librsync before 1.0.0 used a truncated MD4 strong check sum to match
blocks. However, MD4 is not cryptographically strong. It’s possible
that an attacker who can control the contents of one part of a file
could use it to control other regions of the file, if it’s transferred
using librsync/rdiff (CVE-2014-8242).
The change to fix this is not backward compatible with older versions
of librsync. Backward compatibility can be obtained using the new
rdiff sig –hash=md4 option or through specifying the signature magic
in the API, but this should not be used when either the old or new
file contain untrusted data.
Also, any applications that use the librsync library will need to
be recompiled against the updated library. The rdiff-backup packages
have been rebuilt for this reason.
Updated tor packages fix security vulnerabilities:
disgleirio discovered that a malicious client could trigger an
assertion failure in a Tor instance providing a hidden service,
thus rendering the service inaccessible (CVE-2015-2928).
DonnchaC discovered that Tor clients would crash with an assertion
failure upon parsing specially crafted hidden service descriptors
(CVE-2015-2929).
Introduction points would accept multiple INTRODUCE1 cells on one
circuit, making it inexpensive for an attacker to overload a hidden
service with introductions. Introduction points now no longer allow
multiple cells of that type on the same circuit.
The tor package has been updated to version 0.2.4.27, fixing these
issues.
When Asterisk registers to a SIP TLS device and and verifies the
server, Asterisk will accept signed certificates that match a common
name other than the one Asterisk is expecting if the signed certificate
has a common name containing a null byte after the portion of the
common name that Asterisk expected (CVE-2015-3008).
Updated perl-Module-Signature package fixes the following security
vulnerabilities reported by John Lightsey:
Module::Signature could be tricked into interpreting the unsigned
portion of a SIGNATURE file as the signed portion due to faulty
parsing of the PGP signature boundaries.
When verifying the contents of a CPAN module, Module::Signature
ignored some files in the extracted tarball that were not listed in
the signature file. This included some files in the t/ directory that
would execute automatically during make test
When generating checksums from the signed manifest, Module::Signature
used two argument open() calls to read the files. This allowed
embedding arbitrary shell commands into the SIGNATURE file that would
execute during the signature verification process.
Several modules were loaded at runtime inside the extracted module
directory. Modules like Text::Diff are not guaranteed to be available
on all platforms and could be added to a malicious module so that
they would load from the ‘.’ path in @INC.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:212
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : java-1.7.0-openjdk
Date : April 27, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated java-1.7.0 packages fix security vulnerabilities:
An off-by-one flaw, leading to a buffer overflow, was found in the
font parsing code in the 2D component in OpenJDK. A specially crafted
font file could possibly cause the Java Virtual Machine to execute
arbitrary code, allowing an untrusted Java application or applet to
bypass Java sandbox restrictions (CVE-2015-0469).
A flaw was found in the way the Hotspot component in OpenJDK
handled phantom references. An untrusted Java application or applet
cou
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:211
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : glusterfs
Date : April 27, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated glusterfs packages fix security vulnerability:
glusterfs was vulnerable to a fragment header infinite loop denial
of service attack (CVE-2014-3619).
Also, the glusterfsd SysV init script was failing to properly start
the service. This was fixed by replacing it with systemd unit files
for the service that work properly (mga#14049).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3619
http://advisories.mageia.org/MGA
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:210
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : qemu
Date : April 27, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated qemu packages fix security vulnerabilities:
A denial of service flaw was found in the way QEMU handled malformed
Physical Region Descriptor Table (PRDT) data sent to the host's IDE
and/or AHCI controller emulation. A privileged guest user could use
this flaw to crash the system (rhbz#1204919).
It was found that the QEMU's websocket frame decoder processed incoming
frames without limiting resources used to process the header and the
payload. An attacker able to access a guest's V
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:209
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : php
Date : April 27, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated php packages fix security vulnerabilities:
Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783).
Buffer Overflow when parsing tar/zip/phar in phar_set_inode
(CVE-2015-3329).
Potential remote code execution with apache 2.4 apache2handler
(CVE-2015-3330).
PHP has been updated to version 5.5.24, which fixes these issues and
other bugs.
Additionally the timezonedb packages has been upgraded to the latest
version and the PECL packages which requires so has been rebuilt
for php-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:208
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : setup
Date : April 27, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated setup package fixes security vulnerability:
An issue has been identified in Mandriva Business Server 2's setup
package where the /etc/shadow and /etc/gshadow files containing
password hashes were created with incorrect permissions, making them
world-readable (mga#14516).
This update fixes this issue by enforcing that those files are owned
by the root user and shadow group, and are only readable by those
two entities.
Note that this issue only affected new Mandriva Business Server
2 installations. System
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:207
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : perl-Module-Signature
Date : April 27, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated perl-Module-Signature package fixes the following security
vulnerabilities reported by John Lightsey:
Module::Signature could be tricked into interpreting the unsigned
portion of a SIGNATURE file as the signed portion due to faulty
parsing of the PGP signature boundaries.
When verifying the contents of a CPAN module, Module::Signature
ignored some files in the extracted tarball that were not listed in
the signature file. This included some files in the t/ directory that
would execute automaticall