A vulnerability has been discovered and corrected in gnupg2:

Importing a certificate with more than 98 Subject Alternate Names
via GPGSM's import command or implicitly while verifying a signature
causes GPGSM to reallocate an array with the names. The bug is that
the reallocation code misses assigning the reallocated array to the old
array variable and thus the old and freed array will be used. Usually
this leads to a segv (CVE-2010-2547).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been discovered and corrected in openldap:

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not
check the return value of a call to the smr_normalize function, which
allows remote attackers to cause a denial of service (segmentation
fault) and possibly execute arbitrary code via a modrdn call with an
RDN string containing invalid UTF-8 sequences, which triggers a free
of an invalid, uninitialized pointer in the slap_mods_free function, as
demonstrated using the Codenomicon LDAPv3 test suite (CVE-2010-0211).

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service
(crash) via a modrdn call with a zero-length RDN destination string,
which is not properly handled by the smr_normalize function and
triggers a NULL pointer dereference in the IA5StringNormalize function
in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test
suite (CVE-2010-0212).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been discovered and corrected in samba:

The chain_reply function in process.c in smbd in Samba before 3.4.8 and
3.5.x before 3.5.2 allows remote attackers to cause a denial of service
(NULL pointer dereference and process crash) via a Negotiate Protocol
request with a certain 0x0003 field value followed by a Session Setup
AndX request with a certain 0x8003 field value (CVE-2010-1635).

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in
Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to
trigger an out-of-bounds read, and cause a denial of service (process
crash), via a xffxff security blob length in a Session Setup AndX
request (CVE-2010-1642).

The updated packages provides samba 3.4.8 which is not vulnerable to
these issues.

The network settings were always disabled in the Pulseaudio
settings. This update makes the Pulseaudio preferences dialog work
again with the latest update of pulseaudio.

This is a maintenance and security update that upgrades php to 5.3.3
for 2010.0/2010.1.

Security Enhancements and Fixes in PHP 5.3.3:

* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
* Fixed a possible resource destruction issues in shm_put_var().
* Fixed a possible information leak because of interruption of
XOR operator.
* Fixed a possible memory corruption because of unexpected call-time
pass by refernce and following memory clobbering through callbacks.
* Fixed a possible memory corruption in ArrayObject::uasort().
* Fixed a possible memory corruption in parse_str().
* Fixed a possible memory corruption in pack().
* Fixed a possible memory corruption in substr_replace().
* Fixed a possible memory corruption in addcslashes().
* Fixed a possible stack exhaustion inside fnmatch().
* Fixed a possible dechunking filter buffer overflow.
* Fixed a possible arbitrary memory access inside sqlite extension.
* Fixed string format validation inside phar extension.
* Fixed handling of session variable serialization on certain prefix
characters.
* Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed possible buffer overflows in mysqlnd_list_fields,
mysqlnd_change_user.
* Fixed possible buffer overflows when handling error packets
in mysqlnd.

Additionally some of the third party extensions and required
dependencies has been upgraded and/or rebuilt for the new php version.

This is a maintenance and security update that upgrades php to 5.2.14
for CS4/MES5/2008.0/2009.0/2009.1.

Security Enhancements and Fixes in PHP 5.2.14:

* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
* Fixed a possible interruption array leak in
strrchr().(CVE-2010-2484)
* Fixed a possible interruption array leak in strchr(), strstr(),
substr(), chunk_split(), strtok(), addcslashes(), str_repeat(),
trim().
* Fixed a possible memory corruption in substr_replace().
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed a possible stack exaustion inside fnmatch().
* Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
* Fixed handling of session variable serialization on certain prefix
characters.
* Fixed a possible arbitrary memory access inside sqlite
extension. Reported by Mateusz Kocielski.

Additionally some of the third party extensions has been upgraded
and/or rebuilt for the new php version.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Ovidiu Mara reported a vulnerability in ping.c (iputils) that
could cause ping to hang when responding to a malicious echo reply
(CVE-2010-2529). The updated packages have been patched to correct
these issues.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update fixes a bug in rpmdrake where it would crashes when
clicking on details (bug #60153).

Multiple vulnerabilities has been found and corrected in freetype2:

Multiple integer underflows/overflows and heap buffer overflows was
discovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,
CVE-2010-2500, CVE-2010-2519).

A heap buffer overflow was discovered in the bytecode support. The
bytecode support is NOT enabled per default in Mandriva due to previous
patent claims, but packages by PLF is affected (CVE-2010-2520).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in ghostscript:

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via a crafted PDF document containing
a long name (CVE-2009-4897).

Ghostscript 8.64, 8.70, and possibly other versions allows
context-dependent attackers to execute arbitrary code via a
PostScript file containing unlimited recursive procedure invocations,
which trigger memory corruption in the stack of the interpreter
(CVE-2010-1628).

As a precaution ghostscriptc has been rebuilt to link against the
system libpng library which was fixed with MDVSA-2010:133

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in ghostscript:

Stack-based buffer overflow in the errprintf function in base/gsmisc.c
in ghostscript 8.64 through 8.70 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted PDF file, as originally reported for debug logging code in
gdevcups.c in the CUPS output driver (CVE-2009-4270).

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via a crafted PDF document containing
a long name (CVE-2009-4897).

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in ghostscript:

Stack-based buffer overflow in the errprintf function in base/gsmisc.c
in ghostscript 8.64 through 8.70 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted PDF file, as originally reported for debug logging code in
gdevcups.c in the CUPS output driver (CVE-2009-4270).

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via a crafted PDF document containing
a long name (CVE-2009-4897).

Ghostscript 8.64, 8.70, and possibly other versions allows
context-dependent attackers to execute arbitrary code via a
PostScript file containing unlimited recursive procedure invocations,
which trigger memory corruption in the stack of the interpreter
(CVE-2010-1628).

As a precaution ghostscript has been rebuilt to link against the
system libpng library which was fixed with MDVSA-2010:133

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in libpng:

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng
before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers
to cause a denial of service (memory exhaustion) via a crafted PNG file
(CVE-2008-6218.

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x
before 1.4.3, as used in progressive applications, might allow remote
attackers to execute arbitrary code via a PNG image that triggers an
additional data row (CVE-2010-1205).

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
1.4.3, allows remote attackers to cause a denial of service (memory
consumption and application crash) via a PNG image containing malformed
Physical Scale (aka sCAL) chunks (CVE-2010-2249).

As a precaution htmldoc has been rebuilt to link against the
system libpng library for CS4 and 2008.0. Latest xulrunner and
mozilla-thunderbird has been patched as a precaution for 2008.0 wheres
on 2009.0 and up the the system libpng library is used instead of the
bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is
therefore also being provided with this advisory.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in python:

Multiple integer overflows in audioop.c in the audioop module in
Ptthon allow context-dependent attackers to cause a denial of service
(application crash) via a large fragment, as demonstrated by a call
to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2008-3143.5 (CVE-2010-1634).

The audioop module in Python does not verify the relationships between
size arguments and byte string lengths, which allows context-dependent
attackers to cause a denial of service (memory corruption and
application crash) via crafted arguments, as demonstrated by a call
to audioop.reverse with a one-byte string, a different vulnerability
than CVE-2010-1634 (CVE-2010-2089).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

This is maintenance and bugfix release bringing php-xdebug-2.1.0
(final) that addreses some php-5.3.x specific issues.

Update:

Updated packages for Mandriva Linux 2010.1 is also provided.

Multiple format string and buffer overflow vulnerabilities has been
found and corrected in iscsitarget (CVE-2010-0743, CVE-2010-2221).

The updated packages have been patched to correct these issues.

It was discovered php-eaccelerator-0.9.6 did not work properly with
open_basedir for php-5.3.2. This advisory upgrades php-eaccelerator
to 0.9.6.1 which solves this problem.

Update:

It was discovered php-eaccelerator-0.9.6 did not work properly with
open_basedir for php-5.2.13. This advisory upgrades php-eaccelerator
to 0.9.6.1 which solves this problem.

A vulnerability has been found and corrected in heimdal:

Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
to crash due to a null pointer dereference in the GSS-API library
(CVE-2010-1321).

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in heimdal:

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5)
up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and
(b) Heimdal 0.7.2 and earlier, do not check return codes for setuid
calls, which allows local users to gain privileges by causing setuid
to fail to drop privileges using attacks such as resource exhaustion
(CVE-2006-3083).

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to
1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not
check return codes for setuid calls, which might allow local users to
gain privileges by causing setuid to fail to drop privileges. NOTE:
as of 20060808, it is not known whether an exploitable attack scenario
exists for these issues (CVE-2006-3084).

Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
to crash due to a null pointer dereference in the GSS-API library
(CVE-2010-1321).

The updated packages have been patched to correct these issues.

This is maintenance and bugfix release bringing php-xdebug-2.1.0
(final) that addreses some php-5.3.x specific issues.