Mandriva Linux Security Advisory 2015-058 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
9e3286645b07ba09497f299f4db502238c2d94c89713da2d000ee34aeb276a28Mandriva Linux Security Advisory 2015-057 - The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat expression, a different vulnerability than CVE-2013-7421. net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. The updated packages provides a solution for these security issues.
c7e15d90dbbc5bc9948f7f6bf42febec7ed38b4fea44c971f7d0404e8e4aa6c6Mandriva Linux Security Advisory 2015-056 - It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.
7e87068c24ee66145d63ce115342713c291da259fa85a94842f8e9f9641c874bMandriva Linux Security Advisory 2015-054 - Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker.
a34207981a886a158577856e030851948b7a3f3e331735b3a69d0f3f55895e6fMandriva Linux Security Advisory 2015-055 - The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TrueType font. The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TrueType font. Various other issues have also been addressed.
ea5afe2e065748087b3505058fe600ae5ebe2dc2de3a8f9bd97dc15a6efff7e7Mandriva Linux Security Advisory 2015-052 - Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via a Content-Length header and a Transfer-Encoding: chunked header. Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. Various otehr issues have also been addressed.
97bbcd6d4926c538ddee85ad3d0f0b44d18269f0be80dd2f5d3003993c58a4a6Mandriva Linux Security Advisory 2015-053 - Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service via a malformed chunk size in chunked transfer coding of a request during the streaming of data. java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. Various other issues have also been addressed.
fe7dd525200711ca8beef5888a4d5fba2a1e6a655e7bc8d56fb1e925244aad4bMandriva Linux Security Advisory 2015-051 - A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Sympa web interface newsletter posting area.
2245d844c77c4acfc7ca77363eb9659c18cfb7b8858fde4ea3330d6a315aa50bMandriva Linux Security Advisory 2015-050 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
dd7de176b34a952d25575c635b880b8c9dc41848d647c7ceb42a7c5c8cf1b677Mandriva Linux Security Advisory 2015-049 - A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.
4e612da94a75e94c7020c6ebba6df495936f1935a1e11297c6fb9e1c656627dcMandriva Linux Security Advisory 2015-044 - Incorrect memory management in Gtk2::Gdk::Display::list_devices in perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+ still holds onto and might access later. The updated packages have been patched to correct this issue.
e73da39c4f4f83b3f336e55cc33673138264f90452afaeb86dafd1ea189a8695Mandriva Linux Security Advisory 2015-047 - Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.
72bdd7da941cefc3fb4d3fcab073210f54c6225dc876df7b77489666a6946e4fMandriva Linux Security Advisory 2015-048 - Multiple vulnerabilities has been discovered and corrected in Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PostgreSQL incorrectly handled memory in the pgcrypto extension. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. Emil Lenngren discovered that PostgreSQL incorrectly handled extended protocol message reading. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly inject query messages. This advisory provides the latest version of PostgreSQL that is not vulnerable to these issues.
634d97dbd89e3a11f0f04718cbf5534aac49ac2bfae32de2e27000b2b448d65eMandriva Linux Security Advisory 2015-046 - Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.
1738bc161859133a34d1c1b3f945bb293d62965b7ce6af9e1ab54e8936be9dd5Mandriva Linux Security Advisory 2015-045 - The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability.
afbd08dd885b278be82cc4c96d75245e87201d6fbcf427b723ce8ce64f54f3c9Mandriva Linux Security Advisory 2015-043 - An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.
78c4ebc355ef57a8f65bf66a10f4072a53a151e9a0b9ff461469d27a4cbf76e1Mandriva Linux Security Advisory 2015-042 - ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab. Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.
0f31768a032aa445bf6c6645b079c10c5d92c4d4313198bf0e21aab63085c11cMandriva Linux Security Advisory 2015-041 - Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any remotely-controlled user input, this issue can cause a denial-of-service.
57c01618d2a6be2bd2138ee390169ed9153232eb1539290e84b9d7a0e8d12ac7Mandriva Linux Security Advisory 2015-040 - Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. This update also adds some patches from Robert Scheck which correct some packaging issues with zarafa-webaccess.
aacd5843699be6279756f6f8c44982c115706fb7f6481e02dd3bc3448b5d4785Mandriva Linux Security Advisory 2015-039 - Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the gethostbyname2 function, aka GHOST. The updated packages have been patched to correct this issue.
2988cae9f4b2d9755cd45cfb07efe524d20a846420d827788fb6e9e8e45bb1e7Mandriva Linux Security Advisory 2015-037 - oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted raw file.
68bd780b6d562051b12179c4a57f5f38c82ab20ffcf49b061676f53913d8b1deMandriva Linux Security Advisory 2015-035 - The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file.
c0d0fdf11463d788b243f4b3b8f4937a46d2c5452896e3d87ed2c7e1d2f09f49Mandriva Linux Security Advisory 2015-036 - Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service.
212e2d83ea64299229d2b7ec344d965843afb8af3da853f762e1f9a4d5f63fb2Mandriva Linux Security Advisory 2015-034 - An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
6f2b9aa523a2e44ac7be5aad5e6ca8583c556a47f7de8a17e2f369b1ba6386a6Mandriva Linux Security Advisory 2015-033 - Updated java-1.7.0 packages fix security vulnerabilities. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Various other issues were also addressed.
de75c842108c6518b8c37fd7513f0640f18b98d5881b31b9651786b1e9dad5ad
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed