Mandriva Linux Security Advisory 2015-142 - A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work load involves successive JSON.parse calls and the parsed objects are significantly deep, you may experience the process aborting while parsing. Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Node.js before 0.10.31, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. The nodejs package has been updated to version 0.10.33 to fix these issues as well as several other bugs.
cdcb058c825c2c65daeca78e8d8e225b7668fb9972028beebe40d4e812c35030Mandriva Linux Security Advisory 2015-141 - It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle attack, where the attacker can spoof a valid certificate using a specially crafted subject.
f0f771bacef92c10040aa5a169d42cbf8bfd9f8032c398753c44e54d0594db43Mandriva Linux Security Advisory 2015-138 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
8f8e1c73634a3689d8e6323af40e9c4af6955c1e0849939e0b6d5b933cefd02cMandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.
6c051822021817ac7fc8875977c5ca320de4662ed0ed8219480997118279051dMandriva Linux Security Advisory 2015-139 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.
423f9e05f4527afc39798b49c9182eb15495fbe96f9f58d5910d9264f658af74Mandriva Linux Security Advisory 2015-137 - A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions.
3f1acf93b81dd2f291d5c88b3fdbd7075ea2f9e1852e2d13d0088a3fa3175a93Mandriva Linux Security Advisory 2015-136 - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. Also, the Text::Wrap version provided in perl contains a bug that can lead to a code path that shouldn't be hit. This can lead to crashes in other software, such as Bugzilla. The Text::Wrap module bundled with Perl has been patched and the Data::Dumper module bundled with Perl has been updated to fix these issues.
a3e94ab9406937961e1413a2283cd15e6647020327efe2581f2eea934953cc8dMandriva Linux Security Advisory 2015-135 - A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options.
c250b0f1a61c3c700f05e83a6eab0505cb72c9ad4019f2ad669136baafe19f53Mandriva Linux Security Advisory 2015-134 - PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in mbs2 was a pre-release version of PulseAudio v5 and has been updated to the official final version.
70528d36e53bef7cea6e32b4c297b13d4ad2329140601f26526ee4747e14405bMandriva Linux Security Advisory 2015-133 - Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file through redirect requests, if the user has their passwords stored in the ~/.netrc file. It was discovered that the python-requests Proxy-Authorization header was never re-evaluated when a redirect occurs. The Proxy-Authorization header was sent to any new proxy or non-proxy destination as redirected. In python-requests before 2.6.0, a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing.
c16596fd1421f61f65bec780385bab621cf701455989361dc3437d3ee0d43c9bMandriva Linux Security Advisory 2015-131 - Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption.
c68039f4562fde75646f8328e774954f4ef92543859f4f5d4808b8fa2ad4bfc7Mandriva Linux Security Advisory 2015-132 - Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when pasting text.
7caba1a1569f27dfa32052197fe65c95f9b0725e42dbede12ab796a0b7717007Mandriva Linux Security Advisory 2015-130 - Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
20a277fb8c92c74a610c9de21b3046e5452a361ef4c9abd90afd6a2b60b739e2Mandriva Linux Security Advisory 2015-129 - Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Due to an incomplete fix for 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.
81e3a6da88aa29facafd616dc8b716c1aff7f0e2b4c29f1fd07c25ee27dde04bMandriva Linux Security Advisory 2015-128 - Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery.
cb9739113128522a737faf859a00100344d4478aa8f5695a3ca0946630baede8Mandriva Linux Security Advisory 2015-127 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
c2afdf6df232dfa0f1e7f2d6a4b68eb64ea16f42e60c5be7a833ec29608114c8Mandriva Linux Security Advisory 2015-126 - Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library's TZ parser or open files the user would not otherwise have access to. Arbitrary file access via TZ could also be used in a denial of service attack by reading from a file or fifo that will block. The sudo package has been updated to version 1.8.12, fixing this issue and several other bugs.
8a0130eeeff7921e595c61a9a46685d549a4e0891e7f1dcf5025327e5898c01bMandriva Linux Security Advisory 2015-125 - The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set. The application decoder for the Ad hoc On-Demand Distance Vector protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults. It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code. .
cccdf6a08416c7e233f85d97827ddb003d99b7d183693360b958ba81f6accaa2Ubuntu Security Notice 2551-1 - David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks.
332e147796b76007a2eee0473067381a45d06b911cef8bd6a3122da5a3ae99ebMandriva Linux Security Advisory 2015-124 - Chad Vizino reported that within a TORQUE Resource Manager job a non-root user could use a vulnerability in the tm_adopt() library call to kill processes he/she doesn't own including root-owned ones on any node in a job. This update implements the upstream fixes.
0b6cf337451bd08a3491d44990a5a552c523304d3702af295a7b53c842bd5444Mandriva Linux Security Advisory 2015-122 - Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and other bugs.
c7da1e9be1c32cf25afd74ccbcad2cf938f8531d4970615f5b0a048c46d0b8e2Mandriva Linux Security Advisory 2015-120 - A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpa_cli/hostapd_cli process (which may be root in common use cases. Using the Mandriva wpa_supplicant package, systems are exposed to the vulnerability if operating as a WPS registrar.
ce79535d525247ae701a512f6701feaf970e965a4ae177cdd17bfbae1cfeae0bMandriva Linux Security Advisory 2015-123 - Updated unzip package fix multiple security vulnerabilities.
29ba50a03d278e126684809bd7aa9750c907fee11e1960b53dcaa74fc369fe53Mandriva Linux Security Advisory 2015-121 - Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. The default settings in wget have been changed such that wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the wget command.
59bdc8205dc2a955b3e45bdfe18e3e28e22b1aa03648e070bbd52cf091cea9beMandriva Linux Security Advisory 2015-118 - xlockmore before 5.45 contains a security flaw related to a bad value of fnt for pyro2 which could cause an X error. This update backports the fix for version 5.43.
e85f5b9978d1d48083d112d1981054504721b85104a09e7979c2770518094988
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed