https://mandriva.com/en/security/advisories Mandriva security advisories en-us https://mandriva.com/en/security/advisories?name=MDVSA-2008:102 Will Drewry of the Google Security Team reported several<br /> vulnerabilities in how libvorbis processed audio data. An attacker<br /> could create a carefuly crafted OGG audio file in such a way that it<br /> would cause an application linked to libvorbis to crash or possibly<br /> execute arbitray code when opened (CVE-2008-1419, CVE-2008-1420,<br /> CVE-2008-1423).<br /> <br /> The updated packages have been patched to correct these issues. https://mandriva.com/en/security/advisories?name=MDVSA-2008:101 Several vulnerabilities were discovered in rdesktop, a Remote Desktop<br /> Protocol client.<br /> <br /> An integer underflow vulnerability allowed attackers to cause a<br /> denial of service (crash) and possibly execute arbitrary code with<br /> the privileges of the logged-in user (CVE-2008-1801).<br /> <br /> A buffer overflow vulnerability allowed attackers to execute arbitrary<br /> code with the privileges of the logged-in user (CVE-2008-1802).<br /> <br /> An integer signedness vulnerability allowed attackers to<br /> execute arbitrary code with the privileges of the logged-in user<br /> (CVE-2008-1803).<br /> <br /> In order for these vulnerabilities to be exploited, an attacker must<br /> persuade a targeted user to connect to a malicious RDP server.<br /> <br /> The updated packages have been patched to correct these issues. https://mandriva.com/en/security/advisories?name=MDVA-2008:065 The iproute2 package released with mandriva 2008.1 had a problem<br /> which prevented its usage with kernels of versions 2.6.21 and older,<br /> notably the Xen kernel (2.6.18).<br /> <br /> This update fixes the issue. https://mandriva.com/en/security/advisories?name=MDVA-2008:064 This update fixes a few issues in draksnapshot. It prevents the applet<br /> from crashing if DBUS is not accessible (bug #40031). The applet will<br /> also now ignore the root disc, if it's USB.<br /> <br /> The configurator will now prevent to recursively backup the backup<br /> directory (bug #39801).<br /> <br /> Last but not least, it will default to /media instead of /home when<br /> offering a backup point. (bug #39802) https://mandriva.com/en/security/advisories?name=MDVA-2008:063 This update fixes several minor issues in rpmdrake:<br /> <br /> - it prevents crashing if the RPM database is locked when trying to<br /> install some packages (bug #40244)<br /> - it fixes a crash when the default view is unknown (bug #39626)<br /> - it enables searching also with the numeric pad's Enter key (bug<br /> #40659)<br /> - it makes rpmdrake not list backports as (unselected) updates,<br /> like MandrivaUpdate does<br /> <br /> It also makes MandrivaUpdate fit in laptops screen (eg when resolution<br /> only has 480 horizontal lines) https://mandriva.com/en/security/advisories?name=MDVSA-2008:100 A double free vulnerability in Perl 5.8.8 and earlier versions,<br /> allows context-dependent attackers to cause a denial of service<br /> (memory corruption and crash) via a crafted regular expression<br /> containing UTF8 characters.<br /> <br /> The updated packages have been patched to prevent this. https://mandriva.com/en/security/advisories?name=MDVA-2008:062 This update fixes several minor issues:<br /> <br /> - some GUIes (eg: rpmdrake) would crash on clicking on the close<br /> button while they load (bug #35230)<br /> <br /> - draksec was crashing if the administrator refused to install<br /> (bug #38911)<br /> <br /> - localdrake: After changing the localization language from drakconf<br /> in a high security level, the permissions of /etc/sysconfig/i18n were<br /> changed such that the file was only readable by root. This caused<br /> graphical login via kdm to fail (bug #39027) https://mandriva.com/en/security/advisories?name=MDVA-2008:061 This update fixes a minor issue in rpmdrake; it prevents crashing<br /> if the RPM database is locked when trying to install some packages<br /> (bug #40244). https://mandriva.com/en/security/advisories?name=MDVSA-2008:099 A heap-based buffer overflow vulnerability was found in how ImageMagick<br /> parsed XCF files. If ImageMagick opened a specially-crafted XCF<br /> file, it could be made to overwrite heap memory beyond the bounds<br /> of its allocated memory, potentially allowing an attacker to execute<br /> arbitrary code on the system running ImageMagick (CVE-2008-1096).<br /> <br /> Another heap-based buffer overflow vulnerability was found in how<br /> ImageMagick processed certain malformed PCX images. If ImageMagick<br /> opened a specially-crafted PCX image file, an attacker could<br /> possibly execute arbitrary code on the system running ImageMagick<br /> (CVE-2008-1097).<br /> <br /> The updated packages have been patched to correct these issues. https://mandriva.com/en/security/advisories?name=MDVA-2008:060 An updated hal-info package fixes resume from suspend to RAM on<br /> HP 6710b systems. It had previously failed with a black screen on<br /> Mandriva Linux 2008.0.