Welcome to Gaia! ::

The Official Linux Users of Gaia

Back to Guilds

A Guild for Linux, BSD, Mac, Solaris, and other Unix like operating systems. 

Tags: Computer Help, Linux, BSD (Berkeley Software Distrobution), Mac (Macintosh), Unix 

Reply Linux Security, keeping you on top of the bugs!
Mandriva 07/29/09

Quick Reply

Enter both words below, separated by a space:

Can't read the text? Click here

Submit

vendion Gear
Captain

 
Offline
PostPosted: Wed Jul 29, 2009 2:29 pm


Multiple vulnerabilities has been found and corrected in squid: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses. Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses. This update provides fixes for these vulnerabilities.

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:178
http://www.mandriva.com/security/
_______________________________________________________________________

Package : squid
Date : July 29, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in squid:

Due to incorrect buffer limits and related bound checks Squid is
vulnerable to a denial of service attack when processing specially
crafted requests or responses.

Due to incorrect data validation Squid is vulnerable to a denial of
service attack when processing specially crafted responses.

This update provides fixes for these vulnerabilities.
_______________________________________________________________________

References:

http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
ff1ab2abbdc034f3b14a0f082a97b46d mes5/i586/squid-3.0-8.2mdvmes5.i586.rpm
310b8a706f5c7525cc1e2305173615c0 mes5/i586/squid-cachemgr-3.0-8.2mdvmes5.i586.rpm
c434883627e14c687118c098cfce715a mes5/SRPMS/squid-3.0-8.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
6c4d7a537b1dd8f847b77918fb5b72c1 mes5/x86_64/squid-3.0-8.2mdvmes5.x86_64.rpm
8fd91468d91468754ab433533d215251 mes5/x86_64/squid-cachemgr-3.0-8.2mdvmes5.x86_64.rpm
c434883627e14c687118c098cfce715a mes5/SRPMS/squid-3.0-8.2mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
PostPosted: Wed Jul 29, 2009 2:30 pm


A vulnerability has been found and corrected in mysql: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information (CVE-2009-2446). This update provides fixes for this vulnerability.

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:179
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date : July 29, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in mysql:

Multiple format string vulnerabilities in the dispatch_command function
in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow
remote authenticated users to cause a denial of service (daemon crash)
and possibly have unspecified other impact via format string specifiers
in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
NOTE: some of these details are obtained from third party information
(CVE-2009-2446).

This update provides fixes for this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
111edf7e800a28ded6ec28a5f5806078 mes5/i586/libmysql15-5.0.84-0.2mdvmes5.i586.rpm
32284b9f62a41475d9e5f1d6021d9c33 mes5/i586/libmysql-devel-5.0.84-0.2mdvmes5.i586.rpm
3c9849b16d358d2947b950f79d949fa5 mes5/i586/libmysql-static-devel-5.0.84-0.2mdvmes5.i586.rpm
b197a2ce1c2f8384b7870ac51604c56a mes5/i586/mysql-5.0.84-0.2mdvmes5.i586.rpm
e2890a075910aaae54c6b4aadd310058 mes5/i586/mysql-bench-5.0.84-0.2mdvmes5.i586.rpm
b0f65c14372b0ad9f4268a241c3aadf1 mes5/i586/mysql-client-5.0.84-0.2mdvmes5.i586.rpm
b697ac74c23770e4acf6a745898ac804 mes5/i586/mysql-common-5.0.84-0.2mdvmes5.i586.rpm
817565d1e9cfe7e456a86a2aedc8794a mes5/i586/mysql-doc-5.0.84-0.2mdvmes5.i586.rpm
aee00f43a8d160c69404943513158186 mes5/i586/mysql-max-5.0.84-0.2mdvmes5.i586.rpm
a558bb267ab87256c2be99db21c6f90a mes5/i586/mysql-ndb-extra-5.0.84-0.2mdvmes5.i586.rpm
05c2f6cfb2e35a5ddeaf7bd781ff49e2 mes5/i586/mysql-ndb-management-5.0.84-0.2mdvmes5.i586.rpm
a25f4eda51549892458a7018c6a1aa8c mes5/i586/mysql-ndb-storage-5.0.84-0.2mdvmes5.i586.rpm
9b4d0245ae703395e322dad3f1de77c9 mes5/i586/mysql-ndb-tools-5.0.84-0.2mdvmes5.i586.rpm
528357eda66ebd5b56c8df7e103cbb6e mes5/SRPMS/mysql-5.0.84-0.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
439bfd3542d1c381767e5df2899dabc1 mes5/x86_64/lib64mysql15-5.0.84-0.2mdvmes5.x86_64.rpm
936c76cd181fc0e570436e15afb5c3fe mes5/x86_64/lib64mysql-devel-5.0.84-0.2mdvmes5.x86_64.rpm
9195e6215287d2c10510e4b3966f098a mes5/x86_64/lib64mysql-static-devel-5.0.84-0.2mdvmes5.x86_64.rpm
901ee6678c5e26dd9c7678c0713a0846 mes5/x86_64/mysql-5.0.84-0.2mdvmes5.x86_64.rpm
7a008ddf061471ca251bec7e6fc090b9 mes5/x86_64/mysql-bench-5.0.84-0.2mdvmes5.x86_64.rpm
1b78d5dbd44f9cd90e47b65c0d42cc49 mes5/x86_64/mysql-client-5.0.84-0.2mdvmes5.x86_64.rpm
0889ee744eea3dfb5ab5255526742f07 mes5/x86_64/mysql-common-5.0.84-0.2mdvmes5.x86_64.rpm
82a3ea7dd6e86aadb7f59de8adac28e5 mes5/x86_64/mysql-doc-5.0.84-0.2mdvmes5.x86_64.rpm
ff9aa6a146f0ec0c83f1becea8f128cb mes5/x86_64/mysql-max-5.0.84-0.2mdvmes5.x86_64.rpm
0e1651537446af7fd6c7693262b6c389 mes5/x86_64/mysql-ndb-extra-5.0.84-0.2mdvmes5.x86_64.rpm
4bf5dc024969a37fb8ef205725bbf2dd mes5/x86_64/mysql-ndb-management-5.0.84-0.2mdvmes5.x86_64.rpm
a7090dab8c114e1ec1d123066977b53e mes5/x86_64/mysql-ndb-storage-5.0.84-0.2mdvmes5.x86_64.rpm
e8b8adf271646dfb46796e70edca0294 mes5/x86_64/mysql-ndb-tools-5.0.84-0.2mdvmes5.x86_64.rpm
528357eda66ebd5b56c8df7e103cbb6e mes5/SRPMS/mysql-5.0.84-0.2mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

vendion Gear
Captain

 
Offline

vendion Gear
Captain

 
Offline
PostPosted: Wed Jul 29, 2009 2:31 pm


A vulnerability has been found and corrected in compface: Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file (CVE-2009-2286). This update provides fixes for this vulnerability.

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:180
http://www.mandriva.com/security/
_______________________________________________________________________

Package : compface
Date : July 29, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in compface:

Buffer overflow in compface 1.5.2 and earlier allows user-assisted
attackers to cause a denial of service (crash) via a long declaration
in a .xbm file (CVE-2009-2286).

This update provides fixes for this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2286
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
0ac53ddf157ffc47e317293092cd175d mes5/i586/compface-1.5.2-5.1mdvmes5.i586.rpm
82cd156f19070ef71511557020e796a1 mes5/i586/libcompface1-1.5.2-5.1mdvmes5.i586.rpm
a29610a24e93048a54419e5f97354efa mes5/i586/libcompface-devel-1.5.2-5.1mdvmes5.i586.rpm
d0e83022879901426cf3b57e140a0c82 mes5/SRPMS/compface-1.5.2-5.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
bcb383f26a7d3faadc167f67e18e5f3d mes5/x86_64/compface-1.5.2-5.1mdvmes5.x86_64.rpm
cfebd2fa605473f9f27f619a174726a6 mes5/x86_64/lib64compface1-1.5.2-5.1mdvmes5.x86_64.rpm
985569b9e26ffc383bb47b0d82322224 mes5/x86_64/lib64compface-devel-1.5.2-5.1mdvmes5.x86_64.rpm
d0e83022879901426cf3b57e140a0c82 mes5/SRPMS/compface-1.5.2-5.1mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
Reply
Linux Security, keeping you on top of the bugs!
 
Manage Your Items
Other Stuff
More
Get GCash
Offers
More
Get Items
More Items
More
Where Everyone Hangs Out
Other Community Areas
  • Guilds
    fan clubs for the stuff you love
  • Chat
    chat in real time with other Gaians
  • Art Arenas
    browse & rate gaian art galleries
  • Clans
    play zOMG with others
More
Virtual Spaces
Fun Stuff
More
Gaia's Games
Mini-Games
More
Play with GCash
Play with Platinum
More