https://mandriva.com/security/advisories Mandriva security advisories en-us https://mandriva.com/security/advisories?name=MDKSA-2006:046 Gnu tar versions 1.14 and above have a buffer overflow vulnerability<br /> and some other issues including:<br /> <br /> - Carefully crafted invalid headers can cause buffer overrun.<br /> - Invalid header fields go undiagnosed.<br /> - Some valid time strings are ignored.<br /> <br /> The updated packages have been patched to address this issue. https://mandriva.com/security/advisories?name=MDKSA-2006:045 Eric Romang discovered a temporary file vulnerability in the<br /> mysql_install_db script provided with MySQL. This vulnerability<br /> only affects versions of MySQL 4.1.x prior to 4.1.12.<br /> <br /> The updated packages have been patched to address this issue. https://mandriva.com/security/advisories?name=MDKSA-2006:044 A number of vulnerabilities have been discovered and corrected in the<br /> Linux 2.4 kernel:<br /> <br /> A numeric casting discrepancy in sdla_xfer could allow a local user to<br /> read portions of kernel memory via a large len argument<br /> (CVE-2004-2607).<br /> <br /> The traps.c file executes stack segment faults on an exception stack,<br /> which could allow a local user to cause an oops and stack fault<br /> exception (CVE-2005-1767).<br /> <br /> The find_target function in ptrace32.c does not properly handle a NULL<br /> return value from another function, allowing local users to cause a<br /> kernel crash/oops by running a 32-bit ltrace program with the -i option<br /> on a 64-bit executable program (CVE-2005-2553).<br /> <br /> A race condition in ip_vs_conn_flush, when running on SMP systems,<br /> could allow a local attacker to cause null dereference DoS by causing<br /> a connection timer to expire while the connection table is being<br /> flushed before the appropriate lock is acquired (CVE-2005-3274).<br /> <br /> The NAT code in ip_nat_proto_tcp.c and ip_nat_proto_udp.c incorrectly<br /> declares a variable to be static, which could allow a remote attacker<br /> to cause a Denial of Service via memory corruption by causing two<br /> packets for the same protocol to be NATed at the same time<br /> (CVE-2005-3275).<br /> <br /> The IPv6 flowlabel handling code modified the wrong variable in certain<br /> circumstances, which could allow a local user to corrupt kernel memory<br /> or cause a Denial of Service (crash) by triggering a free of non-<br /> allocated memory (CVE-2005-3806).<br /> <br /> The wan/sdla.c file does not require CAP_SYS_RAWIO privilege for an<br /> SDLA firmware upgrade with unknown impact and local attack vectors<br /> (CVE-2006-0096).<br /> <br /> The provided packages are patched to fix these vulnerabilities. All<br /> users are encouraged to upgrade to these updated kernels.<br /> <br /> To update your kernel, please follow the directions located at:<br /> <br /> https://mandriva.com/en/security/kernelupdate https://mandriva.com/security/advisories?name=MDKSA-2006:043 Tavis Ormandy discovered it is possible to make gpg incorrectly <br /> return success when verifying an invalid signature file.<br /> <br /> The updated packages have been patched to address this issue. https://mandriva.com/security/advisories?name=MDKSA-2006:042 Stack-based buffer overflow in libTIFF before 3.7.2 allows remote<br /> attackers to execute arbitrary code via a TIFF file with a malformed<br /> BitsPerSample tag. Although some of the previous updates appear to<br /> already catch this issue, this update adds some additional checks.<br /> <br /> The updated packages have been patched to correct this issue. https://mandriva.com/security/advisories?name=MDKSA-2006:041 Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a <br /> denial of service (crash) through a wireless Bluetooth connection via a <br /> malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.<br /> <br /> The updated packages have been patched to correct this issue. https://mandriva.com/security/advisories?name=MDKSA-2006:040 A number of vulnerabilities were discovered and corrected in the Linux<br /> 2.6 kernel:<br /> <br /> The udp_v6_get_port function in udp.c, when running IPv6, allows local<br /> users to cause a Denial of Service (infinite loop and crash)<br /> (CVE-2005-2973).<br /> <br /> The mq_open system call in certain situations can decrement a counter<br /> twice as a result of multiple calls to the mntput function when the<br /> dentry_open function call fails, allowing a local user to cause a DoS<br /> (panic) via unspecified attack vectors (CVE-2005-3356).<br /> <br /> The procfs code allows attackers to read sensitive kernel memory via<br /> unspecified vectors in which a signed value is added to an unsigned<br /> value (CVE-2005-4605).<br /> <br /> A buffer overflow in sysctl allows local users to cause a DoS and<br /> possibly execute arbitrary code via a long string, which causes sysctl<br /> to write a zero byte outside the buffer (CVE-2005-4618).<br /> <br /> A buffer overflow in the CA-driver for TwinHan DST Frontend/Card allows<br /> local users to cause a DoS (crash) and possibly execute arbitrary code<br /> by reading more than eight bytes into an eight byte long array<br /> (CVE-2005-4639).<br /> <br /> dm-crypt does not clear a structure before it is freed, which leads to<br /> a memory disclosure that could allow local users to obtain sensitive<br /> information about a cryptographic key (CVE-2006-0095).<br /> <br /> Remote attackers can cause a DoS via unknown attack vectors related to<br /> an "extra dst release when ip_options_echo fails" in icmp.c<br /> (CVE-2006-0454).<br /> <br /> In addition to these security fixes, other fixes have been included<br /> such as:<br /> <br /> - support for mptsas<br /> - fix for IPv6 with sis190<br /> - a problem with the time progressing twice as fast<br /> - a fix for Audigy 2 ZS Video Editor sample rates<br /> - a fix for a supermount crash when accessing a supermount-ed CD/DVD<br /> drive<br /> - a fix for improperly unloading sbp2 module<br /> <br /> The provided packages are patched to fix these vulnerabilities. All<br /> users are encouraged to upgrade to these updated kernels.<br /> <br /> To update your kernel, please follow the directions located at:<br /> <br /> https://mandriva.com/en/security/kernelupdate https://mandriva.com/security/advisories?name=MDKA-2006:019 Various bugs in the PostgreSQL 8.0.x branch have been corrected with<br /> the latest 8.0.7 maintenance release which is being provided for<br /> Mandriva Linux 2006 users. https://mandriva.com/security/advisories?name=MDKSA-2006:039 Evgeny Legerov discovered cases of possible out-of-bounds access<br /> in the DER decoding schemes of libtasn1, when provided with invalid<br /> input. This library is bundled with gnutls.<br /> <br /> The provided packages have been patched to correct these issues. https://mandriva.com/security/advisories?name=MDKA-2006:018 A number of bugs have been corrected with this latest ghostscript<br /> package including a fix when rendering imaged when converting<br /> PostScript to PDF with ps2pdf, a crash when generating PDF files with<br /> the pdfwrite device, several segfaults, a fix for vertical japanese<br /> text, and a number of other fixes.