It was found that the fix for CVE-2014-6271 was incomplete, and
Bash still allowed certain characters to be injected into other
environments via specially crafted environment variables. An
attacker could potentially use this flaw to override or bypass
environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue
(CVE-2014-7169, CVE-2014-7186, CVE-2014-7187).
Additionally bash has been updated from patch level 37 to 48 using
the upstream patches at ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/
which resolves various bugs.
In cURL before 7.38.0, libcurl can be fooled to both sending cookies
to wrong sites and into allowing arbitrary sites to set cookies for
others. For this problem to trigger, the client application must use
the numerical IP address in the URL to access the site (CVE-2014-3613).
In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top
Level Domains (TLDs), thus making them apply broader than cookies are
allowed. This can allow arbitrary sites to set cookies that then would
get sent to a different and unrelated site or domain (CVE-2014-3620).
A vulnerability has been discovered and corrected in Mozilla NSS:
Antoine Delignat-Lavaud, security researcher at Inria Paris in
team Prosecco, reported an issue in Network Security Services (NSS)
libraries affecting all versions. He discovered that NSS is vulnerable
to a variant of a signature forgery attack previously published
by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1
values involved in a signature and could lead to the forging of RSA
certificates (CVE-2014-1568).
The updated NSPR packages have been upgraded to the latest 4.10.7
version.
The updated NSS packages have been upgraded to the latest 3.17.1
version which is not vulnerable to this issue.
Additionally the rootcerts package has also been updated to the latest
version as of 2014-08-05.
Multiple vulnerabilities has been discovered and corrected in libvirt:
An out-of-bounds read flaw was found in the way libvirt’s
qemuDomainGetBlockIoTune() function looked up the disk index in
a non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd
or, potentially, leak memory from the libvirtd process (CVE-2014-3633).
A denial of service flaw was found in the way libvirt’s
virConnectListAllDomains() function computed the number of used
domains. A remote attacker able to establish a read-only connection
to libvirtd could use this flaw to make any domain operations within
libvirt unresponsive (CVE-2014-3657).
The updated libvirt packages have been upgraded to the 1.1.3.6 version
and patched to resolve these security flaws.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Advisory MDVA-2014:018
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : timezone
Date : October 3, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
This is a maintenance and bugfix release that upgrades the timezone
data packages to the 2014g version.
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
0a1bda6ed3fb936cd1ce76528cce8e52 mbs1/x86_64/timezone-2014g-1.mbs1.x86_64.rpm
cdca8c5afa60b40bbe08d3b939880722 mbs1/x86_64/timezone-java-2014g-1.mbs1.x86_64.rpm
87f855e977ac8cbb448a18ef4ffb1ab3 mbs1/SRPMS/timezone-2014g-1.mbs1.src.rpm
_______________________________________________________
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:195
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : libvirt
Date : October 3, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in libvirt:
An out-of-bounds read flaw was found in the way libvirt's
qemuDomainGetBlockIoTune() function looked up the disk index in
a non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd
or, potentially, leak memory from the libvirtd process (CVE-2014-3633).
A denial of service flaw was found in the wa
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:194
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : phpmyadmin
Date : October 3, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in phpmyadmin:
With a crafted ENUM value it is possible to trigger an XSS in table
search and table structure pages (CVE-2014-7217).
This upgrade provides the latest phpmyadmin version (4.2.9.1) to
address this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217
http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php
_________________________________