http://www.mandriva.com/en/security/advisories Mandriva security advisories en-us http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:100 A double free vulnerability in Perl 5.8.8 and earlier versions,<br /> allows context-dependent attackers to cause a denial of service<br /> (memory corruption and crash) via a crafted regular expression<br /> containing UTF8 characters.<br /> <br /> The updated packages have been patched to prevent this. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:062 This update fixes several minor issues:<br /> <br /> - some GUIes (eg: rpmdrake) would crash on clicking on the close<br /> button while they load (bug #35230)<br /> <br /> - draksec was crashing if the administrator refused to install<br /> (bug #38911)<br /> <br /> - localdrake: After changing the localization language from drakconf<br /> in a high security level, the permissions of /etc/sysconfig/i18n were<br /> changed such that the file was only readable by root. This caused<br /> graphical login via kdm to fail (bug #39027) http://www.mandriva.com/en/security/advisories?name=MDVA-2008:061 This update fixes a minor issue in rpmdrake; it prevents crashing<br /> if the RPM database is locked when trying to install some packages<br /> (bug #40244). http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:099 A heap-based buffer overflow vulnerability was found in how ImageMagick<br /> parsed XCF files. If ImageMagick opened a specially-crafted XCF<br /> file, it could be made to overwrite heap memory beyond the bounds<br /> of its allocated memory, potentially allowing an attacker to execute<br /> arbitrary code on the system running ImageMagick (CVE-2008-1096).<br /> <br /> Another heap-based buffer overflow vulnerability was found in how<br /> ImageMagick processed certain malformed PCX images. If ImageMagick<br /> opened a specially-crafted PCX image file, an attacker could<br /> possibly execute arbitrary code on the system running ImageMagick<br /> (CVE-2008-1097).<br /> <br /> The updated packages have been patched to correct these issues. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:060 An updated hal-info package fixes resume from suspend to RAM on<br /> HP 6710b systems. It had previously failed with a black screen on<br /> Mandriva Linux 2008.0. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:059 An updated XFdrake is available that corrects a number of bugs:<br /> <br /> - never write a ModeLine when using the fglrx driver (bug #30934)<br /> <br /> - if the EDID gives a valid EISA_ID, a valid 16/10 preferred<br /> resolution, but no HorizSync/VertRefresh, use a generic flat panel<br /> HorizSync/VertRefresh (needed for edid.lcd.Elonex-PR600)<br /> <br /> - add 800x480 (used on belinea s.book)<br /> <br /> - add 1024x600 (used on Samsung Q1Ultra) (bug #37889)<br /> <br /> - if the EDID gives a valid 16/10 preferred resolution (even if<br /> duplicated), but no HorizSync/VertRefresh, use a generic flat panel<br /> HorizSync/VertRefresh (needed for edid.lcd.dell-inspiron-6400,<br /> bug #37971) http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:098 A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers<br /> to bypass intended security restrictions enabling them to execute<br /> commands other than those specified by the ForceCommand directive,<br /> provided they are able to modify to ~/.ssh/rc (CVE-2008-1657).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:097 A vulnerability was found in start_kdeinit in KDE 3.5.5 through<br /> 3.5.9 where, if it was installed setuid root, it could allow local<br /> users to cause a denial of service or possibly execute arbitrary code<br /> (CVE-2008-1671).<br /> <br /> By default, start_kdeinit is not installed setuid root on Mandriva<br /> Linux, however updated packages have been patched to correct this<br /> issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:096 Steve Grubb found that the vcdiff script in Emacs create temporary<br /> files insecurely when used with SCCS. A local user could exploit a<br /> race condition to create or overwrite files with the privileges of<br /> the user invoking the program (CVE-2008-1694).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:058 This update enhances ndiswrapper drivers support (resolving bugs<br /> #28335, #34660, #37026, #37106), and madwifi driver support (resolving<br /> bugs #33044, #33531). It also fixes the configuration of cellular cards<br /> (bug ##36801). Also, some crashes have been fixed in the net_monitor<br /> tool (bugs #36537, #37635).