exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 3,105 RSS Feed

Operating System: Mandriva

Mandriva Linux Security Advisory 2015-153
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-153 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. A buffer read overflow in gd_gif_in.c in the php #68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package.

tags | advisory, remote, denial of service, overflow, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-9709
SHA-256 | a3750e0e421fe88f4eaaad5c05512b32595ca9f6b63ea6e4f9a0aaf8a89492e3
Mandriva Linux Security Advisory 2015-154
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-154 - Updated gnupg, gnupg2 and libgcrypt packages fix security GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop. The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack. GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg and gnupg2 package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2014-4617, CVE-2014-5270, CVE-2015-0837
SHA-256 | 867cc5c461189e5765485dc6b4a2f63d57c6e6d920cb79fec12513b4629f0ba2
Mandriva Linux Security Advisory 2015-148
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2015-1782
SHA-256 | d9d2fd19be97a30bea44e233e81ce1fdb672ee14eb24ed3d3a69eb1b9469843f
Mandriva Linux Security Advisory 2015-152
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-152 - Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-9092
SHA-256 | 134bc9d71ef166ce7592acebc58ee1da0c42703e9028a13a27d81c0424807e80
Mandriva Linux Security Advisory 2015-147
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-147 - The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547
SHA-256 | be85bb21292acb6ae194a30c1aaaf068377776f5a1ea1ca59167bb7fa2962e6f
Mandriva Linux Security Advisory 2015-149
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-149 - libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service. libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2014-9496
SHA-256 | 19f33c5d2e367936033f7cc0befc11f06a2822b214bfb14b210f98a1f21fd9d7
Mandriva Linux Security Advisory 2015-158
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-158 - There are serveral problems with the way Jython creates class cache files, potentially leading to arbitrary code execution or information disclosure.

tags | advisory, arbitrary, code execution, info disclosure
systems | linux, mandriva
advisories | CVE-2013-2027
SHA-256 | 48e4f8acb75a2c0fd15696506d26f142c6239afa41adef070928d48b3d08dbec
Mandriva Linux Security Advisory 2015-157
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-157 - Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-2304
SHA-256 | aafcb56be45cf84fdb1cab4300635f80336bb74b80271f3cf0446fecb12f1f36
Mandriva Linux Security Advisory 2015-156
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-156 - capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without capabilities, which is potentially dangerous.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2014-3215
SHA-256 | 9187dfcabef78d898af50d16246d6437951c8b7149a016e74ca228a3510a0e20
Mandriva Linux Security Advisory 2015-017-1
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-6272
SHA-256 | 37d784031ae48e29994057c675fed2574429ffa8db1c8f64699b2756dfbdeb52
Mandriva Linux Security Advisory 2015-155
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-155 - GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2015-0837
SHA-256 | 5eae8f870b196fa57b88bc2e5d2121119f611d0f9c814556868d5963d51fe24d
Mandriva Linux Security Advisory 2015-148-1
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process. Packages were missing for Mandriva Business Server 1 with the MDVSA-2015:148 advisory which are now being provided.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2015-1782
SHA-256 | 43a108dd75415e802700da18907f8eda1002da408a7ff3697f966c331440d789
Mandriva Linux Security Advisory 2015-144
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-144 - A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-5461
SHA-256 | ac31acf6c259ead6e52e4fece7f7a93fe4218899d8b08dda8607eb133e8f7679
Mandriva Linux Security Advisory 2015-143
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-143 - A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-9474
SHA-256 | b4cc0a7364c95fc5b69ec302928fb1271eb953c7317abc36b2a5d69a28b3376f
Mandriva Linux Security Advisory 2015-142
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-142 - A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work load involves successive JSON.parse calls and the parsed objects are significantly deep, you may experience the process aborting while parsing. Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Node.js before 0.10.31, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. The nodejs package has been updated to version 0.10.33 to fix these issues as well as several other bugs.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2013-6668, CVE-2014-5256
SHA-256 | cdcb058c825c2c65daeca78e8d8e225b7668fb9972028beebe40d4e812c35030
Mandriva Linux Security Advisory 2015-141
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-141 - It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle attack, where the attacker can spoof a valid certificate using a specially crafted subject.

tags | advisory, spoof
systems | linux, mandriva
SHA-256 | f0f771bacef92c10040aa5a169d42cbf8bfd9f8032c398753c44e54d0594db43
Mandriva Linux Security Advisory 2015-138
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-138 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9637, CVE-2015-1196, CVE-2015-1395
SHA-256 | 8f8e1c73634a3689d8e6323af40e9c4af6955c1e0849939e0b6d5b933cefd02c
Mandriva Linux Security Advisory 2015-140
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, suse, mandriva
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297, CVE-2014-9298
SHA-256 | 6c051822021817ac7fc8875977c5ca320de4662ed0ed8219480997118279051d
Mandriva Linux Security Advisory 2015-139
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-139 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-8104
SHA-256 | 423f9e05f4527afc39798b49c9182eb15495fbe96f9f58d5910d9264f658af74
Mandriva Linux Security Advisory 2015-137
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-137 - A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8964
SHA-256 | 3f1acf93b81dd2f291d5c88b3fdbd7075ea2f9e1852e2d13d0088a3fa3175a93
Mandriva Linux Security Advisory 2015-136
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-136 - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. Also, the Text::Wrap version provided in perl contains a bug that can lead to a code path that shouldn't be hit. This can lead to crashes in other software, such as Bugzilla. The Text::Wrap module bundled with Perl has been patched and the Data::Dumper module bundled with Perl has been updated to fix these issues.

tags | advisory, denial of service, perl
systems | linux, mandriva
advisories | CVE-2014-4330
SHA-256 | a3e94ab9406937961e1413a2283cd15e6647020327efe2581f2eea934953cc8d
Mandriva Linux Security Advisory 2015-135
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-135 - A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3158
SHA-256 | c250b0f1a61c3c700f05e83a6eab0505cb72c9ad4019f2ad669136baafe19f53
Mandriva Linux Security Advisory 2015-134
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-134 - PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in mbs2 was a pre-release version of PulseAudio v5 and has been updated to the official final version.

tags | advisory, remote, udp
systems | linux, mandriva
advisories | CVE-2014-3970
SHA-256 | 70528d36e53bef7cea6e32b4c297b13d4ad2329140601f26526ee4747e14405b
Mandriva Linux Security Advisory 2015-133
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-133 - Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file through redirect requests, if the user has their passwords stored in the ~/.netrc file. It was discovered that the python-requests Proxy-Authorization header was never re-evaluated when a redirect occurs. The Proxy-Authorization header was sent to any new proxy or non-proxy destination as redirected. In python-requests before 2.6.0, a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing.

tags | advisory, python
systems | linux, mandriva
advisories | CVE-2014-1829, CVE-2014-1830, CVE-2015-2296
SHA-256 | c16596fd1421f61f65bec780385bab621cf701455989361dc3437d3ee0d43c9b
Mandriva Linux Security Advisory 2015-131
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-131 - Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-2855
SHA-256 | c68039f4562fde75646f8328e774954f4ef92543859f4f5d4808b8fa2ad4bfc7
Page 4 of 125
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close