Category Archives: Mandriva

Mandriva Security Advisory

Mandriva

[ MDVSA-2015:084 ] tomcat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:084
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : tomcat
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated tomcat package fixes security vulnerabilities:
 
 It was discovered that the Apache Commons FileUpload package for Java
 could enter an infinite loop while processing a multipart request with
 a crafted Content-Type, resulting in a denial-of-service condition
 (CVE-2014-0050).
 
 Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding
 without properly handling (1) a large total amount of chunked data or
 (2) whitespace characters in an HTTP header value within a trailer
 field, which allows remote attackers to c
Mandriva

[ MDVSA-2015:083 ] samba4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:083
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : samba4
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in samba4:
 
 Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before
 4.2rc4, when an Active Directory Domain Controller (AD DC)
 is configured, allows remote authenticated users to set the LDB
 userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain
 privileges, by leveraging delegation of authority for user-account
 or computer-account creation (CVE-2014-8143).
 
 An uninitialized pointer use flaw was found in the Samba daemon
 (smbd). A malicious
Mandriva

[ MDVSA-2015:082 ] samba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:082
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : samba
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated samba packages fix security vulnerabilities:
 
 In Samba before 3.6.23, the SAMR server neglects to ensure that
 attempted password changes will update the bad password count, and does
 not set the lockout flags.  This would allow a user unlimited attempts
 against the password by simply calling ChangePasswordUser2 repeatedly.
 This is available without any other authentication (CVE-2013-4496).
 
 Information leak vulnerability in the VFS code, allowing an
 authenticated user to retrieve eight bytes of uninitialized memory
Mandriva

[ MDVSA-2015:081 ] samba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:081
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : samba
 Date    : March 28, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated samba packages fix security vulnerabilities:
 
 An uninitialized pointer use flaw was found in the Samba daemon
 (smbd). A malicious Samba client could send specially crafted netlogon
 packets that, when processed by smbd, could potentially lead to
 arbitrary code execution with the privileges of the user running smbd
 (by default, the root user) (CVE-2015-0240).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
 http://adviso
Mandriva

[ MDVSA-2015:080 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:080
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 It was discovered that the file utility contains a flaw in the handling
 of indirect magic rules in the libmagic library, which leads to an
 infinite recursion when trying to determine the file type of certain
 files (CVE-2014-1943).
 
 A flaw was found in the way the file utility determined the type of
 Portable Executable (PE) format files, the executable format used on
 Windows. A malicious PE file could cause the file utility to crash or,
 potentially, execute
Mandriva

[ MDVSA-2015:079 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:079
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : March 28, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 S. Paraschoudis discovered that PHP incorrectly handled memory in
 the enchant binding. A remote attacker could use this issue to cause
 PHP to crash, resulting in a denial of service, or possibly execute
 arbitrary code (CVE-2014-9705).
 
 Taoguang Chen discovered that PHP incorrectly handled unserializing
 objects. A remote attacker could use this issue to cause PHP to crash,
 resulting in a denial of service, or possibly execute arbitrary code
 (CVE-2015-0273).
Mandriva

[ MDVSA-2015:075 ] python

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:075
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : python
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated python packages fix security vulnerabilities:
 
 A vulnerability was reported in Python's socket module, due to
 a boundary error within the sock_recvfrom_into() function, which
 could be exploited to cause a buffer overflow.  This could be used
 to crash a Python application that uses the socket.recvfrom_info()
 function or, possibly, execute arbitrary code with the permissions
 of the user running vulnerable Python code (CVE-2014-1912).
 
 This updates the python package to version 2.7.6, which fixes several
 other
Mandriva

MDVSA-2015:075: python

Updated python packages fix security vulnerabilities:

A vulnerability was reported in Python’s socket module, due to
a boundary error within the sock_recvfrom_into() function, which
could be exploited to cause a buffer overflow. This could be used
to crash a Python application that uses the socket.recvfrom_info()
function or, possibly, execute arbitrary code with the permissions
of the user running vulnerable Python code (CVE-2014-1912).

This updates the python package to version 2.7.6, which fixes several
other bugs, including denial of service flaws due to unbound readline()
calls in the ftplib and nntplib modules (CVE-2013-1752).

Denial of service flaws due to unbound readline() calls in the imaplib,
poplib, and smtplib modules (CVE-2013-1752).

A gzip bomb and unbound read denial of service flaw in python XMLRPC
library (CVE-2013-1753).

Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).

The CGIHTTPServer Python module does not properly handle URL-encoded
path separators in URLs. This may enable attackers to disclose a CGI
script’s source code or execute arbitrary scripts in the server’s
document root (CVE-2014-4650).

Python before 2.7.8 is vulnerable to an integer overflow in the buffer
type (CVE-2014-7185).

When Python’s standard library HTTP clients (httplib, urllib,
urllib2, xmlrpclib) are used to access resources with HTTPS, by
default the certificate is not checked against any trust store,
nor is the hostname in the certificate checked against the requested
host. It was possible to configure a trust root to be checked against,
however there were no faculties for hostname checking (CVE-2014-9365).

The python-pip and tix packages was added due to missing build
dependencies.

Mandriva

MDVSA-2015:076: python3

Updated python3 packages fix security vulnerabilities:

ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary
edited zips (CVE-2013-7338).

A vulnerability was reported in Python’s socket module, due to
a boundary error within the sock_recvfrom_into() function, which
could be exploited to cause a buffer overflow. This could be used
to crash a Python application that uses the socket.recvfrom_info()
function or, possibly, execute arbitrary code with the permissions
of the user running vulnerable Python code (CVE-2014-1912).

It was reported that a patch added to Python 3.2 caused a race
condition where a file created could be created with world read/write
permissions instead of the permissions dictated by the original umask
of the process. This could allow a local attacker that could win the
race to view and edit files created by a program using this call. Note
that prior versions of Python, including 2.x, do not include the
vulnerable _get_masked_mode() function that is used by os.makedirs()
when exist_ok is set to True (CVE-2014-2667).

Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).

The CGIHTTPServer Python module does not properly handle URL-encoded
path separators in URLs. This may enable attackers to disclose a CGI
script’s source code or execute arbitrary scripts in the server’s
document root (CVE-2014-4650).

Mandriva

MDVSA-2015:077: python-numpy

Updated python-numpy packages fix security vulnerabilities:

f2py insecurely used a temporary file. A local attacker could use this
flaw to perform a symbolic link attack to modify an arbitrary file
accessible to the user running f2py (CVE-2014-1858, CVE-2014-1859).