|
 |
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:069
Package : openvpn Problem Description: A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. Updated packages have been patched to correct this issue by removing setenv support. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1629 Updated Packages:
Mandriva Linux 2006.0:
Mandriva Linux 2006.0/X86_64:
Multi Network Firewall 2.0: To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
Type Bits/KeyID Date User ID
Mandriva Linux Security Advisory MDKSA-2006:070
Package : sash Problem Description: Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). Markus Oberhumber discovered additional ways that a specially-crafted compressed stream could trigger an overflow. An attacker could create such a stream that would cause a linked application to crash if opened by a user (CVE-2005-1849). Both of these issues have previously been fixed in zlib, but sash links statically against zlib and is thus also affected by these issues. New sash packages are available that link against the updated zlib packages. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849 Updated Packages:
Mandriva Linux 10.2:
Mandriva Linux 10.2/X86_64:
Mandriva Linux 2006.0:
Mandriva Linux 2006.0/X86_64:
Corporate 3.0:
Corporate 3.0/X86_64:
Multi Network Firewall 2.0: To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
Type Bits/KeyID Date User ID
Mandriva Linux Security Advisory MDKSA-2006:071
Package : xscreensaver Problem Description: Rdesktop, with xscreensaver < 4.18, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. Updated xscreensaver packages have been patched to correct this issue. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2655 Updated Packages:
Corporate 3.0:
Corporate 3.0/X86_64: To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
Type Bits/KeyID Date User ID Ubuntu LinuxUbuntu Security Notice USN-269-1 April 11, 2006 xscreensaver vulnerability CVE-2004-2655 A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) The following packages are affected:
xscreensaver The problem can be corrected by upgrading the affected package to version 4.16-1ubuntu3.1 (for Ubuntu 4.10), or 4.16-1ubuntu11.1 (for Ubuntu 5.04). After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: In some cases, xscreensaver did not properly grab the keyboard when reading the password for unlocking the screen, so that the password was typed into the currently active application window. The only known vulnerable case was when xscreensaver activated while an rdesktop session was currently active. Updated packages for Ubuntu 4.10: Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu3.1.diff.gz Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-gnome_4.16-1ubuntu3.1_all.deb amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu3.1_powerpc.deb Updated packages for Ubuntu 5.04: Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver_4.16-1ubuntu11.1.diff.gz Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/x/xscreensaver/xscreensaver-gnome_4.16-1ubuntu11.1_all.deb amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xscreensaver/xscreensaver-gl_4.16-1ubuntu11.1_powerpc.deb  
|
 |
|
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP |
