Mandriva Linux Security Advisory : dokuwiki (MDVSA-2015:185)

Updated dokuwiki packages fix security vulnerabilities : inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki...

Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)

Updated freetype2 packages fix security vulnerabilities : It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2hintmapbuild in the CFF rasterizing code, which could lead to a buffer overflow CVE-2014-2240. It was also reported that Freetype...

[ MDVSA-2015:009 ] krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:009 http://www.mandriva.com/en/support/security/ Package : krb5 Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated krb5 packages fix security vulnerability: In MIT krb5, when...

Mandriva Linux Security Advisory : mariadb (MDVSA-2014:210)

Multiple vulnerabilities has been discovered and corrected in mariadb : Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS CVE-2014-6464...

[ MDVSA-2014:201 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:201 http://www.mandriva.com/en/support/security/ Package : kernel Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

Mandriva Linux Security Advisory : libvirt (MDVSA-2014:195)

Multiple vulnerabilities has been discovered and corrected in libvirt : An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune function looked up the disk index in a non-persistent live disk configuration while a persistent disk configuration was being indexed. A remot...

Mandriva Linux Security Advisory : mariadb (MDVSA-2014:102)

Multiple vulnerabilities has been discovered and corrected in mariadb : Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML CVE-2014-0384. Unspecified...

Mandriva Linux Security Advisory : hplip (MDVSA-2014:023)

Updated hplip packages fix security vulnerabilities : It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files CVE-2013-6402. It was discovered that HPLIP contained an upgrade tool that would...

Mandriva Linux Security Advisory : hplip (MDVSA-2013:088)

This hplip update addresses the folloving issues : Print/Fax queues can now be analyzed by running hp-diagnose-queues fixes some issues and duplex scanning support with newer AIO devices fixes Wireless configuration using hp-wificonfig command for HP Deskjet 3000 J310 series and HP Deskjet 3050...

Mandriva Linux Security Advisory : x11-server (MDVSA-2013:139)

This fixes a format string vulnerability in the LogVHdrMessageVerb function in os/log.c when handling input device names in X.Org X11 server CVE-2012-2118. MBS1 is not vulnerable to arbitrary code execution via this vulnerability because of the compiler options that were used to build it, but it...

Mandriva Linux Security Advisory : krb5 (MDVSA-2011:159)

Multiple vulnerabilities has been found and corrected in krb5 : The kdbldap plugin in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:095)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement - S7143606, CVE-2012-1717:...

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2012:075)

Multiple vulnerabilities has been found and corrected in ffmpeg : The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file CVE-2011-3362, CVE-2011-3504. cavsdec.c in libavcodec in FFmpeg allows remote...

MDVA-2012:031 : mysql

This is a maintenance and bugfix release that upgrades mysql to the latest respective version which resolves various upstream bugs. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network...

Mandriva Linux Security Advisory : apr (MDVSA-2012:019)

A vulnerability has been found and corrected in ASF APR : tables/aprhash.c in the Apache Portable Runtime APR library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CP...

MDVA-2011:093-1 : psmisc

This is a bugfix and maintenance update of the psmisc packages that addresses the following issues: Fixed bug with fuser is returning an incorrect return value when using -s option 64846 Update: Packages for 2010.2 is also being provided. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been...

Mandriva Linux Security Advisory : krb5-appl (MDVSA-2011:117)

A vulnerability was discovered and corrected in krb5-appl : ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications aka krb5-appl 1.0.1 and earlier does not check the krb5setegid return value, which allows remote authenticated users to bypass intended group access restrictions, an...

Mandriva Linux Security Advisory : openldap (MDVSA-2011:055)

Multiple vulnerabilities has been identified and fixed in openldap : chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicyforwardupdates aka authentication-failure forwarding is used, allows remote authenticated users to bypass...

MDVA-2011:011 : mono-tools

A dependency problem was discovered with mono-tools in that it required a much older version of libxulrunner than the current latest one, this advisory addresses this problem. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:...

Mandriva Linux Security Advisory : dhcp (MDVSA-2011:022)

A vulnerability has been found and corrected in dhcp : The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service assertion failure and daemon crash by sending a message over...