-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:048 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : postgresql Date : February 12, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in postgresql: Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions (CVE-2014-8161). Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denia
Monthly Archives: February 2015
[ MDVSA-2015:047 ] elfutils
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:047 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : elfutils Date : February 12, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated elfutils packages fix security vulnerability: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (CVE-2014-9447). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447 http://advisories.mageia.org/MGASA-2015-0033.html ____
MDVSA-2015:046: ntp
Updated ntp packages fix security vulnerabilities:
Stephen Roettger of the Google Security Team, Sebastian Krahmer of
the SUSE Security Team and Harlan Stenn of Network Time Foundation
discovered that the length value in extension fields is not properly
validated in several code paths in ntp_crypto.c, which could lead to
information leakage or denial of service (CVE-2014-9297).
Stephen Roettger of the Google Security Team reported that ACLs based
on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298).
MDVSA-2015:045: e2fsprogs
Updated e2fsprogs packages fix security vulnerability:
The libext2fs library, part of e2fsprogs and utilized by its utilities,
is affected by a boundary check error on block group descriptor
information, leading to a heap based buffer overflow. A specially
crafted filesystem image can be used to trigger the vulnerability
(CVE-2015-0247).
MDVSA-2015:044: perl-Gtk2
A vulnerability has been discovered and corrected in perl-Gtk2:
Incorrect memory management in Gtk2::Gdk::Display::list_devices in
perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+
still holds onto and might access later.
The updated packages have been patched to correct this issue.
RHBA-2015:0194-1: ovirt-hosted-engine-ha bug fix and enhancement update
Red Hat Enterprise Linux: Updated ovirt-hosted-engine-ha packages that fix several bugs and add various
enhancements are now available.
RHBA-2015:0183-1: rhevm-sdk-python bug fix and enhancement update
Red Hat Enterprise Linux: Updated rhevm-sdk-python packages that fix several bugs and add various
enhancements are now available.
RHBA-2015:0179-1: ovirt-host-deploy-offline bug fix and enhancement update
Red Hat Enterprise Linux: An updated ovirt-host-deploy-offline package is now available.
RHBA-2015:0175-1: otopi bug fix and enhancement update
Red Hat Enterprise Linux: Updated otopi packages are now available.
RHBA-2015:0173-1: ovirt-host-deploy bug fix and enhancement update
Red Hat Enterprise Linux: Updated ovirt-host-deploy packages are now available.