Mandriva Linux Security Advisory 2015-207 - Updated perl-Module-Signature package fixes the following security Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying the contents of a CPAN module, Module::Signature ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute automatically during make test When generating checksums from the signed manifest, Module::Signature used two argument open() calls to read the files. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. Several modules were loaded at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious module so that they would load from the '.' path in \@INC.
f15c8d16a91a259723b265ed700d69f88cdaffa4d9b22c45fa33716cc633d9d2Mandriva Linux Security Advisory 2015-206 - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.
0f49b40c5245b1a901652fda923ccb5d25207d1dc5ad349b0a1484d554d3794cMandriva Linux Security Advisory 2015-205 - disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. DonnchaC discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors. Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points now no longer allow multiple cells of that type on the same circuit. The tor package has been updated to version 0.2.4.27, fixing these issues.
3f8c2c6c3c6ba4ee0c6fa2a297a9758203ce3ca5828f73a99d3217e6d31b4a3aMandriva Linux Security Advisory 2015-204 - librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. The change to fix this is not backward compatible with older versions of librsync. Backward compatibility can be obtained using the new rdiff sig --hash=md4 option or through specifying the signature magic in the API, but this should not be used when either the old or new file contain untrusted data. Also, any applications that use the librsync library will need to be recompiled against the updated library. The rdiff-backup packages have been rebuilt for this reason.
f38e16d3da5b3852e8cc748629c4c028e924bad76e990f1120415ab0a14a350eMandriva Linux Security Advisory 2015-203 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
5eda7626171582440bef2089c8e9705f885b66c61b26757776ce0f17cd019bccMandriva Linux Security Advisory 2015-201 - Jakub Wilk discovered that arj follows symlinks created during unpacking of an arj archive. A remote attacker could use this flaw to perform a directory traversal attack if a user or automated system were tricked into processing a specially crafted arj archive. Jakub Wilk discovered that arj does not sufficiently protect from directory traversal while unpacking an arj archive containing file paths with multiple leading slashes. A remote attacker could use this flaw to write to arbitrary files if a user or automated system were tricked into processing a specially crafted arj archive. Jakub Wilk and Guillem Jover discovered a buffer overflow vulnerability in arj. A remote attacker could use this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the user running arj. The updated packages provides a solution for these security issues.
53b2ec6d424cbe2e660af98dc2c29cd31a7612a9dff952a2ead56882ca345cdeMandriva Linux Security Advisory 2015-202 - The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service by spoofing the source IP address of a peer. The updated packages provides a solution for these security issues.
39d7e9d9c815116af8efb6b2b36884a1c2b1f7b8ca467d0e4c5f247ed4954f77Mandriva Linux Security Advisory 2015-200 - In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScript using animate elements was incorrect. In MediaWiki before 1.23.9, a stored XSS vulnerability exists due to the way attributes were expanded in MediaWiki's Html class, in combination with LanguageConverter substitutions. In MediaWiki before 1.23.9, MediaWiki's SVG filtering could be bypassed with entity encoding under the Zend interpreter. This could be used to inject JavaScript. In MediaWiki before 1.23.9, one could bypass the style filtering for SVG files to load external resources. This could violate the anonymity of users viewing the SVG. In MediaWiki before 1.23.9, MediaWiki versions using PBKDF2 for password hashing are vulnerable to DoS attacks using extremely long passwords. In MediaWiki before 1.23.9, MediaWiki is vulnerable to Quadratic Blowup DoS attacks, under both HHVM and Zend PHP. In MediaWiki before 1.23.9, the MediaWiki feature allowing a user to preview another user's custom JavaScript could be abused for privilege escalation. In MediaWiki before 1.23.9, function names were not sanitized in Lua error backtraces, which could lead to XSS. In MediaWiki before 1.23.9, the CheckUser extension did not prevent CSRF attacks on the form allowing checkusers to look up sensitive information about other users. Since the use of CheckUser is logged, the CSRF could be abused to defame a trusted user or flood the logs with noise. The mediawiki package has been updated to version 1.23.9, fixing these issues and other bugs.
c05a9bf44b7022507d18ce0ec9c0141893f532647d6ceb31d6d5e71882e345bfMandriva Linux Security Advisory 2015-199 - Updated less package fixes security vulnerability. Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access.
2a187c6685af2436cb3054b4b15f7e9f8b99e8cbef4abc1d7bcfece2cf4a7f69Mandriva Linux Security Advisory 2015-198 - Multiple vulnerabilities has been discovered and corrected in java-1.8.0-openjdk. The updated packages provides a solution for these security issues.
70e18c801844e69b740945998cb86b87730582d195550d64ca9d0575e329b2f3Mandriva Linux Security Advisory 2015-196 - cups-browsed in cups-filters before 1.0.66 contained a bug in the remove_bad_chars function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary commands with the rights of the lp user, using forged print service announcements on DNS-SD servers.
6ee9502b33113faf945840266ffc7ae17222e04b5727259d3e2657e92606f6e9Mandriva Linux Security Advisory 2015-195 - The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. The updated packages provides a solution for this security issue.
da29353ee6e69007158c2009f13b3d836eda48a2560df0d4f7ba8c8fd7386594Mandriva Linux Security Advisory 2015-193 - The libtasn1 library before version 4.4 is vulnerable to a two-byte stack overflow in asn1_der_decoding.
007d36ef1e9e3ed182bdeada4da602d261dde0f484f8b56cde2cda356977fd99Mandriva Linux Security Advisory 2015-192 - Multiple vulnerabilities has been discovered and corrected in subversion. Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions. The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed.
829bf7383ff71da085f5217b201c2b0b0c211ea29983b39d9bc74aa6de7c36fcMandriva Linux Security Advisory 2015-188 - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. The updated packages provides a solution for these security issues.
05dfc86eaebf1ee000b74ab6147e7badb5c9d055f0731dc16979b307c384bac9Mandriva Linux Security Advisory 2015-187 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.
94dd81e7f7093f530045667750dd5276b5b1945c8f0a3623466b7d64491119dcMandriva Linux Security Advisory 2015-161 - The Regular Expressions package in International Components for Unicode 52 before SVN revision 292944 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a zero-length quantifier or look-behind expression. The collator implementation in i18n/ucol.cpp in International Components for Unicode 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
49d3630130b46ac02279d010879b18cd3f011430b7437293db81abac638f510bMandriva Linux Security Advisory 2015-191 - Multiple vulnerabilities has been discovered and corrected in owncloud. The updated packages have been upgraded to the 7.0.5 version where these security flaws has been fixed.
f8a5e1a519b807d253347846f6363fdb094ab379701f13b264d2eead2d04dfb8Mandriva Linux Security Advisory 2015-190 - Multiple vulnerabilities have been discovered and corrected in owncloud. The updated packages have been upgraded to the 5.0.19 version where these security flaws has been fixed.
6fd377dd29bbd30e66c0b3e1c809d20c1adae98eff802df38dd47ec10d0d5bf9Mandriva Linux Security Advisory 2015-189 - The tor package has been updated to version 0.2.4.26, which fixes possible crashes that may be remotely trigger-able, which would result in a denial of service, and also fixes a few other bugs.
52fcf4a98c1b933ea290eafeed607d159859972abb36cc0457aaadee25ad465eMandriva Linux Security Advisory 2015-186 - libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally, the phpseclib package has been upgraded to the 0.3.10 version.
cb476e4dc5b3151a3746cb21a1fb8feb234d1026555f5fc162763d2baa1a81e9Mandriva Linux Security Advisory 2015-166 - Updated clamav packages fix multiple security vulnerabilities.
c9f748f74277b055a6eddb9124d74c2aa31a11d13316c85eeebddb155ff23f43Mandriva Linux Security Advisory 2015-165 - By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service.
1b590fc51333510284a3f960ee5db24e4033e0c82e4a366baec311dff230159aMandriva Linux Security Advisory 2015-161 - Updated icu packages fix multiple security vulnerabilities.
566144e517320f25cda8c8094b5ee49b12023f9fdf5e6d20e62106a78c9eeb73Mandriva Linux Security Advisory 2015-163 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The grub2 package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
6ae284d0de868ab7f87fb05d92e7bbec5da0551f41a32b761bd68e4d8f04ff31
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed