http://www.mandriva.com/en/security/advisories Mandriva security advisories en-us http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:188 A number of vulnerabilities have been discovered in the Apache<br /> Tomcat server:<br /> <br /> The default catalina.policy in the JULI logging component did not<br /> restrict certain permissions for web applications which could allow a<br /> remote attacker to modify logging configuration options and overwrite<br /> arbitrary files (CVE-2007-5342).<br /> <br /> A cross-site scripting vulnerability was found in the<br /> HttpServletResponse.sendError() method which could allow a remote<br /> attacker to inject arbitrary web script or HTML via forged HTTP headers<br /> (CVE-2008-1232).<br /> <br /> A cross-site scripting vulnerability was found in the host manager<br /> application that could allow a remote attacker to inject arbitrary<br /> web script or HTML via the hostname parameter (CVE-2008-1947).<br /> <br /> A traversal vulnerability was found when using a RequestDispatcher in<br /> combination with a servlet or JSP that could allow a remote attacker<br /> to utilize a specially-crafted request parameter to access protected<br /> web resources (CVE-2008-2370).<br /> <br /> A traversal vulnerability was found when the 'allowLinking' and<br /> 'URIencoding' settings were actived which could allow a remote attacker<br /> to use a UTF-8-encoded request to extend their privileges and obtain<br /> local files accessible to the Tomcat process (CVE-2008-2938).<br /> <br /> The updated packages have been patched to correct these issues. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:186 Multiple integer overflows were reported by the Google Security Team<br /> that had been fixed in Python 2.5.2 (CVE-2008-3143).<br /> <br /> The Python packages on Corporate 3 have been updated to the latest<br /> version 2.3.7, which corrects this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:185 A cross-site request forgery vulnerability was discovered in Django<br /> that, if exploited, could be used to perform unrequested deletion or<br /> modification of data. Updated versions of Django will now discard<br /> posts from users whose sessions have expired, so data will need to<br /> be re-entered in these cases (CVE-2008-3909).<br /> <br /> The versions of Django shipping with Mandriva Linux have been updated<br /> to the latest patched versions that include the fix for this issue.<br /> In addition, they provide other bug fixes. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:184 Drew Yaro of the Apple Product Security Team reported multiple uses of<br /> uninitialized values in libtiff's LZW compression algorithm decoder.<br /> An attacker could create a carefully crafted LZW-encoded TIFF file that<br /> would cause an application linked to libtiff to crash or potentially<br /> execute arbitrary code (CVE-2008-2327).<br /> <br /> The updated packages have been patched to prevent this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:183 Chaskiel M Grundman found that OpenSC would initialize smart cards<br /> with the Siemens CardOS M4 card operating system without proper access<br /> rights. This allowed everyone to change the card's PIN without first<br /> having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235).<br /> <br /> Please note that this issue can not be used to discover the PIN on<br /> a card. If the PIN on a card is the same that was always there,<br /> it is unlikely that this vulnerability has been exploited. As well,<br /> this issue only affects smart cards and USB crypto tokens based on<br /> Siemens CardOS M4, and then only those devices that were initialized<br /> by OpenSC. Users of other smart cards or USB crypto tokens, or cards<br /> that were not initialized by OpenSC, are not affected.<br /> <br /> After applying the update, executing 'pkcs15-tool -T' will indicate<br /> whether the card is fine or vulnerable. If the card is vulnerable, the<br /> security settings need to be updated by executing 'pkcs15-tool -T -U'.<br /> <br /> The updated packages have been patched to prevent this issue. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:182 Rob Holland found several programming errors in WordNet which could<br /> lead to the execution or arbitrary code when used with untrusted input<br /> (CVE-2008-2149).<br /> <br /> The updated packages have been patched to prevent these issues. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:181 Two denial of service vulnerabilities were discovered in the<br /> ipsec-tools racoon daemon, which could allow a remote attacker to cause<br /> it to consume all available memory (CVE-2008-3651, CVE-2008-3652).<br /> <br /> The updated packages have been patched to prevent these issues. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:119 Updated timezone packages are being provided for older Mandriva Linux<br /> systems that do not contain new Daylight Savings Time information<br /> and Time Zone information for some locations. These updated packages<br /> contain the new information. http://www.mandriva.com/en/security/advisories?name=MDVA-2008:118 The video player totem was associated as an autostart application<br /> for audio CDs, but the totem version in Mandriva Linux 2008.1 did not<br /> support CD playback anymore. This update removes totem from the list<br /> of default applications. http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:180-1 Andreas Solberg found a denial of service flaw in how libxml2 processed<br /> certain content. If an application linked against libxml2 processed<br /> such malformed XML content, it could cause the application to stop<br /> responding (CVE-2008-3281).<br /> <br /> Update:<br /> <br /> The original fix used to correct this issue caused some applications<br /> that used the libxml2 library to crash. These new updated packages<br /> use a different fix that does not cause certain linked applications<br /> to crash as the old packages did.