http://www.mandriva.com/en/security/advisories Mandriva security advisories en-us http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:150 Multiple buffer overflows in yaSSL, which is used in MySQL, allowed<br /> remote attackers to execute arbitrary code (CVE-2008-0226) or cause<br /> a denial of service via a special Hello packet (CVE-2008-0227).<br /> <br /> Sergei Golubchik found that MySQL did not properly validate optional<br /> data or index directory paths given in a CREATE TABLE statement; as<br /> well it would not, under certain conditions, prevent two databases<br /> from using the same paths for data or index files. This could allow<br /> an authenticated user with appropriate privilege to create tables in<br /> one database to read and manipulate data in tables later created in<br /> other databases, regardless of GRANT privileges (CVE-2008-2079).<br /> <br /> The updated packages have been patched to correct these issues. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:149 Sergei Golubchik found that MySQL did not properly validate optional<br /> data or index directory paths given in a CREATE TABLE statement; as<br /> well it would not, under certain conditions, prevent two databases<br /> from using the same paths for data or index files. This could allow<br /> an authenticated user with appropriate privilege to create tables in<br /> one database to read and manipulate data in tables later created in<br /> other databases, regardless of GRANT privileges (CVE-2008-2079).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:148 Security vulnerabilities have been discovered and corrected in the<br /> latest Mozilla Firefox program, version 2.0.0.16 (CVE-2008-2785,<br /> CVE-2008-2933).<br /> <br /> This update provides the latest Firefox to correct these issues. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:109 Updated timezone packages are being provided for older Mandriva Linux<br /> systems that do not contain the new Daylight Savings Time information<br /> for 2008 and later for certain time zones. These updated packages<br /> contain the new information. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:147 Tavis Ormandy of the Google Security Team discovered a heap-based<br /> buffer overflow when compiling certain regular expression patterns.<br /> This could be used by a malicious attacker by sending a specially<br /> crafted regular expression to an application using the PCRE library,<br /> resulting in the possible execution of arbitrary code or a denial of<br /> service (CVE-2008-2371).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:146 A memory management issue was found in libpoppler by Felipe Andres<br /> Manzano that could allow for the execution of arbitrary code with<br /> the privileges of the user running a poppler-based application,<br /> if they opened a specially crafted PDF file (CVE-2008-2950).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:108 This x11-sever update disables offscreen pixmaps by default as they<br /> were causing drawing issues with Firefox 3 and other applications.<br /> To re-enable this option, use 'Option XaaOffscreenPixmaps on'<br /> in xorg.conf. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:107 Some thesaurus files of some languages were not properly working<br /> witn Mandriva Linux 2008.1. The thesaurus would not bring out the<br /> meaning and synonym for any searched word for the following languages:<br /> American English, Spanish, French, German, Polish, Czeck, Slovakian,<br /> and Hungarian. This release updates the thesaurus files for these<br /> languages so that they will work with the Mandriva OpenOffice.org<br /> version 2.4.1.5. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:145 An input validation flaw was found in the Bluetooth Session Description<br /> Protocol (SDP) packet parser used in the Bluez bluetooth utilities.<br /> A bluetooth device with an already-trusted relationship, or a local<br /> user registering a service record via a UNIX socket or D-Bus interface,<br /> could cause a crash and potentially execute arbitrary code with the<br /> privileges of the hcid daemon (CVE-2008-2374).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:144 A denial of service vulnerability was discovered in the way<br /> the OpenLDAP slapd daemon processed certain network messages.<br /> An unauthenticated remote attacker could send a specially crafted<br /> request that would crash the slapd daemon (CVE-2008-2952).<br /> <br /> The updated packages have been patched to correct this issue.