accept no compromises
Showing 51 - 75 of 3,105 RSS Feed

Operating System: Mandriva

Mandriva Linux Security Advisory 2015-162
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-162 - Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session. This was fixed by including a patch for the root cause of the issue in gtk+3.0, which came from the implementation of popup menus in GtkWindow. This update also includes other patches from upstream to fix bugs affecting GtkFileChooser and GtkSpinButton, and a crash related to clipboard handling.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2014-1949
MD5 | 7020f01886735b070af02e5e56665e48
Mandriva Linux Security Advisory 2015-160
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-160 - In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page.

tags | advisory, arbitrary, kernel
systems | linux, mandriva
advisories | CVE-2014-3429
MD5 | d7a7fa5bfc4c18d8dc3e0649c647edfd
Mandriva Linux Security Advisory 2015-185
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-185 - Updated dokuwiki packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-8761, CVE-2014-8762, CVE-2014-8763, CVE-2014-8764, CVE-2014-9253, CVE-2015-2172
MD5 | 76ba0dc99857420bf3a20f93a8dc6880
Mandriva Linux Security Advisory 2015-184
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-184 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected.

tags | advisory, root
systems | linux, mandriva
MD5 | 1dbebb54e1adb002d282db0efe35bbd4
Mandriva Linux Security Advisory 2015-183
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-183 - Updated wireshark packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2015-2188, CVE-2015-2189, CVE-2015-2191
MD5 | b67448f4f52d4e767404dccaf457275c
Mandriva Linux Security Advisory 2015-159
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-159 - Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service or the execution of arbitrary code. A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029
MD5 | 50e01e2bc9562e9c187ab9204028fd15
Mandriva Linux Security Advisory 2015-182
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-182 - Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
MD5 | b1a9d099720fc757045b11638001e9bc
Mandriva Linux Security Advisory 2015-145-1
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-145 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
MD5 | 7e6347413032d379e2435fe41b73959d
Mandriva Linux Security Advisory 2015-147-1
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-147 - The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547
MD5 | 9135f52f67d759887f476401c5fb1441
Mandriva Linux Security Advisory 2015-181
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-181 - Updated drupal packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750
MD5 | 0240fabab23e9a0a598709267a074bb3
Mandriva Linux Security Advisory 2015-178
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-178 - A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2014-7204
MD5 | 70c32609d4f7a47cd7a03468a4c2f640
Mandriva Linux Security Advisory 2015-179
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-179 - Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-9471
MD5 | fae55ac4ab0aeee301549761ee7808cc
Mandriva Linux Security Advisory 2015-180
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-180 - apache-mod_wsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were specified to the option supplementary-groups, then memory corruption or a process crash could occur. It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-8583
MD5 | a249871eea00d12b6aac55948e64e240
Mandriva Linux Security Advisory 2015-029-1
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-029 - Multiple integer overflows in the _objalloc_alloc function in objalloc.c and objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow. Various other issues have also been addressed. The updated packages provide a solution for these security issues.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2012-3509, CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738
MD5 | ebc3ac8d951ed689ba83ea71521f9f29
Mandriva Linux Security Advisory 2015-177
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-177 - ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4159
MD5 | e5b6cc0ddfa311bc913b65f58cbb26d0
Mandriva Linux Security Advisory 2015-176
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-176 - Updated dbus packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3477, CVE-2014-3532, CVE-2014-3533, CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824, CVE-2015-0245
MD5 | 6dfaf1bc91e6464b570e446008dda2a9
Mandriva Linux Security Advisory 2015-175
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-175 - A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8760
MD5 | e3063af24b90e5f87f9cfa2c56f2661f
Mandriva Linux Security Advisory 2015-174
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-174 - An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module. This update also disables SSLv3 by default to mitigate the POODLE issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-1693
MD5 | fe6a09b0b453ba1c5f7782e7ee89000b
Mandriva Linux Security Advisory 2015-173
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-173 - Updated ffmpeg packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-2097, CVE-2014-2098, CVE-2014-2099, CVE-2014-2263, CVE-2014-4610, CVE-2014-5271, CVE-2014-5272, CVE-2014-8541, CVE-2014-8542, CVE-2014-8543, CVE-2014-8544, CVE-2014-8545, CVE-2014-8546, CVE-2014-8547, CVE-2014-8548
MD5 | 50af3699d5de11b9c3b257aa5892395e
Mandriva Linux Security Advisory 2015-172
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-172 - Updated firebird packages fix a remote denial of service vulnerability.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-9492
MD5 | ff663aa849c643b6c013fdb41a508080
Mandriva Linux Security Advisory 2015-171
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-171 - Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors. Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2014-0250, CVE-2014-0791
MD5 | 902d8538b63611bbe2c3c5c5155b617d
Mandriva Linux Security Advisory 2015-168
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-168 - Updated glibc packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-3406, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473
MD5 | b7bc646306e46a1f68447be66b599961
Mandriva Linux Security Advisory 2015-170
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-170 - Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code. The gcc rtl-optimization sched2 miscompiles syscall sequence which can cause random panic in glibc and kernel clang++ fails to find cxxabi.h and cxxabi_tweaks.h during build

tags | advisory, overflow, arbitrary, kernel
systems | linux, mandriva
advisories | CVE-2014-5044
MD5 | a123bae707bc497c27c437b55c5f54ca
Mandriva Linux Security Advisory 2015-169
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-169 - It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the.git/config file when the client performed a git pull. Because git permitted committing.Git/config , on the pull this would replace the user's.git/config. If this malicious config file contained defined external commands (such as for invoking and editor or an external diff utility) it could allow for the execution of arbitrary code with the privileges of the user running the git client.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9390
MD5 | 437cc7866f4a946542fd78d6f9b2d8d7
Mandriva Linux Security Advisory 2015-167
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-167 - Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria. An issue in GLPI before 0.84.8 may allow arbitrary local files to be included by PHP through an autoload function. SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.

tags | advisory, remote, arbitrary, local, php, sql injection
systems | linux, mandriva
advisories | CVE-2014-5032, CVE-2014-8360, CVE-2014-9258
MD5 | 9c647bbcd779ff68ccbfbd9000592c51
Page 3 of 125
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close