-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:206 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : asterisk Date : April 27, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated asterisk packages fix security vulnerability: When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected (CVE-2015-3008). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
Category Archives: Mandriva
Mandriva Security Advisory
[ MDVSA-2015:205 ] tor
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:205 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tor Date : April 27, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tor packages fix security vulnerabilities: disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible (CVE-2015-2928). DonnchaC discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors (CVE-2015-2929). Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden servi
[ MDVSA-2015:204 ] librsync
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:204 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : librsync Date : April 27, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated librsync packages fix security vulnerability: librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff (CVE-2014-8242). The change to fix this is not backward compatible with older versions of librsync. Backward compatibility can be obtained using the new rdiff si
MDVA-2015:009: java-1.8.0-openjdk
A dependency problem was discovered with the MDVSA-2015:198 advisory
that prevented some of the provided packages from being installed,
this advisory solves this problem.
MDVSA-2015:201: arj
Multiple vulnerabilities has been found and corrected in arj:
Jakub Wilk discovered that arj follows symlinks created during
unpacking of an arj archive. A remote attacker could use this flaw
to perform a directory traversal attack if a user or automated
system were tricked into processing a specially crafted arj archive
(CVE-2015-0556).
Jakub Wilk discovered that arj does not sufficiently protect from
directory traversal while unpacking an arj archive containing
file paths with multiple leading slashes. A remote attacker could
use this flaw to write to arbitrary files if a user or automated
system were tricked into processing a specially crafted arj archive
(CVE-2015-0557).
Jakub Wilk and Guillem Jover discovered a buffer overflow vulnerability
in arj. A remote attacker could use this flaw to cause an application
crash or, possibly, execute arbitrary code with the privileges of
the user running arj (CVE-2015-2782).
The updated packages provides a solution for these security issues.
MDVSA-2015:202: ntp
Multiple vulnerabilities has been found and corrected in ntp:
The symmetric-key feature in the receive function in ntp_proto.c
in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC
field has a nonzero length, which makes it easier for man-in-the-middle
attackers to spoof packets by omitting the MAC (CVE-2015-1798).
The symmetric-key feature in the receive function in ntp_proto.c
in ntpd in NTP before 4.2.8p2 performs state-variable updates
upon receiving certain invalid packets, which makes it easier
for man-in-the-middle attackers to cause a denial of service
(synchronization loss) by spoofing the source IP address of a peer
(CVE-2015-1799).
The updated packages provides a solution for these security issues.
MDVSA-2015:203: batik
Updated batik packages fix security vulnerability:
Nicolas Gregoire and Kevin Schaller discovered that Batik would load
XML external entities by default. If a user or automated system were
tricked into opening a specially crafted SVG file, an attacker could
possibly obtain access to arbitrary files or cause resource consumption
(CVE-2015-0250).
MDVSA-2015:199: less
Updated less package fixes security vulnerability:
Malformed UTF-8 data could have caused an out of bounds read
in the UTF-8 decoding routines, causing an invalid read access
(CVE-2014-9488).
MDVSA-2015:200: mediawiki
Updated mediawiki packages fix security vulnerabilities:
In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist
for embedded resources. This allowed an attacker to embed JavaScript
in the SVG (CVE-2015-2931).
In MediaWiki before 1.23.9, the SVG filter to prevent injecting
JavaScript using animate elements was incorrect (CVE-2015-2932).
In MediaWiki before 1.23.9, a stored XSS vulnerability exists due
to the way attributes were expanded in MediaWiki’s Html class, in
combination with LanguageConverter substitutions (CVE-2015-2933).
In MediaWiki before 1.23.9, MediaWiki’s SVG filtering could be bypassed
with entity encoding under the Zend interpreter. This could be used
to inject JavaScript (CVE-2015-2934).
In MediaWiki before 1.23.9, one could bypass the style filtering for
SVG files to load external resources. This could violate the anonymity
of users viewing the SVG (CVE-2015-2935).
In MediaWiki before 1.23.9, MediaWiki versions using PBKDF2 for
password hashing (not the default for 1.23) are vulnerable to DoS
attacks using extremely long passwords (CVE-2015-2936).
In MediaWiki before 1.23.9, MediaWiki is vulnerable to Quadratic
Blowup DoS attacks, under both HHVM and Zend PHP (CVE-2015-2937).
In MediaWiki before 1.23.9, the MediaWiki feature allowing a user to
preview another user’s custom JavaScript could be abused for privilege
escalation (CVE-2015-2938).
In MediaWiki before 1.23.9, function names were not sanitized in Lua
error backtraces, which could lead to XSS (CVE-2015-2939).
In MediaWiki before 1.23.9, the CheckUser extension did not prevent
CSRF attacks on the form allowing checkusers to look up sensitive
information about other users. Since the use of CheckUser is logged,
the CSRF could be abused to defame a trusted user or flood the logs
with noise (CVE-2015-2940).
The mediawiki package has been updated to version 1.23.9, fixing
these issues and other bugs.
[ MDVA-2015:009 ] java-1.8.0-openjdk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2015:009 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : java-1.8.0-openjdk Date : April 10, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: A dependency problem was discovered with the MDVSA-2015:198 advisory that prevented some of the provided packages from being installed, this advisory solves this problem. _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 89d4bfe3afc7ee9cd0fc6d63aea03673 mbs2/x86_64/java-1.8.0-openjdk-1.8.0.40-5.b25.1.2.mbs2.x86_64.rpm bc72d8684170cf34ba94460f1e8d7780 mbs2/x86_64/java-1.8.0-openjdk-accessibility-1.8.0.40-5.b25.1.2.mbs2.x86_64.rpm e198