Mandriva Security Advisory
A vulnerability has been discovered and corrected in glibc:
Heap-based buffer overflow in the __nss_hostname_digits_dots
function in glibc 2.2, and other 2.x versions before 2.18, allows
context-dependent attackers to execute arbitrary code via vectors
related to the (1) gethostbyname or (2) gethostbyname2 function,
aka GHOST. (CVE-2015-0235)
The updated packages have been patched to correct this issue.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:039 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : glibc Date : February 10, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in glibc: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka GHOST. (CVE-2015-0235) The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin
Updated python-django packages fix security vulnerabilities:
Jedediah Smith discovered that Django incorrectly handled underscores
in WSGI headers. A remote attacker could possibly use this issue to
spoof headers in certain environments (CVE-2015-0219).
Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to
perform a cross-site scripting attack (CVE-2015-0220).
Alex Gaynor discovered that Django incorrectly handled reading files
in django.views.static.serve(). A remote attacker could possibly use
this issue to cause Django to consume resources, resulting in a denial
of service (CVE-2015-0221).
Updated vorbis-tools package fixes security vulnerability:
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to
cause a denial of service (out-of-bounds read) via a crafted raw file
(CVE-2014-9640).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:037 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : vorbis-tools Date : February 6, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated vorbis-tools package fixes security vulnerability: oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file (CVE-2014-9640). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9640 http://advisories.mageia.org/MGASA-2015-0051.html _______________________________________________________________________ Updated Packages: Mandriva Business
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:036 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : python-django Date : February 6, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated python-django packages fix security vulnerabilities: Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments (CVE-2015-0219). Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack (CVE-2015-0220). Alex Gaynor discovered that Django incorrectly handled reading files
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:035 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libvirt Date : February 6, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated libvirt packages fix security vulnerability: The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file (CVE-2015-0236). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CV
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:034 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : jasper Date : February 6, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8157). An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-81
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:033 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : java-1.7.0-openjdk Date : February 6, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated java-1.7.0 packages fix security vulnerabilities: A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions (CVE-2014-6601). Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2015-0412, CVE-2015-04
Multiple vulnerabilities has been found and corrected in binutils:
Multiple integer overflows in the (1) _objalloc_alloc function in
objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU
libiberty, as used by binutils 2.22, allow remote attackers to cause
a denial of service (crash) via vectors related to the addition of
CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer
overflow (CVE-2012-3509).
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils
before 2.25 allows remote attackers to cause a denial of service
(out-of-bounds read) via a small S-record (CVE-2014-8484).
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24
and earlier allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via crafted section group
headers in an ELF file (CVE-2014-8485).
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils
2.24 and earlier allows remote attackers to cause a denial of service
(out-of-bounds write) and possibly have other unspecified impact via a
crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable
(CVE-2014-8501).
Heap-based buffer overflow in the pe_print_edata function in
bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote
attackers to cause a denial of service (crash) and possibly have
other unspecified impact via a truncated export table in a PE file
(CVE-2014-8502).
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c
in GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted ihex file (CVE-2014-8503).
Stack-based buffer overflow in the srec_scan function in bfd/srec.c
in GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted file (CVE-2014-8504).
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and
earlier allow local users to delete arbitrary files via a .. (dot dot)
or full path name in an archive to (1) strip or (2) objcopy or create
arbitrary files via (3) a .. (dot dot) or full path name in an archive
to ar (CVE-2014-8737).
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU
binutils 2.24 and earlier allows remote attackers to cause a denial of
service (invalid write, segmentation fault, and crash) via a crafted
extended name table in an archive (CVE-2014-8738).
The updated packages provides a solution for these security issues.