A vulnerability has been found and corrected in wget:

GNU Wget 1.12 and earlier uses a server-provided filename instead of
the original URL to determine the destination filename of a download,
which allows remote servers to create or overwrite arbitrary files
via a 3xx redirect to a URL with a .wgetrc filename followed by a
3xx redirect to a URL with a crafted filename, and possibly execute
arbitrary code as a consequence of writing to a dotfile in a home
directory (CVE-2010-2252).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11
and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x
before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress
a script's URL in certain circumstances involving a redirect and an
error message, which allows remote attackers to obtain sensitive
information about script parameters via a crafted HTML document,
related to the window.onerror handler (CVE-2010-2754).

Mozilla Firefox permits cross-origin loading of CSS stylesheets
even when the stylesheet download has an incorrect MIME type and the
stylesheet document is malformed, which allows remote HTTP servers
to obtain sensitive information via a crafted document (CVE-2010-0654).

The importScripts Web Worker method in Mozilla Firefox 3.5.x before
3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and
3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that
content is valid JavaScript code, which allows remote attackers to
bypass the Same Origin Policy and obtain sensitive information via
a crafted HTML document (CVE-2010-1213).

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x
before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before
3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute
arbitrary code via a large selection attribute in a XUL tree element
(CVE-2010-2753).

Integer overflow in an array class in Mozilla Firefox 3.5.x before
3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x
before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to
execute arbitrary code by placing many Cascading Style Sheets (CSS)
values in an array (CVE-2010-2752).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x
before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2010-1211).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

A vulnerability has been found and corrected in openssl:

Double free vulnerability in the ssl3_get_key_exchange function in
the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7,
and possibly other versions, when using ECDH, allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted private key with an invalid prime. NOTE:
some sources refer to this as a use-after-free issue (CVE-2010-2939).

The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in perl-libwww-perl:

lwp-download in libwww-perl before 5.835 does not reject downloads to
filenames that begin with a . (dot) character, which allows remote
servers to create or overwrite files via (1) a 3xx redirect to a
URL with a crafted filename or (2) a Content-Disposition header
that suggests a crafted filename, and possibly execute arbitrary
code as a consequence of writing to a dotfile in a home directory
(CVE-2010-2253).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in libgdiplus:

Multiple integer overflows in libgdiplus 2.6.7, as used in Mono,
allow attackers to execute arbitrary code via (1) a crafted TIFF
file, related to the gdip_load_tiff_image function in tiffcodec.c;
(2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal
function in jpegcodec.c; or (3) a crafted BMP file, related to the
gdip_read_bmp_image function in bmpcodec.c, leading to heap-based
buffer overflows (CVE-2010-1526).

The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in libHX:

Heap-based buffer overflow in the HX_split function in string.c in
libHX before 3.6 allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via a string that
is inconsistent with the expected number of fields (CVE-2010-2947).

The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in phpmyadmin:

It was possible to conduct a XSS attack using crafted URLs or POST
parameters on several pages (CVE-2010-3056).

This upgrade provides phpmyadmin 3.3.5.1 which is not vulnerable for
this security issue.

Multiple vulnerabilities has been found and corrected in phpmyadmin:

The setup script used to generate configuration can be fooled using
a crafted POST request to include arbitrary PHP code in generated
configuration file. Combined with the ability to save files on the
server, this can allow unauthenticated users to execute arbitrary
PHP code (CVE-2010-3055).

It was possible to conduct a XSS attack using crafted URLs or POST
parameters on several pages (CVE-2010-3056).

This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable
for these security issues.

A vulnerability has been found and corrected in okular (kdegraphics):

A specially crafted PDF or PS file could cause okular to crash or
execute arbitrary code (CVE-2010-2575).

The updated packages have been patched to correct this issue.

A vulnerability has been found and corrected in vte:

The vte_sequence_handler_window_manipulation function in vteseq.c
in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in
gnome-terminal, does not properly handle escape sequences, which
allows remote attackers to execute arbitrary commands or obtain
potentially sensitive information via a (1) window title or (2) icon
title sequence. NOTE: this issue exists because of a CVE-2003-0070
regression (CVE-2010-2713).

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been found and corrected in cacti:

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before
0.8.7f, allow remote attackers to inject arbitrary web script or
HTML via the (1) hostname or (2) description parameter to host.php,
or (3) the host_id parameter to data_sources.php (CVE-2010-1644).

Cacti before 0.8.7f, allows remote authenticated administrators to
execute arbitrary commands via shell metacharacters in (1) the FQDN
field of a Device or (2) the Vertical Label field of a Graph Template
(CVE-2010-1645).

Cross-site scripting (XSS) vulnerability in
include/top_graph_header.php in Cacti before 0.8.7g allows remote
attackers to inject arbitrary web script or HTML via the graph_start
parameter to graph.php. NOTE: this vulnerability exists because of
an incorrect fix for CVE-2009-4032.2.b (CVE-2010-2543).

Cross-site scripting (XSS) vulnerability in utilities.php in Cacti
before 0.8.7g, allows remote attackers to inject arbitrary web script
or HTML via the filter parameter (CVE-2010-2544).

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before
0.8.7g, allow remote attackers to inject arbitrary web script or HTML
via (1) the name element in an XML template to templates_import.php;
and allow remote authenticated administrators to inject arbitrary web
script or HTML via vectors related to (2) cdef.php, (3) data_input.php,
(4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7)
gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php,
(11) graph_templates_inputs.php, (12) graph_templates_items.php,
(13) graph_templates.php, (14) graph_view.php, (15) host.php, (16)
host_templates.php, (17) lib/functions.php, (18) lib/html_form.php,
(19) lib/html_form_template.php, (20) lib/html.php, (21)
lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php,
and (25) user_admin.php (CVE-2010-2545).

This update provides cacti 0.8.7f, which is not vulnerable to these
issues.

A vulnerability has been found and corrected in gv:

GNU gv before 3.7.0 allows local users to overwrite arbitrary files
via a symlink attack on a temporary file (CVE-2010-2056).

This update provides gv 3.7.1, which is not vulnerable to this issue.

A vulnerability has been found and corrected in squirrelmail:

functions/imap_general.php in SquirrelMail before 1.4.21 does not
properly handle 8-bit characters in passwords, which allows remote
attackers to cause a denial of service (disk consumption) by making
many IMAP login attempts with different usernames, leading to the
creation of many preferences files (CVE-2010-2813).

This update provides squirrelmail 1.4.21, which is not vulnerable to
this issue.

Wcd is a command-line program to change directory fast. It saves time typing at the keyboard. One needs to type only a part of a directory name and wcd will jump to it. Wcd has a fast selection method in case of multiple matches and allows aliasing and banning of directories. Wcd also includes a full screen interactive directory tree browser with speed search.

Wcd was modeled after Norton Change Directory (NCD). NCD appeared first in *The Norton Utilities, Release 4*, for DOS in 1987, published by Peter Norton.

Wcd has been ported to different command-line shells: DOS command.com, Windows cmd.exe and PowerShell, OS/2 cmd.exe, and Unix shells such as Bourne (sh), Bourne Again (bash), Korn (ksh), Z (zsh), and C (csh) shell and others running on any operating system.

 

Wcd supports 8 bit character sets on all systems, and has optional support for Unicode. See section LOCALIZATION.

Links:

• hobbes.nmsu.edu/download/pub/incoming/wcd-5.1.3-os2.zip

Gnucash would crash on startup for users who had updated from 2010.0
to 2010.1 as the slib package was not updated properly. This update
is the correct build of slib for Mandriva 2010.1.

Multiple vulnerabilities has been found and corrected in freetype2:

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType
before 2.4.2 does not properly validate certain position values, which
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file
(CVE-2010-2805).

Array index error in the t42_parse_sfnts function in type42/t42parse.c
in FreeType before 2.4.2 allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
negative size values for certain strings in FontType42 font files,
leading to a heap-based buffer overflow (CVE-2010-2806).

FreeType before 2.4.2 uses incorrect integer data types during bounds
checking, which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
font file (CVE-2010-2807).

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
in FreeType before 2.4.2 allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)
font (CVE-2010-2808).

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause
a denial of service (application crash) via a crafted BDF font file,
related to an attempted modification of a value in a static string
(CVE-2010-3053).

The updated packages have been patched to correct these issues.

Multiple vulnerabilities has been found and corrected in freetype2:

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType
before 2.4.2 does not properly validate certain position values, which
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file
(CVE-2010-2805).

Array index error in the t42_parse_sfnts function in type42/t42parse.c
in FreeType before 2.4.2 allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
negative size values for certain strings in FontType42 font files,
leading to a heap-based buffer overflow (CVE-2010-2806).

FreeType before 2.4.2 uses incorrect integer data types during bounds
checking, which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
font file (CVE-2010-2807).

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
in FreeType before 2.4.2 allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)
font (CVE-2010-2808).

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause
a denial of service (application crash) via a crafted BDF font file,
related to an attempted modification of a value in a static string
(CVE-2010-3053).

Unspecified vulnerability in FreeType 2.3.9, and other versions
before 2.4.2, allows remote attackers to cause a denial of service
via vectors involving nested Standard Encoding Accented Character
(aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and
t1decode.c (CVE-2010-3054).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

The warpevents.eu Steering Group is now accepting bids from groups or individuals wishing to host Warpstock Europe 2011.

Groups or individuals considering hosting Warpstock Europe 2011 should submit a letter of their intent to host this event by e-mail to:

steeringgroup(at)warpevents.eu

The deadline for submission is September 30, 2010.

Information about the bid process and the requirements for hosting a Warpstock Europe event will be found on the warpevents.eu web site at:

http://www.warpevents.eu/en/library/public_wiki/wiki/PublicLibraryTOC.html

This letter of intent should contain a list of the individuals involved, the city or area in which the event would be held, and the suggested time of year for the event (dates with potentially good weather are preferred). The letter of intent may contain any additional information about the proposed bid that the team wishes to share. It should also include the benefits of holding the event in their suggested location. This letter does not need to be in great detail about the proposed event, but rather, a commitment from the group about entering into the bid process.

The Steering Group will remain in close contact with the teams throughout the entire bid process, including final site selection. The Steering Group contains a number of past event team members and will be available to provide support for any group wishing to submit a proposal.

Now is the time to start! Let's make Warpstock Europe 2011 a most memorable event!

Warpstock is an annual conference for the OS/2 and eComStation operating systems and related technology. It is dedicated to information, education, support, and exchange and addresses users, developers, and software vendors. To achieve these goals, the event offers seminars and workshops, exhibition areas, and room for personal exchange.

More information is available at:

http://www.warpevents.eu
http://www.warpstock.eu

Warpstock Europe is powered by warpevents.eu
Warpstock is a trademark of Warpstock, Inc.

The rpmstats package in 2010.0 updates had a higher release number
than the one for 2010.1. This advisory corrects the problem.

Multiple vulnerabilities has been found and corrected in mysql:

MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash
and database loss) via an ALTER DATABASE command with a #mysql50#
string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
causes MySQL to move certain directories to the server data directory
(CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as:

* LOAD DATA INFILE did not check for SQL errors and sent an OK packet
even when errors were already reported. Also, an assert related to
client-server protocol checking in debug servers sometimes was raised
when it should not have been. (Bug#52512)

* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY
(SELECT ... WHERE ...) could cause a server crash. (Bug#52711)

* The server could crash if there were alternate reads from two
indexes on a table using the HANDLER interface. (Bug#54007)

* A malformed argument to the BINLOG statement could result in Valgrind
warnings or a server crash. (Bug#54393)

* Incorrect handling of NULL arguments could lead to a crash for IN()
or CASE operations when NULL arguments were either passed explicitly
as arguments (for IN()) or implicitly generated by the WITH ROLLUP
modifier (for IN() and CASE). (Bug#54477)

* Joins involving a table with with a unique SET column could cause
a server crash. (Bug#54575)

* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash. (Bug#54044)

The updated packages have been patched to correct these issues.