-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:029-1 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : binutils Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in binutils: Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow (CVE-2012-3509). The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote
Category Archives: Mandriva
Mandriva Security Advisory
[ MDVSA-2015:179 ] coreutils
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:179 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : coreutils Date : March 30, 2015 Affected: Business Server 1.0, Business Server 2.0 _______________________________________________________________________ Problem Description: Updated coreutils packages fix security vulnerability: Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code (CVE-2014-9471). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471 http://advisories.mageia.org/MGASA-2015-0029.html ______________________________________
[ MDVSA-2015:178 ] ctags
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:178 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : ctags Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated ctags package fixes security vulnerability: A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop (CVE-2014-7204). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7204 http://advisories.mageia.org/MGASA-2014-0415.html ____________________________________________________________________
[ MDVSA-2015:177 ] ctdb
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:177 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : ctdb Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated ctdb packages fix security vulnerability: ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket (CVE-2013-4159). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4159 http://advisories.mageia.org/MGASA-2014-0274.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: c866ceea1e34
[ MDVSA-2015:176 ] dbus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:176 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : dbus Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated dbus packages fix multiple vulnerabilities: A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate (CVE-2014-3477). A flaw was reported in D-Bus's file descriptor passing feature. A local attacker could us
[ MDVSA-2015:175 ] ejabberd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:175 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : ejabberd Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated ejabberd packages fix security vulnerability: A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set (CVE-2014-8760). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8760 http://advisories.mageia.org/MGASA-2014-0417.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64:
[ MDVSA-2015:174 ] erlang
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:174 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : erlang Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module (CVE-2014-1693). This update also disables SSLv3 by default to mitigate the POODLE issue. _______________________________________________________________________ References: http://c
[ MDVSA-2015:173 ] ffmpeg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:173 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : ffmpeg Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated ffmpeg packages fix security vulnerabilities: The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data (CVE-2014-2097). libavcodec/wmalosslessdec.c in FFmpeg before 2.0.4 uses an incorrect data-structure size for certain coefficients, which all
[ MDVSA-2015:172 ] firebird
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:172 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : firebird Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated firebird packages fix a remote denial of service vulnerability: These update fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users (CVE-2014-9492). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9492 http://advisories.mageia.org/MGASA-2014-0523.html _______________________________________________________________________ Updated Packages
[ MDVSA-2015:171 ] freerdp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:171 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : freerdp Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated freerdp packages fix security vulnerabilities: Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors (CVE-2014-0250). Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List i