-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:170 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : gcc Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated gcc packages fix the following security issue: Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code CVE-2014-5044). They also fix the following bugs: The gcc rtl-optimization sched2 miscompiles syscall sequence wich can cause random panic in glibc and kernel (gcc/PR61801) clang++ fails to find cxxabi.h and cxxabi_tweaks.h during build (mga#13543) ____
Category Archives: Mandriva
Mandriva Security Advisory
[ MDVSA-2015:169 ] git
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:169 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : git Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated git packages fix security vulnerability: It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a git pull. Because git permitted committing .Git/config (or any case variation), on the pull this would replace the user's .git/config. If this malicious config file contained defined external commands (such as for invoking and editor or an external diff utility) it could allow for the execution of arbitrary code
[ MDVSA-2015:168 ] glibc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:168 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : glibc Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated glibc packages fix security vulnerabilities: Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale
[ MDVSA-2015:167 ] glpi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:167 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : glpi Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria (CVE-2014-5032). An issue in GLPI before 0.84.8 may allow arbitrary local files to be included by PHP through an autoload function (CVE-2014-8360). SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition paramet
[ MDVSA-2015:160 ] ipython
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:160 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : ipython Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated ipython package fixes security vulnerability: In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page (CVE-2014-3429). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3429 http://advisories.mageia.org/MGASA-2014-0320
[ MDVSA-2015:159 ] jasper
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:159 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : jasper Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated jasper packages fix security vulnerabilities: Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service (application crash) or the execution of arbitrary code (CVE-2014-9029). A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8137). A heap-based buffer overflow flaw was
MDVSA-2015:117: emacs
Updated emacs packages fix security vulnerabilities:
Steve Kemp discovered multiple temporary file handling issues in
Emacs. A local attacker could use these flaws to perform symbolic link
attacks against users running Emacs (CVE-2014-3421, CVE-2014-3422,
CVE-2014-3423, CVE-2014-3424).
MDVSA-2015:118: xlockmore
Updated xlockmore packages fix security vulnerability:
xlockmore before 5.45 contains a security flaw related to a bad value
of fnt for pyro2 which could cause an X error. This update backports
the fix for version 5.43.
MDVSA-2015:119: x11-server
Updated x11-server packages fix security vulnerabilities:
Ilja van Sprundel of IOActive discovered several security issues in the
X.org X server, which may lead to privilege escalation or denial of
service (CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094,
CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098,
CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102).
Olivier Fourdan from Red Hat has discovered a protocol handling
issue in the way the X server code base handles the XkbSetGeometry
request, where the server trusts the client to send valid string
lengths. A malicious client with string lengths exceeding the
request length can cause the server to copy adjacent memory data
into the XKB structs. This data is then available to the client via
the XkbGetGeometry request. This can lead to information disclosure
issues, as well as possibly a denial of service if a similar request
can cause the server to crash (CVE-2015-0255).
MDVSA-2015:115: libvirt
Updated libvirt packages fix security vulnerabilities:
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through
1.2.1 allows local users to (1) delete arbitrary host devices
via the virDomainDeviceDettach API and a symlink attack on /dev
in the container; (2) create arbitrary nodes (mknod) via the
virDomainDeviceAttach API and a symlink attack on /dev in the
container; and cause a denial of service (shutdown or reboot host
OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a
symlink attack on /dev/initctl in the container, related to paths under
/proc//root and the virInitctlSetRunLevel function (CVE-2013-6456).
libvirt was patched to prevent expansion of entities when parsing XML
files. This vulnerability allowed malicious users to read arbitrary
files or cause a denial of service (CVE-2014-0179).
An out-of-bounds read flaw was found in the way libvirt’s
qemuDomainGetBlockIoTune() function looked up the disk index in
a non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd
or, potentially, leak memory from the libvirtd process (CVE-2014-3633).
A denial of service flaw was found in the way libvirt’s
virConnectListAllDomains() function computed the number of used
domains. A remote attacker able to establish a read-only connection
to libvirtd could use this flaw to make any domain operations within
libvirt unresponsive (CVE-2014-3657).
Eric Blake discovered that libvirt incorrectly handled permissions
when processing the qemuDomainFormatXML command. An attacker with
read-only privileges could possibly use this to gain access to certain
information from the domain xml file (CVE-2014-7823).
The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions
in qemu/qemu_driver.c in libvirt do not unlock the domain when an
ACL check fails, which allow local users to cause a denial of service
via unspecified vectors (CVE-2014-8136).
The XML getters for for save images and snapshots objects don’t
check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump
security sensitive information. A remote attacker able to establish
a connection to libvirtd could use this flaw to cause leak certain
limited information from the domain xml file (CVE-2015-0236).