xmach64 x11-server-xmga x11-server-xnest x11-server-xnvidia x11-server-xorg x11-server-xpm2 x11-server-xr128 x11-server-xsdl x11-server-xsmi x11-server-xvesa x11-server-xvfb x11-server-xvia x11-server-xvnc Update: Tue Jul 15 18:59:40 2008 Importance: bugfix ID: MDVA-2008:108 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:108 %pre This x11-sever update disables offscreen pixmaps by default as they were causing drawing issues with Firefox 3 and other applications. To re-enable this option, use 'Option XaaOffscreenPixmaps on' in xorg.conf. %description X11 servers %package libpcre0 libpcre-devel pcre Update: Tue Jul 15 21:55:10 2008 Importance: security ID: MDVSA-2008:147 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:147 %pre Tavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execution of arbitrary code or a denial of service (CVE-2008-2371). The updated packages have been patched to correct this issue. %description PCRE has its own native API, but a set of "wrapper" functions that are based on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow Perl syntax and semantics. This package contains a grep variant based on the PCRE library. %package timezone timezone-java Update: Wed Jul 16 15:32:21 2008 Importance: normal ID: MDVA-2008:109 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:109 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package devhelp devhelp-plugins epiphany epiphany-devel galeon gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libmozilla-firefox2.0.0.16 libmozilla-firefox-devel mozilla-firefox mozilla-firefox-af mozilla-firefox-ar mozilla-firefox-be mozilla-firefox-bg mozilla-firefox-br_FR mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-el mozilla-firefox-en_GB mozilla-firefox-es_AR mozilla-firefox-es_ES mozilla-firefox-et_EE mozilla-firefox-eu mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-fy mozilla-firefox-ga mozilla-firefox-gnome-support mozilla-firefox-gu_IN mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ka mozilla-firefox-ko mozilla-firefox-ku mozilla-firefox-lt mozilla-firefox-mk mozilla-firefox-mn mozilla-firefox-nb_NO mozilla-firefox-nl mozilla-firefox-nn_NO mozilla-firefox-pa_IN mozilla-firefox-pl mozilla-firefox-pt_BR mozilla-firefox-pt_PT mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv_SE mozilla-firefox-theme-gnome mozilla-firefox-theme-kdeff mozilla-firefox-tr mozilla-firefox-uk mozilla-firefox-zh_CN mozilla-firefox-zh_TW totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer yelp Update: Thu Jul 17 15:42:42 2008 Importance: security ID: MDVSA-2008:148 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:148 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16 (CVE-2008-2785, CVE-2008-2933). This update provides the latest Firefox to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Sat Jul 19 10:40:19 2008 Importance: security ID: MDVSA-2008:149 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:149 %pre Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079). The updated packages have been patched to correct this issue. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License. You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package openoffice.org-voikko Update: Mon Jul 21 10:23:55 2008 Importance: bugfix ID: MDVA-2008:106-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:106-1 %pre openoffice.org-voikko provides Finnish spellchecker and hyphenator component for OpenOffice.org. The package is being updated for the new OpenOffice.org version. Update: Due to a build error, the previous update for i586 architecture was built against the old OpenOffice.org. This update fixes that. %description Finnish spellchecker and hyphenator component for OpenOffice.org. Usually Voikko is automatically activated after the installation. If that won't happen, you can manually activate it from the Writing Aids section of the OpenOffice.org options. %package libxslt1 libxslt-devel libxslt-proc python-libxslt Update: Mon Jul 21 16:30:18 2008 Importance: security ID: MDVSA-2008:151 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:151 %pre A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code (CVE-2008-1767). The updated packages have been patched to correct this issue. %description This C library allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Tue Jul 22 13:50:50 2008 Importance: security ID: MDVSA-2008:152 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:152 %pre A vulnerability was found in Wireshark, that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.2, which is not vulnerable to that. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package emacs emacs-common emacs-doc emacs-el emacs-gtk emacs-leim emacs-nox Update: Wed Jul 23 12:36:19 2008 Importance: security ID: MDVSA-2008:153 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:153 %pre A vulnerability in emacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by emacs (CVE-2008-2142). The updated packages have been patched to correct this issue. %description Emacs-X11 includes the Emacs text editor program for use with the X Window System (it provides support for the mouse and other GUI elements). Emacs-X11 will also run Emacs outside of X, but it has a larger memory footprint than the 'non-X' Emacs package (emacs-nox). Install emacs if you are going to use Emacs with the X Window System. You should also install emacs if you're going to run Emacs both with and without X (it will work fine both ways). You'll also need to install the emacs-common package in order to run Emacs. %package mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Fri Jul 25 13:12:08 2008 Importance: security ID: MDVSA-2008:155 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:155 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811). This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW Update: Sun Jul 27 09:39:03 2008 Importance: security ID: MDVSA-2008:155-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:155-1 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811). This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. Update: The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16. %description Localizations for Enigmail %package libpng3 libpng-devel libpng-source libpng-static-devel Update: Mon Jul 28 14:33:11 2008 Importance: security ID: MDVSA-2008:156 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:156 %pre Tavis Ormandy of the Google Security Team discovered a flaw in how libpng handles zero-length unknown chunks in PNG files, which could lead to memory corruption in applications that make use of certain functions (CVE-2008-1382). The updated packages have been patched to correct this issue. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package libpulseaudio0 libpulseaudio-devel libpulsecore5 libpulseglib20 libpulsezeroconf0 pulseaudio pulseaudio-esound-compat pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils Update: Mon Jul 28 19:33:39 2008 Importance: bugfix ID: MDVA-2008:110 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:110 %pre The pulseaudio package shipped with Mandriva 2008 Spring does not remember a default device setting across sessions. If a user were to use pavucontrol to select an alternate default device, it will only work for that session. Logging out then back in again will revert back to the system default. A separate issue also prevents the settings in client.conf from working when pulse is started under an X11 session (which is the default way of starting pulseaudio). This is because the client.conf has a lower priority than the X11 root window properties. This update addresses both these issues, but please note that pulseaudio remembers the per-stream device preferences, so only new streams that have not been played before will routed to any new default device you pick. This can be remedied by removing the ~/.pulse/volume-restore.table file before logging in to a graphical session or by moving the individual streams manually in pavucontrol as required. %description pulseaudio is a sound server for Linux and other Unix like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (EsounD). In addition to the features EsounD provides pulseaudio has: * Extensible plugin architecture (by loading dynamic loadable modules with dlopen()) * Support for more than one sink/source * Better low latency behaviour * Embedabble into other software (the core is available as C library) * Completely asynchronous C API * Simple command line interface for reconfiguring the daemon while running * Flexible, implicit sample type conversion and resampling * "Zero-Copy" architecture * Module autoloading * Very accurate latency measurement for playback and recording. * May be used to combine multiple sound cards to one (with sample rate adjustment) * Client side latency interpolation %package ffmpeg libavformats52 libavutil49 libffmpeg51 libffmpeg-devel libffmpeg-static-devel Update: Tue Jul 29 12:04:14 2008 Importance: security ID: MDVSA-2008:157 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:157 %pre A vulnerability was found in how ffmpeg handled STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg (CVE-2008-3162). The updated packages have been patched to correct this issue. %description ffmpeg is a hyper fast realtime audio/video encoder, a streaming server and a generic audio and video file converter. It can grab from a standard Video4Linux video source and convert it into several file formats based on DCT/motion compensation encoding. Sound is compressed in MPEG audio layer 2 or using an AC3 compatible stream. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui mozilla-firefox-ext-beagle mozilla-thunderbird-beagle Update: Tue Jul 29 15:51:37 2008 Importance: bugfix ID: MDVA-2008:113 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:113 %pre Beagle provides extensions for both Mozilla Firefox and Mozilla Thunderbird, that depend on the exact version of these programs. Rebuilding these packages did not occur with the lastest Mozilla Firefox and Mozilla Thunderbird security advisories, so these packages are being provided rebuilt against the latest versions. %description Beagle is an indexing sub-system and search aggregator built on top of Lucene.Net. It can index your files, mailboxes, your web browsing behaviour and other things. %package audacity Update: Tue Jul 29 18:25:12 2008 Importance: bugfix ID: MDVA-2008:114 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:114 %pre Audacity as shipped with Mandriva Linux 2008.1 was built with the libresample sample rate conversion library, but the resampling feature did not work. This updated package switches to using libsamplerate for sample rate conversion. %description Audacity is a program that lets you manipulate digital audio waveforms. In addition to letting you record sounds directly from within the program, it imports many sound file formats, including WAV, AIFF, MP3 and Ogg/Vorbis. It supports all common editing operations such as Cut, Copy, and Paste, plus it will mix tracks and let you apply plug-in effects to any part of a sound. It also has a built-in amplitude envelope editor, a customizable spectrogram mode and a frequency analysis window for audio analysis applications. %package libxslt1 libxslt-devel libxslt-proc python-libxslt Update: Fri Aug 01 11:31:42 2008 Importance: security ID: MDVSA-2008:160 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:160 %pre Chris Evans of the Google Security Team found a vulnerability in the RC4 processing code in libxslt that did not properly handle corrupted key information. A remote attacker able to make an application linked against libxslt process malicious XML input could cause the application to crash or possibly execute arbitrary code with the privileges of the application in question (CVE-2008-2935). The updated packages have been patched to correct this issue. %description This C library allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. %package rxvt rxvt-CJK Update: Thu Aug 07 11:31:53 2008 Importance: security ID: MDVSA-2008:161 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:161 %pre A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections (CVE-2008-1142). The updated packages have been patched to correct this issue. %description Rxvt is a color VT102 terminal emulator for the X Window System. Rxvt is intended to be an xterm replacement for users who don't need the more esoteric features of xterm, like Tektronix 4014 emulation, session logging and toolkit style configurability. Since it doesn't support those features, rxvt uses much less swap space than xterm uses. This is a significant advantage on a machine which is serving a large number of X sessions. The rxvt package should be installed on any machine which serves a large number of X sessions, if you'd like to improve that machine's performance. This version of rxvt can display Japanese, Chinese (Big5 and GuoBiao) and Korean. %package dkms-kqemu qemu qemu-img Update: Thu Aug 07 14:46:23 2008 Importance: security ID: MDVSA-2008:162 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 %pre Multiple vulnerabilities have been found in Qemu. Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to attempting to mark non-existent regions as dirty, aka the bitblt heap overflow. (CVE-2007-1320) Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 receive integer signedness error. (CVE-2007-1321) QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. (CVE-2007-1322) QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by aam 0x0, which triggers a divide-by-zero error. (CVE-2007-1366) The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 mtu heap overflow. (CVE-2007-5729) Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the net socket listen option, aka QEMU net socket heap overflow. (CVE-2007-5730) QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an overflow, via certain Windows executable programs, as demonstrated by qemu-dos.com. (CVE-2007-6227) Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. (CVE-2008-0928) Changing removable media in QEMU could trigger a bug similar to CVE-2008-2004, which would allow local guest users to read arbitrary files on the host by modifying the header of the image to identify a different format. (CVE-2008-1945) See the diskformat: parameter to the -usbdevice option. The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. (CVE-2008-2004) See the -format option. The updated packages have been patched to fix these issues. %description QEMU is a FAST! processor emulator. By using dynamic translation it achieves a reasonnable speed while being easy to port on new host CPUs. QEMU has two operating modes: * User mode emulation. In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. Linux system calls are converted because of endianness and 32/64 bit mismatches. Wine (Windows emulation) and DOSEMU (DOS emulation) are the main targets for QEMU. * Full system emulation. In this mode, QEMU emulates a full system, including a processor and various peripherials. Currently, it is only used to launch an x86 Linux kernel on an x86 Linux system. It enables easier testing and debugging of system code. It can also be used to provide virtual hosting of several virtual PC on a single server. This QEMU package provides support for KQEMU, the QEMU Accelerator module. This QEMU package provides support for KVM (Kernel-based Virtual Machine), a full virtualization solution for Linux on x86 hardware containing virtualization extensions (AMD-v or Intel VT). %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Thu Aug 07 16:02:23 2008 Importance: bugfix ID: MDVA-2008:115 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:115 %pre This drakxtools update contains file leaks and automatic disk discovery fixes. The network driver detection used to leak file descriptors, meaning that network applications like the wireless tool or the network center stopped working after extended use. The automatic disk discovery tool did not correctly mark new media as removable, and thus they were checked at every boot, which stopped the boot process if the media was not present. Both problems are fixed in this update. %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package libpython2.5 libpython2.5-devel python python-base python-docs tkinter tkinter-apps Update: Thu Aug 07 16:12:12 2008 Importance: security ID: MDVSA-2008:163 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 %pre Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). He also reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142). Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144). The updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package drakx-net drakx-net-text initscripts libdrakx-net Update: Thu Aug 07 17:43:23 2008 Importance: bugfix ID: MDVA-2008:116 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:116 %pre This update of the drakx-net and initscripts packages improves wireless strength detection and fixes connection with rt61 devices (using the rt61pci driver). Such connections used to fail when the wpa_supplicant daemon was used. This update makes the network tools force a reassociation when the rt61pci driver is used. %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package perl perl-base perl-devel perl-doc perl-suid Update: Mon Aug 11 10:22:39 2008 Importance: security ID: MDVSA-2008:165 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:165 %pre The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack. The updated packages have been patched to fix this. %description Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications (and what it excels at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. You need perl-base to have a full perl. %package clamav clamav-db clamav-milter clamd libclamav4 libclamav-devel Update: Tue Aug 12 14:54:10 2008 Importance: security ID: MDVSA-2008:166 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:166 %pre An incomplete fix for CVE-2008-2713 resulted in remote attackers being able to cause a denial of service via a malformed Petite file that triggered an out-of-bounds memory access (CVE-2008-3215). This issue is corrected with the 0.93.3 release which is being provided. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package actuator-kernel-2.6.24.7-desktop-1mnb actuator-kernel-2.6.24.7-desktop586-1mnb actuator-kernel-2.6.24.7-laptop-1mnb actuator-kernel-2.6.24.7-server-1mnb actuator-kernel-desktop586-latest actuator-kernel-desktop-latest actuator-kernel-laptop-latest actuator-kernel-server-latest alsa_raoppcm-kernel-2.6.24.7-desktop-1mnb alsa_raoppcm-kernel-2.6.24.7-desktop586-1mnb alsa_raoppcm-kernel-2.6.24.7-laptop-1mnb alsa_raoppcm-kernel-2.6.24.7-server-1mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-laptop-latest alsa_raoppcm-kernel-server-latest dkms-pcc-acpi-kernel-2.6.24.7-desktop-1mnb dkms-pcc-acpi-kernel-2.6.24.7-desktop586-1mnb dkms-pcc-acpi-kernel-2.6.24.7-laptop-1mnb dkms-pcc-acpi-kernel-2.6.24.7-server-1mnb dkms-pcc-acpi-kernel-desktop586-latest dkms-pcc-acpi-kernel-desktop-latest dkms-pcc-acpi-kernel-laptop-latest dkms-pcc-acpi-kernel-server-latest drm-experimental-kernel-2.6.24.7-desktop-1mnb drm-experimental-kernel-2.6.24.7-desktop586-1mnb drm-experimental-kernel-2.6.24.7-laptop-1mnb drm-experimental-kernel-2.6.24.7-server-1mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-laptop-latest drm-experimental-kernel-server-latest em8300-kernel-2.6.24.7-desktop-1mnb em8300-kernel-2.6.24.7-desktop586-1mnb em8300-kernel-2.6.24.7-laptop-1mnb em8300-kernel-2.6.24.7-server-1mnb em8300-kernel-desktop586-latest em8300-kernel-desktop-latest em8300-kernel-laptop-latest em8300-kernel-server-latest et131x-kernel-2.6.24.7-desktop-1mnb et131x-kernel-2.6.24.7-desktop586-1mnb et131x-kernel-2.6.24.7-laptop-1mnb et131x-kernel-2.6.24.7-server-1mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-laptop-latest et131x-kernel-server-latest fcdsl2-kernel-2.6.24.7-desktop-1mnb fcdsl2-kernel-2.6.24.7-desktop586-1mnb fcdsl2-kernel-2.6.24.7-laptop-1mnb fcdsl2-kernel-2.6.24.7-server-1mnb fcdsl2-kernel-desktop586-latest fcdsl2-kernel-desktop-latest fcdsl2-kernel-laptop-latest fcdsl2-kernel-server-latest fcdsl-kernel-2.6.24.7-desktop-1mnb fcdsl-kernel-2.6.24.7-desktop586-1mnb fcdsl-kernel-2.6.24.7-laptop-1mnb fcdsl-kernel-2.6.24.7-server-1mnb fcdsl-kernel-desktop586-latest fcdsl-kernel-desktop-latest fcdsl-kernel-laptop-latest fcdsl-kernel-server-latest fcdslsl-kernel-2.6.24.7-desktop-1mnb fcdslsl-kernel-2.6.24.7-desktop586-1mnb fcdslsl-kernel-2.6.24.7-laptop-1mnb fcdslsl-kernel-2.6.24.7-server-1mnb fcdslsl-kernel-desktop586-latest fcdslsl-kernel-desktop-latest fcdslsl-kernel-laptop-latest fcdslsl-kernel-server-latest fcdslslusb-kernel-2.6.24.7-desktop-1mnb fcdslslusb-kernel-2.6.24.7-desktop586-1mnb fcdslslusb-kernel-2.6.24.7-laptop-1mnb fcdslslusb-kernel-2.6.24.7-server-1mnb fcdslslusb-kernel-desktop586-latest fcdslslusb-kernel-desktop-latest fcdslslusb-kernel-laptop-latest fcdslslusb-kernel-server-latest fcdslusb2-kernel-2.6.24.7-desktop-1mnb fcdslusb2-kernel-2.6.24.7-desktop586-1mnb fcdslusb2-kernel-2.6.24.7-laptop-1mnb fcdslusb2-kernel-2.6.24.7-server-1mnb fcdslusb2-kernel-desktop586-latest fcdslusb2-kernel-desktop-latest fcdslusb2-kernel-laptop-latest fcdslusb2-kernel-server-latest fcdslusba-kernel-2.6.24.7-desktop-1mnb fcdslusba-kernel-2.6.24.7-desktop586-1mnb fcdslusba-kernel-2.6.24.7-laptop-1mnb fcdslusba-kernel-2.6.24.7-server-1mnb fcdslusba-kernel-desktop586-latest fcdslusba-kernel-desktop-latest fcdslusba-kernel-laptop-latest fcdslusba-kernel-server-latest fcdslusb-kernel-2.6.24.7-desktop-1mnb fcdslusb-kernel-2.6.24.7-desktop586-1mnb fcdslusb-kernel-2.6.24.7-laptop-1mnb fcdslusb-kernel-2.6.24.7-server-1mnb fcdslusb-kernel-desktop586-latest fcdslusb-kernel-desktop-latest fcdslusb-kernel-laptop-latest fcdslusb-kernel-server-latest fcpci-kernel-2.6.24.7-desktop-1mnb fcpci-kernel-2.6.24.7-desktop586-1mnb fcpci-kernel-2.6.24.7-laptop-1mnb fcpci-kernel-2.6.24.7-server-1mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-laptop-latest fcpci-kernel-server-latest fcusb2-kernel-2.6.24.7-desktop-1mnb fcusb2-kernel-2.6.24.7-desktop586-1mnb fcusb2-kernel-2.6.24.7-laptop-1mnb fcusb2-kernel-2.6.24.7-server-1mnb fcusb2-kernel-desktop586-latest fcusb2-kernel-desktop-latest fcusb2-kernel-laptop-latest fcusb2-kernel-server-latest fcusb-kernel-2.6.24.7-desktop-1mnb fcusb-kernel-2.6.24.7-desktop586-1mnb fcusb-kernel-2.6.24.7-laptop-1mnb fcusb-kernel-2.6.24.7-server-1mnb fcusb-kernel-desktop586-latest fcusb-kernel-desktop-latest fcusb-kernel-laptop-latest fcusb-kernel-server-latest fglrx-kernel-2.6.24.7-desktop-1mnb fglrx-kernel-2.6.24.7-desktop586-1mnb fglrx-kernel-2.6.24.7-laptop-1mnb fglrx-kernel-2.6.24.7-server-1mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-laptop-latest fglrx-kernel-server-latest fxusb_CZ-kernel-2.6.24.7-desktop-1mnb fxusb_CZ-kernel-2.6.24.7-desktop586-1mnb fxusb_CZ-kernel-2.6.24.7-laptop-1mnb fxusb_CZ-kernel-2.6.24.7-server-1mnb fxusb_CZ-kernel-desktop586-latest fxusb_CZ-kernel-desktop-latest fxusb_CZ-kernel-laptop-latest fxusb_CZ-kernel-server-latest fxusb-kernel-2.6.24.7-desktop-1mnb fxusb-kernel-2.6.24.7-desktop586-1mnb fxusb-kernel-2.6.24.7-laptop-1mnb fxusb-kernel-2.6.24.7-server-1mnb fxusb-kernel-desktop586-latest fxusb-kernel-desktop-latest fxusb-kernel-laptop-latest fxusb-kernel-server-latest hsfmodem-kernel-2.6.24.7-desktop-1mnb hsfmodem-kernel-2.6.24.7-desktop586-1mnb hsfmodem-kernel-2.6.24.7-laptop-1mnb hsfmodem-kernel-2.6.24.7-server-1mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-laptop-latest hsfmodem-kernel-server-latest ipw3945-kernel-2.6.24.7-desktop-1mnb ipw3945-kernel-2.6.24.7-desktop586-1mnb ipw3945-kernel-2.6.24.7-laptop-1mnb ipw3945-kernel-2.6.24.7-server-1mnb ipw3945-kernel-desktop586-latest ipw3945-kernel-desktop-latest ipw3945-kernel-laptop-latest ipw3945-kernel-server-latest iwlwifi-kernel-2.6.24.7-desktop-1mnb iwlwifi-kernel-2.6.24.7-desktop586-1mnb iwlwifi-kernel-2.6.24.7-laptop-1mnb iwlwifi-kernel-2.6.24.7-server-1mnb iwlwifi-kernel-desktop586-latest iwlwifi-kernel-desktop-latest iwlwifi-kernel-laptop-latest iwlwifi-kernel-server-latest kernel-2.6.24.7-1mnb kernel-desktop-2.6.24.7-1mnb kernel-desktop586-2.6.24.7-1mnb kernel-desktop586-devel-2.6.24.7-1mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.24.7-1mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-laptop-2.6.24.7-1mnb kernel-laptop-devel-2.6.24.7-1mnb kernel-laptop-devel-latest kernel-laptop-latest kernel-server-2.6.24.7-1mnb kernel-server-devel-2.6.24.7-1mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.24.7-1mnb kernel-source-latest kqemu-kernel-2.6.24.7-desktop-1mnb kqemu-kernel-2.6.24.7-desktop586-1mnb kqemu-kernel-2.6.24.7-laptop-1mnb kqemu-kernel-2.6.24.7-server-1mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-laptop-latest kqemu-kernel-server-latest libafs-kernel-2.6.24.7-desktop-1mnb libafs-kernel-2.6.24.7-desktop586-1mnb libafs-kernel-2.6.24.7-laptop-1mnb libafs-kernel-2.6.24.7-server-1mnb libafs-kernel-desktop586-latest libafs-kernel-desktop-latest libafs-kernel-laptop-latest libafs-kernel-server-latest lirc-kernel-2.6.24.7-desktop-1mnb lirc-kernel-2.6.24.7-desktop586-1mnb lirc-kernel-2.6.24.7-laptop-1mnb lirc-kernel-2.6.24.7-server-1mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-laptop-latest lirc-kernel-server-latest lzma-kernel-2.6.24.7-desktop-1mnb lzma-kernel-2.6.24.7-desktop586-1mnb lzma-kernel-2.6.24.7-laptop-1mnb lzma-kernel-2.6.24.7-server-1mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-laptop-latest lzma-kernel-server-latest m560x-kernel-2.6.24.7-desktop-1mnb m560x-kernel-2.6.24.7-desktop586-1mnb m560x-kernel-2.6.24.7-laptop-1mnb m560x-kernel-2.6.24.7-server-1mnb m560x-kernel-desktop586-latest m560x-kernel-desktop-latest m560x-kernel-laptop-latest m560x-kernel-server-latest madwifi-kernel-2.6.24.7-desktop-1mnb madwifi-kernel-2.6.24.7-desktop586-1mnb madwifi-kernel-2.6.24.7-laptop-1mnb madwifi-kernel-2.6.24.7-server-1mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-laptop-latest madwifi-kernel-server-latest ndiswrapper-kernel-2.6.24.7-desktop-1mnb ndiswrapper-kernel-2.6.24.7-desktop586-1mnb ndiswrapper-kernel-2.6.24.7-laptop-1mnb ndiswrapper-kernel-2.6.24.7-server-1mnb ndiswrapper-kernel-desktop586-latest ndiswrapper-kernel-desktop-latest ndiswrapper-kernel-laptop-latest ndiswrapper-kernel-server-latest nvidia71xx-kernel-2.6.24.7-desktop-1mnb nvidia71xx-kernel-2.6.24.7-desktop586-1mnb nvidia71xx-kernel-2.6.24.7-laptop-1mnb nvidia71xx-kernel-2.6.24.7-server-1mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-laptop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.24.7-desktop-1mnb nvidia96xx-kernel-2.6.24.7-desktop586-1mnb nvidia96xx-kernel-2.6.24.7-laptop-1mnb nvidia96xx-kernel-2.6.24.7-server-1mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-laptop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.24.7-desktop-1mnb nvidia-current-kernel-2.6.24.7-desktop586-1mnb nvidia-current-kernel-2.6.24.7-laptop-1mnb nvidia-current-kernel-2.6.24.7-server-1mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-laptop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.24.7-desktop-1mnb omfs-kernel-2.6.24.7-desktop586-1mnb omfs-kernel-2.6.24.7-laptop-1mnb omfs-kernel-2.6.24.7-server-1mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-laptop-latest omfs-kernel-server-latest opencbm-kernel-2.6.24.7-desktop-1mnb opencbm-kernel-2.6.24.7-desktop586-1mnb opencbm-kernel-2.6.24.7-laptop-1mnb opencbm-kernel-2.6.24.7-server-1mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-laptop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.24.7-desktop-1mnb ov51x-jpeg-kernel-2.6.24.7-desktop586-1mnb ov51x-jpeg-kernel-2.6.24.7-laptop-1mnb ov51x-jpeg-kernel-2.6.24.7-server-1mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-laptop-latest ov51x-jpeg-kernel-server-latest qc-usb-messenger-kernel-2.6.24.7-desktop-1mnb qc-usb-messenger-kernel-2.6.24.7-desktop586-1mnb qc-usb-messenger-kernel-2.6.24.7-laptop-1mnb qc-usb-messenger-kernel-2.6.24.7-server-1mnb qc-usb-messenger-kernel-desktop586-latest qc-usb-messenger-kernel-desktop-latest qc-usb-messenger-kernel-laptop-latest qc-usb-messenger-kernel-server-latest r5u870-kernel-2.6.24.7-desktop-1mnb r5u870-kernel-2.6.24.7-desktop586-1mnb r5u870-kernel-2.6.24.7-laptop-1mnb r5u870-kernel-2.6.24.7-server-1mnb r5u870-kernel-desktop586-latest r5u870-kernel-desktop-latest r5u870-kernel-laptop-latest r5u870-kernel-server-latest realcrypt-kernel-2.6.24.7-desktop-1mnb realcrypt-kernel-2.6.24.7-desktop586-1mnb realcrypt-kernel-2.6.24.7-laptop-1mnb realcrypt-kernel-2.6.24.7-server-1mnb realcrypt-kernel-desktop586-latest realcrypt-kernel-desktop-latest realcrypt-kernel-laptop-latest realcrypt-kernel-server-latest slmodem-kernel-2.6.24.7-desktop-1mnb slmodem-kernel-2.6.24.7-desktop586-1mnb slmodem-kernel-2.6.24.7-laptop-1mnb slmodem-kernel-2.6.24.7-server-1mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-laptop-latest slmodem-kernel-server-latest squashfs-kernel-2.6.24.7-desktop-1mnb squashfs-kernel-2.6.24.7-desktop586-1mnb squashfs-kernel-2.6.24.7-laptop-1mnb squashfs-kernel-2.6.24.7-server-1mnb squashfs-kernel-desktop586-latest squashfs-kernel-desktop-latest squashfs-kernel-laptop-latest squashfs-kernel-server-latest squashfs-lzma-kernel-2.6.24.7-desktop-1mnb squashfs-lzma-kernel-2.6.24.7-desktop586-1mnb squashfs-lzma-kernel-2.6.24.7-laptop-1mnb squashfs-lzma-kernel-2.6.24.7-server-1mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-laptop-latest squashfs-lzma-kernel-server-latest syntek-kernel-2.6.24.7-desktop-1mnb syntek-kernel-2.6.24.7-desktop586-1mnb syntek-kernel-2.6.24.7-laptop-1mnb syntek-kernel-2.6.24.7-server-1mnb syntek-kernel-desktop586-latest syntek-kernel-desktop-latest syntek-kernel-laptop-latest syntek-kernel-server-latest tp_smapi-kernel-2.6.24.7-desktop-1mnb tp_smapi-kernel-2.6.24.7-desktop586-1mnb tp_smapi-kernel-2.6.24.7-laptop-1mnb tp_smapi-kernel-2.6.24.7-server-1mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-laptop-latest tp_smapi-kernel-server-latest unicorn-kernel-2.6.24.7-desktop-1mnb unicorn-kernel-2.6.24.7-desktop586-1mnb unicorn-kernel-2.6.24.7-laptop-1mnb unicorn-kernel-2.6.24.7-server-1mnb unicorn-kernel-desktop586-latest unicorn-kernel-desktop-latest unicorn-kernel-laptop-latest unicorn-kernel-server-latest unionfs-kernel-2.6.24.7-desktop-1mnb unionfs-kernel-2.6.24.7-desktop586-1mnb unionfs-kernel-2.6.24.7-laptop-1mnb unionfs-kernel-2.6.24.7-server-1mnb unionfs-kernel-desktop586-latest unionfs-kernel-desktop-latest unionfs-kernel-laptop-latest unionfs-kernel-server-latest vboxadd-kernel-2.6.24.7-desktop-1mnb vboxadd-kernel-2.6.24.7-desktop586-1mnb vboxadd-kernel-2.6.24.7-laptop-1mnb vboxadd-kernel-2.6.24.7-server-1mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-laptop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.24.7-desktop-1mnb vboxvfs-kernel-2.6.24.7-desktop586-1mnb vboxvfs-kernel-2.6.24.7-laptop-1mnb vboxvfs-kernel-2.6.24.7-server-1mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-laptop-latest vboxvfs-kernel-server-latest virtualbox-kernel-2.6.24.7-desktop-1mnb virtualbox-kernel-2.6.24.7-desktop586-1mnb virtualbox-kernel-2.6.24.7-laptop-1mnb virtualbox-kernel-2.6.24.7-server-1mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-laptop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.24.7-desktop-1mnb vpnclient-kernel-2.6.24.7-desktop586-1mnb vpnclient-kernel-2.6.24.7-laptop-1mnb vpnclient-kernel-2.6.24.7-server-1mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-laptop-latest vpnclient-kernel-server-latest Update: Tue Aug 12 15:07:45 2008 Importance: security ID: MDVSA-2008:167 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:167 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. (CVE-2008-2136) The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. (CVE-2008-2148) Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow. (CVE-2008-2358) The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. (CVE-2008-2750) Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. (CVE-2008-1615) Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure. (CVE-2008-2826) Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. (CVE-2008-1375) The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. (CVE-2008-1675) Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain re-ordered access to the descriptor table. (CVE-2008-1669) Additionaly, a number of fixes has been included for the rtc driver, Arima W651DI audio chipset, unionfs, as well as Tomoyolinux has been updated to 1.6.3, UDF 2.50 support was added, and a few things more. Check the package changelog for more details. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package libstunnel0 libstunnel-devel libstunnel-static-devel stunnel Update: Wed Aug 13 19:11:52 2008 Importance: security ID: MDVSA-2008:168 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:168 %pre A vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel (CVE-2008-2420). This flaw only concerns users who have enabled OCSP validation in stunnel. The updated packages have been patched to correct this issue. %description The stunnel program is designed to work as SSL encryption wrapper between remote clients and local (inetd-startable) or remote servers. The concept is that having non-SSL aware daemons running on your system you can easily set them up to communicate with clients over secure SSL channels. stunnel can be used to add SSL functionality to commonly used inetd daemons like POP-2, POP-3, and IMAP servers, to standalone daemons like NNTP, SMTP and HTTP, and in tunneling PPP over network sockets without changes to the source code. %package hplip hplip-doc hplip-hpijs hplip-hpijs-ppds hplip-model-data libhpip0 libhpip0-devel libsane-hpaio1 Update: Wed Aug 13 19:15:38 2008 Importance: security ID: MDVSA-2008:169 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:169 %pre Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account (CVE-2008-2940). Another vulnerability was discovered by Marc Schoenefeld in the hpssd message parser that could allow a local attacker to stop the hpssd process by sending specially-craftd packets, causing a denial of service (CVE-2008-2941). The updated packages have been patched to correct these issues. %description This is the HP driver package to supply Linux support for most Hewlett-Packard DeskJet, LaserJet, PSC, OfficeJet, and PhotoSmart printers and all-in-one peripherals (also known as Multi-Function Peripherals or MFPs), which can print, scan, copy, fax, and/or access flash memory cards. It is work in progress, but printing, scanning, memory card access, ink/toner/battery/consumable level checking, and inkjet printer maintenance are supported on most models, when either connected to the USB or LAN (built-in interfaces or selected HP JetDirect models) on a Linux workstation with CUPS printing system. For status and consumable checking and also for inkjet maintenance there is the graphical tool "hp-toolbox" available (Menu: "System"/"Monitoring"/"HP Printer Toolbox"). %package cups cups-common cups-serial libcups2 libcups2-devel php-cups Update: Wed Aug 13 19:22:45 2008 Importance: security ID: MDVSA-2008:170 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:170 %pre Thomas Pollet discovered an integer overflow vulnerability in the PNG image handling filter in CUPS. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a denial of service by sending a specially crafted PNG image to the print server (CVE-2008-1722). The updated packages have been patched to correct this issue. %description CUPS 1.2 is fully compatible with CUPS-1.1 machines in the network and with software built against CUPS-1.1 libraries. The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libpostfix1 postfix postfix-ldap postfix-mysql postfix-pcre postfix-pgsql Update: Fri Aug 15 11:24:12 2008 Importance: security ID: MDVSA-2008:171 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:171 %pre Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to (CVE-2008-2936). The updated packages have been patched to correct this issue. %description Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. PLEASE READ THE /usr/share/doc/postfix/README.MDK FILE. This rpm supports different build time options, to enable or disable these features you must rebuild the source rpm using the --with ... or --without ... rpm option. Currently postfix has been built with: Smtpd multiline greeting: --without multiline Virtual Delivery Agent: --without VDA Munge bare CR: --without barecr TLS support: --with tls IPV6 support: --with ipv6 CDB support: --without cdb Chroot by default: --with chroot Multi Instance Support: --without multi_instance %package amarok amarok-engine-void amarok-engine-xine amarok-engine-yauap amarok-scripts libamarok0 libamarok0-scripts libamarok-devel libamarok-scripts-devel Update: Fri Aug 15 12:45:14 2008 Importance: security ID: MDVSA-2008:172 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:172 %pre A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name (CVE-2008-3699). The updated packages have been patched to correct this issue. %description Feature Overview * Music Collection: You have a huge music library and want to locate tracks quickly? Let amaroK's powerful Collection take care of that! It's a database powered music store, which keeps track of your complete music library, allowing you to find any title in a matter of seconds. * Intuitive User Interface: You will be amazed to see how easy amaroK is to use! Simply drag-and-drop files into the playlist. No hassle with complicated buttons or tangled menus. Listening to music has never been easier! * Streaming Radio: Web streams take radio to the next level: Listen to thousands of great radio stations on the internet, for free! amaroK provides excellent streaming support, with advanced features, such as displaying titles of the currently playing songs. * Context Browser: This tool provides useful information on the music you are currently listening to, and can make listening suggestions, based on your personal music taste. An innovate and unique feature. * Visualizations: amaroK is compatible with XMMS visualization plugins. Allows you to use the great number of stunning visualizations available on the net. 3d visualizations with OpenGL are a great way to enhance your music experience. %package yelp Update: Wed Aug 20 10:07:28 2008 Importance: security ID: MDVSA-2008:175 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 %pre A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs (CVE-2008-3533). The updated packages have been patched to correct this issue. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package libxine1 libxine-devel xine-aa xine-caca xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-jack xine-plugins xine-pulse xine-sdl xine-smb xine-wavpack Update: Wed Aug 20 18:30:03 2008 Importance: security ID: MDVSA-2008:177 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:177 %pre Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title (CVE-2008-1878). The updated packages have been patched to correct this issue. %description xine is a free gpl-licensed video player for unix-like systems. %package libmetisse1 libmetisse1-devel metisse metisse-fvwm x11-server-xmetisse Update: Thu Aug 21 12:32:51 2008 Importance: security ID: MDVSA-2008:179 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:179 %pre An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server (CVE-2008-1379). Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could explot these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361, CVE-2008-2362). The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them. %description Metisse is an experimental X desktop with some OpenGL capacity. It consists of a virtual X server called Xmetisse, a special version of FVWM, and a FVWM module FvwmCompositor. %package libxml2_2 libxml2-devel libxml2-python libxml2-utils Update: Thu Aug 21 14:37:58 2008 Importance: security ID: MDVSA-2008:180 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:180 %pre Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding (CVE-2008-3281). The updated packages have been patched to prevent this issue. %description This library allows you to manipulate XML files. It includes support for reading, modifying and writing XML and HTML files. There is DTDs support: this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM-like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to a URI library. %package libxml2_2 libxml2-devel libxml2-python libxml2-utils Update: Tue Aug 26 10:31:53 2008 Importance: security ID: MDVSA-2008:180-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:180-1 %pre Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding (CVE-2008-3281). Update: The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did. %description This library allows you to manipulate XML files. It includes support for reading, modifying and writing XML and HTML files. There is DTDs support: this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM-like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to a URI library. %package shared-mime-info Update: Thu Aug 28 10:28:51 2008 Importance: bugfix ID: MDVA-2008:118 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:118 %pre The video player totem was associated as an autostart application for audio CDs, but the totem version in Mandriva Linux 2008.1 did not support CD playback anymore. This update removes totem from the list of default applications. %description This is the freedesktop.org shared MIME info database. Many programs and desktops use the MIME system to represent the types of files. Frequently, it is necessary to work out the correct MIME type for a file. This is generally done by examining the file's name or contents, and looking up the correct MIME type in a database. For interoperability, it is useful for different programs to use the same database so that different programs agree on the type of a file, and new rules for determining the type apply to all programs. This specification attempts to unify the type-guessing systems currently in use by GNOME, KDE and ROX. Only the name-to-type and contents-to-type mappings are covered by this spec; other MIME type information, such as the default handler for a particular type, or the icon to use to display it in a file manager, are not covered since these are a matter of style. In addition, freedesktop.org provides a shared database in this format to avoid inconsistencies between desktops. This database has been created by converting the existing KDE and GNOME databases to the new format and merging them together. %package timezone timezone-java Update: Thu Aug 28 10:59:37 2008 Importance: bugfix ID: MDVA-2008:119 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:119 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package ipsec-tools libipsec0 libipsec-devel Update: Thu Aug 28 19:59:05 2008 Importance: security ID: MDVSA-2008:181 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:181 %pre Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory (CVE-2008-3651, CVE-2008-3652). The updated packages have been patched to prevent these issues. %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.6 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %package libwordnet3.0 libwordnet3.0-devel wordnet Update: Tue Sep 02 09:59:21 2008 Importance: security ID: MDVSA-2008:182 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:182 %pre Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input (CVE-2008-2149). The updated packages have been patched to prevent these issues. %description WordNet® is an online lexical reference system whose design is inspired by current psycholinguistic theories of human lexical memory. English nouns, verbs, adjectives and adverbs are organized into synonym sets, each representing one underlying lexical concept. Different relations link the synonym sets. %package libopensc2 libopensc-devel mozilla-plugin-opensc opensc Update: Tue Sep 02 11:57:32 2008 Importance: security ID: MDVSA-2008:183 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:183 %pre Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235). Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue. %description opensc is a library for accessing smart card devices using PC/SC Lite middleware package. It is also the core library of the OpenSC project. Basic functionality (e.g. SELECT FILE, READ BINARY) should work on any ISO 7816-4 compatible smart card. Encryption and decryption using private keys on the SmartCard is at the moment possible only with PKCS #15 compatible cards. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Update: Wed Sep 03 09:54:03 2008 Importance: security ID: MDVSA-2008:184 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:184 %pre Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code (CVE-2008-2327). The updated packages have been patched to prevent this issue. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package python-django Update: Wed Sep 03 11:37:01 2008 Importance: security ID: MDVSA-2008:185 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:185 %pre A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these cases. The versions of Django shipping with Mandriva Linux have been updated to the latest patched versions that include the fix for this issue. In addition, they provide other bug fixes. %description Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Developed and used over the past two years by a fast-moving online-news operation, Django was designed from scratch to handle two challenges: the intensive deadlines of a newsroom and the stringent requirements of experienced Web developers. It has convenient niceties for developing content-management systems, but it's an excellent tool for building any Web site. Django focuses on automating as much as possible and adhering to the DRY principle. %package tomcat5 tomcat5-admin-webapps tomcat5-common-lib tomcat5-jasper tomcat5-jasper-eclipse tomcat5-jasper-javadoc tomcat5-jsp-2.0-api tomcat5-jsp-2.0-api-javadoc tomcat5-server-lib tomcat5-servlet-2.4-api tomcat5-servlet-2.4-api-javadoc tomcat5-webapps Update: Fri Sep 05 13:39:54 2008 Importance: security ID: MDVSA-2008:188 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:188 %pre A number of vulnerabilities have been discovered in the Apache Tomcat server: The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files (CVE-2007-5342). A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232). A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947). A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources (CVE-2008-2370). A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938). The updated packages have been patched to correct these issues. %description Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. %package clamav clamav-db clamav-milter clamd klamav libclamav5 libclamav-devel Update: Tue Sep 09 19:43:52 2008 Importance: security ID: MDVSA-2008:189 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:189 %pre Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition (CVE-2008-3912). Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption (CVE-2008-3913). A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks (CVE-2008-3914). Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package libpostfix1 postfix postfix-ldap postfix-mysql postfix-pcre postfix-pgsql Update: Wed Sep 10 09:42:03 2008 Importance: security ID: MDVSA-2008:190 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:190 %pre A vulnerability in Postfix 2.4 and later was discovered, when running on Linux kernel 2.6, where a local user could cause a denial of service due to Postfix leaking the epoll file descriptor when executing non-Postfix commands (CVE-2008-3889). The updated packages have been patched to correct this issue. %description Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. PLEASE READ THE /usr/share/doc/postfix/README.MDK FILE. This rpm supports different build time options, to enable or disable these features you must rebuild the source rpm using the --with ... or --without ... rpm option. Currently postfix has been built with: Smtpd multiline greeting: --without multiline Virtual Delivery Agent: --without VDA Munge bare CR: --without barecr TLS support: --with tls IPV6 support: --with ipv6 CDB support: --without cdb Chroot by default: --with chroot Multi Instance Support: --without multi_instance %package rsh rsh-server Update: Thu Sep 11 16:42:05 2008 Importance: security ID: MDVSA-2008:191 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:191 %pre A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server (CVE-2004-0175). This issue was originally corrected in MDKSA-2005:100, but the patch had not been applied to the development tree, so released packages after that date did not have the fix applied. This update also corrects an issue where rexecd did not honor settings in /etc/security/limits if pam_limits was in use. %description The rsh package contains a set of programs which allow users to run commmands on remote machines, login to other machines and copy files between machines (rsh, rlogin and rcp). All three of these commands use rhosts style authentication. This package contains the clients needed for all of these services. The rsh package should be installed to enable remote access to other machines. %package libxml2_2 libxml2-devel libxml2-python libxml2-utils Update: Thu Sep 11 16:49:47 2008 Importance: security ID: MDVSA-2008:192 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 %pre A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code (CVE-2008-3529). The updated packages have been patched to prevent this issue. As well, the patch to fix CVE-2008-3281 has been updated to remove the hard-coded entity limit that was set to 5M, instead using XML entity density heuristics. Many thanks to Daniel Veillard of Red Hat for his hard work in tracking down and dealing with the edge cases discovered with the initial fix to this issue. %description This library allows you to manipulate XML files. It includes support for reading, modifying and writing XML and HTML files. There is DTDs support: this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM-like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to a URI library. %package draksnapshot Update: Thu Sep 11 17:16:57 2008 Importance: bugfix ID: MDVA-2008:120 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:120 %pre This update fixes several minor issues with draksnapshot, such as backups not being completed due to bad permissions. A number of fixes were done to the applet as well, including notifications showing as information instead of warnings. Draksnapshot now no longer auto-disables after configuring, and it only pops up if a USB disk is mounted. Finally, it now prevents showing the panel icon before the bubble, so the latter is correctly placed. %description This is a backup program that uses rsync to take backup snapshots of filesystems. It uses hard links to save space on disk. %package blt blt-scripts libblt2 libblt2-devel Update: Thu Sep 11 17:19:44 2008 Importance: bugfix ID: MDVA-2008:121 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:121 %pre An updated blt package is provided that fixes two issues. The first is that the package contains two symlinks named /usr/bin/bltsh and /usr/bin/bltwish that were intended to make it easier to launch these two utilities. However, they were linked to files that did not exist, and consequently did not work. The second is that neither utility will actually run when launched correctly: they complain that Tcl version 8.5.1 is present, but that version 8.5 is needed. This over-enthusiastic version check is dampened by the update, resulting in the utilities both running as expected. %description BLT is an extension to the Tk toolkit. BLT's most useful feature is the provision of more widgets for Tk, but it also provides more geometry managers and miscellaneous other commands. Note that you won't need to do any patching of the Tcl or Tk source files to use BLT, but you will need to have Tcl/Tk installed in order to use BLT. %package vpnc Update: Thu Sep 11 17:25:00 2008 Importance: bugfix ID: MDVA-2008:122 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:122 %pre The vpnc package that shipped with Mandriva Linux 2008.1 was missing the cisco-decrypt binary, which is used for converting Cisco VPN client profile files encrypted passwords. As a result, any call to pcf2vpnc failed due to the missing binary. This update provides the missing binary. %description A free vpn client for cisco3000 VPN Concentrator, completly in userspace, require Universal TUN/TAP device driver support compiled in the kernel or as module %package rpmdrake Update: Thu Sep 11 18:11:25 2008 Importance: bugfix ID: MDVA-2008:124 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:124 %pre This update fixes several minor issues with rpmdrake, including preventing a rare crash when canceling and fixing a crash when selecting all packages. It also corrects another rare crash when installing packges with strange non-standard names, packages not provided by Mandriva. Finally, it also makes MandrivaUpdate fit in laptop screens (i.e. when the resolution only has 480 horizontal lines). %description This package contains the Mandriva graphical software manipulation tools. Rpmdrake provides a simple interface that makes it easy to install and remove software. MandrivaUpdate is a single-purpose application for keeping your system up to date with the latest official updates. There is also a tool for configuring package sources (medias), which can be run independently or accessed from within rpmdrake. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-prefork apache-mpm-worker apache-source Update: Sat Sep 13 13:31:59 2008 Importance: security ID: MDVSA-2008:195 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:195 %pre A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses (CVE-2008-2364). A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). The updated packages have been patched to prevent these issues. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package mencoder mplayer mplayer-doc mplayer-gui Update: Mon Sep 15 13:11:30 2008 Importance: security ID: MDVSA-2008:196 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:196 %pre Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. The updated packages have been patched to fix this issue. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer10GOLD/codecs %package libwordnet3.0 libwordnet3.0-devel wordnet Update: Mon Sep 15 13:38:36 2008 Importance: security ID: MDVSA-2008:182-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:182-1 %pre Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input (CVE-2008-2149, CVE-2008-3908). Update: The previous patch had a typo that caused incorrect behaviour in WordNet. This update uses an update patch that corrects the issue and also notes the additional assigned CVE name for these issues. %description WordNet® is an online lexical reference system whose design is inspired by current psycholinguistic theories of human lexical memory. English nouns, verbs, adjectives and adverbs are organized into synonym sets, each representing one underlying lexical concept. Different relations link the synonym sets. %package koffice koffice-common koffice-devel koffice-karbon koffice-kchart koffice-kexi koffice-kformula koffice-kivio koffice-koshell koffice-kplato koffice-kpresenter koffice-krita koffice-kspread koffice-kugar koffice-kword libkoffice2-common libkoffice2-karbon libkoffice2-kchart libkoffice2-kexi libkoffice2-kformula libkoffice2-kivio libkoffice2-kpresenter libkoffice2-krita libkoffice2-kspread libkoffice2-kugar libkoffice2-kword Update: Mon Sep 15 14:02:08 2008 Importance: security ID: MDVSA-2008:197 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:197 %pre Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693). This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue. %description Office applications for the K Desktop Environment. KOffice contains: * KWord: word processor * KSpread: spreadsheet * KPresenter: presentations * KChart: chart generator * Kugar: A tool for generating business quality reports. * Kivio: A Visio(r)-style flowcharting application. * Kexi: an integrated environment for managing data * Some filters (Excel 97, Winword 97/2000, etc.) * karbon: the scalable vector drawing application for KDE. * kformula: a formula editor for KOffice. * krita: painting and image editing application. * koshell * kplato: a project management. %package bash-completion Update: Mon Sep 15 15:57:43 2008 Importance: bugfix ID: MDVA-2008:125 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:125 %pre The bash-completion package shipped in Mandriva Linux 2008 Spring had a problem with scp remote host completion, as reported in bug #42063. The updated package fixes the issue. %description bash-completion is a collection of shell functions that take advantage of the programmable completion feature of bash. %package libRmath libRmath-devel R-base Update: Tue Sep 16 11:47:13 2008 Importance: security ID: MDVSA-2008:198 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:198 %pre A symlink vulnerability was found in the javareconf script in R that allows local users to overwrite arbitrary files (CVE-2008-3931). The updated packages have been patched to prevent this issue. %description `GNU S' - A language and environment for statistical computing and graphics. R is similar to the S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide variety of statistical and graphical techniques (linear and nonlinear modelling, statistical tests, time series analysis, classification, clustering, ...). R is designed as a true computer language with control-flow constructions for iteration and alternation, and it allows users to add additional functionality by defining new functions. For computationally intensive tasks, C, C++ and Fortran code can be linked and called at run time. %package x11-server x11-server-common x11-server-devel x11-server-xati x11-server-xchips x11-server-xephyr x11-server-xepson x11-server-xfake x11-server-xfbdev x11-server-xi810 x11-server-xmach64 x11-server-xmga x11-server-xnest x11-server-xnvidia x11-server-xorg x11-server-xpm2 x11-server-xr128 x11-server-xsdl x11-server-xsmi x11-server-xvesa x11-server-xvfb x11-server-xvia x11-server-xvnc Update: Tue Sep 16 15:08:13 2008 Importance: bugfix ID: MDVA-2008:126 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:126 %pre A Xvnc server running in 16 bpp depth would crash when a client with 16 bpp depth connected. Also, keyboard behaviour was incorrect when the X server was run with Xkb extension disabled. This update fixes both issues. %description X11 servers %package koffice koffice-common koffice-devel koffice-karbon koffice-kchart koffice-kexi koffice-kformula koffice-kivio koffice-koshell koffice-kplato koffice-kpresenter koffice-krita koffice-kspread koffice-kugar koffice-kword libkoffice2-common libkoffice2-karbon libkoffice2-kchart libkoffice2-kexi libkoffice2-kformula libkoffice2-kivio libkoffice2-kpresenter libkoffice2-krita libkoffice2-kspread libkoffice2-kugar libkoffice2-kword Update: Tue Sep 16 22:27:38 2008 Importance: security ID: MDVSA-2008:197-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:197-1 %pre Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693). This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue. Update: A file conflicts existed between one of the library packages and the koffice-devel package which prevented successful upgrades if koffice-devel was previously installed. This update removes the conflicting file from koffice-devel. %description Office applications for the K Desktop Environment. KOffice contains: * KWord: word processor * KSpread: spreadsheet * KPresenter: presentations * KChart: chart generator * Kugar: A tool for generating business quality reports. * Kivio: A Visio(r)-style flowcharting application. * Kexi: an integrated environment for managing data * Some filters (Excel 97, Winword 97/2000, etc.) * karbon: the scalable vector drawing application for KDE. * kformula: a formula editor for KOffice. * krita: painting and image editing application. * koshell * kplato: a project management. %package x11-driver-video-ati Update: Wed Sep 17 10:07:00 2008 Importance: bugfix ID: MDVA-2008:127 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:127 %pre This update provides an X.org ATI video driver that fixes VGA output on RS300/350/400/480 integrated Radeon chipsets. %description The X.org driver for ATI Technologies %package clamav clamav-db clamav-milter clamd libclamav5 libclamav-devel Update: Wed Sep 17 11:27:10 2008 Importance: security ID: MDVSA-2008:189-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:189-1 %pre Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition (CVE-2008-3912). Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption (CVE-2008-3913). A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks (CVE-2008-3914). Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. Update: The previous update had experimental support enabled, which caused ClamAV to report the version as 0.94-exp rather than 0.94, causing ClamAV to produce bogus warnings about the installation being outdated. This update corrects that problem. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (default) %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Fri Sep 19 11:22:24 2008 Importance: security ID: MDVSA-2008:199 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:199 %pre A number of vulnerabilities were discovered in Wireshark that could cause it to crash while processing malicious packets (CVE-2008-3146, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934). This update provides Wireshark 1.0.3, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package ed Update: Mon Sep 22 11:13:07 2008 Importance: security ID: MDVSA-2008:200 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:200 %pre A heap-based buffer overflow was found in GNU ed that allowed context-dependent or user-assisted attackers to execute arbitrary code via a long filename (CVE-2008-3916). This update provides GNU ed 1.0, which is not vulnerable to this issue. %description Ed is a line-oriented text editor, used to create, display, and modify text files (both interactively and via shell scripts). For most purposes, ed has been replaced in normal usage by full-screen editors (emacs and vi, for example). Ed was the original UNIX editor, and may be used by some programs. In general, however, you probably don't need to install it and you probably won't use it much. %package pan Update: Mon Sep 22 12:51:41 2008 Importance: security ID: MDVSA-2008:201 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:201 %pre Pavel Polischouk found a boundary error in the PartsBatch class in the Pan newsreader when processing .nzb files, which could allow remote attackers to cause a denial of serice (application crash) or possibly execute arbitrary code via a crafted .nzb file (CVE-2008-2363). The updated packages have been patched to prevent this issue. %description This is PAN, a powerful and user-friendly USENET newsreader for GNOME. The latest info and versions of Pan can always be found at http://pan.rebelbase.com/. %package blender Update: Wed Sep 24 11:07:44 2008 Importance: security ID: MDVSA-2008:204 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:204 %pre Stefan Cornelius of Secunia Research reported a boundary error when Blender processed RGBE images which could be used to execute arbitrary code with the privileges of the user running Blender if a specially crafted .hdr or .blend file were opened(CVE-2008-1102). As well, multiple vulnerabilities involving insecure usage of temporary files had also been reported (CVE-2008-1103). The updated packages have been patched to prevent these issues. %description Blender is the in-house software of a high quality animation studio. It has proven to be an extremely fast and versatile design instrument. The software has a personal touch, offering a unique approach to the world of three dimensions. Blender can be used to create TV commercials, to make technical visualizations or business graphics, to do some morphing, or to design user interfaces. Developers can easily build and manage complex environments. The renderer is versatile and extremely fast. All basic animation principles (curves and keys) are implemented. %package devhelp devhelp-plugins epiphany epiphany-devel galeon gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libmozilla-firefox2.0.0.17 libmozilla-firefox-devel mozilla-firefox mozilla-firefox-af mozilla-firefox-ar mozilla-firefox-be mozilla-firefox-bg mozilla-firefox-br_FR mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-el mozilla-firefox-en_GB mozilla-firefox-es_AR mozilla-firefox-es_ES mozilla-firefox-et_EE mozilla-firefox-eu mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-fy mozilla-firefox-ga mozilla-firefox-gnome-support mozilla-firefox-gu_IN mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ka mozilla-firefox-ko mozilla-firefox-ku mozilla-firefox-lt mozilla-firefox-mk mozilla-firefox-mn mozilla-firefox-nb_NO mozilla-firefox-nl mozilla-firefox-nn_NO mozilla-firefox-pa_IN mozilla-firefox-pl mozilla-firefox-pt_BR mozilla-firefox-pt_PT mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv_SE mozilla-firefox-theme-gnome mozilla-firefox-theme-kdeff mozilla-firefox-tr mozilla-firefox-uk mozilla-firefox-zh_CN mozilla-firefox-zh_TW totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer yelp Update: Thu Sep 25 14:19:30 2008 Importance: security ID: MDVSA-2008:205 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.17 (CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069). This update provides the latest Firefox to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Fri Sep 26 12:48:43 2008 Importance: security ID: MDVSA-2008:206 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:206 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.17 (CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070). This update provides the latest Thunderbird to correct these issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package pam_mount Update: Mon Sep 29 17:56:21 2008 Importance: security ID: MDVSA-2008:208 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:208 %pre pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. %description Pam_mount is a PAM module that allows dynamic remote volume mounting. It is mainly useful for users that have private volumes in Samba / Windows NT / Netware servers and need access to them during a Unix session. %package pam_krb5 Update: Fri Oct 03 14:12:29 2008 Importance: security ID: MDVSA-2008:209 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:209 %pre Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache (CVE-2008-3825). The updated packages have been patched to prevent this issue. %description This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV tickets. The included pam_krb5afs module also gets AFS tokens if so configured. %package jay libmono0 libmono-devel mono mono-bytefx-data-mysql mono-data mono-data-firebird mono-data-oracle mono-data-postgresql mono-data-sqlite mono-data-sybase mono-doc mono-extras mono-ibm-data-db2 mono-jscript mono-locale-extras mono-nunit mono-web mono-winforms Update: Fri Oct 03 15:02:07 2008 Importance: security ID: MDVSA-2008:210 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:210 %pre CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. %description Mono is an implementation of the ECMA Common Language Infrastructure, it contains both a just-in-time compiler for maximum performance, and an interpeter. It can also be used to run programs from the .NET Framework. This package contains the core of the Mono runtime including its Virtual Machine, Just-in-time compiler, C# compiler, security tools and libraries (corlib, XML, System.Security, System.Drawing, ZipLib, I18N, Cairo and Mono.*). %package drakx-finish-install drakxtools drakxtools-backend drakxtools-curses drakxtools-http harddrake harddrake-ui Update: Fri Oct 03 16:30:32 2008 Importance: bugfix ID: MDVA-2008:130 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:130 %pre This update fixes several minor issues in drakxtools: - it fixes management of XEN kernels in bootloader-config, when adding a new kernel, a xen entry should not replace an existing 'linux' (#40865) - it fixes a crash in rpmdrake when description begins by Gtk2::.. (#43802) It also really enable draksnapashot to use Gtk+-2's new FileChooserDialog in future. %description Contains many Mandriva Linux applications simplifying users and administrators life on a Mandriva Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. - drakbug: interactive bug report tool - drakbug_report: help find bugs in DrakX - drakclock: date & time configurator - drakfloppy: boot disk creator - drakfont: import fonts in the system - draklog: show extracted information from the system logs - drakperm: msec GUI (permissions configurator) - draksec: security options managment / msec frontend - draksplash: bootsplash themes creation %package rpmdrake Update: Fri Oct 03 16:42:13 2008 Importance: bugfix ID: MDVA-2008:131 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:131 %pre This update fixes several minor issues in rpmdrake: - it fixes a crash due to bad timing with the X server (#41010) - it fix empty per importance lists of updates in rpmdrake (list of all updates was OK, MandrivaUpdate was OK) (#41331) (regression introduced in 3.95 on 2007-09-14) - it makes rpmdrake only warn once per session when media XML metadata are newer than synthesis: in that case rpmdrake complained for every unsyncrhonized package (#42737) - it fixes a crash when selecting all packages (#40025) - it fixes a rare crash when canceling (#41970) %description This package contains the Mandriva graphical software manipulation tools. Rpmdrake provides a simple interface that makes it easy to install and remove software. MandrivaUpdate is a single-purpose application for keeping your system up to date with the latest official updates. There is also a tool for configuring package sources (medias), which can be run independently or accessed from within rpmdrake. %package mandriva-release-common mandriva-release-Flash mandriva-release-Free mandriva-release-One mandriva-release-Powerpack Update: Fri Oct 03 16:47:48 2008 Importance: bugfix ID: MDVA-2008:132 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:132 %pre mandriva-release for Mandriva 2008 Spring should contain a product_branch set to Official, and not devel, otherwise it could lead to an error with the new mdkonline. The updated package fixes it. %description Mandriva Linux release file. %package timezone timezone-java Update: Tue Oct 07 11:32:42 2008 Importance: bugfix ID: MDVA-2008:133 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:133 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package draksnapshot Update: Wed Oct 08 11:03:23 2008 Importance: bugfix ID: MDVA-2008:135 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:135 %pre This update fixes several issues in draksnapshot: The draksnapshot applet received the following fixes: - on desktop startup, it will wait for 30s before checking for available disc so that notification is positioned at the right place, on the applet icon - it prevents crashing if DBus is not reachable, and reports DBus errors - it prevents crashing if DBus is active, but HAL is not (#44434) - if all discs are unmounted, the applet will hide (#41176) - it prevents running more than once - it uses HAL in order to detect discs available for backup, thus fixing detecting some internal SATA discs as discs available for backup (#41107) It also uses new icons from Mandriva Linux 2009.0. The draksnapshot configuration tool also received the following fixes: - it stops saving config when clicking Close (#39790); one has to click on Apply in order to save the config - on first run, it offers backup in mounted disc path, instead of defaulting to some place in the root filesystem which could previously be filled up (#39802) - it no longer offers to configure some obscure advanced options - it now allows for disabling backups - it generates anacron-friendly cron files %description This is a backup program that uses rsync to take backup snapshots of filesystems. It uses hard links to save space on disk. %package gurpmi mdkonline urpmi urpmi-ldap urpmi-parallel-ka-run urpmi-parallel-ssh urpmi-recover Update: Wed Oct 08 13:16:06 2008 Importance: normal ID: MDVA-2008:136 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:136 %pre These updated packages add support for notification of new distribution releases and allow users to easily upgrade Mandriva Linux 2008.1 to future Mandriva Linux releases online. To disable new distribution release notification on a system-wide basis, change the DO_NOT_ASK_FOR_DISTRO_UPGRADE to 'true' in /etc/sysconfig/mdkapplet. %description urpmi is Mandriva Linux's console-based software installation tool. You can use it to install software from the console in the same way as you use the graphical Install Software tool (rpmdrake) to install software from the desktop. urpmi will follow package dependencies -- in other words, it will install all the other software required by the software you ask it to install -- and it's capable of obtaining packages from a variety of media, including the Mandriva Linux installation CD-ROMs, your local hard disk, and remote sources such as web or FTP sites. %package mdkonline Update: Thu Oct 09 10:53:17 2008 Importance: bugfix ID: MDVA-2008:138 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:138 %pre The updated mdkonline package improves the upgrade process to Mandriva Linux 2009.0 and includes many other bugfixes and enhancements. %description The Mandriva Online tool allows users to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Update daemon which allows you to install security updates automatically, * A KDE/Gnome/IceWM compliant applet for security updates notification and installation. %package symlinks Update: Thu Oct 09 11:51:20 2008 Importance: bugfix ID: MDVA-2008:140 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:140 %pre The symlinks program did not work on files larger than 2GB, reporting the error Value too large for defined data type. This update fixes this issue in addition to an error where symlinks converted from absolute to relative paths were not shortened (Red Hat bug #89655). %description The symlinks utility performs maintenance on symbolic links. Symlinks checks for symlink problems, including dangling symlinks which point to nonexistent files. Symlinks can also automatically convert absolute symlinks to relative symlinks. Install the symlinks package if you need a program for maintaining symlinks on your system. %package mdkonline Update: Fri Oct 10 10:06:02 2008 Importance: bugfix ID: MDVA-2008:141 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:141 %pre This update ensures distribution upgrade notification is not detected in incorrect cases and the distribution upgrade confirmation dialog is not displayed after security updates are applied. %description The Mandriva Online tool allows users to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Update daemon which allows you to install security updates automatically, * A KDE/Gnome/IceWM compliant applet for security updates notification and installation. %package gdb Update: Fri Oct 10 13:09:18 2008 Importance: bugfix ID: MDVA-2008:142 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:142 %pre A bug was found in the gdb package that prevented the build of the gdbserver binary and its manpage. Updated packages are being provided to fix the issue. %description Gdb is a full featured, command driven debugger. Gdb allows you to trace the execution of programs and examine their internal state at any time. Gdb works for C and C++ compiled with the GNU C compiler gcc. If you are going to develop C and/or C++ programs and use the GNU gcc compiler, you may want to install gdb to help you debug your programs. %package cups cups-common cups-serial libcups2 libcups2-devel php-cups Update: Fri Oct 10 23:20:09 2008 Importance: security ID: MDVSA-2008:211 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:211 %pre A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An attacker could create malicious SGI image files that could possibly execute arbitrary code if the file was printed (CVE-2008-3639). An integer overflow flaw leading to a heap buffer overflow was found in the Text-to-PostScript texttops filter. An attacker could create a malicious text file that could possibly execute arbitrary code if the file was printed (CVE-2008-3640). Finally, an insufficient buffer bounds checking flaw was found in the HP-GL/2-to-PostScript hpgltops filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code if the file was printed (CVE-2008-3641). The updated packages have been patched to prevent this issue; for Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided that corrects these issues and also provides other bug fixes. %description CUPS 1.2 is fully compatible with CUPS-1.1 machines in the network and with software built against CUPS-1.1 libraries. The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package dbus dbus-x11 libdbus-1_3 libdbus-1-devel Update: Wed Oct 15 11:30:03 2008 Importance: security ID: MDVSA-2008:213 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:213 %pre The D-Bus library did not correctly validate certain corrupted signatures which could cause a crash of applications linked against the D-Bus library if a local user were to send a specially crafted D-Bus request (CVE-2008-3834). The updated packages have been patched to prevent this issue. %description D-Bus is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. %package librhythmbox0 rhythmbox rhythmbox-mozilla rhythmbox-upnp Update: Thu Oct 16 16:20:21 2008 Importance: bugfix ID: MDVA-2008:147 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:147 %pre Previous Rhythmbox packages would crash with a formatted, but not yet initialized, iPod. This update prevents the crash. %description Music Management application with support for ripping audio-cd's, playback of Ogg Vorbis and Mp3 and burning of CD-Rs. %package drakx-net drakx-net-text libdrakx-net Update: Fri Oct 17 17:04:50 2008 Importance: bugfix ID: MDVA-2008:149 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:149 %pre The network applet would crash when the mandi monitoring daemon was restarted. This updated drakx-net package corrects the issue. %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package pam_mount Update: Sat Oct 18 14:45:01 2008 Importance: security ID: MDVSA-2008:208-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:208-1 %pre pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. Update: The fix for CVE-2008-3970 uncovered crashes in the code handling the 'allow', 'deny', and 'require' options in pam_mount-0.33, released for Mandriva Linux 2008 Spring. Also, the verification of the allowed mount options ('allow' configuration directive) was inverted in pam_mount-0.33. This update fixes these issues. %description Pam_mount is a PAM module that allows dynamic remote volume mounting. It is mainly useful for users that have private volumes in Samba / Windows NT / Netware servers and need access to them during a Unix session. %package timezone timezone-java Update: Mon Oct 20 10:32:29 2008 Importance: normal ID: MDVA-2008:151 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:151 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package hplip hplip-doc hplip-hpijs hplip-hpijs-ppds hplip-model-data libhpip0 libhpip0-devel libsane-hpaio1 Update: Thu Oct 23 09:05:57 2008 Importance: bugfix ID: MDVA-2008:157 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:157 %pre It is mandatory to use UTF-8 encoding in communication on newer cups versions. It prevents hplip from working properly in non-UTF-8 environments. The updated packages fix this issue. %description This is the HP driver package to supply Linux support for most Hewlett-Packard DeskJet, LaserJet, PSC, OfficeJet, and PhotoSmart printers and all-in-one peripherals (also known as Multi-Function Peripherals or MFPs), which can print, scan, copy, fax, and/or access flash memory cards. It is work in progress, but printing, scanning, memory card access, ink/toner/battery/consumable level checking, and inkjet printer maintenance are supported on most models, when either connected to the USB or LAN (built-in interfaces or selected HP JetDirect models) on a Linux workstation with CUPS printing system. For status and consumable checking and also for inkjet maintenance there is the graphical tool "hp-toolbox" available (Menu: "System"/"Monitoring"/"HP Printer Toolbox"). %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Mon Oct 27 08:27:41 2008 Importance: security ID: MDVSA-2008:215 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:215 %pre A number of vulnerabilities were discovered in Wireshark that could cause it to crash or abort while processing malicious packets (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685). This update provides Wireshark 1.0.4, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package emacs emacs-common emacs-doc emacs-el emacs-gtk emacs-leim emacs-nox Update: Mon Oct 27 13:05:16 2008 Importance: security ID: MDVSA-2008:216 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:216 %pre A vulnerability was found in how Emacs would import python scripts from the current working directory during the editing of a python file. This could allow a local user to execute arbitrary code via a trojan python file (CVE-2008-3949). %description Emacs-X11 includes the Emacs text editor program for use with the X Window System (it provides support for the mouse and other GUI elements). Emacs-X11 will also run Emacs outside of X, but it has a larger memory footprint than the 'non-X' Emacs package (emacs-nox). Install emacs if you are going to use Emacs with the X Window System. You should also install emacs if you're going to run Emacs both with and without X (it will work fine both ways). You'll also need to install the emacs-common package in order to run Emacs. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui mozilla-firefox-ext-beagle mozilla-thunderbird-beagle Update: Tue Oct 28 09:06:04 2008 Importance: normal ID: MDVA-2008:161 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:161 %pre Beagle's Mozilla Thunderbird extension was not built for the correct version of Mozilla Thunderbird. This update builds it against the correct version so the extension is made available in Mozilla Thunderbird. %description Beagle is an indexing sub-system and search aggregator built on top of Lucene.Net. It can index your files, mailboxes, your web browsing behaviour and other things. %package lynx Update: Tue Oct 28 11:58:31 2008 Importance: security ID: MDVSA-2008:218 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 %pre A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode (CVE-2008-4690). This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted. %description This a terminal based WWW browser. While it does not make any attempt at displaying graphics, it has good support for HTML text formatting, forms, and tables. This version includes support for SSL encryption. WARNING: In some countries, it is illegal to export this package. In some countries, it may even be illegal to use it. %package mencoder mplayer mplayer-doc mplayer-gui Update: Wed Oct 29 14:04:48 2008 Importance: security ID: MDVSA-2008:219 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:219 %pre A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer (CVE-2008-0073). Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These vulnerabilities could allow an attacker to cause a crash or possibly execute arbitrary code by supplying a malicious crafted video file (CVE-2008-3827). The updated packages have been patched to fix these issues. Note that CVE-2008-3827 was already corrected in the Mandriva Linux 2009 packages. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer10GOLD/codecs %package openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-devel openoffice.org-devel-doc openoffice.org-draw openoffice.org-dtd-officedocument1.0 openoffice.org-filter-binfilter openoffice.org-gnome openoffice.org-help-af openoffice.org-help-ar openoffice.org-help-bg openoffice.org-help-br openoffice.org-help-bs openoffice.org-help-ca openoffice.org-help-cs openoffice.org-help-cy openoffice.org-help-da openoffice.org-help-de openoffice.org-help-el openoffice.org-help-en_GB openoffice.org-help-es openoffice.org-help-et openoffice.org-help-eu openoffice.org-help-fi openoffice.org-help-fr openoffice.org-help-he openoffice.org-help-hi openoffice.org-help-hu openoffice.org-help-it openoffice.org-help-ja openoffice.org-help-ko openoffice.org-help-mk openoffice.org-help-nb openoffice.org-help-nl openoffice.org-help-nn openoffice.org-help-pl openoffice.org-help-pt openoffice.org-help-pt_BR openoffice.org-help-ru openoffice.org-help-sk openoffice.org-help-sl openoffice.org-help-sv openoffice.org-help-ta openoffice.org-help-tr openoffice.org-help-zh_CN openoffice.org-help-zh_TW openoffice.org-help-zu openoffice.org-impress openoffice.org-java-common openoffice.org-kde openoffice.org-l10n-af openoffice.org-l10n-ar openoffice.org-l10n-bg openoffice.org-l10n-br openoffice.org-l10n-bs openoffice.org-l10n-ca openoffice.org-l10n-cs openoffice.org-l10n-cy openoffice.org-l10n-da openoffice.org-l10n-de openoffice.org-l10n-el openoffice.org-l10n-en_GB openoffice.org-l10n-es openoffice.org-l10n-et openoffice.org-l10n-eu openoffice.org-l10n-fi openoffice.org-l10n-fr openoffice.org-l10n-he openoffice.org-l10n-hi openoffice.org-l10n-hu openoffice.org-l10n-it openoffice.org-l10n-ja openoffice.org-l10n-ko openoffice.org-l10n-mk openoffice.org-l10n-nb openoffice.org-l10n-nl openoffice.org-l10n-nn openoffice.org-l10n-pl openoffice.org-l10n-pt openoffice.org-l10n-pt_BR openoffice.org-l10n-ru openoffice.org-l10n-sk openoffice.org-l10n-sl openoffice.org-l10n-sv openoffice.org-l10n-ta openoffice.org-l10n-tr openoffice.org-l10n-zh_CN openoffice.org-l10n-zh_TW openoffice.org-l10n-zu openoffice.org-math openoffice.org-mono openoffice.org-openclipart openoffice.org-pyuno openoffice.org-style-andromeda openoffice.org-style-crystal openoffice.org-style-hicontrast openoffice.org-style-industrial openoffice.org-style-tango openoffice.org-testtool openoffice.org-writer openoffice.org-voikko openoffice.org-voikko-debug Update: Thu Oct 30 09:33:16 2008 Importance: bugfix ID: MDVA-2008:162 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:162 %pre This update provides a new upstream version of OpenOffice.org - 2.4.1.10. It also corrects the following bugs: Under 2.4 versions of OpenOffice.org, the Orientation option was removed from printer properties which prevented users from printing on a booklet format in a way they were used to do. This OpenOffice.org update enables the Orientation printer option again. Another problem was on OpenOffice.org application start up which was hanging when LDAP authentication is enabled on x86_64 machines. OpenOffice.org tried to access info about logged on user name but it did not provide the right parameters to the libnss_ldap library. As a work around, we have forced the installation of the i586 package of that library. This update stops OpenOffice.org from obtaining running user information on LDAP authentication since it does not block sensible working features. Another bug fixed in this update is the handling of text and numbers on cells that are aligned on a different position degree as usual, such as 90 degrees. This caused information on that cell being showed in such a way that numbers got a different degree than alphabetic characters. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. %package gurpmi mdkonline rpmdrake urpmi urpmi-ldap urpmi-parallel-ka-run urpmi-parallel-ssh urpmi-recover Update: Thu Oct 30 11:21:55 2008 Importance: bugfix ID: MDVA-2008:163 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:163 %pre This update ensures that the distribution upgrade notification is not detected in incorrect cases, and ensures that a distribution upgrade is only suggested after all security updates have been applied. It also improves the distribution upgrade confirmation dialog and reliability of network package installation. %description urpmi is Mandriva Linux's console-based software installation tool. You can use it to install software from the console in the same way as you use the graphical Install Software tool (rpmdrake) to install software from the desktop. urpmi will follow package dependencies -- in other words, it will install all the other software required by the software you ask it to install -- and it's capable of obtaining packages from a variety of media, including the Mandriva Linux installation CD-ROMs, your local hard disk, and remote sources such as web or FTP sites. %package actuator-kernel-2.6.24.7-desktop-2mnb actuator-kernel-2.6.24.7-desktop586-2mnb actuator-kernel-2.6.24.7-laptop-2mnb actuator-kernel-2.6.24.7-server-2mnb actuator-kernel-desktop586-latest actuator-kernel-desktop-latest actuator-kernel-laptop-latest actuator-kernel-server-latest alsa_raoppcm-kernel-2.6.24.7-desktop-2mnb alsa_raoppcm-kernel-2.6.24.7-desktop586-2mnb alsa_raoppcm-kernel-2.6.24.7-laptop-2mnb alsa_raoppcm-kernel-2.6.24.7-server-2mnb alsa_raoppcm-kernel-desktop586-latest alsa_raoppcm-kernel-desktop-latest alsa_raoppcm-kernel-laptop-latest alsa_raoppcm-kernel-server-latest dkms-pcc-acpi-kernel-2.6.24.7-desktop-2mnb dkms-pcc-acpi-kernel-2.6.24.7-desktop586-2mnb dkms-pcc-acpi-kernel-2.6.24.7-laptop-2mnb dkms-pcc-acpi-kernel-2.6.24.7-server-2mnb dkms-pcc-acpi-kernel-desktop586-latest dkms-pcc-acpi-kernel-desktop-latest dkms-pcc-acpi-kernel-laptop-latest dkms-pcc-acpi-kernel-server-latest drm-experimental-kernel-2.6.24.7-desktop-2mnb drm-experimental-kernel-2.6.24.7-desktop586-2mnb drm-experimental-kernel-2.6.24.7-laptop-2mnb drm-experimental-kernel-2.6.24.7-server-2mnb drm-experimental-kernel-desktop586-latest drm-experimental-kernel-desktop-latest drm-experimental-kernel-laptop-latest drm-experimental-kernel-server-latest em8300-kernel-2.6.24.7-desktop-2mnb em8300-kernel-2.6.24.7-desktop586-2mnb em8300-kernel-2.6.24.7-laptop-2mnb em8300-kernel-2.6.24.7-server-2mnb em8300-kernel-desktop586-latest em8300-kernel-desktop-latest em8300-kernel-laptop-latest em8300-kernel-server-latest et131x-kernel-2.6.24.7-desktop-2mnb et131x-kernel-2.6.24.7-desktop586-2mnb et131x-kernel-2.6.24.7-laptop-2mnb et131x-kernel-2.6.24.7-server-2mnb et131x-kernel-desktop586-latest et131x-kernel-desktop-latest et131x-kernel-laptop-latest et131x-kernel-server-latest fcdsl2-kernel-2.6.24.7-desktop-2mnb fcdsl2-kernel-2.6.24.7-desktop586-2mnb fcdsl2-kernel-2.6.24.7-laptop-2mnb fcdsl2-kernel-2.6.24.7-server-2mnb fcdsl2-kernel-desktop586-latest fcdsl2-kernel-desktop-latest fcdsl2-kernel-laptop-latest fcdsl2-kernel-server-latest fcdsl-kernel-2.6.24.7-desktop-2mnb fcdsl-kernel-2.6.24.7-desktop586-2mnb fcdsl-kernel-2.6.24.7-laptop-2mnb fcdsl-kernel-2.6.24.7-server-2mnb fcdsl-kernel-desktop586-latest fcdsl-kernel-desktop-latest fcdsl-kernel-laptop-latest fcdsl-kernel-server-latest fcdslsl-kernel-2.6.24.7-desktop-2mnb fcdslsl-kernel-2.6.24.7-desktop586-2mnb fcdslsl-kernel-2.6.24.7-laptop-2mnb fcdslsl-kernel-2.6.24.7-server-2mnb fcdslsl-kernel-desktop586-latest fcdslsl-kernel-desktop-latest fcdslsl-kernel-laptop-latest fcdslsl-kernel-server-latest fcdslslusb-kernel-2.6.24.7-desktop-2mnb fcdslslusb-kernel-2.6.24.7-desktop586-2mnb fcdslslusb-kernel-2.6.24.7-laptop-2mnb fcdslslusb-kernel-2.6.24.7-server-2mnb fcdslslusb-kernel-desktop586-latest fcdslslusb-kernel-desktop-latest fcdslslusb-kernel-laptop-latest fcdslslusb-kernel-server-latest fcdslusb2-kernel-2.6.24.7-desktop-2mnb fcdslusb2-kernel-2.6.24.7-desktop586-2mnb fcdslusb2-kernel-2.6.24.7-laptop-2mnb fcdslusb2-kernel-2.6.24.7-server-2mnb fcdslusb2-kernel-desktop586-latest fcdslusb2-kernel-desktop-latest fcdslusb2-kernel-laptop-latest fcdslusb2-kernel-server-latest fcdslusba-kernel-2.6.24.7-desktop-2mnb fcdslusba-kernel-2.6.24.7-desktop586-2mnb fcdslusba-kernel-2.6.24.7-laptop-2mnb fcdslusba-kernel-2.6.24.7-server-2mnb fcdslusba-kernel-desktop586-latest fcdslusba-kernel-desktop-latest fcdslusba-kernel-laptop-latest fcdslusba-kernel-server-latest fcdslusb-kernel-2.6.24.7-desktop-2mnb fcdslusb-kernel-2.6.24.7-desktop586-2mnb fcdslusb-kernel-2.6.24.7-laptop-2mnb fcdslusb-kernel-2.6.24.7-server-2mnb fcdslusb-kernel-desktop586-latest fcdslusb-kernel-desktop-latest fcdslusb-kernel-laptop-latest fcdslusb-kernel-server-latest fcpci-kernel-2.6.24.7-desktop-2mnb fcpci-kernel-2.6.24.7-desktop586-2mnb fcpci-kernel-2.6.24.7-laptop-2mnb fcpci-kernel-2.6.24.7-server-2mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-laptop-latest fcpci-kernel-server-latest fcusb2-kernel-2.6.24.7-desktop-2mnb fcusb2-kernel-2.6.24.7-desktop586-2mnb fcusb2-kernel-2.6.24.7-laptop-2mnb fcusb2-kernel-2.6.24.7-server-2mnb fcusb2-kernel-desktop586-latest fcusb2-kernel-desktop-latest fcusb2-kernel-laptop-latest fcusb2-kernel-server-latest fcusb-kernel-2.6.24.7-desktop-2mnb fcusb-kernel-2.6.24.7-desktop586-2mnb fcusb-kernel-2.6.24.7-laptop-2mnb fcusb-kernel-2.6.24.7-server-2mnb fcusb-kernel-desktop586-latest fcusb-kernel-desktop-latest fcusb-kernel-laptop-latest fcusb-kernel-server-latest fglrx-kernel-2.6.24.7-desktop-2mnb fglrx-kernel-2.6.24.7-desktop586-2mnb fglrx-kernel-2.6.24.7-laptop-2mnb fglrx-kernel-2.6.24.7-server-2mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-laptop-latest fglrx-kernel-server-latest fxusb_CZ-kernel-2.6.24.7-desktop-2mnb fxusb_CZ-kernel-2.6.24.7-desktop586-2mnb fxusb_CZ-kernel-2.6.24.7-laptop-2mnb fxusb_CZ-kernel-2.6.24.7-server-2mnb fxusb_CZ-kernel-desktop586-latest fxusb_CZ-kernel-desktop-latest fxusb_CZ-kernel-laptop-latest fxusb_CZ-kernel-server-latest fxusb-kernel-2.6.24.7-desktop-2mnb fxusb-kernel-2.6.24.7-desktop586-2mnb fxusb-kernel-2.6.24.7-laptop-2mnb fxusb-kernel-2.6.24.7-server-2mnb fxusb-kernel-desktop586-latest fxusb-kernel-desktop-latest fxusb-kernel-laptop-latest fxusb-kernel-server-latest gspca-kernel-2.6.24.7-desktop-2mnb gspca-kernel-2.6.24.7-desktop586-2mnb gspca-kernel-2.6.24.7-laptop-2mnb gspca-kernel-2.6.24.7-server-2mnb gspca-kernel-desktop586-latest gspca-kernel-desktop-latest gspca-kernel-laptop-latest gspca-kernel-server-latest hsfmodem-kernel-2.6.24.7-desktop-2mnb hsfmodem-kernel-2.6.24.7-desktop586-2mnb hsfmodem-kernel-2.6.24.7-laptop-2mnb hsfmodem-kernel-2.6.24.7-server-2mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-laptop-latest hsfmodem-kernel-server-latest ipw3945-kernel-2.6.24.7-desktop-2mnb ipw3945-kernel-2.6.24.7-desktop586-2mnb ipw3945-kernel-2.6.24.7-laptop-2mnb ipw3945-kernel-2.6.24.7-server-2mnb ipw3945-kernel-desktop586-latest ipw3945-kernel-desktop-latest ipw3945-kernel-laptop-latest ipw3945-kernel-server-latest iwlwifi-kernel-2.6.24.7-desktop-2mnb iwlwifi-kernel-2.6.24.7-desktop586-2mnb iwlwifi-kernel-2.6.24.7-laptop-2mnb iwlwifi-kernel-2.6.24.7-server-2mnb iwlwifi-kernel-desktop586-latest iwlwifi-kernel-desktop-latest iwlwifi-kernel-laptop-latest iwlwifi-kernel-server-latest kernel-2.6.24.7-2mnb kernel-desktop-2.6.24.7-2mnb kernel-desktop586-2.6.24.7-2mnb kernel-desktop586-devel-2.6.24.7-2mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.24.7-2mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-laptop-2.6.24.7-2mnb kernel-laptop-devel-2.6.24.7-2mnb kernel-laptop-devel-latest kernel-laptop-latest kernel-server-2.6.24.7-2mnb kernel-server-devel-2.6.24.7-2mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.24.7-2mnb kernel-source-latest kqemu-kernel-2.6.24.7-desktop-2mnb kqemu-kernel-2.6.24.7-desktop586-2mnb kqemu-kernel-2.6.24.7-laptop-2mnb kqemu-kernel-2.6.24.7-server-2mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-laptop-latest kqemu-kernel-server-latest libafs-kernel-2.6.24.7-desktop-2mnb libafs-kernel-2.6.24.7-desktop586-2mnb libafs-kernel-2.6.24.7-laptop-2mnb libafs-kernel-2.6.24.7-server-2mnb libafs-kernel-desktop586-latest libafs-kernel-desktop-latest libafs-kernel-laptop-latest libafs-kernel-server-latest lirc-kernel-2.6.24.7-desktop-2mnb lirc-kernel-2.6.24.7-desktop586-2mnb lirc-kernel-2.6.24.7-laptop-2mnb lirc-kernel-2.6.24.7-server-2mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-laptop-latest lirc-kernel-server-latest lzma-kernel-2.6.24.7-desktop-2mnb lzma-kernel-2.6.24.7-desktop586-2mnb lzma-kernel-2.6.24.7-laptop-2mnb lzma-kernel-2.6.24.7-server-2mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-laptop-latest lzma-kernel-server-latest m560x-kernel-2.6.24.7-desktop-2mnb m560x-kernel-2.6.24.7-desktop586-2mnb m560x-kernel-2.6.24.7-laptop-2mnb m560x-kernel-2.6.24.7-server-2mnb m560x-kernel-desktop586-latest m560x-kernel-desktop-latest m560x-kernel-laptop-latest m560x-kernel-server-latest madwifi-kernel-2.6.24.7-desktop-2mnb madwifi-kernel-2.6.24.7-desktop586-2mnb madwifi-kernel-2.6.24.7-laptop-2mnb madwifi-kernel-2.6.24.7-server-2mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-laptop-latest madwifi-kernel-server-latest ndiswrapper-kernel-2.6.24.7-desktop-2mnb ndiswrapper-kernel-2.6.24.7-desktop586-2mnb ndiswrapper-kernel-2.6.24.7-laptop-2mnb ndiswrapper-kernel-2.6.24.7-server-2mnb ndiswrapper-kernel-desktop586-latest ndiswrapper-kernel-desktop-latest ndiswrapper-kernel-laptop-latest ndiswrapper-kernel-server-latest nvidia71xx-kernel-2.6.24.7-desktop-2mnb nvidia71xx-kernel-2.6.24.7-desktop586-2mnb nvidia71xx-kernel-2.6.24.7-laptop-2mnb nvidia71xx-kernel-2.6.24.7-server-2mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-laptop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.24.7-desktop-2mnb nvidia96xx-kernel-2.6.24.7-desktop586-2mnb nvidia96xx-kernel-2.6.24.7-laptop-2mnb nvidia96xx-kernel-2.6.24.7-server-2mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-laptop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.24.7-desktop-2mnb nvidia-current-kernel-2.6.24.7-desktop586-2mnb nvidia-current-kernel-2.6.24.7-laptop-2mnb nvidia-current-kernel-2.6.24.7-server-2mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-laptop-latest nvidia-current-kernel-server-latest omfs-kernel-2.6.24.7-desktop-2mnb omfs-kernel-2.6.24.7-desktop586-2mnb omfs-kernel-2.6.24.7-laptop-2mnb omfs-kernel-2.6.24.7-server-2mnb omfs-kernel-desktop586-latest omfs-kernel-desktop-latest omfs-kernel-laptop-latest omfs-kernel-server-latest opencbm-kernel-2.6.24.7-desktop-2mnb opencbm-kernel-2.6.24.7-desktop586-2mnb opencbm-kernel-2.6.24.7-laptop-2mnb opencbm-kernel-2.6.24.7-server-2mnb opencbm-kernel-desktop586-latest opencbm-kernel-desktop-latest opencbm-kernel-laptop-latest opencbm-kernel-server-latest ov51x-jpeg-kernel-2.6.24.7-desktop-2mnb ov51x-jpeg-kernel-2.6.24.7-desktop586-2mnb ov51x-jpeg-kernel-2.6.24.7-laptop-2mnb ov51x-jpeg-kernel-2.6.24.7-server-2mnb ov51x-jpeg-kernel-desktop586-latest ov51x-jpeg-kernel-desktop-latest ov51x-jpeg-kernel-laptop-latest ov51x-jpeg-kernel-server-latest qc-usb-messenger-kernel-2.6.24.7-desktop-2mnb qc-usb-messenger-kernel-2.6.24.7-desktop586-2mnb qc-usb-messenger-kernel-2.6.24.7-laptop-2mnb qc-usb-messenger-kernel-2.6.24.7-server-2mnb qc-usb-messenger-kernel-desktop586-latest qc-usb-messenger-kernel-desktop-latest qc-usb-messenger-kernel-laptop-latest qc-usb-messenger-kernel-server-latest r5u870-kernel-2.6.24.7-desktop-2mnb r5u870-kernel-2.6.24.7-desktop586-2mnb r5u870-kernel-2.6.24.7-laptop-2mnb r5u870-kernel-2.6.24.7-server-2mnb r5u870-kernel-desktop586-latest r5u870-kernel-desktop-latest r5u870-kernel-laptop-latest r5u870-kernel-server-latest realcrypt-kernel-2.6.24.7-desktop-2mnb realcrypt-kernel-2.6.24.7-desktop586-2mnb realcrypt-kernel-2.6.24.7-laptop-2mnb realcrypt-kernel-2.6.24.7-server-2mnb realcrypt-kernel-desktop586-latest realcrypt-kernel-desktop-latest realcrypt-kernel-laptop-latest realcrypt-kernel-server-latest slmodem-kernel-2.6.24.7-desktop-2mnb slmodem-kernel-2.6.24.7-desktop586-2mnb slmodem-kernel-2.6.24.7-laptop-2mnb slmodem-kernel-2.6.24.7-server-2mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-laptop-latest slmodem-kernel-server-latest squashfs-kernel-2.6.24.7-desktop-2mnb squashfs-kernel-2.6.24.7-desktop586-2mnb squashfs-kernel-2.6.24.7-laptop-2mnb squashfs-kernel-2.6.24.7-server-2mnb squashfs-kernel-desktop586-latest squashfs-kernel-desktop-latest squashfs-kernel-laptop-latest squashfs-kernel-server-latest squashfs-lzma-kernel-2.6.24.7-desktop-2mnb squashfs-lzma-kernel-2.6.24.7-desktop586-2mnb squashfs-lzma-kernel-2.6.24.7-laptop-2mnb squashfs-lzma-kernel-2.6.24.7-server-2mnb squashfs-lzma-kernel-desktop586-latest squashfs-lzma-kernel-desktop-latest squashfs-lzma-kernel-laptop-latest squashfs-lzma-kernel-server-latest syntek-kernel-2.6.24.7-desktop-2mnb syntek-kernel-2.6.24.7-desktop586-2mnb syntek-kernel-2.6.24.7-laptop-2mnb syntek-kernel-2.6.24.7-server-2mnb syntek-kernel-desktop586-latest syntek-kernel-desktop-latest syntek-kernel-laptop-latest syntek-kernel-server-latest tp_smapi-kernel-2.6.24.7-desktop-2mnb tp_smapi-kernel-2.6.24.7-desktop586-2mnb tp_smapi-kernel-2.6.24.7-laptop-2mnb tp_smapi-kernel-2.6.24.7-server-2mnb tp_smapi-kernel-desktop586-latest tp_smapi-kernel-desktop-latest tp_smapi-kernel-laptop-latest tp_smapi-kernel-server-latest unicorn-kernel-2.6.24.7-desktop-2mnb unicorn-kernel-2.6.24.7-desktop586-2mnb unicorn-kernel-2.6.24.7-laptop-2mnb unicorn-kernel-2.6.24.7-server-2mnb unicorn-kernel-desktop586-latest unicorn-kernel-desktop-latest unicorn-kernel-laptop-latest unicorn-kernel-server-latest unionfs-kernel-2.6.24.7-desktop-2mnb unionfs-kernel-2.6.24.7-desktop586-2mnb unionfs-kernel-2.6.24.7-laptop-2mnb unionfs-kernel-2.6.24.7-server-2mnb unionfs-kernel-desktop586-latest unionfs-kernel-desktop-latest unionfs-kernel-laptop-latest unionfs-kernel-server-latest vboxadd-kernel-2.6.24.7-desktop-2mnb vboxadd-kernel-2.6.24.7-desktop586-2mnb vboxadd-kernel-2.6.24.7-laptop-2mnb vboxadd-kernel-2.6.24.7-server-2mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-laptop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.24.7-desktop-2mnb vboxvfs-kernel-2.6.24.7-desktop586-2mnb vboxvfs-kernel-2.6.24.7-laptop-2mnb vboxvfs-kernel-2.6.24.7-server-2mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-laptop-latest vboxvfs-kernel-server-latest virtualbox-kernel-2.6.24.7-desktop-2mnb virtualbox-kernel-2.6.24.7-desktop586-2mnb virtualbox-kernel-2.6.24.7-laptop-2mnb virtualbox-kernel-2.6.24.7-server-2mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-laptop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.24.7-desktop-2mnb vpnclient-kernel-2.6.24.7-desktop586-2mnb vpnclient-kernel-2.6.24.7-laptop-2mnb vpnclient-kernel-2.6.24.7-server-2mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-laptop-latest vpnclient-kernel-server-latest Update: Fri Oct 31 13:31:23 2008 Importance: security ID: MDVSA-2008:223 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:223 %pre Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. (CVE-2008-3496) The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. (CVE-2008-3525) Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. (CVE-2008-3526) The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113. (CVE-2008-4445) Additionaly, fixes for sound on NEC Versa S9100 and others were added, PATA and AHCI support for Intel ICH10 was added, a fix to allow better disk transfer speeds was made for Hercules EC-900 mini-notebook, a cyrus-imapd corruption issue in x86_64 arch was solved, RealTek 8169/8168/8101 support was improved, and a few other things. Check the package changelog for details. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description %package libnet-snmp15 libnet-snmp-devel libnet-snmp-static-devel net-snmp net-snmp-mibs net-snmp-tkmib net-snmp-trapd net-snmp-utils perl-NetSNMP Update: Wed Nov 05 10:16:28 2008 Importance: security ID: MDVSA-2008:225 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:225 %pre A denial of service vulnerability was discovered in how Net-SNMP processed GETBULK requests. A remote attacker with read access to the SNMP server could issue a specially-crafted request which would cause snmpd to crash (CVE-2008-4309). Please note that for this to be successfully exploited, an attacker must have read access to the SNMP server. By default, the public community name grants read-only access, however it is recommended that the default community name be changed in production. The updated packages have been patched to correct this issue. %description SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. %package ruby ruby-devel ruby-doc ruby-tk Update: Thu Nov 06 12:36:17 2008 Importance: security ID: MDVSA-2008:226 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:226 %pre A denial of service condition was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite loop and crash (CVE-2008-3443). A number of flaws were found in Ruby that could allow an attacker to create a carefully crafted script that could allow for the bypass of certain safe-level restrictions (CVE-2008-3655). A denial of service vulnerability was found in Ruby's HTTP server toolkit, WEBrick. A remote attacker could send a specially-crafted HTTP request to a WEBrick server that would cause it to use an excessive amount of CPU time (CVE-2008-3656). An insufficient taintness check issue was found in Ruby's DL module, a module that provides direct access to the C language functions. This flaw could be used by an attacker to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted input (CVE-2008-3657). A denial of service condition in Ruby's XML document parsing module (REXML) could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory via XML documents with large XML entitity definitions recursion (CVE-2008-3790). The Ruby DNS resolver library used predictable transaction IDs and a fixed source port when sending DNS requests. This could be used by a remote attacker to spoof a malicious reply to a DNS query (CVE-2008-3905). The updated packages have been patched to correct these issues. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package gnutls libgnutls26 libgnutls-devel Update: Wed Nov 12 16:24:13 2008 Importance: security ID: MDVSA-2008:227 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:227 %pre Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates (CVE-2008-4989). The updated packages have been patched to correct this issue. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package gnome-applets Update: Thu Nov 13 09:04:31 2008 Importance: bugfix ID: MDVA-2008:091-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:091-1 %pre The clock applet in GNOME could crash when using some specific locations or when using updated timezone data. The Recent Documents menu was not always able to start the right application for a specific document. Update: The previous gnome-applets package on x86_64 was improperly built and included apm support when it should not have, resulting in an extra dependency that could cause installation issues. This update corrects the problem. %description GNOME (GNU Network Object Model Environment) is a user-friendly set of applications and desktop tools to be used in conjunction with a window manager for the X Window System. GNOME is similar in purpose and scope to CDE and KDE, but GNOME (like KDE) is based completely on Open Source software. The gnome-applets package provides Panel applets which enhance your GNOME experience. You should install the gnome-applets package if you would like to abuse the GNOME desktop environment by embedding small utilities in the GNOME panel. %package devhelp devhelp-plugins epiphany epiphany-devel galeon gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libmozilla-firefox2.0.0.18 libmozilla-firefox-devel mozilla-firefox mozilla-firefox-af mozilla-firefox-ar mozilla-firefox-be mozilla-firefox-bg mozilla-firefox-br_FR mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-el mozilla-firefox-en_GB mozilla-firefox-es_AR mozilla-firefox-es_ES mozilla-firefox-et_EE mozilla-firefox-eu mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-fy mozilla-firefox-ga mozilla-firefox-gnome-support mozilla-firefox-gu_IN mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ka mozilla-firefox-ko mozilla-firefox-ku mozilla-firefox-lt mozilla-firefox-mk mozilla-firefox-mn mozilla-firefox-nb_NO mozilla-firefox-nl mozilla-firefox-nn_NO mozilla-firefox-pa_IN mozilla-firefox-pl mozilla-firefox-pt_BR mozilla-firefox-pt_PT mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv_SE mozilla-firefox-theme-gnome mozilla-firefox-theme-kdeff mozilla-firefox-tr mozilla-firefox-uk mozilla-firefox-zh_CN mozilla-firefox-zh_TW totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer yelp Update: Thu Nov 13 17:55:09 2008 Importance: security ID: MDVSA-2008:228 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.18 (CVE-2008-0017, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5052). This update provides the latest Mozilla Firefox 2.x to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package clamav clamav-db clamd libclamav5 libclamav-devel Update: Fri Nov 14 11:35:10 2008 Importance: security ID: MDVSA-2008:229 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:229 %pre An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file (CVE-2008-5050). Other bugs have also been corrected in 0.94.1 which is being provided with this update. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package gdm gdm-Xnest Update: Fri Nov 14 13:04:06 2008 Importance: bugfix ID: MDVA-2008:171 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:171 %pre An incorrect memory deallocation was causing a crash when the GNOME display manager was exiting. This package update fixes this issue and includes additional bug fixes and translation updates. %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package gnutls libgnutls26 libgnutls-devel Update: Mon Nov 17 12:39:47 2008 Importance: security ID: MDVSA-2008:227-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:227-1 %pre Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates (CVE-2008-4989). Update: It was found that the previously-published patch to correct this issue caused a regression when dealing with self-signed certificates. An updated patch that fixes the security issue and resolves the regression issue has been applied to these packages. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package libxml2_2 libxml2-devel libxml2-python libxml2-utils Update: Tue Nov 18 14:38:15 2008 Importance: security ID: MDVSA-2008:231 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:231 %pre Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop (CVE-2008-4225). The second is an integer overflow that caused a heap-based buffer overflow in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it could cause the application to crash or possibly execute arbitrary code (CVE-2008-4226). The updated packages have been patched to correct these issues. %description This library allows you to manipulate XML files. It includes support for reading, modifying and writing XML and HTML files. There is DTDs support: this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM-like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to a URI library. %package imwheel Update: Wed Nov 19 14:31:28 2008 Importance: bugfix ID: MDVA-2008:173 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:173 %pre Under certain conditions, imwheel would enter an infinite loop and force the X server to consume a lot of CPU time, rendering the system unusable. This update fixes the issue. %description Imwheel is a tool which can enable the use of extended buttons on mice with more than the regular three buttons. It can be used both with X.org and with closed-source commercial X-servers (for example those made by MetroLink or Xi Graphics). %package kbd Update: Wed Nov 19 14:50:12 2008 Importance: bugfix ID: MDVA-2008:174 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:174 %pre This update fixes errors in be-latin1, be2-latin1, ro-comma, ro-academic, and gr-utf8 keymaps, shipped on Mandriva Linux 2008 Spring and Mandriva Linux 2009. %description This package contains utilities to load console fonts and keyboard maps. It also includes a number of different fonts and keyboard maps. %package libcdaudio1 libcdaudio1-devel Update: Thu Nov 20 11:40:17 2008 Importance: security ID: MDVSA-2008:233 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:233 %pre A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code (CVE-2008-5030). In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. %description libcdaudio is a library for controlling CD-ROM devices %package dkms-lirc dkms-lirc-gpio dkms-lirc-parallel liblirc0 liblirc-devel lirc Update: Thu Nov 20 14:45:27 2008 Importance: bugfix ID: MDVA-2008:177 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:177 %pre The LIRC packages included with Mandriva Linux 2008 and Mandriva Linux 2008 Spring did not include the 'commandir' module, which is necessary (along with the 'lirc_cmdir' module) to properly support CommandIR remote controls. These updated packages do include the module. %description LIRC is a package that allows you to decode and send infra-red signals of many (but not all) commonly used remote controls. Configuration files for many remotes are locate in lirc-remotes package %package mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Fri Nov 21 12:52:39 2008 Importance: security ID: MDVSA-2008:235 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.18 (CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5052). This update provides the latest Thunderbird to correct these issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package graphviz graphviz-doc libgraphviz4 libgraphviz-devel libgraphvizlua0 libgraphvizocaml0 libgraphvizperl0 libgraphvizphp0 libgraphvizpython0 libgraphvizr0 libgraphvizruby0 libgraphviz-static-devel libgraphviztcl0 Update: Tue Nov 25 09:42:41 2008 Importance: bugfix ID: MDVA-2008:179 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:179 %pre The graphviz package shipped in Mandriva Linux 2008.1 has a bug in its builtin ps renderer: included images are displayed as blank area. An upstream patch fixes the issue. %description A collection of tools for the manipulation and layout of graphs (as in nodes and edges, not as in barcharts). %package cracklib cracklib-dicts libcrack2 libcrack2-devel libcrack2-python Update: Tue Nov 25 10:03:16 2008 Importance: bugfix ID: MDVA-2008:180 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:180 %pre The cracklib library package was incorrectly providing the development package, which was preventing the compilation of anything relying on cracklib-devel. This update fixes the incorrect Provides. It also corrects an issue when /usr is a separate partition the fails to mount at start, logging in is impossible because the pam_cracklib module is linked to /usr/lib/libcrack.so.2. %description CrackLib tests passwords to determine whether they match certain security-oriented characteristics. You can use CrackLib to stop users from choosing passwords which would be easy to guess. CrackLib performs certain tests: * It tries to generate words from a username and gecos entry and checks those words against the password; * It checks for simplistic patterns in passwords; * It checks for the password in a dictionary. CrackLib is actually a library containing a particular C function which is used to check the password, as well as other C functions. CrackLib is not a replacement for a passwd program; it must be used in conjunction with an existing passwd program. Install the cracklib package if you need a program to check users' passwords to see if they are at least minimally secure. If you install CrackLib, you'll also want to install the cracklib-dicts package. %package evolution evolution-data-server evolution-devel evolution-exchange evolution-mono evolution-pilot libcamel11 libcamel-provider11 libebook9 libecal7 libedata-book2 libedata-cal6 libedataserver9 libedataserver-devel libedataserverui8 libegroupwise13 libexchange-storage3 libgdata1 Update: Wed Dec 03 09:23:47 2008 Importance: bugfix ID: MDVA-2008:187 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:187 %pre Several feature bugfixes and stability fixes from GNOME 2.22.3 are provided by this package update, as well as translation updates. %description Evolution Data Server provides a central location for your addressbook and calendar in the gnome desktop. %package vim-common vim-enhanced vim-minimal vim-X11 Update: Wed Dec 03 17:57:24 2008 Importance: security ID: MDVSA-2008:236 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 %pre Several vulnerabilities were found in the vim editor: A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712). Ulf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953). A flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074). A flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075). A number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076). A number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101). A vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677). This update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package libsamplerate0 libsamplerate-devel libsamplerate-progs Update: Thu Dec 04 15:18:28 2008 Importance: security ID: MDVSA-2008:238 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:238 %pre A buffer overflow was found by Russell O'Conner in the libsamplerate library versions prior to 0.1.4 that could possibly lead to the execution of arbitrary code via a specially crafted audio file (CVE-2008-5008). The updated packages have been patched to prevent this issue. %description Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. One example of where such a thing would be useful is converting audio from the CD sample rate of 44.1kHz to the 48kHz sample rate used by DAT players. SRC is capable of arbitrary and time varying conversions ; from downsampling by a factor of 12 to upsampling by the same factor. Arbitrary in this case means that the ratio of input and output sample rates can be an irrational number. The conversion ratio can also vary with time for speeding up and slowing down effects. SRC provides a small set of converters to allow quality to be traded off against computation cost. The current best converter provides a signal-to-noise ratio of 97dB with -3dB passband extending from DC to 96% of the theoretical best bandwidth for a given pair of input and output sample rates. %package drakx-net drakx-net-text initscripts libdrakx-net Update: Fri Dec 05 13:52:05 2008 Importance: bugfix ID: MDVA-2008:190 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:190 %pre This update adds support for ATM bridging in the network configuration tools and backend. It is mostly used for ADSL pppoe connections with USB modems (bug #35797). %description This package contains the Mandriva network tools. net_applet: applet to check network connection net_monitor: connection monitoring %package clamav clamav-db clamd libclamav5 libclamav-devel Update: Fri Dec 05 16:22:59 2008 Importance: security ID: MDVSA-2008:239 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:239 %pre Ilja van Sprundel found that ClamAV contained a denial of service vulnerability in how it handled processing JPEG files, due to it not limiting the recursion depth when processing JPEG thumbnails (CVE-2008-5314). Other bugs have also been corrected in 0.94.2 which is being provided with this update. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package vim-common vim-enhanced vim-minimal vim-X11 Update: Mon Dec 08 16:18:52 2008 Importance: security ID: MDVSA-2008:236-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236-1 %pre Several vulnerabilities were found in the vim editor: A number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712). Ulf Härnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953). A flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074). A flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075). A number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076). A number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101). A vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677). This update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes. Update: The previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package timezone timezone-java Update: Tue Dec 09 10:34:23 2008 Importance: normal ID: MDVA-2008:195 URL: http://www.mandriva.com/security/advisories?name=MDVA-2008:195 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package vinagre Update: Wed Dec 10 10:53:33 2008 Importance: security ID: MDVSA-2008:240 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:240 %pre Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue. %description Vinagre is a VNC Client for the GNOME Desktop. Features: * You can connect to several machines at the same time, we like tabs * You can keep track of your most used connections, we like favorites * You can browse your network for VNC servers, we like avahi * You don't need to supply the password on every connection, we like GNOME Keyring (well, this is not yet implemented) * It's still in alpha stage (but usable), so, bugs are around %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Mon Dec 15 11:23:02 2008 Importance: security ID: MDVSA-2008:242 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:242 %pre Two vulnerabilities were discovered in Wireshark. The first is a vulnerability in the SMTP dissector that could cause it to consume excessive CPU and memory via a long SMTP request (CVE-2008-5285). The second is an issue with the WLCCP dissector that could cause it to go into an infinite loop. This update also provides a patch to fix a potential freeze during capture interface selection. This update provides Wireshark 1.0.5, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package enscript Update: Mon Dec 15 13:14:34 2008 Importance: security ID: MDVSA-2008:243 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:243 %pre Two buffer overflow vulnerabilities were discovered in GNU enscript, which could allow an attacker to execute arbitrary commands via a specially crafted ASCII file, if the file were opened with the -e or --escapes option enabled (CVE-2008-3863, CVE-2008-4306). The updated packages have been patched to prevent these issues. %description GNU enscript is a free replacement for Adobe's Enscript program. Enscript converts ASCII files to PostScript(TM) and spools generated PostScript output to the specified printer or saves it to a file. Enscript can be extended to handle different output media and includes many options for customizing printouts. %package devhelp devhelp-plugins epiphany epiphany-devel galeon gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libmozilla-firefox2.0.0.19 libmozilla-firefox-devel mozilla-firefox mozilla-firefox-af mozilla-firefox-ar mozilla-firefox-be mozilla-firefox-bg mozilla-firefox-br_FR mozilla-firefox-ca mozilla-firefox-cs mozilla-firefox-da mozilla-firefox-de mozilla-firefox-el mozilla-firefox-en_GB mozilla-firefox-es_AR mozilla-firefox-es_ES mozilla-firefox-et_EE mozilla-firefox-eu mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire mozilla-firefox-fi mozilla-firefox-fr mozilla-firefox-fy mozilla-firefox-ga mozilla-firefox-gnome-support mozilla-firefox-gu_IN mozilla-firefox-he mozilla-firefox-hu mozilla-firefox-it mozilla-firefox-ja mozilla-firefox-ka mozilla-firefox-ko mozilla-firefox-ku mozilla-firefox-lt mozilla-firefox-mk mozilla-firefox-mn mozilla-firefox-nb_NO mozilla-firefox-nl mozilla-firefox-nn_NO mozilla-firefox-pa_IN mozilla-firefox-pl mozilla-firefox-pt_BR mozilla-firefox-pt_PT mozilla-firefox-ro mozilla-firefox-ru mozilla-firefox-sk mozilla-firefox-sl mozilla-firefox-sv_SE mozilla-firefox-theme-gnome mozilla-firefox-theme-kdeff mozilla-firefox-tr mozilla-firefox-uk mozilla-firefox-zh_CN mozilla-firefox-zh_TW totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer yelp Update: Wed Dec 17 13:05:16 2008 Importance: security ID: MDVSA-2008:244 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.19 (CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513). This update provides the latest Mozilla Firefox 2.x to correct these issues. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package dos2unix Update: Wed Jan 07 12:38:47 2009 Importance: bugfix ID: MDVA-2009:001-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:001-1 %pre The dos2unix command removes the last line of a file if no newline character(s) follow. This package fixes the issue. Update: This update now provides corrected packages for Mandriva Linux 2008.x and Corporate Server 4.0. %description hd2u is "Hany's Dos2Unix converter". It provides 'dos2unix'. 'dos2unix' is filter used to convert DOS-style EOLs to UNIX-style EOLs and vice versa (EOL - End Of Line character). %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Thu Jan 08 18:02:16 2009 Importance: security ID: MDVSA-2009:001 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:001 %pre A vulnerability was found by the Google Security Team with how OpenSSL checked the verification of certificates. An attacker in control of a malicious server or able to effect a man-in-the-middle attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, which would then bypass the certificate validation (CVE-2008-5077). The updated packages have been patched to prevent this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libpython2.5 libpython2.5-devel python python-base python-docs tkinter tkinter-apps Update: Fri Jan 09 15:01:00 2009 Importance: security ID: MDVSA-2009:003 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:003 %pre Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. (CVE-2008-4864) Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031) The updated Python packages have been patched to correct these issues. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package pam_mount Update: Fri Jan 09 18:35:06 2009 Importance: security ID: MDVSA-2009:004 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:004 %pre passwdehd script in pam_mount would allow local users to overwrite arbitrary files via a symlink attack on a temporary file. The updated packages have been patched to prevent this. %description Pam_mount is a PAM module that allows dynamic remote volume mounting. It is mainly useful for users that have private volumes in Samba / Windows NT / Netware servers and need access to them during a Unix session. %package bind bind-devel bind-doc bind-utils Update: Fri Jan 09 22:20:40 2009 Importance: security ID: MDVSA-2009:002 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:002 %pre A flaw was found in how BIND checked the return value of the OpenSSL DSA_do_verify() function. On systems that use DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, which would allow for spoofing attacks (CVE-2009-0025). The updated packages have been patched to prevent this issue. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package xterm Update: Sun Jan 11 17:05:42 2009 Importance: security ID: MDVSA-2009:005 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:005 %pre A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the more command in xterm (CVE-2008-2383). The updated packages have been patched to prevent this. %description The XTerm program is the standard terminal emulator for the X Window System. It provides DEC VT102/VT220 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. If the underlying operating system supports terminal resizing capabilities (for example, the SIGWINCH signal in systems derived from 4.3bsd), xterm will use the facilities to notify programs running in the window whenever it is resized. The xterm included in this package has support for 256 colors enabled. %package openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-devel openoffice.org-devel-doc openoffice.org-draw openoffice.org-dtd-officedocument1.0 openoffice.org-filter-binfilter openoffice.org-gnome openoffice.org-help-af openoffice.org-help-ar openoffice.org-help-bg openoffice.org-help-br openoffice.org-help-bs openoffice.org-help-ca openoffice.org-help-cs openoffice.org-help-cy openoffice.org-help-da openoffice.org-help-de openoffice.org-help-el openoffice.org-help-en_GB openoffice.org-help-es openoffice.org-help-et openoffice.org-help-eu openoffice.org-help-fi openoffice.org-help-fr openoffice.org-help-he openoffice.org-help-hi openoffice.org-help-hu openoffice.org-help-it openoffice.org-help-ja openoffice.org-help-ko openoffice.org-help-mk openoffice.org-help-nb openoffice.org-help-nl openoffice.org-help-nn openoffice.org-help-pl openoffice.org-help-pt openoffice.org-help-pt_BR openoffice.org-help-ru openoffice.org-help-sk openoffice.org-help-sl openoffice.org-help-sv openoffice.org-help-ta openoffice.org-help-tr openoffice.org-help-zh_CN openoffice.org-help-zh_TW openoffice.org-help-zu openoffice.org-impress openoffice.org-java-common openoffice.org-kde openoffice.org-l10n-af openoffice.org-l10n-ar openoffice.org-l10n-bg openoffice.org-l10n-br openoffice.org-l10n-bs openoffice.org-l10n-ca openoffice.org-l10n-cs openoffice.org-l10n-cy openoffice.org-l10n-da openoffice.org-l10n-de openoffice.org-l10n-el openoffice.org-l10n-en_GB openoffice.org-l10n-es openoffice.org-l10n-et openoffice.org-l10n-eu openoffice.org-l10n-fi openoffice.org-l10n-fr openoffice.org-l10n-he openoffice.org-l10n-hi openoffice.org-l10n-hu openoffice.org-l10n-it openoffice.org-l10n-ja openoffice.org-l10n-ko openoffice.org-l10n-mk openoffice.org-l10n-nb openoffice.org-l10n-nl openoffice.org-l10n-nn openoffice.org-l10n-pl openoffice.org-l10n-pt openoffice.org-l10n-pt_BR openoffice.org-l10n-ru openoffice.org-l10n-sk openoffice.org-l10n-sl openoffice.org-l10n-sv openoffice.org-l10n-ta openoffice.org-l10n-tr openoffice.org-l10n-zh_CN openoffice.org-l10n-zh_TW openoffice.org-l10n-zu openoffice.org-math openoffice.org-mono openoffice.org-openclipart openoffice.org-pyuno openoffice.org-style-andromeda openoffice.org-style-crystal openoffice.org-style-hicontrast openoffice.org-style-industrial openoffice.org-style-tango openoffice.org-testtool openoffice.org-writer Update: Tue Jan 13 06:37:49 2009 Importance: security ID: MDVSA-2009:006 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:006 %pre Heap-based overflow on functions to manipulate WMF and EMF files in OpenOffice.org documments enables remote attackers to execute arbitrary code on documments holding certain crafted either WMF or EMF files (CVE-2008-2237) (CVE-2008-2238). This update provide the fix for these security issues and further openoffice.org-voikko package has been updated as it depends on openoffice.org packages. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. %package ntp ntp-client ntp-doc Update: Tue Jan 13 15:27:30 2009 Importance: security ID: MDVSA-2009:007 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:007 %pre A flaw was found in how NTP checked the return value of signature verification. A remote attacker could use this to bypass certificate validation by using a malformed SSL/TLS signature (CVE-2009-0021). The updated packages have been patched to prevent this issue. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package dkms-kqemu qemu qemu-img Update: Tue Jan 13 21:02:45 2009 Importance: security ID: MDVSA-2009:010 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:010 %pre A security vulnerability have been discovered and corrected in VNC server of qemu 0.9.1 and earlier, which could lead to a denial-of-service attack (CVE-2008-2382). The updated packages have been patched to prevent this. %description QEMU is a FAST! processor emulator. By using dynamic translation it achieves a reasonnable speed while being easy to port on new host CPUs. QEMU has two operating modes: * User mode emulation. In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. Linux system calls are converted because of endianness and 32/64 bit mismatches. Wine (Windows emulation) and DOSEMU (DOS emulation) are the main targets for QEMU. * Full system emulation. In this mode, QEMU emulates a full system, including a processor and various peripherials. Currently, it is only used to launch an x86 Linux kernel on an x86 Linux system. It enables easier testing and debugging of system code. It can also be used to provide virtual hosting of several virtual PC on a single server. This QEMU package provides support for KQEMU, the QEMU Accelerator module. This QEMU package provides support for KVM (Kernel-based Virtual Machine), a full virtualization solution for Linux on x86 hardware containing virtualization extensions (AMD-v or Intel VT). %package dkms-vboxadd dkms-vboxvfs dkms-virtualbox virtualbox virtualbox-guest-additions x11-driver-input-vboxmouse x11-driver-video-vboxvideo Update: Wed Jan 14 16:11:47 2009 Importance: security ID: MDVSA-2009:011 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:011 %pre A vulnerability have been discovered and corrected in VirtualBox, affecting versions prior to 2.0.6, which allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-qateam-ipc/lock temporary file (CVE-2008-5256). The updated packages have been patched to prevent this. %description VirtualBox Open Source Edition (OSE) is a general-purpose full virtualizer for x86 hardware. %package mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Thu Jan 15 11:53:33 2009 Importance: security ID: MDVSA-2009:012 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 %pre A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.19 (CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512). This update provides the latest Thunderbird to correct these issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package mencoder mplayer mplayer-doc mplayer-gui Update: Thu Jan 15 17:38:23 2009 Importance: security ID: MDVSA-2009:013 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 %pre Several vulnerabilities have been discovered in mplayer, which could allow remote attackers to execute arbitrary code via a malformed TwinVQ file (CVE-2008-5616), and in ffmpeg, as used by mplayer, related to the execution of DTS generation code (CVE-2008-4866) and incorrect handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867). The updated packages have been patched to prevent this. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer10GOLD/codecs %package ffmpeg libavformats52 libavutil49 libffmpeg51 libffmpeg-devel libffmpeg-static-devel Update: Thu Jan 15 18:39:57 2009 Importance: security ID: MDVSA-2009:015 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:015 %pre Several vulnerabilities have been discovered in ffmpeg, related to the execution of DTS generation code (CVE-2008-4866) and incorrect handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867). The updated packages have been patched to prevent this. %description ffmpeg is a hyper fast realtime audio/video encoder, a streaming server and a generic audio and video file converter. It can grab from a standard Video4Linux video source and convert it into several file formats based on DCT/motion compensation encoding. Sound is compressed in MPEG audio layer 2 or using an AC3 compatible stream. %package tomcat5 tomcat5-admin-webapps tomcat5-common-lib tomcat5-jasper tomcat5-jasper-eclipse tomcat5-jasper-javadoc tomcat5-jsp-2.0-api tomcat5-jsp-2.0-api-javadoc tomcat5-server-lib tomcat5-servlet-2.4-api tomcat5-servlet-2.4-api-javadoc tomcat5-webapps Update: Fri Jan 16 20:47:19 2009 Importance: security ID: MDVSA-2009:018 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:018 %pre Apache Tomcat does not properly handle certain characters in a cookie value, which could possibly lead to the leak of sensitive information such as session IDs (CVE-2007-5333). The updated packages have been patched to prevent this issue. %description Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. %package imlib2-data libimlib2_1 libimlib2_1-filters libimlib2_1-loaders libimlib2-devel Update: Mon Jan 19 09:08:11 2009 Importance: security ID: MDVSA-2009:019 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:019 %pre A vulnerability have been discovered in the load function of the XPM loader for imlib2, which allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file (CVE-2008-5187). The updated packages have been patched to prevent this. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. Build Options: --with mmx Enable mmx cpu detection (10% - 30% speedup) %package libxine1 libxine-devel xine-aa xine-caca xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-jack xine-plugins xine-pulse xine-sdl xine-smb xine-wavpack Update: Wed Jan 21 12:27:41 2009 Importance: security ID: MDVSA-2009:020 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:020 %pre Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-3231). Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files (CVE: CVE-2008-5233). Heap-based overflow allows remote attackers to execute arbitrary code by using Quicktime media files holding crafted metadata (CVE-2008-5234). Heap-based overflow allows remote attackers to execute arbitrary code by using either crafted Matroska or Real media files (CVE-2008-5236). Failure on manipulation of either MNG or Quicktime files can lead remote attackers to cause a denial of service by using crafted files (CVE-2008-5237). Multiple heap-based overflow on input plugins (http, net, smb, dvd, dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to execute arbitrary code by handling that input channels. Further this problem can even lead attackers to cause denial of service (CVE-2008-5239). Heap-based overflow allows attackers to execute arbitrary code by using crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry element). Further a failure on handling of Real media files (CONT_TAG header) can lead to a denial of service attack (CVE-2008-5240). Integer underflow allows remote attackers to cause denial of service by using Quicktime media files (CVE-2008-5241). Failure on manipulation of Real media files can lead remote attackers to cause a denial of service by indexing an allocated buffer with a certain input value in a crafted file (CVE-2008-5243). Vulnerabilities of unknown impact - possibly buffer overflow - caused by a condition of video frame preallocation before ascertaining the required length in V4L video input plugin (CVE-2008-5245). Heap-based overflow allows remote attackers to execute arbitrary code by using crafted media files. This vulnerability is in the manipulation of ID3 audio file data tagging mainly used in MP3 file formats (CVE-2008-5246). This update provides the fix for all these security issues found in xine-lib 1.1.11 of Mandriva 2008.1. The vulnerabilities: CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5243 are found in xine-lib 1.1.15 of Mandriva 2009.0 and are also fixed by this update. %description xine is a free gpl-licensed video player for unix-like systems. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Wed Jan 21 12:55:44 2009 Importance: security ID: MDVSA-2009:021 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:021 %pre A buffer overflow in the imageloadfont() function in PHP allowed context-dependent attackers to cause a denial of service (crash) and potentially execute arbitrary code via a crafted font file (CVE-2008-3658). A buffer overflow in the memnstr() function allowed context-dependent attackers to cause a denial of service (crash) and potentially execute arbitrary code via the delimiter argument to the explode() function (CVE-2008-3659). PHP, when used as a FastCGI module, allowed remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension (CVE-2008-3660). An array index error in the imageRotate() function in PHP allowed context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument to the function for an indexed image (CVE-2008-5498). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package finch libfinch0 libpurple0 libpurple-devel pidgin pidgin-bonjour pidgin-client pidgin-gevolution pidgin-i18n pidgin-meanwhile pidgin-mono pidgin-perl pidgin-silc pidgin-tcl Update: Thu Jan 22 14:57:27 2009 Importance: security ID: MDVSA-2009:025 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:025 %pre The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. (CVE-2008-3532) Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. (CVE-2008-2955) The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. (CVE-2008-2957) The updated packages have been patched to fix these issues. %description Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. %package cups cups-common cups-serial libcups2 libcups2-devel php-cups Update: Sat Jan 24 09:40:01 2009 Importance: security ID: MDVSA-2009:028 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 %pre Security vulnerabilities have been discovered and corrected in CUPS. CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference (CVE-2008-5183). The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions (CVE-2008-5184). CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow (CVE-2008-5286). CUPS shipped with Mandriva Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file (CVE-2009-0032). The updated packages have been patched to prevent this. %description CUPS 1.2 is fully compatible with CUPS-1.1 machines in the network and with software built against CUPS-1.1 libraries. The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package amarok amarok-engine-void amarok-engine-xine amarok-engine-yauap amarok-scripts libamarok0 libamarok0-scripts libamarok-devel libamarok-scripts-devel Update: Tue Jan 27 06:01:59 2009 Importance: security ID: MDVSA-2009:030 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:030 %pre Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code (CVE-2009-0135). Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file (CVE-2009-0136). This update provide the fix for these security issues. %description Feature Overview * Music Collection: You have a huge music library and want to locate tracks quickly? Let amaroK's powerful Collection take care of that! It's a database powered music store, which keeps track of your complete music library, allowing you to find any title in a matter of seconds. * Intuitive User Interface: You will be amazed to see how easy amaroK is to use! Simply drag-and-drop files into the playlist. No hassle with complicated buttons or tangled menus. Listening to music has never been easier! * Streaming Radio: Web streams take radio to the next level: Listen to thousands of great radio stations on the internet, for free! amaroK provides excellent streaming support, with advanced features, such as displaying titles of the currently playing songs. * Context Browser: This tool provides useful information on the music you are currently listening to, and can make listening suggestions, based on your personal music taste. An innovate and unique feature. * Visualizations: amaroK is compatible with XMMS visualization plugins. Allows you to use the great number of stunning visualizations available on the net. 3d visualizations with OpenGL are a great way to enhance your music experience. %package avahi avahi-dnsconfd avahi-python avahi-sharp avahi-sharp-doc avahi-x11 libavahi-client3 libavahi-client-devel libavahi-common3 libavahi-common-devel libavahi-compat-howl0 libavahi-compat-howl-devel libavahi-compat-libdns_sd1 libavahi-compat-libdns_sd-devel libavahi-core5 libavahi-core-devel libavahi-glib1 libavahi-glib-devel libavahi-gobject0 libavahi-gobject-devel libavahi-qt3_1 libavahi-qt3-devel libavahi-qt4_1 libavahi-qt4-devel libavahi-ui1 libavahi-ui-devel Update: Fri Jan 30 18:31:00 2009 Importance: security ID: MDVSA-2009:031 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:031 %pre A vulnerability has been discovered in Avahi before 0.6.24, which allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0 (CVE-2008-5081). The updated packages have been patched to prevent this. %description Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in MacOS X (branded 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very convenient. %package avahi avahi-dnsconfd avahi-python avahi-sharp avahi-sharp-doc avahi-x11 libavahi-client3 libavahi-client-devel libavahi-common3 libavahi-common-devel libavahi-compat-howl0 libavahi-compat-howl-devel libavahi-compat-libdns_sd1 libavahi-compat-libdns_sd-devel libavahi-core5 libavahi-core-devel libavahi-glib1 libavahi-glib-devel libavahi-gobject0 libavahi-gobject-devel libavahi-qt3_1 libavahi-qt3-devel libavahi-qt4_1 libavahi-qt4-devel libavahi-ui1 libavahi-ui-devel Update: Fri Jan 30 18:32:05 2009 Importance: security ID: MDVSA-2009:031 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:031 %pre A vulnerability has been discovered in Avahi before 0.6.24, which allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0 (CVE-2008-5081). The updated packages have been patched to prevent this. %description Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in MacOS X (branded 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very convenient. %package sudo Update: Wed Feb 04 12:38:11 2009 Importance: security ID: MDVSA-2009:033 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:033 %pre A vulnerability has been identified in sudo which allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root (CVE-2009-0034). The updated packages have been patched to prevent this. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package clamav clamav-db clamav-milter clamd libclamav5 libclamav-devel Update: Fri Feb 06 18:27:24 2009 Importance: bugfix ID: MDVA-2009:018 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:018 %pre This update fixes several issues with clamav: - update unexpectely changes location of clamd socket (#46459) - clamav-milter was not built (#46555) - Clamav-milter wanted to remove postfix (#46556) %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package clamav clamav-db clamav-milter clamd libclamav5 libclamav-devel Update: Fri Feb 06 18:35:52 2009 Importance: bugfix ID: MDVA-2009:018 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:018 %pre This update fixes several issues with clamav: - update unexpectely changes location of clamd socket (#46459) - clamav-milter was not built (#46555) - Clamav-milter wanted to remove postfix (#46556) %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package clamav clamav-db clamav-milter clamd libclamav5 libclamav-devel Update: Fri Feb 06 18:47:01 2009 Importance: bugfix ID: MDVA-2009:018 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:018 %pre This update fixes several issues with clamav: - update unexpectely changes location of clamd socket (#46459) - clamav-milter was not built (#46555) - Clamav-milter wanted to remove postfix (#46556) - Scanning mail with clamav leaves a big temporary folder (#46642) - Build fails if invoked with --with milter, in a configure stage (#46554) - Jpeg parsing denial-of-service crash in clamav 0.94-1 and earlier (#46199) %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package squid squid-cachemgr Update: Tue Feb 10 16:09:36 2009 Importance: security ID: MDVSA-2009:034 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 %pre Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client to perform a denial of service attack on the Squid service (CVE-2009-0478). The updated packages have been patched to adress this. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. %package gstreamer0.10-aalib gstreamer0.10-caca gstreamer0.10-dv gstreamer0.10-esound gstreamer0.10-flac gstreamer0.10-plugins-good gstreamer0.10-raw1394 gstreamer0.10-speex gstreamer0.10-wavpack Update: Wed Feb 11 02:07:54 2009 Importance: security ID: MDVSA-2009:035 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:035 %pre Security vulnerabilities have been discovered and corrected in gstreamer0.10-plugins-good, might allow remote attackers to execute arbitrary code via a malformed QuickTime media file (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397). The updated packages have been patched to prevent this. %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of plug-ins that are considered to have good quality code, correct functionality, the preferred license (LGPL for the plug-in code, LGPL or LGPL-compatible for the supporting library). People writing elements should base their code on these elements. %package glibc glibc-devel glibc-doc glibc-doc-pdf glibc-i18ndata glibc-profile glibc-static-devel glibc-utils nscd Update: Thu Feb 12 02:40:25 2009 Importance: bugfix ID: MDVA-2009:019 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:019 %pre The glibc packages released with Mandriva Linux 2008 and Mandriva Linux 2008 Spring had the /etc/ld.so.conf file using relative paths to include other config files at /etc/ld.so.conf.d, breaking usage of ldconfig -r, for example when you have chroot environments. This update fixes ld.so.conf to use absolute paths instead. Also, other cumulative bug fixes are provided. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. This package now also provides ldconfig which was package seperately in the past. Ldconfig is a basic system program which determines run-time link bindings between ld.so and shared libraries. Ldconfig scans a running system and sets up the symbolic links that are used to load shared libraries properly. It also creates a cache (/etc/ld.so.cache) which speeds the loading of programs which use shared libraries. %package db4.6 db4.6-javadoc db46-utils libdb4.6 libdb4.6-devel libdb4.6-static-devel libdbcxx4.6 libdbnss4.6 libdbnss4.6-devel libdbtcl4.6 Update: Thu Feb 12 04:41:36 2009 Importance: bugfix ID: MDVA-2009:023 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:023 %pre Additional official patches have been released for db 4.6 after Mandriva release. They fix the following issues: - There was the possibility that the wrong number of mutexes would be allocated. This issue could cause applications with multiple cache regions to see undefined behavior in rare cases under load - Replication clients should be able to open a sequence %description The Berkeley Database (Berkeley DB) is a programmatic toolkit that provides embedded database support for both traditional and client/server applications. Berkeley DB is used by many applications, including Python and Perl, so this should be installed on all systems. %package bind bind-devel bind-doc bind-utils Update: Mon Feb 16 11:41:32 2009 Importance: security ID: MDVSA-2009:037 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:037 %pre Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function (CVE-2009-0265). %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package blender Update: Mon Feb 16 14:39:44 2009 Importance: security ID: MDVSA-2009:038 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:038 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory (CVE-2008-4863). This update provides fix for that vulnerability. %description Blender is the in-house software of a high quality animation studio. It has proven to be an extremely fast and versatile design instrument. The software has a personal touch, offering a unique approach to the world of three dimensions. Blender can be used to create TV commercials, to make technical visualizations or business graphics, to do some morphing, or to design user interfaces. Developers can easily build and manage complex environments. The renderer is versatile and extremely fast. All basic animation principles (curves and keys) are implemented. %package gedit gedit-devel Update: Mon Feb 16 15:46:30 2009 Importance: security ID: MDVSA-2009:039 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:039 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current gedit working directory (CVE-2009-0314). This update provides fix for that vulnerability. %description gEdit is a small but powerful text editor designed expressly for GNOME. It includes such features as split-screen mode, a plugin API, which allows gEdit to be extended to support many features while remaining small at its core, multiple document editing through the use of a 'tabbed' notebook and many more functions. %package dia Update: Mon Feb 16 21:23:50 2009 Importance: security ID: MDVSA-2009:040 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:040 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory (CVE-2008-5984). This update provides fix for that vulnerability. %description Dia is a program designed to be much like the Windows program 'Visio'. It can be used to draw different kind of diagrams. In this first version there is support for UML static structure diagrams (class diagrams) and Network diagrams. It can currently load and save diagrams to a custom fileformat and export to postscript. %package jhead Update: Tue Feb 17 16:13:05 2009 Importance: security ID: MDVSA-2009:041 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:041 %pre Security vulnerabilies have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) (CVE-2008-4575). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file (CVE-2008-4639). Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename (CVE-2008-4640). jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input (CVE-2008-4641). This update provides the latest Jhead to correct these issues. %description Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. In contrary to the tools "exif" and "gexif" (and all other libexif-based tools as "gphoto2") this tool gives a much easier readable summary of camera settings (shutter speed in 1/x sec, focal length (also the 35-mm camera equivalent), focal distance, ...), EXIF header manipulation as stripping off the thumbnail and other info not needed, stripping off the complete header, applying arbitrary conversion tools to the JPEG image and conserving the header, renaming JPEG images with the capture date stored in the header, and even turning the images upright when the camera has an orientation sensor (as Canon Digital IXUS 400) ... The tool is very compact, the executable has only a size of around 35 kb, the whole package (with documentation) occupies 60 kb. See /usr/share/doc/jhead-2.86/usage.html for how to use this program. %package gnumeric libspreadsheet1.8.2 libspreadsheet-devel Update: Thu Feb 19 20:52:41 2009 Importance: security ID: MDVSA-2009:043 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:043 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Gnumeric working directory (CVE-2009-0318). This update provides fix for that vulnerability. %description This is the Gnumeric, the GNOME spreadsheet program. If you are familiar with Excel, you should be ready to use Gnumeric. It tries to clone all of the good features and stay as compatible as possible with Excel in terms of usability. Hopefully the bugs have been left behind :). %package devhelp devhelp-plugins epiphany epiphany-devel epiphany-extensions firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW galeon gecko-sharp2 gecko-sharp2-doc gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mailcap mono-tools mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire ruby-atk ruby-gconf2 ruby-gdkpixbuf2 ruby-glib2 ruby-gnome2 ruby-gnome2-devel ruby-gnomecanvas2 ruby-gnomeprint2 ruby-gnomeprintui2 ruby-gnomevfs2 ruby-gtk2 ruby-gtkglext ruby-gtkhtml2 ruby-gtkmozembed ruby-gtksourceview ruby-libart2 ruby-libglade2 ruby-panelapplet2 ruby-pango ruby-poppler ruby-rsvg2 ruby-vte totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer xulrunner yelp Update: Fri Feb 20 07:53:09 2009 Importance: security ID: MDVSA-2009:044 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358). This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package apache-mod_php libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Fri Feb 20 18:31:37 2009 Importance: security ID: MDVSA-2009:045 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 %pre A number of vulnerabilities have been found and corrected in PHP: improve mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c (CVE-2008-5557). Additionally on Mandriva Linux 2009.0 and up the php-mbstring module is linked against a separate shared libmbfl library that also have been patched to address CVE-2008-5557. Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. (CVE-2008-5658) make sure the page_uid and page_gid get initialized properly in ext/standard/basic_functions.c. Also, init server_context before processing config variables in sapi/apache/mod_php5.c (CVE-2008-5624). enforce restrictions when merging in dir entry in sapi/apache/mod_php5.c and sapi/apache2handler/apache_config.c (CVE-2008-5625). On 2008.1, 2009.0 and cooker (2009.1) seen on x86_64 and with the latest phpmyadmin 3.1.2 software made apache+php segfault (#26274, #45864). This problem has been addressed by using -O0 for compiler optimization and by using -fno-strict-aliasing. Either the bug is in php and/or in gcc 4.3.2. Preferable just make it work as expected for now. In addition, the updated packages provide a number of bug fixes. The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package vim-common vim-enhanced vim-minimal vim-X11 Update: Fri Feb 20 19:05:45 2009 Importance: security ID: MDVSA-2009:047 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:047 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory (CVE-2009-0316). This update provides fix for that vulnerability. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package epiphany epiphany-devel Update: Fri Feb 20 21:13:31 2009 Importance: security ID: MDVSA-2009:048 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:048 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory (CVE-2008-5985). This update provides fix for that vulnerability. %description Epiphany is a GNOME web browser based on the mozilla rendering engine. The name meaning: "An intuitive grasp of reality through something (as an event) usually simple and striking" %package pycrypto Update: Fri Feb 20 21:37:42 2009 Importance: security ID: MDVSA-2009:049 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:049 %pre A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. %description The Toolkit is a collection of cryptographic algorithms and protocols, implemented for use from Python. The current release is 1.9alpha6. Among the contents of the package: * Hash functions: MD2, MD4, RIPEMD. * Block encryption algorithms: AES, ARC2, Blowfish, CAST, DES, Triple- DES, IDEA, RC5. * Stream encryption algorithms: ARC4, simple XOR. * Public-key algorithms: RSA, DSA, ElGamal, qNEW. * Protocols: All-or-nothing transforms, chaffing/winnowing. * Miscellaneous: RFC1751 module for converting 128-key keys into a set of English words, primality testing. * Some demo programs (currently all quite old and outdated). %package libpng3 libpng-devel libpng-source libpng-static-devel Update: Mon Feb 23 18:18:13 2009 Importance: security ID: MDVSA-2009:051 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 %pre A number of vulnerabilities have been found and corrected in libpng: Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was allready fixed in Mandriva Linux 2009.0. Fix the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0 (CVE-2008-5907). Fix a potential DoS (Denial of Service) or to potentially compromise an application using the library (CVE-2009-0040). The updated packages have been patched to prevent this. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package pycrypto Update: Mon Feb 23 21:52:17 2009 Importance: security ID: MDVSA-2009:049-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:049-1 %pre A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. Update: The previous update package was not signed. %description The Toolkit is a collection of cryptographic algorithms and protocols, implemented for use from Python. The current release is 1.9alpha6. Among the contents of the package: * Hash functions: MD2, MD4, RIPEMD. * Block encryption algorithms: AES, ARC2, Blowfish, CAST, DES, Triple- DES, IDEA, RC5. * Stream encryption algorithms: ARC4, simple XOR. * Public-key algorithms: RSA, DSA, ElGamal, qNEW. * Protocols: All-or-nothing transforms, chaffing/winnowing. * Miscellaneous: RFC1751 module for converting 128-key keys into a set of English words, primality testing. * Some demo programs (currently all quite old and outdated). %package php-smarty php-smarty-manual Update: Tue Feb 24 17:43:02 2009 Importance: security ID: MDVSA-2009:052 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:052 %pre A vulnerability has been identified and corrected in php-smarty: The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka php executed in templates %description Smarty is a template engine for PHP. More specifically, it facilitates a manageable way to separate application logic and content from its presentation. This is best described in a situation where the application programmer and the template designer play different roles, or in most cases are not the same person. For example, let's say you are creating a web page that is displaying a newspaper article. The article headline, tagline, author and body are content elements, they contain no information about how they will be presented. They are passed into Smarty by the application, then the template designer edits the templates and uses a combination of HTML tags and template tags to format the presentation of these elements (HTML tables, background colors, font sizes, style sheets, etc.) One day the programmer needs to change the way the article content is retrieved (a change in application logic.) This change does not affect the template designer, the content will still arrive in the template exactly the same. Likewise, if the template designer wants to completely redesign the templates, this requires no changes to the application logic. Therefore, the programmer can make changes to the application logic without the need to restructure templates, and the template designer can make changes to templates without breaking application logic. %package audacity Update: Wed Feb 25 17:02:50 2009 Importance: security ID: MDVSA-2009:055 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:055 %pre A vulnerability has been identified and corrected in audacity: Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string (CVE-2009-0490). The updated packages have been patched to prevent this. %description Audacity is a program that lets you manipulate digital audio waveforms. In addition to letting you record sounds directly from within the program, it imports many sound file formats, including WAV, AIFF, MP3 and Ogg/Vorbis. It supports all common editing operations such as Cut, Copy, and Paste, plus it will mix tracks and let you apply plug-in effects to any part of a sound. It also has a built-in amplitude envelope editor, a customizable spectrogram mode and a frequency analysis window for audio analysis applications. %package epiphany epiphany-devel Update: Wed Feb 25 22:23:08 2009 Importance: security ID: MDVSA-2009:048-2 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:048-2 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory (CVE-2008-5985). This update provides fix for that vulnerability. Update: The previous update package was not built against the correct (latest) libxulrunner-1.9.0.6 library (fixes #48163) %description Epiphany is a GNOME web browser based on the mozilla rendering engine. The name meaning: "An intuitive grasp of reality through something (as an event) usually simple and striking" %package valgrind Update: Thu Feb 26 13:29:48 2009 Importance: security ID: MDVSA-2009:057 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:057 %pre A vulnerability has been identified and corrected in valgrind: Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario. (CVE-2008-4865) The updated packages have been patched to prevent this. %description When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. As a result, Valgrind can detect problems such as: * Use of uninitialised memory * Reading/writing memory after it has been free'd * Reading/writing off the end of malloc'd blocks * Reading/writing inappropriate areas on the stack * Memory leaks -- where pointers to malloc'd blocks are lost forever * Passing of uninitialised and/or unaddressible memory to system calls * Mismatched use of malloc/new/new [] vs free/delete/delete [] %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Thu Feb 26 23:37:07 2009 Importance: security ID: MDVSA-2009:058 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:058 %pre Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. (CVE-2009-0599) Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. (CVE-2009-0600) Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. (CVE-2009-0601) This update provides Wireshark 1.0.6, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package eclipse-cvs-client eclipse-jdt eclipse-pde eclipse-pde-runtime eclipse-platform eclipse-rcp libswt3-gtk2 Update: Fri Feb 27 15:04:03 2009 Importance: bugfix ID: MDVA-2009:032 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:032 %pre This update addresses minor issues with eclipse. eclipse can not be installed after firefox3 installation (#48095) %description The Eclipse Platform is designed for building integrated development environments (IDEs) that can be used to create applications as diverse as web sites, embedded Java(tm) programs, C++ programs, and Enterprise JavaBeans(tm). %package xchat xchat-devel xchat-perl xchat-python xchat-tcl Update: Fri Feb 27 18:43:55 2009 Importance: security ID: MDVSA-2009:059 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:059 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory (CVE-2009-0315). This update provides fix for that vulnerability. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package xchat xchat-devel xchat-perl xchat-python xchat-tcl Update: Fri Feb 27 21:16:27 2009 Importance: security ID: MDVSA-2009:059 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:059 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory (CVE-2009-0315). This update provides fix for that vulnerability. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package nfs-utils nfs-utils-clients Update: Fri Feb 27 22:38:13 2009 Importance: security ID: MDVSA-2009:060 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:060 %pre A security vulnerability has been identified and fixed in nfs-utils, which caused TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions (CVE-2008-4552). The updated packages have been patched to prevent this. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package proftpd proftpd-devel proftpd-mod_autohost proftpd-mod_ban proftpd-mod_case proftpd-mod_ctrls_admin proftpd-mod_gss proftpd-mod_ifsession proftpd-mod_ldap proftpd-mod_load proftpd-mod_quotatab proftpd-mod_quotatab_file proftpd-mod_quotatab_ldap proftpd-mod_quotatab_radius proftpd-mod_quotatab_sql proftpd-mod_radius proftpd-mod_ratio proftpd-mod_rewrite proftpd-mod_shaper proftpd-mod_site_misc proftpd-mod_sql proftpd-mod_sql_mysql proftpd-mod_sql_postgres proftpd-mod_time proftpd-mod_tls proftpd-mod_wrap proftpd-mod_wrap_file proftpd-mod_wrap_sql Update: Fri Feb 27 23:35:37 2009 Importance: security ID: MDVSA-2009:061 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 %pre %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package shadow-utils Update: Mon Mar 02 19:45:28 2009 Importance: security ID: MDVSA-2009:062 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:062 %pre A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry (CVE-2008-5394). The updated packages have been patched to prevent this. Note: Mandriva Linux is using login application from util-linux-ng by default, and therefore is not affected by this issue on default configuration. %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %package shadow-utils Update: Mon Mar 02 19:46:15 2009 Importance: security ID: MDVSA-2009:062 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:062 %pre A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry (CVE-2008-5394). The updated packages have been patched to prevent this. Note: Mandriva Linux is using login application from util-linux-ng by default, and therefore is not affected by this issue on default configuration. %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %package eog eog-devel Update: Mon Mar 02 21:32:21 2009 Importance: security ID: MDVSA-2009:063 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:063 %pre Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current eog working directory (CVE-2008-5987). This update provides fix for that vulnerability. %description This is the Eye of Gnome, an image viewer program. It is meant to be a fast and functional image viewer as well as an image cataloging program. It does proper handling of large images and images with full opacity information, and can zoom and scroll images quickly while keeping memory usage constant. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Thu Mar 05 19:04:39 2009 Importance: security ID: MDVSA-2009:066 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:066 %pre PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server (CVE-2009-0754). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libsndfile1 libsndfile-devel libsndfile-progs libsndfile-static-devel Update: Thu Mar 05 21:25:33 2009 Importance: security ID: MDVSA-2009:067 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:067 %pre Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow (CVE-2009-0186). This update provides fix for that vulnerability. %description libsndfile is a C library for reading and writing sound files such as AIFF, AU and WAV files through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32-bit floating point WAV files and a number of compressed formats. %package libpoppler2 libpoppler-devel libpoppler-glib2 libpoppler-glib-devel libpoppler-qt2 libpoppler-qt4-2 libpoppler-qt4-devel libpoppler-qt-devel poppler Update: Fri Mar 06 19:13:36 2009 Importance: security ID: MDVSA-2009:068 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:068 %pre A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method (CVE-2009-0755). A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used (CVE-2009-0756). This update provides fixes for those vulnerabilities. Update: This update does not apply for CVE-2009-0755 under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4. %description Poppler is a PDF rendering library based on the xpdf-3.0 code base. %package curl curl-examples libcurl4 libcurl-devel Update: Fri Mar 06 22:33:16 2009 Importance: security ID: MDVSA-2009:069 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:069 %pre A security vulnerability has been identified and fixed in curl, which could allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL (CVE-2009-0037). The updated packages have been patched to prevent this. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with SSL (https) support. %package libpoppler2 libpoppler-devel libpoppler-glib2 libpoppler-glib-devel libpoppler-qt2 libpoppler-qt4-2 libpoppler-qt4-devel libpoppler-qt-devel poppler Update: Sat Mar 07 00:53:33 2009 Importance: security ID: MDVSA-2009:068-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:068-1 %pre A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method (CVE-2009-0755). A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used (CVE-2009-0756). This update provides fixes for those vulnerabilities. This update does not apply for CVE-2009-0755 under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4. Update: The previous packages were not signed, this new update fixes that issue. %description Poppler is a PDF rendering library based on the xpdf-3.0 code base. %package php-ssh2 Update: Mon Mar 09 13:09:13 2009 Importance: bugfix ID: MDVA-2009:037 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:037 %pre This update upgrades the php-ssh2 package to version 0.11.0 (stable) to address intermittent segfaults (#39079). %description Provides bindings to the libssh2 library which provide access to resources (shell, remote exec, tunneling, file transfer) on a remote machine using a secure cryptographic transport. %package openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-devel openoffice.org-devel-doc openoffice.org-draw openoffice.org-dtd-officedocument1.0 openoffice.org-filter-binfilter openoffice.org-gnome openoffice.org-help-af openoffice.org-help-ar openoffice.org-help-bg openoffice.org-help-br openoffice.org-help-bs openoffice.org-help-ca openoffice.org-help-cs openoffice.org-help-cy openoffice.org-help-da openoffice.org-help-de openoffice.org-help-el openoffice.org-help-en_GB openoffice.org-help-es openoffice.org-help-et openoffice.org-help-eu openoffice.org-help-fi openoffice.org-help-fr openoffice.org-help-he openoffice.org-help-hi openoffice.org-help-hu openoffice.org-help-it openoffice.org-help-ja openoffice.org-help-ko openoffice.org-help-mk openoffice.org-help-nb openoffice.org-help-nl openoffice.org-help-nn openoffice.org-help-pl openoffice.org-help-pt openoffice.org-help-pt_BR openoffice.org-help-ru openoffice.org-help-sk openoffice.org-help-sl openoffice.org-help-sv openoffice.org-help-ta openoffice.org-help-tr openoffice.org-help-zh_CN openoffice.org-help-zh_TW openoffice.org-help-zu openoffice.org-impress openoffice.org-java-common openoffice.org-kde openoffice.org-l10n-af openoffice.org-l10n-ar openoffice.org-l10n-bg openoffice.org-l10n-br openoffice.org-l10n-bs openoffice.org-l10n-ca openoffice.org-l10n-cs openoffice.org-l10n-cy openoffice.org-l10n-da openoffice.org-l10n-de openoffice.org-l10n-el openoffice.org-l10n-en_GB openoffice.org-l10n-es openoffice.org-l10n-et openoffice.org-l10n-eu openoffice.org-l10n-fi openoffice.org-l10n-fr openoffice.org-l10n-he openoffice.org-l10n-hi openoffice.org-l10n-hu openoffice.org-l10n-it openoffice.org-l10n-ja openoffice.org-l10n-ko openoffice.org-l10n-mk openoffice.org-l10n-nb openoffice.org-l10n-nl openoffice.org-l10n-nn openoffice.org-l10n-pl openoffice.org-l10n-pt openoffice.org-l10n-pt_BR openoffice.org-l10n-ru openoffice.org-l10n-sk openoffice.org-l10n-sl openoffice.org-l10n-sv openoffice.org-l10n-ta openoffice.org-l10n-tr openoffice.org-l10n-zh_CN openoffice.org-l10n-zh_TW openoffice.org-l10n-zu openoffice.org-math openoffice.org-mono openoffice.org-openclipart openoffice.org-pyuno openoffice.org-style-andromeda openoffice.org-style-crystal openoffice.org-style-hicontrast openoffice.org-style-industrial openoffice.org-style-tango openoffice.org-testtool openoffice.org-writer Update: Tue Mar 10 13:12:33 2009 Importance: security ID: MDVSA-2009:070 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:070 %pre senddoc uses temporary files (/tmp/log.obr.4043) in a insecure way which enables local attackers to overwrite arbitrary files by using a symlink attack (CVE-2008-4937). This update provides fix for that vulnerability. Update: Further this update is a rebuild against (lastest) xulrunner 1.9.0.6. %description OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editing and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. %package perl-MDK-Common Update: Wed Mar 11 17:14:19 2009 Importance: security ID: MDVSA-2009:072 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:072 %pre Some vulnerabilities were discovered and corrected in perl-MDK-Common: The functions used to write strings into shell like configuration files by Mandriva tools were not taking care of some special characters. This could lead to some bugs (like wireless keys containing certain characters not working), and privilege escalation. This update fixes that issue by ensuring proper protection of strings. The updated packages have been patched to correct these issues. %description Various simple functions created for DrakX %package libneon0.27 libneon0.27-devel libneon0.27-static-devel Update: Wed Mar 11 20:28:15 2009 Importance: security ID: MDVSA-2009:074 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:074 %pre A security vulnerability has been identified and fixed in neon: neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication and Digest domain parameter support (CVE-2008-3746). The updated packages have been upgraded to version 0.28.3 to prevent this. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package nspluginwrapper Update: Fri Mar 13 09:12:06 2009 Importance: bugfix ID: MDVA-2009:038 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:038 %pre Acroread would not react to keyboard input. This update also fixes non working Flash browser plugin using this wrapper in 64bits architecture. %description nspluginwrapper makes it possible to use Netscape 4 compatible plugins compiled for linux/i386 into Mozilla for another architecture, e.g. x86_64. This package consists in: * npviewer: the plugin viewer * npwrapper.so: the browser-side plugin * nspluginwrapper: a tool to manage plugins installation and update %package devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW galeon gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer xulrunner yelp Update: Fri Mar 13 18:42:47 2009 Importance: security ID: MDVSA-2009:075 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 %pre Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.7 (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777). This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring. Additionally some softwares has also been rebuilt against Mozilla Firefox 3.0.7 which should take care of upgrade problems. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package avahi avahi-dnsconfd avahi-python avahi-sharp avahi-sharp-doc avahi-x11 libavahi-client3 libavahi-client-devel libavahi-common3 libavahi-common-devel libavahi-compat-howl0 libavahi-compat-howl-devel libavahi-compat-libdns_sd1 libavahi-compat-libdns_sd-devel libavahi-core5 libavahi-core-devel libavahi-glib1 libavahi-glib-devel libavahi-gobject0 libavahi-gobject-devel libavahi-qt3_1 libavahi-qt3-devel libavahi-qt4_1 libavahi-qt4-devel libavahi-ui1 libavahi-ui-devel Update: Fri Mar 13 23:50:38 2009 Importance: security ID: MDVSA-2009:076 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:076 %pre A security vulnerability has been identified and fixed in avahi which could allow remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet (CVE-2009-0758). The updated packages have been patched to prevent this. %description Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in MacOS X (branded 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very convenient. %package clamav clamav-db clamav-milter clamd libclamav5 libclamav-devel Update: Wed Mar 18 14:14:20 2009 Importance: bugfix ID: MDVA-2009:018-1 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:018-1 %pre This update fixes several issues with clamav: - update unexpectely changes location of clamd socket (#46459) - clamav-milter was not built (#46555) - Clamav-milter wanted to remove postfix (#46556) - Scanning mail with clamav leaves a big temporary folder (#46642) - Build fails if invoked with --with milter, in a configure stage (#46554) - Jpeg parsing denial-of-service crash in clamav 0.94-1 and earlier (#46199) Update: The previous package introduced a patch that broke the clamav-milter, this update addresses this problem: - Bug 48633 - Fix for -Werror=format-security breaks clamav-milter %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package libmodprobe0 libmodprobe0-devel module-init-tools Update: Thu Mar 19 00:02:24 2009 Importance: bugfix ID: MDVA-2009:044 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:044 %pre This stable update fixes a bug in depmod which may cause the corruption of the modules.dep file when triggered. (#46884) %description This package contains a set of programs for loading, inserting, and removing kernel modules for Linux (versions 2.5.47 and above). It serves the same function that the "modutils" package serves for Linux 2.4. %package finch libfinch0 libpurple0 libpurple-devel pidgin pidgin-bonjour pidgin-client pidgin-gevolution pidgin-i18n pidgin-meanwhile pidgin-mono pidgin-perl pidgin-plugins pidgin-silc pidgin-tcl Update: Sat Mar 21 13:28:29 2009 Importance: bugfix ID: MDVA-2009:046 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:046 %pre Protocol changes on the ICQ servers made pidgin incompatible. This update upgrades pidgin to version 2.5.5 which will take care of this problem. %description Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. %package libpam0 libpam-devel pam pam-doc Update: Sat Mar 21 17:10:09 2009 Importance: security ID: MDVSA-2009:077 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:077 %pre A security vulnerability has been identified and fixed in pam: Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt (CVE-2009-0887). The updated packages have been patched to prevent this. Additionally some development packages were missing that are required to build pam for CS4, these are also provided with this update. %description PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication. %package evolution-data-server libcamel11 libcamel-provider11 libebook9 libecal7 libedata-book2 libedata-cal6 libedataserver9 libedataserver-devel libedataserverui8 libegroupwise13 libexchange-storage3 libgdata1 Update: Mon Mar 23 15:25:34 2009 Importance: security ID: MDVSA-2009:078 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:078 %pre A wrong handling of signed Secure/Multipurpose Internet Mail Extensions (S/MIME) e-mail messages enables attackers to spoof its signatures by modifying the latter copy (CVE-2009-0547). Crafted authentication challange packets (NT Lan Manager type 2) sent by a malicious remote mail server enables remote attackers either to cause denial of service and to read information from the process memory of the client (CVE-2009-0582). Multiple integer overflows in Base64 encoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0587). This update provides fixes for those vulnerabilities. Update: evolution-data-server packages from Mandriva Linux distributions 2008.1 and 2009.0 are not affected by CVE-2009-0587. %description Evolution Data Server provides a central location for your addressbook and calendar in the gnome desktop. %package libecpg8.3_6 libpq8.3_5 postgresql8.3 postgresql8.3-contrib postgresql8.3-devel postgresql8.3-docs postgresql8.3-pl postgresql8.3-plperl postgresql8.3-plpgsql postgresql8.3-plpython postgresql8.3-pltcl postgresql8.3-server Update: Mon Mar 23 15:39:07 2009 Importance: security ID: MDVSA-2009:079 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:079 %pre PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests (CVE-2009-0922). This update provides a fix for this vulnerability. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package glib2.0-common glib-gettextize libgio2.0_0 libglib2.0_0 libglib2.0-devel Update: Thu Mar 26 19:38:45 2009 Importance: security ID: MDVSA-2009:080 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:080 %pre Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input (CVE-2008-4316). This update provide the fix for that security issue. %description Glib is a handy library of utility functions. This C library is designed to solve some portability problems and provide other useful functionality which most programs require. Glib is used by GDK, GTK+ and many applications. You should install Glib because many of your applications will depend on this library. %package ftp-client-krb5 ftp-server-krb5 krb5 krb5-server krb5-workstation libkrb53 libkrb53-devel telnet-client-krb5 telnet-server-krb5 Update: Mon Mar 30 13:59:37 2009 Importance: security ID: MDVSA-2009:082 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:082 %pre The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845). This update provides the fix for that security issue. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package beagle beagle-crawl-system beagle-doc beagle-epiphany beagle-evolution beagle-gui mozilla-firefox-ext-beagle mozilla-thunderbird mozilla-thunderbird-af mozilla-thunderbird-be mozilla-thunderbird-beagle mozilla-thunderbird-bg mozilla-thunderbird-ca mozilla-thunderbird-cs mozilla-thunderbird-da mozilla-thunderbird-de mozilla-thunderbird-devel mozilla-thunderbird-el mozilla-thunderbird-en_GB mozilla-thunderbird-enigmail mozilla-thunderbird-enigmail-ar mozilla-thunderbird-enigmail-ca mozilla-thunderbird-enigmail-cs mozilla-thunderbird-enigmail-de mozilla-thunderbird-enigmail-el mozilla-thunderbird-enigmail-es mozilla-thunderbird-enigmail-es_AR mozilla-thunderbird-enigmail-fi mozilla-thunderbird-enigmail-fr mozilla-thunderbird-enigmail-hu mozilla-thunderbird-enigmail-it mozilla-thunderbird-enigmail-ja mozilla-thunderbird-enigmail-ko mozilla-thunderbird-enigmail-nb mozilla-thunderbird-enigmail-nl mozilla-thunderbird-enigmail-pl mozilla-thunderbird-enigmail-pt mozilla-thunderbird-enigmail-pt_BR mozilla-thunderbird-enigmail-ro mozilla-thunderbird-enigmail-ru mozilla-thunderbird-enigmail-sk mozilla-thunderbird-enigmail-sl mozilla-thunderbird-enigmail-sv mozilla-thunderbird-enigmail-tr mozilla-thunderbird-enigmail-zh_CN mozilla-thunderbird-enigmail-zh_TW mozilla-thunderbird-es_AR mozilla-thunderbird-es_ES mozilla-thunderbird-et_EE mozilla-thunderbird-eu mozilla-thunderbird-fi mozilla-thunderbird-fr mozilla-thunderbird-ga mozilla-thunderbird-gu_IN mozilla-thunderbird-he mozilla-thunderbird-hu mozilla-thunderbird-it mozilla-thunderbird-ja mozilla-thunderbird-ko mozilla-thunderbird-lt mozilla-thunderbird-mk mozilla-thunderbird-moztraybiff mozilla-thunderbird-nb_NO mozilla-thunderbird-nl mozilla-thunderbird-nn_NO mozilla-thunderbird-pa_IN mozilla-thunderbird-pl mozilla-thunderbird-pt_BR mozilla-thunderbird-pt_PT mozilla-thunderbird-ru mozilla-thunderbird-sk mozilla-thunderbird-sl mozilla-thunderbird-sv_SE mozilla-thunderbird-tr mozilla-thunderbird-uk mozilla-thunderbird-zh_CN mozilla-thunderbird-zh_TW nsinstall Update: Wed Apr 01 11:30:32 2009 Importance: security ID: MDVSA-2009:083 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 %pre A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionaly, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architechture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues. %description Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that makes emailing safer, faster and easier than ever before. %package devhelp devhelp-plugins epiphany epiphany-devel firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-ka firefox-kn firefox-ko firefox-ku firefox-lt firefox-lv firefox-mk firefox-mn firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-oc firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sr firefox-sv_SE firefox-te firefox-th firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW galeon gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gksu gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libdevhelp-1_0 libdevhelp-1-devel libgluezilla0 libxulrunner1.9 libxulrunner-devel libxulrunner-unstable-devel mozilla-firefox-ext-blogrovr mozilla-firefox-ext-foxmarks mozilla-firefox-ext-scribefire totem totem-common totem-gstreamer totem-mozilla totem-mozilla-gstreamer xulrunner yelp Update: Wed Apr 01 12:30:21 2009 Importance: security ID: MDVSA-2009:084 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:084 %pre Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8 (CVE-2009-1044, CVE-2009-1169). This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates. %description Help browser for GNOME 2 which supports docbook documents, info and man. %package gstreamer0.10-cdparanoia gstreamer0.10-gnomevfs gstreamer0.10-libvisual gstreamer0.10-plugins-base libgstreamer-plugins-base0.10 libgstreamer-plugins-base0.10-devel Update: Thu Apr 02 14:18:34 2009 Importance: security ID: MDVSA-2009:085 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:085 %pre Integer overflows in gstreamer0.10-plugins-base Base64 encoding and decoding functions (related with glib2.0 issue CVE-2008-4316) may lead attackers to cause denial of service. Altough vector attacks are not known yet (CVE-2009-0586). This update provide the fix for that security issue. %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of reference plugins, base classes for other plugins, and helper libraries: * device plugins: x(v)imagesink, alsa, v4lsrc, cdparanoia * containers: ogg * codecs: vorbis, theora * text: textoverlay, subparse * sources: audiotestsrc, videotestsrc, gnomevfssrc * network: tcp * typefind * audio processing: audioconvert, adder, audiorate, audioscale, volume * visualisation: libvisual * video processing: ffmpegcolorspace * aggregate elements: decodebin, playbin %package evolution evolution-devel evolution-mono evolution-pilot Update: Thu Apr 02 16:52:25 2009 Importance: bugfix ID: MDVA-2009:048 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:048 %pre This update prevents unwanted dependency with gpilotd (bug #46302). %description Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Fri Apr 03 21:23:20 2009 Importance: security ID: MDVSA-2009:087 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:087 %pre A security vulnerability has been identified and fixed in OpenSSL, which could crash applications using OpenSSL library when parsing malformed certificates (CVE-2009-0590). The updated packages have been patched to prevent this. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Fri Apr 03 21:23:56 2009 Importance: security ID: MDVSA-2009:087 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:087 %pre A security vulnerability has been identified and fixed in OpenSSL, which could crash applications using OpenSSL library when parsing malformed certificates (CVE-2009-0590). The updated packages have been patched to prevent this. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libtommath0 libtommath-devel libtommath-static-devel Update: Tue Apr 07 14:04:35 2009 Importance: bugfix ID: MDVA-2009:050 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:050 %pre The tommath library will be needed for future clamav updates. %description A free open source portable number theoretic multiple-precision integer library written entirely in C. (phew!). The library is designed to provide a simple to work with API that provides fairly efficient routines that build out of the box without configuration. %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Thu Apr 09 17:27:29 2009 Importance: security ID: MDVSA-2009:088 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:088 %pre Multiple vulnerabilities has been identified and corrected in wireshark: o The PROFINET dissector was vulnerable to a format string overflow (CVE-2009-1210). o The Check Point High-Availability Protocol (CPHAP) dissecto could crash (CVE-2009-1268). o Wireshark could crash while loading a Tektronix .rf5 file (CVE-2009-1269). This update provides Wireshark 1.0.7, which is not vulnerable to these issues. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package libopensc2 libopensc-devel mozilla-plugin-opensc opensc Update: Fri Apr 10 01:00:16 2009 Importance: security ID: MDVSA-2009:089 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:089 %pre OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. The updated packages fix the issue. %description opensc is a library for accessing smart card devices using PC/SC Lite middleware package. It is also the core library of the OpenSC project. Basic functionality (e.g. SELECT FILE, READ BINARY) should work on any ISO 7816-4 compatible smart card. Encryption and decryption using private keys on the SmartCard is at the moment possible only with PKCS #15 compatible cards. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Fri Apr 10 15:04:40 2009 Importance: security ID: MDVSA-2009:090 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:090 %pre A vulnerability has been found and corrected in PHP: The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function (CVE-2009-1271). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package apache-mod_perl apache-mod_perl-devel Update: Sun Apr 12 11:12:46 2009 Importance: security ID: MDVSA-2009:091 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:091 %pre A vulnerability has been found and corrected in mod_perl v1.x and v2.x: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI (CVE-2009-0796). The updated packages have been patched to correct these issues. %description apache-mod_perl incorporates a Perl interpreter into the apache web server, so that the Apache web server can directly execute Perl code. Mod_perl links the Perl runtime library into the apache web server and provides an object-oriented Perl interface for apache's C language API. The end result is a quicker CGI script turnaround process, since no external Perl interpreter has to be started. Install apache-mod_perl if you're installing the apache web server and you'd like for it to directly incorporate a Perl interpreter. You can build apache-mod_perl with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] debug Compile with debugging code (forces --with test) --with[out] test Initiate a Apache-Test run %package ntp ntp-client ntp-doc Update: Mon Apr 13 18:05:48 2009 Importance: security ID: MDVSA-2009:092 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:092 %pre A vulnerability has been found and corrected in ntp: Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution (CVE-2009-0159). The updated packages have been patched to correct this issue. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package libmpg123_0 libmpg123-devel mpg123 mpg123-arts mpg123-esd mpg123-jack mpg123-nas mpg123-portaudio mpg123-pulse mpg123-sdl Update: Wed Apr 22 06:58:44 2009 Importance: security ID: MDVSA-2009:093 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:093 %pre A vulnerability has been found and corrected in mpg123: Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information (CVE-2009-1301). The updated packages have been patched to correct this issue. %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Wed Apr 22 15:28:37 2009 Importance: security ID: MDVSA-2009:094 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 %pre Multiple vulnerabilities has been found and corrected in mysql: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement (CVE-2008-3963). MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079 (CVE-2008-4097). MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097 (CVE-2008-4098). Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document (CVE-2008-4456). bugs in the Mandriva Linux 2008.1 packages that has been fixed: o upstream fix for mysql bug35754 (#38398, #44691) o fix #46116 (initialization file mysqld-max don't show correct application status) o fix upstream bug 42366 bugs in the Mandriva Linux 2009.0 packages that has been fixed: o upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097, CVE-2008-4098) o no need to workaround #38398, #44691 anymore (since 5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file mysqld-max don't show correct application status) o sphinx-0.9.8.1 bugs in the Mandriva Linux Corporate Server 4 packages that has been fixed: o fix upstream bug 42366 o fix #46116 (initialization file mysqld-max don't show correct application status) The updated packages have been patched to correct these issues. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License. You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package ghostscript ghostscript-common ghostscript-doc ghostscript-dvipdf ghostscript-module-X ghostscript-X libgs8 libgs8-devel libijs1 libijs1-devel Update: Fri Apr 24 17:39:01 2009 Importance: security ID: MDVSA-2009:095 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 %pre A buffer underflow in Ghostscript's CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file (CVE-2007-6725). Buffer overflow in Ghostscript's BaseFont writer module allows remote attackers to cause a denial of service and possibly to execute arbitrary code via a crafted Postscript file (CVE-2008-6679). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images (CVE-2009-0583, CVE-2009-0584). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 (CVE-2009-0792). Heap-based overflow in Ghostscript's JBIG2 decoding library allows attackers to cause denial of service and possibly to execute arbitrary code by using a crafted PDF file (CVE-2009-0196). This update provides fixes for that vulnerabilities. Update: gostscript packages from Mandriva Linux 2009.0 distribution are not affected by CVE-2007-6725. %description Ghostscript is a set of software tools that provide a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped and vector formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. You should install ghostscript if you need to display PostScript or PDF files, or if you have a non-PostScript printer. %package clamav clamav-db clamav-milter clamd libclamav6 libclamav-devel Update: Fri Apr 24 20:43:28 2009 Importance: security ID: MDVSA-2009:097 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:097 %pre Multiple vulnerabilities has been found and corrected in clamav: Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive (CVE-2009-1241). libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error (CVE-2008-6680). libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang (CVE-2009-1270). The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding (CVE-2009-1371). Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL (CVE-2009-1372). Important notice about this upgrade: clamav-0.95+ bundles support for RAR v3 in libclamav which is a license violation as the RAR v3 license and the GPL license is not compatible. As a consequence to this Mandriva has been forced to remove the RAR v3 code. This update provides clamav 0.95.1, which is not vulnerable to these issues. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package ftp-client-krb5 ftp-server-krb5 krb5 krb5-server krb5-workstation libkrb53 libkrb53-devel telnet-client-krb5 telnet-server-krb5 Update: Mon Apr 27 15:03:21 2009 Importance: security ID: MDVSA-2009:098 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:098 %pre Multiple vulnerabilities has been found and corrected in krb5: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read (CVE-2009-0844). The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer (CVE-2009-0846). The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic (CVE-2009-0847). The updated packages have been patched to correct these issues. Update: krb5 packages for Mandriva Linux Corporate Server 3 and 4 are not affected by CVE-2009-0844 and CVE-2009-0845 %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package dkms-libafs libopenafs1 libopenafs-devel openafs openafs-client openafs-doc openafs-server Update: Mon Apr 27 22:05:50 2009 Importance: security ID: MDVSA-2009:099 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:099 %pre Multiple vulnerabilities has been found and corrected in openafs: The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro (CVE-2009-1250). Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays (CVE-2009-1251). The updated packages have been patched to correct these issues. %description AFS is a distributed filesystem allowing cross-platform sharing of files among multiple computers. Facilities are provided for access control, authentication, backup and administrative management. This package provides common files shared across all the various OpenAFS packages but are not necessarily tied to a client or server. %package xpdf xpdf-common Update: Tue Apr 28 21:49:09 2009 Importance: security ID: MDVSA-2009:101 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:101 %pre Multiple buffer overflows in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0146). Multiple integer overflows in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0147). An integer overflow in the JBIG2 decoder has unspecified impact. (CVE-2009-0165). A free of uninitialized memory flaw in the the JBIG2 decoder allows remote to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0166). Multiple input validation flaws in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-0800). An out-of-bounds read flaw in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0799). An integer overflow in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-1179). A free of invalid data flaw in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180). A NULL pointer dereference flaw in the JBIG2 decoder allows remote attackers to cause denial of service (crash) via a crafted PDF file (CVE-2009-1181). Multiple buffer overflows in the JBIG2 MMR decoder allows remote attackers to cause denial of service or to execute arbitrary code via a crafted PDF file (CVE-2009-1182, CVE-2009-1183). This update provides fixes for that vulnerabilities. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package libvolume_id0 libvolume_id0-devel udev udev-doc udev-tools Update: Fri May 01 01:52:56 2009 Importance: security ID: MDVSA-2009:103 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:103 %pre Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space (CVE-2009-1185). Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments (CVE-2009-1186). The updated packages have been patched to prevent this. %description Udev is an implementation of devfs/devfsd in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly. Like devfs, udev dynamically creates and removes device nodes from /dev/. It responds to /sbin/hotplug device events. %package libSDL1.2_0 libSDL-devel Update: Mon May 04 21:37:30 2009 Importance: bugfix ID: MDVA-2009:058 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:058 %pre The SDL12 package shipped in 2008.1 and 2009.0 have a bug which will cause segment fault error on some games such as ri-li. %description This is the Simple DirectMedia Layer, a generic API that provides low level access to audio, keyboard, mouse, and display framebuffer across multiple platforms. %package libwmf0.2_7 libwmf0.2_7-devel libwmf Update: Tue May 05 20:50:07 2009 Importance: security ID: MDVSA-2009:106 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:106 %pre Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364). The updated packages have been patched to prevent this. %description libwmf is a library for unix like machines that can convert wmf files into other formats, currently it supports a gd binding to convert to gif, and an X one to draw direct to an X window or pixmap. %package dkms-fuse fuse libfuse2 libfuse-devel libfuse-static-devel Update: Wed May 06 13:32:31 2009 Importance: bugfix ID: MDVA-2009:104 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:104 %pre FUSE default setup was requiring non privileged users to be added manually to fuse group to be able to use fuse feature and this feature was not available immediatly after fuse package installation. This package updates ensure fuse is now immediatly available after package installation and for all users on the system. %description FUSE (Filesystem in USErspace) is a simple interface for userspace programs to export a virtual filesystem to the linux kernel. FUSE also aims to provide a secure method for non privileged users to create and mount their own filesystem implementations. %package acpid Update: Wed May 06 21:40:31 2009 Importance: security ID: MDVSA-2009:107 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:107 %pre The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop (CVE-2009-0798). The updated packages have been patched to prevent this. %description The ACPI specification defines power and system management functions for each computer, in a generic manner. The ACPI daemon coordinates the management of power and system functions when ACPI kernel support is enabled (kernel 2.3.x or later). %package zsh zsh-doc Update: Thu May 07 11:53:01 2009 Importance: security ID: MDVSA-2009:108 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:108 %pre A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service (zsh crash), when providing a specially-crafted string as input to the zsh shell (CVE-2009-1214, CVE-2009-1215). The updated packages have been patched to prevent this. %description Zsh is a UNIX command interpreter (shell) usable as an interactive login shell and as a shell script command processor. Of the standard shells, zsh most closely resembles ksh but includes many enhancements. Zsh has command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and a lots of other features Install the zsh package if you'd like to try out a different shell. %package flex ipsec-tools libipsec0 libipsec-devel Update: Wed May 13 20:33:14 2009 Importance: security ID: MDVSA-2009:112 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:112 %pre racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference (CVE-2009-1574). Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous bugfixes over the previous 0.7.1 version, and also corrects this issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been patched to address this issue. Additionally the flex package required for building ipsec-tools has been fixed due to ipsec-tools build problems and is also available with this update. %description This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.6 and above kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon %package cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-ldapdb libsasl2-plug-login libsasl2-plug-ntlm libsasl2-plug-otp libsasl2-plug-plain libsasl2-plug-sasldb libsasl2-plug-sql Update: Mon May 18 10:55:17 2009 Importance: security ID: MDVSA-2009:113 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:113 %pre Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c (CVE-2009-0688). The updated packages have been patched to prevent this. %description SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. To actually use SASL you must install at least one of the libsasl2-plug-XXXX authentication plugin, such as libsasl2-plug-plain. The SQL auxprop plugin can be rebuild with different database backends: --with srp SRP support (disabled) --with mysql MySQL support (enabled) --with pgsql Postgres SQL support (disabled) --with sqlite SQLite support (disabled) %package gnutls libgnutls26 libgnutls-devel Update: Mon May 18 14:06:18 2009 Importance: security ID: MDVSA-2009:116 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 %pre Multiple vulnerabilities has been found and corrected in gnutls: lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415). lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416). gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). The updated packages have been patched to prevent this. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package gnutls libgnutls26 libgnutls-devel Update: Mon May 18 14:06:39 2009 Importance: security ID: MDVSA-2009:116 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 %pre Multiple vulnerabilities has been found and corrected in gnutls: lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free (CVE-2009-1415). lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key (CVE-2009-1416). gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). The updated packages have been patched to prevent this. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package ntp ntp-client ntp-doc Update: Tue May 19 13:36:52 2009 Importance: security ID: MDVSA-2009:117 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:117 %pre A vulnerability has been found and corrected in ntp: A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd (CVE-2009-1252). The updated packages have been patched to prevent this. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package drakguard Update: Thu May 21 05:08:55 2009 Importance: bugfix ID: MDVA-2009:079 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:079 %pre Parental control application available in Mandriva Linux was not detecting the previously configured parental control level correctly. This update fixes this issue. %description This tool allows to configure parental control. It can block access to web sites and restrict connection during a specified timeframe. %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Thu May 21 15:01:45 2009 Importance: security ID: MDVSA-2009:120 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 %pre Multiple security vulnerabilities has been identified and fixed in OpenSSL: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) The updated packages have been patched to prevent this. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package lcms liblcms1 liblcms-devel python-lcms Update: Thu May 21 20:09:51 2009 Importance: security ID: MDVSA-2009:121 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 %pre Multiple security vulnerabilities has been identified and fixed in Little cms: A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). This update provides fixes for these issues. %description Little cms is a color management library. Implements fast transforms between ICC profiles. It is focused on speed, and is portable across several platforms. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-prefork apache-mpm-worker apache-source Update: Sun May 31 14:07:24 2009 Importance: security ID: MDVSA-2009:124 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 %pre Multiple vulnerabilities has been found and corrected in apache: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). This update provides fixes for these vulnerabilities. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools Update: Sun May 31 18:48:24 2009 Importance: security ID: MDVSA-2009:125 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:125 %pre A vulnerability has been identified and corrected in wireshark: o Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets (CVE-2009-1829). This update provides Wireshark 1.0.8, which is not vulnerable to this issue. %description Wireshark is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. Wireshark is a fork of Ethereal(tm) %package eggdrop Update: Mon Jun 01 22:03:40 2009 Importance: security ID: MDVSA-2009:126 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:126 %pre mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807 (CVE-2009-1789). %description Eggdrop is an IRC bot, written in C. If you don't know what IRC is, this is probably not whatever you're looking for! Eggdrop, being a bot, sits on a channel and takes protective measures: to keep the channel from being taken over (in the few ways that anything CAN), to recognize banished users or sites and reject them, to recognize privileged users and let them gain ops, etc. %package libmodplug0 libmodplug0-devel Update: Thu Jun 04 16:12:37 2009 Importance: security ID: MDVSA-2009:128 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:128 %pre Multiple security vulnerabilities has been identified and fixed in libmodplug: Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow (CVE-2009-1438). Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name (CVE-2009-1513). The updated packages have been patched to prevent this. %description Olivier Lapicque, author of Modplug, which is arguably the best quality MOD-playing software available, has placed his sound rendering code in the public domain. This library and plugin is based on that code. It can play 22 different mod formats, including: MOD, S3M, XM, IT, 669, AMF (both of them), AMS, DBM, DMF, DSM, FAR, MDL, MED, MTM, OKT, PTM, STM, ULT, UMX, MT2, PSM %package gstreamer0.10-aalib gstreamer0.10-caca gstreamer0.10-dv gstreamer0.10-esound gstreamer0.10-flac gstreamer0.10-plugins-good gstreamer0.10-raw1394 gstreamer0.10-speex gstreamer0.10-wavpack Update: Fri Jun 05 19:35:39 2009 Importance: security ID: MDVSA-2009:130 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:130 %pre Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow (CVE-2009-1932). %description GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of plug-ins that are considered to have good quality code, correct functionality, the preferred license (LGPL for the plug-in code, LGPL or LGPL-compatible for the supporting library). People writing elements should base their code on these elements. %package apr-util-dbd-mysql apr-util-dbd-pgsql apr-util-dbd-sqlite3 libapr-util1 libapr-util-devel Update: Sat Jun 06 21:15:44 2009 Importance: security ID: MDVSA-2009:131 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:131 %pre Multiple security vulnerabilities has been identified and fixed in apr-util: The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, related to an underflow flaw. (CVE-2009-0023). The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564 (CVE-2009-1955). Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input (CVE-2009-1956). The updated packages have been patched to prevent this. %description The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. %package libsndfile1 libsndfile-devel libsndfile-progs libsndfile-static-devel Update: Sun Jun 07 15:10:54 2009 Importance: security ID: MDVSA-2009:132 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:132 %pre Multiple vulnerabilities has been found and corrected in libsndfile: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value (CVE-2009-1788). Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value (CVE-2009-1791). This update provides fixes for these vulnerabilities. %description libsndfile is a C library for reading and writing sound files such as AIFF, AU and WAV files through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32-bit floating point WAV files and a number of compressed formats. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-prefork apache-mpm-worker apache-source Update: Wed Jun 10 15:12:23 2009 Importance: bugfix ID: MDVA-2009:095 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:095 %pre The CVE-2009-1195 patch broke the mod_perl build. Patches from upstream svn has been applied to this update that fixes the issue. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package perl-MDK-Common Update: Wed Jun 10 17:30:47 2009 Importance: bugfix ID: MDVA-2009:096 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:096 %pre Mandriva system library (perl-MDK-Common) was not handling configuration files that had '#' character inside parameters correctly. This update fixes the issue. %description Various simple functions created for DrakX %package ntp ntp-client ntp-doc Update: Wed Jun 10 19:54:07 2009 Importance: bugfix ID: MDVA-2009:099 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:099 %pre This bugfix release makes it possible to pass additional options to the ntpdate utility and for the releases lacking it the ntpd server by utilizing the /etc/sysconfig/ntpd file while starting the ntp service. %description The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons which will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. Ntp includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol. Note: Primary, original, big, HTML documentation, is in the package ntp-doc. %package clamav clamav-db clamav-milter clamd libclamav6 libclamav-devel Update: Thu Jun 11 15:48:40 2009 Importance: bugfix ID: MDVA-2009:100 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:100 %pre This bugfix release makes it possible to pass additional options to the freshclam utility and the clamd server by utilizing the /etc/sysconfig/freshclam and /etc/sysconfig/clamd files while starting the services. The clamav packages has also been upgraded to the latest version 0.95.2 that also has a number of upstream fixes. %description Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail seversions (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. You can build clamav with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] milter Build clamav-milter (disabled) %package irssi irssi-devel irssi-perl Update: Tue Jun 16 12:53:42 2009 Importance: security ID: MDVSA-2009:133 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:133 %pre A vulnerability has been found and corrected in irssi: Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow (CVE-2009-1959). This update provides fixes for this vulnerability. %description Irssi is a modular and flexible IRC client for UNIX that has only a text mode user interface (but as 80-90% of the code isn't text mode specific, other UIs could be created pretty easily). Also, Irssi isn't really even IRC specific anymore, there are already working SILC and ICB modules available. Support for other protocols like ICQ and Jabber could be created some day too. Irssi is one of the most popular IRC clients at the moment. %package tomcat5 tomcat5-admin-webapps tomcat5-common-lib tomcat5-jasper tomcat5-jasper-eclipse tomcat5-jasper-javadoc tomcat5-jsp-2.0-api tomcat5-jsp-2.0-api-javadoc tomcat5-server-lib tomcat5-servlet-2.4-api tomcat5-servlet-2.4-api-javadoc tomcat5-webapps Update: Mon Jun 22 22:41:16 2009 Importance: security ID: MDVSA-2009:136 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 %pre Multiple security vulnerabilities has been identified and fixed in tomcat5: When Tomcat's WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned to the client (CVE-2007-5461). Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests, as demonstrated by using netcat to send the empty request (CVE-2007-6286). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580). The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783). The updated packages have been patched to prevent this. %description Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. %package Update: Fri Jun 26 15:50:55 2009 Importance: security ID: MDVSA-2009:083 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 %pre A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionaly, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architechture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues. %description %package jasper libjasper1 libjasper1-devel libjasper1-static-devel Update: Fri Jun 26 20:51:54 2009 Importance: security ID: MDVSA-2009:142 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 %pre Multiple security vulnerabilities has been identified and fixed in jasper: The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert (CVE-2007-2721). Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). The jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). The updated packages have been patched to prevent this. %description JasPer is a software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard (i.e., ISO/IEC 15444-1). This package contains tools for working with JPEG-2000 images. %package ghostscript ghostscript-common ghostscript-doc ghostscript-dvipdf ghostscript-module-X ghostscript-X libgs8 libgs8-devel libijs1 libijs1-devel Update: Sat Jun 27 17:53:37 2009 Importance: security ID: MDVSA-2009:144 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 %pre Multiple security vulnerabilities has been identified and fixed in ghostscript: Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. %description Ghostscript is a set of software tools that provide a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped and vector formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. You should install ghostscript if you need to display PostScript or PDF files, or if you have a non-PostScript printer. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Sun Jun 28 16:37:04 2009 Importance: security ID: MDVSA-2009:145 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:145 %pre A vulnerability has been found and corrected in PHP: - Fixed upstream bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). The updated packages have been patched to correct these issues. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package imap imap-devel imap-utils libc-client-php0 libc-client-php-devel Update: Mon Jun 29 15:10:24 2009 Importance: security ID: MDVSA-2009:146 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:146 %pre Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program (CVE-2008-5005). smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code (CVE-2008-5006). Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow (CVE-2008-5514). The updated packages have been patched to prevent this. Note that the software was renamed to c-client starting from Mandriva Linux 2009.0 and only provides the shared c-client library for the imap functions in PHP. %description The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. The POP protocol uses a "post office" machine to collect mail for users and allows users to download their mail to their local machine for reading. The IMAP protocol provides the functionality of POP, but allows a user to read mail on a remote machine without downloading it to their local machine. Install the imap package if you need a server to support the IMAP or the POP mail access protocols. %package timezone timezone-java Update: Mon Jun 29 16:19:11 2009 Importance: normal ID: MDVA-2009:122 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:122 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-prefork apache-mpm-worker apache-source Update: Wed Jul 08 01:17:13 2009 Importance: security ID: MDVSA-2009:124-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:124-1 %pre Multiple vulnerabilities has been found and corrected in apache: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). This update provides fixes for these vulnerabilities. Update: The patch for fixing CVE-2009-1195 for Mandriva Linux 2008.1 was incomplete, this update addresses the problem. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-prefork apache-mpm-worker apache-source Update: Thu Jul 09 13:58:40 2009 Importance: security ID: MDVSA-2009:149 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:149 %pre Multiple vulnerabilities has been found and corrected in apache: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). This update provides fixes for these vulnerabilities. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-prefork apache-mpm-worker apache-source Update: Thu Jul 09 14:00:20 2009 Importance: security ID: MDVSA-2009:149 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:149 %pre Multiple vulnerabilities has been found and corrected in apache: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). This update provides fixes for these vulnerabilities. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Update: Mon Jul 13 19:25:59 2009 Importance: security ID: MDVSA-2009:150 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:150 %pre Multiple vulnerabilities has been found and corrected in libtiff: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package dhcp-client dhcp-common dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Wed Jul 15 19:29:11 2009 Importance: security ID: MDVSA-2009:151 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:151 %pre A vulnerability has been found and corrected in ISC DHCP: Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option (CVE-2009-0692). This update provides fixes for this vulnerability. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package libpulseaudio0 libpulseaudio-devel libpulsecore5 libpulseglib20 libpulsezeroconf0 pulseaudio pulseaudio-esound-compat pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils Update: Fri Jul 17 14:18:02 2009 Importance: security ID: MDVSA-2009:152 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:152 %pre A vulnerability has been found and corrected in pulseaudio: Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link (CVE-2009-1894). This update provides fixes for this vulnerability. %description pulseaudio is a sound server for Linux and other Unix like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (EsounD). In addition to the features EsounD provides pulseaudio has: * Extensible plugin architecture (by loading dynamic loadable modules with dlopen()) * Support for more than one sink/source * Better low latency behaviour * Embedabble into other software (the core is available as C library) * Completely asynchronous C API * Simple command line interface for reconfiguring the daemon while running * Flexible, implicit sample type conversion and resampling * "Zero-Copy" architecture * Module autoloading * Very accurate latency measurement for playback and recording. * May be used to combine multiple sound cards to one (with sample rate adjustment) * Client side latency interpolation %package libpulseaudio0 libpulseaudio-devel libpulsecore5 libpulseglib20 libpulsezeroconf0 pulseaudio pulseaudio-esound-compat pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils Update: Fri Jul 17 14:25:03 2009 Importance: security ID: MDVSA-2009:152 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:152 %pre A vulnerability has been found and corrected in pulseaudio: Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link (CVE-2009-1894). This update provides fixes for this vulnerability. %description pulseaudio is a sound server for Linux and other Unix like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (EsounD). In addition to the features EsounD provides pulseaudio has: * Extensible plugin architecture (by loading dynamic loadable modules with dlopen()) * Support for more than one sink/source * Better low latency behaviour * Embedabble into other software (the core is available as C library) * Completely asynchronous C API * Simple command line interface for reconfiguring the daemon while running * Flexible, implicit sample type conversion and resampling * "Zero-Copy" architecture * Module autoloading * Very accurate latency measurement for playback and recording. * May be used to combine multiple sound cards to one (with sample rate adjustment) * Client side latency interpolation %package dhcp-client dhcp-common dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Fri Jul 17 19:38:35 2009 Importance: security ID: MDVSA-2009:153 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:153 %pre A vulnerability has been found and corrected in ISC DHCP: Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients (CVE-2007-0062). This update provides fixes for this vulnerability. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package dhcp-client dhcp-common dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Sun Jul 19 15:57:36 2009 Importance: security ID: MDVSA-2009:154 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:154 %pre A vulnerability has been found and corrected in ISC DHCP: ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). This update provides fixes for this vulnerability. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package dhcp-client dhcp-common dhcp-devel dhcp-doc dhcp-relay dhcp-server Update: Sun Jul 19 16:11:00 2009 Importance: security ID: MDVSA-2009:154 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:154 %pre A vulnerability has been found and corrected in ISC DHCP: ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). This update provides fixes for this vulnerability. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package perl-Compress-Raw-Zlib Update: Sun Jul 19 22:43:32 2009 Importance: security ID: MDVSA-2009:157 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:157 %pre A vulnerability has been found and corrected in perl-Compress-Raw-Zlib: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009 (CVE-2009-1391). This update provides fixes for this vulnerability. %description Low-Level Interface to zlib compression library. %package libpango1.0_0 libpango1.0_0-modules libpango1.0-devel pango pango-doc Update: Thu Jul 23 23:57:27 2009 Importance: security ID: MDVA-2009:158 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:158 %pre Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. %description A library to handle unicode strings as well as complex bidirectional or context dependent shaped strings. It is the next step on Gtk+ internationalization. %package libmysql15 libmysql-devel libmysql-static-devel mysql mysql-bench mysql-client mysql-common mysql-doc mysql-max mysql-ndb-extra mysql-ndb-management mysql-ndb-storage mysql-ndb-tools Update: Mon Jul 27 14:06:18 2009 Importance: security ID: MDVSA-2009:159 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:159 %pre A vulnerability has been found and corrected in mysql: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information (CVE-2009-2446). This update provides fixes for this vulnerability. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License. You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package ruby ruby-devel ruby-doc ruby-tk Update: Mon Jul 27 21:25:32 2009 Importance: security ID: MDVSA-2009:160 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:160 %pre The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package squid squid-cachemgr Update: Mon Jul 27 22:39:07 2009 Importance: security ID: MDVSA-2009:161 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 %pre Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses. Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses. This update provides fixes for these vulnerabilities. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. %package initscripts Update: Tue Jul 28 22:05:00 2009 Importance: security ID: MDVSA-2009:170 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:170 %pre Mandriva Security team has identified and fixed a vulnerability in initscripts which could lead to partial wireless password disclosure for WPA/WPA2 passwords of certain length which contained spaces. This update fixes the vulnerability. %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package initscripts Update: Tue Jul 28 22:06:48 2009 Importance: security ID: MDVSA-2009:170 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:170 %pre Mandriva Security team has identified and fixed a vulnerability in initscripts which could lead to partial wireless password disclosure for WPA/WPA2 passwords of certain length which contained spaces. This update fixes the vulnerability. %description The initscripts package contains the basic system scripts used to boot your Mandriva Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package bind bind-devel bind-doc bind-utils Update: Wed Jul 29 19:36:07 2009 Importance: security ID: MDVSA-2009:181 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:181 %pre A vulnerability has been found and corrected in ISC BIND: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009 (CVE-2009-0696). This update provides fixes for this vulnerability. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the \$GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. Build Options: --without sdb_ldap Build without ldap simple database support (enabled per default) --with sdb_mysql Build with MySQL database support (disables ldap support, it's either way.) --with geoip Build with GeoIP support (disabled per default) %package apache-mod_auth_mysql Update: Sat Aug 01 13:16:14 2009 Importance: security ID: MDVSA-2009:189 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:189 %pre A vulnerability has been found and corrected in mod_auth_mysql: SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input (CVE-2008-2384). This update provides fixes for this vulnerability. %description mod_auth_mysql is an Apache module to authenticate users and authorize access through a MySQL database. It is flexible and support several encryption methods. %package libOpenEXR6 libOpenEXR-devel OpenEXR Update: Sun Aug 02 21:09:21 2009 Importance: security ID: MDVSA-2009:190 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:190 %pre Multiple vulnerabilities has been found and corrected in OpenEXR: Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information (CVE-2009-1720). The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer (CVE-2009-1721). This update provides fixes for these vulnerabilities. %description Industrial Light & Magic developed the OpenEXR format in response to the demand for higher color fidelity in the visual effects industry. %package ruby ruby-devel ruby-doc ruby-tk Update: Wed Aug 05 21:53:07 2009 Importance: security ID: MDVSA-2009:193 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:193 %pre ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. This update corrects the problem, including for older ruby versions. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package apr-util-dbd-mysql apr-util-dbd-pgsql apr-util-dbd-sqlite3 libapr1 libapr-devel libapr-util1 libapr-util-devel Update: Thu Aug 06 13:38:29 2009 Importance: security ID: MDVSA-2009:195 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:195 %pre A vulnerability has been identified and corrected in apr and apr-util: Fix potential overflow in pools (apr) and rmm (apr-util), where size alignment was taking place (CVE-2009-2412). This update provides fixes for these vulnerabilities. %description The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. %package squid squid-cachemgr Update: Sat Aug 08 10:46:46 2009 Importance: security ID: MDVSA-2009:178-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:178-1 %pre Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses (CVE-2009-2621). Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses (CVE-2009-2622). This update provides fixes for these vulnerabilities. Update: Additional upstream security patches were applied: Debug warnings fills up the logs. Upstream Bug 2728: regression: assertion failed: http.cc:705: !eof %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. %package squid squid-cachemgr Update: Sat Aug 08 10:54:47 2009 Importance: security ID: MDVSA-2009:178-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:178-1 %pre Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses (CVE-2009-2621). Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses (CVE-2009-2622). This update provides fixes for these vulnerabilities. Update: Additional upstream security patches were applied: Debug warnings fills up the logs. Upstream Bug 2728: regression: assertion failed: http.cc:705: !eof %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. %package squid squid-cachemgr Update: Sat Aug 08 11:03:02 2009 Importance: security ID: MDVSA-2009:161-1 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:161-1 %pre Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses (CVE-2009-2621). Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses (CVE-2009-2622). This update provides fixes for these vulnerabilities. Update: Additional upstream security patches were applied: Debug warnings fills up the logs. Upstream Bug 2728: regression: assertion failed: http.cc:705: !eof %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. This package defaults to a maximum of 1024 filedescriptors. You can change these values at build time by using for example: --define 'maxfiles 4096' The package was built to support a maximum of 1024 filedescriptors. %package apache-mod_dav_svn apache-mod_dontdothat libsvn0 perl-SVN perl-SVN-devel python-svn python-svn-devel ruby-svn ruby-svn-devel subversion subversion-devel subversion-doc subversion-server subversion-tools svn-javahl svn-javahl-javadoc Update: Sat Aug 08 22:11:46 2009 Importance: security ID: MDVSA-2009:199 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:199 %pre A vulnerability has been found and corrected in subversion: Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412 (CVE-2009-2411). This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed. %description Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion also keeps a log of who, when, and why changes occured. As such it basically does the same thing CVS does (Concurrent Versioning System) but has major enhancements compared to CVS and fixes a lot of the annoyances that CVS users face. This package contains the client, if you're looking for the server end of things you want subversion-repos. %package libxml1 libxml1-devel libxml2_2 libxml2-devel libxml2-python libxml2-utils Update: Wed Aug 12 13:25:36 2009 Importance: security ID: MDVSA-2009:200 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:200 %pre Multiple vulnerabilities has been found and corrected in libxml: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2414). Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). This update provides a solution to these vulnerabilities. %description This library allows you to manipulate XML files. It includes support for reading, modifying and writing XML and HTML files. There is DTDs support: this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM-like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to a URI library. %package fetchmail fetchmailconf fetchmail-daemon Update: Wed Aug 12 18:59:32 2009 Importance: security ID: MDVSA-2009:201 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:201 %pre A vulnerability has been found and corrected in fetchmail: socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2666). This update provides a solution to this vulnerability. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package Update: Fri Aug 14 17:07:12 2009 Importance: security ID: MDVSA-2009:202 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:202 %pre A vulnerability has been found and corrected in memcached: Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows (CVE-2009-2415). This update provides a solution to this vulnerability. Additionally memcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5 that contains a number of upstream fixes, the repcached patch has been upgraded to 2.2 as well. %description %package curl curl-examples libcurl4 libcurl-devel Update: Sat Aug 15 14:46:56 2009 Importance: security ID: MDVSA-2009:203 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:203 %pre A vulnerability has been found and corrected in curl: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2417). This update provides a solution to this vulnerability. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. This version is compiled with SSL (https) support. %package libwxgtk2.6 libwxgtk2.6-devel libwxgtk2.8 libwxgtk2.8-devel libwxgtkgl2.6 libwxgtkgl2.8 libwxgtkglu2.6 libwxgtkglu2.8 libwxgtku2.6 libwxgtku2.6-devel libwxgtku2.8 libwxgtku2.8-devel wxGTK2.6 wxgtk2.8 Update: Sun Aug 16 22:57:20 2009 Importance: security ID: MDVSA-2009:204 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:204 %pre A vulnerability has been found and corrected in wxgtk: Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information (CVE-2009-2369). This update provides a solution to this vulnerability. %description wxWidgets is a free C++ library for cross-platform GUI development. With wxWidgets, you can create applications for different GUIs (GTK+, Motif/LessTif, MS Windows, Mac) from the same source code. %package wget Update: Tue Aug 18 22:13:07 2009 Importance: security ID: MDVSA-2009:206 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:206 %pre A vulnerability has been found and corrected in wget: SUSE discovered a security issue in wget related to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 This update provides a solution to this vulnerability. %description GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. %package libgadu3 libgadu-devel Update: Thu Aug 20 16:24:16 2009 Importance: security ID: MDVSA-2009:208 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:208 %pre A vulnerability has been found and corrected in libgadu: libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read (CVE-2008-4776). This update provides a solution to this vulnerability. %description The libgadu is intended to make it easy to add Gadu-Gadu communication support to your software. %package gnutls libgnutls26 libgnutls-devel Update: Fri Aug 21 02:19:44 2009 Importance: security ID: MDVSA-2009:210 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:210 %pre A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). This update fixes this vulnerability. %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. %package expat libexpat1 libexpat1-devel Update: Sun Aug 23 16:19:10 2009 Importance: security ID: MDVSA-2009:211 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:211 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. %description Expat is an XML 1.0 parser written in C by James Clark. It aims to be fully conforming. It is currently not a validating XML parser. %package libpython2.5 libpython2.5-devel python python-base python-docs tkinter tkinter-apps Update: Sun Aug 23 16:53:25 2009 Importance: security ID: MDVSA-2009:212 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:212 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package libpython2.5 libpython2.5-devel python python-base python-docs tkinter tkinter-apps Update: Sun Aug 23 16:53:45 2009 Importance: security ID: MDVSA-2009:212 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:212 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package libwxgtk2.6 libwxgtk2.6-devel libwxgtk2.8 libwxgtk2.8-devel libwxgtkgl2.6 libwxgtkgl2.8 libwxgtkglu2.6 libwxgtkglu2.8 libwxgtku2.6 libwxgtku2.6-devel libwxgtku2.8 libwxgtku2.8-devel wxGTK2.6 wxgtk2.8 Update: Sun Aug 23 17:43:31 2009 Importance: security ID: MDVSA-2009:213 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:213 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description wxWidgets is a free C++ library for cross-platform GUI development. With wxWidgets, you can create applications for different GUIs (GTK+, Motif/LessTif, MS Windows, Mac) from the same source code. %package python-celementtree Update: Sun Aug 23 19:25:07 2009 Importance: security ID: MDVSA-2009:214 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:214 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description This is an add-on to the standard ElementTree package, which adds a very fast and memory-efficient alternative implementation of the ElementTree API. %package w3c-libwww w3c-libwww-apps w3c-libwww-devel Update: Mon Aug 24 14:30:20 2009 Importance: security ID: MDVSA-2009:218 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:218 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description Libwww is a general-purpose Web API written in C for Unix and Windows (Win32). With a highly extensible and layered API, it can accommodate many different types of applications including clients, robots, etc. The purpose of libwww is to provide a highly optimized HTTP sample implementation as well as other Internet protocols and to serve as a testbed for protocol experiments. See: http://www.w3.org/Consortium/Legal/copyright-software.html for further information on its license. %package davfs Update: Mon Aug 24 18:07:09 2009 Importance: security ID: MDVSA-2009:220 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:220 %pre A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. %description WebDAV is an acronym for Web-based Distributed Authoring and Versioning. Usually http is a read only protocol, but if you install DAV on your web server, it becomes writable. Furthermore, if you use DAVfs, you can mount your web server onto your filesystem and can use it as a normal disk. %package libneon0.27 libneon0.27-devel libneon0.27-static-devel Update: Mon Aug 24 22:07:00 2009 Importance: security ID: MDVSA-2009:221 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:221 %pre Multiple vulnerabilities has been found and corrected in libneon0.27: neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564 (CVE-2009-2473). neon before 0.28.6, when OpenSSL is used, does not properly handle a '\0' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2474). This update provides a solution to these vulnerabilities. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package timezone timezone-java Update: Tue Aug 25 15:45:57 2009 Importance: bugfix ID: MDVA-2009:154 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:154 %pre Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. %description This package contains data files with rules for various timezones around the world. %package libxerces-c0 libxerces-c0-devel xerces-c-doc Update: Sun Aug 30 16:45:47 2009 Importance: security ID: MDVSA-2009:223 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:223 %pre A vulnerability has been found and corrected in xerces-c: Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in simply nested DTD structures, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-1885). This update provides a solution to this vulnerability. %description Xerces-C++ is a validating XML parser written in a portable subset of C++. Xerces-C++ makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. The parser provides high performance, modularity, and scalability. Source code, samples and API documentation are provided with the parser. For portability, care has been taken to make minimal use of templates, no RTTI, and minimal use of #ifdefs. %package libpostfix1 postfix postfix-ldap postfix-mysql postfix-pcre postfix-pgsql Update: Sun Aug 30 20:43:04 2009 Importance: security ID: MDVSA-2009:224 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:224 %pre A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937). This update provides a solution to this vulnerability. %description Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. PLEASE READ THE /usr/share/doc/postfix/README.MDK FILE. This rpm supports different build time options, to enable or disable these features you must rebuild the source rpm using the --with ... or --without ... rpm option. Currently postfix has been built with: Smtpd multiline greeting: --without multiline Virtual Delivery Agent: --without VDA Munge bare CR: --without barecr TLS support: --with tls IPV6 support: --with ipv6 CDB support: --without cdb Chroot by default: --with chroot Multi Instance Support: --without multi_instance %package libnspr4 libnspr-devel libnss3 libnss-devel libnss-static-devel nss Update: Tue Sep 01 18:27:45 2009 Importance: security ID: MDVSA-2009:197 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 %pre Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: This update also provides fixed packages for Mandriva Linux 2008.1 %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. For detailed information on standards supported, see http://www.mozilla.org/projects/security/pki/nss/overview.html. %package cyrus-imapd cyrus-imapd-devel cyrus-imapd-murder cyrus-imapd-nntp cyrus-imapd-utils perl-Cyrus Update: Fri Sep 11 12:13:02 2009 Importance: security ID: MDVSA-2009:229 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:229 %pre A vulnerability has been found and corrected in cyrus-imapd: Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability. %description The Cyrus IMAP Server is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across multiple servers. It differs from other IMAP server implementations in that it is run on "sealed" servers, where users are not normally permitted to log in. The mailbox database is stored in parts of the filesystem that are private to the Cyrus IMAP system. All user access to mail is through software using the IMAP, POP3, or KPOP protocols. TLSv1 and SSL are supported for security. This is the main package, install also the cyrus-imapd-utils package (it contains server administration tools and depends on the perl-Cyrus package). %package libneon0.24 libneon0.24-devel libneon0.24-static-devel libneon0.26 libneon0.26-devel libneon0.26-static-devel Update: Fri Sep 11 17:08:59 2009 Importance: security ID: MDVSA-2009:228 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:228 %pre A vulnerability has been found and corrected in neon: neon before 0.28.6, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2009-2474) This update provides a solution to this vulnerability. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package libnss3 libnss-devel libnss-static-devel nss Update: Fri Sep 11 18:02:25 2009 Importance: security ID: MDVSA-2009:197-2 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:197-2 %pre Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: This update also provides fixed packages for Mandriva Linux 2008.1 and fixes mozilla-thunderbird error messages. %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. For detailed information on standards supported, see http://www.mozilla.org/projects/security/pki/nss/overview.html. %package libsamplerate0 libsamplerate-devel libsamplerate-progs Update: Fri Sep 11 19:03:44 2009 Importance: security ID: MDVSA-2009:232 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:232 %pre A security vulnerability has been identified and fixed in libsamplerate: Lev Givon discovered a buffer overflow in libsamplerate that could lead to a segfault with specially crafted python code. This problem has been fixed with libsamplerate-0.1.7 but older versions are affected. This update provides a solution to this vulnerability. %description Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. One example of where such a thing would be useful is converting audio from the CD sample rate of 44.1kHz to the 48kHz sample rate used by DAT players. SRC is capable of arbitrary and time varying conversions ; from downsampling by a factor of 12 to upsampling by the same factor. Arbitrary in this case means that the ratio of input and output sample rates can be an irrational number. The conversion ratio can also vary with time for speeding up and slowing down effects. SRC provides a small set of converters to allow quality to be traded off against computation cost. The current best converter provides a signal-to-noise ratio of 97dB with -3dB passband extending from DC to 96% of the theoretical best bandwidth for a given pair of input and output sample rates. %package kernel-2.6.24.7-3mnb kernel-desktop-2.6.24.7-3mnb kernel-desktop586-2.6.24.7-3mnb kernel-desktop586-devel-2.6.24.7-3mnb kernel-desktop586-devel-latest kernel-desktop586-latest kernel-desktop-devel-2.6.24.7-3mnb kernel-desktop-devel-latest kernel-desktop-latest kernel-doc kernel-laptop-2.6.24.7-3mnb kernel-laptop-devel-2.6.24.7-3mnb kernel-laptop-devel-latest kernel-laptop-latest kernel-server-2.6.24.7-3mnb kernel-server-devel-2.6.24.7-3mnb kernel-server-devel-latest kernel-server-latest kernel-source-2.6.24.7-3mnb kernel-source-latest Update: Mon Sep 14 21:56:33 2009 Importance: security ID: MDVSA-2009:233 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 %pre A vulnerability was discovered and corrected in the Linux 2.6 kernel: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation on a PF_PPPOX socket. (CVE-2009-2692) To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Manbo Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandriva.com/en/security/kernelupdate %package libsilc1.1_2 libsilcclient1.1_2 silc-toolkit silc-toolkit-devel Update: Tue Sep 15 15:00:30 2009 Importance: security ID: MDVSA-2009:234 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 %pre Multiple vulnerabilities was discovered and corrected in silc-toolkit: Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions (CVE-2009-3051). The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string (CVE-2008-7159). The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string (CVE-2008-7160). Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users (CVE-2009-3163). This update provides a solution to these vulnerabilities. %description SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services on the Internet over insecure channel. SILC is IRC-like software although internally they are very different. The biggest similarity between SILC and IRC is that they both provide conferencing services and that SILC has almost the same commands as IRC. Other than that they are nothing alike. Major differences are that SILC is secure what IRC is not in any way. The network model is also entirely different compared to IRC. This package provides development related files for any application that has SILC support. %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Mon Sep 21 18:24:26 2009 Importance: security ID: MDVSA-2009:238 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:238 %pre Multiple vulnerabilities was discovered and corrected in openssl: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate (CVE-2009-1379). ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello (CVE-2009-1386). The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large (CVE-2009-2409). This update provides a solution to these vulnerabilities. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-prefork apache-mpm-worker apache-source Update: Tue Sep 22 14:06:07 2009 Importance: security ID: MDVSA-2009:240 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:240 %pre Multiple vulnerabilities was discovered and corrected in apache: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094). The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095). This update provides a solution to these vulnerabilities. %description This package contains the main binary of apache, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache is fully modular, and many modules are available in pre-compiled formats, like PHP and mod_auth_external. Check for available Apache modules for Mandriva Linux at: http://nux.se/apache/ (most of them can be installed from the contribs repository) This package defaults to a maximum of 128 dynamically loadable modules. This package defaults to a ServerLimit of 1024. You can change these values at RPM build time by using for example: --define 'maxmodules 512' --define 'serverlimit 2048' The package was built to support a maximum of 128 dynamically loadable modules. The package was built with a ServerLimit of 1024. %package libfreetype6 libfreetype6-devel libfreetype6-static-devel Update: Tue Sep 22 23:41:06 2009 Importance: security ID: MDVSA-2009:243 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:243 %pre Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem. %description The FreeType2 engine is a free and portable TrueType font rendering engine. It has been developed to provide TT support to a great variety of platforms and environments. Note that FreeType2 is a library, not a stand-alone application, though some utility applications are included %package glib2.0-common glib-gettextize libgio2.0_0 libglib2.0_0 libglib2.0-devel Update: Thu Sep 24 12:35:13 2009 Importance: security ID: MDVSA-2009:245 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:245 %pre A vulnerability was discovered and corrected in glib2.0: The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory (CVE-2009-3289). This update provides a solution to this vulnerability. %description Glib is a handy library of utility functions. This C library is designed to solve some portability problems and provide other useful functionality which most programs require. Glib is used by GDK, GTK+ and many applications. You should install Glib because many of your applications will depend on this library. %package libphp5_common5 php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-dbase php-devel php-dom php-exif php-fcgi php-filter php-ftp php-gd php-gettext php-gmp php-hash php-iconv php-imap php-json php-ldap php-mbstring php-mcrypt php-mhash php-mime_magic php-ming php-mssql php-mysql php-mysqli php-ncurses php-odbc php-openssl php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-posix php-pspell php-readline php-recode php-session php-shmop php-snmp php-soap php-sockets php-sqlite php-sysvmsg php-sysvsem php-sysvshm php-tidy php-tokenizer php-wddx php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zlib Update: Fri Sep 25 18:11:51 2009 Importance: security ID: MDVSA-2009:247 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:247 %pre Multiple vulnerabilities was discovered and corrected in php: The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file (CVE-2008-7068). The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates (CVE-2009-3291). Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. (CVE-2009-3292) Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. (CVE-2009-3293). However in Mandriva we don't use the bundled libgd source in php per default, there is a unsupported package in contrib named php-gd-bundled that eventually will get updated to pickup these fixes. This update provides a solution to these vulnerabilities. %description PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP5 is fairly simple. The most common use of PHP5 coding is probably as a replacement for CGI scripts. %package libnewt0.52 libnewt0.52-devel newt Update: Sun Sep 27 14:49:05 2009 Importance: security ID: MDVSA-2009:249 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:249 %pre A vulnerability was discovered and corrected in newt: A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library (CVE-2009-2905). This update provides a solution to this vulnerability. %description Newt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces. This package contains a /usr/bin/dialog replacement called whiptail. Newt is based on the slang library. %package libecpg8.3_6 libpq8.3_5 postgresql8.3 postgresql8.3-contrib postgresql8.3-devel postgresql8.3-docs postgresql8.3-pl postgresql8.3-plperl postgresql8.3-plpgsql postgresql8.3-plpython postgresql8.3-pltcl postgresql8.3-server Update: Wed Sep 30 18:03:06 2009 Importance: security ID: MDVSA-2009:177 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:177 %pre The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by re-LOAD-ing libraries from a certain plugins directory (CVE-2009-3229). The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230). The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password (CVE-2009-3231). This update provides a fix for this vulnerability. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package graphviz graphviz-doc libgraphviz4 libgraphviz-devel libgraphvizlua0 libgraphvizocaml0 libgraphvizperl0 libgraphvizphp0 libgraphvizpython0 libgraphvizr0 libgraphvizruby0 libgraphviz-static-devel libgraphviztcl0 Update: Thu Oct 01 17:10:56 2009 Importance: security ID: MDVSA-2009:254 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:254 %pre A vulnerability was discovered and corrected in graphviz: Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements (CVE-2008-4555). This update provides a fix for this vulnerability. %description A collection of tools for the manipulation and layout of graphs (as in nodes and edges, not as in barcharts). %package dbus dbus-x11 libdbus-1_3 libdbus-1-devel Update: Tue Oct 06 19:44:58 2009 Importance: security ID: MDVSA-2009:256 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:256 %pre A vulnerability was discovered and corrected in dbus: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 (CVE-2009-1189). This update provides a fix for this vulnerability. %description D-Bus is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. %package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl Update: Wed Oct 07 15:33:00 2009 Importance: security ID: MDVSA-2009:258 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 %pre A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package snort snort-bloat snort-inline snort-inline+flexresp snort-mysql snort-mysql+flexresp snort-plain+flexresp snort-postgresql snort-postgresql+flexresp snort-prelude snort-prelude+flexresp Update: Thu Oct 08 00:03:59 2009 Importance: security ID: MDVSA-2009:259 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:259 %pre preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. (CVE-2008-1804) The updated packages have been patched to prevent this. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This rpm is different from previous rpms and while it will not clobber your current snort file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations. We use update-alternatives for this. Here are the different packages along with their priorities. plain(10) plain+flexresp(11) mysql(12) mysql+flexresp(13) postgresql(14) postgresql+flexresp(15) bloat(16) inline(17) inline+flexresp(18) prelude(21) prelude+flexresp(22) Please see the documentation in /usr/share/doc/snort %package imagemagick imagemagick-desktop imagemagick-doc libmagick1 libmagick-devel perl-Image-Magick Update: Fri Oct 09 02:04:10 2009 Importance: security ID: MDVSA-2009:260 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:260 %pre A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. %package libnetpbm10 libnetpbm-devel libnetpbm-static-devel netpbm Update: Fri Oct 09 13:08:08 2009 Importance: security ID: MDVSA-2009:262 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:262 %pre A vulnerability has been found and corrected in netpbm: pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read (CVE-2008-4799). This update fixes this vulnerability. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package sympa Update: Fri Oct 09 16:00:42 2009 Importance: security ID: MDVSA-2009:263 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:263 %pre A vulnerability has been found and corrected in sympa: sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability (CVE-2008-4476). This update fixes this vulnerability. %description SYMPA is an electronic mailing list manager. It is used to automate list management functions such as subscription, moderation and management of archives. SYMPA also manages sending of messages to the lists, and makes it possible to reduce the load on the system. Provided that you have enough memory on your system, Sympa is especially well adapted for big lists. For a list with 20 000 subscribers, it takes 5 minutes to send a message to 90% of subscribers, of course considering that the network is available. Documentation is available under HTML and SGML (source) formats. %package libxmlsec1-1 libxmlsec1-devel libxmlsec1-gnutls1 libxmlsec1-gnutls-devel libxmlsec1-nss1 libxmlsec1-nss-devel libxmlsec1-openssl1 libxmlsec1-openssl-devel xmlsec1 Update: Sat Oct 10 15:48:35 2009 Importance: security ID: MDVSA-2009:267 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:267 %pre A vulnerability has been found and corrected in xmlsec1: A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). This update fixes this vulnerability. %description XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". %package jay libmono0 libmono-devel mono mono-bytefx-data-mysql mono-data mono-data-firebird mono-data-oracle mono-data-postgresql mono-data-sqlite mono-data-sybase mono-doc mono-extras mono-ibm-data-db2 mono-jscript mono-locale-extras mono-nunit mono-web mono-winforms Update: Mon Oct 12 12:30:06 2009 Importance: security ID: MDVSA-2009:268 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:268 %pre Multiple vulnerabilities has been found and corrected in mono: Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren) (CVE-2008-3422). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes these vulnerabilities. %description Mono is an implementation of the ECMA Common Language Infrastructure, it contains both a just-in-time compiler for maximum performance, and an interpeter. It can also be used to run programs from the .NET Framework. This package contains the core of the Mono runtime including its Virtual Machine, Just-in-time compiler, C# compiler, security tools and libraries (corlib, XML, System.Security, System.Drawing, ZipLib, I18N, Cairo and Mono.*). %package libmikmod2 libmikmod-devel Update: Mon Oct 12 19:29:13 2009 Importance: security ID: MDVSA-2009:272 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:272 %pre Multiple vulnerabilities has been found and corrected in libmikmod: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels (CVE-2007-6720). libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file (CVE-2009-0179). This update fixes these vulnerabilities. %description Libmikmod is a portable sound library, capable of playing samples as well as module files, originally written by Jean-Paul Mikkers (MikMak) for DOS. It has subsequently been hacked by many hands and now runs on many Unix flavours. It uses the OSS /dev/dsp driver including in all recent kernels for output, as well as ALSA and EsounD, and will also write wav files. Supported file formats include 669, AMF, APUN, DSM, FAR, GDM, IT, IMF,MOD, MED, MTM, OKT, S3M, STM, STX, ULT, UNI and XM. Full source included, use of this library for music/sound effects in your own programs is encouraged ! %package python-django Update: Tue Oct 13 13:36:37 2009 Importance: security ID: MDVSA-2009:275 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:275 %pre A vulnerability has been found and corrected in python-django: The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL (CVE-2009-2659). The versions of Django shipping with Mandriva Linux have been updated to the latest patched version that include the fix for this issue. In addition, they provide other bug fixes. %description Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Developed and used over the past two years by a fast-moving online-news operation, Django was designed from scratch to handle two challenges: the intensive deadlines of a newsroom and the stringent requirements of experienced Web developers. It has convenient niceties for developing content-management systems, but it's an excellent tool for building any Web site. Django focuses on automating as much as possible and adhering to the DRY principle. %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel mount-cifs nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-vscan-icap samba-winbind Update: Wed Oct 14 13:28:10 2009 Importance: security ID: MDVSA-2009:277 URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:277 %pre Multiple vulnerabilities has been found and corrected in samba: The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows File Sharing is enabled, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories (CVE-2009-2813). smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet (CVE-2009-2906). mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option (CVE-2009-2948). The versions of samba shipping with Mandriva Linux CS4/MES5/2008.1/2009.0/2009.1 have been updated to the latest version that includes the fixes for these issues. Additionally for 2009.1 the version upgrade provides many upstream bug fixes such as improved Windows(tm) 7 support. The version for CS3 has been patched to address these security issues. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-3.0 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package em8300-kernel-2.6.24.7-desktop-3mnb em8300-kernel-2.6.24.7-desktop586-3mnb em8300-kernel-2.6.24.7-laptop-3mnb em8300-kernel-2.6.24.7-server-3mnb em8300-kernel-desktop586-latest em8300-kernel-desktop-latest em8300-kernel-laptop-latest em8300-kernel-server-latest fcdsl2-kernel-2.6.24.7-desktop-3mnb fcdsl2-kernel-2.6.24.7-desktop586-3mnb fcdsl2-kernel-2.6.24.7-laptop-3mnb fcdsl2-kernel-2.6.24.7-server-3mnb fcdsl2-kernel-desktop586-latest fcdsl2-kernel-desktop-latest fcdsl2-kernel-laptop-latest fcdsl2-kernel-server-latest fcdsl-kernel-2.6.24.7-desktop-3mnb fcdsl-kernel-2.6.24.7-desktop586-3mnb fcdsl-kernel-2.6.24.7-laptop-3mnb fcdsl-kernel-2.6.24.7-server-3mnb fcdsl-kernel-desktop586-latest fcdsl-kernel-desktop-latest fcdsl-kernel-laptop-latest fcdsl-kernel-server-latest fcdslsl-kernel-2.6.24.7-desktop-3mnb fcdslsl-kernel-2.6.24.7-desktop586-3mnb fcdslsl-kernel-2.6.24.7-laptop-3mnb fcdslsl-kernel-2.6.24.7-server-3mnb fcdslsl-kernel-desktop586-latest fcdslsl-kernel-desktop-latest fcdslsl-kernel-laptop-latest fcdslsl-kernel-server-latest fcdslslusb-kernel-2.6.24.7-desktop-3mnb fcdslslusb-kernel-2.6.24.7-desktop586-3mnb fcdslslusb-kernel-2.6.24.7-laptop-3mnb fcdslslusb-kernel-2.6.24.7-server-3mnb fcdslslusb-kernel-desktop586-latest fcdslslusb-kernel-desktop-latest fcdslslusb-kernel-laptop-latest fcdslslusb-kernel-server-latest fcdslusb2-kernel-2.6.24.7-desktop-3mnb fcdslusb2-kernel-2.6.24.7-desktop586-3mnb fcdslusb2-kernel-2.6.24.7-laptop-3mnb fcdslusb2-kernel-2.6.24.7-server-3mnb fcdslusb2-kernel-desktop586-latest fcdslusb2-kernel-desktop-latest fcdslusb2-kernel-laptop-latest fcdslusb2-kernel-server-latest fcdslusba-kernel-2.6.24.7-desktop-3mnb fcdslusba-kernel-2.6.24.7-desktop586-3mnb fcdslusba-kernel-2.6.24.7-laptop-3mnb fcdslusba-kernel-2.6.24.7-server-3mnb fcdslusba-kernel-desktop586-latest fcdslusba-kernel-desktop-latest fcdslusba-kernel-laptop-latest fcdslusba-kernel-server-latest fcdslusb-kernel-2.6.24.7-desktop-3mnb fcdslusb-kernel-2.6.24.7-desktop586-3mnb fcdslusb-kernel-2.6.24.7-laptop-3mnb fcdslusb-kernel-2.6.24.7-server-3mnb fcdslusb-kernel-desktop586-latest fcdslusb-kernel-desktop-latest fcdslusb-kernel-laptop-latest fcdslusb-kernel-server-latest fcpci-kernel-2.6.24.7-desktop-3mnb fcpci-kernel-2.6.24.7-desktop586-3mnb fcpci-kernel-2.6.24.7-laptop-3mnb fcpci-kernel-2.6.24.7-server-3mnb fcpci-kernel-desktop586-latest fcpci-kernel-desktop-latest fcpci-kernel-laptop-latest fcpci-kernel-server-latest fcusb2-kernel-2.6.24.7-desktop-3mnb fcusb2-kernel-2.6.24.7-desktop586-3mnb fcusb2-kernel-2.6.24.7-laptop-3mnb fcusb2-kernel-2.6.24.7-server-3mnb fcusb2-kernel-desktop586-latest fcusb2-kernel-desktop-latest fcusb2-kernel-laptop-latest fcusb2-kernel-server-latest fcusb-kernel-2.6.24.7-desktop-3mnb fcusb-kernel-2.6.24.7-desktop586-3mnb fcusb-kernel-2.6.24.7-laptop-3mnb fcusb-kernel-2.6.24.7-server-3mnb fcusb-kernel-desktop586-latest fcusb-kernel-desktop-latest fcusb-kernel-laptop-latest fcusb-kernel-server-latest fglrx-kernel-2.6.24.7-desktop-3mnb fglrx-kernel-2.6.24.7-desktop586-3mnb fglrx-kernel-2.6.24.7-laptop-3mnb fglrx-kernel-2.6.24.7-server-3mnb fglrx-kernel-desktop586-latest fglrx-kernel-desktop-latest fglrx-kernel-laptop-latest fglrx-kernel-server-latest fxusb_CZ-kernel-2.6.24.7-desktop-3mnb fxusb_CZ-kernel-2.6.24.7-desktop586-3mnb fxusb_CZ-kernel-2.6.24.7-laptop-3mnb fxusb_CZ-kernel-2.6.24.7-server-3mnb fxusb_CZ-kernel-desktop586-latest fxusb_CZ-kernel-desktop-latest fxusb_CZ-kernel-laptop-latest fxusb_CZ-kernel-server-latest fxusb-kernel-2.6.24.7-desktop-3mnb fxusb-kernel-2.6.24.7-desktop586-3mnb fxusb-kernel-2.6.24.7-laptop-3mnb fxusb-kernel-2.6.24.7-server-3mnb fxusb-kernel-desktop586-latest fxusb-kernel-desktop-latest fxusb-kernel-laptop-latest fxusb-kernel-server-latest hcfpcimodem-kernel-2.6.24.7-desktop-3mnb hcfpcimodem-kernel-2.6.24.7-desktop586-3mnb hcfpcimodem-kernel-2.6.24.7-laptop-3mnb hcfpcimodem-kernel-2.6.24.7-server-3mnb hcfpcimodem-kernel-desktop586-latest hcfpcimodem-kernel-desktop-latest hcfpcimodem-kernel-laptop-latest hcfpcimodem-kernel-server-latest hsfmodem-kernel-2.6.24.7-desktop-3mnb hsfmodem-kernel-2.6.24.7-desktop586-3mnb hsfmodem-kernel-2.6.24.7-laptop-3mnb hsfmodem-kernel-2.6.24.7-server-3mnb hsfmodem-kernel-desktop586-latest hsfmodem-kernel-desktop-latest hsfmodem-kernel-laptop-latest hsfmodem-kernel-server-latest kqemu-kernel-2.6.24.7-desktop-3mnb kqemu-kernel-2.6.24.7-desktop586-3mnb kqemu-kernel-2.6.24.7-laptop-3mnb kqemu-kernel-2.6.24.7-server-3mnb kqemu-kernel-desktop586-latest kqemu-kernel-desktop-latest kqemu-kernel-laptop-latest kqemu-kernel-server-latest libafs-kernel-2.6.24.7-desktop-3mnb libafs-kernel-2.6.24.7-desktop586-3mnb libafs-kernel-2.6.24.7-laptop-3mnb libafs-kernel-2.6.24.7-server-3mnb libafs-kernel-desktop586-latest libafs-kernel-desktop-latest libafs-kernel-laptop-latest libafs-kernel-server-latest lirc-kernel-2.6.24.7-desktop-3mnb lirc-kernel-2.6.24.7-desktop586-3mnb lirc-kernel-2.6.24.7-laptop-3mnb lirc-kernel-2.6.24.7-server-3mnb lirc-kernel-desktop586-latest lirc-kernel-desktop-latest lirc-kernel-laptop-latest lirc-kernel-server-latest lzma-kernel-2.6.24.7-desktop-3mnb lzma-kernel-2.6.24.7-desktop586-3mnb lzma-kernel-2.6.24.7-laptop-3mnb lzma-kernel-2.6.24.7-server-3mnb lzma-kernel-desktop586-latest lzma-kernel-desktop-latest lzma-kernel-laptop-latest lzma-kernel-server-latest madwifi-kernel-2.6.24.7-desktop-3mnb madwifi-kernel-2.6.24.7-desktop586-3mnb madwifi-kernel-2.6.24.7-laptop-3mnb madwifi-kernel-2.6.24.7-server-3mnb madwifi-kernel-desktop586-latest madwifi-kernel-desktop-latest madwifi-kernel-laptop-latest madwifi-kernel-server-latest ndiswrapper-kernel-2.6.24.7-desktop-3mnb ndiswrapper-kernel-2.6.24.7-desktop586-3mnb ndiswrapper-kernel-2.6.24.7-laptop-3mnb ndiswrapper-kernel-2.6.24.7-server-3mnb ndiswrapper-kernel-desktop586-latest ndiswrapper-kernel-desktop-latest ndiswrapper-kernel-laptop-latest ndiswrapper-kernel-server-latest nvidia71xx-kernel-2.6.24.7-desktop-3mnb nvidia71xx-kernel-2.6.24.7-desktop586-3mnb nvidia71xx-kernel-2.6.24.7-laptop-3mnb nvidia71xx-kernel-2.6.24.7-server-3mnb nvidia71xx-kernel-desktop586-latest nvidia71xx-kernel-desktop-latest nvidia71xx-kernel-laptop-latest nvidia71xx-kernel-server-latest nvidia96xx-kernel-2.6.24.7-desktop-3mnb nvidia96xx-kernel-2.6.24.7-desktop586-3mnb nvidia96xx-kernel-2.6.24.7-laptop-3mnb nvidia96xx-kernel-2.6.24.7-server-3mnb nvidia96xx-kernel-desktop586-latest nvidia96xx-kernel-desktop-latest nvidia96xx-kernel-laptop-latest nvidia96xx-kernel-server-latest nvidia-current-kernel-2.6.24.7-desktop-3mnb nvidia-current-kernel-2.6.24.7-desktop586-3mnb nvidia-current-kernel-2.6.24.7-laptop-3mnb nvidia-current-kernel-2.6.24.7-server-3mnb nvidia-current-kernel-desktop586-latest nvidia-current-kernel-desktop-latest nvidia-current-kernel-laptop-latest nvidia-current-kernel-server-latest slmodem-kernel-2.6.24.7-desktop-3mnb slmodem-kernel-2.6.24.7-desktop586-3mnb slmodem-kernel-2.6.24.7-laptop-3mnb slmodem-kernel-2.6.24.7-server-3mnb slmodem-kernel-desktop586-latest slmodem-kernel-desktop-latest slmodem-kernel-laptop-latest slmodem-kernel-server-latest unicorn-kernel-2.6.24.7-desktop-3mnb unicorn-kernel-2.6.24.7-desktop586-3mnb unicorn-kernel-2.6.24.7-laptop-3mnb unicorn-kernel-2.6.24.7-server-3mnb unicorn-kernel-desktop586-latest unicorn-kernel-desktop-latest unicorn-kernel-laptop-latest unicorn-kernel-server-latest unionfs-kernel-2.6.24.7-desktop-3mnb unionfs-kernel-2.6.24.7-desktop586-3mnb unionfs-kernel-2.6.24.7-laptop-3mnb unionfs-kernel-2.6.24.7-server-3mnb unionfs-kernel-desktop586-latest unionfs-kernel-desktop-latest unionfs-kernel-laptop-latest unionfs-kernel-server-latest vboxadd-kernel-2.6.24.7-desktop-3mnb vboxadd-kernel-2.6.24.7-desktop586-3mnb vboxadd-kernel-2.6.24.7-laptop-3mnb vboxadd-kernel-2.6.24.7-server-3mnb vboxadd-kernel-desktop586-latest vboxadd-kernel-desktop-latest vboxadd-kernel-laptop-latest vboxadd-kernel-server-latest vboxvfs-kernel-2.6.24.7-desktop-3mnb vboxvfs-kernel-2.6.24.7-desktop586-3mnb vboxvfs-kernel-2.6.24.7-laptop-3mnb vboxvfs-kernel-2.6.24.7-server-3mnb vboxvfs-kernel-desktop586-latest vboxvfs-kernel-desktop-latest vboxvfs-kernel-laptop-latest vboxvfs-kernel-server-latest virtualbox-kernel-2.6.24.7-desktop-3mnb virtualbox-kernel-2.6.24.7-desktop586-3mnb virtualbox-kernel-2.6.24.7-laptop-3mnb virtualbox-kernel-2.6.24.7-server-3mnb virtualbox-kernel-desktop586-latest virtualbox-kernel-desktop-latest virtualbox-kernel-laptop-latest virtualbox-kernel-server-latest vpnclient-kernel-2.6.24.7-desktop-3mnb vpnclient-kernel-2.6.24.7-desktop586-3mnb vpnclient-kernel-2.6.24.7-laptop-3mnb vpnclient-kernel-2.6.24.7-server-3mnb vpnclient-kernel-desktop586-latest vpnclient-kernel-desktop-latest vpnclient-kernel-laptop-latest vpnclient-kernel-server-latest Update: Thu Nov 05 17:44:46 2009 Importance: bugfix ID: MDVA-2009:183 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:183 %pre This update provides the kernel modules which were not distributed with the last kernel update. %description %package mdkonline Update: Thu Dec 10 22:35:51 2009 Importance: bugfix ID: MDVA-2009:251 URL: http://www.mandriva.com/security/advisories?name=MDVA-2009:251 %pre This update fixes several issues regarding the live upgrade to a more recent distribution, notably: - new distributions are now only presented after all updates were applied. - if current distribution is no more supported, we will about it and offer to upgrade to a newer release It also fix a couple crashes: - a rare crash (bug #55346) - gracefully handle (rare) server issues (bugs #51299 & #51548) Now passwords with special caracters are properly managed. For security, we now access api.mandriva.com through the https protocol. The applet now offer to configure a couple settings. Last but not least, it now more efficient system power usage %description The Mandriva Online tool allows users to be kept informed about security updates, hardware support/enhancements and other high value services. The package include : * Update daemon which allows you to install security updates automatically, * A KDE/Gnome/IceWM compliant applet for security updates notification and installation.