-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:146 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libvncserver Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated libvncserver packages fix security vulnerabilities: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607). The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size
Category Archives: Mandriva
Mandriva Security Advisory
[ MDVSA-2015:145 ] libxfont
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:145 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libxfont Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated libxfont packages fix security vulnerabilities: Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-02
[ MDVSA-2015:144 ] lua
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:144 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : lua Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated lua and lua5.1 packages fix security vulnerability: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution (CVE-2014-5461). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461 http://advisories.mageia.org/MGASA-2014-0414.html _________________________________________
[ MDVSA-2015:143 ] mpfr
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:143 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mpfr Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated mpfr packages fix security vulnerability: A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (CVE-2014-9474). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474 http://advisories.mageia.org/MGASA-2015-0021.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: d2793e520
[ MDVSA-2015:142 ] nodejs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:142 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : nodejs Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated nodejs package fixes security vulnerabilities: A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work load involves successive JSON.parse calls and the parsed objects are significantly deep, you may experience the process abortin
MDVSA-2015:096: stunnel
Updated stunnel package fixes security vulnerability:
A flaw was found in the way stunnel, a socket wrapper which can provide
SSL support to ordinary applications, performed (re)initialization of
PRNG after fork. When accepting a new connection, the server forks and
the child process handles the request. The RAND_bytes() function of
openssl doesn’t reset its state after the fork, but seeds the PRNG
with the output of time(NULL). The most important consequence is
that servers using EC (ECDSA) or DSA certificates may under certain
conditions leak their private key (CVE-2014-0016).
The updated packages fix this issue by using threads instead of new
processes to handle connections.
Also an issue has been corrected where the directory for the pid file
was not being created when the package is installed.
An issue currently exists in Mageia 4 where it fails trying to use
FIPS SSL (mga#13124). This can be worked around by adding fips =
no into the config.
MDVSA-2015:097: php-ZendFramework
Updated php-ZendFramework packages fix multiple vulnerabilities:
XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were
discovered in the Zend Framework. An attacker could use these flaws
to cause a denial of service, access files accessible to the server
process, or possibly perform other more advanced XML External Entity
(XXE) attacks (CVE-2014-2681, CVE-2014-2682, CVE-2014-2683).
Using the Consumer component of Zend_OpenId, it is possible to
login using an arbitrary OpenID account (without knowing any secret
information) by using a malicious OpenID Provider. That means OpenID it
is possible to login using arbitrary OpenID Identity (MyOpenID, Google,
etc), which are not under the control of our own OpenID Provider. Thus,
we are able to impersonate any OpenID Identity against the framework
(CVE-2014-2684, CVE-2014-2685).
The implementation of the ORDER BY SQL statement in Zend_Db_Select
of Zend Framework 1 contains a potential SQL injection when the query
string passed contains parentheses (CVE-2014-4914).
Due to a bug in PHP’s LDAP extension, when ZendFramework’s Zend_ldap
class is used for logins, an attacker can login as any user by
using a null byte to bypass the empty password check and perform an
unauthenticated LDAP bind (CVE-2014-8088).
The sqlsrv PHP extension, which provides the ability to connect to
Microsoft SQL Server from PHP, does not provide a built-in quoting
mechanism for manually quoting values to pass via SQL queries;
developers are encouraged to use prepared statements. Zend Framework
provides quoting mechanisms via Zend_Db_Adapter_Sqlsrv which uses
the recommended double single quote (”) as quoting delimiters. SQL
Server treats null bytes in a query as a string terminator, allowing
an attacker to add arbitrary SQL following a null byte, and thus
create a SQL injection (CVE-2014-8089).
MDVSA-2015:094: nginx
Updated nginx package fixes security vulnerabilities:
A bug in the experimental SPDY implementation in nginx was found,
which might allow an attacker to cause a heap memory buffer overflow
in a worker process by using a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2014-0133).
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
it was possible to reuse cached SSL sessions in unrelated contexts,
allowing virtual host confusion attacks in some configurations by an
attacker in a privileged network position (CVE-2014-3616).
MDVSA-2015:095: openssh
Updated openssh packages fix security vulnerabilities:
sshd in OpenSSH before 6.6 does not properly support wildcards
on AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character (CVE-2014-2532).
Matthew Vernon reported that if a SSH server offers a HostCertificate
that the ssh client doesn’t accept, then the client doesn’t check
the DNS for SSHFP records. As a consequence a malicious server can
disable SSHFP-checking by presenting a certificate (CVE-2014-2653).
MDVSA-2015:092: net-snmp
Updated net-snmp packages fix security vulnerabilities:
Remotely exploitable denial of service vulnerability in Net-SNMP,
in the Linux implementation of the ICMP-MIB, making the SNMP
agent vulnerable if it is making use of the ICMP-MIB table objects
(CVE-2014-2284).
Remotely exploitable denial of service vulnerability in Net-SNMP,
in snmptrapd, due to how it handles trap requests with an empty
community string when the perl handler is enabled (CVE-2014-2285).
A remote denial-of-service flaw was found in the way snmptrapd handled
certain SNMP traps when started with the -OQ option. If an attacker
sent an SNMP trap containing a variable with a NULL type where an
integer variable type was expected, it would cause snmptrapd to crash
(CVE-2014-3565).