4554 matches found
Mandriva Linux Security Advisory : jython (MDVSA-2015:158)
Updated jython packages fix security vulnerability : There are serveral problems with the way Jython creates class cache files, potentially leading to arbitrary code execution or information disclosure CVE-2013-2027. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Mandriva Linux Security Advisory : grub2 (MDVSA-2015:163)
Updated grub2 package fixes security vulnerability : An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The grub2 package is...
Mandriva Linux Security Advisory : lcms2 (MDVSA-2015:107)
Updated lcms2 packages fix security vulnerability : Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D CVE-2014-0459. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...
Mandriva Linux Security Advisory : gtk+3.0 (MDVSA-2015:162)
Updated gtk+3.0 packages fix security vulnerability : Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session CVE-2014-1949. This was fixed by...
Mandriva Linux Security Advisory : libpng (MDVSA-2015:090)
Updated libpng package fixes security vulnerabilities : The pngpushreadchunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an IDAT chunk with a length of zero CVE-2014-0333...
Mandriva Linux Security Advisory : libgd (MDVSA-2015:153)
Updated libgd packages fix security vulnerabilities : The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file CVE-2014-2497. A buffer read...
Mandriva Linux Security Advisory : cabextract (MDVSA-2015:064)
Updated cabextract packages fix security vulnerabilities : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...
Mandriva Linux Security Advisory : ipython (MDVSA-2015:160)
Updated ipython package fixes security vulnerability : In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted...
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2015:106)
Updated apache-modsecurity packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...
Mandriva Linux Security Advisory : e2fsprogs (MDVSA-2015:068)
Updated e2fsprogs packages fix security vulnerability : The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to...
Mandriva Linux Security Advisory : glpi (MDVSA-2015:167)
Updated glpi package fixes security vulnerabilities : Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria CVE-2014-5032. An issue in GLPI before 0.84.8 may allow arbitrary local files to be included...
Mandriva Linux Security Advisory : libtiff (MDVSA-2015:147-1)
Updated libtiff packages fix security vulnerabilities : The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547. %NASLMINLEVEL 70300 C...
Mandriva Linux Security Advisory : cpio (MDVSA-2015:065)
Updated cpio package fixes security vulnerabilities : Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive CVE-2014-9112. Additionally, a NULL pointer dereference in the copyinlink...
Mandriva Linux Security Advisory : openldap (MDVSA-2015:074)
A vulnerability has been discovered and corrected in openldap : The derefparseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an empty attribute list in a deref control in...
Mandriva Linux Security Advisory : rsyslog (MDVSA-2015:130)
Updated rsyslog packages fix security vulnerability : Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial...
Mandriva Linux Security Advisory : libtasn1 (MDVSA-2015:116)
Updated libtasn1 packages fix security vulnerabilities : Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash CVE-2014-3467. It was...
Mandriva Linux Security Advisory : git (MDVSA-2015:169)
Updated git packages fix security vulnerability : It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a git pull. Because git permitted committing .Git/config or any case variation, on the pu...
Mandriva Linux Security Advisory : ppp (MDVSA-2015:135)
Updated ppp packages fix security vulnerability : A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options CVE-2014-3158. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Mandriva Linux Security Advisory : cifs-utils (MDVSA-2015:114)
Updated cifs-utils packages fix security vulnerability : Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c CVE-2014-2830. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandriva Linux...
Mandriva Linux Security Advisory : libxfont (MDVSA-2015:145-1)
Updated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges CVE-2014-0209. Ilja...