Getsocial, S.A. Security Vulnerabilities

Mandriva Linux Security Advisory : dbus-glib (MDVSA-2013:071)

Updated dbus-glib packages fix security vulnerability : A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender (message source subject),...

Mandriva Linux Security Advisory : qemu (MDVSA-2013:121)

Updated qemu packages fix security vulnerability : A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest's read-only image and the current state. In snapshot...

Mandriva Linux Security Advisory : x11-server (MDVSA-2013:139)

This fixes a format string vulnerability in the LogVHdrMessageVerb function in os/log.c when handling input device names in X.Org X11 server (CVE-2012-2118). MBS1 is not vulnerable to arbitrary code execution via this vulnerability because of the compiler options that were used to build it, but it....

Mandriva Linux Security Advisory : freeradius (MDVSA-2013:038)

Updated freeradius packages fixes security vulnerabilities : It was found that the unix module ignored the password expiration setting in /etc/shadow. If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully...

Mandriva Linux Security Advisory : elinks (MDVSA-2013:075)

Updated elinks package fixes security vulnerability : Marko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate...

Mandriva Linux Security Advisory : libssh (MDVSA-2013:045)

Updated libssh packages fix security vulnerabilities : Multiple double free flaws, buffer overflow flaws, invalid free flaws, and improper overflow checks in libssh before 0.5.3 could enable a denial of service attack against libssh clients, or possibly arbitrary code execution (CVE-2012-4559,...

Mandriva Linux Security Advisory : drupal (MDVSA-2013:074)

Updated drupal packages fix security vulnerabilities : Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain.....

Mandriva Linux Security Advisory : courier-authlib (MDVSA-2013:068)

When using the authpgsql module and if the Postgres server goes down, authpgsql will start leaking memory. A packaging flaw was discovered that caused the courier-authlib-devel package to be installed when installing for example maildrop. This update fixes both of these...

Mandriva Linux Security Advisory : weechat (MDVSA-2013:136)

Updated weechat packages fix security vulnerability : A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem (CVE-2012-5854). Untrusted command for function hook_process in WeeChat before...

Mandriva Linux Security Advisory : nss-pam-ldapd (MDVSA-2013:106)

Updated nss-pam-ldapd packages fixes the following security vulnerability : Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a...

Mandriva Linux Security Advisory : clamav (MDVSA-2013:027-1)

ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for finding and reporting these...

Mandriva Linux Security Advisory : poppler (MDVSA-2013:143)

Multiple vulnerabilities has been found and corrected in poppler : poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an invalid memory access in (1) splash/Splash.cc, (2) poppler/Function.cc,...

Mandriva Linux Security Advisory : asterisk (MDVSA-2013:140)

Multiple vulnerablilities was identified and fixed in asterisk : The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk...

Mandriva Linux Security Advisory : wireshark (MDVSA-2013:055)

Multiple vulnerabilities has been found and corrected in wireshark : Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) The DIAMETER...

Mandriva Linux Security Advisory : taglib (MDVSA-2013:131)

Updated taglib packages fix security vulnerabilities : taglib before 1.7.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file...

Mandriva Linux Security Advisory : libjpeg (MDVSA-2013:044)

A vulnerability has been discovered and corrected in libjpeg : A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially crafted JPEG image that,...

Mandriva Linux Security Advisory : sleuthkit (MDVSA-2013:125)

Updated sleuthkit packages fix security vulnerabilities : A security flaw was found in the way the Sleuth Kit (TSK), a collection of UNIX-based command line tools allowing to investigate a computer, performed management of '.' (dotfile) file system entry. An attacker could use this flaw t...

Mandriva Linux Security Advisory : squashfs-tools (MDVSA-2013:128)

Updated squashfs-tools packages fix security vulnerabilities : remote arbitrary code execution via crafted list file (CVE-2012-4024). integer overflow in queue_init() may lead to arbitrary code execution...

Mandriva Linux Security Advisory : ruby (MDVSA-2013:124)

Updated ruby packages fix security vulnerabilities : Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions (CVE-2012-4466, CVE-2012-4481). It was...

Mandriva Linux Security Advisory : libgssglue (MDVSA-2013:043)

This update fixes insecure getenv() usage in libgssglue, which could be used under some circumstances by local attackers do gain root privileges...

Mandriva Linux Security Advisory : emacs (MDVSA-2013:076)

Updated emacs packages fix security vulnerabilities : Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent...

Mandriva Linux Security Advisory : dokuwiki (MDVSA-2013:073)

Updated dokuwiki package fixes security vulnerabilities : DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files...

Mandriva Linux Security Advisory : openslp (MDVSA-2013:111)

Updated openslp packages fix security vulnerability : The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (infinite loop) via a packet with a next extension offset that references this extension or a previous extension...

Mandriva Linux Security Advisory : cronie (MDVSA-2013:033)

Updated cronie package fixes the following issue : It was reported that cronie 1.4.8 would leak certain file descriptors. On systems where /etc/crontab is not world-readable this could be an information disclosure concern...

Mandriva Linux Security Advisory : openconnect (MDVSA-2013:108)

Updated openconnect packages fix security vulnerability : A stack-based buffer overflow flaw was found in the way OpenConnect, a client for Cisco's AnyConnect VPN, performed processing of certain host names, paths, or cookie lists, received from the VPN gateway. A remote VPN gateway could provide.....

Mandriva Linux Security Advisory : dbus (MDVSA-2013:070)

Updated dbus packages fix security vulnerability : It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running.....

Mandriva Linux Security Advisory : libotr (MDVSA-2013:097)

A vulnerability was found and corrected in libotr : Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted...

Mandriva Linux Security Advisory : rpmdevtools (MDVSA-2013:123)

Updated rpmdevtools package fixes security vulnerability : A TOCTOU race condition was found in the way 'annotate-output' (used to execute a program annotating the output linewise with time and stream) tool of rpmdevtools before 8.3 performed management of its temporary files used for standard...

Mandriva Linux Security Advisory : python (MDVSA-2013:117)

Updated python packages fix security vulnerabilities : A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw....

Mandriva Linux Security Advisory : php (MDVSA-2013:016)

Multiple vulnerabilities has been discovered and corrected in php : PHP does not validate the configration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations (CVE-2013-1635). PHP allows...

Mandriva Linux Security Advisory : apache (MDVSA-2013:015-1)

Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD) : Various XSS (cross-site scripting vulnerability) flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp (CVE-2012-3499). XSS (cross-site scripting...

Mandriva Linux Security Advisory : squid (MDVSA-2013:013)

Multiple vulnerabilities has been found and corrected in squid (cachemgr.cgi) : Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via...

Mandriva Linux Security Advisory : postgresql (MDVSA-2013:012)

A vulnerability has been discovered and corrected in postgresql : PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with...

Mandriva Linux Security Advisory : samba (MDVSA-2013:011)

Multiple vulnerabilities has been found and corrected in samba (swat) : The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element (CVE-2013-0213)....

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)

Multiple security issues were identified and fixed in OpenJDK (icedtea6) : S6563318, CVE-2013-0424: RMI data sanitization S6664509, CVE-2013-0425: Add logging context S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time S6776941:...

TP-LINK Admin Panel Multiple CSRF Vulnerabilities

Exploit for hardware platform in category web...

TP-Link - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities

...

TP-Link - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities

TP-Link - Admin Panel Multiple Cross-Site Request Forgery...

Mandriva Linux Security Advisory : libssh (MDVSA-2013:009)

A vulnerability has been found and corrected in libssh : The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a Client: Diffie-Hellman Key...

Mandriva Linux Security Advisory : mysql (MDVSA-2013:007)

This is a maintenance and bugfix release that upgrades mysql to the latest version which resolves various upstream bugs and a total of 18 security related bugs (CVE-2012-0572, CVE-2012-0574, CVE-2012-0578, CVE-2012-1702, CVE-2012-1705, CVE-2012-5060, CVE-2012-5096, CVE-2012-5611, CVE-2012-5612,...

Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:006)

Multiple vulnerabilities has been found and corrected in freetype2 : A NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts. A remote attacker could provide a specially crafted BDF font file, which once processed in....

Mandriva Linux Security Advisory : perl (MDVSA-2013:005)

A vulnerability has been found and corrected in perl : Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or....

Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability

Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability: CVE: CVE-2012-5053 Deloitte Argentina Advisory Code: DTTAR-20130001 Vendor Status: CONFIRMED Public Disclosure Date: January, 15th, 2013. Vendors Affected: Trimble - http://www.trimble.com/ Systems...

Mandriva Linux Security Advisory : rootcerts (MDVSA-2013:003)

Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management....

Mandriva Linux Security Advisory : gnupg (MDVSA-2013:001-1)

A vulnerability has been found and corrected in gnupg : Versions of GnuPG <= 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults (or has other...

Polycom® HDX® Video End Points Web Management Cross Site Scripting (XSS) vulnerability

Polycom® HDX® Video End Points Web Management Cross Site Scripting (XSS) vulnerability: CVE: CVE-2012-4970 Deloitte Argentina Advisory Code: DTTAR-20120001 Vendor Status: CONFIRMED Public Disclosure Date: December, 23rd, 2012. Vendors Affected: Polycom - http://www.polycom.com/ Systems...

Mandriva Linux Security Advisory : libtiff (MDVSA-2012:184)

A vulnerability was found and corrected in libtiff : A stack-based buffer overflow was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly,....

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2012:182)

Multiple vulnerabilities has been discovered and corrected in apache-mod_security : ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data...

Mandriva Linux Security Advisory : python-django (MDVSA-2012:181)

Multiple host header poisoning flaws were found and fixed in Django. The updated packages have been upgraded to the 1.3.5 version which is not affected by these...

Mandriva Linux Security Advisory : perl-CGI (MDVSA-2012:180)

A vulnerability was discovered and corrected in perl-CGI : CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm (CVE-2012-5526). The....