http://www.mandriva.com/en/security/advisories Mandriva security advisories en-us http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:180-1 Andreas Solberg found a denial of service flaw in how libxml2 processed<br /> certain content. If an application linked against libxml2 processed<br /> such malformed XML content, it could cause the application to stop<br /> responding (CVE-2008-3281).<br /> <br /> Update:<br /> <br /> The original fix used to correct this issue caused some applications<br /> that used the libxml2 library to crash. These new updated packages<br /> use a different fix that does not cause certain linked applications<br /> to crash as the old packages did. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:180 Andreas Solberg found a denial of service flaw in how libxml2 processed<br /> certain content. If an application linked against libxml2 processed<br /> such malformed XML content, it could cause the application to stop<br /> responding (CVE-2008-3281).<br /> <br /> The updated packages have been patched to prevent this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:179 An input validation flaw was found in X.org's MIT-SHM extension.<br /> A client connected to the X.org server could read arbitrary server<br /> memory, resulting in the disclosure of sensitive data of other users<br /> of the X.org server (CVE-2008-1379).<br /> <br /> Multiple integer overflows were found in X.org's Render extension.<br /> A malicious authorized client could explot these issues to cause a<br /> denial of service (crash) or possibly execute arbitrary code with<br /> root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,<br /> CVE-2008-2362).<br /> <br /> The Metisse program is likewise affected by these issues; the updated<br /> packages have been patched to prevent them. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:178 Alin Rad Pop found an array index vulnerability in the SDP parser<br /> of xine-lib. If a user or automated system were tricked into opening<br /> a malicious RTSP stream, a remote attacker could possibly execute<br /> arbitrary code with the privileges of the user using the program<br /> (CVE-2008-0073).<br /> <br /> The ASF demuxer in xine-lib did not properly check the length of<br /> ASF headers. If a user was tricked into opening a crafted ASF file,<br /> a remote attacker could possibly cause a denial of service or execute<br /> arbitrary code with the privileges of the user using the program<br /> (CVE-2008-1110).<br /> <br /> The Matroska demuxer in xine-lib did not properly verify frame sizes,<br /> which could possibly lead to the execution of arbitrary code if a<br /> user opened a crafted ASF file (CVE-2008-1161).<br /> <br /> Luigi Auriemma found multiple integer overflows in xine-lib. If a<br /> user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or<br /> CAK file, a remote attacker could possibly execute arbitrary code<br /> with the privileges of the user using the program (CVE-2008-1482).<br /> <br /> Guido Landi found A stack-based buffer overflow in xine-lib<br /> that could allow a remote attacker to cause a denial of service<br /> (crash) and potentially execute arbitrary code via a long NSF title<br /> (CVE-2008-1878).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:177 Guido Landi found A stack-based buffer overflow in xine-lib<br /> that could allow a remote attacker to cause a denial of service<br /> (crash) and potentially execute arbitrary code via a long NSF title<br /> (CVE-2008-1878).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:176 A stack-based buffer overflow was found in mtr prior to version 0.73<br /> that allowed remote attackers to execute arbitrary code via a crafted<br /> DNS PTR record, when called with the --split option (CVE-2008-2357).<br /> <br /> The updated packages provide mtr 0.73 which corrects this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:175 A format string vulnerability was discovered in yelp after version<br /> 2.19.90 and before 2.24 that could allow remote attackers to execute<br /> arbitrary code via format string specifiers in an invalid URI on the<br /> command-line or via URI helpers in Firefox, Evolution, or possibly<br /> other programs (CVE-2008-3533).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:174 Some vulnerabilities were discovered and corrected in the Linux<br /> 2.6 kernel:<br /> <br /> Linux kernel before 2.6.22.17, when using certain drivers that register<br /> a fault handler that does not perform range checks, allows local users<br /> to access kernel memory via an out-of-range offset. (CVE-2008-0007)<br /> <br /> The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and<br /> 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules;<br /> and (b) the gxsnmp package; does not properly validate length values<br /> during decoding of ASN.1 BER data, which allows remote attackers<br /> to cause a denial of service (crash) or execute arbitrary code via<br /> (1) a length greater than the working buffer, which can lead to an<br /> unspecified overflow; (2) an oid length of zero, which can lead to<br /> an off-by-one error; or (3) an indefinite length for a primitive<br /> encoding. (CVE-2008-1673)<br /> <br /> Linux kernel 2.6.18, and possibly other versions, when running on<br /> AMD64 architectures, allows local users to cause a denial of service<br /> (crash) via certain ptrace calls. (CVE-2008-1615)<br /> <br /> Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the<br /> Linux kernel before 2.6.25.3 allows remote attackers to cause a<br /> denial of service (memory consumption) via network traffic to a<br /> Simple Internet Transition (SIT) tunnel interface, related to the<br /> pskb_may_pull and kfree_skb functions, and management of an skb<br /> reference count. (CVE-2008-2136)<br /> <br /> Integer overflow in the sctp_getsockopt_local_addrs_old function in<br /> net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)<br /> functionality in the Linux kernel before 2.6.25.9 allows local users<br /> to cause a denial of service (resource consumption and system outage)<br /> via vectors involving a large addr_num field in an sctp_getaddrs_old<br /> data structure. (CVE-2008-2826)<br /> <br /> arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on<br /> some AMD64 systems does not erase destination memory locations after<br /> an exception during kernel memory copy, which allows local users to<br /> obtain sensitive information. (CVE-2008-2729)<br /> <br /> To update your kernel, please follow the directions located at:<br /> <br /> http://www.mandriva.com/en/security/kernelupdate http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:173 Kees Cook of Ubuntu security found a flaw in how poppler prior<br /> to version 0.6 displayed malformed fonts embedded in PDF files.<br /> An attacker could create a malicious PDF file that would cause<br /> applications using poppler to crash, or possibly execute arbitrary<br /> code when opened (CVE-2008-1693).<br /> <br /> This vulnerability also affected older versions of kpdf, so the<br /> updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:172 A flaw in Amarok prior to 1.4.10 would allow local users to overwrite<br /> arbitrary files via a symlink attack on a temporary file that Amarok<br /> created with a predictable name (CVE-2008-3699).<br /> <br /> The updated packages have been patched to correct this issue.