-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:186 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : bash Date : September 24, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue (CVE-2014-6271). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 https://rhn.redhat.co
Category Archives: Mandriva
Mandriva Security Advisory
[ MDVSA-2014:185 ] libgadu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:185 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libgadu Date : September 24, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated libgadu packages fix security vulnerability: Libgadu before 1.12.0 was found to not be performing SSL certificate validation (CVE-2013-4488). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4488 http://advisories.mageia.org/MGASA-2014-0375.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: de3454fe7c663ecd08d4e1eeb2638776 mbs1/x86_64/
[ MDVSA-2014:184 ] net-snmp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:184 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : net-snmp Date : September 24, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated net-snmp packages fix security vulnerabilities: A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash (CVE-2014-3565). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565 http://advisories.mageia.
[ MDVSA-2014:183 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:183 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : phpmyadmin Date : September 24, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature (CVE-2014-6300). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300 http://advisories.mageia.org/MGASA-2014-0383.html _______
[ MDVSA-2014:182 ] zarafa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:182 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : zarafa Date : September 24, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated zarafa packages fix security vulnerabilities: Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server (CVE-2014-0103). Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449, CVE-2014-5450). _______________________________________________
[ MDVSA-2014:181 ] dump
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:181 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : dump Date : September 24, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated dump packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607). The dump package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?nam
[ MDVA-2014:014 ] mediawiki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2014:014 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mediawiki Date : September 22, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: This update provides MediaWiki 1.23.3, which fixes several bugs. _______________________________________________________________________ References: http://advisories.mageia.org/MGAA-2014-0170.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: a4c54a101474c76abb19b62aa49dc12d mbs1/x86_64/mediawiki-1.23.3-1.mbs1.noarch.rpm 876aa46509eca08888392ea248a669ef mbs1/x86_64/mediawiki-mysql-1.23.3-1.mbs1.noarch.rpm 2418d49bba28fe6dd1b57805e
[ MDVSA-2014:180 ] gnupg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:180 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : gnupg Date : September 22, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated gnupg packages fix security vulnerability: The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL side-channel attack (CVE-2014-5270). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270 http://advisories.mageia.org/MGASA-2014-0381.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 9181a3cd9d0ddb0ef93bf14cc11b2d99 mbs1/x86