what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 3,105 RSS Feed

Operating System: Mandriva

Mandriva Linux Security Advisory 2015-232
Posted May 8, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-232 - A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-3622
SHA-256 | ec326717f181b47c6bed3f888aa55e2c20fbd5905b5a06673a291b04b2841d52
Mandriva Linux Security Advisory 2015-231
Posted May 7, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-231 - Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-3451
SHA-256 | 00c15cbb854e0cc2cb67a8a8c9493a11bcbe0d00eaef699792b44316f20a5dce
Mandriva Linux Security Advisory 2015-230
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-230 - Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-3455
SHA-256 | c14ef8d66d6ecdb79a742a0b4b5f418c690959ebf030b5cf3dcf631856a76361
Mandriva Linux Security Advisory 2015-229
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-229 - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, mandriva
SHA-256 | b95ad09280de8c60ea8404a7c7fd41ee72aad044ca4c4cd46cdf6f916c05b0eb
Mandriva Linux Security Advisory 2015-228
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-228 - It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-0278
SHA-256 | 9493e9bfb065d44360ce1b5e261bc87ab3e33d151d072f83b0fd746027a63318
Mandriva Linux Security Advisory 2015-227
Posted May 5, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-227 - This update provides MariaDB 5.5.43, which fixes several security issues and other bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2571
SHA-256 | 59a26572d3f24847c97e99a2cec7ce1c1217714c81653d09e85fa6a70af0dfb6
Mandriva Linux Security Advisory 2015-223
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-223 - Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2977, CVE-2014-2978
SHA-256 | 33f9c916530ca890941f6fccdc96e4dbeb7b5985f5aab15f140cab4fe5dbe4e3
Mandriva Linux Security Advisory 2015-226
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-226 - FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-6687
SHA-256 | 8bd27a425f3e9aac4bb5ac860eb1d2134cc3f0911a23d97745810cb3f38da793
Mandriva Linux Security Advisory 2015-225
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-225 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-4668
SHA-256 | dab516d1e414f9cb5ef007848b5664d9265d2181a6cb393863fc45b55d592f05
Mandriva Linux Security Advisory 2015-224
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-224 - Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue.

tags | advisory, ruby
systems | linux, mandriva
advisories | CVE-2015-1855
SHA-256 | 8f1eaae0d6b6451ce731b695400559fec4bcb4584c8945815f9e08b9ac28359c
Mandriva Linux Security Advisory 2015-222
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-222 - Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-3310
SHA-256 | 4e085093ca161e2b689a0a77dae2503ae73bb1694acd5b6641e49b4db900aa5e
Mandriva Linux Security Advisory 2015-221
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-221 - Multiple vulnerabilities have been found and corrected in clamav. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2305, CVE-2015-2668
SHA-256 | e322e06f43ce0d7c2f6ff9248baf4ff490a69065559e8c997ac146c3ea83af0c
Mandriva Linux Security Advisory 2015-219
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-219 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie's path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2015-3143, CVE-2015-3145, CVE-2015-3148
SHA-256 | 3e7817fedbdea6c3d2e601a78a7db5288c57b866c77b309240ccba8f424f4ebd
Mandriva Linux Security Advisory 2015-220
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-220 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2015-3143, CVE-2015-3148
SHA-256 | 93a94eb337b5044eb63909ac1ea0b6b115dc511b796cc311be4d8059f0680a12
Mandriva Linux Security Advisory 2015-218
Posted Apr 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-218 - Multiple vulnerabilities have been found and corrected in glibc. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Various other issues were also addressed. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2013-7423, CVE-2015-1781
SHA-256 | ca67e4afc95e67b314459d08aafa35fbb3e1d19b574ae36b9849508247891508
Mandriva Linux Security Advisory 2015-217
Posted Apr 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | d7abd24a5ede0ffb411a19c7b4916189dd8611c728e2fd9900a0d2d4bb39756e
Mandriva Linux Security Advisory 2015-216
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-216 - Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting attacks against users of the web interface.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2014-4165
SHA-256 | 378f2f83fc9ffb9eb5aa046d1050acc758d6573eff994eee9004e0f7b45b9c14
Mandriva Linux Security Advisory 2015-215
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-215 - The t1utils package has been updated to version 1.39, which fixes a buffer overrun, infinite loop, and stack overflow in t1disasm.

tags | advisory, overflow
systems | linux, mandriva
SHA-256 | ed193f33a25f4c323905f1deb31b33243e5a06e2570f6f5356c24049f3258f73
Mandriva Linux Security Advisory 2015-214
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-214 - The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs.

tags | advisory, overflow
systems | linux, mandriva
SHA-256 | c302ec3d51ab5341c57f021ffc07bdc2d71a1751d7ad214e9065351b15fec43d
Mandriva Linux Security Advisory 2015-213
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0139
SHA-256 | 0e94abe5e27fe5c6984390ceef5e20904126efa7257c4f4f53cde5ada9829724
Mandriva Linux Security Advisory 2015-212
Posted Apr 28, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-212 - An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures.

tags | advisory, java, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 5d632c802729d6afa088371dd777ff906d4a5f0bfbcccd4d11559d46754410c2
Mandriva Linux Security Advisory 2015-211
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-211 - glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for the service that work properly.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3619
SHA-256 | c3e463b13df505d85b05845372bc13d6c0bed8ff47059b7731230c0714853b21
Mandriva Linux Security Advisory 2015-210
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-210 - A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-1779
SHA-256 | 1415b78b12044db0e659dff979e0ab2d6fe56f133897650f516ab14c247201c3
Mandriva Linux Security Advisory 2015-209
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-209 - Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.

tags | advisory, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2015-2783, CVE-2015-3329, CVE-2015-3330
SHA-256 | 7240fd4534def87429d91c637b7729d5691e7f8862de87105b7fb9fae468642e
Mandriva Linux Security Advisory 2015-208
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update.

tags | advisory, root
systems | linux, mandriva
SHA-256 | 9828baab829b1cfc2c285e37421924ea4be6c7aa0f1b88b7541140dd6250d318
Page 1 of 125
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close