%package mandriva-release
Update: Wed Sep 06 12:49:38 2006
Importance: normal
ID: MDKA-2006:033
URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:033

%pre
This is a test update

%description
Mandriva Linux release file.


%package mandriva-release
Update: Wed Sep 06 12:53:19 2006
Importance: normal
ID: MDKA-2006:033
URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:033

%pre
This is a test update

%description
Mandriva Linux release file.


%package mandriva-release
Update: Wed Sep 06 12:56:12 2006
Importance: normal
ID: MDKA-2006:033
URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:033

%pre
This is a test update

%description
Mandriva Linux release file.


%package webmin
Update: Wed Sep 27 19:46:18 2006
Importance: security
ID: MDKSA-2006:170-1
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:170-1

%pre
Webmin before 1.296 and Usermin before 1.226 does not properly handle a
URL with a null ("%00") character, which allows remote attackers to
conduct cross-site scripting (XSS), read CGI program source code, list
directories, and possibly execute programs.

Updated packages have been patched to correct this issue.

Update:

Packages are now available for Mandriva Linux 2007.

%description
A web-based administration interface for Unix systems. Using Webmin you
can configure DNS, Samba, NFS, local/remote filesystems, Apache,
Sendmail/Postfix, and more using your web browser.

After installation, enter the URL https://localhost:10000/ into your
browser and login as root with your root password. Please consider logging
in and modify your password for security issue.

PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE
TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/".


%package libmusicbrainz4 libmusicbrainz4-devel python-musicbrainz
Update: Thu Sep 28 10:14:27 2006
Importance: security
ID: MDKSA-2006:157-1
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:157-1

%pre
Multiple buffer overflows in libmusicbrainz (aka mb_client or
MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and
earlier, allow remote attackers to cause a denial of service (crash) or
execute arbitrary code via (1) a long Location header by the HTTP
server, which triggers an overflow in the MBHttp::Download function in
lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL
in an rdf:resource field in an RDF XML document, which triggers
overflows in many functions in lib/rdfparse.c.

The updated packages have been patched to correct this issue.

Update:

Packages are now available for Mandriva Linux 2007.

%description
The MusicBrainz client library allows applications to make metadata
lookup to a MusicBrainz server, generate signatures from WAV data and
create CD Index Disk ids from audio CD roms.


%package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl
Update: Thu Sep 28 12:02:09 2006
Importance: security
ID: MDKSA-2006:172
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:172

%pre
Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).
When the test suite was run against OpenSSL two denial of service
vulnerabilities were discovered.

During the parsing of certain invalid ASN1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory. (CVE-2006-2937)

Certain types of public key can take disproportionate amounts of time
to process. This could be used by an attacker in a denial of service
attack. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers utility function, used by
some applications such as exim and mysql.  An attacker could send a
list of ciphers that would overrun a buffer. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
possible DoS in the sslv2 client code.  Where a client application uses
OpenSSL to make a SSLv2 connection to a malicious server that server
could cause the client to crash. (CVE-2006-4343)

Updated packages are patched to address these issues.

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.
This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).


%package gstreamer-ffmpeg
Update: Thu Sep 28 15:06:52 2006
Importance: security
ID: MDKSA-2006:174
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:174

%pre
Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been
updated to address the following issue:  Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
NOTE: it is likely that this is a different vulnerability than
CVE-2005-4048 and CVE-2006-2802.

Updated packages have been patched to correct this issue.

%description
Video codec plugin for GStreamer based on the ffmpeg libraries.


%package libxine1 libxine1-devel xine-aa xine-arts xine-dxr3 xine-esd xine-flac xine-gnomevfs xine-image xine-plugins xine-sdl xine-smb
Update: Thu Sep 28 15:10:04 2006
Importance: security
ID: MDKSA-2006:176
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:176

%pre
Xine-lib uses an embedded copy of ffmpeg and as such has been updated
to address the following issue:  Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
NOTE: it is likely that this is a different vulnerability than
CVE-2005-4048 and CVE-2006-2802.

Updated packages have been patched to correct this issue.

%description
xine is a free gpl-licensed video player for unix-like systems.


%package libopenssl0.9.8 libopenssl0.9.8-devel libopenssl0.9.8-static-devel openssl
Update: Mon Oct 02 11:39:39 2006
Importance: security
ID: MDKSA-2006:172-1
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:172-1

%pre
Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).
When the test suite was run against OpenSSL two denial of service
vulnerabilities were discovered.

During the parsing of certain invalid ASN1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory. (CVE-2006-2937)

Certain types of public key can take disproportionate amounts of time
to process. This could be used by an attacker in a denial of service
attack. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers utility function, used by
some applications such as exim and mysql.  An attacker could send a
list of ciphers that would overrun a buffer. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
possible DoS in the sslv2 client code.  Where a client application uses
OpenSSL to make a SSLv2 connection to a malicious server that server
could cause the client to crash. (CVE-2006-4343)

Updated packages are patched to address these issues.

Update:

There was an error in the original published patches for CVE-2006-2940.
New packages have corrected this issue.

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.
This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).


%package ntp ntp-client
Update: Mon Oct 02 12:52:47 2006
Importance: security
ID: MDKSA-2006:178
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:178

%pre
Openssl recently had several vulnerabilities which were patched
(CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built
against a static copy of the SSL libraries. As a precaution an updated
copy built against the new libraries in being made available.

%description
The Network Time Protocol (NTP) is used to synchronize a computer's time
with another reference time source.  The ntp package contains utilities
and daemons which will synchronize your computer's time to Coordinated
Universal Time (UTC) via the NTP protocol and NTP servers.  Ntp includes
ntpdate (a program for retrieving the date and time from remote machines
via a network) and ntpd (a daemon which continuously adjusts system time).

Install the ntp package if you need tools for keeping your system's
time synchronized via the NTP protocol.


%package openssh openssh-askpass openssh-askpass-common openssh-askpass-gnome openssh-clients openssh-server
Update: Tue Oct 03 12:59:45 2006
Importance: security
ID: MDKSA-2006:179
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:179

%pre
Tavis Ormandy of the Google Security Team discovered a Denial of
Service vulnerability in the SSH protocol version 1 CRC compensation
attack detector.  This could allow a remote unauthenticated attacker to
trigger excessive CPU utilization by sending a specially crafted SSH
message, which would then deny ssh services to other users or processes
(CVE-2006-4924, CVE-2006-4925).  Please note that Mandriva ships with
only SSH protocol version 2 enabled by default.

Next, an unsafe signal handler was found by Mark Dowd.  This signal
handler was vulnerable to a race condition that could be exploited to
perform a pre-authentication DoS, and theoretically a
pre-authentication remote code execution in the case where some
authentication methods like GSSAPI are enabled (CVE-2006-5051).

Updated packages have been patched to correct this issue.

%description
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).

This package includes the core files necessary for both the OpenSSH
client and server.  To make this package useful, you should also
install openssh-clients, openssh-server, or both.

You can build openssh with some conditional build swithes;

(ie. use with rpm --rebuild):

--with[out] skey         smartcard support (disabled)
--with[out] krb5         kerberos support (enabled)
--with[out] watchdog     watchdog support (disabled)
--with[out] x11askpass   X11 ask pass support (enabled)
--with[out] gnomeaskpass Gnome ask pass support (enabled)
--with[out] ldap         OpenLDAP support (disabled)
--with[out] sftplog      sftp logging support (disabled)
--with[out] chroot       chroot support (disabled)


%package libphp5_common5 php-cgi php-cli php-devel php-fcgi
Update: Thu Oct 05 13:17:31 2006
Importance: security
ID: MDKSA-2006:180
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:180

%pre
An integer overflow was discovered in the PHP memory handling routines.
If a script can cause memory allocation based on untrusted user data, a
remote attacker sending a carefully crafted request could execute
arbitrary code as the 'apache' user.

Updated packages have been patched to correct these issues.

%description
PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in
database integration for several commercial and non-commercial
database management systems, so writing a database-enabled script
with PHP5 is fairly simple.  The most common use of PHP5 coding is
probably as a replacement for CGI scripts.

(ie. use with rpm --rebuild):
--with[out] hardened	Compile with the Hardened-PHP patch applied (disabled)
			you will have to rebuild all php-* extensions against
			the Hardened-PHP, and also live with the fact that
			commercial extensions will not work anymore :(


%package cups cups-common cups-serial libcups2 libcups2-devel php-cups
Update: Fri Oct 06 15:46:44 2006
Importance: bugfix
ID: MDKA-2006:036
URL: http://www.mandriva.com/security/advisories?name=MDKA-2006:036

%pre
A bug in the shipped version of CUPS would allow for the unexpected
deletion of cupsd.conf and cause a crash of CUPS.  This issue, as well
as many other bugs, have been corrected in CUPS 1.2.4, which is being
provided with this update.

%description

CUPS 1.2 is fully compatible with CUPS-1.1 machines in the network and
with software built against CUPS-1.1 libraries.

The Common Unix Printing System provides a portable printing layer for
UNIX(TM) operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
This is the main package needed for CUPS servers (machines where a
printer is connected to or which host a queue for a network
printer). It can also be used on CUPS clients so that they simply pick
up broadcasted printer information from other CUPS servers and do not
need to be assigned to a specific CUPS server by an
/etc/cups/client.conf file.


%package libpython2.4 libpython2.4-devel python python-base python-docs tkinter
Update: Tue Oct 10 12:59:38 2006
Importance: security
ID: MDKSA-2006:181
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:181

%pre
A vulnerability in python's repr() function was discovered by Benjamin
C. Wiley Sittler.  It was found that the function did not properly
handle UTF-32/UCS-4 strings, so an application that used repr() on
certin untrusted data could possibly be exploited to execute arbitrary
code with the privileges of the user running the python application.

Updated packages have been patched to correct this issue.

%description
Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems (X11, Motif, Tk,
Mac and MFC).

Programmers can write new built-in modules for Python in C or C++.
Python can be used as an extension language for applications that
need a programmable interface. This package contains most of the
standard Python modules, as well as modules for interfacing to the
Tix widget set for Tk and RPM.

Note that documentation for Python is provided in the python-docs
package.