what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 596 RSS Feed

Files Date: 2015-03-01 to 2015-03-31

Mandriva Linux Security Advisory 2015-119
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-119 - Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service. Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash.

tags | advisory, denial of service, protocol, info disclosure
systems | linux, redhat, mandriva
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2015-0255
SHA-256 | 9a99ccedd34c67a048ace0a5867356eb6858bcbd1dc024890093acb3993ef4e1
Mandriva Linux Security Advisory 2015-117
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-117 - Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424
SHA-256 | e043d01b911de8a521c0058b5ae096fcc95d7709a23796108284394e82aef97a
Mandriva Linux Security Advisory 2015-116
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-116 - Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash. It was discovered that libtasn1 library function asn1_get_bit_der() could incorrectly report negative bit length of the value read from ASN.1 input. This could possibly lead to an out of bounds access in an application using libtasn1, for example in case if application tried to terminate read value with NUL byte. A NULL pointer dereference flaw was found in libtasn1's asn1_read_value_type() / asn1_read_value() function. If an application called the function with a NULL value for an ivalue argument to determine the amount of memory needed to store data to be read from the ASN.1 input, libtasn1 could incorrectly attempt to dereference the NULL pointer, causing an application using the library to crash.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
SHA-256 | c4e199c0ab79d1649e49098959c6c8f3c0dcefdc5a01643028b98300c6a849fb
Mandriva Linux Security Advisory 2015-115
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-115 - The LXC driver in libvirt 1.0.1 through 1.2.1 allows local users to delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc//root and the virInitctlSetRunLevel function. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2013-6456, CVE-2014-0179, CVE-2014-3633, CVE-2014-3657, CVE-2014-7823, CVE-2014-8136, CVE-2015-0236
SHA-256 | 6ae8444cee405a1fa17b4071c1f7b85b191e5b4db7e6d53ab6a0a1a1d4adf05d
Mandriva Linux Security Advisory 2015-114
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-114 - Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-2830
SHA-256 | f1e6762ecc0694c92ec16406ad07849adad4c3f5d3a5f58d36f81013a08b2cf9
Mandriva Linux Security Advisory 2015-112
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-112 - Updated python-lxml packages fix a security vulnerability. The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters. A remote attacker could use this flaw to serve malicious content to an application using the clean_html() function to process HTML, possibly allowing the attacker to inject malicious code into a website generated by this application.

tags | advisory, remote, python
systems | linux, mandriva
advisories | CVE-2014-3146
SHA-256 | 9782c7173bedc95f4c5df27002270a1202ff8a53b872b31ce533d108fb837b01
Mandriva Linux Security Advisory 2015-113
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-113 - Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging around for a long time.

tags | advisory, imap
systems | linux, mandriva
advisories | CVE-2014-3430
SHA-256 | 02bb0de3a8646cbeff42c1216386daf1423a1ee06013225762cc7befed905053
Mandriva Linux Security Advisory 2015-110
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-110 - Updated postgresql packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244
SHA-256 | cd647c5ff4321218c25352d015eb51dfa7a69e9781099b68aae8665b6a5a10de
Mandriva Linux Security Advisory 2015-111
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-111 - It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-0191, CVE-2014-3660
SHA-256 | 6c45babaeca1ec041e913e0a86d595448e15db3a18b9abd9cc95bfd525ba2526
Mandriva Linux Security Advisory 2015-105
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-105 - A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick. A buffer overflow flaw was found in the way ImageMagick writes PSD images when the input data has a large number of unlabeled layers. ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-1958, CVE-2014-2030, CVE-2014-8354, CVE-2014-8355, CVE-2014-8562, CVE-2014-8716
SHA-256 | 9d4477f8ef6747ae1cfb8e5a1b1423691dd7cc8643385f46f1b29bdd1eed3a8c
Mandriva Linux Security Advisory 2015-109
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-109 - Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Keryn Knight discovered that Django incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. Note that this issue only affected python-django. Cross-site scripting vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a \@property.

tags | advisory, remote, web, denial of service, arbitrary, spoof, xss, python
systems | linux, mandriva
advisories | CVE-2015-0219, CVE-2015-0220, CVE-2015-0221, CVE-2015-0222, CVE-2015-2241
SHA-256 | 73ed54e1b87bdc65f660a901fe9524ca68b38f6616915656e7bcdd6f60701f1c
Mandriva Linux Security Advisory 2015-108
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-108 - Cross-site scripting vulnerability in scheduler/client.c in Common Unix Printing System before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.

tags | advisory, remote, web, overflow, arbitrary, local, xss
systems | linux, unix, mandriva
advisories | CVE-2014-2856, CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031, CVE-2014-9679
SHA-256 | 029c517fb2aafd25bf90e98f07319e0f00c7a6d282bf8e64661bb76a2f70f6a8
Mandriva Linux Security Advisory 2015-107
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-107 - Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.

tags | advisory, java, remote
systems | linux, mandriva
advisories | CVE-2014-0459
SHA-256 | d312428d84d334e6ec9e0b048aee06388640f025627b969b8fddf338322f3650
Mandriva Linux Security Advisory 2015-106
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-106 - Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-5705
SHA-256 | 23f22694518c71f067c9915413f641361265e421bf51568bbf400fe91d29e5e1
Mandriva Linux Security Advisory 2015-103
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-103 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled. Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service. Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack when processing larger than normal ICMP or ICMPv6 packets. Due to incorrect input validation Squid pinger binary is vulnerable to denial of service or information leak attacks when processing ICMP or ICMPv6 packets.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2014-0128, CVE-2014-3609, CVE-2014-6270, CVE-2014-7141, CVE-2014-7142
SHA-256 | b3a7102719ad1db82c04532795f87002757f84b9b74f8c08a14cd808e53dcbcc
Mandriva Linux Security Advisory 2015-104
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-104 - The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could cause an application using libdw to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-0172, CVE-2014-9447
SHA-256 | 2dc0f5478ae8a0416760b54f46eda2b4b9a524956ed6d38ef3797a37480e1da1
Mandriva Linux Security Advisory 2015-102
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-102 - Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library. Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-6370, CVE-2013-6371
SHA-256 | 53220f408dd775184b66dbae8a641480a35b07f26f6e64a9d1156a34f96373cb
Mandriva Linux Security Advisory 2015-101
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-101 - Florian Weimer found a stack-based buffer overflow flaw in the libjbig library (part of jbigkit). A specially-crafted image file read by libjbig could be used to cause a program linked to libjbig to crash or, potentially, to execute arbitrary code. The jbigkit package has been updated to version 2.1, which fixes this issue, as well as a few other bugs, including the ability of corrupted input data to force the jbig85 decoder into an end-less loop.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-6369
SHA-256 | 0eef4cdfaf4e18da84306809e2310c9f65932487688f820380f590e6d610fa60
Mandriva Linux Security Advisory 2015-100
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-100 - Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. Various other issues where also addressed.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476, CVE-2014-2707, CVE-2014-4336, CVE-2014-4337, CVE-2014-4338
SHA-256 | 7f312cada7ef4fe1709a37c3131bcc60a0c6ae0baefe7518dff2e7a96f7746ca
Debian Security Advisory 3198-2
Posted Mar 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3198-2 - The previous update for php5, DSA-3198-1, introduced a regression causing segmentation faults when using SoapClient::__setSoapHeader. Updated packages are now available to address this regression.

tags | advisory
systems | linux, debian
SHA-256 | df90a70deba1e4a4b2212a47f82ee6d453ee6b838b98c699dc1bdc25bfd90392
Debian Security Advisory 3207-1
Posted Mar 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3207-1 - A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated attacker, the daemon could crash.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2015-2684
SHA-256 | 31db8a9f2939066d7fa03c4462e2347a96378c48a0e69869a5bc242d97d78814
Debian Security Advisory 3206-1
Posted Mar 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3206-1 - Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system.

tags | advisory, vulnerability, protocol, python
systems | linux, debian
advisories | CVE-2014-9706, CVE-2015-0838
SHA-256 | 2e5614aff032c71049ac0e7d855287e618a8d7322b658826f46002b9fa04573a
Mandriva Linux Security Advisory 2015-098
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-098 - Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials. Various other issues were also addressed.

tags | advisory, web, protocol
systems | linux, mandriva
advisories | CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150
SHA-256 | 238c9d05fcd4c3b08f5247b6e8c3855e7a760b684bb0b2f4b2fd169a52c9dffc
Mandriva Linux Security Advisory 2015-096
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-096 - A flaw was found in the way stunnel, a socket wrapper which can provide SSL support to ordinary applications, performed initialization of PRNG after fork. When accepting a new connection, the server forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but seeds the PRNG with the output of time. The most important consequence is that servers using EC or DSA certificates may under certain conditions leak their private key. The updated packages fix this issue by using threads instead of new processes to handle connections. Also an issue has been corrected where the directory for the pid file was not being created when the package is installed. An issue currently exists in Mageia 4 where it fails trying to use FIPS SSL. This can be worked around by adding fips = no into the config.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0016
SHA-256 | 7dce4ccd27d3ab24aaba38df63d58ff30f2afcc77eb744241fcc74995ab0f4ec
Mandriva Linux Security Advisory 2015-095
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-095 - sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-2532, CVE-2014-2653
SHA-256 | 704f97d77be07b02b98aa395298a8190003a67ae5101733fa1d6b66750ddbc2a
Page 3 of 24
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close