Mandriva Linux Security Advisory 2013-002 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. Various other issues were also addressed.
9ee750b2b8c7902fd7785c0edbfdc5773ae0ab089e0b3acc4daccaf1b8b4b1c4
Mandriva Linux Security Advisory 2012-066 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. Various other issues were also addressed.
52c7580faddde89c8ddd93ee504f0bd91f907d7b0db98c6e88c400c8de82300c
Mandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed.
a018be1990be06d135afc8ee885fd862474162711692134a45a97fbfa7ed502c
Mandriva Linux Security Advisory 2012-064 - It was discovered that the fix for was not sufficient to correct the issue for OpenSSL 0.9.8. The updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue.
ec7a43232cc989e79b3501b0f69ac7ec5d682e3b543f7d254621488da11de02d
Mandriva Linux Security Advisory 2012-063 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue.
d19a729c4502f3e0a4c2e9cb4ff0e0e72defd4fa38ba2015471857f60f1a1746
Mandriva Linux Security Advisory 2012-062 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
ae5a4a5d9ce6cee17510c13ca494d9b773752f3dfe112be30c15eceacdcaa9aa
Mandriva Linux Security Advisory 2012-061 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.
6c937a56998bb864b9de64f9b4c8402abef0fa2c6c10daab783db4ac0f50a28f
Mandriva Linux Security Advisory 2012-060 - A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS. The updated packages have been patched to correct this issue.
7142e404c604651a4de9f5df2e213ba7bf268b765edfd778fb1588130a165768
Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable. Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection. Various other issues were also addressed.
3cbc2c67f035fe9b1398b1120f8f0507ea8dbc4b9d3dce95d3e1907578dea5a9
Mandriva Linux Security Advisory 2012-059 - It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. The updated packages have been patched to correct this issue.
d5f88c588379acc2bfa9ff43617fc1860c078b4a3e19d62cf9688284b0d95395
Mandriva Linux Security Advisory 2012-058 - curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem. curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. The updated packages have been patched to correct these issues.
6c85f20b4131fa33986edd84817e884952953310762c6a2e6f462a08eee4cb99
Mandriva Linux Security Advisory 2012-057 - Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code. The updated packages have been patched to correct this issue.
c6dbaeb28d98f47816c5648a580b5ce1c3619cc46ce47dcb15e21c9ad4aa4612
Mandriva Linux Security Advisory 2012-056 - Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code. The updated packages have been patched to correct this issue.
3cce8f594ce82a2d7bc2edb723cc43de307c29149602c95cb21180eb1ae8a462
Mandriva Linux Security Advisory 2012-055 - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. The updated packages have been patched to correct this issue.
676cd5caa1a00ec6655d780e2a43329e69c8af366edce0bac72c298a8f52bb1d
Mandriva Linux Security Advisory 2012-054 - An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file. The updated packages have been patched to correct this issue.
c2470d757530bdc1d852c273dcedf2585d7fa9b116357c0843f71011fcfb5e3d
Mandriva Linux Security Advisory 2012-053 - Cross-site scripting vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The updated packages have been patched to correct this issue.
e062601fd9052b4265d4c0f2a927f4c0066187386040527ee66a5217eb8916df
Mandriva Linux Security Advisory 2012-052 - If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
5e6449c8bdacb71b6946d59bfce8358093914ffcbcc0ff899b2ec60227c3101f
Mandriva Linux Security Advisory 2012-051 - A specially-crafted Ogg Vorbis media format file could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
9793fc28c913f8fe59854d199f4a309e80a747af5460f53d3067bda0987f33b3
Mandriva Linux Security Advisory 2012-050 - Multiple vulnerabilities have been found and corrected in phpmyadmin. It was possible to conduct XSS using a crafted database name. The show_config_errors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
93d942bfdbef2f771612c750a8616e56326709a757aee4d07b4eec4152b0e354
Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue.
f89dda035b10b7cb0cea37643164ca192f767b587a8cd37c87951f667973bff8
Mandriva Linux Security Advisory 2012-048 - Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. The updated packages have been patched to correct this issue.
f39d53e6a1bd858ad8d3e9bea71a663fd9dd6cc3cd6f65b648a939ff4b8ab898
Mandriva Linux Security Advisory 2012-047 - The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. The updated packages have been patched to correct this issue.
993d182b26662e6aa300645b83f0d7ecd09a0a5eab170d2d1d2c3096abf64879
Mandriva Linux Security Advisory 2012-046 - A potential memory corruption has been found and corrected in libpng. The updated packages have been patched to correct this issue.
bb6f6600bc6bff4e6aa85f94627df21569126fc642d7e380944fc534cbcaf715
Mandriva Linux Security Advisory 2012-045 - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service via a large SessionTicket. The updated packages have been patched to correct this issue.
9d3027f3aebc071f3740544e88a82db2c4435c748db9687f95fffe022c747c8e
Mandriva Linux Security Advisory 2012-044 - A vulnerability has been found and corrected in cvs. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. The updated packages have been patched to correct this issue.
891ba05686fa17391e069c49ba48e6a0ad5b0eba8fc97db8070e0ddf441eeff7
Mandriva Linux Security Advisory 2012-043 - A vulnerability has been found and corrected in nginx. A specially crafted backend response could result in sensitive information leak. The updated packages have been patched to correct this issue.
b4f7d90d2aef1b63ae089280c523e080571f3292b4ca66f949631feb3f253176