|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
A vulnerability was found in the Lynxcgi: URI handler that could allow
an attacker to create a web page redirecting to a malicious URL that
would execute arbitrary code as the user running Lynx, if they were
using the non-default Advanced user mode (CVE-2008-4690).
This update corrects these issues and, in addition, makes Lynx always
prompt the user before loading a lynxcgi: URI. As well, the default
lynx.cfg configuration file marks all lynxcgi: URIs as untrusted. |
|
|
A flaw was found in the way Lynx handled .mailcap and .mime.types
configuration files. If these files were present in the current
working directory, they would be loaded prior to similar files in
the user's home directory. This could allow a local attacker to
possibly execute arbitrary code as the user running Lynx, if they
could convince the user to run Lynx in a directory under their control
(CVE-2006-7234) |
|
|
A vulnerability was found in how Emacs would import python scripts from
the current working directory during the editing of a python file.
This could allow a local user to execute arbitrary code via a trojan
python file (CVE-2008-3949). |
|
|
A number of vulnerabilities were discovered in Wireshark that could
cause it to crash or abort while processing malicious packets
|
|
|
When an attachment file is opened in a KDE4 application, it is copied
to a temporary directory and opened by a 'kioexec' process. When you
close the application, the 'kioexec' process should automatically
close after some minutes of inactivity in the temporary file. The
kdebase4-runtime package released in Mandriva Linux 2009 has a bug
which prevents the 'kioexec' process from closing.
This update fixes the problem. |
|
|
Several bugs were found in util-linux-ng package:
- Using an offset on loopback device was broken
- Creating an encrypted loopback with losetup -e was broken
- Using fdisk to modify the partition table of an image file did not
write the changes
The updated package fixes these issues. |
|
|
pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify
mountpoint and source ownership before mounting a user-defined volume,
which allows local users to bypass intended access restrictions via
a local mount.
The updated packages have been patched to fix the issue.
Update:
The fix for CVE-2008-3970 uncovered crashes in the code handling the
'allow', 'deny', and 'require' options in pam_mount-0.33, released
for Mandriva Linux 2008 Spring. Also, the verification of the allowed
mount options ('allow' configuration directive) was inverted in
pam_mount-0.33.
This update fixes these issues. |
|
|
<< Start < Prev 4 5 6 Next > End >>
|
| Results 22 - 28 of 1613 |
