http://www.mandriva.com/en/security/advisories Mandriva security advisories en-us http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:238 A buffer overflow was found by Russell O'Conner in the libsamplerate<br /> library versions prior to 0.1.4 that could possibly lead to the<br /> execution of arbitrary code via a specially crafted audio file<br /> (CVE-2008-5008).<br /> <br /> The updated packages have been patched to prevent this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:237 A vulnerability was discovered in the mod_proxy module in Apache where<br /> it did not limit the number of forwarded interim responses, allowing<br /> remote HTTP servers to cause a denial of service (memory consumption)<br /> via a large number of interim responses (CVE-2008-2364).<br /> <br /> This update also provides HTTP/1.1 compliance fixes.<br /> <br /> The updated packages have been patched to prevent this issue. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:188 The kdewebdev4 package shipped in Mandriva Linux 2009.0 contained<br /> several packaging bugs. One is that kfilereplace and kxsldbg had<br /> file conflicts on icons, and the other was that no meta package<br /> called 'kdewebdev4' was provided. The latter issue would cause<br /> kdewebdev4-devel to be installed when asking to install kdewebdev4.<br /> <br /> The updated packages fix these packaging bugs. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:236 Several vulnerabilities were found in the vim editor:<br /> <br /> A number of input sanitization flaws were found in various vim<br /> system functions. If a user were to open a specially crafted file,<br /> it would be possible to execute arbitrary code as the user running vim<br /> (CVE-2008-2712).<br /> <br /> Ulf Härnhammar of Secunia Research found a format string flaw in<br /> vim's help tags processor. If a user were tricked into executing the<br /> helptags command on malicious data, it could result in the execution<br /> of arbitrary code as the user running vim (CVE-2008-2953).<br /> <br /> A flaw was found in how tar.vim handled TAR archive browsing. If a<br /> user were to open a special TAR archive using the plugin, it could<br /> result in the execution of arbitrary code as the user running vim<br /> (CVE-2008-3074).<br /> <br /> A flaw was found in how zip.vim handled ZIP archive browsing. If a<br /> user were to open a special ZIP archive using the plugin, it could<br /> result in the execution of arbitrary code as the user running vim<br /> (CVE-2008-3075).<br /> <br /> A number of security flaws were found in netrw.vim, the vim plugin<br /> that provides the ability to read and write files over the network.<br /> If a user opened a specially crafted file or directory with the netrw<br /> plugin, it could result in the execution of arbitrary code as the<br /> user running vim (CVE-2008-3076).<br /> <br /> A number of input validation flaws were found in vim's keyword and<br /> tag handling. If vim looked up a document's maliciously crafted<br /> tag or keyword, it was possible to execute arbitary code as the user<br /> running vim (CVE-2008-4101).<br /> <br /> A vulnerability was found in certain versions of netrw.vim where it<br /> would send FTP credentials stored for an FTP session to subsequent<br /> FTP sessions to servers on different hosts, exposing FTP credentials<br /> to remote hosts (CVE-2008-4677).<br /> <br /> This update provides vim 7.2 (patchlevel 65) which corrects all of<br /> these issues and introduces a number of new features and bug fixes. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:187 Several feature bugfixes and stability fixes from GNOME 2.22.3 are<br /> provided by this package update, as well as translation updates. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:186-1 Outgoing mails sent through the Evolution Exchange plugin were not<br /> always sent properly. Spell checking was not working properly when<br /> two different languages were enabled, causing all words to be detected<br /> as mistyped. Those bugs are fixed by this package updates, as well<br /> as massive performance improvements in IMAP handling, additional<br /> translations and many bug fixes from GNOME 2.24.2.<br /> <br /> Update:<br /> <br /> The previous update provided Evolution built against the wrong verion<br /> of the libcamel library, which would cause Evolution to segfault<br /> on startup.. This update corrects the problem. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:186 Outgoing mails sent through the Evolution Exchange plugin were not<br /> always sent properly. Spell checking was not working properly when<br /> two different languages were enabled, causing all words to be detected<br /> as mistyped. Those bugs are fixed by this package updates, as well<br /> as massive performance improvements in IMAP handling, additional<br /> translations and many bug fixes from GNOME 2.24.2. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:185 Mandriva Linux 2009.0 shipped with KDE 4.1.2. This update provides<br /> the full KDE 4.1.3 for Mandriva Linux 2009.0 which brings with it<br /> numerous enhancements and bugfixes.<br /> <br /> Please note: the package list looks empty in this advisory due to<br /> the fact this update provides over 900 packages. The web advisory<br /> lists all packages with their md5sums. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:184 KDevelop as shipped in Mandriva Linux 2009.0 contains a build time<br /> bug, which led to subversion support not being correctly compiled.<br /> As a result, it was not possible to use subversion as the version<br /> control system for projects in KDevelop. The updated package fixes<br /> this problem. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:183 Live, as shipped with Mandriva Linux 2009.0, was missing the main<br /> executable: live555MediaServer. This update provides the program.