Mandriva

An integer overflow in the zip_read_entry() function in PHP prior
to 4.4.5 allowed remote attackers to execute arbitrary code via a
ZIP archive containing a certain type of entry that triggered a heap
overflow (CVE-2007-1777).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The updated packages have been patched to correct these issues.

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The updated packages have been patched to correct these issues.

A number of vulnerabilities have been found and corrected in PHP:

php-cgi in PHP prior to 5.2.6 does not properly calculate the length
of PATH_TRANSLATED, which has unknown impact and attack vectors
(CVE-2008-0599).

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown
impact and context-dependent attack vectors related to incomplete
multibyte characters (CVE-2008-2051).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The IMAP module in PHP uses obsolete API calls that allow
context-dependent attackers to cause a denial of service (crash)
via a long IMAP request (CVE-2008-2829).

In addition, the updated packages provide a number of bug fixes.

The updated packages have been patched to correct these issues.

A number of vulnerabilities have been found and corrected in PHP:

The htmlentities() and htmlspecialchars() functions in PHP prior to
5.2.5 accepted partial multibyte sequences, which has unknown impact
and attack vectors (CVE-2007-5898).

The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites
local forms in which the ACTION attribute references a non-local URL,
which could allow a remote attacker to obtain potentially sensitive
information by reading the requests for this URL (CVE-2007-5899).

php-cgi in PHP prior to 5.2.6 does not properly calculate the length
of PATH_TRANSLATED, which has unknown impact and attack vectors
(CVE-2008-0599).

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown
impact and context-dependent attack vectors related to incomplete
multibyte characters (CVE-2008-2051).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The IMAP module in PHP uses obsolete API calls that allow
context-dependent attackers to cause a denial of service (crash)
via a long IMAP request (CVE-2008-2829).

In addition, this update also corrects an issue with some float to
string conversions.

The updated packages have been patched to correct these issues.

A number of vulnerabilities have been found and corrected in PHP:

PHP 5.2.1 would allow context-dependent attackers to read portions
of heap memory by executing certain scripts with a serialized data
input string beginning with 'S:', which did not properly track the
number of input bytes being processed (CVE-2007-1649).

A vulnerability in the chunk_split() function in PHP prior to 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation (CVE-2007-4660).

The htmlentities() and htmlspecialchars() functions in PHP prior to
5.2.5 accepted partial multibyte sequences, which has unknown impact
and attack vectors (CVE-2007-5898).

The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites
local forms in which the ACTION attribute references a non-local URL,
which could allow a remote attacker to obtain potentially sensitive
information by reading the requests for this URL (CVE-2007-5899).

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown
impact and context-dependent attack vectors related to incomplete
multibyte characters (CVE-2008-2051).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The IMAP module in PHP uses obsolete API calls that allow
context-dependent attackers to cause a denial of service (crash)
via a long IMAP request (CVE-2008-2829).

The updated packages have been patched to correct these issues.

A number of vulnerabilities have been found and corrected in PHP:

A vulnerability in the chunk_split() function in PHP prior to 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation (CVE-2007-4660).

The htmlentities() and htmlspecialchars() functions in PHP prior to
5.2.5 accepted partial multibyte sequences, which has unknown impact
and attack vectors (CVE-2007-5898).

The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites
local forms in which the ACTION attribute references a non-local URL,
which could allow a remote attacker to obtain potentially sensitive
information by reading the requests for this URL (CVE-2007-5899).

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown
impact and context-dependent attack vectors related to incomplete
multibyte characters (CVE-2008-2051).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The updated packages have been patched to correct these issues.

A protocol change at the ICQ servers made it impossible to connect
with Pidgin. This update adapts Pidgin to the new protocol version.

This mkinitrd update fixes issues with systems using dmraid. It makes
sure that the modules for the disk controllers used by a dmraid array
are included in the initrd.

Evince was not properly handling multi-page TIFF files and was crashing
under specific conditions when requesting printing. This package
update fixes those issues and includes additional translations from
the GNOME 2.22.2 release.

A missing initialization was preventing correct text rendering in
the GTK2 file selector, when using non-UTF8 locales. This updated
package fixes this issue, as well as memory leaks and also includes
new translations from the GNOME 2.22.2 release.

A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).

Xine-lib is similarly affected by this issue.

As well, the previous version of xine as provided in Mandriva Linux
2008.1 would crash when playing matroska files, and a regression was
introduced that prevented Amarok from playing m4a files.

The updated packages have been patched to correct this issue.

The package included with Mandriva Linux 2008 Spring for swi-prolog
could not be installed due to an incorrect dependency. This updated
package removes the incorrect dependency and can be installed as
normal.

Gnome-session was not migrating files from the old GNOME trash system
to its new location at login, preventing old trash management with
Nautilus. This package fixes the issue and provides new translations
from GNOME 2.22.2.

Beagle was looking for the static indexes generated by
beagle-crawl-system in the wrong directory. This update corrects
the problem.

Stefan Cornelius discovered two buffer overflows in Imlib's image
loaders for PNM and XPM images, which could possibly result in the
execution of arbitrary code (CVE-2008-2426).

The updated packages have been patched to prevent this issue.

A vulnerability was discovered in ClamAV and corrected with the
0.93.1 release:

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers
to cause a denial of service via a crafted Petite file that triggers
an out-of-bounds read. (CVE-2008-2713)

Other bugs have also been corrected in 0.93.1 which is being provided
with this update.

Multiple vulnerabilities were discovered in FreeType's Printer
Font Binary (PFB) font-file format parser. If a user were to load a
carefully crafted font file with a program linked against FreeType, it
could cause the application to crash or potentially execute arbitrary
code (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808).

The updated packages have been patched to prevent this issue.

An off-by-one error was found in nasm 2.02 that allowed
context-dependent attackers to cause a denial of service (crash)
or possibly execute arbitrary code via a crafted file that triggers
a stack-based buffer overflow (CVE-2008-2719).

The updated packages have been patched to prevent this issue.

A flaw was found in exiv2 that would cause exiv2, or applictions linked
to libexiv2, to crash on image files with certain metadata in the image
(CVE-2008-2696).

The updated packages have been patched to prevent this issue.

A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's
Keyed-Hash Message Authentication Code (HMAC). An attacker
could exploit this flaw to spoof an authenticated SNMPv3 packet
(CVE-2008-0960).

A buffer overflow was found in the perl bindings for Net-SNMP that
could be exploited if an attacker could convince an application
using the Net-SNMP perl modules to connect to a malicious SNMP agent
(CVE-2008-2292).

The updated packages have been patched to prevent these issues.