Getsocial, S.A. Security Vulnerabilities

Mandriva Linux Security Advisory : coreutils (MDVSA-2015:179)

Updated coreutils packages fix security vulnerability : Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code...

Mandriva Linux Security Advisory : gcc (MDVSA-2015:170)

Updated gcc packages fix the following security issue : Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code CVE-2014-5044). They also fix....

Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2015:180)

Updated apache-mod_wsgi package fixes security vulnerabilities : apache-mod_wsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were...

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2015:173)

Updated ffmpeg packages fix security vulnerabilities : The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.0.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have...

Mandriva Linux Security Advisory : freerdp (MDVSA-2015:171)

Updated freerdp packages fix security vulnerabilities : Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors (CVE-2014-0250). Integer overflow in the license_read_scope_list.....

Mandriva Linux Security Advisory : wireshark (MDVSA-2015:183)

Updated wireshark package fixes security vulnerabilies : The WCP dissector could crash (CVE-2015-2188). The pcapng file parser could crash (CVE-2015-2189). The TNEF dissector could go into an infinite loop...

Mandriva Linux Security Advisory : setup (MDVSA-2015:184)

Updated setup package fixes security vulnerability : An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable (mga#14516). This update fixes....

Mandriva Linux Security Advisory : ctdb (MDVSA-2015:177)

Updated ctdb packages fix security vulnerability : ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket...

Mandriva Linux Security Advisory : drupal (MDVSA-2015:181)

Updated drupal packages fix security vulnerabilities : An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus...

Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:182)

Updated tcpdump package fixes security vulnerabilities : Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154,...

Mandriva Linux Security Advisory : firebird (MDVSA-2015:172)

Updated firebird packages fix a remote denial of service vulnerability : These update fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users...

Mandriva Linux Security Advisory : dbus (MDVSA-2015:176)

Updated dbus packages fix multiple vulnerabilities : A denial of service vulnerability in D-Bus before 1.6.20 allows a local attacker to cause a bus-activated service that is not currently running to attempt to start, and fail, denying other users access to this service Additionally, in highly...

Mandriva Linux Security Advisory : ejabberd (MDVSA-2015:175)

Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set...

Threat Outbreak Alert RuleID14354: Email Messages Distributing Malicious Software on March 30, 2015

Medium Alert ID: 38111 First Published: 2015 March 30 14:29 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID14354) may contain the following...

Mandriva Linux Security Advisory : python (MDVSA-2015:075)

Updated python packages fix security vulnerabilities : A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the...

Mandriva Linux Security Advisory : jbigkit (MDVSA-2015:101)

Updated jbigkit packages fix security vulnerability : Florian Weimer found a stack-based buffer overflow flaw in the libjbig library (part of jbigkit). A specially crafted image file read by libjbig could be used to cause a program linked to libjbig to crash or, potentially, to execute arbitrary...

Mandriva Linux Security Advisory : json-c (MDVSA-2015:102)

Updated json-c packages fix security vulnerabilities : Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be....

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2015:106)

Updated apache-mod_security packages fix security vulnerability : Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that...

Mandriva Linux Security Advisory : udisks2 (MDVSA-2015:088)

Updated udisks2 packages fixes security vulnerability : A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that could lead to arbitrary code execution with the privileges of the...

Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)

Updated python3 packages fix security vulnerabilities : ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips (CVE-2013-7338). A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be...

Mandriva Linux Security Advisory : libpng12 (MDVSA-2015:071)

Updated libpng12 package fixes security vulnerabilities : The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and...

Mandriva Linux Security Advisory : postgresql (MDVSA-2015:110)

Updated postgresql packages fix multiple security vulnerabilities : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a.....

Mandriva Linux Security Advisory : glibc (MDVSA-2015:168)

Updated glibc packages fix security vulnerabilities : Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv...

Mandriva Linux Security Advisory : jython (MDVSA-2015:158)

Updated jython packages fix security vulnerability : There are serveral problems with the way Jython creates class cache files, potentially leading to arbitrary code execution or information disclosure...

Mandriva Linux Security Advisory : ppp (MDVSA-2015:135)

Updated ppp packages fix security vulnerability : A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options...

Mandriva Linux Security Advisory : rsyslog (MDVSA-2015:130)

Updated rsyslog packages fix security vulnerability : Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial.....

Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)

Updated sudo packages fix security vulnerability : Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit...

Mandriva Linux Security Advisory : libarchive (MDVSA-2015:157)

Updated libarchive packages fix security vulnerability : Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths...

Mandriva Linux Security Advisory : gnupg (MDVSA-2015:155)

Updated gnupg and libgcrypt packages fix security vulnerabilities : GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak (CVE-2014-3591). GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in...

Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141)

Updated not-yet-commons-ssl packages fixes security vulnerability : It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM).....

Mandriva Linux Security Advisory : libpng (MDVSA-2015:090)

Updated libpng package fixes security vulnerabilities : The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero...

Mandriva Linux Security Advisory : libjpeg (MDVSA-2015:152)

Updated libjpeg packages fix security vulnerability : Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing...

Mandriva Linux Security Advisory : openssh (MDVSA-2015:095)

Updated openssh packages fix security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

Mandriva Linux Security Advisory : squid (MDVSA-2015:103)

Updated squid packages fix security vulnerabilities : Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled (CVE-2014-0128). Matthew Daley discovered that Squid 3 did not properly....

Mandriva Linux Security Advisory : e2fsprogs (MDVSA-2015:067)

Updated e2fsprogs packages fix security vulnerabilities : The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used...

Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)

Multiple vulnerabilities has been discovered and corrected in openssl : Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service...

Mandriva Linux Security Advisory : libxml2 (MDVSA-2015:111)

Updated libxml2 packages fix security vulnerabilities : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...

Mandriva Linux Security Advisory : icu (MDVSA-2015:161-1)

Updated icu packages fix security vulnerabilities : The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to.....

Mandriva Linux Security Advisory : egroupware (MDVSA-2015:087)

Updated egroupware packages fix security vulnerabilities : eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize() method (CVE-2014-2027). eGroupWare before 1.8.007 allows logged in users...

Mandriva Linux Security Advisory : patch (MDVSA-2015:138)

Updated patch package fixes security vulnerabilities : It was reported that a crafted diff file can make patch eat memory and later segfault (CVE-2014-9637). It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This...

Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084)

Updated tomcat package fixes security vulnerabilities : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050). Apache Tomcat 7.x....

Mandriva Linux Security Advisory : libssh (MDVSA-2015:086)

Updated libssh packages fix security vulnerabilities : When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current...

Mandriva Linux Security Advisory : git (MDVSA-2015:169)

Updated git packages fix security vulnerability : It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a git pull. Because git permitted committing .Git/config (or any case variation), on the...

Mandriva Linux Security Advisory : cpio (MDVSA-2015:066)

Updated cpio package fixes security vulnerability : In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then...

Mandriva Linux Security Advisory : xlockmore (MDVSA-2015:118)

Updated xlockmore packages fix security vulnerability : xlockmore before 5.45 contains a security flaw related to a bad value of fnt for pyro2 which could cause an X error. This update backports the fix for version...

Mandriva Linux Security Advisory : curl (MDVSA-2015:098)

Updated curl packages fix security vulnerabilities : Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user (CVE-2014-0015)....

Mandriva Linux Security Advisory : elfutils (MDVSA-2015:104)

Updated elfutils packages fix security vulnerabilities : The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could...

Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)

This update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being...

Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)

Updated freetype2 packages fix security vulnerabilities : It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240). It was also reported that...

Mandriva Linux Security Advisory : rsync (MDVSA-2015:131)

Updated rsync package fixes security vulnerability : Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption...