Getsocial, S.A. Security Vulnerabilities

Mandriva Linux Security Advisory : libksba (MDVSA-2015:151)

Updated libksba packages fix security vulnerability : By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service...

Mandriva Linux Security Advisory : util-linux (MDVSA-2015:122)

Updated util-linux packages fix security vulnerability : Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges (CVE-2014-9114). The util-linux package has been updated to version 2.24.2 and patched to fix this issue and...

Mandriva Linux Security Advisory : mutt (MDVSA-2015:078)

Updated mutt packages fix security vulnerability : A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition (CVE-2014-9116). The mutt package has been updated to version 1.5.23 and patched to fix this...

Mandriva Linux Security Advisory : openldap (MDVSA-2015:073)

Multiple vulnerabilities has been discovered and corrected in openldap : The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref....

Mandriva Linux Security Advisory : unzip (MDVSA-2015:123)

Updated unzip package fix security vulnerabilities : The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The input errors may result in in...

Mandriva Linux Security Advisory : php (MDVSA-2015:079)

Multiple vulnerabilities has been discovered and corrected in php : S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code...

Mandriva Linux Security Advisory : liblzo (MDVSA-2015:150)

Updated liblzo packages fix security vulnerability : An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker...

Mandriva Linux Security Advisory : perl (MDVSA-2015:136)

Updated perl package fixes security vulnerability : The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which...

Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)

Updated freetype2 packages fix security vulnerabilities : It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240). It was also reported that...

Mandriva Linux Security Advisory : cabextract (MDVSA-2015:064)

Updated cabextract packages fix security vulnerabilities : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...

Mandriva Linux Security Advisory : openssl (MDVSA-2015:063)

Multiple vulnerabilities has been discovered and corrected in openssl : The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force...

Mandriva Linux Security Advisory : php (MDVSA-2015:080)

Multiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943).....

Mandriva Linux Security Advisory : cups-filters (MDVSA-2015:100)

Updated cups-filters packages fix security vulnerabilities : Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6473). Florian Weimer...

Mandriva Linux Security Advisory : gnupg (MDVSA-2015:154)

Updated gnupg, gnupg2 and libgcrypt packages fix security vulnerabilities : GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop (CVE-2014-4617). The libgcrypt library before...

Mandriva Linux Security Advisory : torque (MDVSA-2015:124)

Updated torque packages fix security vulnerabilities : Chad Vizino reported that within a TORQUE Resource Manager job a non-root user could use a vulnerability in the tm_adopt() library call to kill processes he/she doesn't own including root-owned ones on any node in a job (CVE-2014-3684). This...

Mandriva Linux Security Advisory : lua (MDVSA-2015:144)

Updated lua and lua5.1 packages fix security vulnerability : A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution...

Mandriva Linux Security Advisory : x11-server (MDVSA-2015:119)

Updated x11-server packages fix security vulnerabilities : Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service (CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096,.....

Mandriva Linux Security Advisory : libtiff (MDVSA-2015:147-1)

Updated libtiff packages fix security vulnerabilities : The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655,...

Mandriva Linux Security Advisory : libvirt (MDVSA-2015:070)

Updated libvirt packages fixes security vulnerabilities : The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors...

Mandriva Linux Security Advisory : cpio (MDVSA-2015:065)

Updated cpio package fixes security vulnerabilities : Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112). Additionally, a NULL pointer dereference in the...

Mandriva Linux Security Advisory : openldap (MDVSA-2015:074)

A vulnerability has been discovered and corrected in openldap : The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control.....

Mandriva Linux Security Advisory : pulseaudio (MDVSA-2015:134)

Updated pulseaudio package fixes RTP remote crash vulnerability : PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in mbs2 was a pre-release...

Mandriva Linux Security Advisory : python-numpy (MDVSA-2015:077)

Updated python-numpy packages fix security vulnerabilities : f2py insecurely used a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py (CVE-2014-1858,...

Mandriva Linux Security Advisory : gtk+3.0 (MDVSA-2015:162)

Updated gtk+3.0 packages fix security vulnerability : Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session (CVE-2014-1949). This was fixed by...

Mandriva Linux Security Advisory : imagemagick (MDVSA-2015:105)

Updated imagemagick package fixes security vulnerabilities : A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially,...

Mandriva Linux Security Advisory : e2fsprogs (MDVSA-2015:068)

Updated e2fsprogs packages fix security vulnerability : The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to.....

Mandriva Linux Security Advisory : python-lxml (MDVSA-2015:112)

Updated python-lxml packages fix security vulnerability : The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters (\x01-\x08). A remote attacker could use this flaw to serve malicious content to an application using....

Mandriva Linux Security Advisory : ipython (MDVSA-2015:160)

Updated ipython package fixes security vulnerability : In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted.....

Mandriva Linux Security Advisory : libtasn1 (MDVSA-2015:116)

Updated libtasn1 packages fix security vulnerabilities : Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash (CVE-2014-3467). It was.....

Mandriva Linux Security Advisory : readline (MDVSA-2015:132)

Updated readline packages fix security vulnerability : Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks (CVE-2014-2524). Also, upstream patches have been added to fix an infinite loop....

Mandriva Linux Security Advisory : samba (MDVSA-2015:082)

Updated samba packages fix security vulnerabilities : In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling....

Mandriva Linux Security Advisory : emacs (MDVSA-2015:117)

Updated emacs packages fix security vulnerabilities : Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs (CVE-2014-3421, CVE-2014-3422, CVE-2014-3423,...

Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2015:097)

Updated php-ZendFramework packages fix multiple vulnerabilities : XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform....

Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)

Updated gnutls packages fix security vulnerabilities : Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the.....

Mandriva Linux Security Advisory : openvpn (MDVSA-2015:139)

Updated openvpn packages fix security vulnerability : Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service...

Mandriva Linux Security Advisory : ruby (MDVSA-2015:129)

Updated ruby packages fix security vulnerabilities : Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of...

Mandriva Linux Security Advisory : nginx (MDVSA-2015:094)

Updated nginx package fixes security vulnerabilities : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution.....

Mandriva Linux Security Advisory : python-requests (MDVSA-2015:133)

Updated python-requests packages fix security vulnerabilities : Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file through redirect requests, if the user has their passwords stored in the ~/.netrc file (CVE-2014-1829). It was...

Mandriva Linux Security Advisory : python-pillow (MDVSA-2015:099)

Updated python-imaging packages fix security vulnerabilities : Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to...

Mandriva Linux Security Advisory : net-snmp (MDVSA-2015:092)

Updated net-snmp packages fix security vulnerabilities : Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects (CVE-2014-2284). Remotely exploitable denial of....

Mandriva Linux Security Advisory : cifs-utils (MDVSA-2015:114)

Updated cifs-utils packages fix security vulnerability : Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c...

Mandriva Linux Security Advisory : cups (MDVSA-2015:108)

Updated cups packages fix security vulnerabilities : Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function...

Mandriva Linux Security Advisory : sendmail (MDVSA-2015:128)

Updated sendmail packages fix security vulnerability : Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery (e.g., via...

Mandriva Linux Security Advisory : krb5 (MDVSA-2015:069)

Multiple vulnerabilities has been discovered and corrected in krb5 : The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly...

Mandriva Linux Security Advisory : libssh2 (MDVSA-2015:148-1)

Updated libssh2 packages fix security vulnerability : Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in.....

Mandriva Linux Security Advisory : wpa_supplicant (MDVSA-2015:120)

Updated wpa_supplicant and hostapd packages fix security vulnerability : A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command...

Mandriva Linux Security Advisory : python-django (MDVSA-2015:109)

Updated python-django packages fix security vulnerabilities : Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments (CVE-2015-0219). Mikko Ohtamaa discovered that Django...

Mandriva Linux Security Advisory : subversion (MDVSA-2015:085)

Updated subversion packages fix security vulnerabilities : The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via an OPTIONS request (CVE-2014-0032). Ben Reser discovered that Subversion did not.....

Mandriva Linux Security Advisory : ntp (MDVSA-2015:140)

Updated ntp packages fix security vulnerabilities : If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated (CVE-2014-9293). ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys.....

Mandriva Linux Security Advisory : libvncserver (MDVSA-2015:146)

Updated libvncserver packages fix security vulnerabilities : An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607). The...