what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2015-03-31

Mandriva Linux Security Advisory 2015-166
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-166 - Updated clamav packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-6497, CVE-2014-9050, CVE-2014-9328
SHA-256 | c9f748f74277b055a6eddb9124d74c2aa31a11d13316c85eeebddb155ff23f43
Mandriva Linux Security Advisory 2015-165
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-165 - By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-8500, CVE-2015-1349
SHA-256 | 1b590fc51333510284a3f960ee5db24e4033e0c82e4a366baec311dff230159a
Mandriva Linux Security Advisory 2015-161
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-161 - Updated icu packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940
SHA-256 | 566144e517320f25cda8c8094b5ee49b12023f9fdf5e6d20e62106a78c9eeb73
Mandriva Linux Security Advisory 2015-163
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-163 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The grub2 package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | 6ae284d0de868ab7f87fb05d92e7bbec5da0551f41a32b761bd68e4d8f04ff31
Mandriva Linux Security Advisory 2015-162
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-162 - Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session. This was fixed by including a patch for the root cause of the issue in gtk+3.0, which came from the implementation of popup menus in GtkWindow. This update also includes other patches from upstream to fix bugs affecting GtkFileChooser and GtkSpinButton, and a crash related to clipboard handling.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2014-1949
SHA-256 | cf80ceff4ed62bd235cb53a99e11aa7d44db37768d27f75218f1fd909d1cc637
Mandriva Linux Security Advisory 2015-160
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-160 - In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page.

tags | advisory, arbitrary, kernel
systems | linux, mandriva
advisories | CVE-2014-3429
SHA-256 | e0afdaf32c75a4e54c52b438e7bff14d3cd7b96603cd332eb07f34ccf782837e
Mandriva Linux Security Advisory 2015-185
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-185 - Updated dokuwiki packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-8761, CVE-2014-8762, CVE-2014-8763, CVE-2014-8764, CVE-2014-9253, CVE-2015-2172
SHA-256 | eddb2448ff8196264864f1a3f612e50f96588209ca6ced1be1973173caa3de41
HP Security Bulletin HPSBHF03271 1
Posted Mar 31, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03271 1 - A potential security vulnerability has been identified with certain HP PCs and workstations running Windows 7 and NVidia Graphics Driver. This vulnerability could be exploited resulting in elevation of privilege. Note: The NVIDIA Display Drivers kernel administrator check improperly validates local client impersonation levels in some cases. Revision 1 of this advisory.

tags | advisory, kernel, local
systems | windows
advisories | CVE-2015-1170
SHA-256 | ed603c85167a570f2e8b43500e0a4d71592053ee5be38b0401178155bd90576d
Debian Security Advisory 3209-1
Posted Mar 31, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3209-1 - Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2013-4449, CVE-2014-9713, CVE-2015-1545
SHA-256 | 783252edc6cdc7f792037cd981fb9a70030843baeac39d7cef0d1682ead9207d
HP Security Bulletin HPSBGN03270 1
Posted Mar 31, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03270 1 - A potential security vulnerability has been identified with HP Operations Analytics. This is the GlibC vulnerability known as "GHOST" which could be exploited remotely resulting in execution of code.. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-0235
SHA-256 | ae6ac51f6c8b71f94dcab5da67541885375cdda1e86f387af7341ac1634e50ad
Mandriva Linux Security Advisory 2015-184
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-184 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected.

tags | advisory, root
systems | linux, mandriva
SHA-256 | 8c963bdb7cce8a9c0a9386cfce7cc61183437a4163709d4b338392425cc953b1
Mandriva Linux Security Advisory 2015-183
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-183 - Updated wireshark packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2015-2188, CVE-2015-2189, CVE-2015-2191
SHA-256 | 9393cab969b17d8c5c9e8c704f21edc4e00fcfbf309f18f0fd777925465a689d
Mandriva Linux Security Advisory 2015-159
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-159 - Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service or the execution of arbitrary code. A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029
SHA-256 | a36a00196c08d0408ceab560dc9c5df764c1dc4d040fc8efb6d24a5eadf0ff8f
Mandriva Linux Security Advisory 2015-182
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-182 - Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | b518c5cc2a38d5563e0f4d450daeb9cd17df9da4bc1d189a065f06513f681a47
Mandriva Linux Security Advisory 2015-145-1
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-145 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
SHA-256 | a9a42ecd718721d5a11d06c024b5f62812437aee1c473aaf4bd9e04467a32d40
Mandriva Linux Security Advisory 2015-147-1
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-147 - The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547
SHA-256 | 8fd06892fd1592a752ac86a066a00fde9dbfab1c50592e92252ea38003eac2da
Mandriva Linux Security Advisory 2015-181
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-181 - Updated drupal packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750
SHA-256 | 4fece48fbf9967314d0f4f390197211e43659b51085e37d95cea8466124db95a
Mandriva Linux Security Advisory 2015-178
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-178 - A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2014-7204
SHA-256 | 4856f41cb3500b0a5a2d0cd3d13cba408a3d4ce143dcc8fba07aad63143bf49c
Mandriva Linux Security Advisory 2015-179
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-179 - Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-9471
SHA-256 | ff100be26779b2793efa5c8c29b9c23b781fa55b32b499d842e52f979887d063
Mandriva Linux Security Advisory 2015-180
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-180 - apache-mod_wsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were specified to the option supplementary-groups, then memory corruption or a process crash could occur. It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-8583
SHA-256 | 40f8b322ddf7710b19ea3969bb8a422052e750f3097df1b53e68aac2fbfa40ac
Mandriva Linux Security Advisory 2015-029-1
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-029 - Multiple integer overflows in the _objalloc_alloc function in objalloc.c and objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow. Various other issues have also been addressed. The updated packages provide a solution for these security issues.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2012-3509, CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738
SHA-256 | 17338cc76901ec6d375328a89c847885a4f080a52a7ad75c46bbffc520a402c3
Mandriva Linux Security Advisory 2015-177
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-177 - ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4159
SHA-256 | cb41f452f37d8c417fb6d0008c7b5bf4852d84a8f249caf725556bf40d275370
Mandriva Linux Security Advisory 2015-176
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-176 - Updated dbus packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3477, CVE-2014-3532, CVE-2014-3533, CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824, CVE-2015-0245
SHA-256 | 4be93103f6f354ef453a2dc02b3ccf964ab78327305a7f7671ec1fe2b6855df4
Mandriva Linux Security Advisory 2015-175
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-175 - A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8760
SHA-256 | 4e10a55aef4c7c41fd2a7da4d7badd54e58df15babffed08a946b2ed90da023f
Mandriva Linux Security Advisory 2015-174
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-174 - An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module. This update also disables SSLv3 by default to mitigate the POODLE issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-1693
SHA-256 | 7327dff93225125f42183afea1aae6cef8aa7051755efb32071f7d558e419f43
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close