seeing is believing
Showing 76 - 100 of 2,707 RSS Feed

Files from Mandriva

Email addresssecurity at mandriva.com
First Active2004-12-12
Last Active2015-05-08
Mandriva Linux Security Advisory 2015-153
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-153 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. A buffer read overflow in gd_gif_in.c in the php #68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package.

tags | advisory, remote, denial of service, overflow, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-9709
MD5 | 5694676071578958c39a0ef7c793d650
Mandriva Linux Security Advisory 2015-154
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-154 - Updated gnupg, gnupg2 and libgcrypt packages fix security GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop. The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack. GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg and gnupg2 package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2014-4617, CVE-2014-5270, CVE-2015-0837
MD5 | a9fde0a382a9277ba5a3eb8be545725b
Mandriva Linux Security Advisory 2015-148
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2015-1782
MD5 | a1ab273b6d043a98c0d045adaa78c2c5
Mandriva Linux Security Advisory 2015-152
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-152 - Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-9092
MD5 | a5e3f870c125ed225ee9d6dfcc12e4a1
Mandriva Linux Security Advisory 2015-147
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-147 - The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547
MD5 | 2e8800865be0d1a2e17f933e8ec19dca
Mandriva Linux Security Advisory 2015-149
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-149 - libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service. libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2014-9496
MD5 | 35644042cbdc1506743a19a7624e6922
Mandriva Linux Security Advisory 2015-158
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-158 - There are serveral problems with the way Jython creates class cache files, potentially leading to arbitrary code execution or information disclosure.

tags | advisory, arbitrary, code execution, info disclosure
systems | linux, mandriva
advisories | CVE-2013-2027
MD5 | 04aca7ee24c0dee0f079d588dd85ad2c
Mandriva Linux Security Advisory 2015-157
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-157 - Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-2304
MD5 | 57fcfc2633f46c063873ede71eedaedb
Mandriva Linux Security Advisory 2015-156
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-156 - capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without capabilities, which is potentially dangerous.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2014-3215
MD5 | 210615058d6da4d916b72b9aa1440ea7
Mandriva Linux Security Advisory 2015-017-1
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-6272
MD5 | c0c8543f901fbb7812196a56d8e35140
Mandriva Linux Security Advisory 2015-155
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-155 - GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2015-0837
MD5 | 0831dafa2eda5dfedb8876c87c9850f4
Mandriva Linux Security Advisory 2015-148-1
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process. Packages were missing for Mandriva Business Server 1 with the MDVSA-2015:148 advisory which are now being provided.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2015-1782
MD5 | 2059fbdf992c2ffbd12d04c631b5a3a8
Mandriva Linux Security Advisory 2015-144
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-144 - A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-5461
MD5 | 263d4a6475ad8e104f3c13bdb5e91e23
Mandriva Linux Security Advisory 2015-143
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-143 - A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-9474
MD5 | ca5b56a767005ea0c93222337ca63f81
Mandriva Linux Security Advisory 2015-142
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-142 - A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work load involves successive JSON.parse calls and the parsed objects are significantly deep, you may experience the process aborting while parsing. Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Node.js before 0.10.31, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. The nodejs package has been updated to version 0.10.33 to fix these issues as well as several other bugs.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2013-6668, CVE-2014-5256
MD5 | cc3c52b4da3f8ca4360f5006dfbd8d6b
Mandriva Linux Security Advisory 2015-141
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-141 - It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle attack, where the attacker can spoof a valid certificate using a specially crafted subject.

tags | advisory, spoof
systems | linux, mandriva
MD5 | 15634ec4dce270e3936a14cfab0691d4
Mandriva Linux Security Advisory 2015-138
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-138 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9637, CVE-2015-1196, CVE-2015-1395
MD5 | 86e8f4da50566c787addbc03ee54af99
Mandriva Linux Security Advisory 2015-140
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, suse, mandriva
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297, CVE-2014-9298
MD5 | 63eace47c4bb590165b141e4cf13cf56
Mandriva Linux Security Advisory 2015-139
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-139 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-8104
MD5 | 1d9cde48fabbf3e08e7d97fefe529c15
Mandriva Linux Security Advisory 2015-137
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-137 - A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8964
MD5 | aa39fe670ed59c58566dbcef793114c0
Mandriva Linux Security Advisory 2015-136
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-136 - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. Also, the Text::Wrap version provided in perl contains a bug that can lead to a code path that shouldn't be hit. This can lead to crashes in other software, such as Bugzilla. The Text::Wrap module bundled with Perl has been patched and the Data::Dumper module bundled with Perl has been updated to fix these issues.

tags | advisory, denial of service, perl
systems | linux, mandriva
advisories | CVE-2014-4330
MD5 | eec4db20e91727a9b339e9d324da5749
Mandriva Linux Security Advisory 2015-135
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-135 - A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3158
MD5 | 082e20da52ef54673b4b53247ab03042
Mandriva Linux Security Advisory 2015-134
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-134 - PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in mbs2 was a pre-release version of PulseAudio v5 and has been updated to the official final version.

tags | advisory, remote, udp
systems | linux, mandriva
advisories | CVE-2014-3970
MD5 | a8a5c8549f431beaae5b190b6a65cda5
Mandriva Linux Security Advisory 2015-133
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-133 - Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file through redirect requests, if the user has their passwords stored in the ~/.netrc file. It was discovered that the python-requests Proxy-Authorization header was never re-evaluated when a redirect occurs. The Proxy-Authorization header was sent to any new proxy or non-proxy destination as redirected. In python-requests before 2.6.0, a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing.

tags | advisory, python
systems | linux, mandriva
advisories | CVE-2014-1829, CVE-2014-1830, CVE-2015-2296
MD5 | 8e1c0c65e5643077e318ea23c132d622
Mandriva Linux Security Advisory 2015-131
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-131 - Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-2855
MD5 | d92e1b13f850602f224f95f5f3b9a4fe
Page 4 of 109
Back23456Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close