%package libecpg3 libpgperl libpgsql2 libpgsqlodbc0 libpgtcl2 postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-python postgresql-server postgresql-tcl postgresql-test postgresql-tk Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package fetchmail fetchmail-daemon fetchmailconf Updated: Tue Oct 1 12:11:58 2002 Importance: security %pre Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package tar Updated: Thu Oct 10 11:28:56 2002 Importance: security %pre A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename. %description The GNU tar program saves many files together into one archive and can restore individual files (or all of the files) from the archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive compression/ decompression, the ability to perform remote archives and the ability to perform incremental and full backups. If you want to use Tar for remote backups, you'll also need to install the rmt package. You should install the tar package, because you'll find its compression and decompression utilities essential for working with files. %package apache apache-common apache-devel apache-manual apache-modules apache-source Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package devfsd Updated: Mon Oct 21 10:21:38 2002 Importance: bugfix %pre A problem exists with devfsd handling of ida devices (aka compaq smart array). The system will not boot if "devfs=mount" is passed to the kernel on the boot loaded command line. The system will boot, however, if "devfs=nomount" is passed to the kernel. Devfsd would incorrectly set the old ida compatibility links to device entries in /dev. This new package corrects this problem. %description The devfsd programme is a daemon, run by the system boot scripts which can provide for intelligent management of device entries in the Device Filesystem (devfs). As part of its setup phase devfsd creates certain symbolic links which are compiled into the code. These links are required by /usr/src/linux/Documentation/devices.txt. This behaviour may change in future revisions. devfsd will read the special control file .devfsd in a mounted devfs, listening for the creation and removal of device entries (this is termed a change operation). For each change operation, devfsd can take many actions. The daemon will normally run itself in the background and send messages to syslog. The opening of the syslog service is automatically delayed until /dev/log is created. At startup, before switching to daemon mode, devfsd will scan the mounted device tree and will generate synthetic REGISTER events for each leaf node. %package gv Update: Mon Oct 21 2002 10:59:16 Importance: security %pre A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities. %description Gv provides a user interface for the ghostscript PostScript(TM) interpreter. Derived from the ghostview program, gv can display PostScript and PDF documents using the X Window System. Install the gv package if you'd like to view PostScript and PDF documents on your system. You'll also need to have the ghostscript package installed, as well as the X Window System. %package ggv Update: Mon Oct 21 2002 10:59:16 Importance: security %pre A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities. %description ggv allows you to view PostScript documents, and print ranges of pages. %package harddrake harddrake-ui drakxtools drakxtools-http drakxtools-newt Updated: Mon Oct 21 11:51:05 2002 Importance: bugfix %pre The harddrake program does not display unknown hardware in the tree list. As well, the Danish translation for the drakxtools is broken. This update corrects both problems. %description Contains many Mandrake applications simplifying users and administrators life on a Mandrake Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: mandrake terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) liveupdate: live update software logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package tetex tetex-afm tetex-doc tetex-dvilj tetex-latex tetex-xdvi tetex-dvipdfm xmltex jadetex Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package kdegraphics kdegraphics-devel Updated: Thu Oct 24 11:01:45 2002 Importance: security %pre A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages %description Graphical tools for the K Desktop Environment. %package mod_ssl Updated: Thu Oct 24 11:01:45 2002 Importance: security %pre A cross-site scripting vulnerability was discovered in mod_ssl by Joe Orton. This only affects servers using a combination of wildcard DNS and "UseCanonicalName off" (which is not the default in Mandrake Linux). With this setting turned off, Apache will attempt to use the hostname:port that the client supplies, which is where the problem comes into play. With this setting turned on (the default), Apache constructs a self-referencing URL and will use ServerName and Port to form the canonical name. It is recommended that all users upgrade, regardless of the setting of the "UseCanonicalName" configuration option. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package krb5-libs krb5-devel krb5-server krb5-workstation ftp-client-krb5 ftp-server-krb5 telnet-client-krb5 telnet-server-krb5 Updated: Tue Oct 29 11:11:45 2002 Importance: security %pre A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package cups-drivers foomatic ghostscript ghostscript-module-X gimpprint libgimpprint1 libgimpprint1-devel libijs0 libijs0-devel omni printer-filters printer-testpages printer-utils Updated: Thu Oct 31 11:19:58 2002 Importance: bugfix %pre New printing-related packages are available that offer many printing enhancements over those drivers provided with Mandrake Linux 9.0. Some improvements include a new driver for Lexmark Z11, a number of updated ghostscript drivers, a new version of HPIJS, a newer GIMP-Print which provides much better quality for most Epson Stylus printers, and many new printer drivers as well. This new package also changes "-dSAFER" to "-dPARANOIDSAFER" in the Ghostscript command lines in all Foomatic files, which prevents postscript code from being able to read arbitrary files. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package initscripts Updated: Thu Oct 31 11:19:58 2002 Importance: bugfix %pre A new initscripts package is available that fixes problems with certain locales including pl, sq, fi, lv, ru, sk, and Danish translation encoding. This package also corrects some issues with wireless link detection. %description The initscripts package contains the basic system scripts used to boot your Mandrake Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Updated: Mon Nov 4 11:15:59 2002 Importance: bugfix %pre A number of bugs present in samba versions prior to 2.2.6 were fixed. 2.2.6 is considered to be the final version of the 2.2.X series. We strongly suggest all users to upgrade to this version. Fixed bugs include: - 2.2.6 final release (9.0 shipping pre-release fix). - Fix documentation and smb.conf man page. - Fix for smbumount hanging when unmounting a dead share. - Fix for Windows XP sp1 roaming profiles not working properly. - Fix pdf generator script. - Fix problem with smbclient listing shares on win9x servers. - Fix problem with samba leaking file descriptors when kernel change notify is turned on. For a more detailed list, feel free to check out samba.org changelog for 2.2.6 at http://www.samba.org All of these bugs were fixed in samba 2.2.6; the packages provided have these fixes applied. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package nss_ldap pam_ldap Updated: Thu Nov 7 11:03:12 2002 Importance: security %pre A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the "host" keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow. A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow. Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist. All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package ypserv Update: Mon Nov 18 2002 11:32:12 Importance: security %pre A memory leak that could be triggered remotely was discovered in ypserv 2.5 and earlier. This could lead to a Denial of Service as repeated requests for a non-existant map will result in ypserv consuming more and more memory, and also running more slowly. If the system runs out of available memory, ypserv would also be killed. %description The Network Information Service (NIS) is a system which provides network information (login names, passwords, home directories, group information) to all of the machines on a network. NIS can enable users to login on any machine on the network, as long as the machine has the NIS client programs running and the user's password is recorded in the NIS passwd database. NIS was formerly known as Sun Yellow Pages (YP). This package provides the NIS server, which will need to be running on your network. NIS clients do not need to be running the server. Install ypserv if you need an NIS server for your network. You'll also need to install the yp-tools and ypbind packages onto any NIS client machines. %package kdelibs kdelibs-devel Update: Thu Nov 21 12:26:31 2002 Importance: security %pre Vulnerabilities were discovered in the KIO subsystem support for various network protocols. The implementation of the rlogin protocol affects all KDE versions from 2.1 up to 3.0.4, while the flawed implementation of the telnet protocol only affects KDE 2.x. They allow a carefully crafted URL in an HTML page, HTML email, or other KIO-enabled application to execute arbitrary commands as the victim with their privilege. The KDE team provided a patch for KDE3 which has been applied in these packages. No patch was provided for KDE2, however the KDE team recommends disabling both the rlogin and telnet KIO protocols. This can be accomplished by removing, as root, the following files: /usr/share/services/telnet.protocol and /usr/share/services/rlogin.protocol. If either file also exists in a user's ~/.kde/share/services directory, they should likewise be removed. %description Libraries for the K Desktop Environment. %package kdenetwork kdenetwork-devel lisa Update: Thu Nov 21 12:28:21 2002 Importance: security %pre The SuSE security team discovered two vulnerabilities in the KDE lanbrowsing service during an audit. The LISa network daemon and "reslisa", a restricted version of LISa are used to identify servers on the local network by using the URL type "lan://" and "rlan://" respectively. A buffer overflow was discovered in the lisa daemon that can be exploited by an attacker on the local network to obtain root privilege on a machine running the lisa daemon. Another buffer overflow was found in the lan:// URL handler, which can be exploited by a remote attacker to gain access to the victim user's account. Only Mandrake Linux 9.0 comes with the LISa network daemon; all previous versions do not contain the network daemon and are as such not vulnerable. %description Networking applications for the K Desktop Environment. %package nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package initscripts Updated: Mon Nov 25 12:16:04 2002 Importance: bugfix %pre The previous updated initscripts introduced other problems with the wireless initialization that these packaegs correct. %description The initscripts package contains the basic system scripts used to boot your Mandrake Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package libpython2.2 libpython2.2-devel python python-base python-docs tkinter Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package everybuddy Updated: Tue Nov 26 11:12:13 2002 Importance: bugfix %pre The everybuddy package as released with Mandrake Linux 9.0 had broken support for the MSN and Yahoo protocols. This update fixes those problems, as well as some other minor bugs. %description Everybuddy is designed to become a Universal Instant Messaging client designed to seamlessly integrate all existing Instant Messaging clients and provide a single consistant user interface. Currently, Everybuddy supports sending and receiving messages via AOL, ICQ, Yahoo, MSN, IRC and Jabber. %package sendmail sendmail-cf sendmail-devel sendmail-doc Updated: Wed Nov 27 12:08:04 2002 Importance: security %pre A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package lm_sensors liblm_sensors1 liblm_sensors1-devel liblm_sensors1-static-devel Updated: Fri Nov 29 10:43:58 2002 Importance: bugfix %pre A bug in the lm_sensors scripts prevented lm_sensors from loading all required modules. This off-by-one error would load all modules less one module, resulting in problems. This update corrects the problem. %description This package contains a collection of user space tools for general SMBus access and hardware monitoring. SMBus, also known as System Management Bus, is a protocol for communicating through a I2C ('I squared C') bus. Many modern mainboards have a System Management Bus. There are a lot of devices which can be connected to a SMBus; the most notable are modern memory chips with EEPROM memories and chips for hardware monitoring. Most modern mainboards incorporate some form of hardware monitoring chips. These chips read things like chip temperatures, fan rotation speeds and voltage levels. There are quite a few different chips which can be used by mainboard builders for approximately the same results. %package galeon Updated: Mon Dec 2 13:54:23 2002 Importance: bugfix %pre A bug exists in the galeon web browser when using it with EHWM -compliant window managers such as metacity. When galeon is in fullscreen mode, the GNOME panel is below the fullscreen window and is not readable. This update fixes the problem. %description Gnome browser based on Gecko (Mozilla rendering engine) %package WindowMaker WindowMaker-devel WindowMaker-static-devel libwraster2 libwraster2-devel libwraster2-static-devel Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package arts libarts libarts-devel Updated: Thu Dec 5 11:48:12 2002 Importance: bugfix %pre A bug in the arts spec removes /usr/lib/qt3/lib from /etc/ld.so.conf upon removal (which can be invoked during an upgrade as well). This update fixes the problem. %description aRts is a short form for "analog realtime synthesizer". The idea of the whole thing is to create/process sound using small modules which do certain tasks. These may be create a waveform (oscillators), play samples, filter data, add signals, perform effects like delay/flanger/chorus, or output the data to the soundcard. %package devfsd Updated: Thu Dec 5 11:48:12 2002 Importance: bugfix %pre A problem exists with devfsd handling of ida devices (aka compaq smart array). The system will not boot if "devfs=mount" is passed to the kernel on the boot loaded command line. The system will boot, however, if "devfs=nomount" is passed to the kernel. Devfsd would incorrectly set the old ida compatibility links to device entries in /dev. This new package corrects this problem. These new packages provide a fix for mylex devices. %description The devfsd programme is a daemon, run by the system boot scripts which can provide for intelligent management of device entries in the Device Filesystem (devfs). As part of its setup phase devfsd creates certain symbolic links which are compiled into the code. These links are required by /usr/src/linux/Documentation/devices.txt. This behaviour may change in future revisions. devfsd will read the special control file .devfsd in a mounted devfs, listening for the creation and removal of device entries (this is termed a change operation). For each change operation, devfsd can take many actions. The daemon will normally run itself in the background and send messages to syslog. The opening of the syslog service is automatically delayed until /dev/log is created. At startup, before switching to daemon mode, devfsd will scan the mounted device tree and will generate synthetic REGISTER events for each leaf node. %package wget Updated: Wed Dec 11 12:12:40 2002 Importance: security %pre A vulnerability in all versions of wget prior to and including 1.8.2 was discovered by Steven M. Christey. The bug permits a malicious FTP server to create or overwriet files anywhere on the local file system by sending filenames beginning with "/" or containing "/../". This can be used to make vulnerable FTP clients write files that can later be used for attack against the client machine. %description GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. %package libmysql10 libmysql10-devel MySQL MySQL-bench MySQL-client MySQL-Max Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package urpmi gurpmi urpmi-parallel-ka-run urpmi-parallel-ssh Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Updated urpmi and mdkonline packages are available for 8.1 and 8.2. These updates bump up the version of urpmi and mdkonline to those found in Mandrake Linux 9.0, which offer more features and better support for updating packages via urpmi and Mandrake Online. Updated urpmi packages for 9.0 fix a bug where urpmi would not follow symlinks when downloading files; urpmi would download the symlink instead of the file it pointed to. Finally, for users of Mandrake Linux 8.1: The synthesis hdlist format has changed so updating packages may be timely until urpmi can retrieve new-style synthesis lists. This is done when a urpmi media has been updated via urpmi.update. Until a new synthesis file has been retrieved, urpmi will use the larger hdlist file. Additional required perl libraries have been packed with this update that are required for urpmi and mdkonline to operate properly so be sure to install listed files for your particular distribution. Please see: http://www.mandrakesecure.net/en/advisory.php?name=MDKA-2002:022 for more information. %description urpmi takes care of dependencies between rpms, using a pool (or pools) of rpms. You can compare rpm vs. urpmi with insmod vs. modprobe %package mdkonline Updated: Tue Dec 24 10:22:12 2002 Importance: bugfix %pre Updated urpmi and mdkonline packages are available for 8.1 and 8.2. These updates bump up the version of urpmi and mdkonline to those found in Mandrake Linux 9.0, which offer more features and better support for updating packages via urpmi and Mandrake Online. Updated urpmi packages for 9.0 fix a bug where urpmi would not follow symlinks when downloading files; urpmi would download the symlink instead of the file it pointed to. Finally, for users of Mandrake Linux 8.1: The synthesis hdlist format has changed so updating packages may be timely until urpmi can retrieve new-style synthesis lists. This is done when a urpmi media has been updated via urpmi.update. Until a new synthesis file has been retrieved, urpmi will use the larger hdlist file. Additional required perl libraries have been packed with this update that are required for urpmi and mdkonline to operate properly so be sure to install listed files for your particular distribution. Please see: http://www.mandrakesecure.net/en/advisory.php?name=MDKA-2002:022 for more information. %description The Mandrake Online tool is designed for registered users who want to upload their configuration (packages, hardware infos). This allows them to be kept informed about security updates, hardware support/enhancements and other high value services. %package cups cups-common cups-serial libcups1 libcups1-devel Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package xpdf Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre The pdftops filter found in both the xpdf and CUPS packages suffers from an integer overflow that can be exploited to gain the privilege of the victim user. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package dhcpcd Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables and DHCP assignment information. The way quotes are handled inside these assignments is flawed, and a malicious DHCP server can execute arbitrary shell commands on the vulnerable DHCP client system. This can also be exploited by an attacker able to spoof DHCP responses. Mandrake Linux packages contain a sample /etc/dhcpc/dhcpcd.exe file and encourages all users to upgrade immediately. Please note that when you do upgrade, you will have to restart the network for the changes to take proper effect by issuing "service network restart" as root. %description dhcpcd is an implementation of the DHCP client specified in draft-ietf-dhc-dhcp-09 (when -r option is not speci- fied) and RFC1541 (when -r option is specified). It gets the host information (IP address, netmask, broad- cast address, etc.) from a DHCP server and configures the network interface of the machine on which it is running. It also tries to renew the lease time according to RFC1541 or draft-ietf-dhc-dhcp-09. %package arts kdeaddons kdeadmin kdeartwork kdebase kdebase-devel kdebase-nsplugins kdeedu kdegames kdegames-devel kdegraphics kdegraphics-devel kdelibs kdelibs-devel kdemultimedia kdemultimedia-aktion kdemultimedia-devel kdenetwork kdenetwork-devel kdepim kdepim-devel kdesdk kdesdk-devel kdetoys kdetoys-devel kdeutils kdeutils-devel libarts libarts-devel lisa Updated: Mon Jan 13 10:04:51 2003 Importance: security %pre Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. It is possible for arbitrary command execution on a vulnerable system with the privileges of the victim's account. The code audit by the KDE team resulted in patches for KDE 2.2.2 and KDE 3; version 3.0.5a was released and the KDE team encourages the upgrade. The listed KDE2 packages have the KDE team's patches applied to provide the fixed code. %description Part of the KDE3 package suite. %package leafnode Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A vulnerability was discovered by Jan Knutar in leafnode that Mark Brown pointed out could be used in a Denial of Service attack. This vulnerability causes leafnode to go into an infinite loop with 100% CPU use when an article that has been crossposed to several groups, one of which is the prefix of another, is requested by it's Message-ID. This vulnerability was introduced in 1.9.20 and fixed upstream in version 1.9.30. Only Mandrake Linux 9.0 is affected by this, but version 1.9.19 (which shipped with Mandrake Linux 8.2) is receiving an update due to critical bugs in it that can corrupt parts of its news spool under certain circumstances. %description Leafnode is a small NNTP server for leaf sites without permanent connection to the internet. It supports a subset of NNTP and is able to automatically fetch the newsgroups the user reads regularly from the newsserver of the ISP. %package libldap2 libldap2-devel libldap2-devel-static openldap openldap-back_dnssrv openldap-back_ldap openldap-back_passwd openldap-back_sql openldap-clients openldap-guide openldap-migration openldap-servers Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package dhcp-common dhcp-client dhcp-devel dhcp-relay dhcp-server Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package cups-drivers foomatic ghostscript ghostscript-module-X gimpprint libgimpprint1 libgimpprint1-devel libijs0 libijs0-devel omni printer-filters printer-testpages printer-utils Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package libieee1284_3 libieee1284_3-devel libieee1284_3-static-devel Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre A number of bugs are fixed in new sane and sane-related packages. A number of new models of scanners are now supported, and a serious bug was fixed with the Epson Perfection 1260 support, which in older versions of sane could potentially physically damage the scanner. A new library is also provided (libieee1284) which provides additional support for parallel port scanners. %description libieee1284 is a cross-platform library for parallel port access %package libsane1 libsane1-devel sane-backends Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre A number of bugs are fixed in new sane and sane-related packages. A number of new models of scanners are now supported, and a serious bug was fixed with the Epson Perfection 1260 support, which in older versions of sane could potentially physically damage the scanner. A new library is also provided (libieee1284) which provides additional support for parallel port scanners. %description SANE (Scanner Access Now Easy) is a sane and simple interface to both local and networked scanners and other image acquisition devices like digital still and video cameras. SANE currently includes modules for accessing a range of scanners, including models from Agfa SnapScan, Apple, Artec, Canon, CoolScan, Epson, HP, Microtek, Mustek, Nikon, Siemens, Tamarack, UMAX, Connectix, QuickCams and other SANE devices via network. For the latest information on SANE, the SANE standard definition, and mailing list access, see http://www.mostang.com/sane/ This package does not enable network scanning by default; if you wish to enable it, read the saned(1) manpage. %package sane-frontends Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre A number of bugs are fixed in new sane and sane-related packages. A number of new models of scanners are now supported, and a serious bug was fixed with the Epson Perfection 1260 support, which in older versions of sane could potentially physically damage the scanner. A new library is also provided (libieee1284) which provides additional support for parallel port scanners. %description This is the xscanimage program, used to scan images using SANE, either standalone or as a gimp plugin. Also includes xcam. %package xsane xsane-gimp Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre A number of bugs are fixed in new sane and sane-related packages. A number of new models of scanners are now supported, and a serious bug was fixed with the Epson Perfection 1260 support, which in older versions of sane could potentially physically damage the scanner. A new library is also provided (libieee1284) which provides additional support for parallel port scanners. %description XSane is an X based interface for the SANE (Scanner Access Now Easy) library, which provides access to scanners, digital cameras, and other capture devices. XSane is written in GTK+ and provides control for performing the scan and then manipulating the captured image. You may install xsane-gimp if you want the GIMP plug-in. %package fetchmail fetchmail-daemon fetchmailconf Updated: Mon Jan 27 10:55:12 2003 Importance: security %pre A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package vim-common vim-enhanced vim-minimal vim-X11 Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package libmysql10 libmysql10-devel MySQL MySQL-bench MySQL-client MySQL-Max Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package kernel kernel-BOOT kernel-doc kernel-enterprise kernel-secure kernel-smp kernel-source Updated: Tue Feb 4 15:47:45 2002 Importance: bugfix %pre An updated kernel for 9.0 is available with a number of bug fixes. Supermount has been completely overhauled and should be solid on all systems. Other fixes include XFS with high memory, a netfilter fix, a trap fix, a fix for Sony VAIO DMI, i845 should now work with UDMA, and new support for VIA C3 is included. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. kernel kernel-BOOT kernel-doc kernel-enterprise kernel-secure kernel-smp kernel-source %package slocate Updated: Wed Feb 5 11:20:44 2002 Importance: security %pre A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7. %description Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (updated regularly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system. %package libecpg3 libpgperl libpgsql2 libpgsqlodbc0 libpgtcl2 postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-python postgresql-server postgresql-tcl postgresql-test postgresql-tk Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package util-linux mount losetup Updated: Thu Feb 13 11:04:12 2003 Importance: security %pre The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out. %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. %package pam pam-devel pam-doc Updated: Tue Feb 18 11:33:12 2003 Importance: security %pre Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker. %description PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. %package apcupsd Updated: Tue Feb 18 11:33:12 2003 Importance: security %pre A remote root vulnerability in slave setups and some buffer overflows in the network information server code were discovered by the apcupsd developers. They have been fixed in the latest unstable version, 3.10.5 which contains additional enhancements like USB support, and the latest stable version, 3.8.6. There are a few changes that need to be noted, such as the port has changed from port 7000 to post 3551 for NIS, and the new config only allows access from the localhost. Users may need to modify their configuration files appropriately, depending upon their configuration. %description UPS power management under Linux for APCC Products. It allows your computer/server to run during power problems for a specified length of time or the life of the batteries in your BackUPS, BackUPS Pro, SmartUPS v/s, or SmartUPS, and then properly executes a controlled shutdown during an extended power failure. %package php php-common php-devel php-pear Updated: Wed Feb 19 15:00:52 2003 Importance: security %pre A buffer overflow was discovered in the wordwrap() function in versions of PHP greater than 4.1.2 and less than 4.3.0. Under certain circumstances, this buffer overflow can be used to overwite heap memory and could potentially lead to remote system compromise. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. This package contains a standalone (CGI) version of php. You must also install php4-common. If you need apache module support, you also need to install the mod_php package %package openssl libopenssl0 libopenssl0-devel libopenssl0-static-devel Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package ftp-client-krb5 ftp-server-krb5 krb5-devel krb5-libs krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package tightvnc tightvnc-doc tightvnc-server Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. %description The enhanced version of VNC, called TightVNC (grown from the VNC Tight Encoder project), which is optimized to work over slow network connections such as low-speed modem links. While original VNC may be very slow when your connection is not fast enough, with TightVNC you can work remotely almost in real time in most environments. Besides bandwidth optimizations, TightVNC also includes many other improvements, optimizations and bugfixes over VNC. Note that TightVNC is free, cross-platform and compatible with the standard VNC. %package lynx Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting. %description This a terminal based WWW browser. While it does not make any attempt at displaying graphics, it has good support for HTML text formatting, forms, and tables. This version includes support for SSL encryption. WARNING: In some countries, it is illegal to export this package. In some countries, it may even be illegal to use it. %package webmin Updated: Wed Feb 26 09:04:31 2003 Importance: security %pre A vulnerability was discovered in webmin by Cintia M. Imanishi, in the miniserv.pl program, which is the core server of webmin. This vulnerability allows an attacker to spoof a session ID by including special metacharacters in the BASE64 encoding string used during the authentication process. This could allow an attacker to gain full administrative access to webmin. MandrakeSoft encourages all users to upgrade immediately. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package shadow-utils Updated: Wed Feb 26 09:04:31 2003 Importance: security %pre The shadow-utils package contains the tool useradd, which is used to create or update new user information. When useradd creates an account, it would create it with improper permissions; instead of having it owned by the group mail, it would be owned by the user's primary group. If this is a shared group (ie. "users"), then all members of the shared group would be able to obtain access to the mail spools of other members of the same group. A patch to useradd has been applied to correct this problem. %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %package tcpdump Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package libpcap0 libpcap0-devel Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets. %description Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this system-independent API to ease in porting and to alleviate the need for several system-dependent packet capture modules in each application. %package sendmail sendmail-cf sendmail-doc sendmail-devel Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. %description Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package snort snort-bloat snort-mysql+flexresp snort-mysql snort-plain+flexresp snort-postgresql+flexresp snort-postgresql snort-snmp+flexresp snort-snmp Updated: Thu Mar 6 10:11:02 2003 Importance: security %pre A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-1.9.1 %package file Updated: Thu Mar 6 10:24:39 2003 Importance: security %pre A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file. %description The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. You should install the file package, since the file command is such a useful utility. %package nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package zlib1 zlib1-devel Updated: Tue Mar 18 11:28:18 2003 Importance: security %pre Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3). %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package e2fsprogs libext2fs2 libext2fs-devel Updated: Mon Mar 24 10:56:06 2003 Importance: normal %pre The ext2/ext3 partition format in Mandrake Linux 9.1 is not compatible with older Mandrake Linux releases, so new packages are available for some older distributions so that, for example, a 9.0 system can mount a 9.1-formatted ext2 or ext3 partition. %description The e2fsprogs package contains a number of utilities for creating, checking, modifying and correcting any inconsistencies in second extended (ext2) filesystems. E2fsprogs contains e2fsck (used to repair filesystem inconsistencies after an unclean shutdown), mke2fs (used to initialize a partition to contain an empty ext2 filesystem), debugfs (used to examine the internal structure of a filesystem, to manually repair a corrupted filesystem or to create test cases for e2fsck), tune2fs (used to modify filesystem parameters) and most of the other core ext2fs filesystem utilities. You should install the e2fsprogs package if you need to manage the performance of an ext2 filesystem. %package rxvt rxvt-CJK rxvt-devel Updated: Mon Mar 24 11:03:32 2003 Importance: security %pre Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. %description Rxvt is a color VT102 terminal emulator for the X Window System. Rxvt is intended to be an xterm replacement for users who don't need the more esoteric features of xterm, like Tektronix 4014 emulation, session logging and toolkit style configurability. Since it doesn't support those features, rxvt uses much less swap space than xterm uses. This is a significant advantage on a machine which is serving a large number of X sessions. The rxvt package should be installed on any machine which serves a large number of X sessions, if you'd like to improve that machine's performance. This version of rxvt can display Japanese, Chinese (Big5 and GuoBiao) and Korean. %package openssl libopenssl0 libopenssl0-devel libopenssl0-static-devel Updated: Mon Mar 24 12:05:31 2003 Importance: security %pre Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the "Bleichenbacher attack" on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package netpbm libnetpbm9 libnetpbm9-devel libnetpbm9-static-devel Updated: Mon Mar 24 13:35:23 2003 Importance: security %pre Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package glibc glibc-devel glibc-doc glibc-doc-pdf glibc-i18ndata glibc-profile glibc-static-devel glibc-utils ldconfig nscd timezone Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package kernel-2.4.19.32mdk kernel-BOOT-2.4.19.32mdk kernel-enterprise-2.4.19.32mdk kernel-secure-2.4.19.32mdk kernel-smp-2.4.19.32mdk kernel-source Updated: Thu Mar 27 11:25:46 2003 Importance: security %pre A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute: echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content "/sbin/modprobe" in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. This update applies a patch to correct the problem. All users should upgrade. Please note that the Mandrake Linux 9.1 kernel already has this patch, and an updated kernel for Mandrake Linux 8.2 will be available shortly. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package Eterm Eterm-devel Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including Eterm. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. These issues are corrected in Eterm 0.9.2, which is already included in Mandrake Linux 9.1. %description Eterm is a color vt102 terminal emulator intended as a replacement for Xterm. It is designed with a Freedom of Choice philosophy, leaving as much power, flexibility, and freedom as possible in the hands of the user. It is designed to look good and work well, but takes a feature-rich approach rather than one of minimalism while still maintaining speed and efficiency. BlackBox, 4DWM, CDE, KDE, GNOME, fvwm, and even twm, although it is designed to work and integrate best with Enlightenment. %package libast1 libast1-devel Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including Eterm. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. These issues are corrected in Eterm 0.9.2, which is already included in Mandrake Linux 9.1. %description LibAST is the Library of Assorted Spiffy Things. It contains various handy routines and drop-in substitutes for some good-but-non-portable functions. It currently has a built-in memory tracking subsystem as well as some debugging aids and other similar tools. It's not documented yet, mostly because it's not finished. Hence the version number that begins with 0. %package mutt Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre A vulnerability was discovered in the mutt text-mode email client in the IMAP code. This vulnerability can be exploited by a malicious IMAP server to crash mutt or even execute arbitrary code with the privilege of the user running mutt. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package sendmail sendmail-cf sendmail-devel sendmail-doc Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package ftp-client-krb5 ftp-server-krb5 krb5-devel krb5-libs krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package evolution evolution-pilot libevolution0 libevolution0-devel Updated: Mon Apr 14 19:47:33 2003 Importance: security %pre Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources. %description Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. %package kdebase kdebase-devel kdebase-nsplugins Updated: Wed Apr 16 22:27:53 2003 Importance: security %pre A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails. All users are encouraged to upgrade to these new kdegraphics, kdebase, and kdelibs packages that contain patches to correct the problem. This issue is corrected upstream in KDE 3.0.5b and KDE 3.1.1a. %description Core applications for the K Desktop Environment. Here is an overview of the directories: - drkonqi: if ever an app crashes (heaven forbid!) then Dr.Konqi will be so kind and make a stack trace. This is a great help for the developers to fix the bug. - kappfinder: searches your hard disk for non-KDE applications, e.g. Acrobat Reader (tm) and installs those apps under the K start button - kate: a fast and advanced text editor with nice plugins - kcheckpass: small program to enter and check passwords, only to be used by other programs - kcontrol: the KDE Control Center allows you to tweak the KDE settings - kdcop: GUI app to browse for DCOP interfaces, can also execute them - kdebugdialog: allows you to specify which debug messages you want to see - kdeprint: the KDE printing system - kdesktop: you guessed it: the desktop above the panel - kdesu: a graphical front end to "su" - kdm: replacement for XDM, for those people that like graphical logins - kfind: find files - khelpcenter: the app to read all great documentation about KDE - khotkeys: intercepts keys and can call applications - kicker: the panel at the botton with the K start button and the taskbar etc - kioslave: infrastructure that helps make every application internet enabled e.g. to directly save a file to ftp://place.org/dir/file.txt - klipper: enhances and extenses the X clipboard - kmenuedit: edit for the menu below the K start button - konqueror: the file manager and web browser you get easily used to - konsole: a shell program similar to xterm - kpager: applet to show the contents of the virtual desktops - kpersonalizer: the customization wizard you get when you first start KDE - kreadconfig: a tool for shell scripts to get info from KDE's config files - kscreensaver: the KDE screensaver environment and lot's of savers - ksmserver: the KDE session manager (saves program status on login, restarts those program at the next login) - ksplash: the screen displayed while KDE starts - kstart: to launch applications with special window properties such as iconified etc - ksysguard: task manager and system monitor, even for remote systems - ksystraycmd: allows to run any application in the system tray - ktip: gives you tips how to use KDE - kwin: the KDE window manager - kxkb: a keyboard map tool - legacyimport: odd name for a cute program to load GTK themes - libkonq: some libraries needed by Konqueror - nsplugins: together with OSF/Motif or Lesstif allows you to use Netscape (tm) plugins in Konqueror %package kdelibs kdelibs-devel Updated: Wed Apr 16 22:27:53 2003 Importance: security %pre A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails. All users are encouraged to upgrade to these new kdegraphics, kdebase, and kdelibs packages that contain patches to correct the problem. This issue is corrected upstream in KDE 3.0.5b and KDE 3.1.1a. %description Libraries for the K Desktop Environment. %package kdegraphics kdegraphics-devel Updated: Wed Apr 16 22:27:53 2003 Importance: security %pre Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package ldetect ldetect-devel Updated: Thu Apr 24 00:03:32 2003 Importance: normal %pre Previous ldetect packages could freeze systems when harddrake probed for PCI information on the computer. This only occured rarely on some systems, when reading too much data from the PCI configuration space would result in a freeze of the system. This has been fixed in the ldetect engine by not buffering such reads, and only to read as many bytes as required from the PCI configuration space as exported by the kernel in/proc/bus/pci/*/*. %description The hardware device lists provided by this package are used as lookup table to get hardware autodetection %package snort snort-bloat snort-mysql+flexresp snort-mysql snort-plain+flexresp snort-postgresql+flexresp snort-postgresql snort-snmp+flexresp snort-snmp Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package libldap2 libldap2-devel libldap2-devel-static openldap openldap-back_dnssrv openldap-back_ldap openldap-back_passwd openldap-back_sql openldap-clients openldap-guide openldap-migration openldap-servers Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package mgetty mgetty-contrib mgetty-sendfax mgetty-viewfax mgetty-voice Updated: Tue May 6 10:47:08 2003 Importance: security %pre Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented. %description The mgetty package contains a "smart" getty which allows logins over a serial line (i.e., through a modem). If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a modem, you should install the mgetty package. If you'd like to send faxes using mgetty and your modem, you'll need to install the mgetty-sendfax program. If you need a viewer for faxes, you'll also need to install the mgetty-viewfax package. %package man Updated: Tue May 6 10:47:08 2003 Importance: security %pre A difficult to exploit vulnerability was discovered in versions of man prior to 1.51. A bug exists in man that could caus a program named "unsafe" to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called "unsafe" that would be located somewhere in the victim's path. %description The man package includes three tools for finding information and/or documentation about your Linux system: man, apropos and whatis. The man system formats and displays on-line manual pages about commands or functions on your system. Apropos searches the whatis database (containing short descriptions of system commands) for a string. Whatis searches its own database for a complete word. The man package should be installed on your system because it is the primary way for find documentation on a Mandrake Linux system. %package xinetd xinetd-ipv6 Updated: Thu May 14 09:45:51 2003 Importance: security %pre A vulnerability was discovered in xinetd where memory was allocated and never freed if a connection was refused for any reason. Because of this bug, an attacker could crash the xinetd server, making unavailable all of the services it controls. Other flaws were also discovered that could cause incorrect operation in certain strange configurations. These issues have been fixed upstream in xinetd version 2.3.11 which are provided in this update. %description xinetd is a powerful replacement for inetd. xinetd has access control machanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. xinetd has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use ip masquerading, or NAT, and want to be able to reach your internal hosts. xinetd also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. %package libmysql10 libmysql10-devel MySQL MySQL-Max MySQL-bench MySQL-client Updated: Thu May 14 09:45:51 2003 Importance: security %pre In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. This has been fixed upstream in version 3.23.56, which is provided for Mandrake Linux 9.0 and Corporate Server 2.1 users. The other updated packages have been patched to correct this issue. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package cdrecord cdrecord-cdda2wav cdrecord-devel cdrecord-dvdhack mkisofs Updated: Thu May 15 09:46:59 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package cdrecord cdrecord-cdda2wav cdrecord-devel cdrecord-dvdhack mkisofs Updated: Wed May 21 14:00:00 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. Two additional format string problems were discovered by Olaf Kirch and an updated patch has been applied to fix those problems as well. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package LPRng Updated: Wed May 21 12:51:56 2003 Importance: security %pre Karol Lewandowski discovered a problem with psbanner, a printer filter that creates a PostScript format banner. psbanner creates a temporary file for debugging purposes when it is configured as a filter, and does not check whether or not this file already exists or is a symlink. The filter will overwrite this file, or the file it is pointing to (if it is a symlink) with its current environment and called arguments with the user id that LPRng is running as. %description The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. While providing the same interface and meeting RFC1179 requirements, the implementation is completely new and provides support for the following features: lightweight (no databases needed) lpr, lpc, and lprm programs; dynamic redirection of print queues; automatic job holding; highly verbose diagnostics; multiple printers serving a single queue; client programs do not need to run SUID root; greatly enhanced security checks; and a greatly improved permission and authorization mechanism. The source software compiles and runs on a wide variety of UNIX systems, and is compatible with other print spoolers and network printers that use the LPR interface and meet RFC1179 requirements. LPRng provides emulation packages for the SVR4 lp and lpstat programs, eliminating the need for another print spooler package. These emulation packages can be modified according to local requirements, in order to support vintage printing systems. For users that require secure and/or authenticated printing support, LPRng supports Kerberos V, MIT Kerberos IV Print Support, and PGP authentication. LPRng is being adopted by MIT for use as their Campus Wide printing support system. Additional authentication support is extremely simple to add. %package gnupg Updated: Thu May 22 10:06:09 2003 Importance: security %pre A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package cups cups-common cups-serial libcups1 libcups1-devel Updated: Wed May 28 20:33:38 2003 Importance: security %pre A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default). This vulnerability has been fixed upstream in CUPS 1.1.19 and previous versions have been fixed to correct the problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package kon2 Updated: Thu Jun 5 12:23:04 2003 Importance: security %pre A vulnerability was discovered in kon2, a Kanji emulator for the console. A buffer overflow in the command line parsing can be exploited, leading to local users being able to gain root privileges. These updated packages provide a fix for this vulnerability. %description KON displays kanji characters on Linux console screen. It is launched like a shell, so you should put at the very end of your ~/.profile something like: TTY=`tty | cut -b-8 2> /dev/null` if [ "$TTY" = "/dev/tty" ]; then exec kon fi %package cups-drivers foomatic ghostscript ghostscript-module-X gimpprint libgimpprint1 libgimpprint1-devel libijs0 libijs0-devel omni printer-filters printer-testpages printer-utils Updated: Tue Jun 10 01:19:25 2003 Importance: security %pre A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package gzip Updated: Mon Jun 16 10:44:33 2003 Importance: security %pre A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for gzexe which had been applied previously was incomplete. It has been fixed to make full use of mktemp everywhere a temporary file is created. The znew problem was initially reported by Michal Zalewski and was again reported more recently to Debian by Paul Szabo. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandrake Linux system, because it is a very commonly used data compression program. %package BitchX Updated: Mon Jun 16 23:15:00 2003 Importance: security %pre A Denial Of Service (DoS) vulnerability was discovered in BitchX that would allow a remote attacker to crash BitchX by changing certain channel modes. This vulnerability has been fixed in CVS and patched in the released updates. %description This is the bleeding edge of IRC software -- the most common functions normally done by scripts are coded into the client itself. It contains dozens of features such as: * Built-in ANSI color (this is probably the biggest feature) * Ease of use -- dozens of useful command aliases to reduce typing * Built-in notify, protection, and bot lists * Built-in mass commands and tools * Extended set of DCC commands and built-in CDCC offering * Extended scripting functionality, including unique functions * Code is based on ircII-Plutonium and more recent ircII-EPiC %package xpdf Updated: Thu Jun 27 23:07:12 2003 Importance: security %pre Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document, that, if followed could execute arbitary shell commands with the privileges of the person viewing the PDF document. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package ypserv Updated: Thu Jun 27 23:07:12 2003 Importance: security %pre A vulnerability was found in versions of ypserv prior to version 2.7. If a malicious client were to query ypserv via TCP and subsequently ignore the server's response, ypserv will block attempting to send the reply. The result is that ypserv will fail to respond to other client requests. ypserv 2.7 and above have been altered to fork a child for each client request, which prevents any one request from causing the server to block. %description The Network Information Service (NIS) is a system which provides network information (login names, passwords, home directories, group information) to all of the machines on a network. NIS can enable users to login on any machine on the network, as long as the machine has the NIS client programs running and the user's password is recorded in the NIS passwd database. NIS was formerly known as Sun Yellow Pages (YP). This package provides the NIS server, which will need to be running on your network. NIS clients do not need to be running the server. Install ypserv if you need an NIS server for your network. You'll also need to install the yp-tools and ypbind packages onto any NIS client machines. %package unzip Updated: Mon Jul 07 10:22:28 2003 Importance: security %pre A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence. The patch applied to these packages prevents unzip from writing to parent directories unless the "-:" command line option is used. %description unzip will list, test, or extract files from a ZIP archive, commonly found on MS-DOS systems. A companion program, zip, creates ZIP archives; both programs are compatible with archives created by PKWARE's PKZIP and PKUNZIP for MS-DOS, but in many cases the program options or default behaviors differ. This version also has encryption support. %package nfs-utils nfs-utils-clients Updated: Mon Jul 21 09:58:12 2003 Importance: security %pre An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package kernel kernel-BOOT kernel-doc kernel-enterprise kernel-secure kernel-smp kernel-source Updated: Tue Jul 15 09:58:12 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. * CAN-2003-0476: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package phpgroupware Updated: Tue Jul 22 17:02:51 2003 Importance: security %pre Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is being actively exploited. Version 0.9.14.005 fixed several other vulnerabilities including cross-site scripting issues that can be exploited to obtain sensitive information such as authentication cookies. This update provides the latest stable version of phpgroupware and all users are encouraged to update immediately. In addition, you should also secure your installation by including the following in your Apache configuration files: Order allow,deny Deny from all %description phpgroupware is a web-based groupware suite written in PHP. It provides calendar, todo-list, addressbook, email and a news reader. It also provides an APi for developikng additional applications. See the phpgroupware apps project for add-on apps. %package mpg123 Updated: Wed Jul 23 13:47:33 2003 Importance: security %pre A vulnerability in the mpg123 mp3 player could allow local and/or remote attackers to cause a DoS and possibly execute arbitrary code via an mp3 file with a zero bitrate, which causes a negative frame size. %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org/ %package kdelibs kdelibs-devel Updated: Wed Jul 30 10:52:55 2003 Importance: security %pre A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/. The provided packages have a patch that corrects this issue. %description Libraries for the K Desktop Environment. %package postfix Updated: Sun Aug 03 20:36:58 2003 Importance: security %pre Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. Versions prior to 1.1.12 would allow an attacker to bounce- scan private networks or use the daemon as a DDoS (Distributed Denial of Service) tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by timing. As well, versions prior to 1.1.12 have a bug where a malformed envelope address can cause the queue manager to lock up until an entry is removed from the queue and also lock up the SMTP listener leading to a DoS. Postfix version 1.1.13 corrects these issues. The provided packages have been patched to fix the vulnerabilities. %description Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. This rpm supports LDAP, SMTP AUTH (trough cyrus-sasl) and TLS. If you need MySQL too, rebuild the srpm --with mysql. %package php php-common php-devel php-pear Updated: Sun Aug 03 20:58:59 2003 Importance: security %pre A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442). As well, two vulnerabilities had not been patched in the PHP packages included with Mandrake Linux 8.2: The mail() function did not filter ASCII control filters from its arguments, which could allow an attacker to modify the mail message content (CAN-2002-0986). Another vulnerability in the mail() function would allow a remote attacker to bypass safe mode restrictions and modify the command line arguments passed to the MTA in the fifth argument (CAN-2002-0985). All users are encouraged to upgrade to these patched packages. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package eroaster Updated: Tue Aug 19 10:24:20 2003 Importance: security %pre A vulnerability was discovered in eroaster where it does not take any security precautions when creating a temporary file for the lockfile. This vulnerability could be exploited to overwrite arbitrary files with the privileges of the user running eroaster. %description A graphical front end to cdrecord and mkisofs. - Writes data and audio cd's on the fly - read data and audio cd's - drag and drop support - nice user interface - auto selection of files to fill cd - auto conversion of mp3 files to wav files %package perl-CGI Updated: Wed Aug 20 14:00:24 2003 Importance: security %pre Eye on Security found a cross-site scripting vulnerability in the start_form() function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the site. %description This perl library uses perl5 objects to make it easy to create Web fill-out forms and parse their contents. This package defines CGI objects, entities that contain the values of the current query string and other state variables. Using a CGI object's methods, you can examine keywords and parameters passed to your script, and create forms whose initial values are taken from the current query (thereby preserving state information). %package gdm gdm-Xnest Updated: Thu Aug 21 11:46:07 2003 Importance: security %pre Several vulnerabilities were discovered in versions of gdm prior to 2.4.1.6. The first vulnerability is that any user can read any text file on the system due to code originally written to be run as the user logging in was in fact being run as the root user. This code is what allows the examination of the ~/.xsession-errors file. If a user makes a symlink from this file to any other file on the system during the session and ensures that the session lasts less than ten seconds, the user can read the file provided it was readable as a text file. Another two vulnerabilities were found in the XDMCP code that could be exploited to crash the main gdm daemon which would inhibit starting any new sessions (although the current session would be unaffected). The first problem here is due to the indirect query structure being used right after being freed due to a missing 'continue' statement in a loop; this happens if a choice of server expired and the client tried to connect. The second XDMCP problem is that when authorization data is being checked as a string, the length is not checked first. If the data is less than 18 bytes long, the daemon may wander off the end of the string a few bytes in the strncmp which could cause a SEGV. These updated packages bring gdm to version 2.4.1.6 which is not vulnerable to any of these problems. Also note that XDMCP support is disabled by default in gdm. %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package sendmail sendmail-cf sendmail-doc sendmail-devel Updated: Mon Aug 25 18:11:35 2003 Importance: security %pre A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash. These updated packages are patched to fix the problem. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xnest XFree86-Xvfb XFree86-cyrillic-fonts XFree86-devel XFree86-doc XFree86-glide-module XFree86-libs XFree86-server XFree86-static-libs XFree86-xfs Updated: Thu Sep 11 11:21:57 2003 Importance: security %pre Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients. As well, some bugs were fixed in XFree86 as released with Mandrake Linux 9.2, specifically a problem where X would freeze with a black screen at logout or shutdown with DRI enabled on certain ATI Radeon cards. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install XFree86-devel. %package openssh openssh-clients openssh-server openssh-askpass openssh-askpass-gnome Updated: Tue Sep 16 13:33:21 2003 Importance: security %pre A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package kdebase kdebase-devel kdebase-nsplugins Updated: Tue Sep 16 18:11:59 2003 Importance: security %pre A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3. KDM does not check for successful completion of the pam_setcred() call and in the case of error conditions in the installed PAM modules, KDM may grant local root access to any user with valid login credentials. It has been reported to the KDE team that a certain configuration of the MIT pam_krb5 module can result in a failing pam_setcred() call which leaves the session alive and would provide root access to any regular user. It is also possible that this vulnerability can likewise be exploited with other PAM modules in a similar manner. Another vulnerability was discovered in kdm where the cookie session generating algorithm was considered too weak to supply a full 128 bits of entropy. This allowed unauthorized users to brute-force the session cookie. mdkkdm, a specialized version of kdm, is likewise vulnerable to these problems and has been patched as well. %description Core applications for the K Desktop Environment. %package sendmail sendmail-cf sendmail-devel sendmail-doc Updated: Wed Sep 17 18:52:50 2003 Importance: security %pre A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CAN-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package gtkhtml libgtkhtml20 libgtkhtml20-devel Updated: Thu Sep 18 18:13:23 2003 Importance: security %pre Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a null pointer dereference in the GtkHTML library, versions prior to 1.1.0. The updated package provides a patched version of GtkHTML; versions of Mandrake Linux more recent than 9.0 do not require this fix as they already come with version 1.1.0. %description GtkHTML is a HTML rendering/editing library. GtkHTML is not designed to be the ultimate HTML browser/editor: instead, it is designed to be easily embedded into applications that require lightweight HTML functionality. GtkHTML was originally based on KDE's KHTMLW widget, but is now developed independently of it. The most important difference between KHTMLW and GtkHTML, besides being GTK-based, is that GtkHTML is also an editor. Thanks to the Bonobo editor component that comes with the library, it's extremely simple to add HTML editing to an existing application. %package MySQL MySQL-Max MySQL-bench MySQL-client libmysql10 libmysql10-devel Updated: Thu Sep 18 18:13:23 2003 Importance: security %pre A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package libopenssl0 libopenssl0-devel libopenssl0-static-devel openssl Updated: Tue Sep 30 17:36:12 2003 Importance: security %pre Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CAN-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package libsane1 libsane1-devel sane-backends Updated: Thu Oct 09 10:23:50 2003 Importance: security %pre Several vulnerabilities were discovered in the saned daemon, a part of the sane package, which allows for a scanner to be used remotely. The IP address of the remote host is only checked after the first communication occurs, which causes the saned.conf restrictions to be ignored for the first connection. As well, a connection that is dropped early can cause Denial of Service issues due to a number of differing factors. Finally, a lack of error checking can cause various other unfavourable actions. The provided packages have been patched to correct the issues. sane, as distributed in Mandrake Linux 9.1 and higher, have versions where the fixes were applied upstream. %description SANE (Scanner Access Now Easy) is a sane and simple interface to both local and networked scanners and other image acquisition devices like digital still and video cameras. SANE currently includes modules for accessing a range of scanners, including models from Agfa SnapScan, Apple, Artec, Canon, CoolScan, Epson, HP, Microtek, Mustek, Nikon, Siemens, Tamarack, UMAX, Connectix, QuickCams and other SANE devices via network. For the latest information on SANE, the SANE standard definition, and mailing list access, see http://www.mostang.com/sane/ This package does not enable network scanning by default; if you wish to enable it, read the saned(1) manpage. %package libecpg3 libpgperl libpgsql2 libpgsqlodbc0 libpgtcl2 postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-python postgresql-server postgresql-tcl postgresql-test postgresql-tk Updated: Mon Nov 03 12:22:16 2003 Importance: security %pre Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitray instructions on the PostgreSQL server. The provided packages are patched to protect against this vulnerability and all users are encouraged to upgrade immediately. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package apache apache-common apache-devel apache-manual apache-modules apache-source Updated: Mon Nov 03 12:22:16 2003 Importance: security %pre A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. Apache version 2.0.48 and 1.3.29 were released upstream to correct these bugs; backported patches have been applied to the provided packages. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package cups cups-common cups-serial libcups1 libcups1-devel Updated: Wed Nov 4 09:43:46 2003 Importance: security %pre A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in the Internet Printing Protocol (IPP) implementation would result in CUPS going into a busy loop, which could result in a Denial of Service (DoS) condition. To be able to exploit this problem, an attacker would need to be able to make a TCP connection to the IPP port (port 631 by default). The provided packages have been patched to correct this problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package hylafax hylafax-server hylafax-client libhylafax4.1.1 libhylafax4.1.1-devel Updated: Mon Nov 10 18:43:26 2003 Importance: security %pre During a code review of the hfaxd server, part of the hylafax package, the SuSE Security Team discovered a format bug condition that allows remote attackers to execute arbitrary code as root. Note that this bug cannot be triggered in the default configuration. Updated packages have been patched to correct the problem. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. You need this package if you are going to install hylafax-client and/or hylafax server. Most users want mgetty-voice to be installed too. %package fileutils Updated: Wed Nov 11 13:03:31 2003 Importance: security %pre A memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux). Likewise, a non-exploitable integer overflow problem was discovered in ls, which can be used to crash ls by specifying certain command-line arguments. This can also be triggered via remotely accessible services such as wu-ftpd. The provided packages include a patched ls to fix these problems. %description These are the GNU core utilities. This package is the union of the old GNU fileutils, sh-utils, and textutils packages. These tools're the GNU versions of common useful and popular file & text utilities which are used for: - file management - shell scripts - modifying text file (spliting, joining, comparing, modifying, ...) Most of these programs have significant advantages over their Unix counterparts, such as greater speed, additional options, and fewer arbitrary limits. The following tools're included: basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd df dir dircolors dirname du echo env expand expr factor false fmt fold ginstall groups head hostid hostname id join kill link ln logname ls md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort split stat stty su sum sync tac tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes %package glibc glibc-devel glibc-i18ndata glibc-profile glibc-static-devel glibc-utils ldconfig nscd timezone Updated: Tue Nov 18 10:28:12 2003 Importance: bugfix %pre A bug was discovered in the getgrouplist function in glibc that can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segementation faults in various user applications, some of which may lead to additional security problems. The problem can only be triggered if the user is in a larger number of groups than expected by an application. The provided packages are patched to address this issue. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package stunnel Updated: Tue Nov 25 09:12:53 2003 Importance: security %pre A vulnerability was discovered in stunnel versions 3.24 and earlier, as well as 4.00, by Steve Grubb. It was found that stunnel leaks a critical file descriptor that can be used to hijack stunnel's services. All users are encouraged to upgrade to these packages. Note that the version of stunnel provided with Mandrake Linux 9.1 and above is not vulnerable to this problem. %description The stunnel program is designed to work as SSL encryption wrapper between remote clients and local (inetd-startable) or remote servers. The concept is that having non-SSL aware daemons running on your system you can easily set them up to communicate with clients over secure SSL channels. stunnel can be used to add SSL functionality to commonly used inetd daemons like POP-2, POP-3, and IMAP servers, to standalone daemons like NNTP, SMTP and HTTP, and in tunneling PPP over network sockets without changes to the source code. %package gnupg Updated: Thu Nov 27 19:09:42 2003 Importance: bugfix %pre A severe vulnerability was discovered in GnuPG by Phong Nguyen relating to Elgamal sign+encrypt keys. From Werner Koch's email message: "Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds. Please *take immediate action and revoke your ElGamal signing keys*. Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key." And also: "Note that the standard keys as generated by GnuPG (DSA and ElGamal encryption) as well as RSA keys are NOT vulnerable. Note also that ElGamal signing keys cannot be generated without the use of a special flag to enable hidden options and even then overriding a warning message about this key type. See below for details on how to identify vulnerable keys." MandrakeSoft urges any users who use the ElGamal sign+encrypt keys to immediately revoke these keys and discontinue use of them. Updated packages are provided that remove the ability to create these keys and to create signatures using these keys (thanks to David Shaw for writing the patch). %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package kernel-2.4.19.36mdk kernel-enterprise-2.4.19.36mdk kernel-secure-2.4.19.36mdk kernel-smp-2.4.19.36mdk kernel-source-2.4.19.36mdk Updated: Mon Dec 01 11:05:15 2003 Importance: security %pre A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. A flaw in bounds checking in the do_brk() function can allow a local attacker to gain root privileges. This vulnerability is known to be exploitable; an exploit is in the wild at this time. The Mandrake Linux 9.2 kernels are not vulnerable to this problem as the fix for it is already present in those kernels. MandrakeSoft encourages all users to upgrade their systems immediately. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package rsync Updated: Thu Dec 04 13:12:29 2003 Importance: security %pre A vulnerability was discovered in all versions of rsync prior to 2.5.7 that was recently used in conjunction with the Linux kernel do_brk() vulnerability to compromise a public rsync server. This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code execution on the host running rsync as a server. Also note that this only affects hosts running rsync in server mode (listening on port 873, typically under xinetd). %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package cvs Updated: Mon Dec 08 15:07:00 2003 Importance: security %pre A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package screen Updated: Mon Dec 08 15:09:00 2003 Importance: security %pre A vulnerability was discovered and fixed in screen by Timo Sirainen who found an exploitable buffer overflow that allowed privilege escalation. This vulnerability also has the potential to allow attackers to gain control of another user's screen session. The ability to exploit is not trivial and requires approximately 2GB of data to be transferred in order to do so. Updated packages are available that fix the vulnerability. %description The screen utility allows you to have multiple logins on just one terminal. Screen is useful for users who telnet into a machine or are connected via a dumb terminal, but want to use more than just one login. Install the screen package if you need a screen manager that can support multiple logins on one terminal. %package lftp Updated: Mon Dec 15 09:57:14 2003 Importance: security %pre A buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels" command on specially prepared directory. This vulnerability exists in lftp versions 2.3.0 through 2.6.9 and is corrected upstream in 2.6.10. The updated packages are patched to protect against this problem. %description LFTP is a shell-like command line ftp client. The main two advantages over other ftp clients are reliability and ability to perform tasks in background. It will reconnect and reget the file being transferred if the connection broke. You can start a transfer in background and continue browsing on the ftp site. It does this all in one process. When you have started background jobs and feel you are done, you can just exit lftp and it automatically moves to nohup mode and completes the transfers. It has also such nice features as reput and mirror. %package X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-cyrillic-fonts XFree86-devel XFree86-doc XFree86-glide-module XFree86-libs XFree86-server XFree86-static-libs XFree86-xfs XFree86-Xnest XFree86-Xvfb Updated: Thu Dec 18 17:31:12 2003 Importance: security %pre XDM does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the pam_krb5 module. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package kernel kernel-enterprise kernel-secure kernel-smp kernel-source Updated: Wed Jan 07 21:30:25 2003 Importance: security %pre A flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous was discovered by Paul Starzetz. This flaw may be used to allow a local attacker to obtain root privilege. Another minor information leak in the RTC (real time clock) routines was fixed as well. All Mandrake Linux users are encouraged to upgrade to these packages immediately. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1) and bootloader-utils (9.2) packages prior to upgrading the kernel as they contain a fixed installkernel script that fixes instances where the loop module was not being loaded and would cause mkinitrd to fail. Users requiring commercial NVIDIA drivers can find drivers for Mandrake Linux 9.2 at MandrakeClub. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package glibc glibc-devel glibc-i18ndata glibc-profile glibc-static-devel glibc-utils ldconfig nscd timezone Updated: Wed Feb 04 11:19:15 2004 Importance: security %pre A read buffer overflow vulnerability exists in the resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes, which can cause an application to crash. The updated packages have a patch applied to correct the problem. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package metamail Updated: Wed Feb 18 10:43:59 2004 Importance: security %pre Two format string and two buffer overflow vulnerabilities were discovered in metamail by Ulf Harnhammar. The updated packages are patched to fix these holes. %description Metamail is a system for handling multimedia mail, using the mailcap file. Metamail reads the mailcap file, which tells Metamail what helper program to call in order to handle a particular type of non-text mail. Note that metamail can also add multimedia support to certain non-mail programs. Metamail should be installed if you need to add multimedia support to mail programs and some other programs, using the mailcap file. %package kernel kernel-enterprise kernel-secure kernel-smp kernel-source Updated: Mon Feb 23 23:32:34 2004 Importance: security %pre Paul Staretz discovered a flaw in return value checking in the mremap() function in the Linux kernel, versions 2.4.24 and previous that could allow a local user to obtain root privileges. A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. A flaw in the ncp_lookup() function in the ncpfs code (which is used to mount NetWare volumes or print to NetWare printers) was found by Arjen van de Ven that acould allow local privilege escalation. The Vicam USB driver in Linux kernel versions prior to 2.4.25 does not use the copy_from_user function to access userspace, which crosses security boundaries. This problem does not affect the Mandrake Linux 9.2 kernel. Additionally, a ptrace hole that only affects the amd64/x86_64 platform has been corrected. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package libopenssl0 libopenssl0-devel libopenssl0-static-devel openssl Updated: Wed Mar 17 08:36:03 2004 Importance: security %pre A vulnerability was discovered by the OpenSSL group using the Codenomicon TLS Test Tool. The test uncovered a null-pointer assignment in the do_change_cipher_spec() function whih could be abused by a remote attacker crafting a special SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application in question, this could lead to a Denial of Service (DoS). This vulnerability affects both OpenSSL 0.9.6 (0.9.6c-0.9.6k) and 0.9.7 (0.9.7a-0.9.7c). CVE has assigned CAN-2004-0079 to this issue. Another vulnerability was discovered by Stephen Henson in OpenSSL versions 0.9.7a-0.9.7c; there is a flaw in the SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. CVE has assigned CAN-2004-0112 to this issue. Mandrakesoft urges users to upgrade to the packages provided that have been patched to protect against these problems. We would also like to thank NISCC for their assistance in coordinating the disclosure of these problems. Please note that you will need to restart any SSL-enabled services for the patch to be effective, including (but not limited to) Apache, OpenLDAP, etc. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).