Getsocial, S.A. Security Vulnerabilities

Mandriva Linux Security Advisory : flac (MDVSA-2014:239)

Updated flac packages fix security vulnerabilities : In libFLAC before 1.3.1, a stack overflow (CVE-2014-8962) and a heap overflow (CVE-2014-9028), which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC...

Mandriva Linux Security Advisory : graphviz (MDVSA-2014:248)

Updated graphviz packages fix security vulnerability : Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string...

Mandriva Linux Security Advisory : rpm (MDVSA-2014:251)

Updated rpm packages fix security vulnerabilities : It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system...

Mandriva Linux Security Advisory : openvpn (MDVSA-2014:246)

Updated openvpn packages fix security vulnerability : Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service (CVE-2014-8104). The openvpn...

Mandriva Linux Security Advisory : mutt (MDVSA-2014:245)

Updated mutt packages fix security vulnerability : A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition (CVE-2014-9116). The mutt package has been updated to version 1.5.23 and patched to fix this...

Mandriva Linux Security Advisory : tcpdump (MDVSA-2014:240)

Updated tcpdump package fixes security vulnerabilities : The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767). The application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol in Tcpdump fails to perform input....

Mandriva Linux Security Advisory : bind (MDVSA-2014:238)

Updated bind packages fix security vulnerability : By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the...

Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:241)

Updated mediawiki packages fix security vulnerabilies : In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML (CVE-2014-9276). MediaWiki's mangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that...

Mandriva Linux Security Advisory : yaml (MDVSA-2014:242)

Updated yaml and perl-YAML-LibYAML packages fix security vulnerability : An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:243)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password (CVE-2014-9218).....

Mandriva Linux Security Advisory : jasper (MDVSA-2014:247)

Updated jasper packages fix security vulnerability : Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service (application crash) or the execution of arbitrary code...

Mandriva Linux Security Advisory : cpio (MDVSA-2014:250)

Updated cpio package fixes security vulnerability : Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112). Additionally, a NULL pointer dereference in the...

Threat Outbreak Alert RuleID12691: Email Messages Distributing Malicious Software on December 4, 2014

Medium Alert ID: 36645 First Published: 2014 December 4 14:34 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID12691) may contain the following...

Mandriva Linux Security Advisory : libksba (MDVSA-2014:234)

Updated libksba packages fix security vulnerability : By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service...

Mandriva Linux Security Advisory : perl-Mojolicious (MDVSA-2014:237)

Updated perl-Mojolicious package fixes security vulnerability : An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection...

Mandriva Linux Security Advisory : file (MDVSA-2014:236)

Updated file packages fix security vulnerability : An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash...

Mandriva Linux Security Advisory : perl-Plack (MDVSA-2014:235)

Updated perl-Plack package fixes security vulnerability : Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files...

Mandriva Linux Security Advisory : glibc (MDVSA-2014:232)

Updated glibc package fixes security vulnerability : The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of $((... ``)) where ... can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if...

Mandriva Linux Security Advisory : icecast (MDVSA-2014:231)

Updated icecast package fixes security vulnerability : Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to (external) clients...

Mandriva Linux Security Advisory : wordpress (MDVSA-2014:233)

Updated wordpress package fixes security vulnerabilities : XSS in wptexturize() via comments or posts, exploitable for unauthenticated users (CVE-2014-9031). XSS in media playlists (CVE-2014-9032). CSRF in the password reset process (CVE-2014-9033). Denial of service for giant passwords. The...

Mandriva Linux Security Advisory : kernel (MDVSA-2014:230)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause.....

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:228)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : Multiple XSS vulnerabilities (CVE-2014-8958). Local file inclusion vulnerability (CVE-2014-8959). XSS vulnerability in error reporting functionality (CVE-2014-8960). Leakage of line count of an arbitrary...

Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:229)

Updated libvncserver packages fix security vulnerabilities : A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC...

Mandriva Linux Security Advisory : imagemagick (MDVSA-2014:226)

Updated imagemagick packages fix security vulnerabilities : ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder...

Mandriva Linux Security Advisory : ruby (MDVSA-2014:225)

Updated ruby packages fix security vulnerabilities : Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for...

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2014:227)

Multiple vulnerabilities has been discovered and corrected in ffmpeg : The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P,....

Mandriva Linux Security Advisory : wireshark (MDVSA-2014:223)

Updated wireshark packages fix security vulnerabilities : SigComp UDVM buffer overflow (CVE-2014-8710). AMQP crash (CVE-2014-8711). NCP crashes (CVE-2014-8712, CVE-2014-8713). TN5250 infinite loops...

Mandriva Linux Security Advisory : libvirt (MDVSA-2014:222)

Updated libvirt packages fix security vulnerability : Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file...

Mandriva Linux Security Advisory : php-smarty (MDVSA-2014:221)

An XSS vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception (CVE-2012-4437). Smarty before 3.1.21 allows remote attackers to bypass the secure mode.....

Mandriva Linux Security Advisory : srtp (MDVSA-2014:219)

Updated srtp package fixes security vulnerability : Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies...

Mandriva Linux Security Advisory : krb5 (MDVSA-2014:224)

Updated krb5 packages fix security vulnerability : The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by...

Mandriva Linux Security Advisory : qemu (MDVSA-2014:220)

Updated qemu packages fix security vulnerabilities : Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host (CVE-2013-4544). Multiple integer overflow,...

Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2014:216)

A vulnerability has been found and corrected in php-ZendFramework : The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an....

Mandriva Linux Security Advisory : clamav (MDVSA-2014:217)

ClamAV 0.98.5 addresses several reported potential security bugs. Certain JavaScript files causes ClamAV to segfault when scanned with the -a (list archived files)...

Mandriva Linux Security Advisory : gnutls (MDVSA-2014:215)

Updated gnutls package fix security vulnerability : An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate....

Mandriva Linux Security Advisory : dbus (MDVSA-2014:214)

Updated dbus packages fixes the following security issues : Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon : On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or...

Mandriva Linux Security Advisory : curl (MDVSA-2014:213)

Updated curl packages fix security vulnerability : Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...

Threat Outbreak Alert RuleID12474: Email Messages Distributing Malicious Software on November 18, 2014

Medium Alert ID: 36458 First Published: 2014 November 18 19:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID12474) may contain the following...

Threat Outbreak Alert RuleID12478: Email Messages Distributing Malicious Software on November 18, 2014

Medium Alert ID: 36452 First Published: 2014 November 18 16:18 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID12478) may contain the following...

Threat Outbreak Alert RuleID12458: Email Messages Distributing Malicious Software on November 17, 2014

Medium Alert ID: 36438 First Published: 2014 November 17 18:59 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID12458) may contain the following...

Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation Vulnerability

No description provided by...

Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation

No description provided by...

Mandriva Linux Security Advisory : wget (MDVSA-2014:212)

Updated wget package fixes security vulnerability : Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP (CVE-2014-4877). The default settings in wget have been...

Mandriva Linux Security Advisory : wpa_supplicant (MDVSA-2014:211)

Updated wpa_supplicant packages fix security vulnerability : A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the.....

Mandriva Linux Security Advisory : mariadb (MDVSA-2014:210)

Multiple vulnerabilities has been discovered and corrected in mariadb : Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (CVE-2014-6464)....

Mandriva Linux Security Advisory : lua (MDVSA-2014:205)

Updated lua and lua5.1 packages fix security vulnerability : A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution...

Mandriva Linux Security Advisory : ctags (MDVSA-2014:206)

Updated ctags package fixes security vulnerability : A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:208)

Updated phpmyadmin package fixes security vulnerability : In phpMyAdmin before 4.2.10.1, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries...

Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:209)

Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk : Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2014-6506,...

Mandriva Linux Security Advisory : ejabberd (MDVSA-2014:207)

Updated ejabberd packages fix security vulnerability : A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set...