[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 824/06 - Six Mandriva Linux Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 UNIRAS (UK Government CERT) Briefing - 824/06 dated 15.12.06 time 14:45
 UNIRAS is part of NISCC (the UK National Infrastructure Security
 Co-ordination Centre)
______________________________________________________________________________

 UNIRAS material is available from the NISCC website at www.niscc.gov.uk
______________________________________________________________________________

Title
=====

Six  Mandriva Linux Security Advisories:

1. MDKSA-2006:164-2 - Updated xorg-x11/XFree86 packages fix integer overflow 
   vulnerabilities

2. MDKSA-2006:229 - Updated evince packages fix buffer overflow vulnerability

3. MDKSA-2006:230 - Updated clamav packages fix vulnerability

4. MDKA-2006:064 - Updated sendmail packages to address init script issue

5. MDKA-2006:066 - Updated evolution-sharp packages fixes issues with beagle

6. MDKSA-2006:231 - Updated gdm packages fix string vulnerability

Detail
======

1.  Local exploitation of an integer overflow vulnerability in the  'CIDAFM()' 
function in the X.Org and XFree86 X server could allow an  attacker to execute 
arbitrary code with privileges of the X server,  typically root (CVE-2006-3739).

2.  Stack-based buffer overflow in ps.c for evince allows user-assisted  attackers 
to execute arbitrary code via a PostScript (PS) file with  certain headers that 
contain long comments, as demonstrated using the  DocumentMedia header.

3.  The latest version of ClamAV, 0.88.7, fixes some bugs, including  vulnerabilities 
with handling base64-encoded MIME attachment files that  can lead to either a) a crash 
(CVE-2006-5874), or b) a bypass of virus  detection (CVE-2006-6406).

4.  A bug in the sendmail service initscript prevented the sm-client  service from 
restarting if had not shut down cleanly from a previous  run. The updated packages 
address this issue.

5.  The evolution-sharp bindings weren't configured properly, preventing  beagle 
from indexing Evolution mailboxes. This update fixes this issue.

6.  Local exploitation of a format string vulnerability in GNOME  Foundation's 
GNOME Display Manager host chooser window (gdmchooser)  could allow an unauthenticated 
attacker to execute arbitrary code on  the affected system.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2006:164-2
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xorg-x11
 Date    : December 14, 2006
 Affected: Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Local exploitation of an integer overflow vulnerability in the  'CIDAFM()' function in the X.Org and XFree86 X server could allow
an  attacker to execute arbitrary code with privileges of the X server,  typically root (CVE-2006-3739).

 Local exploitation of an integer overflow vulnerability in the  'scan_cidfont()' function in the X.Org and XFree86 X server could
allow  an attacker to execute arbitrary code with privileges of the X server,  typically root (CVE-2006-3740).

 Updated packages are patched to address this issue.

 Update:

 Updated packages for Corporate Server 4.0 have been patched
_______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 4.0:
 3658ca4cd8a4c6e9821c418a5ce7b4b3  corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
 c98057d36ee6db65dd49bb540f2dfdb5  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm
 296d32cb0bb9a4361e5288cd0c136410  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm
 569c78c8b3842c72cfe361fb89d1989d  corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm
 438e53654ce1c11d5e28cce7d8316c34  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 6cd2047a430d3e10f68062e9e2ed7bc3  corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
 61d98fd62be172adc372ef7f10e8d0f0  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 c46a82d37cb2377f9d232ee10fb837b4  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
 e5be10030bae448b24998d65a2be9f6c  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm
 9122ac82818d37d54e096d128866c64f  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm
 1bfaa8464fefa7515a9abc6a4ff1da01  corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm
 4c274b747483a610e16677f019c150f6  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm
 6d1fe79343156bbd680b3d60941380b3  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm
 c7bdfd3abc0b711abe72e32ffa0b8e76  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm
 a62d0994768a936bbdef00a42a40e114  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm
 7e586568c538c87728f51cdee94ba050  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm
 a4a6aabeae772da093d771695d350dc0  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm
 eb0860600fe024f88c015f77976d61c4  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 95d2a9ad359eb51d2c8743a8f2d8cc21  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
 91629018178a74304f232c38b29ea831  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
 93465357b9ff908de20c7448d501c1fa  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
 4fe4964642e28e972c34c759d1e726d1  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm
 461967ff7add4e31702460db4ee6e602  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 6f5fbabba03318860472c0ce5c0a65e4  corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
 444fc50e3d9cccf09601026c7487d78e  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 20da8a1239bc532d7c45d32931360d7b  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
 40af6535454c3ea73dc4f6473b9f24c0  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm
 2c7d093af7530397c8b935409080c25c  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm
 51b4f1d2ef0118a2ed84b430bc89242e  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm
 66721b5e94867256724faf443ae1e8a3  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm
 8e37a1b93e5ae3850d1259eea8aa3de3  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm
 d705258a79d0cb500560de0f3babe596  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm
 325bfc125311d543b8808133345afb00  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm
 ae37ee6f2b895664bfddb06798180907  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm
 897a5a32aa8e71cd3b644bc75e33f98a  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm
 eb0860600fe024f88c015f77976d61c4  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgVlLmqjQ0CJFipgRAiRuAKDmfb4FZioexZ9AGFV+Ao1UFibNFwCbBrBj
8tuWJMZfMYQMzHlWuRM/BF0=
=xvrZ
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:229
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : evince
 Date    : December 13, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack-based buffer overflow in ps.c for evince allows user-assisted  attackers to execute arbitrary code via a PostScript (PS) file
with  certain headers that contain long comments, as demonstrated using the  DocumentMedia header.

 Packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 9cac7456ee1b25c93bd73c430475baaf  2007.0/i586/evince-0.6.0-1.2mdv2007.0.i586.rpm
 d8a6e0604fe5fff79909659bd2fa0136  2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 5d231a5f65991fe2383cdfc907425b77  2007.0/x86_64/evince-0.6.0-1.2mdv2007.0.x86_64.rpm
 d8a6e0604fe5fff79909659bd2fa0136  2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgKj+mqjQ0CJFipgRAtBCAKDKnwM086Y9DupRDVTrAjnpH8bAVQCg3kLy
+Sol3MJsG9wREueQWX6g1Fw=
=/c4l
- -----END PGP SIGNATURE-----



3.

                               

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:230
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : clamav
 Date    : December 13, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0  _______________________________________________________________________
 
 Problem Description:
 
 The latest version of ClamAV, 0.88.7, fixes some bugs, including  vulnerabilities with handling base64-encoded MIME attachment
files that  can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus  detection (CVE-2006-6406).

 As well, a vulnerability was discovered that allows remote attackers to  cause a stack overflow and application crash by wrapping
many layers of  multipart/mixed content around a document (CVE-2006-6481).

 The latest ClamAV is being provided to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5874
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6406
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 b62b980e893f31cb4a1868bf654111b1  2006.0/i586/clamav-0.88.7-0.1.20060mdk.i586.rpm
 45224507b6eb7548d77d350e49b779bf  2006.0/i586/clamav-db-0.88.7-0.1.20060mdk.i586.rpm
 2839e6db4e043c8c5f30242073fd463a  2006.0/i586/clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
 1efab3d20fc9a3ee591bca6cd911f432  2006.0/i586/clamd-0.88.7-0.1.20060mdk.i586.rpm
 a02b321e3540dc8746568ceb89978d8a  2006.0/i586/libclamav1-0.88.7-0.1.20060mdk.i586.rpm
 a2a63b58aa4799427b10b2ef3df0312a  2006.0/i586/libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm
 d0eec42b243ddf7adf64cf64d1220381  2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c82c856996f6916e538ad1d8108f32ff  2006.0/x86_64/clamav-0.88.7-0.1.20060mdk.x86_64.rpm
 c14d9d0ff168241afaed73f5835b1e76  2006.0/x86_64/clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
 501ae197ee84e3a9b791bab78e27d744  2006.0/x86_64/clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
 795e8d155a0b93f3854c2a454f265cbd  2006.0/x86_64/clamd-0.88.7-0.1.20060mdk.x86_64.rpm
 94d70db54cb3129082c5c30d294368d9  2006.0/x86_64/lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
 d130298465adc84967cc4b2f00b7e3ba  2006.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm
 d0eec42b243ddf7adf64cf64d1220381  2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 96ed9d67bba561245f73cc69596c4d47  2007.0/i586/clamav-0.88.7-1.1mdv2007.0.i586.rpm
 3b0d3b89b0507b6a8c65b675a0fbb67b  2007.0/i586/clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
 31a67792b8319f86c1a48d82c78c06a0  2007.0/i586/clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
 3277aa7171b3e4d05d03d7ee7d1c0ed4  2007.0/i586/clamd-0.88.7-1.1mdv2007.0.i586.rpm
 c25960475a4606bbd910a0200e4cf53f  2007.0/i586/libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
 265ac03db8213dd9bfca2723b300a763  2007.0/i586/libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm
 6a4400d492a1a960b8d92f00552d7d18  2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 88d6558eaedc651f5997a25a303079a5  2007.0/x86_64/clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
 78e4cd526a8622b6e12f84fa4ae3d6d0  2007.0/x86_64/clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
 61e1966f5630a939136957d82acbb4c6  2007.0/x86_64/clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
 9d19aefac34f54e499c36733eca73111  2007.0/x86_64/clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
 bdf0b48ad7b2afb5aa17b57f42482cf8  2007.0/x86_64/lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
 2cd6d0d8d721cf027d0e2bcaebc34cbc  2007.0/x86_64/lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm
 6a4400d492a1a960b8d92f00552d7d18  2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

 Corporate 3.0:
 feaa3bc3bf4a008ebe28be198d00fdf3  corporate/3.0/i586/clamav-0.88.7-0.1.C30mdk.i586.rpm
 07d17cdbf4f6037211a6ccd8fa19dacb  corporate/3.0/i586/clamav-db-0.88.7-0.1.C30mdk.i586.rpm
 86d5d1ba6a021918dfec382d363f1b6c  corporate/3.0/i586/clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
 cd6b3538836b38a4280bc87b8973622f  corporate/3.0/i586/clamd-0.88.7-0.1.C30mdk.i586.rpm
 9267bc8bfe596439de8886223bad26e9  corporate/3.0/i586/libclamav1-0.88.7-0.1.C30mdk.i586.rpm
 4682ad4e008c5ce93429034abe40d5d6  corporate/3.0/i586/libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm
 98f8117362b50ca3e775894d45a5fcfb  corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 cfa59847b3868d67dac9c61ce07a310d  corporate/3.0/x86_64/clamav-0.88.7-0.1.C30mdk.x86_64.rpm
 53d4c93840bb02b1092b2a8122e555e5  corporate/3.0/x86_64/clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
 893ef35e464ef5e9b1f7bad7ce1b1842  corporate/3.0/x86_64/clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
 dfa01a642a5b00c298a6bd85a82d7a5d  corporate/3.0/x86_64/clamd-0.88.7-0.1.C30mdk.x86_64.rpm
 0ee7a5c70a4f3d2e01e19a3abda229fb  corporate/3.0/x86_64/lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
 7007fdd4b7c038c85947cda87c5262d3  corporate/3.0/x86_64/lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm
 98f8117362b50ca3e775894d45a5fcfb  corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

 Corporate 4.0:
 1fc7dc3770ca0a6aa16c6213d5d19fcc  corporate/4.0/i586/clamav-0.88.7-0.1.20060mlcs4.i586.rpm
 aa5259c487956b9de144fe12710f3f1c  corporate/4.0/i586/clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
 15fca428565d2dd9f2c169359826a95a  corporate/4.0/i586/clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
 6a2ad1ede1e2d686c6d894e8c8b1e441  corporate/4.0/i586/clamd-0.88.7-0.1.20060mlcs4.i586.rpm
 87a1ad35fa480c91a769351bb9571698  corporate/4.0/i586/libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
 1c3f598674665c6c399e7799103dc4b7  corporate/4.0/i586/libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm
 bbbd149e943f327577eba98d7c5dce0a  corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5941452de407b4f4d0e5631d57cea1b8  corporate/4.0/x86_64/clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
 86dca13c238afc9ccb7683542ad12b44  corporate/4.0/x86_64/clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
 249703cc4d464ef85067b4659d0e6757  corporate/4.0/x86_64/clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm
 bf8037a275cf6e28a1a1227b5a9e5777  corporate/4.0/x86_64/clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
 7b507bda94614b3f4547415df052af0f  corporate/4.0/x86_64/lib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm
 2778dd446bbd8b0e7f8e756bd8d8634f  corporate/4.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm
 bbbd149e943f327577eba98d7c5dce0a  corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgKmimqjQ0CJFipgRAo1UAKD1yGF4pBsvp0qCiA8d6+Y1fOqnRQCeLXip
wqTUVda/tbDQwDjyJK5R76c=
=onOo
- -----END PGP SIGNATURE-----



4.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Advisory                                   MDKA-2006:064
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : sendmail
 Date    : December 14, 2006
 Affected: 2006.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A bug in the sendmail service initscript prevented the sm-client  service from restarting if had not shut down cleanly from a
previous  run. The updated packages address this issue.
 _______________________________________________________________________

 References:
 
 http://qa.mandriva.com/show_bug.cgi?id=24945
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 8ecb4d5cadd6de5017a5ea3fcfe267ea  2006.0/i586/sendmail-8.13.4-6.4.20060mdk.i586.rpm
 c16bc0b9520ca5db2cee70b82466ffe1  2006.0/i586/sendmail-cf-8.13.4-6.4.20060mdk.i586.rpm
 00ec167e016a44fc9bd0938c0b0f348e  2006.0/i586/sendmail-devel-8.13.4-6.4.20060mdk.i586.rpm
 c9879d2fdb916f4f7fe4bdd33e320058  2006.0/i586/sendmail-doc-8.13.4-6.4.20060mdk.i586.rpm
 f72bcc8026d17e6a457f06f3a586a013  2006.0/SRPMS/sendmail-8.13.4-6.4.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 3ffedc6056dd93c1df26ea65b89e5b8f  2006.0/x86_64/sendmail-8.13.4-6.4.20060mdk.x86_64.rpm
 f8feefdabe494f7ee008ef51134e2a3d  2006.0/x86_64/sendmail-cf-8.13.4-6.4.20060mdk.x86_64.rpm
 65824a9589502a7608c420864ef814db  2006.0/x86_64/sendmail-devel-8.13.4-6.4.20060mdk.x86_64.rpm
 3c7877eefe6b248d9acccbf4e037b490  2006.0/x86_64/sendmail-doc-8.13.4-6.4.20060mdk.x86_64.rpm
 f72bcc8026d17e6a457f06f3a586a013  2006.0/SRPMS/sendmail-8.13.4-6.4.20060mdk.src.rpm

 Corporate 3.0:
 0e94ff471de064058ee894d88764cebf  corporate/3.0/i586/sendmail-8.12.11-1.4.C30mdk.i586.rpm
 2d44c483b9841dc2ca5242751c09d86f  corporate/3.0/i586/sendmail-cf-8.12.11-1.4.C30mdk.i586.rpm
 e9e8860a2aff105c0de76cb8317f5328  corporate/3.0/i586/sendmail-devel-8.12.11-1.4.C30mdk.i586.rpm
 040e930730121e969c393dd6b8101a42  corporate/3.0/i586/sendmail-doc-8.12.11-1.4.C30mdk.i586.rpm
 643d5ce66a3e03911b82913f29428794  corporate/3.0/SRPMS/sendmail-8.12.11-1.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 81ea89baf06a9a56477029f749dbfc98  corporate/3.0/x86_64/sendmail-8.12.11-1.4.C30mdk.x86_64.rpm
 64c0f689ff84c543497724df3262cd57  corporate/3.0/x86_64/sendmail-cf-8.12.11-1.4.C30mdk.x86_64.rpm
 09f89c66d81bf545b8b541b44af4c41f  corporate/3.0/x86_64/sendmail-devel-8.12.11-1.4.C30mdk.x86_64.rpm
 bd75ceb3bea4d148b98144ce1853370d  corporate/3.0/x86_64/sendmail-doc-8.12.11-1.4.C30mdk.x86_64.rpm
 643d5ce66a3e03911b82913f29428794  corporate/3.0/SRPMS/sendmail-8.12.11-1.4.C30mdk.src.rpm

 Corporate 4.0:
 9068e5e7a8705a979651c82324460d5f  corporate/4.0/i586/sendmail-8.13.4-6.4.20060mlcs4.i586.rpm
 44d41ef6c825887719f096be5125eeb4  corporate/4.0/i586/sendmail-cf-8.13.4-6.4.20060mlcs4.i586.rpm
 09629e236bb12cc331c074bfb48d8a4a  corporate/4.0/i586/sendmail-devel-8.13.4-6.4.20060mlcs4.i586.rpm
 989c1f321a9076a3fefc7db81e766fbc  corporate/4.0/i586/sendmail-doc-8.13.4-6.4.20060mlcs4.i586.rpm
 0a978051c87c0272ecc40834a675d0e4  corporate/4.0/SRPMS/sendmail-8.13.4-6.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 9a1c915df55008d77c8a9060fcb86af5  corporate/4.0/x86_64/sendmail-8.13.4-6.4.20060mlcs4.x86_64.rpm
 9f74e8aebd68521f24e3ab630d5b699f  corporate/4.0/x86_64/sendmail-cf-8.13.4-6.4.20060mlcs4.x86_64.rpm
 d8e59548fbcf21b8c534332905c0ef52  corporate/4.0/x86_64/sendmail-devel-8.13.4-6.4.20060mlcs4.x86_64.rpm
 d993b856db111ed42a789c41d38b1d08  corporate/4.0/x86_64/sendmail-doc-8.13.4-6.4.20060mlcs4.x86_64.rpm
 0a978051c87c0272ecc40834a675d0e4  corporate/4.0/SRPMS/sendmail-8.13.4-6.4.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 4db01085d3beb32efb13d94aba38b6dc  mnf/2.0/i586/sendmail-8.12.11-1.4.M20mdk.i586.rpm
 846007c35ee861cb95b5ec488933df69  mnf/2.0/i586/sendmail-cf-8.12.11-1.4.M20mdk.i586.rpm
 30ce5f9363355e4ef70c7b044282abe9  mnf/2.0/i586/sendmail-devel-8.12.11-1.4.M20mdk.i586.rpm
 140b41282c5b464f57aa26539c488a45  mnf/2.0/i586/sendmail-doc-8.12.11-1.4.M20mdk.i586.rpm
 36d9d03d0f701eacb510bfe1fc9290da  mnf/2.0/SRPMS/sendmail-8.12.11-1.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgWSMmqjQ0CJFipgRAvL5AJ9UI0KA3eNZbZw+cSO2pBRMPeUrMQCg4Swr
3wygygUUYiJ0zBUDr0MMeqw=
=5OT3
- -----END PGP SIGNATURE-----



5.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Advisory                                   MDKA-2006:066
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : evolution-sharp
 Date    : December 14, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 The evolution-sharp bindings weren't configured properly, preventing  beagle from indexing Evolution mailboxes. This update fixes
this issue.
 _______________________________________________________________________

 References:
 
 http://qa.mandriva.com/show_bug.cgi?id=26939
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 e3858cf2a7974b1502ad50c81635aa12  2007.0/i586/evolution-sharp-0.11.1-4.1mdv2007.0.i586.rpm
 7c63249167806836a1d7ea94c2073db7  2007.0/SRPMS/evolution-sharp-0.11.1-4.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7a9c65145e54a7bf6d00c65385690c02  2007.0/x86_64/evolution-sharp-0.11.1-4.1mdv2007.0.x86_64.rpm
 7c63249167806836a1d7ea94c2073db7  2007.0/SRPMS/evolution-sharp-0.11.1-4.1mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFga0YmqjQ0CJFipgRAlsyAKDhLyjpprSlzfF3RANMPIaDtZWtbwCg7wtk
WNzu+Go/qyiCc7fsdscJp+A=
=tcYx
- -----END PGP SIGNATURE-----



6.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:231
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gdm
 Date    : December 14, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Local exploitation of a format string vulnerability in GNOME  Foundation's GNOME Display Manager host chooser window (gdmchooser)
could allow an unauthenticated attacker to execute arbitrary code on  the affected system.

 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6105
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 fa245d14d410ec1447e416bfa83e8f8b  2007.0/i586/gdm-2.16.0-2.1mdv2007.0.i586.rpm
 aa3e3845491fec59b81e3dfd3002926d  2007.0/i586/gdm-Xnest-2.16.0-2.1mdv2007.0.i586.rpm
 5b0f4d242a3e34d7ab9b8fe1098ec226  2007.0/SRPMS/gdm-2.16.0-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9fcd84e9208055d8692931528f52b0d3  2007.0/x86_64/gdm-2.16.0-2.1mdv2007.0.x86_64.rpm
 5b2499806469f41f6c32a59102212994  2007.0/x86_64/gdm-Xnest-2.16.0-2.1mdv2007.0.x86_64.rpm
 5b0f4d242a3e34d7ab9b8fe1098ec226  2007.0/SRPMS/gdm-2.16.0-2.1mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFgdkNmqjQ0CJFipgRApIOAJ0Ybh4j7nlfav7dZNHFo7fOw+qYqwCfaRZw
FVL46faEX8v8B2b3yzDF9+o=
=XTM2
- -----END PGP SIGNATURE-----


______________________________________________________________________________

NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
______________________________________________________________________________

For additional information or assistance, please contact our help desk
by telephone.  You may send Not Protectively Marked information via
e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

______________________________________________________________________________

UNIRAS wishes to acknowledge the contributions of Mandriva for the
information contained in this briefing.
______________________________________________________________________________

This notice contains information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the site of the original source to ensure that you receive the most
current information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this
notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response
Teams (IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
______________________________________________________________________________

<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRYK1JWl7oeQsXfKvEQKnVwCbBhjUnjoXvmdS8ORTrGsFIyRQPkIAoNw6
Kz07Pbt/q0/UHdIkH3+8rLEE
=kjP9
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________