Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Mandrake Linux Advisory: 9.1, ldetect, kde3

Apr 24, 2003, 18:54 (0 Talkback[s])
______________________________________________________________________
                     Mandrake Linux Update Advisory
______________________________________________________________________
Package name:           9.1
Advisory ID:            MDKA-2003:004-1
Date:                   April 24th, 2003
Original Advisory Date: April 10th, 2003
Affected versions:      9.1
______________________________________________________________________
Problem Description:
 The following updates provide certain fixes to Mandrake Linux 9.1:
 
 It was discovered that the Mandrake Galaxy theme would cause crashes in
 certain programs such as Downloader4X.  It would also cause a crash in
 languages such as Arabic and Hebrew.  This update provides a fix.
 
 Two bugs were discovered in the Mandrake Control Center:  The first 
 kills "explicitly non-embeddable" processes when killing embedded 
 tools, and the second prevented menudrake from being executed by users
 other than root and the owner of the X server.
 
 All non-latin locales in rfbdrake are completely broken due to bad
 utf8 handling.
 
 A number of printer-related fixes have been made:  
 
 - Ghostscript now supports PNG again; the Ghostscript shipped with 9.1
 was missing PNG support.  
 
 - Many HP LaserJet printers had two "Duplex" options when used with the
 "ljet4d" or "Postscript" drivers.
 
 - The "PrintoutMode" option of the "pxlmono" driver (PCL 6, most newer 
 non-PostScript laser printers) did not set the resolution.
 
 - Problems printing on the HP LaserJet 1000 should be solved now.
 
 - The Lexmark Z31 printed only bi-directionally giving very poor 
 quality, now it prints uni-directionally by default (much better 
 quality), and bi-directional printing is an option.
 
 - ICC profile support (color correction) for the Minolta MagiColor
 2200/2300 DL printers.
 
 - All Foomatic printer IDs are clear-text now; no more cryptic numbers
 when using "foomatic-configure" to set up printers on the command line.
 Users can now setup printers without looking up the ID number first.
 
 - Changes were made so that upgrading from 9.0 and older would not
 require a regeneration of the Foomatic print queues.
 
 A number of fixes were also made to the drakxtools programs,
 specifically:  
 
 - In drakfloppy, when attempting to create a boot disk, the 
 configuration works fine but will fail and crash when actually
 generating the boot floppy.
 
 - Some strings were not translated in harddrake.
 
 - The harddrake service timeout was only 5 seconds which was too short
 so it has been changed to a 25s timeout.
 
 - In draktermserv, initrd was mistakenly named initrdrd.
 
 - Due to unuseable fonts for Arabic, Arabic support has been disabled
 in the tools.
 
 - Fixes were made to xfdrake to work better with some Intel video cards.
 
 - A number of bugs were corrected in drakconnect.
 
 - Drakboot would crash if any errors occured during lilo or grub
 regeneration of the mbr; now drakboot will display the error instead
 of crashing.
 
 MandrakeClub users use a special downloading mechanism involving HTTP
 redirection with authentication.  There is a problem in the downloading
 backend using in 9.1 (the curl program) which prevents the redirection
 from happening correctly.  Under urpmi, users experiencing this problem
 see the error message "unable to register rpm file.  Everything already
 installed" when trying to install a package (a workaround is to force
 the use of wget, or use the redirection (the URL beginning with 
 https://) directly).  Under rpmdrake, the error message is "The 
 signature of the package is not correct; Could not read lead bytes".
 There is no workaround in rpmdrake.
 
 As well, a UTF8 issue was fixed in grpmi.
 
 The provided packages correct all of these problems.
  
Update:
 The versioning information was incorrect for the drakxtools and
 drakconf updates which would not allow the updates to be seen by
 certain x86 users.
 
 Other fixes to drakxtools have also been included:
 
 - Compatibility keys management in X11 has been fixed
 
 - A typeo in drakconnect that would break LAN configuration has
 been corrected.
______________________________________________________________________
References:
______________________________________________________________________
Updated Packages:
  
 Mandrake Linux 9.1:
 53daa2c3f8ee4c974a83a9ef1e83cbe2  9.1/RPMS/drakconf-9.1-13.1mdk.i586.rpm
 4e56e94c46c9d70a6a77b9f2831c76ba  9.1/RPMS/drakxtools-9.1-31.1mdk.i586.rpm
 32a8892a633620b07a4a23108100c135  9.1/RPMS/drakxtools-http-9.1-31.1mdk.i586.rpm
 12ef76f98c3ba53040d8ee8a5ab8a18a  9.1/RPMS/drakxtools-newt-9.1-31.1mdk.i586.rpm
 5c0c398bf0c29b1e8849ad00fe4b195b  9.1/RPMS/harddrake-9.1-31.1mdk.i586.rpm
 b10fca1b846154a79ab382f78fdee2d1  9.1/RPMS/harddrake-ui-9.1-31.1mdk.i586.rpm
 764f3c5e9bbbd704aecd02c586426589  9.1/SRPMS/drakconf-9.1-13.1mdk.src.rpm
 d305004f89dfe57422a74a07536b7dc6  9.1/SRPMS/drakxtools-9.1-31.1mdk.src.rpm
 Mandrake Linux 9.1/PPC:
 46c9fdb79ba4817f19b9d619f2254b13  ppc/9.1/RPMS/drakxtools-9.1-31.1mdk.ppc.rpm
 06667332070239ee9bf380498b94b5c6  ppc/9.1/RPMS/drakxtools-http-9.1-31.1mdk.ppc.rpm
 bb261108cb312ef9a38cc88657fed72d  ppc/9.1/RPMS/drakxtools-newt-9.1-31.1mdk.ppc.rpm
 6c88773fc2c7ae1e9e4f1954b59193d6  ppc/9.1/RPMS/harddrake-9.1-31.1mdk.ppc.rpm
 96d7b80048600f441e13f136e1b2d808  ppc/9.1/RPMS/harddrake-ui-9.1-31.1mdk.ppc.rpm
 d305004f89dfe57422a74a07536b7dc6  ppc/9.1/SRPMS/drakxtools-9.1-31.1mdk.src.rpm
______________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
  
  3506 - Downloader 4 X crashes under galaxy theme
  2439 - Menudarke : Problem of configuration user
  3415 - Erroneous close of rpmdrake (crash?) related to drakxtools
  2826 - Drakboot dies if there is a blank char (space) in entry
  3676 - not enough room for error message
  1675 - Widget Placement
______________________________________________________________________
To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:
  http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig <filename>
All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:
  https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
  http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:
  http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
  security_linux-mandrake.com
Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
______________________________________________________________________
                     Mandrake Linux Update Advisory
______________________________________________________________________
Package name:           ldetect
Advisory ID:            MDKA-2003:005
Date:                   April 24th, 2003
Affected versions:      9.0, 9.1, Corporate Server 2.1
______________________________________________________________________
Problem Description:
 Previous ldetect packages could freeze systems when harddrake
 probed for PCI information on the computer.  This only occured
 rarely on some systems, when reading too much data from the PCI
 configuration space would result in a freeze of the system.
 
 This has been fixed in the ldetect engine by not buffering such
 reads, and only to read as many bytes as required from the PCI
 configuration space as exported by the kernel in/proc/bus/pci/*/*.
______________________________________________________________________
References:
______________________________________________________________________
Updated Packages:
  
 Corporate Server 2.1:
 869c7a6c078a50c9a3c9014c1ffab8dd  corporate/2.1/RPMS/ldetect-0.4.6-6.1mdk.i586.rpm
 3298b9da98e3dd57e272d3ff2130d6bb  corporate/2.1/RPMS/ldetect-devel-0.4.6-6.1mdk.i586.rpm
 f298fcfc2ea03778fbc3643c33517e82  corporate/2.1/SRPMS/ldetect-0.4.6-6.1mdk.src.rpm
 Mandrake Linux 9.0:
 869c7a6c078a50c9a3c9014c1ffab8dd  9.0/RPMS/ldetect-0.4.6-6.1mdk.i586.rpm
 3298b9da98e3dd57e272d3ff2130d6bb  9.0/RPMS/ldetect-devel-0.4.6-6.1mdk.i586.rpm
 f298fcfc2ea03778fbc3643c33517e82  9.0/SRPMS/ldetect-0.4.6-6.1mdk.src.rpm
 Mandrake Linux 9.1:
 9b1aa0b3f53e19501d90c34fa4310003  9.1/RPMS/ldetect-0.4.8-1.1mdk.i586.rpm
 01cbf434dde6bec7aea6ef3142030a56  9.1/RPMS/ldetect-devel-0.4.8-1.1mdk.i586.rpm
 ed0126f26fe004c3aca7c767fd94f9ff  9.1/SRPMS/ldetect-0.4.8-1.1mdk.src.rpm
 Mandrake Linux 9.1/PPC:
 d5fe01b266aa609770de5f3fac7f3e2a  ppc/9.1/RPMS/ldetect-0.4.8-1.1mdk.ppc.rpm
 8978f8f01900b5d4bdda38ef623d5702  ppc/9.1/RPMS/ldetect-devel-0.4.8-1.1mdk.ppc.rpm
 ed0126f26fe004c3aca7c767fd94f9ff  ppc/9.1/SRPMS/ldetect-0.4.8-1.1mdk.src.rpm
______________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
______________________________________________________________________
To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:
  http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig <filename>
All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:
  https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
  http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:
  http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
  security_linux-mandrake.com
Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
______________________________________________________________________
                Mandrake Linux Security Update Advisory
______________________________________________________________________
Package name:           kde3
Advisory ID:            MDKSA-2003:049-1
Date:                   April 24th, 2003
Original Advisory Date: April 17th, 2003
Affected versions:      9.1
______________________________________________________________________
Problem Description:
 A vulnerability was discovered by the KDE team in the way that KDE
 uses Ghostscript for processing PostScript and PDF files.  A malicious
 attacker could provide a carefully constructed PDF or PostScript file
 to an end user (via web or mail) that could lead to the execution of
 arbitrary commands as the user viewing the file.  The vulnerability
 can be triggered even by the browser generating a directory listing
 with thumbnails.
 
 All users are encouraged to upgrade to these new kdegraphics, kdebase,
 and kdelibs packages that contain patches to correct the problem.
 This issue is corrected upstream in KDE 3.0.5b and KDE 3.1.1a.
  
Update:
 The previous update was missing a fix in kdebase specific to HP 
 machines.  This has been corrected.
______________________________________________________________________
References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0204
  http://www.kde.org/info/security/advisory-20030409-1.txt
______________________________________________________________________
Updated Packages:
  
 Mandrake Linux 9.1:
 51635c23eef874e2379e60609125035c  9.1/RPMS/kdebase-3.1-83.3mdk.i586.rpm
 c96b3cd85f844f5627ab90f79f9e855f  9.1/RPMS/kdebase-devel-3.1-83.3mdk.i586.rpm
 5f1acb64918640c3a82da41ab973f102  9.1/RPMS/kdebase-kdm-3.1-83.3mdk.i586.rpm
 96177d2fb0018e1562e73e9d9bd1dcac  9.1/RPMS/kdebase-nsplugins-3.1-83.3mdk.i586.rpm
 932b1ac750587c229e3ea0286bbd0147  9.1/SRPMS/kdebase-3.1-83.3mdk.src.rpm
______________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
______________________________________________________________________
To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:
  http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig <filename>
All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:
  https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
  http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:
  http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
  security_linux-mandrake.com
Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>