MidnightBSD

Advisories for mandriva

CVE-2005-3181 LOW

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.11.4
linux linux_kernel 2.6.11.5
linux linux_kernel 2.6.8
linux linux_kernel 2.6.12.1
linux linux_kernel 2.6.11.12
linux linux_kernel 2.6.3
linux linux_kernel 2.6.4
linux linux_kernel 2.6.13.2
canonical ubuntu_linux 4.10
linux linux_kernel 2.6.5
linux linux_kernel 2.6.7
mandriva linux 10.2
linux linux_kernel 2.6.9
linux linux_kernel 2.6.11.10
linux linux_kernel 2.6.11.1
mandriva linux 2006.0
debian debian_linux 3.1
linux linux_kernel 2.6.11.7
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12.4
linux linux_kernel *
linux linux_kernel 2.6.1
linux linux_kernel 2.6.11.2
linux linux_kernel 2.6.12.6
linux linux_kernel 2.6.13
linux linux_kernel 2.6.12.3
linux linux_kernel 2.6.11.6
linux linux_kernel 2.6.10
linux linux_kernel 2.6.11.11
linux linux_kernel 2.6.12.5
linux linux_kernel 2.6.13.1
linux linux_kernel 2.6.11.8
linux linux_kernel 2.6.0
linux linux_kernel 2.6.11.3
linux linux_kernel 2.6.12.2
linux linux_kernel 2.6.8.1
canonical ubuntu_linux 5.04
mandriva linux 10.1
linux linux_kernel 2.6.11.9
linux linux_kernel 2.6.11
linux linux_kernel 2.6.6
CVE-2011-2162 HIGH

Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ffmpeg ffmpeg 0.4.4
mandriva linux 2010.0
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.5.4
ffmpeg ffmpeg 0.5.1
ffmpeg ffmpeg 0.5.2
mandriva linux 2010.1
mplayerhq mplayer 1.0
mandriva corporate_server 4.0
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.3
mandriva linux 2009.0
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.5.3
ffmpeg ffmpeg 0.6.1
ffmpeg ffmpeg 0.4.0
mandriva enterprise_server 5
ffmpeg ffmpeg 0.4.6
CVE-2013-4854 HIGH

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc dnsco_bind 9.9.4
slackware slackware_linux 13.0
isc bind 9.7.5
isc bind 9.8.3
hp hp-ux b.11.31
isc bind 9.8.4
freebsd freebsd 9.2
mandriva enterprise_server 5.0
isc bind 9.9.3
slackware slackware_linux 13.1
freebsd freebsd 9.1
isc bind 9.7.1
isc dnsco_bind 9.9.3
slackware slackware_linux 12.2
isc bind 9.7.6
suse suse_linux_enterprise_software_development_kit 11.0
isc bind 9.8.0
freebsd freebsd 8.0
isc bind 9.7.3
fedoraproject fedora 19
isc bind 9.9.1
isc bind 9.7.4
slackware slackware_linux 13.37
freebsd freebsd 8.3
isc bind 9.7.0
isc bind 9.8.2
freebsd freebsd 8.4
freebsd freebsd 8.2
isc bind 9.9.2
freebsd freebsd 9.0
isc bind 9.9.0
fedoraproject fedora 18
isc bind 9.8.5
slackware slackware_linux 12.1
opensuse opensuse 11.4
novell suse_linux 11
redhat enterprise_linux 6.0
isc bind 9.7.7
isc bind 9.7.2
isc bind 9.8.6
mandriva business_server 1.0
redhat enterprise_linux 5
freebsd freebsd 8.1
isc bind 9.8.1