https://mandriva.com/en/security/advisories Mandriva security advisories en-us https://mandriva.com/en/security/advisories?name=MDVA-2008:065 The iproute2 package released with mandriva 2008.1 had a problem<br /> which prevented its usage with kernels of versions 2.6.21 and older,<br /> notably the Xen kernel (2.6.18).<br /> <br /> This update fixes the issue. https://mandriva.com/en/security/advisories?name=MDVA-2008:064 This update fixes a few issues in draksnapshot. It prevents the applet<br /> from crashing if DBUS is not accessible (bug #40031). The applet will<br /> also now ignore the root disc, if it's USB.<br /> <br /> The configurator will now prevent to recursively backup the backup<br /> directory (bug #39801).<br /> <br /> Last but not least, it will default to /media instead of /home when<br /> offering a backup point. (bug #39802) https://mandriva.com/en/security/advisories?name=MDVA-2008:063 This update fixes several minor issues in rpmdrake:<br /> <br /> - it prevents crashing if the RPM database is locked when trying to<br /> install some packages (bug #40244)<br /> - it fixes a crash when the default view is unknown (bug #39626)<br /> - it enables searching also with the numeric pad's Enter key (bug<br /> #40659)<br /> - it makes rpmdrake not list backports as (unselected) updates,<br /> like MandrivaUpdate does<br /> <br /> It also makes MandrivaUpdate fit in laptops screen (eg when resolution<br /> only has 480 horizontal lines) https://mandriva.com/en/security/advisories?name=MDVSA-2008:100 A double free vulnerability in Perl 5.8.8 and earlier versions,<br /> allows context-dependent attackers to cause a denial of service<br /> (memory corruption and crash) via a crafted regular expression<br /> containing UTF8 characters.<br /> <br /> The updated packages have been patched to prevent this. https://mandriva.com/en/security/advisories?name=MDVA-2008:062 This update fixes several minor issues:<br /> <br /> - some GUIes (eg: rpmdrake) would crash on clicking on the close<br /> button while they load (bug #35230)<br /> <br /> - draksec was crashing if the administrator refused to install<br /> (bug #38911)<br /> <br /> - localdrake: After changing the localization language from drakconf<br /> in a high security level, the permissions of /etc/sysconfig/i18n were<br /> changed such that the file was only readable by root. This caused<br /> graphical login via kdm to fail (bug #39027) https://mandriva.com/en/security/advisories?name=MDVA-2008:061 This update fixes a minor issue in rpmdrake; it prevents crashing<br /> if the RPM database is locked when trying to install some packages<br /> (bug #40244). https://mandriva.com/en/security/advisories?name=MDVSA-2008:099 A heap-based buffer overflow vulnerability was found in how ImageMagick<br /> parsed XCF files. If ImageMagick opened a specially-crafted XCF<br /> file, it could be made to overwrite heap memory beyond the bounds<br /> of its allocated memory, potentially allowing an attacker to execute<br /> arbitrary code on the system running ImageMagick (CVE-2008-1096).<br /> <br /> Another heap-based buffer overflow vulnerability was found in how<br /> ImageMagick processed certain malformed PCX images. If ImageMagick<br /> opened a specially-crafted PCX image file, an attacker could<br /> possibly execute arbitrary code on the system running ImageMagick<br /> (CVE-2008-1097).<br /> <br /> The updated packages have been patched to correct these issues. https://mandriva.com/en/security/advisories?name=MDVA-2008:060 An updated hal-info package fixes resume from suspend to RAM on<br /> HP 6710b systems. It had previously failed with a black screen on<br /> Mandriva Linux 2008.0. https://mandriva.com/en/security/advisories?name=MDVA-2008:059 An updated XFdrake is available that corrects a number of bugs:<br /> <br /> - never write a ModeLine when using the fglrx driver (bug #30934)<br /> <br /> - if the EDID gives a valid EISA_ID, a valid 16/10 preferred<br /> resolution, but no HorizSync/VertRefresh, use a generic flat panel<br /> HorizSync/VertRefresh (needed for edid.lcd.Elonex-PR600)<br /> <br /> - add 800x480 (used on belinea s.book)<br /> <br /> - add 1024x600 (used on Samsung Q1Ultra) (bug #37889)<br /> <br /> - if the EDID gives a valid 16/10 preferred resolution (even if<br /> duplicated), but no HorizSync/VertRefresh, use a generic flat panel<br /> HorizSync/VertRefresh (needed for edid.lcd.dell-inspiron-6400,<br /> bug #37971) https://mandriva.com/en/security/advisories?name=MDVSA-2008:098 A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers<br /> to bypass intended security restrictions enabling them to execute<br /> commands other than those specified by the ForceCommand directive,<br /> provided they are able to modify to ~/.ssh/rc (CVE-2008-1657).<br /> <br /> The updated packages have been patched to correct this issue.