4554 matches found
Mandriva Linux Security Advisory : batik (MDVSA-2015:203)
Updated batik packages fix security vulnerability : Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary...
Mandriva Linux Security Advisory : less (MDVSA-2015:199)
Updated less package fixes security vulnerability : Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access CVE-2014-9488. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...
Mandriva Linux Security Advisory : cups-filters (MDVSA-2015:196)
Updated cups-filters package fixes security vulnerability : cups-browsed in cups-filters before 1.0.66 contained a bug in the removebadchars\ function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrar...
Mandriva Linux Security Advisory : flac (MDVSA-2015:188)
Multiple vulnerabilities has been discovered and corrected in flac : Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file CVE-2014-9028. Stack-based buffer overflow in streamdecoder.c in libFLAC before 1.3...
Mandriva Linux Security Advisory : graphviz (MDVSA-2015:187)
Updated graphviz packages fix security vulnerability : Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string...
Mandriva Linux Security Advisory : subversion (MDVSA-2015:192)
Multiple vulnerabilities has been discovered and corrected in subversion : Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests CVE-2015-0202. Subversion moddavsvn and svnserve are vulnerable to a remotely...
Mandriva Linux Security Advisory : tor (MDVSA-2015:189)
Updated tor packages fix security vulnerabilities : The tor package has been updated to version 0.2.4.26, which fixes possible crashes that may be remotely trigger-able, which would result in a denial of service, and also fixes a few other bugs. See the release announcement for details...
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2015:186)
A vulnerability has been discovered and corrected in phpmyadmin : libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with...
Mandriva Linux Security Advisory : dokuwiki (MDVSA-2015:185)
Updated dokuwiki packages fix security vulnerabilities : inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki...
Mandriva Linux Security Advisory : erlang (MDVSA-2015:174)
Updated erlang packages fixes security vulnerability : An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP comman...
Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:182)
Updated tcpdump package fixes security vulnerabilities : Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service application crash or, potentially, execution of arbitrary code CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155...
Mandriva Linux Security Advisory : gcc (MDVSA-2015:170)
Updated gcc packages fix the following security issue : Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code CVE-2014-5044. They also fix...
Mandriva Linux Security Advisory : setup (MDVSA-2015:184)
Updated setup package fixes security vulnerability : An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable mga14516. This update fixes...
Mandriva Linux Security Advisory : wireshark (MDVSA-2015:183)
Updated wireshark package fixes security vulnerabilies : The WCP dissector could crash CVE-2015-2188. The pcapng file parser could crash CVE-2015-2189. The TNEF dissector could go into an infinite loop CVE-2015-2191. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Mandriva Linux Security Advisory : coreutils (MDVSA-2015:179)
Updated coreutils packages fix security vulnerability : Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code CVE-2014-9471. %NASLMINLEVEL 70300 C Tenable...
Mandriva Linux Security Advisory : ctdb (MDVSA-2015:177)
Updated ctdb packages fix security vulnerability : ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket CVE-2013-4159. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Mandriva Linux Security Advisory : dbus (MDVSA-2015:176)
Updated dbus packages fix multiple vulnerabilities : A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly...
Mandriva Linux Security Advisory : firebird (MDVSA-2015:172)
Updated firebird packages fix a remote denial of service vulnerability : These update fix the recently discovered security vulnerability CORE-4630 that may be used for a remote DoS attack performed by unauthorized users CVE-2014-9492. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Mandriva Linux Security Advisory : ejabberd (MDVSA-2015:175)
Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
Mandriva Linux Security Advisory : ctags (MDVSA-2015:178)
Updated ctags package fixes security vulnerability : A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop CVE-2014-7204. %NASLMINLEVEL 70300 C Tenable Networ...