Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2005 > Mandriva Linux Security Update Advisories - lynx; dia; graphviz; imap; nss_ldap; ruby and xli

October 2005

Mandriva Linux Security Update Advisories - lynx; dia; graphviz; imap; nss_ldap; ruby and xli

ID: 00926
Ref: 866/2005
Date: 21 October 2005:09:21:23
Version: 1
Title: Mandriva Linux Security Update Advisories - lynx; dia; graphviz; imap; nss_ldap; ruby and xli
Abstract: Description of various Mandriva product vulnerabilities
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: lynx
Advisory ID: MDKSA-2005:186
Date: October 17th, 2005

Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________

Problem Description:

Ulf Harnhammar discovered a remote buffer overflow in lynx versions
2.8.2 through 2.8.5.

When Lynx connects to an NNTP server to fetch information about the
available articles in a newsgroup, it will call a function called
HTrjis() with the information from certain article headers. The
function adds missing ESC characters to certain data, to support
Asian character sets. However, it does not check if it writes outside
of the char array buf, and that causes a remote stack-based buffer
overflow, with full control over EIP, EBX, EBP, ESI and EDI.

Two attack vectors to make a victim visit a URL to a dangerous news
server are: (a) *redirecting scripts*, where the victim visits some
web page and it redirects automatically to a malicious URL, and
(b) *links in web pages*, where the victim visits some web page
and selects a link on the page to a malicious URL. Attack vector
(b) is helped by the fact that Lynx does not automatically display
where links lead to, unlike many graphical web browsers.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3120
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.1:
03a47f29118c2291a3bf9a355273560c 10.1/RPMS/lynx-2.8.5-1.1.101mdk.i586.rpm
0e7e4cd9c64861a7d0a284fb6b9be9e3 10.1/SRPMS/lynx-2.8.5-1.1.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
657c0cd7d9226c5b1f8b57c19e72f657 x86_64/10.1/RPMS/lynx-2.8.5-1.1.101mdk.x86_64.rpm
0e7e4cd9c64861a7d0a284fb6b9be9e3 x86_64/10.1/SRPMS/lynx-2.8.5-1.1.101mdk.src.rpm

Mandrivalinux 10.2:
e81251fccbdd21bdaebd963e6e2ed1d2 10.2/RPMS/lynx-2.8.5-1.1.102mdk.i586.rpm
6e5cceb1a9bdf36e7f8eab2ecc08799f 10.2/SRPMS/lynx-2.8.5-1.1.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
411f4dc65bf8c58a55a92cdb3be9ef53 x86_64/10.2/RPMS/lynx-2.8.5-1.1.102mdk.x86_64.rpm
6e5cceb1a9bdf36e7f8eab2ecc08799f x86_64/10.2/SRPMS/lynx-2.8.5-1.1.102mdk.src.rpm

Mandrivalinux 2006.0:
ee92cfae1cce73b8084cf6ad2c6d1381 2006.0/RPMS/lynx-2.8.5-4.1.20060mdk.i586.rpm
a022a76a884e198cf4f331a4d71c7d20 2006.0/SRPMS/lynx-2.8.5-4.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
46833e32f2c958d8fb544654efd4ab83 x86_64/2006.0/RPMS/lynx-2.8.5-4.1.20060mdk.x86_64.rpm
a022a76a884e198cf4f331a4d71c7d20 x86_64/2006.0/SRPMS/lynx-2.8.5-4.1.20060mdk.src.rpm

Multi Network Firewall 2.0:
f43a161be8fb6049d3f2361b5ead799a mnf/2.0/RPMS/lynx-2.8.5-1.1.M20mdk.i586.rpm
570c3679d4d38e62c21e570ab37f5bfe mnf/2.0/SRPMS/lynx-2.8.5-1.1.M20mdk.src.rpm

Corporate Server 2.1:
b18b5f89f3a8389362a9f67acfb87a2c corporate/2.1/RPMS/lynx-2.8.5-0.10.2.C21mdk.dev.8.i586.rpm
3d6af86d010f884152fd30f7fdd0bcb9 corporate/2.1/SRPMS/lynx-2.8.5-0.10.2.C21mdk.dev.8.src.rpm

Corporate Server 2.1/X86_64:
d4e5c0107a09cef8d142ca666d049303 x86_64/corporate/2.1/RPMS/lynx-2.8.5-0.10.2.C21mdk.dev.8.x86_64.rpm
3d6af86d010f884152fd30f7fdd0bcb9 x86_64/corporate/2.1/SRPMS/lynx-2.8.5-0.10.2.C21mdk.dev.8.src.rpm

Corporate 3.0:
970bef84ca43e8855569efad58455c47 corporate/3.0/RPMS/lynx-2.8.5-1.1.C30mdk.i586.rpm
c456757c4be351906911fc7827ffb348 corporate/3.0/SRPMS/lynx-2.8.5-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
5df091387574a783a1a9cae4008f7dcb x86_64/corporate/3.0/RPMS/lynx-2.8.5-1.1.C30mdk.x86_64.rpm
c456757c4be351906911fc7827ffb348 x86_64/corporate/3.0/SRPMS/lynx-2.8.5-1.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDVNlzmqjQ0CJFipgRAiK/AKDjzBUwzaHQMJdid4dk85XnzAyFRQCgukjX
uETiVPPn6yJFpJUZwhcA1oo=
=6SF+
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: dia
Advisory ID: MDKSA-2005:187
Date: October 20th, 2005

Affected versions: 10.2, 2006.0
______________________________________________________________________

Problem Description:

Joxean Koret discovered that the Python SVG import plugin in dia,
a vector-oriented diagram editor, does not properly sanitise data
read from an SVG file and is hence vulnerable to execute arbitrary
Python code.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2966
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.2:
0c8a73f7bd63bad23baaec2241b4423c 10.2/RPMS/dia-0.94-4.1.102mdk.i586.rpm
8e8d94c15c4eab00428ae0094f5512a5 10.2/SRPMS/dia-0.94-6.1.20060mdk.src.rpm

Mandrivalinux 10.2/X86_64:
ac4d0bc7654a02cd150693c89d47654b x86_64/10.2/RPMS/dia-0.94-4.1.102mdk.x86_64.rpm
8e8d94c15c4eab00428ae0094f5512a5 x86_64/10.2/SRPMS/dia-0.94-6.1.20060mdk.src.rpm

Mandrivalinux 2006.0:
f15f857ac65e4071d2a54a8037fce302 2006.0/RPMS/dia-0.94-6.1.20060mdk.i586.rpm
8e8d94c15c4eab00428ae0094f5512a5 2006.0/SRPMS/dia-0.94-6.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
394b409242bd4271c4cd0e22e86cdf5b x86_64/2006.0/RPMS/dia-0.94-6.1.20060mdk.x86_64.rpm
8e8d94c15c4eab00428ae0094f5512a5 x86_64/2006.0/SRPMS/dia-0.94-6.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDWIhcmqjQ0CJFipgRAvQBAKCQQt7dZx/PrY/PLcb0QpbPl4jwpwCg5Lwz
jnuh6gRJU745VJdTZhL3Zrk=
=xkc6
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: graphviz
Advisory ID: MDKSA-2005:188
Date: October 20th, 2005

Affected versions: 10.2, 2006.0
______________________________________________________________________

Problem Description:

Javier Fernández-Sanguino Peña discovered insecure temporary file
creation in graphviz, a rich set of graph drawing tools, that can be
exploited to overwrite arbitrary files by a local attacker.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2965
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.2:
9d0b8399200df96484fd7468a008b76b 10.2/RPMS/graphviz-2.2-3.1.102mdk.i586.rpm
619146bf760e72b75edfc4574fdc4e46 10.2/RPMS/libgraphviz7-2.2-3.1.102mdk.i586.rpm
a7be06004d84c8cd9c12e5116ebd4b7c 10.2/RPMS/libgraphviz7-devel-2.2-3.1.102mdk.i586.rpm
b84a713fefe4b4a9034fb83d0ce7317d 10.2/RPMS/libgraphviztcl7-2.2-3.1.102mdk.i586.rpm
68b886a29dc2d462f9f244bbac5579db 10.2/RPMS/libgraphviztcl7-devel-2.2-3.1.102mdk.i586.rpm
aeb17f5e10328aab9ad91bf0b8cad36e 10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
b9a03ec322f71cdf568cbf34921b2788 x86_64/10.2/RPMS/graphviz-2.2-3.1.102mdk.x86_64.rpm
247106d295206c27fefd346c055552cd x86_64/10.2/RPMS/lib64graphviz7-2.2-3.1.102mdk.x86_64.rpm
2c804f5c76a2644f3446c81acdac7aac x86_64/10.2/RPMS/lib64graphviz7-devel-2.2-3.1.102mdk.x86_64.rpm
9d9e27f634afaed1a66d581d578898e9 x86_64/10.2/RPMS/lib64graphviztcl7-2.2-3.1.102mdk.x86_64.rpm
a5eab811ca6f0dd579932e441452a130 x86_64/10.2/RPMS/lib64graphviztcl7-devel-2.2-3.1.102mdk.x86_64.rpm
aeb17f5e10328aab9ad91bf0b8cad36e x86_64/10.2/SRPMS/graphviz-2.2-3.1.102mdk.src.rpm

Mandrivalinux 2006.0:
caebfdb43cbd357c8abc549160613983 2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.i586.rpm
bf374b0bc329f4dc68b34b9fe3b5fd3e 2006.0/RPMS/libgraphviz7-2.2.1-3.1.20060mdk.i586.rpm
d7284cdc65c9f5339d14be05ae1b2136 2006.0/RPMS/libgraphviz7-devel-2.2.1-3.1.20060mdk.i586.rpm
926fa5fdcd6e919205ef50433ecf39a0 2006.0/RPMS/libgraphviztcl7-2.2.1-3.1.20060mdk.i586.rpm
1bd24268a3d2735b47c2492bb21f63bc 2006.0/RPMS/libgraphviztcl7-devel-2.2.1-3.1.20060mdk.i586.rpm
526f759a2f2ebbbbc29207c0b8e579ed 2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
5a015d5e8932b6fa63a5b13eaf285d60 x86_64/2006.0/RPMS/graphviz-2.2.1-3.1.20060mdk.x86_64.rpm
3a8a76af72aaa2350f71250e9a3d8bb0 x86_64/2006.0/RPMS/lib64graphviz7-2.2.1-3.1.20060mdk.x86_64.rpm
73cae708e93dbdd454f8c944f3242f19 x86_64/2006.0/RPMS/lib64graphviz7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
7f59d48923080c9f81af0041c2d5a8a4 x86_64/2006.0/RPMS/lib64graphviztcl7-2.2.1-3.1.20060mdk.x86_64.rpm
7e582a89f65b33bf55a28200cef0d51e x86_64/2006.0/RPMS/lib64graphviztcl7-devel-2.2.1-3.1.20060mdk.x86_64.rpm
526f759a2f2ebbbbc29207c0b8e579ed x86_64/2006.0/SRPMS/graphviz-2.2.1-3.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFDWIjKmqjQ0CJFipgRAjCgAKDQM6cllVNyPXlVxTD7mgBbkW3giQCY75xo
697WJt3QgPdKwmfLQnIaew==
=mwcy
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: imap
Advisory ID: MDKSA-2005:189
Date: October 20th, 2005

Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

"infamous41md" discovered a buffer overflow in uw-imap, the
University of Washington's IMAP Server that allows attackers to
execute arbitrary code.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.1:
69c58eb0032175f0ad4c11b20bb0950d 10.1/RPMS/imap-2004-2.4.101mdk.i586.rpm
095bb4428a4dcfa8dbb1113faa816eb0 10.1/RPMS/imap-devel-2004-2.4.101mdk.i586.rpm
be56925357c2bd87e8d3ab2320425f25 10.1/RPMS/imap-utils-2004-2.4.101mdk.i586.rpm
fb97f03b7370293a13968f1a81d2a1fb 10.1/RPMS/libc-client-php0-2004-2.4.101mdk.i586.rpm
9d1bc41bc1a47badbf5dd85a608881cd 10.1/RPMS/libc-client-php0-devel-2004-2.4.101mdk.i586.rpm
41346e4e6d6cce99d39b17500797a68d 10.1/SRPMS/imap-2004-2.4.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
ac6fbd4efa4f48a488f05b988bf087dc x86_64/10.1/RPMS/imap-2004-2.4.101mdk.x86_64.rpm
d34769399b742e2f7dde98dbd222233d x86_64/10.1/RPMS/imap-devel-2004-2.4.101mdk.x86_64.rpm
3cfab750045bb87546774f827ad2d614 x86_64/10.1/RPMS/imap-utils-2004-2.4.101mdk.x86_64.rpm
20035e5cc16d3ba793b2bd73d251edbc x86_64/10.1/RPMS/lib64c-client-php0-2004-2.4.101mdk.x86_64.rpm
72aecb118414fcb6f093b7100c286bfe x86_64/10.1/RPMS/lib64c-client-php0-devel-2004-2.4.101mdk.x86_64.rpm
41346e4e6d6cce99d39b17500797a68d x86_64/10.1/SRPMS/imap-2004-2.4.101mdk.src.rpm

Mandrivalinux 10.2:
e2bbba7c368d12901848c74b401bb137 10.2/RPMS/imap-2004c1-2.1.102mdk.i586.rpm
35929fa326ec9bcc5cc88298a1598c10 10.2/RPMS/imap-devel-2004c1-2.1.102mdk.i586.rpm
7e533b6735ec1cc2172fac57f8dc66ad 10.2/RPMS/imap-utils-2004c1-2.1.102mdk.i586.rpm
a077b26ea62b1c733ecc29b4dd4b3d1d 10.2/RPMS/libc-client-php0-2004c1-2.1.102mdk.i586.rpm
aa2e17250ba0aa46d0d31c6e68be2542 10.2/RPMS/libc-client-php0-devel-2004c1-2.1.102mdk.i586.rpm
f21f37ae6b540d25c54c7b78f14bac65 10.2/SRPMS/imap-2004c1-2.1.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
a15b6435a6692b8421e35f6ecec1d900 x86_64/10.2/RPMS/imap-2004c1-2.1.102mdk.x86_64.rpm
f727299b00c319b3bca63541860f5706 x86_64/10.2/RPMS/imap-devel-2004c1-2.1.102mdk.x86_64.rpm
ec6da503c8d0885d6369c78ac2091020 x86_64/10.2/RPMS/imap-utils-2004c1-2.1.102mdk.x86_64.rpm
6e0f0045a593f1fd6acb0d7a91c30b65 x86_64/10.2/RPMS/lib64c-client-php0-2004c1-2.1.102mdk.x86_64.rpm
e3ea4fb3c142f9977e1a172f7ea734dd x86_64/10.2/RPMS/lib64c-client-php0-devel-2004c1-2.1.102mdk.x86_64.rpm
f21f37ae6b540d25c54c7b78f14bac65 x86_64/10.2/SRPMS/imap-2004c1-2.1.102mdk.src.rpm

Mandrivalinux 2006.0:
8d27958f60639c90e128aa4af352d77b 2006.0/RPMS/imap-2004e-1.1.20060mdk.i586.rpm
71382080cb79121a313cfc36af369e82 2006.0/RPMS/imap-devel-2004e-1.1.20060mdk.i586.rpm
1069f3829b32ccd1328cb9abd35d92d2 2006.0/RPMS/imap-utils-2004e-1.1.20060mdk.i586.rpm
833a91be4ca845ffaf7bf326415b094b 2006.0/RPMS/libc-client-php0-2004e-1.1.20060mdk.i586.rpm
be7e54ba29f3c4f749a96b3f95d10a10 2006.0/RPMS/libc-client-php0-devel-2004e-1.1.20060mdk.i586.rpm
ecc0c763771e54e5b28294fe82590694 2006.0/SRPMS/imap-2004e-1.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
5d4eef95276eedb0898b38dabb5cd5f4 x86_64/2006.0/RPMS/imap-2004e-1.1.20060mdk.x86_64.rpm
3d1a1a7afe408a401c7670f8428f204f x86_64/2006.0/RPMS/imap-devel-2004e-1.1.20060mdk.x86_64.rpm
784a5b9af498f9214a9c06f593562db2 x86_64/2006.0/RPMS/imap-utils-2004e-1.1.20060mdk.x86_64.rpm
9a6852a2402d3c15c4fe94438b10f3e9 x86_64/2006.0/RPMS/lib64c-client-php0-2004e-1.1.20060mdk.x86_64.rpm
4fe2e210cd842eb6752428a77defc0b8 x86_64/2006.0/RPMS/lib64c-client-php0-devel-2004e-1.1.20060mdk.x86_64.rpm
ecc0c763771e54e5b28294fe82590694 x86_64/2006.0/SRPMS/imap-2004e-1.1.20060mdk.src.rpm

Corporate Server 2.1:
2fdaf9b49c200b011ed209fcf34b1063 corporate/2.1/RPMS/imap-devel-2001a-9.2.C21mdk.i586.rpm
4dfb84ae980db92651c9be51653f246d corporate/2.1/RPMS/imap-2001a-9.2.C21mdk.i586.rpm
7c4b68b5e99db9a77765525c9e832270 corporate/2.1/SRPMS/imap-2001a-9.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
7fcef905c2f6f0e4c9415a5890880150 x86_64/corporate/2.1/RPMS/imap-2001a-9.2.C21mdk.x86_64.rpm
98f0fa3280d2f6d5de37c8b03f77dfbe x86_64/corporate/2.1/RPMS/imap-devel-2001a-9.2.C21mdk.x86_64.rpm
7c4b68b5e99db9a77765525c9e832270 x86_64/corporate/2.1/SRPMS/imap-2001a-9.2.C21mdk.src.rpm

Corporate 3.0:
eaef12eeac790a2880af5ecdc66f7d60 corporate/3.0/RPMS/imap-2002d-8.3.C30mdk.i586.rpm
1adc4061698d3f5835a6b3a10f09cd4d corporate/3.0/RPMS/imap-devel-2002d-8.3.C30mdk.i586.rpm
d173305c62e79febec934d8b9195f021 corporate/3.0/RPMS/imap-utils-2002d-8.3.C30mdk.i586.rpm
a41bf2dadb63dee7bc838314623d07ea corporate/3.0/SRPMS/imap-2002d-8.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
859bb7db71c8329fa11535935e857dea x86_64/corporate/3.0/RPMS/imap-2002d-8.3.C30mdk.x86_64.rpm
c558f69d89804030f9526bc3e4bdd76e x86_64/corporate/3.0/RPMS/imap-devel-2002d-8.3.C30mdk.x86_64.rpm
d693ca63de12e925105a9e3c2add1088 x86_64/corporate/3.0/RPMS/imap-utils-2002d-8.3.C30mdk.x86_64.rpm
a41bf2dadb63dee7bc838314623d07ea x86_64/corporate/3.0/SRPMS/imap-2002d-8.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDWIkxmqjQ0CJFipgRAnygAJ9ROqJuSsg6bZSX0uyD/DlSYdilTQCg8eUI
WgvNcIR4CbNYTcASoV8UpxY=
=hBqw
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: nss_ldap
Advisory ID: MDKSA-2005:190
Date: October 20th, 2005

Affected versions: 10.1, 10.2
______________________________________________________________________

Problem Description:

A bug was found in the way the pam_ldap module processed certain failure
messages. If the server includes supplemental data in an authentication
failure result message, but the data does not include any specific error
code, the pam_ldap module would proceed as if the authentication request
had succeeded, and authentication would succeed. This affects versions
169 through 179 of pam_ldap.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2641
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.1:
3cf5ab097f8e69b9e1ace711537fcb46 10.1/RPMS/nss_ldap-220-3.2.101mdk.i586.rpm
e5d3c8684a35cc147943b0b4a1922a42 10.1/RPMS/pam_ldap-170-3.2.101mdk.i586.rpm
edad8885447d4d059ff1c689ee6a6f7d 10.1/SRPMS/nss_ldap-220-3.2.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
7b8c8c7c40c30963aff186adffc94324 x86_64/10.1/RPMS/nss_ldap-220-3.2.101mdk.x86_64.rpm
ecbaa427c916e7fab0c355a91e04ee98 x86_64/10.1/RPMS/pam_ldap-170-3.2.101mdk.x86_64.rpm
edad8885447d4d059ff1c689ee6a6f7d x86_64/10.1/SRPMS/nss_ldap-220-3.2.101mdk.src.rpm

Mandrivalinux 10.2:
19950ddbfe52c8f0aa6e11ed93c59737 10.2/RPMS/pam_ldap-170-5.3.102mdk.i586.rpm
dab9943bb867001a4a4e514ffc58d84e 10.2/RPMS/nss_ldap-220-5.3.102mdk.i586.rpm
08e82d8a5fdcdd1620d8a22ec002173d 10.2/SRPMS/nss_ldap-220-5.3.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
54ff3f02df2e5f7c11564488784fc3ab x86_64/10.2/RPMS/nss_ldap-220-5.3.102mdk.x86_64.rpm
9d5541f3ac77d8ce6e2b8877b25f8980 x86_64/10.2/RPMS/pam_ldap-170-5.3.102mdk.x86_64.rpm
08e82d8a5fdcdd1620d8a22ec002173d x86_64/10.2/SRPMS/nss_ldap-220-5.3.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDWImbmqjQ0CJFipgRAgX8AJ4jyjMmvr+bQ0j4kimAmSySxfnBTACgz4n5
cXO1suU5/bUFVM9e/Q5KKXo=
=jVbI
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: ruby
Advisory ID: MDKSA-2005:191
Date: October 20th, 2005

Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented
scripting language, that can cause illegal program code to bypass the safe
level and taint flag protections check and be executed.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2337
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.1:
013e98f0b0a09acd8c48b5d438c4e151 10.1/RPMS/ruby-1.8.1-4.4.101mdk.i586.rpm
479e965b6302bd0e74b8699f0a7b9f46 10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.i586.rpm
b5654a6d4bab0b5a33e3e65fdb8bab52 10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.i586.rpm
2294bfd6f57ebc2cc6eb353e4a62a4b5 10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.i586.rpm
5407dfbbb45af31d3ffa53f120773f77 10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
b8347f871a62a176f049cbe010e298ce x86_64/10.1/RPMS/ruby-1.8.1-4.4.101mdk.x86_64.rpm
b9ac7ecba0bc317869795146cf3cc5a4 x86_64/10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.x86_64.rpm
7803195d658cdf63324f8bf54753018e x86_64/10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.x86_64.rpm
0f6cb61b12453673ef4a7fb99b6069af x86_64/10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.x86_64.rpm
5407dfbbb45af31d3ffa53f120773f77 x86_64/10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm

Mandrivalinux 10.2:
8dacd4429ab40932585f32c446c485c4 10.2/RPMS/ruby-1.8.2-6.2.102mdk.i586.rpm
9bd632d447a4181d23df23b201ed0449 10.2/RPMS/ruby-devel-1.8.2-6.2.102mdk.i586.rpm
2791a34503afa5961322eaf5fc333bd4 10.2/RPMS/ruby-doc-1.8.2-6.2.102mdk.i586.rpm
049930c32634b61b84d9dee864e61aa9 10.2/RPMS/ruby-tk-1.8.2-6.2.102mdk.i586.rpm
dc977cb9732027526dbd44560782efaa 10.2/SRPMS/ruby-1.8.2-6.2.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
9f6f824fa7aded95ede337b87be9f755 x86_64/10.2/RPMS/ruby-1.8.2-6.2.102mdk.x86_64.rpm
0ad81eece9fc0407edeaadc5022968ea x86_64/10.2/RPMS/ruby-doc-1.8.2-6.2.102mdk.x86_64.rpm
0cbd8c37bb4aea5c10cda8365f7ed24f x86_64/10.2/RPMS/ruby-devel-1.8.2-6.2.102mdk.x86_64.rpm
3f09e472b1cecb61a8678d020011950c x86_64/10.2/RPMS/ruby-tk-1.8.2-6.2.102mdk.x86_64.rpm
dc977cb9732027526dbd44560782efaa x86_64/10.2/SRPMS/ruby-1.8.2-6.2.102mdk.src.rpm

Mandrivalinux 2006.0:
c06382cc5f1a7fc8cc2c40b9711faaf7 2006.0/RPMS/ruby-1.8.2-7.1.20060mdk.i586.rpm
5e9055ac81c54dd7f3890545218e4c45 2006.0/RPMS/ruby-devel-1.8.2-7.1.20060mdk.i586.rpm
cebf1739bb3556133869e7b7e9a00d0a 2006.0/RPMS/ruby-doc-1.8.2-7.1.20060mdk.i586.rpm
98c29d442e747bf59eb7ea9e6827f71b 2006.0/RPMS/ruby-tk-1.8.2-7.1.20060mdk.i586.rpm
097adecc2dd5717d2a680022e45ff0cb 2006.0/SRPMS/ruby-1.8.2-7.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
b3bfdeb9f7cfa57a7fa9c3c7f596d56e x86_64/2006.0/RPMS/ruby-1.8.2-7.1.20060mdk.x86_64.rpm
1cb9a200ad2c5164e8b7eff06753af39 x86_64/2006.0/RPMS/ruby-devel-1.8.2-7.1.20060mdk.x86_64.rpm
cff404480732c672d36ca80b8ca1a4ec x86_64/2006.0/RPMS/ruby-doc-1.8.2-7.1.20060mdk.x86_64.rpm
01bb92434b21127244b0fcd452a06251 x86_64/2006.0/RPMS/ruby-tk-1.8.2-7.1.20060mdk.x86_64.rpm
097adecc2dd5717d2a680022e45ff0cb x86_64/2006.0/SRPMS/ruby-1.8.2-7.1.20060mdk.src.rpm

Corporate Server 2.1:
2aa9219b24bbcf8673df418eb373881b corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.i586.rpm
e5b4282401bf2c0794d14b52d7c6c319 corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.i586.rpm
e72d411868d4ca8d7a05ba2e0baee926 corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.i586.rpm
c795d629e28719f7fe1e8a1619805fdc corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.i586.rpm
61457cb16d1b24e1c31a10c687af94ef corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d477751b1302ec7c5f271fe9597216fa x86_64/corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.x86_64.rpm
b7ac888d722dc6fb8c5b9b9207e34ea3 x86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.x86_64.rpm
27a29077b76158382c514b965fdf614f x86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.x86_64.rpm
0e4752d11d67acdabc4561c37c41511e x86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.x86_64.rpm
61457cb16d1b24e1c31a10c687af94ef x86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm

Corporate 3.0:
704c24801697727ef0085d6408cc9d11 corporate/3.0/RPMS/ruby-1.8.1-1.4.C30mdk.i586.rpm
6a89e560b9f9ce68ed352cc3409ebf22 corporate/3.0/RPMS/ruby-devel-1.8.1-1.4.C30mdk.i586.rpm
cfcc4c2bf95f4ae6b3a0fb7013b25618 corporate/3.0/RPMS/ruby-doc-1.8.1-1.4.C30mdk.i586.rpm
482e8dcdbedcac577f91c9133647c3cc corporate/3.0/RPMS/ruby-tk-1.8.1-1.4.C30mdk.i586.rpm
a05a8da48327c79254cabaf42a7002d3 corporate/3.0/SRPMS/ruby-1.8.1-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
416a775e25eca23fe89314e4f0c1c762 x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.4.C30mdk.x86_64.rpm
9ee750fd72214d68a95e2a45967e4107 x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.4.C30mdk.x86_64.rpm
c4e65ac8d2660883cd6f9bb87b33db61 x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.4.C30mdk.x86_64.rpm
871cb8738de7856ab3d5d0602e3bfa10 x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.4.C30mdk.x86_64.rpm
a05a8da48327c79254cabaf42a7002d3 x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.4.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDWIoAmqjQ0CJFipgRAmWAAKC2bXtS0hkrz2D8YGR1CPZK1Mb36QCeJ73+
HLz1sPgGs4IBkVKUEn36DsI=
=JLok
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: xli
Advisory ID: MDKSA-2005:192
Date: October 20th, 2005

Affected versions: 10.2, 2006.0, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Ariel Berkman discovered several buffer overflows in xloadimage,
which are also present in xli, a command line utility for viewing
images in X11, and could be exploited via large image titles and
cause the execution of arbitrary code.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.2:
934ff40c8d59f0d113abbb0064be5392 10.2/RPMS/xli-1.17.0-8.2.102mdk.i586.rpm
28924458550bcafd6a2432dda2fca55d 10.2/SRPMS/xli-1.17.0-8.2.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
59c2de1a44f737e6c50f8e238e2176e4 x86_64/10.2/RPMS/xli-1.17.0-8.2.102mdk.x86_64.rpm
28924458550bcafd6a2432dda2fca55d x86_64/10.2/SRPMS/xli-1.17.0-8.2.102mdk.src.rpm

Mandrivalinux 2006.0:
2574d65860a01e546b8c73cb852d81c5 2006.0/RPMS/xli-1.17.0-8.2.20060mdk.i586.rpm
fc2ef038f442fd1a47f3dad7d1761b7e 2006.0/SRPMS/xli-1.17.0-8.2.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
697bdbad88bdc84815edd227c634911f x86_64/2006.0/RPMS/xli-1.17.0-8.2.20060mdk.x86_64.rpm
fc2ef038f442fd1a47f3dad7d1761b7e x86_64/2006.0/SRPMS/xli-1.17.0-8.2.20060mdk.src.rpm

Corporate Server 2.1:
f241a38c8afb0562d8f1a2a185b2a0b4 corporate/2.1/RPMS/xli-1.17.0-4.2.C21mdk.i586.rpm
795a9753cbd18799da32860f40e280c6 corporate/2.1/SRPMS/xli-1.17.0-4.2.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
7434ac7065215eac6b1e1797fcb16bad x86_64/corporate/2.1/RPMS/xli-1.17.0-4.2.C21mdk.x86_64.rpm
795a9753cbd18799da32860f40e280c6 x86_64/corporate/2.1/SRPMS/xli-1.17.0-4.2.C21mdk.src.rpm

Corporate 3.0:
8d9782019acde544f2b601f2cf030302 corporate/3.0/RPMS/xli-1.17.0-8.3.C30mdk.i586.rpm
0ab7c839749985bf184f4a8aa45e9bd1 corporate/3.0/SRPMS/xli-1.17.0-8.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
ebc5619b0dd31c2e45c4ee9b5a0eb48e x86_64/corporate/3.0/RPMS/xli-1.17.0-8.3.C30mdk.x86_64.rpm
0ab7c839749985bf184f4a8aa45e9bd1 x86_64/corporate/3.0/SRPMS/xli-1.17.0-8.3.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDWIpomqjQ0CJFipgRAoSYAJ9/h+k4oFRQxxi3Ho8rUg9gJ2D+KgCg0maJ
egAJc9ieveFVseiD6V08RsQ=
=Sfa4
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |