Mandriva

A double free vulnerability in Perl 5.8.8 and earlier versions,
allows context-dependent attackers to cause a denial of service
(memory corruption and crash) via a crafted regular expression
containing UTF8 characters.

The updated packages have been patched to prevent this.

This update fixes several minor issues:

- some GUIes (eg: rpmdrake) would crash on clicking on the close
button while they load (bug #35230)

- draksec was crashing if the administrator refused to install
(bug #38911)

- localdrake: After changing the localization language from drakconf
in a high security level, the permissions of /etc/sysconfig/i18n were
changed such that the file was only readable by root. This caused
graphical login via kdm to fail (bug #39027)

This update fixes a minor issue in rpmdrake; it prevents crashing
if the RPM database is locked when trying to install some packages
(bug #40244).

An updated hal-info package fixes resume from suspend to RAM on
HP 6710b systems. It had previously failed with a black screen on
Mandriva Linux 2008.0.

An updated XFdrake is available that corrects a number of bugs:

- never write a ModeLine when using the fglrx driver (bug #30934)

- if the EDID gives a valid EISA_ID, a valid 16/10 preferred
resolution, but no HorizSync/VertRefresh, use a generic flat panel
HorizSync/VertRefresh (needed for edid.lcd.Elonex-PR600)

- add 800x480 (used on belinea s.book)

- add 1024x600 (used on Samsung Q1Ultra) (bug #37889)

- if the EDID gives a valid 16/10 preferred resolution (even if
duplicated), but no HorizSync/VertRefresh, use a generic flat panel
HorizSync/VertRefresh (needed for edid.lcd.dell-inspiron-6400,
bug #37971)

A heap-based buffer overflow vulnerability was found in how ImageMagick
parsed XCF files. If ImageMagick opened a specially-crafted XCF
file, it could be made to overwrite heap memory beyond the bounds
of its allocated memory, potentially allowing an attacker to execute
arbitrary code on the system running ImageMagick (CVE-2008-1096).

Another heap-based buffer overflow vulnerability was found in how
ImageMagick processed certain malformed PCX images. If ImageMagick
opened a specially-crafted PCX image file, an attacker could
possibly execute arbitrary code on the system running ImageMagick
(CVE-2008-1097).

The updated packages have been patched to correct these issues.

A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers
to bypass intended security restrictions enabling them to execute
commands other than those specified by the ForceCommand directive,
provided they are able to modify to ~/.ssh/rc (CVE-2008-1657).

The updated packages have been patched to correct this issue.

A vulnerability was found in start_kdeinit in KDE 3.5.5 through
3.5.9 where, if it was installed setuid root, it could allow local
users to cause a denial of service or possibly execute arbitrary code
(CVE-2008-1671).

By default, start_kdeinit is not installed setuid root on Mandriva
Linux, however updated packages have been patched to correct this
issue.

Steve Grubb found that the vcdiff script in Emacs create temporary
files insecurely when used with SCCS. A local user could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program (CVE-2008-1694).

The updated packages have been patched to correct this issue.

This update enhances ndiswrapper drivers support (resolving bugs
#28335, #34660, #37026, #37106), and madwifi driver support (resolving
bugs #33044, #33531). It also fixes the configuration of cellular cards
(bug ##36801). Also, some crashes have been fixed in the net_monitor
tool (bugs #36537, #37635).

A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could
allow user-assisted remote attackers to execute arbitrary Java code
via crafted database documents (CVE-2007-4575).

A heap overflow was discovered in OpenOffice.org's EMF parser.
An attacker could create a carefully crafted EMF file that could
cause OpenOffice.org to crash or potentially execute arbitrary code
if the malicious EMF image was added to a document or if a document
containing such an EMF file was opened (CVE-2007-5746).

Multiple heap overflows and an integer underflow were discovered in the
Quattro Pro(R) import filter. An attacker could create a carefully
crafted Quattro Pro file that could cause OpenOffice.org ro crash or
potentially execute arbitraty code (CVE-2007-5745, CVE-2007-5747).

A heap overflow was discovered in the OLE Structured Storage file
parser, a format used by Microsoft Office documents. An attacker could
create a carefully crafted OLE file that could cause OpenOffice.org
to crash or potentially execute arbitrary code (CVE-2008-0320).

The updated packages have been patched to correct these issues.

Some commercial Windows programs did not run under previous builds of
Wine, producing an error message notifying the user that a debugger
has been detected. This update corrects the issue.

Amazon.com has removed support for the cover image fetching API used
in rhythmbox. This updates to the new API to make cover image support
work again.

Mandriva Linux 2008.1 introduced an improved Finnish default keyboard
layout called Kotoistus. This layout adds altgr-space as a key
combination for non-breaking space. However, that key combination can
be easily hit accidentally when a normal space was intended instead,
especially after typing the pipe character. This update removes the
new key combination. Non-breaking space can still be typed via the
traditional combination altgr-shift-space.

The freeradius package included in Mandriva Linux 2008.1 had hardcoded
the use of the '-y' option in its initscript, which is no longer
a valid option in the new major version of 2.0. As a result, the
initscript was unable to launch the service correctly. As well,
a file name error in the EAP module configuration triggered an error
at launch.

Both issues are corrected with this update package.

The last line in notification bubbles created by programs like
gnome-power-manager was truncated. This update makes those
notifications readable.

Updated Mesa packages are available that correct a problem of reversed
logic in Mesa 7.0.3rc2 on Intel i965 cards.

A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).

The updated packages have been patched to correct this issue.

A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).

The ogg123 application in vorbis-tools is similarly affected by
this issue.

The updated packages have been patched to correct this issue.

A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).

The speex plugin in the gstreamer-plugins-good package is similarly
affected by this issue.

The updated packages have been patched to correct this issue.