Monthly Archives: March 2015

Mandriva

[ MDVSA-2015:167 ] glpi

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:167
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : glpi
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated glpi package fixes security vulnerabilities:
 
 Due to a bug in GLPI before 0.84.7, a user without access to cost
 information can in fact see the information when selecting cost as
 a search criteria (CVE-2014-5032).
 
 An issue in GLPI before 0.84.8 may allow arbitrary local files to be
 included by PHP through an autoload function (CVE-2014-8360).
 
 SQL injection vulnerability in ajax/getDropdownValue.php in GLPI
 before 0.85.1 allows remote authenticated users to execute arbitrary
 SQL commands via the condition paramet
Fedora

Fedora 21 Security Update: drupal7-webform-4.7-1.fc21

Leave a comment

Resolved Bugs
1206400 – drupal7-webform-4.7 is available
1205122 – drupal webform: multiple XSS flaws
1199067 – drupal7-webform-4.5 is available
1150458 – drupal7-webform-4.2 is available
1205125 – drupal7-webform: drupal webform: multiple XSS flaws [fedora-all]
1193356 – drupal7-webform-4.3 is available<br
– Update to 4.7
– Release notes can be found at https://www.drupal.org/node/2460229
– Security fix for drupal7-webform module
– Upstream release notes: https://www.drupal.org/node/2457219
– Release notes can be found at https://www.drupal.org/node/2454063
– Update to 4.3
– Release notes can be found at https://www.drupal.org/node/2427257
– Update to 4.2
– Release notes can be found at https://www.drupal.org/node/2381793

Fedora

Fedora 22 Security Update: drupal7-webform-4.7-1.fc22

Leave a comment

Resolved Bugs
1205125 – drupal7-webform: drupal webform: multiple XSS flaws [fedora-all]
1199067 – drupal7-webform-4.5 is available
1206400 – drupal7-webform-4.7 is available
1205122 – drupal webform: multiple XSS flaws<br
– Update to 4.7
– Release notes can be found at https://www.drupal.org/node/2460229
– Security fix for drupal7-webform module
– Upstream release notes: https://www.drupal.org/node/2457219
– Release notes can be found at https://www.drupal.org/node/2454063

Fedora

Fedora 20 Security Update: kernel-3.19.3-100.fc20

Leave a comment

Resolved Bugs
1205088 – Kernel: fs: btrfs: non-atomic xattr replace operation [fedora-all]
1204724 – CVE-2015-2672 CVE-2015-2666 kernel: various flaws [fedora-all]
1204729 – CVE-2015-2672 kernel: unprivileged denial-of-service due to mis-protected xsave/xrstor instructions
1204722 – CVE-2015-2666 kernel: execution in the early microcode loader
1187004 – Lenovo Ideapad Z570 backlight brightness keys adjust OSD but not screen brightness
1201532 – Merge clickpad patch for i2c touchpads
1181166 – CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access
1200950 – CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access [fedora-all]
1069027 – Cannot turn on Screen with radeon drivers after resume of suspend.
1196266 – CVE-2015-2150 xen: non-maskable interrupts triggerable by guests (xsa120)
1200397 – CVE-2015-2150 xen: non-maskable interrupts triggerable by guests (xsa120) [fedora-all]
1200777 – Fix touchpads on the Oct 2014 series of the Lenovo *40 series
1200778 – Support the Lenovo X1 Carbon 3rd touchpad (kernel)
1195355 – CVE-2015-2042 kernel: rds: information handling flaw in rds sysctl files.
1199365 – CVE-2015-2042 kernel: rds: information handling flaw in rds sysctl files. [fedora-all]<br
The 3.19.3 rebase contains improved hardware support, a number of new features, and many important fixes across the tree.

Fedora

Fedora 21 Security Update: qemu-2.1.3-4.fc21

Leave a comment

Resolved Bugs
1204919 – Qemu: PRDT overflow from guest to host
1205322 – qemu: malicious PRDT flow from guest to host [fedora-all]
1199400 – .vdi images: random IO errors / data corruption in VMs
1192720 – ksm package has executable bits sets for .service files.
1170612 – CVE-2014-8106 qemu: cirrus: insufficient blit region checks [fedora-all]
1169454 – CVE-2014-8106 qemu: cirrus: insufficient blit region checks<br
* Qemu: PRDT overflow from guest to host (bz #1204919, bz #1205322)
* CVE-2014-8106: cirrus: insufficient blit region checks (bz #1170612, bz #1169454)
* Fix .vdi disk corruption (bz #1199400)
* Don’t install ksm services as executable (bz #1192720)

Fedora

Fedora 20 Security Update: drupal7-webform-4.7-1.fc20

Leave a comment

Resolved Bugs
1206400 – drupal7-webform-4.7 is available
1193356 – drupal7-webform-4.3 is available
1199067 – drupal7-webform-4.5 is available
1205125 – drupal7-webform: drupal webform: multiple XSS flaws [fedora-all]
1205122 – drupal webform: multiple XSS flaws
1150458 – drupal7-webform-4.2 is available<br
– Update to 4.7
– Release notes can be found at https://www.drupal.org/node/2460229
– Security fix for drupal7-webform module
– Upstream release notes: https://www.drupal.org/node/2457219
– Release notes can be found at https://www.drupal.org/node/2454063
– Update to 4.3
– Release notes can be found at https://www.drupal.org/node/2427257
– Update to 4.2
– Release notes can be found at https://www.drupal.org/node/2381793

NVD

CVE-2013-7438

Leave a comment

Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an “internal intermediate heap-based buffer.”

NVD

CVE-2015-2785

Leave a comment

The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.