This update provides:

- Fix for bug #59541: Empty fields in media helpers not allowing the
addition of enterprise/restricted medias
- New feature: Offers powerpack media to Free/One users, and
re-subscription to Flash/Powerpack users.

A vulnerability has been found and corrected in imlib2:

imlib2 before 1.4.2 allows context-dependent attackers to have
an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG,
(4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several
heap and stack based buffer overflows - partly due to integer
overflows. (CVE-2008-6079).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

This is a maintenance release that upgrades krb5 to 1.8.1 that adds
extended functionnalities.

A bug in the x11-driver-input-evdev package could lead to crashes
in the Xorg server after read errors in input devices. This update
fixes this problem.

Firefox 3.6.6 modifies the crash protection feature to increase the
amount of time that plugins are allowed to be non-responsive before
being terminated.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:

Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers
to execute arbitrary code via unknown vectors that trigger memory
corruption, as demonstrated by Nils during a Pwn2Own competition at
CanSecWest 2010 (CVE-2010-1121).

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).

Integer overflow in the XSLT node sorting implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute
arbitrary code via a large text value for a node (CVE-2010-1199).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1200).

Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1202).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Security issues were identified and fixed in firefox:

An unspecified function in the JavaScript implementation in Mozilla
Firefox creates and exposes a temporary footprint when there is
a current login to a web site, which makes it easier for remote
attackers to trick a user into acting upon a spoofed pop-up message,
aka an in-session phishing attack. (CVE-2008-5913).

The JavaScript implementation in Mozilla Firefox 3.x allows remote
attackers to send selected keystrokes to a form field in a hidden
frame, instead of the intended form field in a visible frame, via
certain calls to the focus method (CVE-2010-1125).

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and
SeaMonkey before 2.0.5, does not properly handle situations in which
both Content-Disposition: attachment and Content-Type: multipart are
present in HTTP headers, which allows remote attackers to conduct
cross-site scripting (XSS) attacks via an uploaded HTML document
(CVE-2010-1197).

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10
and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote
attackers to execute arbitrary code via vectors involving multiple
plugin instances (CVE-2010-1198).

Integer overflow in the XSLT node sorting implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute
arbitrary code via a large text value for a node (CVE-2010-1199).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1200).

Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird
before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to
cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2010-1202).

Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2010-1203).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

This new mkinitrd release fixes hotplug command and thus firmware
loading inside nash, addressing failure with modules loaded inside
initrd which requests firmware.

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10
and 0.9.19 allows local users to change the ownership and permissions
of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary
file (CVE-2009-1299).

This update fixes this issue.

This update fixes a reported buffer overflow found with ntlm
authentication (MDV #59779).

This advisory obsoletes MDVA-2010:172

The file /etc/profile.d/gpg-agent.sh uses the source statement which
is not valid in sh or ksh. The source statement for sh, ksh, and
bash should be . rather than source. This update fixes this issue.

This update fixes a reported buffer overflow found with ntlm
authentication (MDV #59779).

Update:

This advisory is obsoleted by
http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:123

A vulnerability has been discovered and corrected in fastjar:

Directory traversal vulnerability in the extract_jar function
in jartool.c in FastJar 0.98 allows remote attackers to create
or overwrite arbitrary files via a .. (dot dot) in a non-initial
pathname component in a filename within a .jar archive, a related
issue to CVE-2005-1080. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2006-3619 (CVE-2010-0831).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

A vulnerability has been discovered and corrected in pango:

Array index error in the hb_ot_layout_build_glyph_classes function
in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows
context-dependent attackers to cause a denial of service (application
crash) via a crafted font file, related to building a synthetic
Glyph Definition (aka GDEF) table by using this font's charmap and
the Unicode property database (CVE-2010-0421).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

This update contains an important fix for YouTube video parsing,
fixing a problem which was introduced when YouTube introduced new
rating elements.

A vulnerability was reported in the SquirrelMail Mail Fetch plugin,
wherein (when the plugin is activated by the administrator) a user
is allowed to specify (without restriction) any port number for their
external POP account settings. While the intention is to allow users
to access POP3 servers using non-standard ports, this also allows
malicious users to effectively port-scan any server through their
SquirrelMail service (especially note that when a SquirrelMail server
resides on a network behind a firewall, it may allow the user to
explore the network topography (DNS scan) and services available
(port scan) on the inside of (behind) that firewall). As this
vulnerability is only exploitable post-authentication, and better
more specific port scanning tools are freely available, we consider
this vulnerability to be of very low severity. It has been fixed by
restricting the allowable POP port numbers (with an administrator
configuration override available) (CVE-2010-1637).

The updated packages have been patched to correct this issue.

Fix typo in initscript headers of mmc-agent

Update:

The MDVA-2010:165 advisory provided the wrong set of packages that
is now resolved.

A vulnerability has been discovered and corrected in samba:

Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory
corruption vulnerability. Code dealing with the chaining of SMB1
packets did not correctly validate an input field provided by the
client, making it possible for a specially crafted packet to crash
the server or potentially cause the server to execute arbitrary code
(CVE-2010-2063).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

A vulnerability has been discovered and corrected in sudo:

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and
1.7.0 through 1.7.2p6 does not properly handle an environment that
contains multiple PATH variables, which might allow local users
to gain privileges via a crafted value of the last PATH variable
(CVE-2010-1646).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

A vulnerability has been discovered and corrected in cacti:

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier
allows remote attackers to execute arbitrary SQL commands via the
rra_id parameter in a GET request in conjunction with a valid rra_id
value in a POST request or a cookie, which bypasses the validation
routine (CVE-2010-2092).

The updated packages have been patched to correct this issue.