-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:045 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : e2fsprogs Date : February 12, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated e2fsprogs packages fix security vulnerability: The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability (CVE-2015-0247). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247 http://advisories.mageia.org/MGAS
Category Archives: Mandriva
Mandriva Security Advisory
[ MDVSA-2015:044 ] perl-Gtk2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:044 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : perl-Gtk2 Date : February 12, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in perl-Gtk2: Incorrect memory management in Gtk2::Gdk::Display::list_devices in perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+ still holds onto and might access later. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://advisories.mageia.org/MGASA-2015-0059.html _______________________________________________________________________ Upda
MDVSA-2015:042: clamav
Updated clamav packages fix security vulnerabilities:
ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them
being security bugs:
Fix a heap out of bounds condition with crafted Yoda’s crypter
files. This issue was discovered by Felix Groebert of the Google
Security Team.
Fix a heap out of bounds condition with crafted mew packer files. This
issue was discovered by Felix Groebert of the Google Security Team.
Fix a heap out of bounds condition with crafted upx packer files. This
issue was discovered by Kevin Szkudlapski of Quarkslab.
Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior
(CVE-2014-9328).
Compensate a crash due to incorrect compiler optimization when handling
crafted petite packer files. This issue was discovered by Sebastian
Andrzej Siewior.
MDVSA-2015:043: otrs
Updated otrs package fixes security vulnerability:
An attacker with valid OTRS credentials could access and manipulate
ticket data of other users via the GenericInterface, if a ticket
webservice is configured and not additionally secured (CVE-2014-9324).
MDVSA-2015:041: cabextract
Updated cabextract packages fix security vulnerability:
Libmspack, a library to provide compression and decompression of
some file formats used by Microsoft, is embedded in cabextract. A
specially crafted cab file can cause cabextract to hang forever. If
cabextract is exposed to any remotely-controlled user input, this
issue can cause a denial-of-service (CVE-2014-9556).
MDVSA-2015:040: zarafa
Updated zarafa packages fix security vulnerability:
Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and
Zarafa WebApp that could allow a remote unauthenticated attacker to
exhaust the disk space of /tmp (CVE-2014-9465).
This update also adds some patches from Robert Scheck which correct
some packaging issues with zarafa-webaccess.
[ MDVSA-2015:043 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:043 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : otrs Date : February 10, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated otrs package fixes security vulnerability: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured (CVE-2014-9324). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9324 http://advisories.mageia.org/MGASA-2015-0031.html _______________________________________________________________________
[ MDVSA-2015:042 ] clamav
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:042 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : clamav Date : February 10, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated clamav packages fix security vulnerabilities: ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted upx packer files. This issue was dis
[ MDVSA-2015:041 ] cabextract
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:041 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : cabextract Date : February 10, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated cabextract packages fix security vulnerability: Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any remotely-controlled user input, this issue can cause a denial-of-service (CVE-2014-9556). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556
[ MDVSA-2015:040 ] zarafa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:040 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : zarafa Date : February 10, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated zarafa packages fix security vulnerability: Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp (CVE-2014-9465). This update also adds some patches from Robert Scheck which correct some packaging issues with zarafa-webaccess. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9465 http://advisories.mageia.