This is a maintenance and security update that upgrades php to 5.2.14
for CS4/MES5/2008.0/2009.0/2009.1.

Security Enhancements and Fixes in PHP 5.2.14:

* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
* Fixed a possible interruption array leak in
strrchr().(CVE-2010-2484)
* Fixed a possible interruption array leak in strchr(), strstr(),
substr(), chunk_split(), strtok(), addcslashes(), str_repeat(),
trim().
* Fixed a possible memory corruption in substr_replace().
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed a possible stack exaustion inside fnmatch().
* Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
* Fixed handling of session variable serialization on certain prefix
characters.
* Fixed a possible arbitrary memory access inside sqlite
extension. Reported by Mateusz Kocielski.

Additionally some of the third party extensions has been upgraded
and/or rebuilt for the new php version.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The network settings were always disabled in the Pulseaudio
settings. This update makes the Pulseaudio preferences dialog work
again with the latest update of pulseaudio.

Ovidiu Mara reported a vulnerability in ping.c (iputils) that
could cause ping to hang when responding to a malicious echo reply
(CVE-2010-2529). The updated packages have been patched to correct
these issues.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update fixes a bug in rpmdrake where it would crashes when
clicking on details (bug #60153).

Multiple vulnerabilities has been found and corrected in freetype2:

Multiple integer underflows/overflows and heap buffer overflows was
discovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,
CVE-2010-2500, CVE-2010-2519).

A heap buffer overflow was discovered in the bytecode support. The
bytecode support is NOT enabled per default in Mandriva due to previous
patent claims, but packages by PLF is affected (CVE-2010-2520).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in ghostscript:

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via a crafted PDF document containing
a long name (CVE-2009-4897).

Ghostscript 8.64, 8.70, and possibly other versions allows
context-dependent attackers to execute arbitrary code via a
PostScript file containing unlimited recursive procedure invocations,
which trigger memory corruption in the stack of the interpreter
(CVE-2010-1628).

As a precaution ghostscriptc has been rebuilt to link against the
system libpng library which was fixed with MDVSA-2010:133

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in ghostscript:

Stack-based buffer overflow in the errprintf function in base/gsmisc.c
in ghostscript 8.64 through 8.70 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted PDF file, as originally reported for debug logging code in
gdevcups.c in the CUPS output driver (CVE-2009-4270).

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via a crafted PDF document containing
a long name (CVE-2009-4897).

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in ghostscript:

Stack-based buffer overflow in the errprintf function in base/gsmisc.c
in ghostscript 8.64 through 8.70 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted PDF file, as originally reported for debug logging code in
gdevcups.c in the CUPS output driver (CVE-2009-4270).

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption) via a crafted PDF document containing
a long name (CVE-2009-4897).

Ghostscript 8.64, 8.70, and possibly other versions allows
context-dependent attackers to execute arbitrary code via a
PostScript file containing unlimited recursive procedure invocations,
which trigger memory corruption in the stack of the interpreter
(CVE-2010-1628).

As a precaution ghostscript has been rebuilt to link against the
system libpng library which was fixed with MDVSA-2010:133

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in libpng:

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng
before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers
to cause a denial of service (memory exhaustion) via a crafted PNG file
(CVE-2008-6218.

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x
before 1.4.3, as used in progressive applications, might allow remote
attackers to execute arbitrary code via a PNG image that triggers an
additional data row (CVE-2010-1205).

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
1.4.3, allows remote attackers to cause a denial of service (memory
consumption and application crash) via a PNG image containing malformed
Physical Scale (aka sCAL) chunks (CVE-2010-2249).

As a precaution htmldoc has been rebuilt to link against the
system libpng library for CS4 and 2008.0. Latest xulrunner and
mozilla-thunderbird has been patched as a precaution for 2008.0 wheres
on 2009.0 and up the the system libpng library is used instead of the
bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is
therefore also being provided with this advisory.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in python:

Multiple integer overflows in audioop.c in the audioop module in
Ptthon allow context-dependent attackers to cause a denial of service
(application crash) via a large fragment, as demonstrated by a call
to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2008-3143.5 (CVE-2010-1634).

The audioop module in Python does not verify the relationships between
size arguments and byte string lengths, which allows context-dependent
attackers to cause a denial of service (memory corruption and
application crash) via crafted arguments, as demonstrated by a call
to audioop.reverse with a one-byte string, a different vulnerability
than CVE-2010-1634 (CVE-2010-2089).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

This is maintenance and bugfix release bringing php-xdebug-2.1.0
(final) that addreses some php-5.3.x specific issues.

Update:

Updated packages for Mandriva Linux 2010.1 is also provided.

Multiple format string and buffer overflow vulnerabilities has been
found and corrected in iscsitarget (CVE-2010-0743, CVE-2010-2221).

The updated packages have been patched to correct these issues.

It was discovered php-eaccelerator-0.9.6 did not work properly with
open_basedir for php-5.3.2. This advisory upgrades php-eaccelerator
to 0.9.6.1 which solves this problem.

Update:

It was discovered php-eaccelerator-0.9.6 did not work properly with
open_basedir for php-5.2.13. This advisory upgrades php-eaccelerator
to 0.9.6.1 which solves this problem.

A vulnerability has been found and corrected in heimdal:

Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
to crash due to a null pointer dereference in the GSS-API library
(CVE-2010-1321).

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in heimdal:

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5)
up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and
(b) Heimdal 0.7.2 and earlier, do not check return codes for setuid
calls, which allows local users to gain privileges by causing setuid
to fail to drop privileges using attacks such as resource exhaustion
(CVE-2006-3083).

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to
1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not
check return codes for setuid calls, which might allow local users to
gain privileges by causing setuid to fail to drop privileges. NOTE:
as of 20060808, it is not known whether an exploitable attack scenario
exists for these issues (CVE-2006-3084).

Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
to crash due to a null pointer dereference in the GSS-API library
(CVE-2010-1321).

The updated packages have been patched to correct these issues.

This is maintenance and bugfix release bringing php-xdebug-2.1.0
(final) that addreses some php-5.3.x specific issues.

A vulnerability has been found and corrected in lftp:

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not
properly validate a server-provided filename before determining the
destination filename of a download, which allows remote servers to
create or overwrite arbitrary files via a Content-Disposition header
that suggests a crafted filename, and possibly execute arbitrary
code as a consequence of writing to a dotfile in a home directory
(CVE-2010-2251).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally on 2008.0 lftp has been upgraded to 3.7.4.

The updated packages have been patched to correct this issue.

nss_ldap is now provided with krb5_ccname as compilation option.

This is a maintenance release that upgrades krb5 to 1.8.1 that adds
extended functionnalities.

Update:

The krb5-appl suite was missing with the previous update. This advisory
provides the ftp and telnet server/client applications.

This is a maintenance upgrade for ISC BIND that fixes some upstream
bugs.

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490