Multiple vulnerabilities has been found and corrected in php:

* Improved LCG entropy. (Rasmus, Samy Kamkar)
* Fixed safe_mode validation inside tempnam() when the directory
path does not end with a /). (Martin Jansen)
* Fixed a possible open_basedir/safe_mode bypass in the session
extension identified by Grzegorz Stachowiak. (Ilia)

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct these issues.

Fix packages signature management when a package is in 2
sub-repositories same version but different signature. This problem
occured when local media were used.

Revert third party integration for now as some issues were discovered.

Update:

The mmc-wizard-1.0-13.10mdvmes5 update packages brought new
unresolved dependancies wich prevented it from installing using
MandrivaUpdate. This advisory resolves this problem by providing the
missing packages.

A vulnerabilitiy has been found and corrected in apache:

The ap_read_request function in server/protocol.c in the Apache HTTP
Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does
not properly handle headers in subrequests in certain circumstances
involving a parent request that has a body, which might allow remote
attackers to obtain sensitive information via a crafted request that
triggers access to memory locations associated with an earlier request
(CVE-2010-0434).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

This update provides the OpenOffice.org 3.0 major version and holds
the security fixes for the following issues:

An integer underflow might allow remote attackers to execute arbitrary
code via crafted records in the document table of a Word document
leading to a heap-based buffer overflow (CVE-2009-0200).

An heap-based buffer overflow might allow remote attackers to execute
arbitrary code via unspecified records in a crafted Word document
related to table parsing. (CVE-2009-0201).

Multiple heap-based buffer overflows allow remote attackers to execute
arbitrary code via a crafted EMF+ file (CVE-2009-2140).

OpenOffice's xmlsec uses a bundled Libtool which might load .la
file in the current working directory allowing local users to gain
privileges via a Trojan horse file. For enabling such vulnerability
xmlsec has to use --enable-crypto_dl building flag however it does
not, although the fix keeps protected against this threat whenever
that flag had been enabled (CVE-2009-3736).

Additional packages are also being provided due to dependencies.

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

Add a buildrequire on python-twisted-core to get rid of a file deps
on /usr/bin/twistd

An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).

Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).

An integer overflow in the JBIG2 decoder allows remote attackers to
execute arbitrary code via a crafted PDF file (CVE-2009-1179).

A free of invalid data flaw in the JBIG2 decoder allows remote
attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).

A NULL pointer dereference flaw in the JBIG2 decoder allows remote
attackers to cause denial of service (crash) via a crafted PDF file
(CVE-2009-1181).

Multiple buffer overflows in the JBIG2 MMR decoder allows remote
attackers to cause denial of service or to execute arbitrary code
via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).

An integer overflow in the JBIG2 decoding feature allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187).

An integer overflow in the JBIG2 decoding feature allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted PDF document (CVE-2009-1188).

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x
before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,
does not properly allocate memory, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PDF document that triggers a NULL pointer
dereference or a heap-based buffer overflow (CVE-2009-3604).

Multiple integer overflows allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a crafted PDF file, related to (1) glib/poppler-page.cc; (2)
ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5)
JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc
in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10)
SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791
(CVE-2009-3605).

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf
before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might
allow remote attackers to execute arbitrary code via a crafted PDF
document that triggers a heap-based buffer overflow (CVE-2009-3606).

Integer overflow in the create_surface_from_thumbnail_data function
in glib/poppler-page.cc allows remote attackers to cause a denial of
service (memory corruption) or possibly execute arbitrary code via a
crafted PDF document that triggers a heap-based buffer overflow. NOTE:
some of these details are obtained from third party information
(CVE-2009-3607).

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).

Integer overflow in the ImageStream::ImageStream function in Stream.cc
in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,
kdegraphics KPDF, and CUPS pdftops, allows remote attackers to
cause a denial of service (application crash) via a crafted PDF
document that triggers a NULL pointer dereference or buffer over-read
(CVE-2009-3609).

Buffer overflow in the ABWOutputDev::endWord function in
poppler/ABWOutputDev.cc as used by the Abiword pdftoabw utility,
allows user-assisted remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted PDF file (CVE-2009-3938).
This update provides fixes for that vulnerabilities.

Revert third party integration for now as some issues were discovered.

This update provides lots of bugs fixes and new functionalities for
installation:
- Add pt_BR translation for Advanced and Others stack
- Add NuFW stack
- Open postinstall links in new window
- Add post-installation feature + supplementary text description in
bundle display
- Request my.mandriva.com account validation when media add fails
- Check if media is already configured
- Remember login lang setting with a cookie

Pam_krb5 2.2.14 through 2.3.4 generates different password prompts
depending on whether the user account exists, which allows remote
attackers to enumerate valid usernames (CVE-2009-1384).

This update provides the version 2.3.5 of pam_krb5, which is not
vulnerable to this issue.

This update provides the latest version of nufw software suite,
with many bugfixes and usage improvements.

Remove --update option when adding media on corporate product. This
allows users to add full sources through GUI interface.

This update adds module preloading to simplify the use of kvm. Proper
module will be loaded only if hardware configuration supports it.

Old version of slib was not compatible with some gnucash features,
which could cause crashes in the application. This bugfix update
features latest version of slib package and ensure it is correctly
registering into guile code repository. Additionally improvements was
done for the guile packages which is also provided with this advisory.

This bugfix release addresses a long standing problem when issuing
the halt or reboot commands on a remote Mandriva system. This led
to that the session wasn't closed properly. This advisory corrects
this problem.

A vulnerabilitiy has been found and corrected in apache:

mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not
sent after request headers indicate a request body is incoming;
this is not a case of HTTP_INTERNAL_SERVER_ERROR (CVE-2010-0408).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

A vulnerabilitiy has been found and corrected in sudo:

sudo 1.6.x before 1.6.9p21, when the runas_default option is used,
does not properly set group memberships, which allows local users to
gain privileges via a sudo command (CVE-2010-0427).

The updated packages have been patched to correct this issue.

A vulnerabilitiy has been found and corrected in mozilla-thunderbird:

Security researcher Alin Rad Pop of Secunia Research reported that
the HTML parser incorrectly freed used memory when insufficient space
was available to process remaining input. Under such circumstances,
memory occupied by in-use objects was freed and could later be filled
with attacker-controlled text. These conditions could result in the
execution or arbitrary code if methods on the freed objects were
subsequently called (CVE-2009-1571).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

This new release fix several bug in packaging: default rights on
/etc/cacti.conf, removal of temporary file, fix for cacti.conf
configuration, creation of cacti.log file.

Rsnapshot will automatically add --exclude=xxxx to the rsync
options for backups of the filesystem on which the snapshot-root
is located. This will be added to the rsync command-line AFTER the
rsync_short_args and rsync_long_args, but BEFORE any backup-specific
options. This means that the --exclude=xxxx will override whatever
backup-specific excludes are defined. This can be a problem if the
name of your snapshot-root is something which is common in many file
names. This version resolves this problems.