Please Install the Updated Packages.
Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name (CVE-2010-0790). The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits (CVE-2010-0791). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
ncpfs on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64
- Mandriva Update for kdebase4-workspace MDVA-2008:156-1 (kdebase4-workspace)
- Mandriva Update for ocsinventory-agent MDVA-2010:234 (ocsinventory-agent)
- Mandriva Update for timezone MDVA-2010:101 (timezone)
- Mandriva Update for systemd MDVSA-2012:030 (systemd)
- Mandriva Update for libgtop2 MDKSA-2007:023 (libgtop2)