passwdehd script in pam_mount would allow local users to overwrite
arbitrary files via a symlink attack on a temporary file.

The updated packages have been patched to prevent this.

Multiple integer overflows in imageop.c in the imageop module in
Python 1.5.2 through 2.5.1 allow context-dependent attackers to
break out of the Python VM and execute arbitrary code via large
integer values in certain arguments to the crop function, leading to
a buffer overflow, a different vulnerability than CVE-2007-4965 and
CVE-2008-1679. (CVE-2008-4864)

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,
allow context-dependent attackers to have an unknown impact via
a large integer value in the tabsize argument to the expandtabs
method, as implemented by (1) the string_expandtabs function in
Objects/stringobject.c and (2) the unicode_expandtabs function in
Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists
because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)

The updated Python packages have been patched to correct these issues.

A vulnerability was found by the Google Security Team with how OpenSSL
checked the verification of certificates. An attacker in control of a
malicious server or able to effect a man-in-the-middle attack, could
present a malformed SSL/TLS signature from a certificate chain to a
vulnerable client, which would then bypass the certificate validation
(CVE-2008-5077).

The updated packages have been patched to prevent this issue.

A bug in KDE 3.5.10 as shipped with Mandriva Linux 2009.0, using the
lame encode with the audiocd kioslave gives a noise sound as output.
This updates fixes the issue.

Mandriva Linux 2009.0 shipped with a pre-release version of Amarok.
This update provides the final Amarok 2.0 release.

The security fix for CVE-2007-6716 in previous kernel update introduced
a problem in directio, when calling pvcreate.

This update provides an updated patch fixing it.

The dos2unix command removes the last line of a file if no newline
character(s) follow. This package fixes the issue.

Update:

This update now provides corrected packages for Mandriva Linux 2008.x
and Corporate Server 4.0.

The xen package released in Mandriva Linux 2009.0 lacks udev rules for
handling hotplug events. As a result trying to create an HVM host
will fail with this kind of error message: 'Error: Device 0 (vif)
could not be connected Hotplug scripts not working'. Additionaly,
it also add PCI pass-through support that was also missing in the
release package.

This update fixes this issue.

This updated x11-server-xorg package provides the following fixes:

The OpenOffice.org application menu would trigger a bug in the X
server's xkb cache code causing it to crash (segfault).

Fake key events generated by the XTest extension would not change
the state of the keyboard leds. This would cause the numlock led to
be inverted when the enable_X11_numlock program was used (Mandriva's
default behaviour).

This update corrects both issues.

This update fixes several minor issues with rpmdrake:

- it stops running with debuging perl pragmas, which should speed up
some things
- it makes edit-urpm-sources not drop the 'ignore' flag when updating
a medium (bug #44930)
- it makes edit-urpm-sources display the right type of altered
mirrorlist media (bug #44930)
- it makes rpmdrake list plasma applets in GUI package list too
(bug #45835)

It also enhances searching in rpmdrake by fixing a rare crash on
searching (bug #46225), by scrolling the group list to the search
category when displaying results, and by updating the GUI package list.

This update fixes a crash in draksnapshot when hal is confused
(bug #44966).

This update fixes the following two issues with msec:

- when changing to a higher security level, permit_root_login is not
handled correctly (bug #19726)
- daily reports with multi-byte characters are not sent correctly
(bug #26773)

The dos2unix command removes the last line of a file if no newline
character(s) follow. This package fixes the issue.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The chip_command function in drivers/media/video/tvaudio.c in the
Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7,
and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of
service (NULL function pointer dereference and OOPS) via unknown
vectors. (CVE-2008-5033)

Stack-based buffer overflow in the hfs_cat_find_brec function
in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows
attackers to cause a denial of service (memory corruption or system
crash) via an hfs filesystem image with an invalid catalog namelength
field, a related issue to CVE-2008-4933. (CVE-2008-5025)

Additionally, added enhancements for a newer revision of Nokia models
6300, XpressMusic 5200, 5610 and 7610, the support for the ub USB
module was disabled, added fixes for the Wake On LAN feature of the
r8169 module, added fixes for suspend and resume on the i915 module,
added ALSA fixes for Intel HDA, added workaround for a bug on iwlagn,
added the m5602 driver, fixed a crash on the ppscsi module, added
fixes to the uvcvideo module.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Local users can use symlink attacks throughout a flaw on
trend-autoupdate script of MailScanner by using /tmp/opr.ini.#####
or /tmp/lpt temporary file (CVE-2008-5140).

Local users can use symlink attacks throughout flaws on
clamav-autoupdate, panda-autoupdate and rav-autoupdate scripts of
MailScanner by using ClamAV.update.log, pav.zip and RavBusy.lock
temporary files (CVE-2008-5312).

Local users can use symlink attacks throughout flaws on
kaspersky-wrapper, bitdefender-wrapper, rav-wrapper scripts and
Quarentine.pm, TNEF.pm, SA.pm, WorkArea.pm MailScanner perl modules
by using kavoutput.tmp.27073, log.bdc.27073, report.vir.27073,
MailScanner.ownertest.27073, tnef.27073 and MS.bayes.rebuild.lock
temporary files (CVE-2008-5313).

Further MailScanner had symlink flaws on antivir-autoupdate,
bitdefender-autoupdate, clamav-autoupdate, etrust-autoupdate,
generic-autoupdate, inoculan-autoupdate, kaspersky-autoupdate,
nod32-autoupdate, norman-autoupdate, rav-autoupdate,
sophos-autoupdate, symscanengine-autoupdate, vexira-autoupdate,
f-prot-autoupdate and css-autoupdate scripts under following
temporary vulnerable files: AntiVirBusy.lock, BitDefenderBusy.lock,
ClamAVBusy.lock, eTrustBusy.lock, GenericBusy.lock, InoculanBusy.lock,
KasperskyBusy.lock, Nod32Busy.lock, NormanBusy.lock, RavBusy.lock,
SophosBusy.lock, SymScanEngineBusy.lock, VexiraBusy.lock,
FProtBusy.lock and SYMCScan.lock.

This update provides fix for all symlink flaws described on this
security advisory.

Security vulnerabilities have been discovered and corrected in
the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500,
CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506,
CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513).

This update provides the latest Mozilla Firefox 3.x to correct
these issues.

Security vulnerabilities have been discovered and corrected in
the latest Mozilla Firefox 2.x, version 2.0.0.19 (CVE-2008-5500,
CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507,
CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512,
CVE-2008-5513).

This update provides the latest Mozilla Firefox 2.x to correct
these issues.

Drakfirewall, as shipped with Mandriva Linux 2009.0, was not able
to save the firewall configuration after changing port selection.
This update fixes the issue.

This package update adds support for automatically configuring
additional software repositories (Restricted / Restricted Updates)
for registered Powerpack users.

This update provides the latest version of the JACK audio server.
It is not provided to fix any specific bugs, but due to the
recommendation of the JACK development community that all users should
upgrade to 0.116.0 or later, as announced at http://jackaudio.org/.
The release fixes many bugs and adds new features, most important
among them being the integration of netjack functionality.