Mandriva Linux Security Advisory 2015-141 - It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle attack, where the attacker can spoof a valid certificate using a specially crafted subject.
f0f771bacef92c10040aa5a169d42cbf8bfd9f8032c398753c44e54d0594db43
Mandriva Linux Security Advisory 2015-138 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
8f8e1c73634a3689d8e6323af40e9c4af6955c1e0849939e0b6d5b933cefd02c
Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.
6c051822021817ac7fc8875977c5ca320de4662ed0ed8219480997118279051d
Mandriva Linux Security Advisory 2015-139 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.
423f9e05f4527afc39798b49c9182eb15495fbe96f9f58d5910d9264f658af74
Mandriva Linux Security Advisory 2015-137 - A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions.
3f1acf93b81dd2f291d5c88b3fdbd7075ea2f9e1852e2d13d0088a3fa3175a93
Mandriva Linux Security Advisory 2015-136 - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. Also, the Text::Wrap version provided in perl contains a bug that can lead to a code path that shouldn't be hit. This can lead to crashes in other software, such as Bugzilla. The Text::Wrap module bundled with Perl has been patched and the Data::Dumper module bundled with Perl has been updated to fix these issues.
a3e94ab9406937961e1413a2283cd15e6647020327efe2581f2eea934953cc8d
Mandriva Linux Security Advisory 2015-135 - A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options.
c250b0f1a61c3c700f05e83a6eab0505cb72c9ad4019f2ad669136baafe19f53
Mandriva Linux Security Advisory 2015-134 - PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in mbs2 was a pre-release version of PulseAudio v5 and has been updated to the official final version.
70528d36e53bef7cea6e32b4c297b13d4ad2329140601f26526ee4747e14405b
Mandriva Linux Security Advisory 2015-133 - Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file through redirect requests, if the user has their passwords stored in the ~/.netrc file. It was discovered that the python-requests Proxy-Authorization header was never re-evaluated when a redirect occurs. The Proxy-Authorization header was sent to any new proxy or non-proxy destination as redirected. In python-requests before 2.6.0, a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing.
c16596fd1421f61f65bec780385bab621cf701455989361dc3437d3ee0d43c9b
Mandriva Linux Security Advisory 2015-131 - Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption.
c68039f4562fde75646f8328e774954f4ef92543859f4f5d4808b8fa2ad4bfc7
Mandriva Linux Security Advisory 2015-132 - Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when pasting text.
7caba1a1569f27dfa32052197fe65c95f9b0725e42dbede12ab796a0b7717007
Mandriva Linux Security Advisory 2015-130 - Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
20a277fb8c92c74a610c9de21b3046e5452a361ef4c9abd90afd6a2b60b739e2
Mandriva Linux Security Advisory 2015-129 - Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Due to an incomplete fix for 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.
81e3a6da88aa29facafd616dc8b716c1aff7f0e2b4c29f1fd07c25ee27dde04b
Mandriva Linux Security Advisory 2015-128 - Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery.
cb9739113128522a737faf859a00100344d4478aa8f5695a3ca0946630baede8
Mandriva Linux Security Advisory 2015-127 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
c2afdf6df232dfa0f1e7f2d6a4b68eb64ea16f42e60c5be7a833ec29608114c8
Mandriva Linux Security Advisory 2015-126 - Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library's TZ parser or open files the user would not otherwise have access to. Arbitrary file access via TZ could also be used in a denial of service attack by reading from a file or fifo that will block. The sudo package has been updated to version 1.8.12, fixing this issue and several other bugs.
8a0130eeeff7921e595c61a9a46685d549a4e0891e7f1dcf5025327e5898c01b
Mandriva Linux Security Advisory 2015-125 - The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set. The application decoder for the Ad hoc On-Demand Distance Vector protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults. It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code. .
cccdf6a08416c7e233f85d97827ddb003d99b7d183693360b958ba81f6accaa2
Ubuntu Security Notice 2551-1 - David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks.
332e147796b76007a2eee0473067381a45d06b911cef8bd6a3122da5a3ae99eb
Mandriva Linux Security Advisory 2015-124 - Chad Vizino reported that within a TORQUE Resource Manager job a non-root user could use a vulnerability in the tm_adopt() library call to kill processes he/she doesn't own including root-owned ones on any node in a job. This update implements the upstream fixes.
0b6cf337451bd08a3491d44990a5a552c523304d3702af295a7b53c842bd5444
Mandriva Linux Security Advisory 2015-122 - Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and other bugs.
c7da1e9be1c32cf25afd74ccbcad2cf938f8531d4970615f5b0a048c46d0b8e2
Mandriva Linux Security Advisory 2015-120 - A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpa_cli/hostapd_cli process (which may be root in common use cases. Using the Mandriva wpa_supplicant package, systems are exposed to the vulnerability if operating as a WPS registrar.
ce79535d525247ae701a512f6701feaf970e965a4ae177cdd17bfbae1cfeae0b
Mandriva Linux Security Advisory 2015-123 - Updated unzip package fix multiple security vulnerabilities.
29ba50a03d278e126684809bd7aa9750c907fee11e1960b53dcaa74fc369fe53
Mandriva Linux Security Advisory 2015-121 - Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. The default settings in wget have been changed such that wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the wget command.
59bdc8205dc2a955b3e45bdfe18e3e28e22b1aa03648e070bbd52cf091cea9be
Mandriva Linux Security Advisory 2015-118 - xlockmore before 5.45 contains a security flaw related to a bad value of fnt for pyro2 which could cause an X error. This update backports the fix for version 5.43.
e85f5b9978d1d48083d112d1981054504721b85104a09e7979c2770518094988
Mandriva Linux Security Advisory 2015-119 - Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service. Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash.
9a99ccedd34c67a048ace0a5867356eb6858bcbd1dc024890093acb3993ef4e1