Mandriva

The dhcp server from the x86_64 package did not offer dhcp replies,
this package update fixes the issue.

A bug in gtk+ toolkit was causing a crash in Firefox web browser,
when using Print Preview.

The updated package fixes this problem and includes other stability
fixes and translation updates.

The python-imaging package didn't include the Tk extension, this
update fixes the package build and readds the _imagingtk module.

OpenOffice.org packages shipped with 2008.0 contain a serious syntax
error in /etc/profile.d/openoffice.org.csh which prevents csh users
to even login on the system.

This update corrects this issue.

The freedesktop.org MIME type database contains a wrong MIME type for
HTML documents. This information is used by GNOME and other desktop
environments to identify files and could cause trouble with the beagle
desktop search and other applications.

This update corrects this issue.

Updated timezone packages are being provided for older Mandriva Linux
systems that do not contain the new Daylight Savings Time information
for 2007 for certain time zones. These updated packages contain the
new information.

The irssi IRC client provided with Mandriva 2007.1 and 2008.0 did
not contain SSL support. This update enables that support.

A number of security vulnerabilities have been discovered and corrected
in the latest Mozilla Firefox program, version 2.0.0.8.

This update provides the latest Firefox to correct these issues.
As well, it provides Firefox 2.0.0.8 for older products.

A vulnerability in the hpssd tool was discovered where it did not
correctly handle shell meta-characters. A local attacker could use
this flaw to execute arbitrary commands as the hplip user.

As well, this update fixes a problem with some HP scanners on Mandriva
Linux 2007.1, particularly HP PSC 1315, which wouldn't be detected
and also fixes a problem with HP 1220 and possibly other models when
scanning via the OpenOffice.org suite.

Updated packages have been patched to prevent these issues.

The nfs-utils package had some issues with it's provided initscripts
including: a lack of dependency on portmap made the various services
start in an arbitary order prior to portmap starting, and parallel
execution of rpcidmapd and rpcgss led to a launch failure due to a
sunrpc module loading failure.

The updated packages correct these issues.

A vulnerablity in Tk was found that could be used to overrun a buffer
when loading certain GIF images. If a user were tricked into opening
a specially crafted GIF file, it could lead to a denial of service
condition or possibly the execution of arbitrary code with the user's
privileges.

Updated packages have been patched to prevent this issue.

A number of vulnerabilities and security-related issues have been fixed
in phpMyAdmin versions since the 2.9.1.1 release. This update provides
version 2.11.1.2 which is the latest stable release of phpMyAdmin.

Note that due to heavy configuration file changes, it may be necessary
to reconfigure phpMyAdmin. The configuration file is located in
/etc/phpMyAdmin/. In most cases, it should be sufficient so simply
replace config.default.php with config.default.php.rpmnew and make
whatever modifications are necessary.

The mount and umount programs in util-linux called the setuid() and
setgid() functions in the wrong order and did not check the return
values, which could allow attackers to grain privileges via helper
applications such as mount.nfs.

Updated packages have been patched to fix this issue.

A buffer overflow in GNU tar has unspecified attack vectors and impact,
resulting in a crashing stack.

Updated packages fix this issue.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The compat_sys_mount function in fs/compat.c allowed local users
to cause a denial of service (NULL pointer dereference and oops)
by mounting a smbfs file system in compatibility mode (CVE-2006-7203).

The nf_conntrack function in netfilter did not set nfctinfo during
reassembly of fragmented packets, which left the default value as
IP_CT_ESTABLISHED and could allow remote attackers to bypass certain
rulesets using IPv6 fragments (CVE-2007-1497).

A typo in the Linux kernel caused RTA_MAX to be used as an array size
instead of RTN_MAX, which lead to an out of bounds access by certain
functions (CVE-2007-2172).

The IPv6 protocol allowed remote attackers to cause a denial of
service via crafted IPv6 type 0 route headers that create network
amplification between two routers (CVE-2007-2242).

The random number feature did not properly seed pools when there was
no entropy, or used an incorrect cast when extracting entropy, which
could cause the random number generator to provide the same values
after reboots on systems without an entropy source (CVE-2007-2453).

A memory leak in the PPPoE socket implementation allowed local users
to cause a denial of service (memory consumption) by creating a
socket using connect, and releasing it before the PPPIOCGCHAN ioctl
is initialized (CVE-2007-2525).

An integer underflow in the cpuset_tasks_read function, when the cpuset
filesystem is mounted, allowed local users to obtain kernel memory
contents by using a large offset when reading the /dev/cpuset/tasks
file (CVE-2007-2875).

The sctp_new function in netfilter allowed remote attackers to cause
a denial of service by causing certain invalid states that triggered
a NULL pointer dereference (CVE-2007-2876).

A stack-based buffer overflow in the random number generator could
allow local root users to cause a denial of service or gain privileges
by setting the default wakeup threshold to a value greater than the
output pool size (CVE-2007-3105).

The lcd_write function did not limit the amount of memory used by
a caller, which allows local users to cause a denial of service
(memory consumption) (CVE-2007-3513).

The Linux kernel allowed local users to send arbitrary signals
to a child process that is running at higher privileges by
causing a setuid-root parent process to die which delivered an
attacker-controlled parent process death signal (PR_SET_PDEATHSIG)
(CVE-2007-3848).

The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer
ioctl patch in aacraid did not check permissions for ioctls, which
might allow local users to cause a denial of service or gain privileges
(CVE-2007-4308).

The IA32 system call emulation functionality, when running on the
x86_64 architecture, did not zero extend the eax register after the
32bit entry path to ptrace is used, which could allow local users to
gain privileges by triggering an out-of-bounds access to the system
call table using the %RAX register (CVE-2007-4573).

In addition to these security fixes, other fixes have been included
such as:

- The 3w-9xxx module was updated to version 9.4.1.2, adding support
for 9650SE
- Fixed the build of e1000-ng
- Added NIC support for MCP55
- Added LSI Logic MegaRAID SAS 8300XLP support

To update your kernel, please follow the directions located at:

https://mandriva.com/en/security/kernelupdate

More vulnerabilities in libvorbis were found that could be used to
cause an application linked to libvorbis to crash or execute arbitrary
code if used to open a carefully crafted OGG file.

Updated packages have been patched to prevent this issue.

Mkisofs program in Mandriva Linux 2007.0 would create ISO images with
broken Joliet (-J option) file names, when using non-ascii characters.

The updated mkisofs package fixes this issue.

This update fixes two separate problems in mc. Firstly, translations
to several languages may not have been correctly displayed due to
an encoding issue. Secondly, files uploaded to certain types of ssh
servers via mc's fish protocol were corrupted.