%package php-xdebug
Update: Tue Jul 13 15:07:45 2010
Importance: bugfix
ID: MDVA-2010:181-1
URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:181-1

%pre
This is maintenance and bugfix release bringing php-xdebug-2.1.0
(final) that addreses some php-5.3.x specific issues.

Update:

Updated packages for Mandriva Linux 2010.1 is also provided.

%description
The Xdebug extension helps you debugging your script by providing a lot of
valuable debug information.  The debug information that Xdebug can provide
includes the following:

* stack and function traces in error messages with:
  o full parameter display for user defined functions
  o function name, file name and line indications
  o support for member functions
* memory allocation
* protection for infinite recursions

Xdebug also provides:

* profiling information for PHP scripts
* script execution analysis
* capabilities to debug your scripts interactively with a debug client


%package libpython2.6 libpython2.6-devel python python-docs tkinter tkinter-apps
Update: Wed Jul 14 16:11:43 2010
Importance: security
ID: MDVSA-2010:132
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:132

%pre
Multiple vulnerabilities has been found and corrected in python:

Multiple integer overflows in audioop.c in the audioop module in
Ptthon allow context-dependent attackers to cause a denial of service
(application crash) via a large fragment, as demonstrated by a call
to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow.  NOTE: this vulnerability exists because of an
incorrect fix for CVE-2008-3143.5 (CVE-2010-1634).

The audioop module in Python does not verify the relationships between
size arguments and byte string lengths, which allows context-dependent
attackers to cause a denial of service (memory corruption and
application crash) via crafted arguments, as demonstrated by a call
to audioop.reverse with a one-byte string, a different vulnerability
than CVE-2010-1634 (CVE-2010-2089).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

%description
Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems (X11, Motif, Tk,
Mac and MFC).

Programmers can write new built-in modules for Python in C or C++.
Python can be used as an extension language for applications that
need a programmable interface. This package contains most of the
standard Python modules, as well as modules for interfacing to the
Tix widget set for Tk and RPM.

Note that documentation for Python is provided in the python-docs
package.


%package libpng3 libpng-devel libpng-source libpng-static-devel
Update: Thu Jul 15 21:23:33 2010
Importance: security
ID: MDVSA-2010:133
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:133

%pre
Multiple vulnerabilities has been found and corrected in libpng:

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng
before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers
to cause a denial of service (memory exhaustion) via a crafted PNG file
(CVE-2008-6218.

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x
before 1.4.3, as used in progressive applications, might allow remote
attackers to execute arbitrary code via a PNG image that triggers an
additional data row (CVE-2010-1205).

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
1.4.3, allows remote attackers to cause a denial of service (memory
consumption and application crash) via a PNG image containing malformed
Physical Scale (aka sCAL) chunks (CVE-2010-2249).

As a precaution htmldoc has been rebuilt to link against the
system libpng library for CS4 and 2008.0. Latest xulrunner and
mozilla-thunderbird has been patched as a precaution for 2008.0 wheres
on 2009.0 and up the the system libpng library is used instead of the
bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is
therefore also being provided with this advisory.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

%description
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.  PNG is
a bit-mapped graphics format similar to the GIF format.  PNG was created to
replace the GIF format, since GIF uses a patented data compression
algorithm.

Libpng should be installed if you need to manipulate PNG format image
files.


%package ghostscript ghostscript-common ghostscript-doc ghostscript-dvipdf ghostscript-module-X ghostscript-X libgs8 libgs8-devel libijs1 libijs1-devel
Update: Thu Jul 15 23:43:01 2010
Importance: security
ID: MDVSA-2010:136
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:136

%pre
A vulnerability has been found and corrected in ghostscript:

Ghostscript 8.64, 8.70, and possibly other versions allows
context-dependent attackers to execute arbitrary code via a
PostScript file containing unlimited recursive procedure invocations,
which trigger memory corruption in the stack of the interpreter
(CVE-2010-1628).

As a precaution ghostscriptc has been rebuilt to link against the
system libpng library which was fixed with MDVSA-2010:133

The updated packages have been patched to correct this issue.

%description
Ghostscript is a set of software tools that provide a PostScript(TM)
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files. Ghostscript
translates PostScript code into many common, bitmapped and vector
formats, like those understood by your printer or screen. Ghostscript
is normally used to display PostScript files and to print PostScript
files to non-PostScript printers.

You should install ghostscript if you need to display PostScript or
PDF files, or if you have a non-PostScript printer.


%package libfreetype6 libfreetype6-devel libfreetype6-static-devel
Update: Sun Jul 18 18:36:40 2010
Importance: security
ID: MDVSA-2010:137
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:137

%pre
Multiple vulnerabilities has been found and corrected in freetype2:

Multiple integer underflows/overflows and heap buffer overflows was
discovered and fixed (CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,
CVE-2010-2500, CVE-2010-2519).

A heap buffer overflow was discovered in the bytecode support. The
bytecode support is NOT enabled per default in Mandriva due to previous
patent claims, but packages by PLF is affected (CVE-2010-2520).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

%description
The FreeType2 engine is a free and portable TrueType font rendering engine.
It has been developed to provide TT support to a great variety of
platforms and environments. Note that FreeType2 is a library, not a
stand-alone application, though some utility applications are included


%package rpmdrake
Update: Wed Jul 21 16:54:45 2010
Importance: bugfix
ID: MDVA-2010:182
URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:182

%pre
This update fixes a bug in rpmdrake where it would crashes when
clicking on details (bug #60153).

%description
This package contains the Mandriva graphical software manipulation
tools.

Rpmdrake provides a simple interface that makes it easy to install
and remove software.

MandrivaUpdate is a single-purpose application for keeping your system
up to date with the latest official updates.

There is also a tool for configuring package sources (medias), which can
be run independently or accessed from within rpmdrake.


%package iputils
Update: Fri Jul 23 10:49:28 2010
Importance: security
ID: MDVSA-2010:138
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:138

%pre
Ovidiu Mara reported a vulnerability in ping.c (iputils) that
could cause ping to hang when responding to a malicious echo reply
(CVE-2010-2529). The updated packages have been patched to correct
these issues.

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

%description
The iputils package contains ping, a basic networking tool. The ping command
sends a series of ICMP protocol ECHO_REQUEST packets to a specified network
host and can tell you if that machine is alive and receiving network traffic.


%package apache-mod_php libmbfl1 libmbfl-devel libphp5_common5 php-apc php-apc-admin php-bcmath php-bz2 php-calendar php-cgi php-cli php-ctype php-curl php-dba php-devel php-doc php-dom php-eaccelerator php-eaccelerator-admin php-enchant php-exif php-fileinfo php-filter php-fpm php-ftp php-gd php-gearman php-gettext php-gmp php-hash php-iconv php-imap php-ini php-intl php-json php-ldap php-mailparse php-mbstring php-mcal php-mcrypt php-mssql php-mysql php-mysqli php-odbc php-openssl php-optimizer php-pcntl php-pdo php-pdo_dblib php-pdo_mysql php-pdo_odbc php-pdo_pgsql php-pdo_sqlite php-pgsql php-pinba php-posix php-pspell php-readline php-recode php-sasl php-session php-shmop php-snmp php-soap php-sockets php-sphinx php-sqlite3 php-ssh2 php-suhosin php-sybase_ct php-sysvmsg php-sysvsem php-sysvshm php-tclink php-tidy php-timezonedb php-tokenizer php-translit php-vld php-wddx php-xattr php-xdebug php-xml php-xmlreader php-xmlrpc php-xmlwriter php-xsl php-zip php-zlib
Update: Tue Jul 27 13:54:43 2010
Importance: security
ID: MDVSA-2010:140
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:140

%pre
This is a maintenance and security update that upgrades php to 5.3.3
for 2010.0/2010.1.

Security Enhancements and Fixes in PHP 5.3.3:

* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
* Fixed a possible resource destruction issues in shm_put_var().
* Fixed a possible information leak because of interruption of
XOR operator.
* Fixed a possible memory corruption because of unexpected call-time
pass by refernce and following memory clobbering through callbacks.
* Fixed a possible memory corruption in ArrayObject::uasort().
* Fixed a possible memory corruption in parse_str().
* Fixed a possible memory corruption in pack().
* Fixed a possible memory corruption in substr_replace().
* Fixed a possible memory corruption in addcslashes().
* Fixed a possible stack exhaustion inside fnmatch().
* Fixed a possible dechunking filter buffer overflow.
* Fixed a possible arbitrary memory access inside sqlite extension.
* Fixed string format validation inside phar extension.
* Fixed handling of session variable serialization on certain prefix
characters.
* Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed possible buffer overflows in mysqlnd_list_fields,
mysqlnd_change_user.
* Fixed possible buffer overflows when handling error packets
in mysqlnd.

Additionally some of the third party extensions and required
dependencies has been upgraded and/or rebuilt for the new php version.

%description
PHP5 is an HTML-embeddable scripting language. PHP5 offers built-in database
integration for several commercial and non-commercial database management
systems, so writing a database-enabled script with PHP5 is fairly simple. The
most common use of PHP5 coding is probably as a replacement for CGI scripts.

This version of php has the suhosin patch 0.9.10 applied. Please
report bugs here: http://qa.mandriva.com/ so that the official maintainer of
this Mandriva package can help you. More information regarding the
suhosin patch 0.9.10 here: http://www.suhosin.org/


%package libldap2.4_2 libldap2.4_2-devel libldap2.4_2-static-devel openldap openldap-clients openldap-doc openldap-servers openldap-testprogs openldap-tests
Update: Wed Jul 28 17:41:07 2010
Importance: security
ID: MDVSA-2010:142
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:142

%pre
Multiple vulnerabilities has been discovered and corrected in openldap:

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not
check the return value of a call to the smr_normalize function, which
allows remote attackers to cause a denial of service (segmentation
fault) and possibly execute arbitrary code via a modrdn call with an
RDN string containing invalid UTF-8 sequences, which triggers a free
of an invalid, uninitialized pointer in the slap_mods_free function, as
demonstrated using the Codenomicon LDAPv3 test suite (CVE-2010-0211).

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service
(crash) via a modrdn call with a zero-length RDN destination string,
which is not properly handled by the smr_normalize function and
triggers a NULL pointer dereference in the IA5StringNormalize function
in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test
suite (CVE-2010-0212).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

%description
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.  The suite includes a
stand-alone LDAP server (slapd) which is in the -servers package, libraries for
implementing the LDAP protocol (in the lib packages), and utilities, tools, and
sample clients (in the -clients package). The openldap binary package includes
only configuration files used by the libraries.

Install openldap if you need LDAP applications and tools.


%package gnupg2
Update: Fri Jul 30 18:06:41 2010
Importance: security
ID: MDVSA-2010:143
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:143

%pre
A vulnerability has been discovered and corrected in gnupg2:

Importing a certificate with more than 98 Subject Alternate Names
via GPGSM's import command or implicitly while verifying a signature
causes GPGSM to reallocate an array with the names. The bug is that
the reallocation code misses assigning the reallocated array to the old
array variable and thus the old and freed array will be used. Usually
this leads to a segv (CVE-2010-2547).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

%description
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC2440.


%package dumpcap libwireshark0 libwireshark-devel rawshark tshark wireshark wireshark-tools
Update: Wed Aug 04 18:36:04 2010
Importance: security
ID: MDVSA-2010:144
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:144

%pre
This advisory updates wireshark to the latest version(s), fixing
several security issues:

Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through
1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack
vectors (CVE-2010-2284).

Buffer overflow in the SigComp Universal Decompressor Virtual Machine
dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8
has unknown impact and remote attack vectors (CVE-2010-2287).

%description
Wireshark is a network traffic analyzer for Unix-ish operating systems. It is
based on GTK+, a graphical user interface library, and libpcap, a packet
capture and filtering library.

Wireshark is a fork of Ethereal(tm)


%package libtiff3 libtiff-devel libtiff-progs libtiff-static-devel
Update: Fri Aug 06 18:05:21 2010
Importance: security
ID: MDVSA-2010:146
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:146

%pre
Multiple vulnerabilities has been discovered and corrected in libtiff:

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in
ImageMagick, does not properly handle invalid ReferenceBlackWhite
values, which allows remote attackers to cause a denial of service
(application crash) via a crafted TIFF image that triggers an array
index error, related to downsampled OJPEG input. (CVE-2010-2595)

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c
in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to
execute arbitrary code or cause a denial of service (application crash)
via a crafted TIFF file that triggers a heap-based buffer overflow
(CVE-2010-1411).

Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted TIFF file
that triggers a buffer overflow (CVE-2010-2065).

The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers
to cause a denial of service (out-of-bounds read and application crash)
via a TIFF file with an invalid combination of SamplesPerPixel and
Photometric values (CVE-2010-2483).

The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2
makes incorrect calls to the TIFFGetField function, which allows
remote attackers to cause a denial of service (application crash) via
a crafted TIFF image, related to downsampled OJPEG input and possibly
related to a compiler optimization that triggers a divide-by-zero error
(CVE-2010-2597).

The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly
handle unknown tag types in TIFF directory entries, which allows
remote attackers to cause a denial of service (out-of-bounds read
and application crash) via a crafted TIFF file (CVE-2010-248).

Stack-based buffer overflow in the TIFFFetchSubjectDistance function
in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a long EXIF SubjectDistance field in a TIFF file
(CVE-2010-2067).

tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as
used in ImageMagick, does not properly perform vertical flips, which
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted TIFF image,
related to downsampled OJPEG input. (CVE-2010-2233).

LibTIFF 3.9.4 and earlier does not properly handle an invalid
td_stripbytecount field, which allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash)
via a crafted TIFF file, a different vulnerability than CVE-2010-2443
(CVE-2010-2482).

The updated packages have been patched to correct these issues.

%description
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files. TIFF is a widely used file
format for bitmapped images. TIFF files usually end in the .tif extension
and they are often quite large.


%package beagle beagle-crawl-system beagle-doc beagle-evolution beagle-gui beagle-gui-qt beagle-libs firefox firefox-af firefox-ar firefox-be firefox-bg firefox-bn firefox-ca firefox-cs firefox-cy firefox-da firefox-de firefox-devel firefox-el firefox-en_GB firefox-eo firefox-es_AR firefox-es_ES firefox-et firefox-eu firefox-ext-beagle firefox-ext-blogrovr firefox-ext-mozvoikko firefox-ext-r-kiosk firefox-ext-scribefire firefox-ext-weave-sync firefox-ext-xmarks firefox-fi firefox-fr firefox-fy firefox-ga_IE firefox-gl firefox-gu_IN firefox-he firefox-hi firefox-hu firefox-id firefox-is firefox-it firefox-ja firefox-kn firefox-ko firefox-lt firefox-lv firefox-mk firefox-mr firefox-nb_NO firefox-nl firefox-nn_NO firefox-pa_IN firefox-pl firefox-pt_BR firefox-pt_PT firefox-ro firefox-ru firefox-si firefox-sk firefox-sl firefox-sq firefox-sv_SE firefox-te firefox-th firefox-tr firefox-uk firefox-zh_CN firefox-zh_TW gnome-python-extras gnome-python-gda gnome-python-gda-devel gnome-python-gdl gnome-python-gtkhtml2 gnome-python-gtkmozembed gnome-python-gtkspell libxulrunner1.9.2.8 libxulrunner-devel mozilla-thunderbird-beagle xulrunner yelp
Update: Tue Aug 10 15:26:01 2010
Importance: security
ID: MDVSA-2010:147
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:147

%pre
Security issues were identified and fixed in firefox:

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not
properly free memory in the parameter array of a plugin instance,
which allows remote attackers to cause a denial of service (memory
corruption) or possibly execute arbitrary code via a crafted
HTML document, related to the DATA and SRC attributes of an OBJECT
element. NOTE: this vulnerability exists because of an incorrect fix
for CVE-2010-1214 (CVE-2010-2755).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates. The python packages contained a small
dependency problem on 2008.0/2009.0/MES5 that is addressed as well
with this advisory.

%description
Help browser for GNOME 2 which supports docbook documents, info and man.


%package finch libfinch0 libpurple0 libpurple-devel pidgin pidgin-bonjour pidgin-client pidgin-i18n pidgin-meanwhile pidgin-perl pidgin-plugins pidgin-silc pidgin-tcl
Update: Thu Aug 12 13:25:29 2010
Importance: security
ID: MDVSA-2010:148
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:148

%pre
A security vulnerability has been identified and fixed in pidgin:

The clientautoresp function in family_icbm.c in the oscar protocol
plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated
users to cause a denial of service (NULL pointer dereference and
application crash) via an X-Status message that lacks the expected
end tag for a (1) desc or (2) title element (CVE-2010-2528).

Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.

This update provides pidgin 2.7.3, which is not vulnerable to this
issue.

%description
Pidgin allows you to talk to anyone using a variety of messaging
protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,
ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and
Zephyr.  These protocols are implemented using a modular, easy to
use design.  To use a protocol, just add an account using the
account editor.

Pidgin supports many common features of other clients, as well as many
unique features, such as perl scripting, TCL scripting and C plugins.

Pidgin is not affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, Yahoo! Inc., or ICQ Inc.


%package libfreetype6 libfreetype6-devel libfreetype6-static-devel
Update: Thu Aug 12 17:31:06 2010
Importance: security
ID: MDVSA-2010:149
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:149

%pre
A vulnerability has been discovered and corrected in freetype2:

Multiple stack overflow flaws have been reported in the way FreeType
font rendering engine processed certain CFF opcodes. An attacker
could use these flaws to create a specially-crafted font file that,
when opened, would cause an application linked against libfreetype
to crash, or, possibly execute arbitrary code (CVE-2010-1797).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

%description
The FreeType2 engine is a free and portable TrueType font rendering engine.
It has been developed to provide TT support to a great variety of
platforms and environments. Note that FreeType2 is a library, not a
stand-alone application, though some utility applications are included


%package libmikmod3 libmikmod-devel
Update: Mon Aug 16 09:26:04 2010
Importance: security
ID: MDVSA-2010:151
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:151

%pre
A vulnerability has been discovered and corrected in libmikmod:

Multiple heap-based buffer overflows might allow remote attackers
to execute arbitrary code via (1) crafted samples or (2) crafted
instrument definitions in an Impulse Tracker file (CVE-2009-3995).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

%description
Libmikmod is a portable sound library, capable of playing samples as
well as module files, originally written by Jean-Paul Mikkers (MikMak)
for DOS. It has subsequently been hacked by many hands and now runs on
many Unix flavours.

It uses the OSS /dev/dsp driver including in all recent kernels for
output, as well as ALSA and EsounD, and will also write wav files.

Supported file formats include 669, AMF, APUN, DSM, FAR, GDM, IT, IMF,MOD,
MED, MTM, OKT, S3M, STM, STX, ULT, UNI and XM.
Full source included, use of this library for music/sound effects in
your own programs is encouraged !


%package apache-base apache-devel apache-htcacheclean apache-mod_authn_dbd apache-mod_cache apache-mod_dav apache-mod_dbd apache-mod_deflate apache-mod_disk_cache apache-mod_file_cache apache-mod_ldap apache-mod_mem_cache apache-mod_proxy apache-mod_proxy_ajp apache-mod_proxy_scgi apache-mod_reqtimeout apache-mod_ssl apache-modules apache-mod_userdir apache-mpm-event apache-mpm-itk apache-mpm-peruser apache-mpm-prefork apache-mpm-worker apache-source
Update: Mon Aug 16 13:50:59 2010
Importance: security
ID: MDVSA-2010:152
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:152

%pre
A vulnerabilitiy has been found and corrected in apache:

The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x
before 2.2.16 allow remote attackers to cause a denial of service
(process crash) via a request that lacks a path (CVE-2010-1452).

Packages for 2008.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

%description
This package contains the main binary of apache, a powerful, full-featured,
efficient and freely-available Web server. Apache is also the most popular Web
server on the Internet.

This version of apache is fully modular, and many modules are available in
pre-compiled formats, like PHP and mod_auth_external.

Check for available Apache modules for Mandriva Linux at:
http://nux.se/apache/
(most of them can be installed from the contribs repository)

This package defaults to a maximum of 128 dynamically loadable modules.
This package defaults to a ServerLimit of 1024.

You can change these values at RPM build time by using for example:

--define 'maxmodules 512' --define 'serverlimit 2048'

The package was built to support a maximum of 128 dynamically loadable modules.
The package was built with a ServerLimit of 1024.


%package cabextract
Update: Mon Aug 16 15:27:26 2010
Importance: security
ID: MDVSA-2010:154
URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:154

%pre
Multiple vulnerabilities has been found and corrected in cabextract:

The MS-ZIP decompressor in cabextract before 1.3 allows remote
attackers to cause a denial of service (infinite loop) via a malformed
MSZIP archive in a .cab file during a test or extract action, related
to the libmspack library (CVE-2010-2800).

Integer signedness error in the Quantum decompressor in cabextract
before 1.3, when archive test mode is used, allows user-assisted
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted Quantum archive in
a .cab file, related to the libmspack library (CVE-2010-2801).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages provides cabextract 1.3 which is not vulnerable
to these issues.

%description
Cabinet (.CAB) files are a form of archive, which Microsoft use to
distribute their software, and things like Windows Font Packs. The
cabextract program simply unpacks such files.


%package rsh rsh-server
Update: Wed Aug 18 09:13:20 2010
Importance: bugfix
ID: MDVA-2010:186
URL: http://www.mandriva.com/security/advisories?name=MDVA-2010:186

%pre
Various packages of old unix utilities (rsh, rlogin, telnet,
...) available in mandriva used to be paralleously installable, though
usage of setup-alternative utility. In 2010.1, the MIT-kerberized
versions from krb5-appl package ceased to use this setup, for sake of
simplicity, and was made conflicting with other packages. However,
the netkit version of rsh wasn't modified accordingly, and still
install its binaries as {rsh,rlogin,telnet}.netkit, making their
usage impractical.

%description
The rsh package contains a set of programs which allow users to run commmands
on remote machines, login to other machines and copy files between machines
(rsh, rlogin and rcp). All three of these commands use rhosts style
authentication.  This package contains the clients needed for all of these
services. The rsh package should be installed to enable remote access to other
machines.