617 matches found
Mandriva Linux Security Advisory : librsync (MDVSA-2015:204)
Updated librsync packages fix security vulnerability : librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions...
[ MDVSA-2015:064 ] cabextract
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:064 http://www.mandriva.com/en/support/security/ Package : cabextract Date : March 27, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated cabextract packages fix security...
Mandriva Linux Security Advisory : coreutils (MDVSA-2015:179)
Updated coreutils packages fix security vulnerability : Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code CVE-2014-9471. %NASLMINLEVEL 70300 C Tenable...
Mandriva Linux Security Advisory : ejabberd (MDVSA-2015:175)
Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttlsrequired is set CVE-2014-8760. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
Mandriva Linux Security Advisory : squid (MDVSA-2015:103)
Updated squid packages fix security vulnerabilities : Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled CVE-2014-0128. Matthew Daley discovered that Squid 3 did not properly...
Mandriva Linux Security Advisory : rsync (MDVSA-2015:131)
Updated rsync package fixes security vulnerability : Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption CVE-2014-2855...
Mandriva Linux Security Advisory : openssl (MDVSA-2015:063)
Multiple vulnerabilities has been discovered and corrected in openssl : The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption...
Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)
Updated gnutls packages fix security vulnerabilities : Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default something that deviates from the...
Mandriva Linux Security Advisory : lua (MDVSA-2015:144)
Updated lua and lua5.1 packages fix security vulnerability : A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution CVE-2014-5461...
Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:055)
Updated freetype2 packages fix security vulnerabilities : The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...
[ MDVSA-2015:009 ] krb5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:009 http://www.mandriva.com/en/support/security/ Package : krb5 Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated krb5 packages fix security vulnerability: In MIT krb5, when...
Mandriva Linux Security Advisory : openssl (MDVSA-2015:019)
Multiple vulnerabilities has been discovered and corrected in openssl : A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord...
Mandriva Linux Security Advisory : jasper (MDVSA-2014:247)
Updated jasper packages fix security vulnerability : Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service application crash or the execution of arbitrary code CVE-2014-9029. %NASLMINLEVEL 70300 C Tenable Network...
Mandriva Linux Security Advisory : bugzilla (MDVSA-2014:200)
Updated bugzilla packages fix security vulnerabilities : If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group CVE-2014-1571. An attacker creating a new...
Mandriva Linux Security Advisory : libgadu (MDVSA-2014:185)
Updated libgadu packages fix security vulnerability : Libgadu before 1.12.0 was found to not be performing SSL certificate validation CVE-2013-4488. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandriva Linux...
Mandriva Linux Security Advisory : catfish (MDVSA-2014:162)
Updated catfish package fixes security vulnerability : Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse catfish.py in the current working directory CVE-2014-2093. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Mandriva Linux Security Advisory : dhcpcd (MDVSA-2014:171)
Updated dhcpcd package fixes security vulnerability : In dhcpcd before 6.4.3, a specially crafted packet received from a malicious DHCP server caused dhcpcd to enter an infinite loop, causing a denial of service CVE-2014-6060. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
[ MDVSA-2014:167 ] file
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:167 http://www.mandriva.com/en/support/security/ Package : file Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated file packages fix security vulnerability: A flaw was found ...
Mandriva Linux Security Advisory : live (MDVSA-2014:144)
Updated live fix security vulnerability : The live555 RTSP streaming server and client libraries before 2013.11.29 are vulnerable to buffer overflows in RTSP command parsing that potentially allow for arbitrary code execution when connected to a malicious client or server. %NASLMINLEVEL 70300 C...
Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:137)
Multiple vulnerabilities has been discovered and corrected in apache-modwsgi : It was found that modwsgi did not properly drop privileges if the call to setuid\ failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could...