%package proftpd proftpd-anonymous Updated: Fri Sep 26 10:46:30 2003 Importance: security %pre A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell. The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The problematic code first appeared in ProFTPD 1.2.7rc1, and the provided packages are all patched by the ProFTPD team to protect against this vulnerability. %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package libdha0.1 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Updated: Tue Sep 30 10:25:00 2003 Importance: security %pre A buffer overflow vulnerability was found in MPlayer that is remotely exploitable. A malicious host can craft a harmful ASX header and trick MPlayer into executing arbitrary code when it parses that particular header. The provided packages have been patched to fix the problem. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer8/Codecs %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Updated: Tue Sep 30 17:36:12 2003 Importance: security %pre Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CAN-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package gnome-applets Updated: Wed Oct 08 11:27:45 2003 Importance: bugfix %pre Due to changes on the Yahoo web page, the Stock Ticker applet would no longer work. These updated packages fix this problem. %description GNOME (GNU Network Object Model Environment) is a user-friendly set of applications and desktop tools to be used in conjunction with a window manager for the X Window System. GNOME is similar in purpose and scope to CDE and KDE, but GNOME (like KDE) is based completely on Open Source software. The gnome-applets package provides Panel applets which enhance your GNOME experience. You should install the gnome-applets package if you would like to abuse the GNOME desktop environment by embedding small utilities in the GNOME panel. %package gdm gdm-Xnest Updated: Thu Oct 16 11:34:31 2003 Importance: security %pre Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would allow a local attacker to cause gdm to crash or freeze. The provided packages are patched to fix this problem. %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package fetchmail fetchmail-daemon fetchmailconf Updated: Thu Oct 16 11:49:59 2003 Importance: security %pre A bug was discovered in fetchmail 6.2.4 where a specially crafted email message can cause fetchmail to crash. Thanks to Nalin Dahyabhai of Red Hat for providing the patch to fix the problem. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package mailman Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre The default mailman install was in an inoperable state. This update addresses several issues related to file IDs and permissions, as well as insuring the initial permissions for aliases.db under postfix is correct for proper operation. %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain %package mdkkdm Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre The mdkkdm package now builds properly under amd64 and also allows you to reboot the machine with a good kernel when you need to enter a password. %description Mdk kdm. %package drakxtools drakxtools-http drakxtools-newt harddrake harddrake-ui Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre Fixes for drakconnect include fixing a problem where wireless adapter settings were lost when altering the network configuration when not in wizard mode. A problem with stepping back into the wizard and having the first card's parameters being overwriten by the last one's has also been fixed. drakfont had issues with TTF conversion that have been corrected. A bug in draksec that would lose unsaved security administrator settings has been fixed. %description Contains many Mandrake applications simplifying users and administrators life on a Mandrake Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: mandrake terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) liveupdate: live update software logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package ncftp Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A bug in ncftp would cause it to close when typing in high ASCII characters. %description Ncftp is an improved FTP client. Ncftp's improvements include support for command line editing, command histories, recursive gets, automatic anonymous logins and more. %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A problem in kdelibs prevented people from having a screensaver. %description Libraries for the K Desktop Environment. %package kdebase kdebase-common kdebase-kate kdebase-kdeprintfax kdebase-kdm kdebase-kdm-config kdebase-konsole kdebase-nsplugins kdebase-progs libkdebase4 libkdebase4-devel libkdebase4-kate libkdebase4-kate-devel libkdebase4-konsole libkdebase4-nsplugins libkdebase4-nsplugins-devel Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A problem in kdebase prevented people from renaming a directory on the desktop. %description Core applications for the K Desktop Environment. Here is an overview of the directories: - drkonqi: if ever an app crashes (heaven forbid!) then Dr.Konqi will be so kind and make a stack trace. This is a great help for the developers to fix the bug. - kappfinder: searches your hard disk for non-KDE applications, e.g. Acrobat Reader (tm) and installs those apps under the K start button - kate: a fast and advanced text editor with nice plugins - kcheckpass: small program to enter and check passwords, only to be used by other programs - kcontrol: the KDE Control Center allows you to tweak the KDE settings - kdcop: GUI app to browse for DCOP interfaces, can also execute them - kdebugdialog: allows you to specify which debug messages you want to see - kdeprint: the KDE printing system - kdesktop: you guessed it: the desktop above the panel - kdesu: a graphical front end to "su" - kdm: replacement for XDM, for those people that like graphical logins - kfind: find files - khelpcenter: the app to read all great documentation about KDE - khotkeys: intercepts keys and can call applications - kicker: the panel at the botton with the K start button and the taskbar etc - kioslave: infrastructure that helps make every application internet enabled e.g. to directly save a file to ftp://place.org/dir/file.txt - klipper: enhances and extenses the X clipboard - kmenuedit: edit for the menu below the K start button - konqueror: the file manager and web browser you get easily used to - kpager: applet to show the contents of the virtual desktops - kpersonalizer: the customization wizard you get when you first start KDE - kreadconfig: a tool for shell scripts to get info from KDE's config files - kscreensaver: the KDE screensaver environment and lot's of savers - ksmserver: the KDE session manager (saves program status on login, restarts those program at the next login) - ksplash: the screen displayed while KDE starts - kstart: to launch applications with special window properties such as iconified etc - ksysguard: task manager and system monitor, even for remote systems - ksystraycmd: allows to run any application in the system tray - ktip: gives you tips how to use KDE - kwin: the KDE window manager - kxkb: a keyboard map tool - legacyimport: odd name for a cute program to load GTK themes - libkonq: some libraries needed by Konqueror - nsplugins: together with OSF/Motif or Lesstif allows you to use Netscape (tm) plugins in Konqueror %package GConf libGConf1 libGConf1-devel Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A problem where GConf was not storing a local lock on a remote directory for people using NFS-mounted home with security level >= 2 and would cause GNOME to fail to login properly after logout has been fixed. %description GConf is a configuration database for the GNOME project. %package GConf2 libGConf2_4 libGConf2_4-devel Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A problem where GConf was not storing a local lock on a remote directory for people using NFS-mounted home with security level >= 2 and would cause GNOME to fail to login properly after logout has been fixed. %description GConf is a configuration data storage mechanism scheduled to ship with GNOME 2.0. GConf does work without GNOME however; it can be used with plain GTK+, Xlib, KDE, or even text mode applications as well. %package gnome-pilot gnome-pilot-conduits libgnome-pilot2 libgnome-pilot2-devel Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre The crash in the memo-file conduit in gnome-pilot has been fixed. %description GNOME pilot is a collection of programs and daemon for integrating GNOME and the PalmPilot (tm). %package ORBit2 libORBit2_0 libORBit2_0-devel Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre Random freezes in Evolution due to ORBit2 have been corrected. %description ORBit is a high-performance CORBA (Common Object Request Broker Architecture) ORB (object request broker). It allows programs to send requests and receive replies from other programs, regardless of the locations of the two programs. CORBA is an architecture that enables communication between program objects, regardless of the programming language they're written in or the operating system they run on. You will need to install this package if you want to run programs that use the ORBit implementation of CORBA technology. %package gdm gdm-Xnest Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A bug in gdm would prevent users from logging out then back in again when using NFS has been fixed (note this update replaces security advisory MDKSA-2003:100). %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package drakfirsttime Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A bug in drakclub where it would print the root password to the console has been fixed. Another bug where it would complain about missing IO:Stty when launching drakclub as a regular user was also corrected. %description The Mandrake First Wizard is a config tool to help user set up some basics things like themes&window managers, registration at mandrakeclub/mandrakeexpert the first time you login. This package also includes the drakclub and drakmail wizards for the settings of club urpmi sources and mail clients respectively. %package kernel kernel-BOOT kernel-doc kernel-enterprise kernel-i686-up-4GB kernel-p3-smp-64GB kernel-secure kernel-smp kernel-source Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre The kernel update provides low_latency fixes to provide better performance, a new libata driver for SATA devices, and also allows the ASUS A7V motherboard to use ACPI. For full information on updating your kernel, please view the instructions at: http://www.mandrakesecure.net/en/kernelupdate.php New commercial drivers for this kernel are available at Mandrake Club. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package chkauth Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A bug in chkauth prevented LDAP authentication from working properly post-install due to calling the wrong PAM module; this has been fixed. %description Chkauth is a program to change the authentification method on a system. Chkauth always set the file method in first place, but you can only select the second authentification method this way. Three kind of authentification are accepted : local (file), NIS (yp) and LDAP. %package qt3-common qt3-example libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql Updated: Wed Oct 22 10:06:17 2003 Importance: bugfix %pre A problem with chinese IME in KDE has been fixed with new qt3 packages. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Fri Oct 24 11:23:57 2003 Importance: security %pre A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi. On systems that use scripts that output more than 4k to STDERR, this could cause httpd processes to hang and once the maximum connection limit is reached, Apache will no longer respond to requests. The updated packages provided use the latest mod_cgi.c from the Apache 2.1 CVS version. Users may have to restart apache by hand after the upgrade by issuing a "service httpd restart". Update: The previous update introduced an experimental mod_cgi.c that while fixing the deadlock did not do so in a correct manner and it likewise introduced new problems with other scripts. These packages roll back to the original mod_cgi.c until such a time as the apache team have a proper fix in place. Both Mandrake Linux 9.1 and 9.2 are affected with this problem. Likewise, a problem was discovered in the default mod_proxy configuration which created an open proxy. Users who have installed mod_perl also have mod_proxy installed due to dependencies and may unknowingly have allowed spammers to use their MTA via the wide-open mod_proxy settings. MandrakeSoft encourages all users to upgrade to these new packages immediately. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package kernel kernel-BOOT kernel-doc kernel-enterprise kernel-i686-up-4GB kernel-p3-smp-64GB kernel-secure kernel-smp kernel-source Updated: Mon Oct 27 09:37:59 2003 Importance: bugfix %pre A problem was discovered where the kernel would destroy certain LG- based CD-ROM devices. This problem has been fixed in the kernels provided and MandrakeSoft encourages everyone to upgrade. For more information on this particular problem, view the errata page on this topic available at: http://www.mandrakelinux.com/en/lgerrata.php3 For full information on updating your kernel, please view the instructions at: http://www.mandrakesecure.net/en/kernelupdate.php New commercial drivers for this kernel will be available at Mandrake Club shortly. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package GConf libGConf1 libGConf1-devel Updated: Thu Oct 30 10:42:24 2003 Importance: bugfix %pre The previous updates for GConf (MDKA-2003:020) introduced a new problem where gnucash, and possibly other applications, would crash. This new package fixes the problem. %description GConf is a configuration database for the GNOME project. %package libbonobo libbonobo2_0 libbonobo2_0-devel Updated: Fri Oct 31 11:38:17 2003 Importance: bugfix %pre A bug was found in libbonobo that would cause problems with various GNOME applications, and logging in properly, when the user's home directory was on a NFS-mounted share. These updated packages correct the problem. %description Bonobo is a library that provides the necessary framework for GNOME applications to deal with compound documents, i.e. those with a spreadsheet and graphic embedded in a word-processing document. This package contains various needed modules and files for bonobo 2 to operate. %package apache apache-devel apache-modules apache-source Updated: Mon Nov 03 12:22:16 2003 Importance: security %pre A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. Apache version 2.0.48 and 1.3.29 were released upstream to correct these bugs; backported patches have been applied to the provided packages. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Mon Nov 03 12:22:16 2003 Importance: security %pre A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. Apache version 2.0.48 and 1.3.29 were released upstream to correct these bugs; backported patches have been applied to the provided packages. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package hylafax hylafax-server hylafax-client libhylafax4.1.1 libhylafax4.1.1-devel Updated: Mon Nov 10 18:43:26 2003 Importance: security %pre During a code review of the hfaxd server, part of the hylafax package, the SuSE Security Team discovered a format bug condition that allows remote attackers to execute arbitrary code as root. Note that this bug cannot be triggered in the default configuration. Updated packages have been patched to correct the problem. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. You need this package if you are going to install hylafax-client and/or hylafax server. Most users want mgetty-voice to be installed too. %package OpenDX OpenDX-devel Updated: Wed Nov 11 11:52:52 2003 Importance: bugfix %pre A bug in OpenDX was fixed that prevented dx from starting properly due to an improper path for the dxexec executable. %description OpenDX is a uniquely powerful, full-featured software package for the visualization of scientific, engineering and analytical data: Its open system design is built on a standard interface environments. And its sophisticated data model provides users with great flexibility in creating visualizations. %package totem Updated: Wed Nov 11 11:52:52 2003 Importance: bugfix %pre A bug was found in totem that would cause it to crash when attempting to retrieve CDDB information when playing an audio CD and the network blocks CDDB access. This problem has been fixed with these updated packages. %description Totem is simple movie player for the Gnome desktop based on xine. It features a simple playlist, a full-screen mode, seek and volume controls, as well as a pretty complete keyboard navigation. %package SnortSnarf Updated: Wed Nov 11 11:52:52 2003 Importance: bugfix %pre Problems with the dependencies of the SnortSnarf package prevented it from being installable. This update fixes those dependency issues so that you can now install the package. %description This program creates a set of HTML pages to allow you to quickly and conveniently navigate around output files of the Snort intrusion detection system(http://www.snort.org/). %package coreutils coreutils-doc Updated: Wed Nov 11 13:03:31 2003 Importance: security %pre A memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux). Likewise, a non-exploitable integer overflow problem was discovered in ls, which can be used to crash ls by specifying certain command-line arguments. This can also be triggered via remotely accessible services such as wu-ftpd. The provided packages include a patched ls to fix these problems. %description These are the GNU core utilities. This package is the union of the old GNU fileutils, sh-utils, and textutils packages. These tools're the GNU versions of common useful and popular file & text utilities which are used for: - file management - shell scripts - modifying text file (spliting, joining, comparing, modifying, ...) Most of these programs have significant advantages over their Unix counterparts, such as greater speed, additional options, and fewer arbitrary limits. The following tools're included: basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd df dir dircolors dirname du echo env expand expr factor false fmt fold ginstall groups head hostid hostname id join kill link ln logname ls md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort split stat stty su sum sync tac tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes %package drakxtools drakxtools-http drakxtools-newt harddrake harddrake-ui Updated: Fri Nov 14 12:23:12 2003 Importance: bugfix %pre A number of bugs have been fixed in the drakxtools package. Primarily, problems with drakconnect were fixed. The old behaviour of drakconnect to detect network interfaces was to load all of the network modules corresponding to current hardware and look for network interfaces created by the module loading. However, determining network interfaces in this way prevented drakconnect from ever seeing USB ethernet adapters. As well, the way in which drakconnect mapped real network interfaces to a logical configuration prevented drakconnect from mapping interfaces without an alias in /etc/modules.conf. Finally, drakconnect had problems handling wireless network devices correctly. The updated package also provides a more up-to-date wireless modules list so drakconnect is able to determine more types of wireless devices. A number of other smaller bugs have been repaired as well and MandrakeSoft encourages all users to upgrade to these new packages. %description Contains many Mandrake applications simplifying users and administrators life on a Mandrake Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: mandrake terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) liveupdate: live update software logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package gawk gawk-doc Updated: Tue Nov 18 10:10:01 2003 Importance: bugfix %pre The gawk program would segfault with most character classes and locales other than "C". This update corrects the problem so you can use gawk with any locale or character class. %description The gawk packages contains the GNU version of awk, a text processing utility. Awk interprets a special-purpose programming language to do quick and easy text pattern matching and reformatting jobs. Gawk should be upwardly compatible with the Bell Labs research version of awk and is almost completely compliant with the 1993 POSIX 1003.2 standard for awk. Install the gawk package if you need a text processing utility. Gawk is considered to be a standard Linux tool for processing text. %package nss_ldap pam_ldap Updated: Tue Nov 18 10:10:01 2003 Importance: bugfix %pre The nss_ldap package was improperly built against db1 rather than db4 which would cause problems using LDAP for authentication in certain situations where the Berkeley DB library is used to cache DN login name mappings. The provided packages are correctly built against db4. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package rpm rpm-build rpm-devel rpm-python popt popt-devel Updated: Tue Nov 18 10:10:01 2003 Importance: bugfix %pre A bug was found in the way that rpm locks it's database in that it prevents update-menus from running properly and can cause the loss of KDE, GNOME, and other WM menus. This package provides a better locking mechanism that should prevent this improper behaviour. %description RPM is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a description, etc. %package kopete libkopete1 libkopete1-devel Updated: Thu Nov 27 19:09:42 2003 Importance: normal %pre New kopete packages are available that bring back MSN capabilities. %description Kopete is a flexible and extendable multiple protocol instant messaging system designed as a plugin-based system. All protocols are plugins and allow modular installment, configuration, and usage without the main application knowing anything about the plugin being loaded. The goal of Kopete is to provide users with a standard and easy to use interface between all of their instant messaging systems, but at the same time also providing developers with the ease of writing plugins to support a new protocol. The core Kopete development team provides a handful of plugins that most users can use, in addition to templates for new developers to base a plugin off of. %package kde-i18n-es Updated: Thu Nov 27 19:09:42 2003 Importance: bugfix %pre New kde-i18n-es packages are available that provided updated Spanish translations for kmail that fix some display issues. %description Spanish language support for KDE. %package gnupg Updated: Thu Nov 27 19:09:42 2003 Importance: bugfix %pre A severe vulnerability was discovered in GnuPG by Phong Nguyen relating to Elgamal sign+encrypt keys. From Werner Koch's email message: "Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds. Please *take immediate action and revoke your ElGamal signing keys*. Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key." And also: "Note that the standard keys as generated by GnuPG (DSA and ElGamal encryption) as well as RSA keys are NOT vulnerable. Note also that ElGamal signing keys cannot be generated without the use of a special flag to enable hidden options and even then overriding a warning message about this key type. See below for details on how to identify vulnerable keys." MandrakeSoft urges any users who use the ElGamal sign+encrypt keys to immediately revoke these keys and discontinue use of them. Updated packages are provided that remove the ability to create these keys and to create signatures using these keys (thanks to David Shaw for writing the patch). %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package mandrake_doc-common mandrake_doc-de mandrake_doc-en mandrake_doc-es mandrake_doc-fr mandrake_doc-it mandrake_doc-ru mandrake_doc-drakxtools-en mandrake_doc-drakxtools-es mandrake_doc-drakxtools-fr Updated: Tue Dec 02 10:15:50 2003 Importance: normal %pre New mandrake_doc packages are available that provide last-minute updates to the documentation included with Mandrake Linux 9.2. %description This package contains some useful documentation for Mandrake Linux systems. This documentation is directly accessible through the Mandrake desktop (the "Documentation" icon). It includes many manuals ranging from Installation Guide to Server Reference Manual. %package dump rmt Updated: Tue Dec 02 10:15:50 2003 Importance: bugfix %pre New dump packages alleviate a problem with transmitting 2GB of data due to a problem with largfile seeks in rmt. %description The dump package contains both dump and restore. Dump examines files in a filesystem, determines which ones need to be backed up, and copies those files to a specified disk, tape or other storage medium. The restore command performs the inverse function of dump; it can restore a full backup of a filesystem. Subsequent incremental backups can then be layered on top of the full backup. Single files and directory subtrees may also be restored from full or partial backups. %package shorewall shorewall-doc Updated: Tue Dec 03 10:12:43 2003 Importance: bugfix %pre A problem with the shorewall firewall script prevented some modules from being loaded which would prevent, among other problems, FTP from working. The new version of shorewall corrects this problem. %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package rsync Updated: Thu Dec 04 13:12:29 2003 Importance: security %pre A vulnerability was discovered in all versions of rsync prior to 2.5.7 that was recently used in conjunction with the Linux kernel do_brk() vulnerability to compromise a public rsync server. This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code execution on the host running rsync as a server. Also note that this only affects hosts running rsync in server mode (listening on port 873, typically under xinetd). %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package cvs Updated: Mon Dec 08 15:07:00 2003 Importance: security %pre A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package screen Updated: Mon Dec 08 15:09:00 2003 Importance: security %pre A vulnerability was discovered and fixed in screen by Timo Sirainen who found an exploitable buffer overflow that allowed privilege escalation. This vulnerability also has the potential to allow attackers to gain control of another user's screen session. The ability to exploit is not trivial and requires approximately 2GB of data to be transferred in order to do so. Updated packages are available that fix the vulnerability. %description The screen utility allows you to have multiple logins on just one terminal. Screen is useful for users who telnet into a machine or are connected via a dumb terminal, but want to use more than just one login. Install the screen package if you need a screen manager that can support multiple logins on one terminal. %package ethereal Updated: Wed Dec 10 11:14:35 2003 Importance: security %pre A number of vulnerabilities were discovered in ethereal that, if exploited, could be used to make ethereal crash or run arbitrary code by injecting malicious malformed packets onto the wire or by convincing someone to read a malformed packet trace file. A buffer overflow allows attackers to cause a DoS (Denial of Service) and possibly execute arbitrary code using a malformed GTP MSISDN string (CAN-2003-0925). Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO packets (CAN-2003-0926). Finally, a heap-based buffer overflow allows attackers to cause a DoS or execute arbitrary code using the SOCKS dissector (CAN-2003-0927). All three vulnerabilities affect all versions of Ethereal up to and including 0.9.15. This update provides 0.9.16 which corrects all of these issues. Also note that each vulnerability can be exploited by a remote attacker. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package gaim gaim-encrypt libgaim-remote0 libgaim-remote0-devel gaim-festival gaim-perl Updated: Wed Dec 10 11:14:35 2003 Importance: normal %pre Due to changes in the MSN protocol, new versions of gaim have been released that provide support to again access the MSN network. %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package net-snmp net-snmp-mibs net-snmp-trapd net-snmp-utils libnet-snmp50 libnet-snmp50-devel libnet-snmp50-static-devel Updated: Thu Dec 11 17:22:18 2003 Importance: security %pre A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The updated packages provide Net-SNMP version 5.0.9 which is not vulnerable to this issue and also fixes a number of other smaller bugs. %description SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. %package lftp Updated: Mon Dec 15 09:57:14 2003 Importance: security %pre A buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels" command on specially prepared directory. This vulnerability exists in lftp versions 2.3.0 through 2.6.9 and is corrected upstream in 2.6.10. The updated packages are patched to protect against this problem. %description LFTP is a shell-like command line ftp client. The main two advantages over other ftp clients are reliability and ability to perform tasks in background. It will reconnect and reget the file being transferred if the connection broke. You can start a transfer in background and continue browsing on the ftp site. It does this all in one process. When you have started background jobs and feel you are done, you can just exit lftp and it automatically moves to nohup mode and completes the transfers. It has also such nice features as reput and mirror. %package GConf2 libGConf2_4 libGConf2_4-devel Updated: Thu Dec 18 00:40:15 2003 Importance: bugfix %pre The previous updates for GConf2 (MDKA-2003:020) introduced a new problem seen with newer versions of glibc. Although it doesn't appear to affect Mandrake Linux 9.2 directly, the fix is greatly improved with this updated patch. %description GConf is a configuration data storage mechanism scheduled to ship with GNOME 2.0. GConf does work without GNOME however; it can be used with plain GTK+, Xlib, KDE, or even text mode applications as well. %package chkauth Updated: Thu Dec 18 00:40:15 2003 Importance: bugfix %pre The chkauth package would incorrectly set the old YPDOMAIN variable in /etc/sysconfig/network rather than NISDOMAIN. These packages correct the problem. %description Chkauth is a program to change the authentification method on a system. Chkauth always set the file method in first place, but you can only select the second authentification method this way. Three kind of authentification are accepted : local (file), NIS (yp) and LDAP. %package irssi irssi-devel Updated: Thu Dec 18 00:47:30 2003 Importance: security %pre A vulnerability in versions of irssi prior to 0.8.9 would allow a remote user to crash another user's irssi client provided that the client was on a non-x86 architecture or if the "gui print text" signal is being used by some script or plugin. The updated packages provide 0.8.9 which corrects the problem. %description Irssi is a modular IRC client for UNIX that currently has only text mode user interface, but 80-90% of the code isn't text mode specific, so other UIs could be created pretty easily. Also, Irssi isn't really even IRC specific anymore, there's already working SILC and ICB modules available. Support for other protocols like ICQ and Jabber could be created some day too. irssi is the most popular IRC client at the moment. %package libxfree86 libxfree86-devel libxfree86-static-devel X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-cyrillic-fonts XFree86-doc XFree86-glide-module XFree86-server XFree86-xfs XFree86-Xnest XFree86-Xvfb Updated: Thu Dec 18 17:31:12 2003 Importance: security %pre XDM does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the pam_krb5 module. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package drakxtools drakxtool-http drakxtools-newt harddrake harddrake-ui Updated: Mon Jan 5 07:18:24 2004 Importance: bugfix %pre Updated drakxtools package fixes drakbackup's daemon behavior. %description Contains many Mandrake applications simplifying users and administrators life on a Mandrake Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: mandrake terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) liveupdate: live update software logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible The harddrake service is a hardware probing tool run at system boot time to determine what hardware has been added or removed from the system. It then offer to run needed config tool to update the OS configuration. This is the main configuration tool for hardware that calls all the other configuration tools. It offers a nice GUI that show the hardware configuration splitted by hardware classes. %package kernel kernel-enterprise kernel-i686-up-4GB kernel-p3-smp-64GB kernel-secure kernel-smp kernel-source Updated: Wed Jan 07 21:30:25 2003 Importance: security %pre A flaw in bounds checking in mremap() in the Linux kernel versions 2.4.23 and previous was discovered by Paul Starzetz. This flaw may be used to allow a local attacker to obtain root privilege. Another minor information leak in the RTC (real time clock) routines was fixed as well. All Mandrake Linux users are encouraged to upgrade to these packages immediately. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1) and bootloader-utils (9.2) packages prior to upgrading the kernel as they contain a fixed installkernel script that fixes instances where the loop module was not being loaded and would cause mkinitrd to fail. Users requiring commercial NVIDIA drivers can find drivers for Mandrake Linux 9.2 at MandrakeClub. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package bootloader-utils Updated: Wed Jan 07 21:30:25 2003 Importance: bugfix %pre Updated for the kernel. %description bootloader utilities %package ethereal Updated: Mon Jan 12 11:13:28 2004 Importance: security %pre Two vulnerabilities were discovered in versions of Ethereal prior to 0.10.0 that can be exploited to make Ethereal crash by injecting malformed packets onto the wire or by convincing a user to read a malformed packet trace file. The first vulnerability is in the SMB dissector and the second is in the Q.391 dissector. It is not known whether or not these issues could lead to the execution of arbitrary code. The updated packages provide Ethereal 0.10.0 which is not vulnerable to these issues. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package kdepim kdepim-common kdepim-kaddressbook kdepim-karm kdepim-knotes kdepim-korganizer kdepim-kpilot libkdepim2-common libkdepim2-common-devel libkdepim2-korganizer libkdepim2-korganizer-devel libkdepim2-kpilot libkdepim2-kpilot-devel Updated: Wed Jan 14 12:24:59 2004 Importance: security %pre A vulnerability was discovered in all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4. This vulnerability allows for a carefully crafted .VCF file to potentially enable a local attacker to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. This can also be used by remote attackers if the victim enables previews for remote files; however this is disabled by default. The provided packages contain a patch from the KDE team to correct this problem. %description Information Management applications for the K Desktop Environment. - kaddressbook: The KDE addressbook application. - kandy: sync phone book entries between your cell phone and computer ("kandy" comes from "Handy", the german word used for a cellular) - korganizer: a calendar-of-events and todo-list manager - kpilot: to sync with your PalmPilot - kalarm: gui for setting up personal alarm/reminder messages - kalarmd: personal alarm/reminder messages daemon, shared by korganizer and kalarm. - kaplan: A shell for the PIM apps, still experimental. - karm: Time tracker. - kitchensync: Synchronisation framework, still under heavy development. - kfile-plugins: vCard KFIleItem plugin. - knotes: yellow notes application - konsolecalendar: Command line tool for accessing calendar files. %package krozat Updated: Wed Jan 14 12:24:59 2004 Importance: bugfix %pre The krozat screensaver in Mandrake Linux 9.1 and 9.2 had a memory leak. The updated packages correct the problem. %description This package contains the default Mandrake Linux screensaver for KDE. %package kdegames libkdegames1 libkdegames1-devel Updated: Wed Jan 14 12:24:59 2004 Importance: bugfix %pre The kwin4 application would crash on startup. The updated packages fix this problem. %description Games for the K Desktop Environment. This is a compilation of various games for KDE project - atlantik: Monopoly-like board games - kabalone: board game: move 6 pieces from your opponent over the edge - kasteroids: shoot at those nasty asteroids - katomic: build complex atoms with a minimal amount of moves - kbackgammon: play backgammon against a local human player, via a game server or against GNU Backgammon (not included) - kbattleship: battleship game with built-in game server - kblackbox: find atoms in a grid by shooting electrons - kfouleggs: a famous japanese game known as puyo-puyo - kbounce: claim areas and don't get disturbed - kjumpingcube: a tactical game for number-crunchers - klines: place 5 equal pieces together, but wait, there are 3 new ones - mahjongg: a tile laying patience - kmines: the classical mine sweeper - kolf: a golf game - konquest: conquer the planets of your enemy - kpat: several patience card games - kpoker: the game of poker - kreversi: the old reversi board game, also known as othello - ksame: collect pieces of the same color - kshisen: patience game where you take away all pieces - ksirtet: very known if spelt this backwards - ksmiletris: another Tetris-like game - ksnake: don't bite yourself, eat apples! - ksokoban: move all storage boxes into the cabinet - kspaceduel: two player game with shooting spaceships flying around a sun - ktron: like ksnake, but without fruits - ktuberling: kids game: make your own potato (NO french fries!) - kwin4: place 4 pieces in a row - libkdegames: KDE game library used by many of these programs - lskat: lieutnant skat - megami: blackjack card game %package libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql qt3-common qt3-example Updated: Wed Jan 14 12:24:59 2004 Importance: bugfix %pre A problem with qt3 would cause improper behaviour of using accelerator keys in KDE applications such as Konqueror, KMail, and others. Using these keys would either crash the program or simply not work. The updated packages fix this problem. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package drakxtools drakxtools-http drakxtools-newt harddrake harddrake-ui Updated: Mon Jan 19 10:42:39 2004 Importance: bugfix %pre The options for adiusb had changed and as a result sagem modems, normal and degrouped, would no longer connect to the internet. This update fixes the problem so sagem modems again work properly. %description Contains many Mandrake applications simplifying users and administrators life on a Mandrake Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: mandrake terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) liveupdate: live update software logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package dhcp-client dhcp-common dhcp-devel dhcp-relay dhcp-server Updated: Thu Jan 22 10:38:50 2004 Importance: bugfix %pre The dhcp package shipped with Mandrake Linux 9.2 had a problem where Dynamic DNS updates did not work properly. The updated packages fix the problem. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package slocate Updated: Fri Jan 23 11:27:18 2004 Importance: security %pre A vulnerability was discovered by Patrik Hornik in slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. This could be exploited by a local user to gain privileges of the 'slocate' group. The updated packages contain a patch from Kevin Lindsay that causes slocate to drop privileges before reading a user-supplied database. %description Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (updated regularly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system. %package jabber jabber-aim jabber-conference jabber-icq jabber-jud jabber-msn jabber-yahoo Updated: Fri Jan 23 11:27:18 2004 Importance: security %pre A vulnerability was found in the jabber program where a bug in the handling of SSL connections could cause the server process to crash, resulting in a DoS (Denial of Service). The updated packages are patched to correct the problem. %description Jabber is an instant messaging System, similar to ICQ or AIM, yet far different. It is open source, absolutely free, simple, fast, extensible, modularized, cross platform, and created with the future in mind. Jabber has been designed from the ground up to serve the needs of the end user, satisfy business demands, and maintain compatibility with other messaging systems. %package mrproject Updated: Fri Jan 23 11:40:10 2004 Importance: bugfix %pre After saving a project which has subordinate tasks, loading the project again will cause mrproject to crash with a segmentation fault. The updated packages correct the problem. %description MrProject, a project management application for GNOME. %package gaim gaim-encrypt libgaim-remote0 libgaim-remote0-devel gaim-festival gaim-perl Updated: Mon Jan 26 14:48:16 2004 Importance: security %pre A number of vulnerabilities were discovered in the gaim instant messenger program by Steffan Esser, versions 0.75 and earlier. Thanks to Jacques A. Vidrine for providing initial patches. Multiple buffer overflows exists in gaim 0.75 and earlier: When parsing cookies in a Yahoo web connection; YMSG protocol overflows parsing the Yahoo login webpage; a YMSG packet overflow; flaws in the URL parser; and flaws in the HTTP Proxy connect (CAN-2004-006). A buffer overflow in gaim 0.74 and earlier in the Extract Info Field Function used for MSN and YMSG protocol handlers (CAN-2004-007). An integer overflow in gaim 0.74 and earlier, when allocating memory for a directIM packet results in a heap overflow (CAN-2004-0008). %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package mc Updated: Mon Jan 26 14:48:16 2004 Importance: security %pre A buffer overflow was discovered in mc's virtual filesystem code. This vulnerability could allow remote attackers to execute arbitrary code during symlink conversion. The updated packages have been patched to correct the problem. %description Midnight Commander is a visual shell much like a file manager, only with way more features. It is text mode, but also includes mouse support if you are running GPM. Its coolest feature is the ability to ftp, view tar, zip files, and poke into RPMs for specific files. :-) %package tcpdump Updated: Mon Jan 26 14:48:16 2004 Importance: security %pre A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump or potentially execute arbitrary code with the privileges of the user running tcpdump. These vulnerabilities include: An infinite loop and memory consumption processing L2TP packets (CAN-2003-1029). Infinite loops in processing ISAKMP packets (CAN-2003-0989, CAN-2004-0057). A segmentation fault caused by a RADIUS attribute with a large length value (CAN-2004-0055). The updated packages are patched to correct these problem. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package nautilus libnautilus2 libnautilus2-devel Updated: Wed Feb 11 01:08:59 2004 Importance: bugfix %pre A bug was discovered in Nautilus where if the last file is deleted in the list view, Nautilus continues to display the file and if clicked on to open, Nautilus will crash. The updated packages correct the problem. %description Nautilus is an excellent file manager for the GNOME desktop environment. %package mutt Updated: Wed Feb 11 16:21:22 2003 Importance: security %pre A bug in mutt was reported by Neils Heinen that could allow a remote attacker to send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the user running mutt. The updated packages have been patched to correct the problem. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package libnetpbm9 libnetpbm9-devel libnetpbm9-static-devel netpbm Updated: Wed Feb 11 16:21:22 2003 Importance: security %pre A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. %description The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. %package mailman Updated: Fri Feb 13 05:31:50 2004 Importance: security %pre A cross-site scripting vulnerability was discovered in mailman's administration interface (CAN-2003-0965). This affects version 2.1 earlier than 2.1.4. Certain malformed email commands could cause the mailman process to crash. (CAN-2003-0991). This affects version 2.0 earler than 2.0.14. Another cross-site scripting vulnerability was found in mailman's 'create' CGI script (CAN-2003-0992). This affects version 2.1 earlier than 2.1.3. %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain %package metamail Updated: Wed Feb 18 10:43:59 2004 Importance: security %pre Two format string and two buffer overflow vulnerabilities were discovered in metamail by Ulf Harnhammar. The updated packages are patched to fix these holes. %description Metamail is a system for handling multimedia mail, using the mailcap file. Metamail reads the mailcap file, which tells Metamail what helper program to call in order to handle a particular type of non-text mail. Note that metamail can also add multimedia support to certain non-mail programs. Metamail should be installed if you need to add multimedia support to mail programs and some other programs, using the mailcap file. %package mkinitrd-net Updated: Fri Feb 20 14:07:36 2004 Importance: bugfix %pre The mkinitrd-net package shipped with Mandrake Linux 9.2 has a problem getting an IP with certain NICs when booting etherboot images. The updated package fixes this issue. %description mkinitrd-net allows you to build initial ramdisk images (initrds) suitable for use with Etherboot and other network-booting software. This package contains two main utilities: mkinitrd-net (to build an initrd containing a specified set of network-card modules) and mknbi (to generate Etherboot-usable NBI images from a given kernel and initrd). It also contains a helper script mknbi-set which will maintain sets of initrds to match all your currently-installed kernels. mkinitrd-net uses code from the uClibc, busybox, udhcp and Etherboot %package kernel kernel-enterprise kernel-i686-up-4GB kernel-p3-smp-64GB kernel-secure kernel-smp kernel-source Updated: Mon Feb 23 23:32:34 2004 Importance: security %pre Paul Staretz discovered a flaw in return value checking in the mremap() function in the Linux kernel, versions 2.4.24 and previous that could allow a local user to obtain root privileges. A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. A flaw in the ncp_lookup() function in the ncpfs code (which is used to mount NetWare volumes or print to NetWare printers) was found by Arjen van de Ven that acould allow local privilege escalation. The Vicam USB driver in Linux kernel versions prior to 2.4.25 does not use the copy_from_user function to access userspace, which crosses security boundaries. This problem does not affect the Mandrake Linux 9.2 kernel. Additionally, a ptrace hole that only affects the amd64/x86_64 platform has been corrected. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package mtools Updated: Tue Feb 24 09:09:35 2004 Importance: security %pre Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files. The updated packages remove the suid bit from mformat. %description Mtools is a collection of utilities for accessing MS-DOS files. Mtools allow you to read, write and move around MS-DOS filesystem files (normally on MS-DOS floppy disks). Mtools supports Windows95 style long file names, OS/2 Xdf disks, and 2m disks. Mtools should be installed if you need to use MS-DOS disks. %package ldetect-lst ldetect-lst-devel Updated: Tue Feb 24 09:09:35 2004 Importance: bugfix %pre Updated ldetect-lst packages are available that provide entries for sagem800 modems so that drakconnect is able to detect and configure them. %description The hardware device lists provided by this package are used as lookup table to get hardware autodetection %package libpwlib1 libpwlib1-devel Updated: Wed Mar 03 09:06:22 2004 Importance: security %pre The NISCC uncovered bugs in pwlib prior to version 1.6.0 via a test suite for the H.225 protocol. An attacker could trigger these bugs by sending carefully crafted messages to an application that uses pwlib, and the severity would vary based on the application, but likely would result in a Denial of Service (DoS). The updated packages provide backported fixes from Craig Southeren of the OpenH323 project to protect against this issue. %description PWLib is a moderately large class library that has its genesis many years ago asa method to product applications to run on both Microsoft Windows and Unix X-Window systems. It also was to have a Macintosh port as well but this never eventeated. Unfortunately this package contains no GUI code. %package libxml2 libxml2-devel libxml2-python libxml2-utils Updated: Wed Mar 03 09:06:22 2004 Importance: security %pre A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi Teranishi. When fetching a remote source via FTP or HTTP, libxml2 uses special parsing routines that can overflow a buffer if passed a very long URL. In the event that the attacker can find a program that uses libxml2 which parses remote resources and allows them to influence the URL, this flaw could be used to execute arbitrary code. The updated packages provide a backported fix to correct the problem. %description This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. %package libnspr4 libnspr4-devel libnss3 libnss3-devel mozilla mozilla-devel mozilla-dom-inspector mozilla-enigmail mozilla-enigmime mozilla-irc mozilla-js-debugger mozilla-mail mozilla-spellchecker Updated: Wed Mar 10 00:19:28 2004 Importance: security %pre A number of vulnerabilities were discovered in Mozilla 1.4: A malicious website could gain access to a user's authentication credentials to a proxy server. Script.prototype.freeze/thaw could allow an attacker to run arbitrary code on your computer. A vulnerability was also discovered in the NSS security suite which ships with Mozilla. The S/MIME implementation would allow remote attackers to cause a Denial of Service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, which was demonstrated using the NISCC test suite. NSS version 3.9 corrects these problems and has been included in this package (which shipped with NSS 3.8). Finally, Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory: "The cookie specifications detail a path argument that can be used to restrict the areas of a host that will be exposed to a cookie. By using standard traversal techniques this functionality can be subverted, potentially exposing the cookie to scrutiny and use in further attacks." As well, a bug with Mozilla and Finnish keyboards has been corrected. The updated packages are patched to correct these vulnerabilities. %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Updated: Wed Mar 17 08:36:03 2004 Importance: security %pre A vulnerability was discovered by the OpenSSL group using the Codenomicon TLS Test Tool. The test uncovered a null-pointer assignment in the do_change_cipher_spec() function whih could be abused by a remote attacker crafting a special SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application in question, this could lead to a Denial of Service (DoS). This vulnerability affects both OpenSSL 0.9.6 (0.9.6c-0.9.6k) and 0.9.7 (0.9.7a-0.9.7c). CVE has assigned CAN-2004-0079 to this issue. Another vulnerability was discovered by Stephen Henson in OpenSSL versions 0.9.7a-0.9.7c; there is a flaw in the SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. CVE has assigned CAN-2004-0112 to this issue. Mandrakesoft urges users to upgrade to the packages provided that have been patched to protect against these problems. We would also like to thank NISCC for their assistance in coordinating the disclosure of these problems. Please note that you will need to restart any SSL-enabled services for the patch to be effective, including (but not limited to) Apache, OpenLDAP, etc. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package drakxtools drakxtools-newt drakxtools-http harddrake2 harddrake2-ui Updated: Mon Mar 22 11:04:07 2004 Importance: bugfix %pre A number of issues have been reported with drakbackup, concerning operation in daemon mode, proper handling of .backupignore files, multisession ISOs, and tape backup/restore. Patches are backported from cooker to 9.1/9.2 to address several these issues. (only tape backup/restore and some GUI issues on 9.1). %description Contains many Mandrake applications simplifying users and administrators life on a Mandrake Linux machine. Nearly all of them work both under XFree (graphical environment) and in console (text environment), allowing easy distant work. adduserdrake: help you adding a user ddcxinfos: get infos from the graphic card and print XF86Config modlines diskdrake: DiskDrake makes hard disk partitioning easier. It is graphical, simple and powerful. Different skill levels are available (newbie, advanced user, expert). It's written entirely in Perl and Perl/Gtk. It uses resize_fat which is a perl rewrite of the work of Andrew Clausen (libresize). drakauth: configure authentification (LDAP/NIS/...) drakautoinst: help you configure an automatic installation replay drakbackup: backup and restore your system drakboot: configures your boot configuration (Lilo/GRUB, Bootsplash, X, autologin) drakbug: interactive bug report tool drakbug_report: help find bugs in DrakX drakconnect: LAN/Internet connection configuration. It handles ethernet, ISDN, DSL, cable, modem. drakfloppy: boot disk creator drakfont: import fonts in the system drakgw: internet connection sharing drakproxy: proxies configuration draksec: security options managment / msec frontend draksound: sound card configuration draksplash: bootsplash themes creation drakTermServ: mandrake terminal server configurator drakxservices: SysV service and dameaons configurator drakxtv: auto configure tv card for xawtv grabber keyboarddrake: configure your keyboard (both console and X) liveupdate: live update software logdrake: show extracted information from the system logs lsnetdrake: display available nfs and smb shares lspcidrake: display your pci information, *and* the corresponding kernel module localedrake: language configurator, available both for root (system wide) and users (user only) mousedrake: autodetect and configure your mouse printerdrake: detect and configure your printer scannerdrake: scanner configurator drakfirewall: simple firewall configurator XFdrake: menu-driven program which walks you through setting up your X server; it autodetects both monitor and video card if possible %package ethereal Updated: Tue Mar 30 11:11:12 2004 Importance: security %pre A number of serious issues have been discovered in versions of Ethereal prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors. Jonathan Heusser discovered that a carefully-crafted RADIUS packet could cause Ethereal to crash. It was also found that a zero-length Presentation protocol selector could make Ethereal crash. Finally, a corrupt color filter file could cause a segmentation fault. It is possible, through the exploitation of some of these vulnerabilities, to cause Ethereal to crash or run arbitrary code by injecting a malicious, malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file. The updated packages bring Ethereal to version 0.10.3 which is not vulnerable to these issues. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package squid Updated: Tue Mar 30 11:11:12 2004 Importance: security %pre A vulnerability was discovered in squid version 2.5.STABLE4 and earlier with the processing of %-encoded characters in a URL. If a squid configuration uses ACLs (Access Control Lists), it is possible for a remote attacker to create URLs that would not be properly tested against squid's ACLs, potentially allowing clients to access URLs that would otherwise be disallowed. As well, the provided packages for Mandrake Linux 9.2 and 9.1 include a new Access Control type called "urllogin" which can be used to protect vulnerable Microsoft Internet Explorer clients from accessing URLs that contain login information. While this Access Control type is available, it is not used in the default configuration. The updated packages are patched to protect against these vulnerabilities. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package libdha0.1 libpostproc0 libpostproc0-devel mencoder mplayer mplayer-gui Updated: Mon Apr 05 14:38:47 2004 Importance: security %pre A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header. The updated packages contain a patch from the MPlayer development team to correct the problem. %description MPlayer is a movie player for LINUX (runs on many other Unices, and non-x86 CPUs, see the documentation). It plays most MPEG, VOB, AVI, VIVO, ASF/WMV, QT/MOV, FLI, NuppelVideo, yuv4mpeg, FILM, RoQ, and some RealMedia files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, FLI, and even DivX movies too (and you don't need the avifile library at all!). The another big feature of mplayer is the wide range of supported output drivers. It works with X11, Xv, DGA, OpenGL, SVGAlib, fbdev, AAlib, but you can use SDL (and this way all drivers of SDL), VESA (on every VESA compatible card, even without X!), and some lowlevel card-specific drivers (for Matrox, 3Dfx and Radeon) too! Most of them supports software or hardware scaling, so you can enjoy movies in fullscreen. MPlayer supports displaying through some hardware MPEG decoder boards, such as the DVB and DXR3/Hollywood+! And what about the nice big antialiased shaded subtitles (9 supported types!!!) with european/ISO 8859-1,2 (hungarian, english, czech, etc), cyrillic, korean fonts, and OSD? Note: If you want to play Real content, you need to have the content of RealPlayer's Codecs directory in /usr/lib/RealPlayer9/Codecs %package cvs Updated: Wed Apr 14 11:11:12 2004 Importance: security %pre Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content on the local user's disk. This problem affects all versions of CVS prior to 1.11.15 which has fixed the problem. The updated packages provide 1.11.14 with the pertinent fix for the problem. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package kernel-2.4.22.29mdk kernel-enterprise-2.4.22.29mdk kernel-secure-2.4.22.29mdk kernel-smp-2.4.22.29mdk kernel-i686-up-4GB-2.4.22.29mdk kernel-p3-smp-64GB-2.4.22.29mdk kernel-source Updated: Wed Apr 14 11:11:12 2004 Importance: security %pre A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003). A local root vulnerability was discovered in the isofs component of the Linux kernel by iDefense. This vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO filesystem, or attempting to access a file via a malformed symlink on such a filesystem (CAN-2004-0109). An information leak was discovered in the ext3 filesystem code by Solar Designer. It was discovered that when creating or writing to an ext3 filesystem, some amount of other in-memory data gets written to the device. The data is not the file's contents, not something on the same filesystem, or even anything that was previously in a file at all. To obtain this data, a user needs to read the raw device (CAN-2004-0177). The same vulnerability was also found in the XFS filesystem code (CAN-2004-0133) and the JFS filesystem code (CAN-2004-0181). Finally, a vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CAN-2004-0178). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package tcpdump Updated: Wed Apr 14 11:31:59 MDT 2004 Importance: security %pre A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump. These vulnerabilities include: Remote attackers can cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read. (CAN-2004-1083) Integer underflow in the isakmp_id_print allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read. (CAN-2004-0184) The updated packages are patched to correct these problems. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package utempter libutempter0 libutempter0-devel Updated: Mon Apr 19 06:36:09 2004 Importance: security %pre Steve Grubb discovered two potential issues in the utempter program: 1) If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another important file, programs that have root privileges that do no further validation can then overwrite whatever the symlink pointed to. 2) Several calls to strncpy without a manual termination of the string. This would most likely crash utempter. The updated packages are patched to correct these problems. %description Utempter is a utility which allows some non-privileged programs to have required root access without compromising system security. Utempter accomplishes this feat by acting as a buffer between root and the programs. %package libneon0.24 libneon0.24-devel libneon0.24-static-devel Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre A number of various format string vulnerabilities were discovered in the error output handling of Neon, the HTTP and WebDAV client library, by Thomas Wana. These problems affect all versions of Neon from 0.19.0 up to and including 0.24.4. All users are encouraged to upgrade. All client software using this library is affected. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package xine-ui xine-ui-aa xine-ui-fb Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre Shaun Colley discovered a temporary file vulnerability in the xine-check script packaged in xine-ui. This problem could allow local attackers to overwrite arbitrary files with the privileges of the user invoking the script. The updated packages change the location of where temporary files are written to prevent this attack. %description xine is a free GPL-licensed video player for UNIX-like systems. User interface for the X Window system. %package libmysql12 libmysql12-devel MySQL MySQL-Max MySQL-bench MySQL-client MySQL-common Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre Shaun Colley discovered that two scripts distributed with MySQL, the 'mysqld_multi' and 'mysqlbug' scripts, did not create temporary files in a secure fashion. An attacker could create symbolic links in /tmp that could allow for overwriting of files with the privileges of the user running the scripts. The scripts have been patched in the updated packages to prevent this behaviour. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package nss_wins samba-client samba-common samba-server samba-swat samba-winbind libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel samba-debug Updated: Mon Apr 19 09:46:12 2004 Importance: security %pre A vulnerability was discovered in samba where a local user could use the smbmnt utility, which is shipped suid root, to mount a file share from a remote server which would contain a setuid program under the control of the user. By executing this setuid program, the local user could elevate their privileges on the local system. The updated packages are patched to prevent this problem. The version of samba shipped with Mandrakelinux 10.0 does not have this problem. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package xchat xchat-perl xchat-python xchat-tcl Updated: Wed Apr 21 10:03:59 2004 Importance: security %pre A remotely exploitable vulnerability was discovered in the Socks-5 proxy code in XChat. By default, socks5 traversal is disabled, and one would also need to connect to an attacker's own custom proxy server in order for this to be exploited. Successful exploitation could lead to arbitrary code execution as the user running XChat. The provided packages are patched to prevent this problem. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package kernel-2.4.22.30mdk kernel-enterprise-2.4.22.30mdk kernel-secure-2.4.22.30mdk kernel-smp-2.4.22.30mdk kernel-i686-up-4GB-2.4.22.30mdk kernel-p3-smp-64GB-2.4.22.30mdk kernel-source Updated: Tue Apr 27 09:31:05 2004 Importance: security %pre A vulnerability was found in the framebuffer driver of the 2.6 kernel. This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229) A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels. (CAN-2004-0424) There is a minor issue with the static buffer in 2.4 kernel's panic() function. Although it's a possibly buffer overflow, it most like not exploitable due to the nature of panic(). (CAN-2004-0394) In do_fork(), if an error occurs after the mm_struct for the child has been allocated, it is never freed. The exit_mm() meant to free it increments the mm_count and this count is never decremented. (For a running process that is exitting, schedule() takes care this; however, the child process being cleaned up is not running.) In the CLONE_VM case, the parent's mm_struct will get an extra mm_count and so it will never be freed. This issue is present in both 2.4 and 2.6 kernels. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesecure.net/en/kernelupdate.php %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package sysklogd Updated: Wed Apr 28 12:02:22 2004 Importance: security %pre Steve Grubb discovered a bug in sysklogd where it allocates an insufficient amount of memory which causes sysklogd to write to unallocated memory. This could allow for a malicious user to crash sysklogd. The updated packages provide a patched sysklogd using patches from OpenWall to correct the problem and also corrects the use of an unitialized variable (a previous use of "count"). %description The sysklogd package contains two system utilities (syslogd and klogd) which provide support for system logging. Syslogd and klogd run as daemons (background processes) and log system messages to different places, like sendmail logs, security logs, error logs, etc. %package mc Updated: Thu Apr 29 13:41:38 2004 Importance: security %pre There are a number of vulnerablities in the midnight commander program. This includes several buffer overflows, as well as a format string issue and an issue with temporary file creation. Most of the included fixes are backports from CVS, done by Andrew V. Samoilov and Pavel Roskin. The updated packages are patched to correct these problems. %description Midnight Commander is a visual shell much like a file manager, only with way more features. It is text mode, but also includes mouse support if you are running GPM. Its coolest feature is the ability to ftp, view tar, zip files, and poke into RPMs for specific files. :-) %package libpng3 libpng3-devel libpng3-static-devel Updated: Thu Apr 29 13:41:38 2004 Importance: security %pre Steve Grubb discovered that libpng would access memory that is out of bounds when creating an error message. The impact of this bug is not clear, but it could lead to a core dump in a program using libpng, or could result in a DoS (Denial of Service) condition in a daemon that uses libpng to process PNG imagaes. The updated packages are patched to correct the vulnerability. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package rsync Updated: Mon May 10 09:17:05 2004 Importance: security %pre Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this problem. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Mon May 10 09:17:05 2004 Importance: security %pre A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The updated packages provide a patched mod_ssl to correct these problems. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for Mandrake Linux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package evolution evolution-devel evolution-pilot Updated: Mon May 10 06:49:52 2004 Importance: bugfix %pre Evolution drops hyphens for sequences > 2 in saved drafts. (Bugzilla 3947) Evolution slows when reading messages with attached .jpg files. (Bugzilla 6065) Evolution creates excessive loading on IMAP server with large (>100GB) mail folders. (Bugzilla 6167) Evolution source had a function prototype mismatch that generates an error on startup after initial configuration. (Bugzilla 6463) Evolution has an issue with date display for New Zealand during their daylight savings time period. (Bugzilla 7943) When correcting a word with a quote, the portion of the word preceding the quote is duplicated. (Bugzilla 8124) When starting evolution for the first time, the preferred character set is the empty string, causing Evolution to send mail with Content-type: text/plain; charset= (http://bugzilla.ximian.com/show_bug.cgi?id=47638) The updated packages correct these problems. %description Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. %package gal2.0 libgal2.0_6 libgal2.0_6-devel Updated: Mon May 10 06:49:52 2004 Importance: bugfix %pre Evolution drops hyphens for sequences > 2 in saved drafts. (Bugzilla 3947) Evolution slows when reading messages with attached .jpg files. (Bugzilla 6065) Evolution creates excessive loading on IMAP server with large (>100GB) mail folders. (Bugzilla 6167) Evolution source had a function prototype mismatch that generates an error on startup after initial configuration. (Bugzilla 6463) Evolution has an issue with date display for New Zealand during their daylight savings time period. (Bugzilla 7943) When correcting a word with a quote, the portion of the word preceding the quote is duplicated. (Bugzilla 8124) When starting evolution for the first time, the preferred character set is the empty string, causing Evolution to send mail with Content-type: text/plain; charset= (http://bugzilla.ximian.com/show_bug.cgi?id=47638) The updated packages correct these problems. %description This the G App Libs (GAL). This module contains some library functions that came from Gnumeric and Evolution. The idea is to reuse those widgets across various larger GNOME applications that might want to use these widgets. GtkHTML is a HTML rendering/editing library. GtkHTML is not designed to be the ultimate HTML browser/editor: instead, it is designed to be easily embedded into applications that require lightweight HTML functionality. %package gtkhtml3.0 libgtkhtml-3.0_4 libgtkhtml-3.0_4-devel Updated: Mon May 10 06:49:52 2004 Importance: bugfix %pre Evolution drops hyphens for sequences > 2 in saved drafts. (Bugzilla 3947) Evolution slows when reading messages with attached .jpg files. (Bugzilla 6065) Evolution creates excessive loading on IMAP server with large (>100GB) mail folders. (Bugzilla 6167) Evolution source had a function prototype mismatch that generates an error on startup after initial configuration. (Bugzilla 6463) Evolution has an issue with date display for New Zealand during their daylight savings time period. (Bugzilla 7943) When correcting a word with a quote, the portion of the word preceding the quote is duplicated. (Bugzilla 8124) When starting evolution for the first time, the preferred character set is the empty string, causing Evolution to send mail with Content-type: text/plain; charset= (http://bugzilla.ximian.com/show_bug.cgi?id=47638) The updated packages correct these problems. %description GtkHTML was originally based on KDE's KHTMLW widget, but is now developed independently of it. The most important difference between KHTMLW and GtkHTML, besides being GTK-based, is that GtkHTML is also an editor. Thanks to the Bonobo editor component that comes with the library, it's extremely simple to add HTML editing to an existing application. %package libsoup libsoup-2.0_0 libsoup-2.0_0-devel Updated: Mon May 10 06:49:52 2004 Importance: bugfix %pre Evolution drops hyphens for sequences > 2 in saved drafts. (Bugzilla 3947) Evolution slows when reading messages with attached .jpg files. (Bugzilla 6065) Evolution creates excessive loading on IMAP server with large (>100GB) mail folders. (Bugzilla 6167) Evolution source had a function prototype mismatch that generates an error on startup after initial configuration. (Bugzilla 6463) Evolution has an issue with date display for New Zealand during their daylight savings time period. (Bugzilla 7943) When correcting a word with a quote, the portion of the word preceding the quote is duplicated. (Bugzilla 8124) When starting evolution for the first time, the preferred character set is the empty string, causing Evolution to send mail with Content-type: text/plain; charset= (http://bugzilla.ximian.com/show_bug.cgi?id=47638) The updated packages correct these problems. %description Soup is a SOAP (Simple Object Access Protocol) implementation in C. It provides an queued asynchronous callback-based mechanism for sending and servicing SOAP requests, and a WSDL (Web Service Definition Language) to C compiler which generates client stubs and server skeletons for easily calling and implementing SOAP methods. %package passwd Updated: Mon May 17 11:18:10 2004 Importance: security %pre Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed as well. The updated packages are patched to correct these problems. %description The passwd package contains a system utility (passwd) which sets and/or changes passwords, using PAM (Pluggable Authentication Modules). To use passwd, you should have PAM installed on your system. %package libuser libuser1 libuser1-devel libuser-python Updated: Mon May 17 11:18:10 2004 Importance: security %pre Steve Grubb discovered a number of problems in the libuser library that can lead to a crash in applications linked to it, or possibly write 4GB of garbage to the disk. The updated packages provide a patched libuser to correct these problems. %description The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. %package apache apache-devel apache-modules apache-source Updated: Mon May 17 11:18:10 2004 Importance: security %pre Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CAN-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a "AuthDigestRealmSeed" secret exposed as an MD5 checksum (CAN-2004-0987). mod_acces in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CAN-2003-0993). Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CAN-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Tue May 18 12:45:32 2004 Importance: security %pre A vulnerability in the Opera web browser was identified by iDEFENSE; the same type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI handlers do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. This can allow remote attackers to create or truncate arbitrary files. The updated packages contain patches provided by the KDE team to fix this problem. %description Libraries for the K Desktop Environment. %package cvs Updated: Wed May 19 09:32:59 2004 Importance: security %pre Stefan Esser discovered that malformed "Entry" lines in combination with Is-modified and Unchanged can be used to overflow malloc()ed memory in a way that can be remotely exploited. The updated packages contain a patch to correct the problem. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package libneon0.24 libneon-devel0.24 libneon-static-devel0.24 Updated: Wed May 19 09:32:59 2004 Importance: security %pre It was discovered that in portions of neon, sscanf() is used in an unsafe manner. This will result in an overflow of a static heap variable. The updated packages provide a patched libneon to correct these problems. %description neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. %package apache-mod_perl mod_perl-common mod_perl-devel HTML-Embperl Updated: Wed May 19 21:03:55 2004 Importance: security %pre Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available. %description Apache is a powerful, full-featured, efficient and freely-available Web server. mod_perl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Mod_perl links the Perl runtime library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a quicker CGI script turnaround process, since no external Perl interpreter has to be started. This package contains Apache with mod_perl linked statically. It also contains a statically linked HTML::Embperl module, but you need the separate HTML-Embperl package to activate it. %package kernel-2.4.22.32mdk kernel-secure-2.4.22.32mdk kernel-enterprise-2.4.22.32mdk kernel-smp-2.4.22.32mdk kernel-i686-up-4GB-2.4.22.32mdk kernel-p3-smp-64GB-2.4.22.32mdk kernel-source Updated: Fri May 21 10:14:44 2004 Importance: security %pre Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel (CAN-2004-0228). As well, a permissions problem existed on some SCSI drivers; a fix from Olaf Kirch is provided that changes the mode from 0777 to 0600. This update also provides a 10.0/amd64 kernel with fixes for the previous MDKSA-2004:037 advisory as well as the above-noted fixes. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesosft.com/kernelupdate %package mailman Updated: Wed May 26 09:12:18 2004 Importance: security %pre Mailman versions >= 2.1 have an issue where 3rd parties can retrieve member passwords from the server. The updated packages have a patch backported from 2.1.5 to correct the issue. %description Mailman -- The GNU Mailing List Management System -- is a mailing list management system written mostly in Python. Features: o Most standard mailing list features, including: moderation, mail based commands, digests, etc... o An extensive Web interface, customizable on a per-list basis. o Web based list administration interface for *all* admin-type tasks o Automatic Web based hypermail-style archives (using pipermail or other external archiver), including provisions for private archives o Integrated mail list to newsgroup gatewaying o Integrated newsgroup to mail list gatewaying (polling-based... if you have access to the nntp server, you should be able to easily do non-polling based news->mail list gatewaying; email viega@list.org, I'd like to help get that going and come up with instructions) o Smart bounce detection and correction o Integrated fast bulk mailing o Smart spam protection o Extensible logging o Multiple list owners and moderators are possible o Optional MIME-compliant digests o Nice about which machine you subscribed from if you're from the right domain %package xpcd xpcd-gimp Updated: Tue Jun 01 09:31:15 2004 Importance: security %pre A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar. xpcd-svga uses svgalib to display graphics on the console and it would copy user-supplied data of an arbitrary length into a fixed-size buffer in the pcd_open function. As well, Steve Kemp previously discovered a buffer overflow in xpcd-svga that could be triggered by a long HOME environment variable, which could be exploited by a local attacker to obtain root privileges. The updated packages resolve these vulnerabilities. %description This is a PhotoCD tool collection. The main application - xpcd - is a comfortable, X11-based PhotoCD decoding/viewing program. Also included pcdtoppm, which is a command line based PhotoCD-to-PPM/JPEG converter. %package mod_ssl Updated: Tue Jun 01 09:31:15 2004 Importance: security %pre A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Tue Jun 01 09:53:23 2004 Importance: security %pre A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package ftp-client-krb5 ftp-server-krb5 libkrb51-devel libkrb51 krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Thu Jun 03 11:14:09 2004 Importance: security %pre Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges. In order to exploit this flaw, an attacker must first successfully authenticate to a vulnerable service, which must be configured to enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname, which is not a default configuration. Mandrakesoft encourages all users to upgrade to these patched krb5 packages. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package tripwire Updated: Mon Jun 7 11:39:46 2004 Importance: security %pre Paul Herman discovered a format string vulnerability in tripwire that could allow a local user to execute arbitrary code with the rights of the user running tripwire (typically root). This vulnerability only exists when tripwire is generating an email report. %description Tripwire is a very valuable security tool for Linux systems, if it is installed to a clean system. Tripwire should be installed right after the OS installation, and before you have connected your system to a network (i.e., before any possibility exists that someone could alter files on your system). When Tripwire is initially set up, it creates a database that records certain file information. Then when it is run, it compares a designated set of files and directories to the information stored in the database. Added or deleted files are flagged and reported, as are any files that have changed from their previously recorded state in the database. When Tripwire is run against system files on a regular basis, any file changes will be spotted when Tripwire is run. Tripwire will report the changes, which will give system administrators a clue that they need to enact damage control measures immediately if certain files have been altered. Extra-paranoid Tripwire users will set it up to run once a week and e-mail the results to themselves. Then if the e-mails stop coming, you'll know someone has gotten to the Tripwire program... After installing this package, you should run "/etc/tripwire/twinstall.sh" to generate cryptographic keys, and "tripwire --init" to initialize the database. %package cvs Updated: Wed Jun 9 09:08:12 2004 Importance: security %pre Another vulnerability was discovered related to "Entry" lines in cvs, by the development team (CAN-2004-0414). As well, Stefan Esser and Sebastian Krahmer performed an audit on the cvs source code and discovered a number of other problems, including: A double-free condition in the server code is exploitable (CAN-2004-0416). By sending a large number of arguments to the CVS server, it is possible to cause it to allocate a huge amount of memory which does not fit into the address space, causing an error (CAN-2004-0417). It was found that the serve_notify() function would write data out of bounds (CAN-2004-0418). The provided packages update cvs to 1.11.16 and include patches to correct all of these problems. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package squid Updated: Wed Jun 9 09:08:12 2004 Importance: security %pre A vulnerability exists in squid's NTLM authentication helper. This buffer overflow can be exploited by a remote attacker by sending an overly long password, thus overflowing the buffer and granting the ability to execute arbitrary code. This can only be exploited, however, if NTLM authentication is used. NTLM authentication is built by default in Mandrakelinux packages, but is not enabled in the default configuration. The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided packages are patched to fix this problem. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package ksymoops Updated: Thu Jun 10 10:35:08 2004 Importance: security %pre Geoffrey Lee discovered a problem with the ksymoops-gznm script distributed with Mandrakelinux. The script fails to do proper checking when copying a file to the /tmp directory. Because of this, a local attacker can setup a symlink to point to a file that they do not have permission to remove. The problem is difficult to exploit because someone with root privileges needs to run ksymoops on a particular module for which a symlink for the same filename already exists. %description The Linux kernel produces error messages that contain machine specific numbers which are meaningless for debugging. ksymoops reads machine specific files and the error log and converts the addresses to meaningful symbols and offsets. %package dhcp-client dhcp-common dhcp-devel dhcp-relay dhcp-server Updated: Tue Jun 22 08:47:59 2004 Importance: security %pre A vulnerability in how ISC's DHCPD handles syslog messages can allow a malicious attacker with the ability to send special packets to the DHCPD listening port to crash the daemon, causing a Denial of Service. It is also possible that they may be able to execute arbitrary code on the vulnerable server with the permissions of the user running DHCPD, which is usually root. A similar vulnerability also exists in the way ISC's DHCPD makes use of the vsnprintf() function on system that do not support vsnprintf(). This vulnerability could also be used to execute arbitrary code and/or perform a DoS attack. The vsnprintf() statements that have this problem are defined after the vulnerable code noted above, which would trigger the previous problem rather than this one. Thanks to Gregory Duchemin and Solar Designer for discovering these flaws. The updated packages contain 3.0.1rc14 which is not vulnerable to these problems. Only ISC DHCPD 3.0.1rc12 and 3.0.1rc13 are vulnerable to these issues. %description DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the DHCP server and a DHCP relay agent. You will also need to install the dhcp-client or dhcpcd package, or pump or dhcpxd, which provides the DHCP client daemon, on client machines. If you want the DHCP server and/or relay, you will also need to install the dhcp-server and/or dhcp-relay packages. %package kernel-2.4.22.35mdk kernel-secure-2.4.22.35mdk kernel-enterprise-2.4.22.35mdk kernel-smp-2.4.22.35mdk kernel-i686-up-4GB-2.4.22.35mdk kernel-p3-smp-64GB-2.4.22.35mdk kernel-source Updated: Wed Jun 23 10:12:05 2004 Importance: security %pre A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and earlier was discovered. The e1000 driver does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory (CAN-2004-0535). A vulnerability was also discovered in the kernel were a certain C program would trigger a floating point exception that would crash the kernel. This vulnerability can only be triggered locally by users with shell access (CAN-2004-0554). To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package libpng3 libpng3-devel libpng3-static-devel Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. This vulnerability was initially patched in January of 2003, but it has since been noted that fixes were required in two additional places that had not been corrected with the earlier patch. This update uses an updated patch to fix all known issues. After the upgrade, all applications that use libpng should be restarted. Many applications are linked to libpng, so if you are unsure of what applications to restart, you may wish to reboot the system. Mandrakesoft encourages all users to upgrade immediately. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package libapr0 apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow. The updated packages contain a patch from the ASF to correct the problem. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ("service httpd stop" and "service httpd start" respectively). %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package apache apache-devel apache-modules apache-source Updated: Tue Jun 29 10:11:51 2004 Importance: security %pre A buffer overflow vulnerability was found by George Guninski in Apache's mod_proxy module, which can be exploited by a remote user to potentially execute arbitrary code with the privileges of an httpd child process (user apache). This can only be exploited, however, if mod_proxy is actually in use. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ("service httpd stop" and "service httpd start" respectively). %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package kernel-2.4.22.36mdk kernel-secure-2.4.22.36mdk kernel-enterprise-2.4.22.36mdk kernel-smp-2.4.22.36mdk kernel-i686-up-4GB-2.4.22.36mdk kernel-p3-smp-64GB-2.4.22.36mdk kernel-source Updated: Tue Jul 7 09:15:12 2004 Importance: security %pre A number of vulnerabilities were discovered in the Linux kernel that are corrected with this update: Multiple vulnerabilities were found by the Sparse source checker that could allow local users to elevate privileges or gain access to kernel memory (CAN-2004-0495). Missing Discretionary Access Controls (DAC) checks in the chown(2) system call could allow an attacker with a local account to change the group ownership of arbitrary files, which could lead to root privileges on affected systems (CAN-2004-0497). An information leak vulnerability that affects only ia64 systems was fixed (CAN-2004-0565). Insecure permissions on /proc/scsi/qla2300/HbaApiNode could allow a local user to cause a DoS on the system; this only affects Mandrakelinux 9.2 and below (CAN-2004-0587). A vulnerability that could crash the kernel has also been fixed. This crash, however, can only be exploited via root (in br_if.c). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package ethereal Updated: Fri Jul 09 12:43:53 2004 Importance: security %pre Three vulnerabilities were discovered in Ethereal versions prior to 0.10.5 in the iSNS, SMB SID, and SNMP dissectors. It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet into the wire or by convincing someone to read a malformed packet trace file. These vulnerabilities have been corrected in Ethereal 0.10.5. %description Ethereal is a network traffic analyzer for Unix-ish operating systems. It is based on GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. %package php-cgi php-cli php432-devel libphp_common432 Updated: Wed Jul 14 13:51:21 2004 Importance: security %pre Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memory_limit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code. As well, Stefan Esser also found a vulnerability in the handling of allowed tags within PHP's strip_tags() function. This could lead to a number of XSS issues on sites that rely on strip_tags(); this only seems to affect the Internet Explorer and Safari browsers. The updated packages have been patched to correct the problem and all users are encouraged to upgrade immediately. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package freeswan Updated: Wed Jul 14 13:51:21 2004 Importance: security %pre Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws. %description The basic idea of IPSEC is to provide security functions (authentication and encryption) at the IP (Internet Protocol) level. It will be required in IP version 6 (better known as IPng, the next generation) and is optional for the current IP, version 4. FreeS/WAN is a freely-distributable implementation of IPSEC protocol. This package has the x509 patch applied (www.strongsec.com) For kernel with this freeswan version, please check the main distro or http://people.mandrakesoft.com/~florin/www/rpms/cooker/rpms/i586/ %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel nss_wins samba-client samba-common samba-debug samba-doc samba-server samba-swat samba-winbind Updated: Thu Jul 22 06:47:28 2004 Importance: security %pre A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial attribute value when using the ldapsam passdb backend, and to decode input given to the ntlm_auth tool. This vulnerability only exists in Samba versions 3.0.2 or later; the 3.0.5 release fixes the vulnerability. Systems using SWAT, the ldapsam passdb backend, and tose running winbindd and allowing third- party applications to issue authentication requests via ntlm_auth tool should upgrade immediately. (CAN-2004-0600) A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. This bug is present in Samba 3.0.0 and later, as well as Samba 2.2.X (CAN-2004-0686) This update also fixes a bug where attempting to print in some cases would cause smbd to exit with a signal 11. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package webmin Updated: Tue Jul 27 09:34:22 2004 Importance: security %pre Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. (CAN-2004-0582) The account lockout functionality in Webmin 1.140 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. (CAN-2004-0583) The updated packages are patched to correct the problem. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package sox sox-devel Updated: Wed Jul 28 09:23:18 2004 Importance: security %pre Ulf Harnhammar discovered two buffer overflows in SoX. They occur when the sox or play commands handle malicious .WAV files. Versions 12.17.4, 12.17.3 and 12.17.2 are vulnerable to these overflows. 12.17.1, 12.17 and 12.16 are some versions that are not. %description SoX (Sound eXchange) is a sound file format converter for Linux, UNIX and DOS PCs. The self-described 'Swiss Army knife of sound tools,' SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Install the sox package if you'd like to convert sound file formats or manipulate some sounds. %package libwv-1.0_0 libwv-1.0_0-devel wv Updated: Thu Jul 29 11:31:31 2004 Importance: security %pre iDefense discovered a buffer overflow vulnerability in the wv package which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. The updated packages are patched to protect against this problem. %description Wv is a program that understands the Microsoft Word 6/7/8/9 binary file format and is able to convert Word documents into HTML, which can then be read with a browser. %package libpng3 libpng3-devel libpng3-static-devel Updated: Wed Aug 04 09:53:45 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the libpng graphics library, including a remotely exploitable stack-based buffer overrun in the png_handle_tRNS function, dangerous code in png_handle_sBIT, a possible NULL-pointer crash in png_handle_iCCP (which is also duplicated in multiple other locations), a theoretical integer overflow in png_read_png, and integer overflows during progressive reading. All users are encouraged to upgrade immediately. %description The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. %package shorewall shorewall-doc Updated: Mon Aug 09 13:04:04 2004 Importance: security %pre The shorewall package has a vulnerability when creating temporary files and directories, which could allow non-root users to overwrite arbitrary files on the system. The updated packages are patched to fix the problem. As well, for Mandrakelinux 10.0, the updated packages have been fixed to start shorewall after the network, rather than before. After updating the package, if shorewall was previously running, you may need to issue a "service shorewall restart". %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package gaim gaim-encrypt gaim-festival gaim-perl libgaim-remote0 libgaim-remote0-devel Updated: Thu Aug 12 12:30:08 2004 Importance: security %pre Sebastian Krahmer discovered two remotely exploitable buffer overflow vulnerabilities in the gaim instant messenger. The updated packages are patched to correct the problems. %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package libnspr4 libnspr4-devel libnss3 libnss3-devel mozilla mozilla-devel mozilla-dom-inspector mozilla-enigmail mozilla-enigmime mozilla-irc mozilla-js-debugger mozilla-mail mozilla-spellchecker Updated: Thu Aug 12 14:08:30 2004 Importance: security %pre A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing. Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079). %description Mozilla is an open-source web browser, designed for standards compliance, performance and portability. %package rsync Updated: Tue Aug 17 09:50:59 2004 Importance: security %pre An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. This vulnerability allows a remote attacker to possibly read/write to/from files outside of the rsync directory. The updated packages are patched to prevent this problem. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package spamassassin spamassassin-tools perl-Mail-SpamAssassin Updated: Wed Aug 18 10:40:17 2004 Importance: security %pre Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to date. %description SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. SpamAssassin also includes support for reporting spam messages automatically, and/or manually, to collaborative filtering databases such as Vipul's Razor, DCC or pyzor. Install perl-Razor-Agent package to get Vipul's Razor support. Install dcc package to get Distributed Checksum Clearinghouse (DCC) support. Install pyzor package to get Pyzor support. %package libqt3 libqt3-devel libqt3-mysql libqt3-odbc libqt3-psql qt3-common qt3-example Updated: Wed Aug 18 10:40:17 2004 Importance: security %pre Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty. These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others. The updated packages have been patched to correct these problems. %description Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Qt has seamless integration with OpenGL/Mesa 3D libraries. Qt is free for development of free software on the X Window System. It includes the complete source code for the X version and makefiles for Linux, Solaris, SunOS, FreeBSD, OSF/1, Irix, BSD/OS, NetBSD, SCO, HP-UX and AIX. This edition of Qt may be modified and distributed under the terms found in the LICENSE.QPL file. Qt also supports Windows 95 and NT, with native look and feel. Code developed for the X version of Qt can be recompiled and run using the Windows 95/NT version of Qt, and vice versa. Qt is currently used in hundreds of software development projects world wide, including the K Desktop Environment (see http://www.kde.org). For more examples, see http://www.trolltech.com/qtprogs.html. Qt has excellent documentation: around 750 pages of postscript and fully cross-referenced online html documentation. It is available on the web: http://doc.trolltech.com/ Qt is easy to learn, with consistent naming across all the classes and a 14-chapter on-line tutorial with links into the rest of the documentation. A number of 3rd-party books are also available. Qt dramatically cuts down on development time and complexity in writing user interface software for the X Window System. It allows the programmer to focus directly on the programming task, and not mess around with low-level Motif/X11 code. Qt is fully object-oriented. All widgets and dialogs are C++ objects, and, using inheritance, creation of new widgets is easy and natural. Qt's revolutionary signal/slot mechanism provides true component programming. Reusable components can work together without any knowledge of each other, and in a type-safe way. Qt has a very fast paint engine, in some cases ten times faster than other toolkits. The X version is based directly on Xlib and uses neither Motif nor X Intrinsics. Qt is available under two different licenses: - The Qt Professional Edition License, for developing fully commercial software: see http://www.trolltech.com/pricing.html - The Q Public License (QPL), for developing free software (X Window System only). %package kdebase kdebase-common kdebase-kate kdebase-kdeprintfax kdebase-kdm kdebase-kdm-config kdebase-nsplugins kdebase-progs libkdebase4 libkdebase4-devel libkdebase4-kate libkdebase4-kate-devel libkdebase4-konsole libkdebase4-nsplugins libkdebase4-nsplugins-devel kdebase-kdm-config-file Updated: Fri Aug 20 18:42:05 2004 Importance: security %pre A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CAN-2004-0689). The DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CAN-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability. The Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open. This could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CAN-02004-0721). The Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CAN-2004-0746). %description Core applications for the K Desktop Environment. Here is an overview of the directories: - drkonqi: if ever an app crashes (heaven forbid!) then Dr.Konqi will be so kind and make a stack trace. This is a great help for the developers to fix the bug. - kappfinder: searches your hard disk for non-KDE applications, e.g. Acrobat Reader (tm) and installs those apps under the K start button - kate: a fast and advanced text editor with nice plugins - kcheckpass: small program to enter and check passwords, only to be used by other programs - kcontrol: the KDE Control Center allows you to tweak the KDE settings - kdcop: GUI app to browse for DCOP interfaces, can also execute them - kdebugdialog: allows you to specify which debug messages you want to see - kdeprint: the KDE printing system - kdesktop: you guessed it: the desktop above the panel - kdesu: a graphical front end to "su" - kdm: replacement for XDM, for those people that like graphical logins - kfind: find files - khelpcenter: the app to read all great documentation about KDE - khotkeys: intercepts keys and can call applications - kicker: the panel at the botton with the K start button and the taskbar etc - kioslave: infrastructure that helps make every application internet enabled e.g. to directly save a file to ftp://place.org/dir/file.txt - klipper: enhances and extenses the X clipboard - kmenuedit: edit for the menu below the K start button - konqueror: the file manager and web browser you get easily used to - kpager: applet to show the contents of the virtual desktops - kpersonalizer: the customization wizard you get when you first start KDE - kreadconfig: a tool for shell scripts to get info from KDE's config files - kscreensaver: the KDE screensaver environment and lot's of savers - ksmserver: the KDE session manager (saves program status on login, restarts those program at the next login) - ksplash: the screen displayed while KDE starts - kstart: to launch applications with special window properties such as iconified etc - ksysguard: task manager and system monitor, even for remote systems - ksystraycmd: allows to run any application in the system tray - ktip: gives you tips how to use KDE - kwin: the KDE window manager - kxkb: a keyboard map tool - legacyimport: odd name for a cute program to load GTK themes - libkonq: some libraries needed by Konqueror - nsplugins: together with OSF/Motif or Lesstif allows you to use Netscape (tm) plugins in Konqueror %package kdelibs-common libkdecore4 libkdecore4-devel Updated: Fri Aug 20 18:42:05 2004 Importance: security %pre A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CAN-2004-0689). The DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CAN-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability. The Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open. This could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CAN-02004-0721). The Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CAN-2004-0746). %description Libraries for the K Desktop Environment. %package kernel-2.4.22.37mdk kernel-secure-2.4.22.37mdk kernel-enterprise-2.4.22.37mdk kernel-smp-2.4.22.37mdk kernel-i686-up-4GB-2.4.22.37mdk kernel-p3-smp-64GB-2.4.22.37mdk kernel-source Updated: Thu Aug 26 13:02:59 2004 Importance: security %pre A race condition was discovered in the 64bit file offset handling by Paul Starzetz from iSEC. The file offset pointer (f_pos) is changed during reading, writing, and seeking through a file in order to point to the current position of a file. The value conversion between both the 32bit and 64bit API in the kernel, as well as access to the f_pos pointer, is defective. As a result, a local attacker can abuse this vulnerability to gain access to uninitialized kernel memory, mostly via entries in the /proc filesystem. This kernel memory can possibly contain information like the root password, and other sensitive data. The updated kernel packages provided are patched to protect against this vulnerability, and all users are encouraged to upgrade immediately. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesoft.com/security/kernelupdate %package ftp-client-krb5 ftp-server-krb5 libkrb51-devel libkrb51 krb5-server krb5-workstation telnet-client-krb5 telnet-server-krb5 Updated: Tue Aug 31 10:23:12 2004 Importance: security %pre A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers vulnerable. The MIT Kerberos 5 development team believes that exploitation of these bugs would be difficult and no known vulnerabilities are believed to exist. The vulnerability in krb524d was discovered by Marc Horowitz; the other double-free vulnerabilities were discovered by Will Fiveash and Nico Williams at Sun. Will Fiveash and Nico Williams also found another vulnerability in the ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of Service) attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. The MIT Kerberos 5 team has provided patches which have been applied to the updated software to fix these issues. Mandrakesoft encourages all users to upgrade immediately. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package imlib imlib-cfgeditor libimlib1 libimlib1-devel Updated: Tue Sep 07 09:53:31 2004 Importance: security %pre Marcus Meissner discovered that the imlib and imlib2 libraries are also affected with a similar BMP-related vulnerability as the recent QT updates. The updated imlib and imlib2 packages are patched to protect against this problem. %description Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Install imlib if you need an image loading and rendering library for X11R6. You may also want to install the imlib-cfgeditor package, which will help you configure Imlib. %package libimlib2_1 libimlib2_1-devel libimlib2_1-filters libimlib2_1-loaders Updated: Tue Sep 07 09:53:31 2004 Importance: security %pre Marcus Meissner discovered that the imlib and imlib2 libraries are also affected with a similar BMP-related vulnerability as the recent QT updates. The updated imlib and imlib2 packages are patched to protect against this problem. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. %package cdrecord cdrecord-cdda2wav cdrecord-devel mkisofs Updated: Tue Sep 07 09:53:31 2004 Importance: security %pre Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges. The updated packages are patched to fix the vulnerability. %description Cdrecord allows you to create CDs on a CD-Recorder (SCSI/ATAPI). Supports data, audio, mixed, multi-session and CD+ discs etc. %package squid Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed NTLMSSP packets to crash squid, resulting in a DoS. The provided packages have been patched to prevent this problem. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package gdk-pixbuf-loaders libgdk-pixbuf-gnomecanvas1 libgdk-pixbuf-xlib2 libgdk-pixbuf2 libgdk-pixbuf2-devel Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CAN-2004-0753). Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783). Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf (CAN-2004-0788). All four problems have been corrected in these updated packages. %description The GdkPixBuf library provides a number of features: - Image loading facilities. - Rendering of a GdkPixBuf into various formats: drawables (windows, pixmaps), GdkRGB buffers. %package omni cups-drivers foomatic-db foomatic-db-engine foomatic-filters ghostscript ghostscript-module-X gimpprint libgimpprint1 libgimpprint1-devel libijs0 libijs0-devel printer-filters printer-testpages printer-utils Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of abuse. %description The "printer-drivers" package is a pseudo-package which does not produce any binary package called "printer-drivers". It builds all packages containing either printer driver code or printer driver descriptions: GhostScript, Gimp-Print, Foomatic, ... This way duplicate source code (as Gimp-Print) is avoided in the distro. So once space is saved and second, and that is even more important, maintenance is simplified. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre Two Denial of Service conditions were discovered in the input filter of mod_ssl, the module that enables apache to handle HTTPS requests. Another vulnerability was discovered by the ASF security team using the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util library, can possibly lead to arbitray code execution if certain non-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK define). As well, the SITIC have discovered a buffer overflow when Apache expands environment variables in configuration files such as .htaccess and httpd.conf, which can lead to possible privilege escalation. This can only be done, however, if an attacker is able to place malicious configuration files on the server. Finally, a crash condition was discovered in the mod_dav module by Julian Reschke, where sending a LOCK refresh request to an indirectly locked resource could crash the server. The updated packages have been patched to protect against these vulnerabilities. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Wed Sep 15 08:07:26 2004 Importance: security %pre Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes. The updated packages are patched to protect against this vulnerability. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libxpm4 libxpm4-devel Updated: Wed Sep 15 12:26:41 2004 Importance: security %pre Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 (from which the libxpm code is derived): Stack overflows (CAN-2004-0687): Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c). Integer Overflows (CAN-2004-0688): Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence. The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities. %description The xpm package contains the XPM pixmap library for the X Window System. The XPM library allows applications to display color, pixmapped images, and is used by many popular X programs. %package libxfree86 libxfree86-devel libxfree86-static-devel X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-cyrillic-fonts XFree86-doc XFree86-glide-module XFree86-server XFree86-xfs XFree86-Xnest XFree86-Xvfb Updated: Wed Sep 15 12:26:41 2004 Importance: security %pre Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86: Stack overflows (CAN-2004-0687): Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c). Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c). Integer Overflows (CAN-2004-0688): Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence. The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package gtk+2.0 libgdk_pixbuf2.0_0 libgdk_pixbuf2.0_0-devel libgtk+-linuxfb-2.0_0 libgtk+-linuxfb-2.0_0-devel libgtk+-x11-2.0_0 libgtk+2.0_0 libgtk+2.0_0-devel Updated: Fri Sep 17 12:12:35 2004 Importance: security %pre A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CAN-2004-0753). Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783). Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf (CAN-2004-0788). All four problems have been corrected in these updated packages. %description The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. If you are planning on using the GIMP or another program that uses GTK+, you'll need to have the gtk+ package installed. %package webmin Updated: Wed Sep 22 10:42:14 2004 Importance: security %pre A vulnerability in webmin was discovered by Ludwig Nussel. A temporary directory was used in webmin, however it did not check for the previous owner of the directory. This could allow an attacker to create the directory and place dangerous symbolic links inside. The updated packages are patched to prevent this problem. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package mpg123 Updated: Wed Sep 22 10:42:14 2004 Importance: security %pre A vulnerability in mpg123 was discovered by Davide Del Vecchio where certain malicious mpg3/2 files would cause mpg123 to fail header checks, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123 (CAN-2004-0805). As well, an older vulnerability in mpg123, where a response from a remote HTTP server could overflow a buffer allocated on the heap, is also fixed in these packages. This vulnerability could also potentially permit the execution of arbitray code with the privileges of the user running mpg123 (CAN-2003-0865). %description Mpg123 is a fast, free and portable MPEG audio player for Unix. It supports MPEG 1.0/2.0 layers 1, 2 and 3 ("mp3" files). For full CD quality playback (44 kHz, 16 bit, stereo) a fast CPU is required. Mono and/or reduced quality playback (22 kHz or 11 kHz) is possible on slow CPUs (like Intel 486). For information on the MP3 License, please visit: http://www.mpeg.org/ %package ImageMagick libMagick5.5.7 libMagick5.5.7-devel perl-Magick Updated: Wed Sep 22 10:42:14 2004 Importance: security %pre Several buffer overflow vulnerabilities in ImageMagick were discovered by Marcus Meissner from SUSE. These vulnerabilities would allow an attacker to create a malicious image or vide file in AVI, BMP, or DIB formats which could crash the reading process. It may be possible to create malicious images that could also allow for the execution of arbitray code with the privileges of the invoking user or process. The updated packages provided are patched to correct these problems. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. %package nss_wins samba-client samba-common samba-server samba-swat samba-winbind libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel samba-debug Updated: Fri Oct 01 08:58:59 2004 Importance: security %pre Karol Wiesek discovered a bug in the input validation routines used to convert DOS path names to path names on the Samba host's file system. This bug can be exploited to gain access to files outside of the share's path as defined in the smb.conf configuration file. This vulnerability exists in all samba 2.2.x versions up to and including 2.2.11 and also in samba 3.0.x up to and including 3.0.5. The updated packages have been patched to correct this issue. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-login libsasl2-plug-ntlm libsasl2-plug-otp libsasl2-plug-plain libsasl2-plug-sasldb libsasl2-plug-srp Updated: Thu Oct 07 11:51:21 2004 Importance: security %pre A vulnerability was discovered in the libsasl library of cyrus-sasl. libsasl honors the SASL_PATH environment variable blindly, which could allow a local user to create a malicious "library" that would get executed with the EID of SASL when anything calls libsasl. The provided packages are patched to protect against this vulnerability. %description SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. %package cvs Updated: Tue Oct 19 12:49:38 2004 Importance: security %pre iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an undocumented switch implemented in CVS' history command. The -X switch specifies the name of the history file which allows an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS process has access to them. This flaw has been fixed in CVS version 1.1.17. %description CVS means Concurrent Version System; it is a version control system which can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you've ever created. CVS also keeps a log of who, when and why changes occurred, among other aspects. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Install the cvs package if you need to use a version control system. %package libtiff-progs libtiff3 libtiff3-devel libtiff3-static-devel Updated: Tue Oct 19 12:49:38 2004 Importance: security %pre Several vulnerabilities have been discovered in the libtiff package: Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CAN-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow. (CAN-2004-0804) Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CAN-2004-0886) %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package squid Updated: Thu Oct 21 12:11:16 2004 Importance: security %pre iDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap corruption or some other exceptional condition, and closing all current connections then restarting. Squid 2.5.STABLE7 has been released to address this issue; the provided packages are patched to fix the issue. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Thu Oct 21 14:20:57 2004 Importance: security %pre Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CAN-2004-0888) Also, when CUPS debugging is enabled, device URIs containing username and password end up in error_log. This information is also visible via "ps". (CAN-2004-0923) The updated packages are patched to protect against these vulnerabilities. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libmysql12 libmysql12-devel MySQL MySQL-Max MySQL-bench MySQL-client MySQL-common Updated: Mon Nov 01 09:30:35 2004 Importance: security %pre A number of problems have been discovered in the MySQL database server: Jeroen van Wolffelaar discovered an insecure temporary file vulnerability in the mysqlhotcopy script when using the scp method (CAN-2004-0457). Oleksandr Byelkin discovered that the "ALTER TABLE ... RENAME" would check the CREATE/INSERT rights of the old table rather than the new one (CAN-2004-0835). Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function (CAN-2004-0836). Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall (CAN-2004-0837). The updated MySQL packages have been patched to protect against these issues. %description The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of MySQL AB. The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from MySQL AB if you do not wish to be bound by the terms of the GPL. See the chapter "Licensing and Support" in the manual for further info. The MySQL web site (http://www.mysql.com/) provides the latest news and information about the MySQL software. Also please see the documentation and the manual for more information. %package netatalk netatalk-devel Updated: Mon Nov 01 10:50:35 2004 Importance: security %pre The etc2ps.sh script, part of the netatalk package, creates files in /tmp with predicatable names which could allow a local attacker to use symbolic links to point to a valid file on the filesystem which could lead to the overwriting of arbitrary files if etc2ps.sh is executed by someone with enough privilege. The updated packages are patched to prevent this problem. %description netatalk is an implementation of the AppleTalk Protocol Suite for Unix/Linux systems. The current release contains support for Ethertalk Phase I and II, DDP, RTMP, NBP, ZIP, AEP, ATP, PAP, ASP, and AFP. It provides Appletalk file printing and routing services on Solaris 2.5, Linux, FreeBSD, SunOS 4.1 and Ultrix 4. It also supports AFP 2.1 and 2.2 (Appleshare IP). Note: The default configuration disables both guest accounts and plain-text passwords. To enable these options, review the configuration file /etc/netatalk/afpd.conf. %package mod_ssl Updated: Mon Nov 01 11:06:43 2004 Importance: security %pre A vulnerability in mod_ssl was discovered by Hartmut Keil. After a renegotiation, mod_ssl would fail to ensure that the requested cipher suite is actually negotiated. The provided packages have been patched to prevent this problem. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Mon Nov 01 11:06:43 2004 Importance: security %pre A vulnerability in mod_ssl was discovered by Hartmut Keil. After a renegotiation, mod_ssl would fail to ensure that the requested cipher suite is actually negotiated. The provided packages have been patched to prevent this problem. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package perl-MIME-tools Updated: Mon Nov 01 11:06:43 2004 Importance: security %pre There is a bug in MIME-tools, where it mis-parses things like boundary="". Some viruses use an empty boundary, which may allow unapproved parts through MIMEDefang. The updated packages are patched to fix this problem. %description MIME-tools - modules for parsing (and creating!) MIME entities Modules in this toolkit : Abstract message holder (file, scalar, etc.), OO interface for decoding MIME messages, an extracted and decoded MIME entity, Mail::Field subclasses for parsing fields, a parsed MIME header (Mail::Header subclass), parser and tool for building your own MIME parser, and utilities. %package perl perl-doc perl-devel perl-base Updated: Mon Nov 01 11:06:43 2004 Importance: security %pre Updated perl-MIME-tools requires MIME::Base64 version 3.03. Since MIME::Base64 is integrated in the perl package on Mandakelinux, these updates now provide the newer version. The updated packages are patched to fix this problem. %description Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications (and what it excels at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. You need perl-base to have a full perl. %package iptables iptables-ipv6 Updated: Thu Nov 04 14:03:18 2004 Importance: security %pre Faheem Mitha discovered that the iptables tool would not always load the required modules on its own as it should have, which could in turn lead to firewall rules not being loaded on system startup in some cases. The updated packages are patched to prevent this problem. %description iptables controls the Linux kernel network packet filtering code. It allows you to set up firewalls and IP masquerading, etc. Install iptables if you need to set up firewalling for your network. Install this only if you are using the 2.4 or 2.6 kernels!! %package shadow-utils Updated: Thu Nov 04 14:03:18 2004 Importance: security %pre A vulnerability in the shadow suite was discovered by Martin Schulze that can be exploited by local users to bypass certain security restrictions due to an input validation error in the passwd_check() function. This function is used by the chfn and chsh tools. The updated packages have been patched to prevent this problem. %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %package libxml1 libxml1-devel Updated: Thu Nov 04 14:03:18 2004 Importance: security %pre Multiple buffer overflows were reported in the libxml XML parsing library. These vulnerabilities may allow remote attackers to execute arbitray code via a long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function, a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy() function, and other overflows in the code that resolves names via DNS. The updated packages have been patched to prevent these issues. %description This library allows you to manipulate XML files. %package libxml2 libxml2-devel libxml2-python libxml2-utils Updated: Thu Nov 04 14:03:18 2004 Importance: security %pre Multiple buffer overflows were reported in the libxml XML parsing library. These vulnerabilities may allow remote attackers to execute arbitray code via a long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function, a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy() function, and other overflows in the code that resolves names via DNS. The updated packages have been patched to prevent these issues. %description This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. %package ruby ruby-devel ruby-doc ruby-tk Updated: Mon Nov 08 09:45:12 2004 Importance: security %pre Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session's FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues (CAN-2004-0755). The ruby developers have corrected a problem in the ruby CGI module that can be triggered remotely and cause an inifinite loop on the server (CAN-2004-0983). The updated packages are patched to prevent these problems. %description Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. %package webmin Updated: Wed Nov 11 10:22:43 2004 Importance: bugfix %pre There was a problem with two modules in the webmin package that did not work correctly: the cron and backup modules. The updates packages fix the problem so the modules will again work. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package speedtouch Updated: Wed Nov 11 10:22:43 2004 Importance: security %pre The Speedtouch USB driver contains a number of format string vulnerabilities due to improperly made syslog() system calls. These vulnerabilities can be abused by a local used to potentially allow the execution of arbitray code with elevated privileges. The updated packages have been patched to prevent this problem. %description ALCATEL SpeedTouch USB ADSL modem user-space driver. This package contains all the necessary software to use your SpeedTouch USB modem under Linux. It currently support only PPPoA encapsulation. %package ez-ipupdate Updated: Wed Nov 11 10:22:43 2004 Importance: security %pre Ulf Harnhammar discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. The updated packages are patched to protect against this problem. %description ez-ipupdate is a small utility for updating your host name for any of the dynamic DNS service offered at: * http://www.ez-ip.net * http://www.justlinux.com * http://www.dhs.org * http://www.dyndns.org * http://www.ods.org * http://gnudip.cheapnet.net (GNUDip) * http://www.dyn.ca (GNUDip) * http://www.tzo.com * http://www.easydns.com * http://www.dyns.cx * http://www.hn.org * http://www.zoneedit.com it is pure C and works on Linux, *BSD and Solaris. Don't forget to create your own config file ( in /etc/ez-ipupdate.conf ) You can find some example in /usr/share/doc/ez-ipupdate-3.0.11b8 %package sudo Updated: Mon Nov 15 10:50:04 2004 Importance: security %pre Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. The problem is fixed in sudo 1.6.8p2; the provided packages have been patched to correct the issue. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package gd-utils libgd2 libgd2-devel libgd2-static-devel Updated: Mon Nov 15 10:50:04 2004 Importance: security %pre Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. The updated packages have been patched to prevent these issues. %description gd is a graphics library. It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. This is particularly useful in World Wide Webapplications, where PNG and JPEG are two of the formats accepted for inlineimages by most browsers. gd is not a paint program. If you are looking for a paint program, you are looking in the wrong place. If you are not a programmer, you are looking in the wrong place. gd does not provide for every possible desirable graphics operation. It is not necessary or desirable for gd to become a kitchen-sink graphics package, but version 1.7.3 incorporates most of the commonly requested features for an 8-bit 2D package. GIF creation will not reappear in gd until the patent expires world-wide on July 7th, 2004. I realize this situation is frustrating for many; please direct your anger and complaints toward the questionable patent system that allows the patenting of such straightforward algorithms in the first place. To enable GIF support use a commandline like: rpm -rebuild --with gif gd-2.0.27-3.2.101mdk.src.rpm %package apache apache-devel apache-modules apache-source Updated: Mon Nov 15 10:50:04 2004 Importance: security %pre A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI. The updated packages have been patched to prevent this problem. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache2 apache2-common apache2-devel apache2-manual apache2-mod_dav apache2-mod_ldap apache2-mod_ssl apache2-modules apache2-source libapr0 apache2-mod_cache apache2-mod_deflate apache2-mod_disk_cache apache2-mod_file_cache apache2-mod_mem_cache apache2-mod_proxy Updated: Mon Nov 15 10:50:04 2004 Importance: security %pre A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan Trivedi; he found that by sending a large amount of specially- crafted HTTP GET requests, a remote attacker could cause a Denial of Service on the httpd server. This vulnerability is due to improper enforcement of the field length limit in the header-parsing code. The updated packages have been patched to prevent this problem. %description This package contains the main binary of apache2, a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of apache2 is fully modular, and many modules are available in pre-compiled formats, like PHP4 and mod_auth_external. Check for available Apache2 modules for MandrakeLinux at: http://www.deserve-it.com/modules_for_apache2.html (most of them can be installed from the contribs repository) You can build apache2 with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package libxfree86 libxfree86-devel libxfree86-static-devel X11R6-contrib XFree86-100dpi-fonts XFree86 XFree86-75dpi-fonts XFree86-cyrillic-fonts XFree86-doc XFree86-glide-module XFree86-server XFree86-xfs XFree86-Xnest XFree86-Xvfb Updated: Mon Nov 22 14:40:12 2004 Importance: security %pre The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image. Updated packages are patched to correct all these issues. %description If you want to install the X Window System (TM) on your machine, you'll need to install XFree86. The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc. XFree86 is the version of X which runs on Linux, as well as other platforms. This package contains the basic fonts, programs and documentation for an X workstation. You will also need the XFree86-server package, which contains the program which drives your video hardware. In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the XFree86 fonts packages. And finally, if you are going to develop applications that run as X clients, you will also need to install libxfree86-devel. %package libxpm4 libxpm4-devel Updated: Mon Nov 22 14:40:12 2004 Importance: security %pre The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image. Updated packages are patched to correct all these issues. %description The xpm package contains the XPM pixmap library for the X Window System. The XPM library allows applications to display color, pixmapped images, and is used by many popular X programs. %package a2ps a2ps-devel a2ps-static-devel Updated: Thu Nov 25 15:08:20 2004 Importance: 0 %pre The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitray commands with the privileges of the user running the vulnerable application. The updated packages have been patched to prevent this problem. %description The a2ps filter converts text and other types of files to PostScript(TM). a2ps has pretty-printing capabilities and includes support for a wide number of programming languages, encodings (ISO Latins, Cyrillic, etc.), and medias. %package zip Updated: Thu Nov 25 15:08:34 2004 Importance: 0 %pre A vulnerability in zip was discovered where zip would not check the resulting path length when doing recursive folder compression, which could allow a malicious person to convince a user to create an archive containing a specially-crafted path name. By doing so, arbitrary code could be executed with the permissions of the user running zip. The updated packages are patched to prevent this problem. %description The zip program is a compression and file packaging utility. Zip is analogous to a combination of the UNIX tar and compress commands and is compatible with PKZIP (a compression and file packaging utility for MS-DOS systems). Install the zip package if you need to compress files using the zip program. This version support crypto encryption. %package libxpm4 libxpm4-devel Updated: Mon Nov 29 17:26:11 2004 Importance: security %pre The previous libxpm4 update had a linking error that resulted in a missing s_popen symbol error running applications dependant on the library. In addition, the file path checking in the security updates prevented some applications, like gimp-2.0 from being able to save xpm format images. Updated packages are patched to correct all these issues. %description The xpm package contains the XPM pixmap library for the X Window System. The XPM library allows applications to display color, pixmapped images, and is used by many popular X programs. %package gzip Updated: Mon Dec 06 11:54:12 2004 Importance: security %pre The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack. A similar problem was fixed last year (CAN-2003-0367) in which this same problem was found in znew. At that time, Mandrakesoft also used mktemp to correct the problems in gzexe. This update uses mktemp to handle temporary files in the zdiff script. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandrakelinux system, because it is a very commonly used data compression program. %package ImageMagick libMagick5.5.7 libMagick5.5.7-devel perl-Magick Updated: Mon Dec 06 11:55:26 2004 Importance: security %pre A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. The updated packages have been patched to prevent this problem. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. This package installs the necessary files to run ImageMagick. %package rp-pppoe rp-pppoe-gui Updated: Mon Dec 06 11:58:40 2004 Importance: security %pre Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe package. When pppoe is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid root, however the packages have been patched to prevent this problem. %description PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used by many ADSL Internet Service Providers. Roaring Penguin has a free client for Linux systems to connect to PPPoE service providers. The client is a user-mode program and does not require any kernel modifications. It is fully compliant with RFC 2516, the official PPPoE specification. It has been tested with many ISPs, such as the Canadian Sympatico HSE (High Speed Edition) service. %package nfs-utils nfs-utils-clients Updated: Mon Dec 06 11:59:28 2004 Importance: security %pre SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the "SIGPIPE" signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. The updated packages have been patched to prevent this problem. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package libopenssl0.9.7 libopenssl0.9.7-devel libopenssl0.9.7-static-devel openssl Updated: Mon Dec 06 12:00:10 2004 Importance: security %pre The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack. The updated packages have been patched to prevent this problem. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package lvm Updated: Mon Dec 06 12:03:08 2004 Importance: security %pre The Trustix developers discovered that the lvmcreate_initrd script, part of the lvm1 package, created a temporary directory in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user running the script. The updated packages have been patched to prevent this problem. %description LVM includes all of the support for handling read/write operations on physical volumes (hard disks, RAID-Systems, magneto optical, etc., multiple devices (MD), see mdadd(8) or even loop devices, see losetup(8)), creating volume groups (kind of virtual disks) from one or more physical volumes and creating one or more logical volumes (kind of logical partitions) in volume groups. %package iproute2 Updated: Mon Dec 13 10:45:59 2004 Importance: security %pre Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. The updated packages have been patched to prevent this problem. %description The iproute package contains networking utilities (ip, tc and rtmon, for example) which are designed to use the advanced networking capabilities of the Linux 2.2.x kernels and later, such as policy routing, fast NAT and packet scheduling. %package libecpg3 libecpg3-devel libpgtcl2 libpgtcl2-devel libpq3 libpq3-devel postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-jdbc postgresql-pl postgresql-python postgresql-server postgresql-tcl postgresql-test Updated: Mon Dec 13 10:47:18 2004 Importance: security %pre The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary files he has access to. The updated packages have been patched to prevent this problem. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package libphp_common432 php432-devel php-cgi php-cli Updated: Fri Dec 17 15:21:31 2004 Importance: security %pre A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough to warrant CVE names, however the packages provided, with the exception of the Corporate Server 2.1 packages, include fixes for all of the vulnerabilities, thanks to the efforts of the OpenPKG team who extracted and backported the fixes. The vulnerabilities fixed in all provided packages include a fix for a possible information disclosure, double free, and negative reference index array underflow in deserialization code (CAN-2004-1019). As well, the exif_read_data() function suffers from an overflow on a long sectionname; this vulnerability was discovered by Ilia Alshanetsky (CAN-2004-1065). The other fixes that appear in Mandrakelinux 9.2 and newer packages include a fix for out of bounds memory write access in shmop_write() and integer overflow/underflows in the pack() and unpack() functions. The addslashes() function did not properly escape "\0" correctly. A directory bypass issue existed in safe_mode execution. There is an issue of arbitrary file access through path truncation. Finally, the "magic_quotes_gpc" functionality could lead to one level directory traversal with file uploads. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package logcheck Updated: Tue Dec 21 18:11:05 2004 Importance: security %pre A vulnerability was discovered in the logcheck program by Christian Jaeger. This could potentially lead to a local attacker overwriting files with root privileges. The updated packages have been patched to prevent the problem. %description Logcheck is a software package that is designed to automatically run and check system log files for security violations and unusual activity. Logcheck utilizes a program called logtail that remembers the last position it read from in a log file and uses this position on subsequent runs to process new information. All source code is available for review and the implementation was kept simple to avoid problems. This package is a clone of the frequentcheck.sh script from the Trusted Information Systems Gauntlet(tm) firewall package. TIS has granted permission for me to clone this package. %package ftp-client-krb5 ftp-server-krb5 krb5-server krb5-workstation libkrb51 libkrb51-devel telnet-client-krb5 telnet-server-krb5 Updated: Tue Dec 21 18:14:23 2004 Importance: security %pre Michael Tautschnig discovered a heap buffer overflow in the history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) server. The updated packages have been patched to prevent this problem. %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package libsmbclient0 libsmbclient0-devel libsmbclient0-static-devel nss_wins samba-client samba-common samba-debug samba-doc samba-server samba-swat samba-winbind Updated: Mon Dec 27 10:40:43 2004 Importance: security %pre Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs. The updated packages have been patched to correct this issue. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Wed Dec 29 13:08:34 2004 Importance: security %pre iDefense reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like cups, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system. The updated packages are patched to protect against these vulnerabilities. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libtiff3 libtiff3-devel libtiff3-static-devel libtiff-progs Updated: Thu Jan 06 09:48:48 2005 Importance: security %pre Several vulnerabilities have been discovered in the libtiff package: iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag. iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CAN-2004-1308) The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry. The updated packages are patched to protect against these vulnerabilities. %description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. %package vim-common vim-enhanced vim-minimal vim-X11 Updated: Thu Jan 06 09:50:12 2005 Importance: security %pre Several "modeline"-related vulnerabilities were discovered in Vim by Ciaran McCreesh. The updated packages have been patched with Bram Moolenaar's vim 6.3.045 patch which fixes the reported vulnerabilities and adds more conservative "modeline" rights. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package nfs-utils nfs-utils-clients Updated: Tue Jan 11 09:38:22 2005 Importance: security %pre Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could then lead to the execution of arbitrary code. The updated packages are provided to prevent this issue. %description The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host. %package libimlib2_1 libimlib2_1-devel libimlib2_1-filters libimlib2_1-loaders Updated: Wed Jan 12 15:05:55 2005 Importance: security %pre Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib. These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026). The updated packages have been patched to prevent these problems. %description Imlib2 is an advanced replacement library for libraries like libXpm that provides many more features with much greater flexibility and speed than standard libraries, including font rasterization, rotation, RGBA space rendering and blending, dynamic binary filters, scripting, and more. Build Options: --with mmx Enable mmx cpu detection (10% - 30% speedup) %package imlib imlib-cfgeditor libimlib1 libimlib1-devel Updated: Wed Jan 12 15:06:12 2005 Importance: security %pre Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib. These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026). The updated packages have been patched to prevent these problems. %description Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Install imlib if you need an image loading and rendering library for X11R6. You may also want to install the imlib-cfgeditor package, which will help you configure Imlib. %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Mon Jan 17 11:23:59 2005 Importance: security ID: MDKSA-2005:008 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:008 %pre A buffer overflow was discovered in the ParseCommand function in the hpgltops utility. An attacker with the ability to send malicious HPGL files to a printer could possibly execute arbitrary code as the "lp" user (CAN-2004-1267). Vulnerabilities in the lppasswd utility were also discovered. The program ignores write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS passwd file or prevent future use of lppasswd (CAN-2004-1268 and CAN-2004-1269). As well, lppasswd does not verify that the passwd.new file is different from STDERR, which could allow a local user to control output to passwd.new via certain user input that could trigger an error message (CAN-2004-1270). The updated packages have been patched to prevent these problems. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package squid Updated: Mon Jan 24 15:35:29 2005 Importance: security ID: MDKSA-2005:014 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:014 %pre "infamous41md" discovered two vulnerabilities in the squid proxy cache server. The first is a buffer overflow in the Gopher response parser which leads to memory corruption and would usually crash squid (CAN-2005-0094). The second is an integer overflow in the receiver of WCCP (Web Cache Communication Protocol) messages. An attacker could send a specially crafted UDP datagram that would cause squid to crash (CAN-2005-0095). The updated packages have been patched to prevent these problems. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package libphp_common432 php432-devel php-cgi php-cli Updated: Mon Jan 24 18:54:32 2005 Importance: bugfix ID: MDKA-2005:004 URL: http://www.mandrakesoft.com/security/advisories?name=MDKA-2005:004 %pre When php tries to opens a connection using fsockopen(), but the connection fails, php would not close the socket. The updated packages fix this problem. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. You can build php with some conditional build swithes; (ie. use with rpm --rebuild): --with debug Compile with debugging code %package cups cups-common cups-serial libcups2 libcups2-devel Updated: Tue Jan 25 13:17:15 2005 Importance: security ID: MDKSA-2005:018 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:018 %pre A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Cups uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package kernel-2.4.22.41mdk kernel-enterprise-2.4.22.41mdk kernel-i686-up-4GB-2.4.22.41mdk kernel-p3-smp-64GB-2.4.22.41mdk kernel-secure-2.4.22.41mdk kernel-smp-2.4.22.41mdk kernel-source Updated: Tue Jan 25 13:35:11 2005 Importance: security ID: MDKSA-2005:022 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 %pre A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory: - Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CAN-2004-0814) - Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CAN-2004-0816) - Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CAN-2004-0883 and CAN-2004-0949) - Paul Starzetz and Georgi Guninski reported, independantly, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CAN-2004-1016) - Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CAN-2004-1058) - Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CAN-2004-1068) - Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CAN-2004-1069) - Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073) - It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CAN-2004-1074) - Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CAN-2004-1137) - Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CAN-2004-1151) - Paul Starzetz found locally exploitable flaws in the binary format loader's uselib() function that could be abused to allow a local user to obtain root privileges (CAN-2004-1235) - Paul Starzetz found an exploitable flaw in the page fault handler when running on SMP machines (CAN-2005-0001) - A vulnerability in insert_vm_struct could allow a locla user to trigger BUG() when the user created a large vma that overlapped with arg pages during exec (CAN-2005-0003) - Paul Starzetz also found a number of vulnerabilities in the kernel binfmt_elf loader that could lead a local user to obtain elevated (root) privileges (isec-0017-binfmt_elf) The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the latest module-init-tools package prior to upgrading their kernel. Likewise, MNF8.2 users will need to upgrade to the latest modutils package prior to upgrading their kernel. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. For instructions for update, see: http://www.mandrakesecure.net/en/kernelupdate.php %package perl-DBI perl-DBI-ProfileDumper-Apache perl-DBI-proxy Updated: Tue Feb 08 09:15:59 2005 Importance: security ID: MDKSA-2005:030 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:030 %pre Javier Fernandez-Sanguino Pena disovered the perl5 DBI library created a temporary PID file in an insecure manner, which could be exploited by a malicious user to overwrite arbitrary files owned by the user executing the parts of the library. The updated packages have been patched to prevent these problems. %description The Perl Database Interface (DBI) is a database access Application Programming Interface (API) for the Perl Language. The Perl DBI API specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. %package perl perl-base perl-devel perl-doc Updated: Tue Feb 08 09:17:41 2005 Importance: security ID: MDKSA-2005:031 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:031 %pre Jeroen van Wolffelaar discovered that the rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack (CAN-2004-0452). Trustix developers discovered several insecure uses of temporary files in many modules which could allow a local attacker to overwrite files via symlink attacks (CAN-2004-0976). "KF" discovered two vulnerabilities involving setuid-enabled perl scripts. By setting the PERLIO_DEBUG environment variable and calling an arbitrary setuid-root perl script, an attacker could overwrite arbitrary files with perl debug messages (CAN-2005-0155). As well, calling a setuid-root perl script with a very long path would cause a buffer overflow if PERLIO_DEBUG was set, which could be exploited to execute arbitrary files with root privileges (CAN-2005-0156). The provided packages have been patched to resolve these problems. %description Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications (and what it excels at) are probably system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. You need perl-base to have a full perl. %package cpio Updated: Thu Feb 10 09:15:54 2005 Importance: security ID: MDKSA-2005:032 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:032 %pre A vulnerability in cpio was discovered where cpio would create world- writeable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user. %description GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. %package squid Updated: Thu Feb 10 12:56:46 2005 Importance: security ID: MDKSA-2005:034 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:034 %pre More vulnerabilities were discovered in the squid server: The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls (CAN-2005-0173). Minor problems in the HTTP header parsing code that could be used for cache poisoning (CAN-2005-0174 and CAN-2005-0175). A buffer overflow in the WCCP handling code allowed remote attackers to cause a Denial of Service and could potentially allow for the execution of arbitrary code by using a long WCCP packet. The updated packages have been patched to prevent these problems. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package libpython2.3 libpython2.3-devel python python-base python-docs tkinter Updated: Thu Feb 10 12:57:59 2005 Importance: security ID: MDKSA-2005:035 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:035 %pre A flaw in the python language was found by the development team. The SimpleXMLRPCServer library module could permit remote attackers unintended access to internals of the registered object or it's module, or possibly even other modules. This only affects python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers that only use the register_function() method are not affected. The updated packages have been patched to prevent these problems. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package squid Updated: Thu Feb 24 10:03:32 2005 Importance: security ID: MDKSA-2005:047 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:047 %pre The squid developers discovered that a remote attacker could cause squid to crash via certain DNS responses. The updated packages are patched to fix the problem. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package gnupg Updated: Tue Mar 15 10:21:01 2005 Importance: security ID: MDKSA-2005:057 URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:057 %pre The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called "quick scan" and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption. The updated packages have been patched to disable the quick check for all public key-encrypted messages and files. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.