Category Archives: Mandriva

Mandriva Security Advisory

Mandriva

[ MDVSA-2015:055 ] freetype2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:055
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : freetype2
 Date    : March 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated freetype2 packages fix security vulnerabilities:
 
 The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType
 before 2.5.4 does not properly check for an integer overflow, which
 allows remote attackers to cause a denial of service (out-of-bounds
 read) or possibly have unspecified other impact via a crafted OpenType
 font (CVE-2014-9656).
 
 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType
 before 2.5.4 does not establish a minimum record size, which allows
 remote attackers to cause a denial
Mandriva

[ MDVSA-2015:054 ] bind

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:054
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : bind
 Date    : March 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated bind packages fix security vulnerability:
 
 Jan-Piet Mens discovered that the BIND DNS server would crash when
 processing an invalid DNSSEC key rollover, either due to an error
 on the zone operator's part, or due to interference with network
 traffic by an attacker. This issue affects configurations with the
 directives "dnssec-lookaside auto;" (as enabled in the Mageia default
 configuration) or "dnssec-validation auto;" (CVE-2015-1349).
 _________________________________________________________
Mandriva

MDVSA-2015:052: tomcat

Updated tomcat packages fix security vulnerabilities:

Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP
connector is used, does not properly handle certain inconsistent HTTP
request headers, which allows remote attackers to trigger incorrect
identification of a request’s length and conduct request-smuggling
attacks via (1) multiple Content-Length headers or (2) a Content-Length
header and a Transfer-Encoding: chunked header (CVE-2013-4286).

Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding
without properly handling (1) a large total amount of chunked data or
(2) whitespace characters in an HTTP header value within a trailer
field, which allows remote attackers to cause a denial of service by
streaming data (CVE-2013-4322).

Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat
internals information by leveraging the presence of an untrusted web
application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML
document containing an external entity declaration in conjunction
with an entity reference, related to an XML External Entity (XXE)
issue (CVE-2013-4590).

Integer overflow in the parseChunkHeader function in
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote
attackers to cause a denial of service (resource consumption) via a
malformed chunk size in chunked transfer coding of a request during
the streaming of data (CVE-2014-0075).

java/org/apache/catalina/servlets/DefaultServlet.java in the default
servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not
properly restrict XSLT stylesheets, which allows remote attackers
to bypass security-manager restrictions and read arbitrary files
via a crafted web application that provides an XML external entity
declaration in conjunction with an entity reference, related to an
XML External Entity (XXE) issue (CVE-2014-0096).

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated
behind a reverse proxy, allows remote attackers to conduct HTTP
request smuggling attacks via a crafted Content-Length HTTP header
(CVE-2014-0099).

Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly
constrain the class loader that accesses the XML parser used with
an XSLT stylesheet, which allows remote attackers to read arbitrary
files via a crafted web application that provides an XML external
entity declaration in conjunction with an entity reference, related
to an XML External Entity (XXE) issue, or read files associated with
different web applications on a single Tomcat instance via a crafted
web application (CVE-2014-0119).

In Apache Tomcat 7.x before 7.0.55, it was possible to craft a
malformed chunk as part of a chunked request that caused Tomcat to
read part of the request body as a new request (CVE-2014-0227).

Mandriva

MDVSA-2015:053: tomcat6

Updated tomcat6 packages fix security vulnerabilities:

Integer overflow in the parseChunkHeader function in
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote
attackers to cause a denial of service (resource consumption) via a
malformed chunk size in chunked transfer coding of a request during
the streaming of data (CVE-2014-0075).

java/org/apache/catalina/servlets/DefaultServlet.java in the default
servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not
properly restrict XSLT stylesheets, which allows remote attackers
to bypass security-manager restrictions and read arbitrary files
via a crafted web application that provides an XML external entity
declaration in conjunction with an entity reference, related to an
XML External Entity (XXE) issue (CVE-2014-0096).

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated
behind a reverse proxy, allows remote attackers to conduct HTTP
request smuggling attacks via a crafted Content-Length HTTP header
(CVE-2014-0099).

Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly
constrain the class loader that accesses the XML parser used with
an XSLT stylesheet, which allows remote attackers to read arbitrary
files via a crafted web application that provides an XML external
entity declaration in conjunction with an entity reference, related
to an XML External Entity (XXE) issue, or read files associated with
different web applications on a single Tomcat instance via a crafted
web application (CVE-2014-0119).

In Apache Tomcat 6.x before 6.0.55, it was possible to craft a
malformed chunk as part of a chunked request that caused Tomcat to
read part of the request body as a new request (CVE-2014-0227).

Mandriva

MDVSA-2015:050: patch

Updated patch package fixes security vulnerabilities:

It was reported that a crafted diff file can make patch eat memory
and later segfault (CVE-2014-9637).

It was reported that the versions of the patch utility that support
Git-style patches are vulnerable to a directory traversal flaw. This
could allow an attacker to overwrite arbitrary files by applying a
specially crafted patch, with the privileges of the user running patch
(CVE-2015-1395).

GNU patch before 2.7.4 allows remote attackers to write to arbitrary
files via a symlink attack in a patch file (CVE-2015-1196).

Mandriva

MDVSA-2015:051: sympa

Updated sympa packages fix security vulnerability:

A vulnerability have been discovered in Sympa web interface that
allows access to files on the server filesystem. This breach allows
to send to a list or a user any file readable by the Sympa user,
located on the server filesystem, using the Sympa web interface
newsletter posting area (CVE-2015-1306).

Mandriva

[ MDVSA-2015:053 ] tomcat6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:053
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : tomcat6
 Date    : March 3, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated tomcat6 packages fix security vulnerabilities:
 
 Integer overflow in the parseChunkHeader function in
 java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in
 Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote
 attackers to cause a denial of service (resource consumption) via a
 malformed chunk size in chunked transfer coding of a request during
 the streaming of data (CVE-2014-0075).
 
 java/org/apache/catalina/servlets/DefaultServlet.java in the default
 servlet in Apache Tomcat before 6.0.40 and
Mandriva

[ MDVSA-2015:052 ] tomcat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:052
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : tomcat
 Date    : March 3, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated tomcat packages fix security vulnerabilities:
 
 Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP
 connector is used, does not properly handle certain inconsistent HTTP
 request headers, which allows remote attackers to trigger incorrect
 identification of a request's length and conduct request-smuggling
 attacks via (1) multiple Content-Length headers or (2) a Content-Length
 header and a Transfer-Encoding: chunked header (CVE-2013-4286).
 
 Apache Tomcat 7.x before 7.0.50 processes chunked transfer codi
Mandriva

[ MDVSA-2015:051 ] sympa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:051
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : sympa
 Date    : March 3, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated sympa packages fix security vulnerability:
 
 A vulnerability have been discovered in Sympa web interface that
 allows access to files on the server filesystem. This breach allows
 to send to a list or a user any file readable by the Sympa user,
 located on the server filesystem, using the Sympa web interface
 newsletter posting area (CVE-2015-1306).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1306
 http://advisories.mageia.or
Mandriva

[ MDVSA-2015:050 ] patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:050
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : patch
 Date    : March 2, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated patch package fixes security vulnerabilities:
 
 It was reported that a crafted diff file can make patch eat memory
 and later segfault (CVE-2014-9637).
 
 It was reported that the versions of the patch utility that support
 Git-style patches are vulnerable to a directory traversal flaw. This
 could allow an attacker to overwrite arbitrary files by applying a
 specially crafted patch, with the privileges of the user running patch
 (CVE-2015-1395).
 
 GNU patch before 2.7.4 allows remote attackers to write to arbitrary
 files