%package rxvt rxvt-CJK rxvt-devel Updated: Mon Mar 24 11:03:32 2003 Importance: security %pre Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. %description Rxvt is a color VT102 terminal emulator for the X Window System. Rxvt is intended to be an xterm replacement for users who don't need the more esoteric features of xterm, like Tektronix 4014 emulation, session logging and toolkit style configurability. Since it doesn't support those features, rxvt uses much less swap space than xterm uses. This is a significant advantage on a machine which is serving a large number of X sessions. The rxvt package should be installed on any machine which serves a large number of X sessions, if you'd like to improve that machine's performance. This version of rxvt can display Japanese, Chinese (Big5 and GuoBiao) and Korean. %package openssl libopenssl0 libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel Updated: Mon Mar 24 12:05:31 2003 Importance: security %pre Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the "Bleichenbacher attack" on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package netpbm libnetpbm9 libnetpbm9-devel libnetpbm9-static-devel Updated: Mon Mar 24 13:35:23 2003 Importance: security %pre Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package mutt Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre A vulnerability was discovered in the mutt text-mode email client in the IMAP code. This vulnerability can be exploited by a malicious IMAP server to crash mutt or even execute arbitrary code with the privilege of the user running mutt. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package sendmail sendmail-cf sendmail-devel sendmail-doc Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package ftp-client-krb5 ftp-server-krb5 krb5-devel krb5-libs krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Tue Apr 1 00:01:03 2003 Importance: security %pre Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Updated: Mon Apr 7 00:52:37 2003 Importance: security %pre An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package galaxy-gnome galaxy-kde galaxy-kde-kwin Updated: Thu Apr 10 10:28:16 2003 Importance: bugfix %pre It was discovered that the Mandrake Galaxy theme would cause crashes in certain programs such as Downloader4X. It would also cause a crash in languages such as Arabic and Hebrew. This update provides a fix. %description Mandrake Linux Galaxy theme %package drakconf Updated: Thu Apr 10 10:28:16 2003 Importance: bugfix %pre Two bugs were discovered in the Mandrake Control Center: The first kills "explicitly non-embeddable" processes when killing embedded tools, and the second prevented menudrake from being executed by users other than root and the owner of the X server. %description drakconf includes the Mandrake Control Center which is an interface to multiple utilities from DrakXtools. %package rfbdrake Updated: Thu Apr 10 10:28:16 2003 Importance: bugfix %pre All non-latin locales in rfbdrake are completely broken due to bad utf8 handling. %description rfbdrake is a tool to setup a client/server remote framebuffer for virtual network computing. It use vncviewer backend at the client side and x0rfbserver for the server side. %package cups-drivers foomatic-db foomatic-db-engine foomatic-filters ghostscript ghostscript-module-X gimpprint libgimpprint1 libgimpprint1-devel libijs0 libijs0-devel omni printer-filters printer-testpages printer-utils Updated: Thu Apr 10 10:28:16 2003 Importance: bugfix %pre A number of printer-related fixes have been made: - Ghostscript now supports PNG again; the Ghostscript shipped with 9.1 was missing PNG support. - Many HP LaserJet printers had two "Duplex" options when used with the "ljet4d" or "Postscript" drivers. - The "PrintoutMode" option of the "pxlmono" driver (PCL 6, most newer non-PostScript laser printers) did not set the resolution. - Problems printing on the HP LaserJet 1000 should be solved now. - The Lexmark Z31 printed only bi-directionally giving very poor quality, now it prints uni-directionally by default (much better quality), and bi-directional printing is an option. - ICC profile support (color correction) for the Minolta MagiColor 2200/2300 DL printers. - All Foomatic printer IDs are clear-text now; no more cryptic numbers when using "foomatic-configure" to set up printers on the command line. Users can now setup printers without looking up the ID number first. - Changes were made so that upgrading from 9.0 and older would not require a regeneration of the Foomatic print queues. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package drakxtools drakxtools-http drakxtools-newt harddrake harddrake-ui Updated: Thu Apr 10 10:28:16 2003 Importance: bugfix %pre A number of fixes were also made to the drakxtools programs, specifically: - In drakfloppy, when attempting to create a boot disk, the configuration works fine but will fail and crash when actually generating the boot floppy. - Some strings were not translated in harddrake. - The harddrake service timeout was only 5 seconds which was too short so it has been changed to a 25s timeout. - In draktermserv, initrd was mistakenly named initrdrd. - Due to unuseable fonts for Arabic, Arabic support has been disabled in the tools. - Fixes were made to xfdrake to work better with some Intel video cards. - A number of bugs were corrected in drakconnect. - Drakboot would crash if any errors occured during lilo or grub regeneration of the mbr; now drakboot will display the error instead of crashing. %package gurpmi urpmi urpmi-parallel-ka-run urpmi-parallel-ssh Updated: Thu Apr 10 10:28:16 2003 Importance: bugfix %pre MandrakeClub users use a special downloading mechanism involving HTTP redirection with authentication. There is a problem in the downloading backend using in 9.1 (the curl program) which prevents the redirection from happening correctly. Under urpmi, users experiencing this problem see the error message "unable to register rpm file. Everything already installed" when trying to install a package (a workaround is to force the use of wget, or use the redirection (the URL beginning with https://) directly). Under rpmdrake, the error message is "The signature of the package is not correct; Could not read lead bytes". There is no workaround in rpmdrake. As well, a UTF8 issue was fixed in grpmi. %description urpmi takes care of dependencies between rpms, using a pool (or pools) of rpms. You can compare rpm vs. urpmi with insmod vs. modprobe %package grpmi rpmdrake Updated: Thu Apr 10 10:28:16 2003 Importance: bugfix %pre MandrakeClub users use a special downloading mechanism involving HTTP redirection with authentication. There is a problem in the downloading backend using in 9.1 (the curl program) which prevents the redirection from happening correctly. Under urpmi, users experiencing this problem see the error message "unable to register rpm file. Everything already installed" when trying to install a package (a workaround is to force the use of wget, or use the redirection (the URL beginning with https://) directly). Under rpmdrake, the error message is "The signature of the package is not correct; Could not read lead bytes". There is no workaround in rpmdrake. As well, a UTF8 issue was fixed in grpmi. %description rpmdrake is a simple graphical frontend to manage software packages on a Mandrake Linux system; it has 3 different modes: - software packages installation; - software packages removal; - Mandrake Update (software packages updates). A fourth program manages the sources (add, remove, edit). %package curl libcurl2 libcurl2-devel Updated: Thu Apr 10 10:28:16 2003 Importance: bugfix %pre MandrakeClub users use a special downloading mechanism involving HTTP redirection with authentication. There is a problem in the downloading backend using in 9.1 (the curl program) which prevents the redirection from happening correctly. Under urpmi, users experiencing this problem see the error message "unable to register rpm file. Everything already installed" when trying to install a package (a workaround is to force the use of wget, or use the redirection (the URL beginning with https://) directly). Under rpmdrake, the error message is "The signature of the package is not correct; Could not read lead bytes". There is no workaround in rpmdrake. As well, a UTF8 issue was fixed in grpmi. %description curl is a client to get documents/files from servers, using any of the supported protocols. The command is designed to work without user interaction or any kind of interactivity. curl offers a busload of useful tricks like proxy support, user authentication, ftp upload, HTTP post, file transfer resume and more. If you wish to install this package, you must also install the curl-lib package. NOTE: This version is compiled with SSL (https) support. %package evolution evolution-pilot libevolution0 libevolution0-devel Updated: Mon Apr 14 19:47:33 2003 Importance: security %pre Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources. %description Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. %package gtkhtml libgtkhtml1.1_3 libgtkhtml1.1_3-devel Updated: Mon Apr 14 19:47:33 2003 Importance: security %pre A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this bug. %description GtkHTML is a HTML rendering/editing library. GtkHTML is not designed to be the ultimate HTML browser/editor: instead, it is designed to be easily embedded into applications that require lightweight HTML functionality. GtkHTML was originally based on KDE's KHTMLW widget, but is now developed independently of it. The most important difference between KHTMLW and GtkHTML, besides being GTK-based, is that GtkHTML is also an editor. Thanks to the Bonobo editor component that comes with the library, it's extremely simple to add HTML editing to an existing application. %package kdebase kdebase-devel kdebase-nsplugins kdebase-kdm Updated: Wed Apr 16 22:27:53 2003 Importance: security %pre A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails. All users are encouraged to upgrade to these new kdegraphics, kdebase, and kdelibs packages that contain patches to correct the problem. This issue is corrected upstream in KDE 3.0.5b and KDE 3.1.1a. %description Core applications for the K Desktop Environment. Here is an overview of the directories: - drkonqi: if ever an app crashes (heaven forbid!) then Dr.Konqi will be so kind and make a stack trace. This is a great help for the developers to fix the bug. - kappfinder: searches your hard disk for non-KDE applications, e.g. Acrobat Reader (tm) and installs those apps under the K start button - kate: a fast and advanced text editor with nice plugins - kcheckpass: small program to enter and check passwords, only to be used by other programs - kcontrol: the KDE Control Center allows you to tweak the KDE settings - kdcop: GUI app to browse for DCOP interfaces, can also execute them - kdebugdialog: allows you to specify which debug messages you want to see - kdeprint: the KDE printing system - kdesktop: you guessed it: the desktop above the panel - kdesu: a graphical front end to "su" - kdm: replacement for XDM, for those people that like graphical logins - kfind: find files - khelpcenter: the app to read all great documentation about KDE - khotkeys: intercepts keys and can call applications - kicker: the panel at the botton with the K start button and the taskbar etc - kioslave: infrastructure that helps make every application internet enabled e.g. to directly save a file to ftp://place.org/dir/file.txt - klipper: enhances and extenses the X clipboard - kmenuedit: edit for the menu below the K start button - konqueror: the file manager and web browser you get easily used to - konsole: a shell program similar to xterm - kpager: applet to show the contents of the virtual desktops - kpersonalizer: the customization wizard you get when you first start KDE - kreadconfig: a tool for shell scripts to get info from KDE's config files - kscreensaver: the KDE screensaver environment and lot's of savers - ksmserver: the KDE session manager (saves program status on login, restarts those program at the next login) - ksplash: the screen displayed while KDE starts - kstart: to launch applications with special window properties such as iconified etc - ksysguard: task manager and system monitor, even for remote systems - ksystraycmd: allows to run any application in the system tray - ktip: gives you tips how to use KDE - kwin: the KDE window manager - kxkb: a keyboard map tool - legacyimport: odd name for a cute program to load GTK themes - libkonq: some libraries needed by Konqueror - nsplugins: together with OSF/Motif or Lesstif allows you to use Netscape (tm) plugins in Konqueror %package kdelibs kdelibs-devel kdelibs-common kdelibs-static-devel Updated: Wed Apr 16 22:27:53 2003 Importance: security %pre A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails. All users are encouraged to upgrade to these new kdegraphics, kdebase, and kdelibs packages that contain patches to correct the problem. This issue is corrected upstream in KDE 3.0.5b and KDE 3.1.1a. %description Libraries for the K Desktop Environment. %package kdegraphics kdegraphics-devel Updated: Wed Apr 16 22:27:53 2003 Importance: security %pre Graphical tools for the K Desktop Environment. kdegraphics is a collection of graphic oriented applications: - kamera: digital camera io_slave for Konqueror. Together gPhoto this allows you to access your camera's picture with the URL kamera:/ - kcoloredit: contains two programs: a color value editor and also a color picker - kdvi: program (and embeddable KPart) to display *.DVI files from TeX - kfax: a program to display raw and tiffed fax images (g3, g3-2d, g4) - kfaxview: an embeddable KPart to display tiffed fax images - kfile-plugins: provide meta information for graphic files - kghostview: program (and embeddable KPart) to display *.PDF and *.PS - kiconedit: an icon editor - kooka: a raster image scan program, based on SANE and libkscan - kpaint: a simple pixel oriented image drawing program - kruler: a ruler in inch, centimeter and pixel to check distances on the screen - ksnapshot: make snapshots of the screen contents - kuickshow: fast and comfortable imageviewer - kview: picture viewer, provided as standalone program and embeddable KPart - kviewshell: generic framework for viewer applications %package ldetect ldetect-devel Updated: Thu Apr 24 00:03:32 2003 Importance: normal %pre Previous ldetect packages could freeze systems when harddrake probed for PCI information on the computer. This only occured rarely on some systems, when reading too much data from the PCI configuration space would result in a freeze of the system. This has been fixed in the ldetect engine by not buffering such reads, and only to read as many bytes as required from the PCI configuration space as exported by the kernel in/proc/bus/pci/*/*. %description The hardware device lists provided by this package are used as lookup table to get hardware autodetection %package ethereal Updated: Thu Apr 24 15:54:37 2003 Importance: security %pre A vulnerability was discovered in Ethereal 0.9.9 and earlier that allows a remote attacker to use specially crafted SOCKS packets to cause a denial of service (DoS) and possibly execute arbitrary code. A similar vulnerability also exists in the NTLMSSP code in Ethereal 0.9.9 and earlier, due to a heap-based buffer overflow. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package snort snort-bloat snort-mysql+flexresp snort-mysql snort-plain+flexresp snort-postgresql+flexresp snort-postgresql snort-snmp+flexresp snort-snmp Updated: Mon Apr 28 11:56:41 2003 Importance: security %pre An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. %description Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate "alert" file, or as a WinPopup message via Samba's smbclient This version is compiled without database support. Edit the spec file and rebuild the rpm to enable it. Edit /etc/snort/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.0.0 %package kdebase-servicemenu Updated: Wed Apr 30 11:04:25 2003 Importance: normal %pre Konqueror has a feature that can allow it to convert PS files to PDF files via a right click on the PS file to convert. This feature was broken in Mandrake Linux 9.1, and the new package corrects the problem. %description Regroup all konqueror service menu. %package devfsd Updated: Thu May 1 10:12:30 2003 Importance: normal %pre A problem in devfsd as released with Mandrake Linux 9.1 allowed users to mount filesystems from rd raid disks, but prevented them from regenerating the LILO mbr. Devfsd provides compatibility links on the devfs filesystem for new device names, and for /dev/rd/* devices, it provided partition links and whole disk links. The latter were broken, but not the former. Because of this, mounting would work because the filesystem links were correct, but running lilo would fail because the disk links were broken. This new devfsd corrects the problem, however users will have to manually remove the broken links otherwise devfsd will "remember" the old, broken links. To do this, execute, as root: rm -rf /lib/dev-state/rd This update also fixes /dev/hd not appearing for root on the first login, and also a minilogd/initlog deadlock that sometimes appears during the bootstrap. The /dev/log entry is created by the log daemon, but devfsd may restore it on bootup making minilogd believe that the log daemon is up and running when in fact it is not. Updated initscripts packages also help with the minilogd/initlog deadlock issue. %description The devfsd programme is a daemon, run by the system boot scripts which can provide for intelligent management of device entries in the Device Filesystem (devfs). As part of its setup phase devfsd creates certain symbolic links which are compiled into the code. These links are required by /usr/src/linux/Documentation/devices.txt. This behaviour may change in future revisions. devfsd will read the special control file .devfsd in a mounted devfs, listening for the creation and removal of device entries (this is termed a change operation). For each change operation, devfsd can take many actions. The daemon will normally run itself in the background and send messages to syslog. The opening of the syslog service is automatically delayed until /dev/log is created. At startup, before switching to daemon mode, devfsd will scan the mounted device tree and will generate synthetic REGISTER events for each leaf node. %package initscripts Updated: Thu May 1 10:12:30 2003 Importance: normal %pre A problem in devfsd as released with Mandrake Linux 9.1 allowed users to mount filesystems from rd raid disks, but prevented them from regenerating the LILO mbr. Devfsd provides compatibility links on the devfs filesystem for new device names, and for /dev/rd/* devices, it provided partition links and whole disk links. The latter were broken, but not the former. Because of this, mounting would work because the filesystem links were correct, but running lilo would fail because the disk links were broken. This new devfsd corrects the problem, however users will have to manually remove the broken links otherwise devfsd will "remember" the old, broken links. To do this, execute, as root: rm -rf /lib/dev-state/rd This update also fixes /dev/hd not appearing for root on the first login, and also a minilogd/initlog deadlock that sometimes appears during the bootstrap. The /dev/log entry is created by the log daemon, but devfsd may restore it on bootup making minilogd believe that the log daemon is up and running when in fact it is not. Updated initscripts packages also help with the minilogd/initlog deadlock issue. %description The initscripts package contains the basic system scripts used to boot your Mandrake Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package drakxtools drakxtools-http drakxtools-newt harddrake harddrake-ui Updated: Thu May 1 10:12:30 2003 Importance: normal %pre More bugs have been found in the drakxtools package for Mandrake Linux 9.1. With the release of the ldetect update (MDKA-2003:004), harddrake needed to be rebuilt due to the changes. As well, if one cancelled the installation of required packages for display managers, drakxtools now returns to the display manager menu. The DrakSec logic during the installation of Mandrake Linux is to hide the very low and paranoid security levels to prevent a user from making his system completely insecure or unuseable, however this same logic is not required for the installed system. Now DrakSec makes these levels available, post-install. %description Contains many Mandrake applications simplifying users and administrators life on a Mandrake Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: mandrake terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) liveupdate: live update software logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package libldap2 libldap2-devel libldap2-devel-static openldap openldap-back_dnssrv openldap-back_ldap openldap-back_passwd openldap-back_sql openldap-clients openldap-guide openldap-migration openldap-servers Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package pam_ldap nss_ldap Updated: Thu May 1 11:04:27 2003 Importance: normal %pre The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords will have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. Updating to these packages will require you to, as root, change the password for each user with a now incompatible password. The easiest way to do this is to ensure that on the LDAP server, the "rootbinddn" is properly configured to allow root access to the LDAP directory. This will allow you to use the passwd tool to change the user password without requiring to authenticate as that user against the database (users will be unable to change their own password because authentication will fail). If you fail to do this, users may be locked out of the system and, if the root user's password is likewise stored in LDAP, root may be locked out as well. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package man Updated: Tue May 6 10:47:08 2003 Importance: security %pre A difficult to exploit vulnerability was discovered in versions of man prior to 1.51. A bug exists in man that could caus a program named "unsafe" to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called "unsafe" that would be located somewhere in the victim's path. %description The man package includes three tools for finding information and/or documentation about your Linux system: man, apropos and whatis. The man system formats and displays on-line manual pages about commands or functions on your system. Apropos searches the whatis database (containing short descriptions of system commands) for a string. Whatis searches its own database for a complete word. The man package should be installed on your system because it is the primary way for find documentation on a Mandrake Linux system. %package kopete libkopete1 Updated: Thu May 8 10:09:12 2003 Importance: security %pre A vulnerability was discovered in versions of kopete, a KDE instant messenger client, prior to 0.6.2. This vulnerabiliy is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system. %description Kopete is a flexible and extendable multiple protocol instant messaging system designed as a plugin-based system. All protocols are plugins and allow modular installment, configuration, and usage without the main application knowing anything about the plugin being loaded. The goal of Kopete is to provide users with a standard and easy to use interface between all of their instant messaging systems, but at the same time also providing developers with the ease of writing plugins to support a new protocol. The core Kopete development team provides a handful of plugins that most users can use, in addition to templates for new developers to base a plugin off of. %package xinetd xinetd-ipv6 Updated: Thu May 14 09:45:51 2003 Importance: security %pre A vulnerability was discovered in xinetd where memory was allocated and never freed if a connection was refused for any reason. Because of this bug, an attacker could crash the xinetd server, making unavailable all of the services it controls. Other flaws were also discovered that could cause incorrect operation in certain strange configurations. These issues have been fixed upstream in xinetd version 2.3.11 which are provided in this update. %description xinetd is a powerful replacement for inetd. xinetd has access control machanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. xinetd has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use ip masquerading, or NAT, and want to be able to reach your internal hosts. xinetd also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. %package cdrecord cdrecord-cdda2wav cdrecord-devel cdrecord-dvdhack mkisofs Updated: Thu May 15 09:46:59 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package gnome-pilot Updated: Tue May 20 11:03:32 2003 Importance: bugfix %pre The gnome-pilot package, which provides PDA support for GNOME had an error where it would not work the Palm Tungest T. This update fixes that issue. %description GNOME pilot is a collection of programs and daemon for integrating GNOME and the PalmPilot (tm). %package cdrecord cdrecord-cdda2wav cdrecord-devel cdrecord-dvdhack mkisofs Updated: Wed May 21 14:00:00 2003 Importance: security %pre A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter. Updated packages are provided that fix this vulnerability. You may also elect to remove the suid and sgid bits from cdrecord manually, which can be done by executing, as root: chmod ug-s /usr/bin/cdrecord This is not required to protect yourself from this particular vulnerability, however. Two additional format string problems were discovered by Olaf Kirch and an updated patch has been applied to fix those problems as well. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package gnupg Updated: Thu May 22 10:06:09 2003 Importance: security %pre A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package galeon libnspr4 libnspr4-devel libnss3 libnss3-devel mozilla mozilla-devel mozilla-dom-inspector mozilla-enigmail mozilla-enigmime mozilla-irc mozilla-js-debugger mozilla-mail mozilla-spellchecker Updated: Fri May 23 12:06:39 2003 Importance: bugfix %pre The Mozilla team has released Mozilla 1.3.1 which fixes a number of bugs that were present in the 1.3 release, which shipped with Mandrake Linux 9.1. In addition, some locales that were not present in the previous packages have now been included. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package lsb Updated: Fri May 23 12:06:39 2003 Importance: bugfix %pre The lsb packages provided with Mandrake Linux 9.1 were missing the /lib/lsb/init-functions script required by LSB-aware applications. This update provides the missing file. %description The skeleton package defining packages needed for LSB compliance. Also contains some directories LSB tests look for that aren't owned by other Mandrake packages, and scripts to re-create the old /sbin/fasthalt and /sbin/fastboot. Currently, to be able to run the LSB binary test suit successfully, you need to boot with devfs=nomount, as well as insure that the partitions containing /tmp and /home are mounted with the option 'atime', rather than 'noatime'. You should also note that using the fstab option 'acl' for Posix ACLs will generate 1 test failure. This is not enabled by default on Mandrake Linux. %package cups cups-common cups-serial libcups1 libcups1-devel Updated: Wed May 28 20:33:38 2003 Importance: security %pre A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default). This vulnerability has been fixed upstream in CUPS 1.1.19 and previous versions have been fixed to correct the problem. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package apache-conf apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Fri May 30 09:29:24 2003 Importance: security %pre Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux. The second vulnerability, discovered by iDefense, allows remote attackers to cause a DoS (Denial of Service) condition and may also allow the execution of arbitrary code. The provided packages include back-ported fixes to correct these vulnerabilities and MandrakeSoft encourages all users to upgrade immediately. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package kon2 Updated: Thu Jun 5 12:23:04 2003 Importance: security %pre A vulnerability was discovered in kon2, a Kanji emulator for the console. A buffer overflow in the command line parsing can be exploited, leading to local users being able to gain root privileges. These updated packages provide a fix for this vulnerability. %description KON displays kanji characters on Linux console screen. It is launched like a shell, so you should put at the very end of your ~/.profile something like: TTY=`tty | cut -b-8 2> /dev/null` if [ "$TTY" = "/dev/tty" ]; then exec kon fi %package cups-drivers foomatic-db foomatic-db-engine foomatic-filters ghostscript ghostscript-module-X gimpprint libgimpprint1 libgimpprint1-devel libijs0 libijs0-devel omni printer-filters printer-testpages printer-utils Updated: Tue Jun 10 01:19:25 2003 Importance: security %pre A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, GIMP-Print, Foomatic, ... This way duplicate source code (as GIMP-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package kernel-2.4.21.0.18mdk kernel-BOOT-2.4.21.0.18mdk kernel-doc kernel-enterprise-2.4.21.0.18mdk kernel-secure-2.4.21.0.18mdk kernel-smp-2.4.21.0.18mdk kernel-source Updated: Wed Jun 11 10:51:28 2003 Importance: security %pre Multiple vulnerabilities were discovered and fixed in the Linux kernel. * CAN-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. * CAN-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. As well, a number of bug fixes were made in the 9.1 kernel including: * Support for more machines that did not work with APIC * Audigy2 support * New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine, * Fixed SiS IOAPIC * IRQ balancing has been fixed for SMP * Updates to ext3 * The previous ptrace fix has been redone to work better MandrakeSoft encourages all users to upgrade to these new kernels. Updated kernels will be available shortly for other supported platforms and architectures. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package libqt3 libqt3-common libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql Updated: Thu Jun 12 11:17:40 2003 Importance: normal %pre A bug in qt3 would cause a crash when XFree86 did not support render; this update provides a fix for that issue. As well, it provides an improvement in launch speed in qt applications. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package ethereal Updated: Mon Jun 16 10:31:59 2003 Importance: security %pre Several vulnerabilities in ethereal were discovered by Timo Sirainen. Integer overflows were found in the Mount and PPP dissectors, as well as one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors. These vulnerabilties were corrected in ethereal 0.9.12. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package gzip Updated: Mon Jun 16 10:44:33 2003 Importance: security %pre A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for gzexe which had been applied previously was incomplete. It has been fixed to make full use of mktemp everywhere a temporary file is created. The znew problem was initially reported by Michal Zalewski and was again reported more recently to Debian by Paul Szabo. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandrake Linux system, because it is a very commonly used data compression program. %package BitchX Updated: Mon Jun 16 23:15:00 2003 Importance: security %pre A Denial Of Service (DoS) vulnerability was discovered in BitchX that would allow a remote attacker to crash BitchX by changing certain channel modes. This vulnerability has been fixed in CVS and patched in the released updates. %description This is the bleeding edge of IRC software -- the most common functions normally done by scripts are coded into the client itself. It contains dozens of features such as: * Built-in ANSI color (this is probably the biggest feature) * Ease of use -- dozens of useful command aliases to reduce typing * Built-in notify, protection, and bot lists * Built-in mass commands and tools * Extended set of DCC commands and built-in CDCC offering * Extended scripting functionality, including unique functions * Code is based on ircII-Plutonium and more recent ircII-EPiC %package ethereal Updated: Mon Jun 23 10:41:12 2003 Importance: security %pre A number of string handling bugs were found in the packet dissectors in ethereal that can be exploited using specially crafted packets to cause ethereal to consume excessive amounts of memory, crash, or even execute arbitray code. These vulnerabilities have been fixed upsteam in ethereal 0.9.13 and all users are encouraged to upgrade. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package initscripts Updated: Mon Jun 23 10:45:28 2003 Importance: bugfix %pre A bug was found in the previous initscripts update (MDKA-2003:007) that prevented the detectloader from detecting any boot loaders other than LILO. This update corrects that behaviour. %description The initscripts package contains the basic system scripts used to boot your Mandrake Linux system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package reiserfsprogs Updated: Mon Jun 23 13:28:59 2003 Importance: bugfix %pre The version of reiserfsprogs released with Mandrake Linux 9.1 is not the recommended version of reiserfsprogs to use and the new version (3.6.8) provides some enhancements and bugfixes that make using reiserfs more efficient and stable. %description Reiserfs is a file system using a plug-in based object oriented variant on classical balanced tree algorithms. The results when compared to the ext2fs conventional block allocation based file system running under the same operating system and employing the same buffering code suggest that these algorithms are overall more efficient, and are becoming more so every passing month. Loosely speaking, every month we find another performance cranny that needs work, and we fix it, and every month we find some way of improving our overall general usage performance. The improvement in small file space and time performance suggests that we may now revisit a common OS design assumption that one should aggregate small objects using layers above the file system layer. Being more effective at small files DOES NOT make us less effective for other files, this is a general purpose FS, and our overall traditional FS usage performance is high enough to establish that. Reiserfs has a commitment to opening up the FS design to contributions, and we are now now adding plug-ins so that you can create your own types of directories and files. %package acl attr libacl1 libacl1-devel libattr1 libattr1-devel libxfs1 libxfs1-devel xfsdump xfsprogs Updated: Thu Jun 27 23:07:12 2003 Importance: bugfix %pre The XFS-related tools (xfsprogs, xfsdump, acl, and attr) released with Mandrake Linux 9.1 were out-dated at release and were not the recommended versions to be used with the 2.4.20+ Linux kernel. This update brings all of the XFS-related tools up to date which provide better support for the XFS filesystem, fix bugs, and offer other enhancements. %description A set of commands to use the XFS filesystem, including mkfs.xfs. XFS is a high performance journaling filesystem which originated on the SGI IRIX platform. It is completely multi-threaded, can support large files and large filesystems, extended attributes, variable block sizes, is extent based, and makes extensive use of Btrees (directories, extents, free space) to aid both performance and scalability. Refer to the documentation at http://oss.sgi.com/projects/xfs/ for complete details. This implementation is on-disk compatible with the IRIX version of XFS. %package xpdf Updated: Thu Jun 27 23:07:12 2003 Importance: security %pre Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document, that, if followed could execute arbitary shell commands with the privileges of the person viewing the PDF document. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package unzip Updated: Mon Jul 07 10:22:28 2003 Importance: security %pre A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence. The patch applied to these packages prevents unzip from writing to parent directories unless the "-:" command line option is used. %description unzip will list, test, or extract files from a ZIP archive, commonly found on MS-DOS systems. A companion program, zip, creates ZIP archives; both programs are compatible with archives created by PKWARE's PKZIP and PKUNZIP for MS-DOS, but in many cases the program options or default behaviors differ. This version also has encryption support. %package apache-conf apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Mon Jul 21 09:58:12 2003 Importance: security %pre Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes: Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CAN-2003-0192). Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CAN-2003-0253). Denial of Service was caused when target host is IPv6 but FTP proxy server can't create IPv6 socket (CAN-2003-0254). The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests (VU#379828). The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo for responsibly reporting these issues. To upgrade these apache packages, first stop Apache by issuing, as root: service httpd stop After the upgrade, restart Apache with: service httpd start %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package nfs-utils nfs-utils-clients Updated: Mon Jul 21 09:58:12 2003 Importance: security %pre An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package phpgroupware Updated: Tue Jul 22 17:02:51 2003 Importance: security %pre Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is being actively exploited. Version 0.9.14.005 fixed several other vulnerabilities including cross-site scripting issues that can be exploited to obtain sensitive information such as authentication cookies. This update provides the latest stable version of phpgroupware and all users are encouraged to update immediately. In addition, you should also secure your installation by including the following in your Apache configuration files: Order allow,deny Deny from all %description phpgroupware is a web-based groupware suite written in PHP. It provides calendar, todo-list, addressbook, email and a news reader. It also provides an APi for developikng additional applications. See the phpgroupware apps project for add-on apps. %package mpg123 Updated: Wed Jul 23 13:47:33 2003 Importance: security %pre A vulnerability in the mpg123 mp3 player could allow local and/or remote attackers to cause a DoS and possibly execute arbitrary code via an mp3 file with a zero bitrate, which causes a negative frame size. %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org/ %package kdelibs kdelibs-devel kdelibs-common kdelibs-static-devel Updated: Wed Jul 30 10:52:55 2003 Importance: security %pre A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/. The provided packages have a patch that corrects this issue. %description Libraries for the K Desktop Environment. %package libphp_common430 php430-devel php-cgi php-cli Updated: Sun Aug 03 20:58:59 2003 Importance: security %pre A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442). As well, two vulnerabilities had not been patched in the PHP packages included with Mandrake Linux 8.2: The mail() function did not filter ASCII control filters from its arguments, which could allow an attacker to modify the mail message content (CAN-2002-0986). Another vulnerability in the mail() function would allow a remote attacker to bypass safe mode restrictions and modify the command line arguments passed to the MTA in the fifth argument (CAN-2002-0985). All users are encouraged to upgrade to these patched packages. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package eroaster Updated: Tue Aug 19 10:24:20 2003 Importance: security %pre A vulnerability was discovered in eroaster where it does not take any security precautions when creating a temporary file for the lockfile. This vulnerability could be exploited to overwrite arbitrary files with the privileges of the user running eroaster. %description A graphical front end to cdrecord and mkisofs. - Writes data and audio cd's on the fly - read data and audio cd's - drag and drop support - nice user interface - auto selection of files to fill cd - auto conversion of mp3 files to wav files %package perl-CGI Updated: Wed Aug 20 14:00:24 2003 Importance: security %pre Eye on Security found a cross-site scripting vulnerability in the start_form() function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the site. %description This perl library uses perl5 objects to make it easy to create Web fill-out forms and parse their contents. This package defines CGI objects, entities that contain the values of the current query string and other state variables. Using a CGI object's methods, you can examine keywords and parameters passed to your script, and create forms whose initial values are taken from the current query (thereby preserving state information). %package gdm gdm-Xnest Updated: Thu Aug 21 11:46:07 2003 Importance: security %pre Several vulnerabilities were discovered in versions of gdm prior to 2.4.1.6. The first vulnerability is that any user can read any text file on the system due to code originally written to be run as the user logging in was in fact being run as the root user. This code is what allows the examination of the ~/.xsession-errors file. If a user makes a symlink from this file to any other file on the system during the session and ensures that the session lasts less than ten seconds, the user can read the file provided it was readable as a text file. Another two vulnerabilities were found in the XDMCP code that could be exploited to crash the main gdm daemon which would inhibit starting any new sessions (although the current session would be unaffected). The first problem here is due to the indirect query structure being used right after being freed due to a missing 'continue' statement in a loop; this happens if a choice of server expired and the client tried to connect. The second XDMCP problem is that when authorization data is being checked as a string, the length is not checked first. If the data is less than 18 bytes long, the daemon may wander off the end of the string a few bytes in the strncmp which could cause a SEGV. These updated packages bring gdm to version 2.4.1.6 which is not vulnerable to any of these problems. Also note that XDMCP support is disabled by default in gdm. %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package gkrellm gkrellm-server gkrellm-devel Updated: Thu Aug 28 17:57:02 2003 Importance: security %pre A buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server. Updated packages are available for Mandrake Linux 9.1 which patch the problem. %description GKrellM charts SMP CPU, load, Disk, and all active net interfaces automatically. An on/off button and online timer for the PPP interface is provided. Monitors for memory and swap usage, file system, internet connections, APM laptop battery, mbox style mailboxes, and cpu temps. Also includes an uptime monitor, a hostname label, and a clock/calendar. Additional features are: * Autoscaling grid lines with configurable grid line resolution. * LED indicators for the net interfaces. * A gui popup for configuration of chart sizes and resolutions. %package pam_ldap nss_ldap Updated: Tue Sep 2 16:20:42 2003 Importance: security %pre A bug was fixed in pam_ldap 162 with the pam_filter mechanism which is commonly used for host-based access restriction in environments using LDAP for authentication. Mandrake Linux 9.1 provided pam_ldap 161 which had this problem and as a result, systems relying on pam_filter for host-based access restriction would allow any user, regardless of the host attribute associated with their account, to log into the system. All users who use LDAP-based authentication are encouraged to upgrade immediately. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-Xnest XFree86-Xvfb XFree86-cyrillic-fonts XFree86-devel XFree86-doc XFree86-glide-module XFree86-libs XFree86-server XFree86-static-libs XFree86-xfs Updated: Thu Sep 11 11:21:57 2003 Importance: security %pre Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients. As well, some bugs were fixed in XFree86 as released with Mandrake Linux 9.2, specifically a problem where X would freeze with a black screen at logout or shutdown with DRI enabled on certain ATI Radeon cards. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install XFree86-devel. %package openssh openssh-clients openssh-server openssh-askpass openssh-askpass-gnome Updated: Tue Sep 16 13:33:21 2003 Importance: security %pre A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package kdebase kdebase-devel kdebase-nsplugins kdebase-kdm Updated: Tue Sep 16 18:11:59 2003 Importance: security %pre A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3. KDM does not check for successful completion of the pam_setcred() call and in the case of error conditions in the installed PAM modules, KDM may grant local root access to any user with valid login credentials. It has been reported to the KDE team that a certain configuration of the MIT pam_krb5 module can result in a failing pam_setcred() call which leaves the session alive and would provide root access to any regular user. It is also possible that this vulnerability can likewise be exploited with other PAM modules in a similar manner. Another vulnerability was discovered in kdm where the cookie session generating algorithm was considered too weak to supply a full 128 bits of entropy. This allowed unauthorized users to brute-force the session cookie. mdkkdm, a specialized version of kdm, is likewise vulnerable to these problems and has been patched as well. %description Core applications for the K Desktop Environment. %package mdkkdm Updated: Tue Sep 16 18:11:59 2003 Importance: security %pre A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3. KDM does not check for successful completion of the pam_setcred() call and in the case of error conditions in the installed PAM modules, KDM may grant local root access to any user with valid login credentials. It has been reported to the KDE team that a certain configuration of the MIT pam_krb5 module can result in a failing pam_setcred() call which leaves the session alive and would provide root access to any regular user. It is also possible that this vulnerability can likewise be exploited with other PAM modules in a similar manner. Another vulnerability was discovered in kdm where the cookie session generating algorithm was considered too weak to supply a full 128 bits of entropy. This allowed unauthorized users to brute-force the session cookie. mdkkdm, a specialized version of kdm, is likewise vulnerable to these problems and has been patched as well. %description Mdk kdm. %package sendmail sendmail-cf sendmail-devel sendmail-doc Updated: Wed Sep 17 18:52:50 2003 Importance: security %pre A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CAN-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package MySQL MySQL-Max MySQL-bench MySQL-client libmysql10 libmysql10-devel MySQL-common Updated: Thu Sep 18 18:13:23 2003 Importance: security %pre A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables. This vulnerability was corrected in MySQL 4.0.15 and all previous versions are vulnerable. These packages have been patched to correct the problem. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package proftpd proftpd-anonymous Updated: Fri Sep 26 10:46:30 2003 Importance: security %pre A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell. The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The problematic code first appeared in ProFTPD 1.2.7rc1, and the provided packages are all patched by the ProFTPD team to protect against this vulnerability. %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Fri Sep 26 10:46:30 2003 Importance: security %pre A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi. On systems that use scripts that output more than 4k to STDERR, this could cause httpd processes to hang and once the maximum connection limit is reached, Apache will no longer respond to requests. The updated packages provided use the latest mod_cgi.c from the Apache 2.1 CVS version. Users may have to restart apache by hand after the upgrade by issuing a "service httpd restart". %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package libdha0.1 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Updated: Tue Sep 30 10:25:00 2003 Importance: security %pre A buffer overflow vulnerability was found in MPlayer that is remotely exploitable. A malicious host can craft a harmful ASX header and trick MPlayer into executing arbitrary code when it parses that particular header. The provided packages have been patched to fix the problem. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer8/Codecs %package libopenssl0 openssl libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel Updated: Tue Sep 30 17:36:12 2003 Importance: security %pre Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CAN-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package gnome-applets Updated: Wed Oct 08 11:27:45 2003 Importance: bugfix %pre Due to changes on the Yahoo web page, the Stock Ticker applet would no longer work. These updated packages fix this problem. %description GNOME (GNU Network Object Model Environment) is a user-friendly set of applications and desktop tools to be used in conjunction with a window manager for the X Window System. GNOME is similar in purpose and scope to CDE and KDE, but GNOME (like KDE) is based completely on Open Source software. The gnome-applets package provides Panel applets which enhance your GNOME experience. You should install the gnome-applets package if you would like to abuse the GNOME desktop environment by embedding small utilities in the GNOME panel. %package gdm gdm-Xnest Updated: Thu Oct 16 11:34:31 2003 Importance: security %pre Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would allow a local attacker to cause gdm to crash or freeze. The provided packages are patched to fix this problem. %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Fri Oct 24 11:23:57 2003 Importance: security %pre A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi. On systems that use scripts that output more than 4k to STDERR, this could cause httpd processes to hang and once the maximum connection limit is reached, Apache will no longer respond to requests. The updated packages provided use the latest mod_cgi.c from the Apache 2.1 CVS version. Users may have to restart apache by hand after the upgrade by issuing a "service httpd restart". Update: The previous update introduced an experimental mod_cgi.c that while fixing the deadlock did not do so in a correct manner and it likewise introduced new problems with other scripts. These packages roll back to the original mod_cgi.c until such a time as the apache team have a proper fix in place. Both Mandrake Linux 9.1 and 9.2 are affected with this problem. Likewise, a problem was discovered in the default mod_proxy configuration which created an open proxy. Users who have installed mod_perl also have mod_proxy installed due to dependencies and may unknowingly have allowed spammers to use their MTA via the wide-open mod_proxy settings. MandrakeSoft encourages all users to upgrade to these new packages immediately. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package libecpg3 libecpg3-devel libpgtcl2 libpgtcl2-devel libpq3 libpq3-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-python postgresql-server postgresql-tcl postgresql-test Updated: Mon Nov 03 12:22:16 2003 Importance: security %pre Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitray instructions on the PostgreSQL server. The provided packages are patched to protect against this vulnerability and all users are encouraged to upgrade immediately. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package apache apache-devel apache-modules apache-source Updated: Mon Nov 03 12:22:16 2003 Importance: security %pre A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. Apache version 2.0.48 and 1.3.29 were released upstream to correct these bugs; backported patches have been applied to the provided packages. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Mon Nov 03 12:22:16 2003 Importance: security %pre A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. Apache version 2.0.48 and 1.3.29 were released upstream to correct these bugs; backported patches have been applied to the provided packages. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package hylafax hylafax-server hylafax-client libhylafax4.1.1 libhylafax4.1.1-devel Updated: Mon Nov 10 18:43:26 2003 Importance: security %pre During a code review of the hfaxd server, part of the hylafax package, the SuSE Security Team discovered a format bug condition that allows remote attackers to execute arbitrary code as root. Note that this bug cannot be triggered in the default configuration. Updated packages have been patched to correct the problem. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. You need this package if you are going to install hylafax-client and/or hylafax server. Most users want mgetty-voice to be installed too. %package coreutils coreutils-doc Updated: Wed Nov 11 13:03:31 2003 Importance: security %pre A memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux). Likewise, a non-exploitable integer overflow problem was discovered in ls, which can be used to crash ls by specifying certain command-line arguments. This can also be triggered via remotely accessible services such as wu-ftpd. The provided packages include a patched ls to fix these problems. %description These are the GNU core utilities. This package is the union of the old GNU fileutils, sh-utils, and textutils packages. These tools're the GNU versions of common useful and popular file & text utilities which are used for: - file management - shell scripts - modifying text file (spliting, joining, comparing, modifying, ...) Most of these programs have significant advantages over their Unix counterparts, such as greater speed, additional options, and fewer arbitrary limits. The following tools're included: basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd df dir dircolors dirname du echo env expand expr factor false fmt fold ginstall groups head hostid hostname id join kill link ln logname ls md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort split stat stty su sum sync tac tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes %package glibc glibc-debug glibc-devel glibc-i18ndata glibc-profile glibc-static-devel glibc-utils ldconfig nscd timezone Updated: Tue Nov 18 10:28:12 2003 Importance: bugfix %pre A bug was discovered in the getgrouplist function in glibc that can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segementation faults in various user applications, some of which may lead to additional security problems. The problem can only be triggered if the user is in a larger number of groups than expected by an application. The provided packages are patched to address this issue. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package gnupg Updated: Thu Nov 27 19:09:42 2003 Importance: bugfix %pre A severe vulnerability was discovered in GnuPG by Phong Nguyen relating to Elgamal sign+encrypt keys. From Werner Koch's email message: "Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds. Please *take immediate action and revoke your ElGamal signing keys*. Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key." And also: "Note that the standard keys as generated by GnuPG (DSA and ElGamal encryption) as well as RSA keys are NOT vulnerable. Note also that ElGamal signing keys cannot be generated without the use of a special flag to enable hidden options and even then overriding a warning message about this key type. See below for details on how to identify vulnerable keys." MandrakeSoft urges any users who use the ElGamal sign+encrypt keys to immediately revoke these keys and discontinue use of them. Updated packages are provided that remove the ability to create these keys and to create signatures using these keys (thanks to David Shaw for writing the patch). %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package kernel-2.4.21.0.26mdk kernel-enterprise-2.4.21.0.26mdk kernel-secure-2.4.21.0.26mdk kernel-smp-2.4.21.0.26mdk kernel-source-2.4.21.0.26mdk Updated: Mon Dec 01 11:05:15 2003 Importance: security %pre A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. A flaw in bounds checking in the do_brk() function can allow a local attacker to gain root privileges. This vulnerability is known to be exploitable; an exploit is in the wild at this time. The Mandrake Linux 9.2 kernels are not vulnerable to this problem as the fix for it is already present in those kernels. MandrakeSoft encourages all users to upgrade their systems immediately. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package rsync Updated: Thu Dec 04 13:12:29 2003 Importance: security %pre A vulnerability was discovered in all versions of rsync prior to 2.5.7 that was recently used in conjunction with the Linux kernel do_brk() vulnerability to compromise a public rsync server. This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code execution on the host running rsync as a server. Also note that this only affects hosts running rsync in server mode (listening on port 873, typically under xinetd). %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package cvs Updated: Mon Dec 08 15:07:00 2003 Importance: security %pre A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package screen Updated: Mon Dec 08 15:09:00 2003 Importance: security %pre A vulnerability was discovered and fixed in screen by Timo Sirainen who found an exploitable buffer overflow that allowed privilege escalation. This vulnerability also has the potential to allow attackers to gain control of another user's screen session. The ability to exploit is not trivial and requires approximately 2GB of data to be transferred in order to do so. Updated packages are available that fix the vulnerability. %description The screen utility allows you to have multiple logins on just one terminal. Screen is useful for users who telnet into a machine or are connected via a dumb terminal, but want to use more than just one login. Install the screen package if you need a screen manager that can support multiple logins on one terminal. %package ethereal Updated: Wed Dec 10 11:14:35 2003 Importance: security %pre A number of vulnerabilities were discovered in ethereal that, if exploited, could be used to make ethereal crash or run arbitrary code by injecting malicious malformed packets onto the wire or by convincing someone to read a malformed packet trace file. A buffer overflow allows attackers to cause a DoS (Denial of Service) and possibly execute arbitrary code using a malformed GTP MSISDN string (CAN-2003-0925). Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO packets (CAN-2003-0926). Finally, a heap-based buffer overflow allows attackers to cause a DoS or execute arbitrary code using the SOCKS dissector (CAN-2003-0927). All three vulnerabilities affect all versions of Ethereal up to and including 0.9.15. This update provides 0.9.16 which corrects all of these issues. Also note that each vulnerability can be exploited by a remote attacker. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package gaim gaim-encrypt libgaim-remote0 libgaim-remote0-devel Updated: Wed Dec 10 11:14:35 2003 Importance: normal %pre Due to changes in the MSN protocol, new versions of gaim have been released that provide support to again access the MSN network. %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package net-snmp net-snmp-mibs net-snmp-trapd net-snmp-utils libnet-snmp50 libnet-snmp50-devel libnet-snmp50-static-devel Updated: Thu Dec 11 17:22:18 2003 Importance: security %pre A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The updated packages provide Net-SNMP version 5.0.9 which is not vulnerable to this issue and also fixes a number of other smaller bugs. %description SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. %package lftp Updated: Mon Dec 15 09:57:14 2003 Importance: security %pre A buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels" command on specially prepared directory. This vulnerability exists in lftp versions 2.3.0 through 2.6.9 and is corrected upstream in 2.6.10. The updated packages are patched to protect against this problem. %description LFTP is a shell-like command line ftp client. The main two advantages over other ftp clients are reliability and ability to perform tasks in background. It will reconnect and reget the file being transferred if the connection broke. You can start a transfer in background and continue browsing on the ftp site. It does this all in one process. When you have started background jobs and feel you are done, you can just exit lftp and it automatically moves to nohup mode and completes the transfers. It has also such nice features as reput and mirror. %package irssi irssi-devel Updated: Thu Dec 18 00:47:30 2003 Importance: security %pre A vulnerability in versions of irssi prior to 0.8.9 would allow a remote user to crash another user's irssi client provided that the client was on a non-x86 architecture or if the "gui print text" signal is being used by some script or plugin. The updated packages provide 0.8.9 which corrects the problem. %description Irssi is a modular IRC client for UNIX that currently has only text mode user interface, but 80-90% of the code isn't text mode specific, so other UIs could be created pretty easily. Also, Irssi isn't really even IRC specific anymore, there's already working SILC and ICB modules available. Support for other protocols like ICQ and Jabber could be created some day too. irssi is the most popular IRC client at the moment. %package X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-cyrillic-fonts XFree86-devel XFree86-doc XFree86-glide-module XFree86-libs XFree86-server XFree86-static-libs XFree86-xfs XFree86-Xnest XFree86-Xvfb Updated: Thu Dec 18 17:31:12 2003 Importance: security %pre XDM does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the pam_krb5 module. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package kernel kernel-enterprise kernel-secure kernel-smp kernel-source Updated: Wed Jan 07 21:30:25 2003 Importance: security %pre A flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous was discovered by Paul Starzetz. This flaw may be used to allow a local attacker to obtain root privilege. Another minor information leak in the RTC (real time clock) routines was fixed as well. All Mandrake Linux users are encouraged to upgrade to these packages immediately. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1) and bootloader-utils (9.2) packages prior to upgrading the kernel as they contain a fixed installkernel script that fixes instances where the loop module was not being loaded and would cause mkinitrd to fail. Users requiring commercial NVIDIA drivers can find drivers for Mandrake Linux 9.2 at MandrakeClub. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package ethereal Updated: Mon Jan 12 11:13:28 2004 Importance: security %pre Two vulnerabilities were discovered in versions of Ethereal prior to 0.10.0 that can be exploited to make Ethereal crash by injecting malformed packets onto the wire or by convincing a user to read a malformed packet trace file. The first vulnerability is in the SMB dissector and the second is in the Q.391 dissector. It is not known whether or not these issues could lead to the execution of arbitrary code. The updated packages provide Ethereal 0.10.0 which is not vulnerable to these issues. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package kdebase-servicemenu Updated: Mon Jan 12 11:19:34 2004 Importance: bugfix %pre Zipping files via konqueror in Mandrake Linux 9.1 did not work properly. This update corrects the problem. %description Regroup all konqueror service menu. %package kdepim kdepim-devel Updated: Wed Jan 14 12:24:59 2004 Importance: security %pre A vulnerability was discovered in all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4. This vulnerability allows for a carefully crafted .VCF file to potentially enable a local attacker to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. This can also be used by remote attackers if the victim enables previews for remote files; however this is disabled by default. The provided packages contain a patch from the KDE team to correct this problem. %description Information Management applications for the K Desktop Environment. - kaddressbook: The KDE addressbook application. - kandy: sync phone book entries between your cell phone and computer ("kandy" comes from "Handy", the german word used for a cellular) - korganizer: a calendar-of-events and todo-list manager - kpilot: to sync with your PalmPilot - kalarm: gui for setting up personal alarm/reminder messages - kalarmd: personal alarm/reminder messages daemon, shared by korganizer and kalarm. - kaplan: A shell for the PIM apps, still experimental. - karm: Time tracker. - kitchensync: Synchronisation framework, still under heavy development. - kfile-plugins: vCard KFIleItem plugin. - knotes: yellow notes application - konsolecalendar: Command line tool for accessing calendar files. %package slocate Updated: Fri Jan 23 11:27:18 2004 Importance: security %pre A vulnerability was discovered by Patrik Hornik in slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. This could be exploited by a local user to gain privileges of the 'slocate' group. The updated packages contain a patch from Kevin Lindsay that causes slocate to drop privileges before reading a user-supplied database. %description Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (updated regularly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system. %package jabber Updated: Fri Jan 23 11:27:18 2004 Importance: security %pre A vulnerability was found in the jabber program where a bug in the handling of SSL connections could cause the server process to crash, resulting in a DoS (Denial of Service). The updated packages are patched to correct the problem. %description Jabber is an instant messaging System, similar to ICQ or AIM, yet far different. It is open source, absolutely free, simple, fast, extensible, modularized, cross platform, and created with the future in mind. Jabber has been designed from the ground up to serve the needs of the end user, satisfy business demands, and maintain compatibility with other messaging systems. %package gaim gaim-encrypt libgaim-remote0 libgaim-remote0-devel Updated: Mon Jan 26 14:48:16 2004 Importance: security %pre A number of vulnerabilities were discovered in the gaim instant messenger program by Steffan Esser, versions 0.75 and earlier. Thanks to Jacques A. Vidrine for providing initial patches. Multiple buffer overflows exists in gaim 0.75 and earlier: When parsing cookies in a Yahoo web connection; YMSG protocol overflows parsing the Yahoo login webpage; a YMSG packet overflow; flaws in the URL parser; and flaws in the HTTP Proxy connect (CAN-2004-006). A buffer overflow in gaim 0.74 and earlier in the Extract Info Field Function used for MSN and YMSG protocol handlers (CAN-2004-007). An integer overflow in gaim 0.74 and earlier, when allocating memory for a directIM packet results in a heap overflow (CAN-2004-0008). %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package mc Updated: Mon Jan 26 14:48:16 2004 Importance: security %pre A buffer overflow was discovered in mc's virtual filesystem code. This vulnerability could allow remote attackers to execute arbitrary code during symlink conversion. The updated packages have been patched to correct the problem. %description Midnight Commander is a visual shell much like a file manager, only with way more features. It is text mode, but also includes mouse support if you are running GPM. Its coolest feature is the ability to ftp, view tar, zip files, and poke into RPMs for specific files. :-) %package tcpdump Updated: Mon Jan 26 14:48:16 2004 Importance: security %pre A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump or potentially execute arbitrary code with the privileges of the user running tcpdump. These vulnerabilities include: An infinite loop and memory consumption processing L2TP packets (CAN-2003-1029). Infinite loops in processing ISAKMP packets (CAN-2003-0989, CAN-2004-0057). A segmentation fault caused by a RADIUS attribute with a large length value (CAN-2004-0055). The updated packages are patched to correct these problem. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package mutt Updated: Wed Feb 11 16:21:22 2003 Importance: security %pre A bug in mutt was reported by Neils Heinen that could allow a remote attacker to send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the user running mutt. The updated packages have been patched to correct the problem. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package libnetpbm9 libnetpbm9-devel libnetpbm9-static-devel netpbm Updated: Wed Feb 11 16:21:22 2003 Importance: security %pre A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package mailman Updated: Fri Feb 13 05:31:50 2004 Importance: security %pre A cross-site scripting vulnerability was discovered in mailman's administration interface (CAN-2003-0965). This affects version 2.1 earlier than 2.1.4. Certain malformed email commands could cause the mailman process to crash. (CAN-2003-0991). This affects version 2.0 earler than 2.0.14. Another cross-site scripting vulnerability was found in mailman's 'create' CGI script (CAN-2003-0992). This affects version 2.1 earlier than 2.1.3. %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain %package metamail Updated: Wed Feb 18 10:43:59 2004 Importance: security %pre Two format string and two buffer overflow vulnerabilities were discovered in metamail by Ulf Harnhammar. The updated packages are patched to fix these holes. %description Metamail is a system for handling multimedia mail, using the mailcap file. Metamail reads the mailcap file, which tells Metamail what helper program to call in order to handle a particular type of non-text mail. Note that metamail can also add multimedia support to certain non-mail programs. Metamail should be installed if you need to add multimedia support to mail programs and some other programs, using the mailcap file. %package kernel kernel-enterprise kernel-secure kernel-smp kernel-source Updated: Mon Feb 23 23:32:34 2004 Importance: security %pre Paul Staretz discovered a flaw in return value checking in the mremap() function in the Linux kernel, versions 2.4.24 and previous that could allow a local user to obtain root privileges. A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. A flaw in the ncp_lookup() function in the ncpfs code (which is used to mount NetWare volumes or print to NetWare printers) was found by Arjen van de Ven that acould allow local privilege escalation. The Vicam USB driver in Linux kernel versions prior to 2.4.25 does not use the copy_from_user function to access userspace, which crosses security boundaries. This problem does not affect the Mandrake Linux 9.2 kernel. Additionally, a ptrace hole that only affects the amd64/x86_64 platform has been corrected. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package pwlib1 pwlib1-devel Updated: Wed Mar 03 09:06:22 2004 Importance: security %pre The NISCC uncovered bugs in pwlib prior to version 1.6.0 via a test suite for the H.225 protocol. An attacker could trigger these bugs by sending carefully crafted messages to an application that uses pwlib, and the severity would vary based on the application, but likely would result in a Denial of Service (DoS). The updated packages provide backported fixes from Craig Southeren of the OpenH323 project to protect against this issue. %description PWLib is a moderately large class library that has its genesis many years ago asa method to product applications to run on both Microsoft Windows and Unix X-Window systems. It also was to have a Macintosh port as well but this never eventeated. Unfortunately this package contains no GUI code. %package libxml2 libxml2-devel libxml2-python libxml2-utils Updated: Wed Mar 03 09:06:22 2004 Importance: security %pre A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi Teranishi. When fetching a remote source via FTP or HTTP, libxml2 uses special parsing routines that can overflow a buffer if passed a very long URL. In the event that the attacker can find a program that uses libxml2 which parses remote resources and allows them to influence the URL, this flaw could be used to execute arbitrary code. The updated packages provide a backported fix to correct the problem. %description This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. %package kdelibs kdelibs-common kdelibs-devel kdelibs-static-devel Updated: Wed Mar 10 00:19:28 2004 Importance: security %pre Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory: "The cookie specifications detail a path argument that can be used to restrict the areas of a host that will be exposed to a cookie. By using standard traversal techniques this functionality can be subverted, potentially exposing the cookie to scrutiny and use in further attacks." This issue was fixed in KDE 3.1.3; the updated packages are patched to protect against this vulnerability. %description Libraries for the K Desktop Environment. %package libopenssl0 libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Updated: Wed Mar 17 08:36:03 2004 Importance: security %pre A vulnerability was discovered by the OpenSSL group using the Codenomicon TLS Test Tool. The test uncovered a null-pointer assignment in the do_change_cipher_spec() function whih could be abused by a remote attacker crafting a special SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application in question, this could lead to a Denial of Service (DoS). This vulnerability affects both OpenSSL 0.9.6 (0.9.6c-0.9.6k) and 0.9.7 (0.9.7a-0.9.7c). CVE has assigned CAN-2004-0079 to this issue. Another vulnerability was discovered by Stephen Henson in OpenSSL versions 0.9.7a-0.9.7c; there is a flaw in the SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. CVE has assigned CAN-2004-0112 to this issue. Mandrakesoft urges users to upgrade to the packages provided that have been patched to protect against these problems. We would also like to thank NISCC for their assistance in coordinating the disclosure of these problems. Please note that you will need to restart any SSL-enabled services for the patch to be effective, including (but not limited to) Apache, OpenLDAP, etc. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package drakxtools drakxtools-newt drakxtools-http harddrake2 harddrake2-ui Updated: Mon Mar 22 11:04:07 2004 Importance: bugfix %pre A number of issues have been reported with drakbackup, concerning operation in daemon mode, proper handling of .backupignore files, multisession ISOs, and tape backup/restore. Patches are backported from cooker to 9.1/9.2 to address several these issues. (only tape backup/restore and some GUI issues on 9.1). %description Contains many Mandrake applications simplifying users and administrators life on a Mandrake Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: mandrake terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) liveupdate: live update software logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package ethereal Updated: Tue Mar 30 11:11:12 2004 Importance: security %pre A number of serious issues have been discovered in versions of Ethereal prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors. Jonathan Heusser discovered that a carefully-crafted RADIUS packet could cause Ethereal to crash. It was also found that a zero-length Presentation protocol selector could make Ethereal crash. Finally, a corrupt color filter file could cause a segmentation fault. It is possible, through the exploitation of some of these vulnerabilities, to cause Ethereal to crash or run arbitrary code by injecting a malicious, malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file. The updated packages bring Ethereal to version 0.10.3 which is not vulnerable to these issues. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package squid Updated: Tue Mar 30 11:11:12 2004 Importance: security %pre A vulnerability was discovered in squid version 2.5.STABLE4 and earlier with the processing of %-encoded characters in a URL. If a squid configuration uses ACLs (Access Control Lists), it is possible for a remote attacker to create URLs that would not be properly tested against squid's ACLs, potentially allowing clients to access URLs that would otherwise be disallowed. As well, the provided packages for Mandrake Linux 9.2 and 9.1 include a new Access Control type called "urllogin" which can be used to protect vulnerable Microsoft Internet Explorer clients from accessing URLs that contain login information. While this Access Control type is available, it is not used in the default configuration. The updated packages are patched to protect against these vulnerabilities. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package cvs Updated: Wed Apr 14 11:11:12 2004 Importance: security %pre Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content on the local user's disk. This problem affects all versions of CVS prior to 1.11.15 which has fixed the problem. The updated packages provide 1.11.14 with the pertinent fix for the problem. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package kernel-2.4.21.0.29mdk kernel-enterprise-2.4.21.0.29mdk kernel-secure-2.4.21.0.29mdk kernel-smp-2.4.21.0.29mdk kernel-source Updated: Wed Apr 14 11:11:12 2004 Importance: security %pre A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003). A local root vulnerability was discovered in the isofs component of the Linux kernel by iDefense. This vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO filesystem, or attempting to access a file via a malformed symlink on such a filesystem (CAN-2004-0109). An information leak was discovered in the ext3 filesystem code by Solar Designer. It was discovered that when creating or writing to an ext3 filesystem, some amount of other in-memory data gets written to the device. The data is not the file's contents, not something on the same filesystem, or even anything that was previously in a file at all. To obtain this data, a user needs to read the raw device (CAN-2004-0177). The same vulnerability was also found in the XFS filesystem code (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181). Finally, a vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CAN-2004-0178). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package tcpdump Updated: Wed Apr 14 11:31:59 MDT 2004 Importance: security %pre A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump. These vulnerabilities include: Remote attackers can cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read. (CAN-2004-1083) Integer underflow in the isakmp_id_print allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read. (CAN-2004-0184) The updated packages are patched to correct these problems. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package utempter libutempter0 libutempter0-devel Updated: Mon Apr 19 06:36:09 2004 Importance: security %pre Steve Grubb discovered two potential issues in the utempter program: 1) If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another important file, programs that have root privileges that do no further validation can then overwrite whatever the symlink pointed to. 2) Several calls to strncpy without a manual termination of the string. This would most likely crash utempter. The updated packages are patched to correct these problems. %description Utempter is a utility which allows some non-privileged programs to have required root access without compromising system security. Utempter accomplishes this feat by acting as a buffer between root and the programs. %package libmysql12 libmysql12-devel MySQL MySQL-Max MySQL-bench MySQL-client MySQL-common Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the scripts. The scripts have been patched in the updated packages to prevent this behaviour. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package nss_wins samba-client samba-common samba-server samba-swat samba-winbind Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre A vulnerability was discovered in samba where a local user could use the smbmnt utility, which is shipped suid root, to mount a file share from a remote server which would contain a setuid program under the control of the user. By executing this setuid program, the local user could elevate their privileges on the local system. The updated packages are patched to prevent this problem. The version of samba shipped with Mandrakelinux 10.0 does not have this problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package kernel-2.4.21.0.30mdk kernel-enterprise-2.4.21.0.30mdk kernel-secure-2.4.21.0.30mdk kernel-smp-2.4.21.0.30mdk kernel-source Updated: Tue Apr 27 09:31:05 2004 Importance: security %pre A vulnerability was found in the framebuffer driver of the 2.6 kernel. This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229) A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels. (CAN-2004-0424) There is a minor issue with the static buffer in 2.4 kernel's panic() function. Although it's a possibly buffer overflow, it most like not exploitable due to the nature of panic(). (CAN-2004-0394) In do_fork(), if an error occurs after the mm_struct for the child has been allocated, it is never freed. The exit_mm() meant to free it increments the mm_count and this count is never decremented. (For a running process that is exitting, schedule() takes care this; however, the child process being cleaned up is not running.) In the CLONE_VM case, the parent's mm_struct will get an extra mm_count and so it will never be freed. This issue is present in both 2.4 and 2.6 kernels. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package sysklogd Updated: Wed Apr 28 12:02:22 2004 Importance: security %pre Steve Grubb discovered a bug in sysklogd where it allocates an insufficient amount of memory which causes sysklogd to write to unallocated memory. This could allow for a malicious user to crash sysklogd. The updated packages provide a patched sysklogd using patches from OpenWall to correct the problem and also corrects the use of an unitialized variable (a previous use of "count"). %description The sysklogd package contains two system utilities (syslogd and klogd) which provide support for system logging. Syslogd and klogd run as daemons (background processes) and log system messages to different places, like sendmail logs, security logs, error logs, etc. %package mc Updated: Thu Apr 29 13:41:38 2004 Importance: security %pre There are a number of vulnerablities in the midnight commander program. This includes several buffer overflows, as well as a format string issue and an issue with temporary file creation. Most of the included fixes are backports from CVS, done by Andrew V. Samoilov and Pavel Roskin. The updated packages are patched to correct these problems. %description Midnight Commander is a visual shell much like a file manager, only with way more features. It is text mode, but also includes mouse support if you are running GPM. Its coolest feature is the ability to ftp, view tar, zip files, and poke into RPMs for specific files. :-) %package libpng3 libpng3-devel libpng3-static-devel Updated: Thu Apr 29 13:41:38 2004 Importance: security %pre Steve Grubb discovered that libpng would access memory that is out of bounds when creating an error message. The impact of this bug is not clear, but it could lead to a core dump in a program using libpng, or could result in a DoS (Denial of Service) condition in a daemon that uses libpng to process PNG imagaes. The updated packages are patched to correct the vulnerability. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package rsync Updated: Mon May 10 09:17:05 2004 Importance: security %pre Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this problem. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Mon May 10 09:17:05 2004 Importance: security %pre A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The updated packages provide a patched mod_ssl to correct these problems. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package passwd Updated: Mon May 17 11:18:10 2004 Importance: security %pre Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed as well. The updated packages are patched to correct these problems. %description The passwd package contains a system utility (passwd) which sets and/or changes passwords, using PAM (Pluggable Authentication Modules). To use passwd, you should have PAM installed on your system. %package libuser libuser1 libuser1-devel Updated: Mon May 17 11:18:10 2004 Importance: security %pre Steve Grubb discovered a number of problems in the libuser library that can lead to a crash in applications linked to it, or possibly write 4GB of garbage to the disk. The updated packages provide a patched libuser to correct these problems. %description The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. %package apache apache-devel apache-modules apache-source Updated: Mon May 17 11:18:10 2004 Importance: security %pre Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CAN-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a "AuthDigestRealmSeed" secret exposed as an MD5 checksum (CAN-2004-0987). mod_acces in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CAN-2003-0993). Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CAN-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package cvs Updated: Wed May 19 09:32:59 2004 Importance: security %pre Stefan Esser discovered that malformed "Entry" lines in combination with Is-modified and Unchanged can be used to overflow malloc()ed memory in a way that can be remotely exploited. The updated packages contain a patch to correct the problem. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package apache-mod_perl mod_perl-common mod_perl-devel HTML-Embperl Updated: Wed May 19 21:03:55 2004 Importance: security %pre Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available. %description Apache is a powerful, full-featured, efficient and freely-available Web server. mod_perl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Mod_perl links the Perl runtime library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a quicker CGI script turnaround process, since no external Perl interpreter has to be started. This package contains Apache with mod_perl linked statically. It also contains a statically linked HTML::Embperl module, but you need the separate HTML-Embperl package to activate it. %package mod_ssl Updated: Tue Jun 01 09:31:15 2004 Importance: security %pre A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Tue Jun 01 09:53:23 2004 Importance: security %pre A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package ftp-client-krb5 ftp-server-krb5 krb5-devel krb5-libs krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Thu Jun 03 11:14:09 2004 Importance: security %pre Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges. In order to exploit this flaw, an attacker must first successfully authenticate to a vulnerable service, which must be configured to enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname, which is not a default configuration. Mandrakesoft encourages all users to upgrade to these patched krb5 packages. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package cvs Updated: Wed Jun 9 09:08:12 2004 Importance: security %pre Another vulnerability was discovered related to "Entry" lines in cvs, by the development team (CAN-2004-0414). As well, Stefan Esser and Sebastian Krahmer performed an audit on the cvs source code and discovered a number of other problems, including: A double-free condition in the server code is exploitable (CAN-2004-0416). By sending a large number of arguments to the CVS server, it is possible to cause it to allocate a huge amount of memory which does not fit into the address space, causing an error (CAN-2004-0417). It was found that the serve_notify() function would write data out of bounds (CAN-2004-0418). The provided packages update cvs to 1.11.16 and include patches to correct all of these problems. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package squid Updated: Wed Jun 9 09:08:12 2004 Importance: security %pre A vulnerability exists in squid's NTLM authentication helper. This buffer overflow can be exploited by a remote attacker by sending an overly long password, thus overflowing the buffer and granting the ability to execute arbitrary code. This can only be exploited, however, if NTLM authentication is used. NTLM authentication is built by default in Mandrakelinux packages, but is not enabled in the default configuration. The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided packages are patched to fix this problem. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package ksymoops Updated: Thu Jun 10 10:35:08 2004 Importance: security %pre Geoffrey Lee discovered a problem with the ksymoops-gznm script distributed with Mandrakelinux. The script fails to do proper checking when copying a file to the /tmp directory. Because of this, a local attacker can setup a symlink to point to a file that they do not have permission to remove. The problem is difficult to exploit because someone with root privileges needs to run ksymoops on a particular module for which a symlink for the same filename already exists. %description The Linux kernel produces error messages that contain machine specific numbers which are meaningless for debugging. ksymoops reads machine specific files and the error log and converts the addresses to meaningful symbols and offsets. %package kernel-2.4.21.0.31mdk kernel-enterprise-2.4.21.0.31mdk kernel-secure-2.4.21.0.31mdk kernel-smp-2.4.21.0.31mdk kernel-source Updated: Wed Jun 23 10:12:05 2004 Importance: security %pre A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and earlier was discovered. The e1000 driver does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory (CAN-2004-0535). A vulnerability was also discovered in the kernel were a certain C program would trigger a floating point exception that would crash the kernel. This vulnerability can only be triggered locally by users with shell access (CAN-2004-0554). To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package libpng3 libpng3-devel libpng3-static-devel Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. This vulnerability was initially patched in January of 2003, but it has since been noted that fixes were required in two additional places that had not been corrected with the earlier patch. This update uses an updated patch to fix all known issues. After the upgrade, all applications that use libpng should be restarted. Many applications are linked to libpng, so if you are unsure of what applications to restart, you may wish to reboot the system. Mandrakesoft encourages all users to upgrade immediately. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow. The updated packages contain a patch from the ASF to correct the problem. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ("service httpd stop" and "service httpd start" respectively). %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package apache apache-devel apache-modules apache-source Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A buffer overflow vulnerability was found by George Guninski in Apache's mod_proxy module, which can be exploited by a remote user to potentially execute arbitrary code with the privileges of an httpd child process (user apache). This can only be exploited, however, if mod_proxy is actually in use. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ("service httpd stop" and "service httpd start" respectively). %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package kernel-2.4.21.0.32mdk kernel-enterprise-2.4.21.0.32mdk kernel-secure-2.4.21.0.32mdk kernel-smp-2.4.21.0.32mdk kernel-source Updated: Tue Jul 7 09:15:12 2004 Importance: security %pre A number of vulnerabilities were discovered in the Linux kernel that are corrected with this update: Multiple vulnerabilities were found by the Sparse source checker that could allow local users to elevate privileges or gain access to kernel memory (CAN-2004-0495). Missing Discretionary Access Controls (DAC) checks in the chown(2) system call could allow an attacker with a local account to change the group ownership of arbitrary files, which could lead to root privileges on affected systems (CAN-2004-0497). An information leak vulnerability that affects only ia64 systems was fixed (CAN-2004-0565). Insecure permissions on /proc/scsi/qla2300/HbaApiNode could allow a local user to cause a DoS on the system; this only affects Mandrakelinux 9.2 and below (CAN-2004-0587). A vulnerability that could crash the kernel has also been fixed. This crash, however, can only be exploited via root (in br_if.c). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package php-cgi php-cli php430-devel libphp_common430 Updated: Wed Jul 14 13:51:21 2004 Importance: security %pre Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memory_limit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of allowed tags within PHP's strip_tags() function. This could lead to a number of XSS issues on sites that rely on strip_tags(); this only seems to affect the Internet Explorer and Safari browsers. The updated packages have been patched to correct the problem and all users are encouraged to upgrade immediately. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package freeswan Updated: Wed Jul 14 13:51:21 2004 Importance: security %pre Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws. %description The basic idea of IPSEC is to provide security functions (authentication and encryption) at the IP (Internet Protocol) level. It will be required in IP version 6 (better known as IPng, the next generation) and is optional for the current IP, version 4. FreeS/WAN is a freely-distributable implementation of IPSEC protocol. This package has the x509 patch applied (www.strongsec.com) For kernel with this freeswan version, please check the main distro or http://people.mandrakesoft.com/~florin/www/rpms/cooker/rpms/i586/ %package nss_wins samba-client samba-common samba-doc samba-server samba-swat samba-winbind Updated: Thu Jul 22 06:47:28 2004 Importance: security %pre A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial attribute value when using the ldapsam passdb backend, and to decode input given to the ntlm_auth tool. This vulnerability only exists in Samba versions 3.0.2 or later; the 3.0.5 release fixes the vulnerability. Systems using SWAT, the ldapsam passdb backend, and tose running winbindd and allowing third- party applications to issue authentication requests via ntlm_auth tool should upgrade immediately. (CAN-2004-0600) A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. This bug is present in Samba 3.0.0 and later, as well as Samba 2.2.X (CAN-2004-0686) This update also fixes a bug where attempting to print in some cases would cause smbd to exit with a signal 11. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package webmin Updated: Tue Jul 27 09:34:22 2004 Importance: security %pre Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. (CAN-2004-0582) The account lockout functionality in Webmin 1.140 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. (CAN-2004-0583) The updated packages are patched to correct the problem. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package sox sox-devel Updated: Wed Jul 28 09:23:18 2004 Importance: security %pre Ulf Harnhammar discovered two buffer overflows in SoX. They occur when the sox or play commands handle malicious .WAV files. Versions 12.17.4, 12.17.3 and 12.17.2 are vulnerable to these overflows. 12.17.1, 12.17 and 12.16 are some versions that are not. %description SoX (Sound eXchange) is a sound file format converter for Linux, UNIX and DOS PCs. The self-described 'Swiss Army knife of sound tools,' SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Install the sox package if you'd like to convert sound file formats or manipulate some sounds. %package libpng3 libpng3-devel libpng3-static-devel Updated: Wed Aug 04 09:53:45 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the libpng graphics library, including a remotely exploitable stack-based buffer overrun in the png_handle_tRNS function, dangerous code in png_handle_sBIT, a possible NULL-pointer crash in png_handle_iCCP (which is also duplicated in multiple other locations), a theoretical integer overflow in png_read_png, and integer overflows during progressive reading. All users are encouraged to upgrade immediately. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package shorewall shorewall-doc Updated: Mon Aug 09 13:04:04 2004 Importance: security %pre The shorewall package has a vulnerability when creating temporary files and directories, which could allow non-root users to overwrite arbitrary files on the system. The updated packages are patched to fix the problem. As well, for Mandrakelinux 10.0, the updated packages have been fixed to start shorewall after the network, rather than before. After updating the package, if shorewall was previously running, you may need to issue a "service shorewall restart". %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package rsync Updated: Tue Aug 17 09:50:59 2004 Importance: security %pre An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. This vulnerability allows a remote attacker to possibly read/write to/from files outside of the rsync directory. The updated packages are patched to prevent this problem. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package spamassassin spamassassin-tools perl-Mail-SpamAssassin Updated: Wed Aug 18 10:40:17 2004 Importance: security %pre Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to date. %description SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. SpamAssassin also includes support for reporting spam messages automatically, and/or manually, to collaborative filtering databases such as Vipul's Razor, DCC or pyzor. Install perl-Razor-Agent package to get Vipul's Razor support. Install dcc package to get Distributed Checksum Clearinghouse (DCC) support. Install pyzor package to get Pyzor support. %package kernel-2.4.21.0.33mdk kernel-enterprise-2.4.21.0.33mdk kernel-secure-2.4.21.0.33mdk kernel-smp-2.4.21.0.33mdk kernel-source Updated: Thu Aug 26 13:02:59 2004 Importance: security %pre A race condition was discovered in the 64bit file offset handling by Paul Starzetz from iSEC. The file offset pointer (f_pos) is changed during reading, writing, and seeking through a file in order to point to the current position of a file. The value conversion between both the 32bit and 64bit API in the kernel, as well as access to the f_pos pointer, is defective. As a result, a local attacker can abuse this vulnerability to gain access to uninitialized kernel memory, mostly via entries in the /proc filesystem. This kernel memory can possibly contain information like the root password, and other sensitive data. The updated kernel packages provided are patched to protect against this vulnerability, and all users are encouraged to upgrade immediately. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package ftp-client-krb5 ftp-server-krb5 krb5-devel krb5-libs krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Tue Aug 31 10:23:12 2004 Importance: security %pre A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers vulnerable. The MIT Kerberos 5 development team believes that exploitation of these bugs would be difficult and no known vulnerabilities are believed to exist. The vulnerability in krb524d was discovered by Marc Horowitz; the other double-free vulnerabilities were discovered by Will Fiveash and Nico Williams at Sun. Will Fiveash and Nico Williams also found another vulnerability in the ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of Service) attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. The MIT Kerberos 5 team has provided patches which have been applied to the updated software to fix these issues. Mandrakesoft encourages all users to upgrade immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords.