Category Archives: Mandriva

Mandriva Security Advisory

[ MDVSA-2015:227 ] mariadb

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:227
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mariadb
 Date    : May 5, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 This update provides MariaDB 5.5.43, which fixes several security
 issues and other bugs. Please refer to the Oracle Critical Patch Update
 Advisories and the Release Notes for MariaDB for further information
 regarding the security vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0

MDVSA-2015:226: fcgi

Updated fcgi packages fix security vulnerability:

FCGI does not perform range checks for file descriptors before use of
the FD_SET macro. This FD_SET macro could allow for more than 1024
total file descriptors to be monitored in the closing state. This
may allow remote attackers to cause a denial of service (stack memory
corruption, and infinite loop or daemon crash) by opening many socket
connections to the host and crashing the service (CVE-2012-6687).

MDVSA-2015:225: cherokee

Updated cherokee packages fix security vulnerability:

The cherokee_validator_ldap_check function in validator_ldap.c in
Cherokee 1.2.103 and earlier, when LDAP is used, does not properly
consider unauthenticated-bind semantics, which allows remote attackers
to bypass authentication via an empty password (CVE-2014-4668).

MDVSA-2015:223: directfb

Updated directfb packages fix security vulnerabilities:

Multiple integer signedness errors in the Dispatch_Write function
in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the Voodoo interface, which triggers a
stack-based buffer overflow (CVE-2014-2977).

The Dispatch_Write function in
proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the Voodoo interface, which triggers an
out-of-bounds write (CVE-2014-2978).

MDVSA-2015:220: curl

Updated curl packages fix security vulnerabilities:

NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent over
the connection authenticated as a different user (CVE-2015-3143).

When doing HTTP requests using the Negotiate authentication
method along with NTLM, the connection used would not be marked
as authenticated, making it possible to reuse it and send requests
for one user over the connection authenticated as a different user
(CVE-2015-3148).

MDVSA-2015:221: clamav

Multiple vulnerabilities has been found and corrected in clamav:

Fix infinite loop condition on crafted y0da cryptor file. Identified
and patch suggested by Sebastian Andrzej Siewior (CVE-2015-2221).

Fix crash on crafted petite packed file. Reported and patch supplied
by Sebastian Andrzej Siewior (CVE-2015-2222).

Fix an infinite loop condition on a crafted xz archive file. This
was reported by Dimitri Kirchner and Goulven Guiheux (CVE-2015-2668).

Apply upstream patch for possible heap overflow in Henry Spencer’s
regex library (CVE-2015-2305).

Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior (CVE-2015-2170).

The updated packages provides a solution for these security issues.

MDVSA-2015:222: ppp

Updated ppp packages fix security vulnerability:

Emanuele Rocca discovered that ppp was subject to a buffer
overflow when communicating with a RADIUS server. This would allow
unauthenticated users to cause a denial-of-service by crashing the
daemon (CVE-2015-3310).