-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:174 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : erlang Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module (CVE-2014-1693). This update also disables SSLv3 by default to mitigate the POODLE issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693 http://advisories.mageia.org/MGASA-2014-0553.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: c3782d8e70c2560d22368c5cf191c2de mbs2/x86_64/erlang-appmon-R16B02-3.1.mbs2.x86_64.rpm aecdc45f5a81807249581c7244e37569 mbs2/x86_64/erlang-asn1-R16B02-3.1.mbs2.x86_64.rpm 477308c25e90cd9518e3b5518dd4f794 mbs2/x86_64/erlang-base-R16B02-3.1.mbs2.x86_64.rpm 5f3d6f1d15ba896c28487190328395b0 mbs2/x86_64/erlang-common_test-R16B02-3.1.mbs2.x86_64.rpm 6f28db799e6740f3a34ce1a1f7a2966f mbs2/x86_64/erlang-compiler-R16B02-3.1.mbs2.x86_64.rpm 36e6b99c911c5416725e1d849329a438 mbs2/x86_64/erlang-cosEventDomain-R16B02-3.1.mbs2.x86_64.rpm ba146d18f9759ce77027c3ff65025bc4 mbs2/x86_64/erlang-cosEvent-R16B02-3.1.mbs2.x86_64.rpm c62b33ca7302a1e25da1b118844fd257 mbs2/x86_64/erlang-cosFileTransfer-R16B02-3.1.mbs2.x86_64.rpm bb9160c5dfcccc5b506fce6bc6dce5b3 mbs2/x86_64/erlang-cosNotification-R16B02-3.1.mbs2.x86_64.rpm e514be216077fae803723a972df68ddc mbs2/x86_64/erlang-cosProperty-R16B02-3.1.mbs2.x86_64.rpm 999b7f423e8ad3a4ec9789c1b0228f44 mbs2/x86_64/erlang-cosTime-R16B02-3.1.mbs2.x86_64.rpm 31459904189e725bc21e894b0479ce0a mbs2/x86_64/erlang-cosTransactions-R16B02-3.1.mbs2.x86_64.rpm b5c015e8d8b30ae7809e08c3551985d8 mbs2/x86_64/erlang-crypto-R16B02-3.1.mbs2.x86_64.rpm c807878d781f028af448cc2b7bcb988b mbs2/x86_64/erlang-debugger-R16B02-3.1.mbs2.x86_64.rpm a97e3c12ae0325d78bf6001ce23428a3 mbs2/x86_64/erlang-devel-R16B02-3.1.mbs2.x86_64.rpm 21362da5ce27a71bcc9d4aa4465cabc5 mbs2/x86_64/erlang-dialyzer-R16B02-3.1.mbs2.x86_64.rpm 2adab55b7e7389bc5400ef4fef7c027a mbs2/x86_64/erlang-diameter-R16B02-3.1.mbs2.x86_64.rpm e4b575315ec1423361711503fd160145 mbs2/x86_64/erlang-docbuilder-R16B02-3.1.mbs2.x86_64.rpm 7d556a1077b9ab6ceec582831be37905 mbs2/x86_64/erlang-edoc-R16B02-3.1.mbs2.x86_64.rpm 4be0a333cef6fb9956fceaf89d715468 mbs2/x86_64/erlang-eldap-R16B02-3.1.mbs2.x86_64.rpm 53c53de3b5efc19e193d7c56001a8a07 mbs2/x86_64/erlang-emacs-R16B02-3.1.mbs2.x86_64.rpm 7eac22f0cc244076781ca2803c662768 mbs2/x86_64/erlang-erl_docgen-R16B02-3.1.mbs2.x86_64.rpm 80249961f16f82dbc66f7de771e98735 mbs2/x86_64/erlang-erl_interface-R16B02-3.1.mbs2.x86_64.rpm fbf5c957d14e3c09a43eafd03cb19ab2 mbs2/x86_64/erlang-et-R16B02-3.1.mbs2.x86_64.rpm 73cfce1e58cdb676a470ee16d84b52a2 mbs2/x86_64/erlang-eunit-R16B02-3.1.mbs2.x86_64.rpm 76553169fa04132330658a8b6dfc21af mbs2/x86_64/erlang-gs-R16B02-3.1.mbs2.x86_64.rpm ef9e5fe8657eea48de2d5b7c1a230587 mbs2/x86_64/erlang-hipe-R16B02-3.1.mbs2.x86_64.rpm 1fbbab73409ab496bf65acfef0159b12 mbs2/x86_64/erlang-ic-R16B02-3.1.mbs2.x86_64.rpm 13029c97b65202f4246267568a08665d mbs2/x86_64/erlang-inets-R16B02-3.1.mbs2.x86_64.rpm 82769f0678e9653e60f34b8e1204022c mbs2/x86_64/erlang-jinterface-R16B02-3.1.mbs2.x86_64.rpm 164e49370da7c102a102e3d7938692fd mbs2/x86_64/erlang-manpages-R16B02-3.1.mbs2.x86_64.rpm ea23fe6568707738a77744047b1784af mbs2/x86_64/erlang-megaco-R16B02-3.1.mbs2.x86_64.rpm 6ccadf1b58574ffe626ff7b11e96294e mbs2/x86_64/erlang-mnesia-R16B02-3.1.mbs2.x86_64.rpm ddfc6f940edc76a2c96776f632a0359b mbs2/x86_64/erlang-observer-R16B02-3.1.mbs2.x86_64.rpm 236ccf95ce563e21883810dec7aec43f mbs2/x86_64/erlang-odbc-R16B02-3.1.mbs2.x86_64.rpm 9ad313bfab1ba9c8efcbc0e65b179ddf mbs2/x86_64/erlang-orber-R16B02-3.1.mbs2.x86_64.rpm 227fee7ff295d10ff377cd5e85bc260d mbs2/x86_64/erlang-os_mon-R16B02-3.1.mbs2.x86_64.rpm f9466de44e540cfc315d6d187c73933e mbs2/x86_64/erlang-otp_mibs-R16B02-3.1.mbs2.x86_64.rpm ea1ded7ffbf11aebeefa69d5ed4e46ed mbs2/x86_64/erlang-parsetools-R16B02-3.1.mbs2.x86_64.rpm 79401ec3c2a53510b5c18fa5ec9c48cd mbs2/x86_64/erlang-percept-R16B02-3.1.mbs2.x86_64.rpm 71bc4854a1521759767da77f6dbafd95 mbs2/x86_64/erlang-pman-R16B02-3.1.mbs2.x86_64.rpm a029b242eedb3b776c2a0a514c276ba8 mbs2/x86_64/erlang-public_key-R16B02-3.1.mbs2.x86_64.rpm abb2e8ca95dc45ce97e73f24db27456a mbs2/x86_64/erlang-reltool-R16B02-3.1.mbs2.x86_64.rpm 3a4517790ca1f36a78efaf2c64d11de1 mbs2/x86_64/erlang-runtime_tools-R16B02-3.1.mbs2.x86_64.rpm 166a784fcc6045fbb9efbef6290641d7 mbs2/x86_64/erlang-snmp-R16B02-3.1.mbs2.x86_64.rpm 827213abaec61dcde9e8f779e7a8d331 mbs2/x86_64/erlang-ssh-R16B02-3.1.mbs2.x86_64.rpm 093a3ccdd934156cb434c0b795d8d982 mbs2/x86_64/erlang-ssl-R16B02-3.1.mbs2.x86_64.rpm 72e9c7fb38a3116b1a00d2c4fccbf88e mbs2/x86_64/erlang-stack-R16B02-3.1.mbs2.x86_64.rpm 8b77c2ca0438ec1c1adbc99280291f8c mbs2/x86_64/erlang-syntax_tools-R16B02-3.1.mbs2.x86_64.rpm 03bae9355926cd7ecc29476eabac629e mbs2/x86_64/erlang-test_server-R16B02-3.1.mbs2.x86_64.rpm 1f23126813a9f02705174b9f243ac8be mbs2/x86_64/erlang-toolbar-R16B02-3.1.mbs2.x86_64.rpm df9f88f56c816780d093c5d8426779ce mbs2/x86_64/erlang-tools-R16B02-3.1.mbs2.x86_64.rpm b65670938b9d8c22226e7189349eb5c4 mbs2/x86_64/erlang-tv-R16B02-3.1.mbs2.x86_64.rpm d5bc3f1de4e19b43f26f35a05b133f23 mbs2/x86_64/erlang-typer-R16B02-3.1.mbs2.x86_64.rpm 1d9ca7574b5fea1a3730c5db14357387 mbs2/x86_64/erlang-webtool-R16B02-3.1.mbs2.x86_64.rpm 95f2dba7a7a8ec8150eae75f2a4a1a1d mbs2/x86_64/erlang-wx-R16B02-3.1.mbs2.x86_64.rpm 2ea9cb729265b4eb387367b154d1d5aa mbs2/x86_64/erlang-xmerl-R16B02-3.1.mbs2.x86_64.rpm 5426c5858d7b207f8cdcd5ad4beb3ed3 mbs2/SRPMS/erlang-R16B02-3.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVGQBGmqjQ0CJFipgRAlMOAJ4+XKgZ2ajTf/2V3nFSk3g0aRxWbgCbBX3D V03y7WmjZTY0C9ZyD13tQfg= =GBGW -----END PGP SIGNATURE-----