[Full-disclosure] [ MDVSA-2014:062 ] webmin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:062 http://www.mandriva.com/en/support/security/ ___ Package : webmin Date: March 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities was discovered and corrected in webmin: Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620 (CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893, SA51201). The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2982 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2983 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4893 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0125 http://advisories.mageia.org/MGASA-2014-0132.html http://www.webmin.com/changes.html ___ Updated Packages: Mandriva Enterprise Server 5: b76972171f63033b2f329e6490976419 mes5/i586/perl-Authen-Libwrap-0.22-0.1mdvmes5.2.i586.rpm ac443c2645558464be805b492db9baeb mes5/i586/webmin-1.680-0.1mdvmes5.2.noarch.rpm 4b77afd5678423a573747acd179fa239 mes5/SRPMS/perl-Authen-Libwrap-0.22-0.1mdvmes5.2.src.rpm cd4fb9d6f928dc92f5430ec9a085620e mes5/SRPMS/webmin-1.680-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: c3caa33d699773dc6e425c6363c6df8f mes5/x86_64/perl-Authen-Libwrap-0.22-0.1mdvmes5.2.x86_64.rpm 8140d6c7b10d0d09daeb3e31991b mes5/x86_64/webmin-1.680-0.1mdvmes5.2.noarch.rpm 4b77afd5678423a573747acd179fa239 mes5/SRPMS/perl-Authen-Libwrap-0.22-0.1mdvmes5.2.src.rpm cd4fb9d6f928dc92f5430ec9a085620e mes5/SRPMS/webmin-1.680-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 9c2db8945efb78cb14b62bf684c3ac8a mbs1/x86_64/perl-Authen-Libwrap-0.220.0-2.mbs1.x86_64.rpm fbf3cbaf7c38211734c7e194478266a4 mbs1/x86_64/webmin-1.680-1.mbs1.noarch.rpm 9ab9a3275bfc6c78087d948d9d6dd499 mbs1/SRPMS/perl-Authen-Libwrap-0.220.0-2.mbs1.src.rpm c1b87681dfd413012e0867c8109629ac mbs1/SRPMS/webmin-1.680-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTJuP1mqjQ0CJFipgRAhC+AJ9DRGJv63JJDYj1aOq2dGQ4gYtsJwCgl4VQ E51kan9dXAlHxnPVzflibaY= =MQUx -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:063 ] x2goserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:063 http://www.mandriva.com/en/support/security/ ___ Package : x2goserver Date: March 17, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated x2goserver package fixes security vulnerability: A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process (CVE-2013-4376). A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions has also been fixed. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4376 http://advisories.mageia.org/MGASA-2014-0111.html ___ Updated Packages: Mandriva Business Server 1/X86_64: eb26c90fdc53040f10c6ad4d3064c7ee mbs1/x86_64/x2goserver-4.0.1.13-1.mbs1.x86_64.rpm b32edf4af4c0aff51dd1591f3f4c3f02 mbs1/x86_64/x2goserver-postgresql-4.0.1.13-1.mbs1.x86_64.rpm 26a1b81d443ad892848681b11895c28a mbs1/x86_64/x2goserver-sqlite-4.0.1.13-1.mbs1.x86_64.rpm a1d27787d6e4485a506f546c83700129 mbs1/SRPMS/x2goserver-4.0.1.13-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTJwKJmqjQ0CJFipgRAlZ6AJ0R1xLuN7d3Ao2YrrBdFyJgkgZ1+wCdFgOE isX7M+xxxPX6l8OzKIh+Xtc= =prvi -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:064 ] udisks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:064 http://www.mandriva.com/en/support/security/ ___ Package : udisks Date: March 17, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated udisks packages fixes security vulnerability: A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root) (CVE-2014-0004). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004 http://advisories.mageia.org/MGASA-2014-0129.html ___ Updated Packages: Mandriva Business Server 1/X86_64: b7b8138c781ce706d35c803b68b0f95b mbs1/x86_64/udisks-1.0.4-7.1.mbs1.x86_64.rpm 5139fe402d636edb486c9a02082acfd8 mbs1/x86_64/udisks-devel-1.0.4-7.1.mbs1.x86_64.rpm bfd3cb6833dd91223e3dc8def514da07 mbs1/SRPMS/udisks-1.0.4-7.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTJwPUmqjQ0CJFipgRAgKEAKDxYNKS5Yh7jtCAjbXQWl+4PGfY1ACeO5gP u89oyojMXd7Z6yhB1vhCp0Y= =YCx0 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:059 ] php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:059 http://www.mandriva.com/en/support/security/ ___ Package : php Date: March 14, 2014 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in php: Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)). Fixed bug #66820 (out-of-bounds memory access in fileinfo (CVE-2014-2270)). Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer (CVE-2013-7327)). The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327 http://www.php.net/ChangeLog-5.php#5.5.10 https://bugs.php.net/bug.php?id=66731 https://bugs.php.net/bug.php?id=66820 https://bugs.php.net/bug.php?id=66815 http://pecl.php.net/package-changelog.php?package=xdebugrelease=2.2.4 ___ Updated Packages: Mandriva Business Server 1/X86_64: 24737449ee336d5e9824e2f2ae543292 mbs1/x86_64/apache-mod_php-5.5.10-1.1.mbs1.x86_64.rpm 0b922c54fa9223fecc8d35a5c7c8599e mbs1/x86_64/lib64php5_common5-5.5.10-1.1.mbs1.x86_64.rpm 7ee561479c57d59fd98a5501e9586500 mbs1/x86_64/php-apc-3.1.15-1.4.mbs1.x86_64.rpm eb7de5759296f86517f5edfd9d4436ca mbs1/x86_64/php-apc-admin-3.1.15-1.4.mbs1.x86_64.rpm a1d9c94696da01a54ef8fdc514e87eeb mbs1/x86_64/php-bcmath-5.5.10-1.1.mbs1.x86_64.rpm 1b2cd506955bff2be731071a094c722f mbs1/x86_64/php-bz2-5.5.10-1.1.mbs1.x86_64.rpm 8960e53771c38895428275376133ad80 mbs1/x86_64/php-calendar-5.5.10-1.1.mbs1.x86_64.rpm 76ae075f4cb8bbd735289a6c1d06fd7a mbs1/x86_64/php-cgi-5.5.10-1.1.mbs1.x86_64.rpm 12b695df15e1f8cb7b0a4dfe6c9aa088 mbs1/x86_64/php-cli-5.5.10-1.1.mbs1.x86_64.rpm f8f5f6b8ed7afaffe4893ee713198f96 mbs1/x86_64/php-ctype-5.5.10-1.1.mbs1.x86_64.rpm 1950d33f015eefc8014070526758ee8e mbs1/x86_64/php-curl-5.5.10-1.1.mbs1.x86_64.rpm 9497d5da046377151644e93733cb074e mbs1/x86_64/php-dba-5.5.10-1.1.mbs1.x86_64.rpm ac662e5ef7059d81cccb62c7bbe97901 mbs1/x86_64/php-devel-5.5.10-1.1.mbs1.x86_64.rpm 87a743ba4947af120c24da6115c7e6db mbs1/x86_64/php-doc-5.5.10-1.1.mbs1.noarch.rpm b941027ff5051dc2811b4263f6bf20b1 mbs1/x86_64/php-dom-5.5.10-1.1.mbs1.x86_64.rpm 77c456007f9d6e330bfa514dc7e2c71c mbs1/x86_64/php-enchant-5.5.10-1.1.mbs1.x86_64.rpm e14bbbfe6cbd0027eb92f2de676bda2b mbs1/x86_64/php-exif-5.5.10-1.1.mbs1.x86_64.rpm 016db3c40dafc614f69ed163870d0ba9 mbs1/x86_64/php-fileinfo-5.5.10-1.1.mbs1.x86_64.rpm 800722c1127bf7f835fed88d5805612a mbs1/x86_64/php-filter-5.5.10-1.1.mbs1.x86_64.rpm c25709c616879f64ca095493a250e49a mbs1/x86_64/php-fpm-5.5.10-1.1.mbs1.x86_64.rpm dd3b14133c3e5e299976709acaba36f1 mbs1/x86_64/php-ftp-5.5.10-1.1.mbs1.x86_64.rpm 33285cc7d2f89640c84a89c2d78d4c1c mbs1/x86_64/php-gd-5.5.10-1.1.mbs1.x86_64.rpm 98815ed19f6a439995c257c86d3fd8e7 mbs1/x86_64/php-gettext-5.5.10-1.1.mbs1.x86_64.rpm 2c34c8d28d2bcf105deced29a743ce10 mbs1/x86_64/php-gmp-5.5.10-1.1.mbs1.x86_64.rpm 66f17761f797c9ba5b9f64359df0e444 mbs1/x86_64/php-hash-5.5.10-1.1.mbs1.x86_64.rpm a9679cf58298c91fe11e9065888f3ecf mbs1/x86_64/php-iconv-5.5.10-1.1.mbs1.x86_64.rpm 44c8fd8cbd7a749ce405eafcb5cfaba0 mbs1/x86_64/php-imap-5.5.10-1.1.mbs1.x86_64.rpm de60f25c3e3da02a1ed96ea3c6b7d146 mbs1/x86_64/php-ini-5.5.10-1.1.mbs1.x86_64.rpm 674171b2daf508b7709ec0fa39f3dadb mbs1/x86_64/php-intl-5.5.10-1.1.mbs1.x86_64.rpm b4b75e252c03be45e1ea42d93cbb559d mbs1/x86_64/php-json-5.5.10-1.1.mbs1.x86_64.rpm 10071e1f44d3ec6500559211168c3b4a mbs1/x86_64/php-ldap-5.5.10-1.1.mbs1.x86_64.rpm 4b7e7d0a0b6adcca257a2fd124e62c58 mbs1/x86_64/php-mbstring-5.5.10-1.1.mbs1.x86_64.rpm 19345fe51062884bd7c9ff80f49dcbdb mbs1/x86_64/php-mcrypt-5.5.10-1.1.mbs1.x86_64.rpm e2a844b656f9ab03b731ad2f272b5d2b mbs1/x86_64/php-mssql-5.5.10-1.1.mbs1.x86_64.rpm 4fcf706c941176818fdfc995fba8209c mbs1/x86_64/php-mysql-5.5.10-1.1.mbs1.x86_64.rpm 46c3635f1e79e351b2d63d7be993557b mbs1/x86_64/php-mysqli-5.5.10-1.1.mbs1.x86_64.rpm 6b652b39093992140614a97e4633ee52 mbs1/x86_64/php-mysqlnd-5.5.10-1.1.mbs1.x86_64.rpm d8712b4ec5533dd53c3e1a6854a41612 mbs1/x86_64/php-odbc-5.5.10-1.1.mbs1.x86_64.rpm 58da4457f76d98468fbc2216a82a6210 mbs1
[Full-disclosure] [ MDVSA-2014:060 ] imapsync
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:060 http://www.mandriva.com/en/support/security/ ___ Package : imapsync Date: March 14, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated imapsync package fixes security vulnerabilities: Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl (CVE-2013-4279). The imapsync package has been patched to disable this feature. In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login (CVE-2014-2014). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4279 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2014 http://advisories.mageia.org/MGASA-2014-0127.html http://advisories.mageia.org/MGASA-2014-0106.html ___ Updated Packages: Mandriva Business Server 1/X86_64: cb3b49e4916f35b94c1ff67196525cf4 mbs1/x86_64/imapsync-1.584-1.mbs1.noarch.rpm 03c16ad4a39d6dac597053f0a366f04e mbs1/SRPMS/imapsync-1.584-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIubQmqjQ0CJFipgRAmENAJ9nSYZVEO3+rIbDc+Y/t9FBtT9OAwCfU+Fu 5cvaihGQPzjWjggIhS6UYZw= =piS6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:061 ] oath-toolkit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:061 http://www.mandriva.com/en/support/security/ ___ Package : oath-toolkit Date: March 14, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated oath-toolkit packages fix security vulnerability: It was found that comments (lines starting with a hash) in /etc/users.oath could prevent one-time-passwords (OTP) from being invalidated, leaving the OTP vulnerable to replay attacks (CVE-2013-7322). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7322 http://advisories.mageia.org/MGASA-2014-0101.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 5e7ce31fddb192c01d46ff35e5077ef2 mbs1/x86_64/lib64oath0-1.12.6-1.mbs1.x86_64.rpm 1d1119a6895f2c15b3186651a3e6b5f5 mbs1/x86_64/lib64oath-devel-1.12.6-1.mbs1.x86_64.rpm d3026ce09d217fecf642a8059b7319cc mbs1/x86_64/oath-toolkit-1.12.6-1.mbs1.x86_64.rpm ed3ba7cb9afff74e2490a5da5ba5741c mbs1/x86_64/pam_oath-1.12.6-1.mbs1.x86_64.rpm 76c955b592b689ebdd2bf55ebcd6d414 mbs1/SRPMS/oath-toolkit-1.12.6-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIwttmqjQ0CJFipgRAm6uAJ0YADCGV+4DvH0HbDUkBjRaXOvXowCcC0Lx vFNAIbWSDz8mgo9EiBALFw8= =lkDX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:051 ] file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:051 http://www.mandriva.com/en/support/security/ ___ Package : file Date: March 13, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated file package fixes security vulnerability: It was discovered that file before 5.17 contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results. A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). A memory leak in file has also been fixed. The affected packages have been upgraded to the 5.12 version and patched to correct these flaws. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270 http://advisories.mageia.org/MGASA-2014-0092.html http://advisories.mageia.org/MGASA-2014-0123.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 5daf7e68d436107f087e08cbabd55a53 mbs1/x86_64/file-5.12-1.mbs1.x86_64.rpm f59233880c730cd02d6e9c9bc2b50040 mbs1/x86_64/lib64magic1-5.12-1.mbs1.x86_64.rpm 9d5063b1d1e64d82df88ec926e26be58 mbs1/x86_64/lib64magic-devel-5.12-1.mbs1.x86_64.rpm 672916960ebde988649acb12fa9ff534 mbs1/x86_64/lib64magic-static-devel-5.12-1.mbs1.x86_64.rpm f2a64add383b5d18ae6f0c29c2972a49 mbs1/x86_64/python-magic-5.12-1.mbs1.noarch.rpm a60928e3e2bc266079b8466bd9519eb0 mbs1/SRPMS/file-5.12-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIVxsmqjQ0CJFipgRApnoAJ0WKcVX9puBlpl8mkzhhy8+lFf1DwCeKbTX B0zUUM//h2BC4yyN9jxSSJU= =M1BL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:052 ] net-snmp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:052 http://www.mandriva.com/en/support/security/ ___ Package : net-snmp Date: March 13, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated net-snmp packages fix two vulnerabilities: Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects (CVE-2014-2284). Remotely exploitable denial of service vulnerability in Net-SNMP, in snmptrapd, due to how it handles trap requests with an empty community string when the perl handler is enabled (CVE-2014-2285). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://advisories.mageia.org/MGASA-2014-0122.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 75e24feeb05a77c70995a9a1175da857 mbs1/x86_64/lib64net-snmp30-5.7.2-1.1.mbs1.x86_64.rpm 2eda4de0bd258d015818e0b18de62453 mbs1/x86_64/lib64net-snmp-devel-5.7.2-1.1.mbs1.x86_64.rpm 280aa9c311cd4373fd0001ad0b1ac3b3 mbs1/x86_64/lib64net-snmp-static-devel-5.7.2-1.1.mbs1.x86_64.rpm e2e77246cbcf195d3842c029e3e17f80 mbs1/x86_64/net-snmp-5.7.2-1.1.mbs1.x86_64.rpm 832ac7ed2bbdc701173d3042d862f8b6 mbs1/x86_64/net-snmp-mibs-5.7.2-1.1.mbs1.x86_64.rpm dbde6cc67a4610c2d2a1aa23e30f2417 mbs1/x86_64/net-snmp-tkmib-5.7.2-1.1.mbs1.x86_64.rpm 5c2a7541316aa4f4eddfe19fe04fd97f mbs1/x86_64/net-snmp-trapd-5.7.2-1.1.mbs1.x86_64.rpm 87162adb1b12d29070b53257ceeef286 mbs1/x86_64/net-snmp-utils-5.7.2-1.1.mbs1.x86_64.rpm 7e2681b068903c4e28dd5d31ca37ef70 mbs1/x86_64/perl-NetSNMP-5.7.2-1.1.mbs1.x86_64.rpm ed8bcbc6470482d1e78567d06e8e608a mbs1/x86_64/python-netsnmp-5.7.2-1.1.mbs1.x86_64.rpm 5c6e6b75f38386964efe4340b2436873 mbs1/SRPMS/net-snmp-5.7.2-1.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIV4rmqjQ0CJFipgRAgWkAJ45l7yEOU6KIy3ySIumvZB0eShVQwCfW1Bh zMDFEhf4YiB6foTD9u+uUPs= =STrP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:053 ] libssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:053 http://www.mandriva.com/en/support/security/ ___ Package : libssh Date: March 13, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated libssh package fixes security vulnerability: When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn#039;t reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. The most important consequence is that servers using EC (ECDSA) or DSA certificates may under certain conditions leak their private key (CVE-2014-0017). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017 http://advisories.mageia.org/MGASA-2014-0119.html ___ Updated Packages: Mandriva Business Server 1/X86_64: eb6bcbc277a01a3bcc53d43b127becbe mbs1/x86_64/lib64ssh4-0.5.2-2.2.mbs1.x86_64.rpm 417ce1525889e70932b44399293791b0 mbs1/x86_64/lib64ssh-devel-0.5.2-2.2.mbs1.x86_64.rpm d4bbda02ed47d9b0df5f9e7992a29d6e mbs1/SRPMS/libssh-0.5.2-2.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIV92mqjQ0CJFipgRAn1pAKCI59sSMco0u5/Ff4pa3ut5fvAF/wCgptxb 9kuUknjWGT8mtgJ/+ZmIYwM= =cv+v -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:054 ] otrs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:054 http://www.mandriva.com/en/support/security/ ___ Package : otrs Date: March 13, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated otrs package fixes security vulnerability: An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed (CVE-2014-1695). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1695 http://advisories.mageia.org/MGASA-2014-0114.html ___ Updated Packages: Mandriva Business Server 1/X86_64: f913ce8f777c607662375c4cd63995b3 mbs1/x86_64/otrs-3.2.15-1.mbs1.noarch.rpm cf451c6dc24d227df81f277d0542cb9e mbs1/SRPMS/otrs-3.2.15-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIWA2mqjQ0CJFipgRAmAyAJ4soLFUh+CytH8YdDnszYsa26wzjwCghyCb IuQkiqLATAUUnFETQnEXFjk= =t1Xt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:055 ] owncloud
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:055 http://www.mandriva.com/en/support/security/ ___ Package : owncloud Date: March 13, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated owncloud packages fix security vulnerabilities and bugs: Owncloud versions 5.0.15 and 6.0.2 fix several unspecified security vulnerabilities, as well as many other bugs. See the upstream Changelog for more information. ___ References: http://advisories.mageia.org/MGASA-2014-0120.html http://owncloud.org/changelog/ ___ Updated Packages: Mandriva Business Server 1/X86_64: f17711b6066dab82f39509437f04e75d mbs1/x86_64/owncloud-5.0.15-1.mbs1.noarch.rpm a434bc4843526f2c183746e016444cf4 mbs1/SRPMS/owncloud-5.0.15-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIWFMmqjQ0CJFipgRAviGAJ0cr80Fvn/efM4RuxyBA0Me4LgehgCgrYU0 ZEVpHdzwvkLeBxR3d0tUfSE= =XyRH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:056 ] apache-commons-fileupload
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:056 http://www.mandriva.com/en/support/security/ ___ Package : apache-commons-fileupload Date: March 13, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated apache-commons-fileupload packages fix security vulnerability: It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050). Tomcat 7 includes an embedded copy of the Apache Commons FileUpload package, and was affected as well. Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://advisories.mageia.org/MGASA-2014-0109.html http://advisories.mageia.org/MGASA-2014-0110.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 3ca8ae458a2a14d7fbb0a70c0b713694 mbs1/x86_64/apache-commons-fileupload-1.2.2-7.1.mbs1.noarch.rpm 3b08f11ad938172850ef4ee3ecbba370 mbs1/x86_64/apache-commons-fileupload-javadoc-1.2.2-7.1.mbs1.noarch.rpm 1c4c5c3bd6793c2a2450dcefa0e203ef mbs1/x86_64/maven-3.0.4-29.1.mbs1.noarch.rpm 8fc65ce434b39c1b4e99ac82c99f360c mbs1/x86_64/maven-javadoc-3.0.4-29.1.mbs1.noarch.rpm 690021e32ef08530eb6e0ffb37f183bb mbs1/x86_64/tomcat-7.0.41-1.mbs1.noarch.rpm ef37839b3c4cc68470895521b9c2f9b1 mbs1/x86_64/tomcat-admin-webapps-7.0.41-1.mbs1.noarch.rpm 10d70b5c2912cd31a3300cef68c8ae05 mbs1/x86_64/tomcat-docs-webapp-7.0.41-1.mbs1.noarch.rpm 30b9bce5753a84d5b297d09f325ee519 mbs1/x86_64/tomcat-el-2.2-api-7.0.41-1.mbs1.noarch.rpm 33f563c0129db18353f5f11ddff9da1f mbs1/x86_64/tomcat-javadoc-7.0.41-1.mbs1.noarch.rpm b695ab259ef3d94d7ff9d7080c133315 mbs1/x86_64/tomcat-jsp-2.2-api-7.0.41-1.mbs1.noarch.rpm 1a973a209c59818baaf9a702b127e4ce mbs1/x86_64/tomcat-jsvc-7.0.41-1.mbs1.noarch.rpm 2401f69cfd2a32b0cbfe08596e03b5af mbs1/x86_64/tomcat-lib-7.0.41-1.mbs1.noarch.rpm 4488a01e207711e525674516ba35166d mbs1/x86_64/tomcat-servlet-3.0-api-7.0.41-1.mbs1.noarch.rpm 8282439d68a86b4df5bb4a497fc355af mbs1/x86_64/tomcat-webapps-7.0.41-1.mbs1.noarch.rpm 0b2a663187d4e6f84842c8557c0aed88 mbs1/SRPMS/apache-commons-fileupload-1.2.2-7.1.mbs1.src.rpm 5838595a6d67a65a1b6ef7cf6010303b mbs1/SRPMS/maven-3.0.4-29.1.mbs1.src.rpm 2a1fe32885c43e8c24037d0d14411225 mbs1/SRPMS/tomcat-7.0.41-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIXRwmqjQ0CJFipgRAmzFAKCuhe6bqDCVintv67zSlxhVksDmqQCg5il2 LQ4guSGikHcbr7VUIBHqsAM= =N5K+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:057 ] mediawiki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:057 http://www.mandriva.com/en/support/security/ ___ Package : mediawiki Date: March 13, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated mediawiki packages fix multiple vulnerabilities: MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS (CVE-2013-6451). Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript (CVE-2013-6452). During internal review, it was discovered that MediaWiki#039;s SVG sanitization could be bypassed when the XML was considered invalid (CVE-2013-6453). During internal review, it was discovered that MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists (CVE-2013-6472). Netanel Rubin from Check Point discovered a remote code execution vulnerability in MediaWiki#039;s thumbnail generation for DjVu files. Internal review also discovered similar logic in the PdfHandler extension, which could be exploited in a similar way (CVE-2014-1610). MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files using non-whitelisted namespaces (CVE-2014-2242). MediaWiki before 1.22.3 performs token comparison that may be vulnerable to timing attacks. This was fixed by making token comparison use constant time (CVE-2014-2243). MediaWiki before 1.22.3 could allow an attacker to perform XSS attacks, due to flaw with link handling in api.php. This was fixed such that it won#039;t find links in the middle of api.php links (CVE-2014-2244). MediaWiki has been updated to version 1.22.3, which fixes these issues, as well as several others. Also, the mediawiki-ldapauthentication and mediawiki-math extensions have been updated to newer versions that are compatible with MediaWiki 1.22. Additionally, the mediawiki-graphviz extension has been obsoleted, due to the fact that it is unmaintained upstream and is vulnerable to cross-site scripting attacks. Note: if you were using the instances feature in these packages to support multiple wiki instances, this feature has now been removed. You will need to maintain separate wiki instances manually. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2244 http://advisories.mageia.org/MGASA-2014-0113.html http://advisories.mageia.org/MGASA-2014-0124.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 0763c6b913556fd3d098e14e6711d4c9 mbs1/x86_64/mediawiki-1.22.3-1.mbs1.noarch.rpm 3f3d638b7a09dfc700a56f06a0e06629 mbs1/x86_64/mediawiki-ldapauthentication-2.0f-1.mbs1.noarch.rpm c1bdd7ff8e5ab29f74891cb4fa92bff0 mbs1/x86_64/mediawiki-mysql-1.22.3-1.mbs1.noarch.rpm 6cd761769b330e837612ed079816019f mbs1/x86_64/mediawiki-pgsql-1.22.3-1.mbs1.noarch.rpm e484574d3776723c87e46a832daf3c4a mbs1/x86_64/mediawiki-sqlite-1.22.3-1.mbs1.noarch.rpm 870886ea628aaac381b4ab4210e33ea0 mbs1/SRPMS/mediawiki-1.22.3-1.mbs1.src.rpm bfbd6cc7fb3ce82be5c01564c5bfddde mbs1/SRPMS/mediawiki-ldapauthentication-2.0f-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID
[Full-disclosure] [ MDVSA-2014:058 ] freeradius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:058 http://www.mandriva.com/en/support/security/ ___ Package : freeradius Date: March 13, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated freeradius package fixes security vulnerability: SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlm_pap module if the password source uses an unusually long hashed password (CVE-2014-2015). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2015 http://advisories.mageia.org/MGASA-2014-0088.html ___ Updated Packages: Mandriva Enterprise Server 5: ad944c9074b82a96e5bca829cb9e53a6 mes5/i586/freeradius-2.1.0-3.2mdvmes5.2.i586.rpm a99e3e6e10a0856e4d755d17653865a0 mes5/i586/freeradius-krb5-2.1.0-3.2mdvmes5.2.i586.rpm 322a9c4b628cf1e94263c060b6978fde mes5/i586/freeradius-ldap-2.1.0-3.2mdvmes5.2.i586.rpm e554bcf6daa40436f85ad06b4bc4a81a mes5/i586/freeradius-mysql-2.1.0-3.2mdvmes5.2.i586.rpm 95588e3bdf6cf1f1711416c1966a5683 mes5/i586/freeradius-postgresql-2.1.0-3.2mdvmes5.2.i586.rpm e998de66a546e5f1c325a1aae720ce8d mes5/i586/freeradius-unixODBC-2.1.0-3.2mdvmes5.2.i586.rpm 92cc08607f5a1db4b8181f3fa1f882ac mes5/i586/freeradius-web-2.1.0-3.2mdvmes5.2.i586.rpm 59efbacd16cd43b769194eebd86b9aa8 mes5/i586/libfreeradius1-2.1.0-3.2mdvmes5.2.i586.rpm c22ae710c958e08cd230f90b4a8dd02d mes5/i586/libfreeradius-devel-2.1.0-3.2mdvmes5.2.i586.rpm cc1524d78d985dcfe1cc52e0c4167c53 mes5/SRPMS/freeradius-2.1.0-3.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 56840a173c160cba06a7fb7c80ddb64f mes5/x86_64/freeradius-2.1.0-3.2mdvmes5.2.x86_64.rpm 0941ddc851295f4925de5f583da68475 mes5/x86_64/freeradius-krb5-2.1.0-3.2mdvmes5.2.x86_64.rpm e4af5670c6cab9b67add4e70aed3b684 mes5/x86_64/freeradius-ldap-2.1.0-3.2mdvmes5.2.x86_64.rpm 25df0aba6eee4288d21ecda61c30b778 mes5/x86_64/freeradius-mysql-2.1.0-3.2mdvmes5.2.x86_64.rpm b9ccf0bc86cdc0b3cd05bfa4fabacf2a mes5/x86_64/freeradius-postgresql-2.1.0-3.2mdvmes5.2.x86_64.rpm 7826a0387961c9d212be1532f2455664 mes5/x86_64/freeradius-unixODBC-2.1.0-3.2mdvmes5.2.x86_64.rpm d20ac56207ef50426beaea46e1196c63 mes5/x86_64/freeradius-web-2.1.0-3.2mdvmes5.2.x86_64.rpm 1dad7dd1a4b40a99c21edc8598b7aeea mes5/x86_64/lib64freeradius1-2.1.0-3.2mdvmes5.2.x86_64.rpm 047d0222be6c58c6757fb63c4489e91e mes5/x86_64/lib64freeradius-devel-2.1.0-3.2mdvmes5.2.x86_64.rpm cc1524d78d985dcfe1cc52e0c4167c53 mes5/SRPMS/freeradius-2.1.0-3.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 0057f36548b76ab4309513af32189a7a mbs1/x86_64/freeradius-2.1.12-9.2.mbs1.x86_64.rpm bf926a73a78b4d71ed289882174faff0 mbs1/x86_64/freeradius-krb5-2.1.12-9.2.mbs1.x86_64.rpm 2a4d779f740e148179a2fa47f6b5d11a mbs1/x86_64/freeradius-ldap-2.1.12-9.2.mbs1.x86_64.rpm 6194d14adfb3a1be7098d6a80c68666c mbs1/x86_64/freeradius-mysql-2.1.12-9.2.mbs1.x86_64.rpm aa9d2789f6ba9ef13ddcbd8f1401053b mbs1/x86_64/freeradius-postgresql-2.1.12-9.2.mbs1.x86_64.rpm dced45a8d3116fda640cbf87a92045d9 mbs1/x86_64/freeradius-sqlite-2.1.12-9.2.mbs1.x86_64.rpm 6334b8e46550b4386845e965de3ddd6e mbs1/x86_64/freeradius-unixODBC-2.1.12-9.2.mbs1.x86_64.rpm 7c50512bed1debd14c01ac39a23664a0 mbs1/x86_64/freeradius-web-2.1.12-9.2.mbs1.x86_64.rpm 180924551409613494f9d37e171981bd mbs1/x86_64/lib64freeradius1-2.1.12-9.2.mbs1.x86_64.rpm aa658a202d8dfa5d34126b548206afb9 mbs1/x86_64/lib64freeradius-devel-2.1.12-9.2.mbs1.x86_64.rpm d71925925b1416ea729b8b85c7f0919c mbs1/SRPMS/freeradius-2.1.12-9.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTIaX3mqjQ0CJFipgRAmfrAJ4+2PFcRArhKtgBxVFMRghXs3mB+QCfQNcE KMIx0VlhDi+BX+cm21ZnGgQ= =MBcL
[Full-disclosure] CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2014-0054 Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE) Severity: Important Vendor: Spring by Pivotal Versions Affected: - - Spring MVC 3.0.0 to 3.2.8 - - Spring MVC 4.0.0 to 4.0.1 - - Earlier unsupported versions may be affected Description: Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. Jaxb2RootElementHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and that processing is now disabled by default. Mitigation: Users of affected versions should apply the following mitigation: - - Users of 3.x should upgrade to 3.2.8 or later - - Users of 4.x should upgrade to 4.0.2 or later Credit: This issue was reported to the Spring Framework developers by Spase Markovski. References: http://www.gopivotal.com/security/cve-2014-0054 https://jira.springsource.org/browse/SPR-11376 https://github.com/spring-projects/spring-framework/commit/edba32b3093703d5e9ed42b5b8ec23ecc1998398#diff-1f3f1d5cdab9ac92d1ca5ec7def8f131 History: 2014-Mar-11: Initial vulnerability report published. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0 iQIcBAEBAgAGBQJTH4LYAAoJEKSZXFdK82XaOD4P/RQEwgJaQxHpx+WG1z0dvf5K DuG+p/O+E0zruuTdVZMTdg+i+o3PSBQ/8xjnAJw0S8DeLAClZPC8h/bHr4C1Hy2A Fd9UIQF0Tuci4nUpaBkYjMsq/DIznhMCI3Md0dclYNj/X9j+mocFiRzhFDI4/2yx kfN62ks9DMe9YZhc3jqzB01MLnqmx2zVXRX7t1YUrcUpdvgz0m2Cp/xoU4urAf7G Jggiggc4z9iGJ9B4fbvhJ10jLeNjCf0xI+s612Uq4wQC/+5sZDwaE9BaIiBBS/bI 60nePuGzuGlcXlERPSiswO4U7evBXLJAHWsReMjJODf0+j+LheRUdeqBDGx+MlQ2 1Nz6L/EzYfX3AEm0rLhE1Y51oV2BfkIT5zT0aCb1xZY5Ujwqv1q6S+bTK0M8HrKv YYkKvXlAHmBW9t0Yk/ONaXT/b843Y/UJD2Zqd0272y2KmewDmAT7A1b8r8b1Yj5W 2Aw/6/2qVgnWLfgBiY0i+9//POnrmp8wDERVAAix/ePk/Mh+KBZAXThzMy77Vm1R miFXUCo92y0vAQijavn5lO5rhSuKX0205V61ivY6JLPeVqDxdXi6eptXSZuKe3e7 0XyHieN5zZ6nH+UkKSdUFhMSiGx6fQ0YDQm/4wfj5AqJ8ib1lrj/n4zxhTGTJpfy KyU96xGT6ig9EuA3Sc+E =N/VV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CVE-2014-0097 Spring Security Blank password may bypass user authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2014-0097 Blank password may bypass user authentication Severity: Important Vendor: Spring by Pivotal Versions Affected: - - Spring Security 3.2.0 to 3.2.1 - - Spring Security 3.1.0 to 3.1.5 Description: The ActiveDirectoryLdapAuthenticator does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password. Mitigation: Users of affected versions should apply the following mitigation: - - Users of 3.2.x should upgrade to 3.2.2 Credit: This issue was identified by the Spring Development team. References: http://www.gopivotal.com/security/cve-2014-0097 https://jira.springsource.org/browse/SEC-2500 https://github.com/spring-projects/spring-security/commit/88559882e967085c47a7e1dcbc4dc32c2c796868 https://github.com/spring-projects/spring-security/commit/7dbb8e777ece8675fa1ef1cb4d6b9be80395 https://github.com/spring-projects/spring-security/commit/a7005bd74241ac8e2e7b38ae31bc4b0f641ef973 History: 2014-Mar-11: Initial vulnerability report published. 2014-Mar-11: Affected versions corrected to add 3.1.0 to 3.1.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0 iQIcBAEBAgAGBQJTH4PiAAoJEKSZXFdK82XakpEP/AofBt17ZjSs4MeFcgm/zt1e tad8nNlYPRxjoUQYexNGLAu6JPIdaaZ1dZib+6vLwX3iKpMNq2dikkiVFk9qPSQY It/o58+n3e+La5KiEKpUHUnFuUfaOrcI6iojDlb/tIRKZB3UR8c8X562rYNDsMAJ QgAFaEvlxtNlB273Dq3AuIugpKB1E3Ivk2AFw9n7esutvKac42S8RaCw3FM+t8Hp OsbkroB8OE9qfi/MSh4loLZDdHakYgRy/mdW/5FYzrnbiOUNIzeyph3KiWFb5col ox2k9DEDsBbve/jATg/hsL0NvOIIqWA7mO+K/8XiGo4OnUkcDginCrEx01r36YLM wHIfnjQp6tgngFMC1sJBqaYH5bQ4p6HSiYwWutUTRvRUoXDe3YvPra37lWtgVfAv otYmZ8BZiQrzMiE5J1UIshekJV6dEhani3kyi3htCvOiBCS2+YMYzKgg16OgVcf5 JYmQKk/yE+ZEeWdTmM0gGK44axUQVNWZpG84JG/n7gDU+/yNO//93/vnID2JE5VK CzAcP2fazzK4D2u5t1k7JNfArDJ82SrVjEzY0RuZiu+ui/32kidIJY757rMbPV1k +wiE9429N4vsOisHavNladmUGl2vb5ImcVHiDy6ZyXyF8Xu4lE5YuhLzA5qZ4Ta/ n96+1qDQQZB4HhRKAnIZ =XpO8 -END PGP SIGNATURE-___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CVE-2014-1904 XSS when using Spring MVC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2014-1904 XSS when using Spring MVC Severity: Moderate Vendor: Spring by Pivotal Versions Affected: - - Spring MVC 3.0.0 to 3.2.8 - - Spring MVC 4.0.0 to 4.0.1 - - Earlier unsupported versions may be affected Description: When a programmer does not specify the action on the Spring form, Spring automatically populates the action field with the requested uri. An atacker can use this to inject malicious content into the form. Mitigation: Users of affected versions should apply the following mitigation: - - Users of 3.x should upgrade to 3.2.8 or later - - Users of 4.x should upgrade to 4.0.2 or later Credit: This issue was discovered and reported responsibly to the Pivotal security team by Paul Wowk of CAaNES LLC. References: https://jira.springsource.org/browse/SPR-11426 https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485 History: 2014-Mar-11: Initial vulnerability report published. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0 iQIcBAEBAgAGBQJTH4RmAAoJEKSZXFdK82Xa9cgP/jrsKO2583HNfsIfglZxcnEY YpKlCbqNeXzwEuACTJGdsilH57Q1mx7CuMGSBUjDi/ayiKfWmlhdZapkvVc8qdPC 2yUeYjKpj70MGedzWODMEPYdpM0bfqpmYep5HPioYA/jj3xQBrcZSQ1FAMCWzSTF FWyqbkB3qO9F80Vs/E2wKbH/Qm4pEOiaxQg+moCut/RLHYlWKGRFt+ujqd7EUnzY mGyeUR419F97pA2juF1GAh68R+z2mvwupPMCnc6naMPXtOuZoLZfAwJEoyqdQTyD NpnKJfeF2PCAGSPT0tlvgyxsW08zVb6QQv2WvKcQMqyDYYqnMpedUK9ZmtykNXYo ehQjRqSFy/amf+LPdJzYn8Z3bC49RLeOjkRNrWL2tj0gq9gn/PbZNcQxxT1u+z4C md1TDdv8/N8M8GKc61exm1wnVedPHbanCeYc5g7+fkQm0qu0qmQzHmls3jRedWH2 XqHQ63w4/hpv/tD0YESK+wvXXAP359kqTUmJ3GOhYOAJ9+K4dxyCLXUIsfif4wTq cJ6yubaLTMI50b+tzfxV0WsF+ez6MEyfXJoNXR8LfEOiTIUWC/5boslrAtAPKgpS X+ISd4qHLj6AyjoqfBTLSpZecP4RNtxRPJsC04RgKx2yMIjxlO8nghu4z5xYe0L0 d/vOAj1idcQotv/g92jl =msWo -END PGP SIGNATURE-___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure
View online: https://drupal.org/node/2216269 * Advisory ID: DRUPAL-SA-CONTRIB-2014-030 * Project: SexyBookmarks [1] (third-party module) * Version: 6.x * Date: 2014-March-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Information Disclosure DESCRIPTION - The SexyBookmarks module is a port of the WordPress SexyBookmarks plug-in. The module adds social bookmarking using the Shareaholic service. The module discloses the private files location when Drupal 6 is configured to use private files. This vulnerability is mitigated by the fact that only sites using private files are affected. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * All SexyBookmarks 6.x-2.x versions. Drupal core is not affected. If you do not use the contributed SexyBookmarks [4] module, there is nothing you need to do. SOLUTION * If you use the SexyBookmarks module for Drupal 6.x you should disable it. * Users can also consider using the Shareaholic [5] module which provides similar features. However, the Shareaholic module is currently only available for Drupal 7 so affected users would have to upgrade to Drupal 7 first. Also see the SexyBookmarks [6] project page. REPORTED BY - * Don Morris [7] FIXED BY Not applicable. COORDINATED BY -- * Greg Knaddison [8] of the Drupal Security Team * Cash Williams [9] provisional member of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [14] [1] http://drupal.org/project/sexybookmarks [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/sexybookmarks [5] http://drupal.org/project/shareaholic [6] http://drupal.org/project/sexybookmarks [7] http://drupal.org/user/79398 [8] http://drupal.org/user/36762 [9] http://drupal.org/user/421070 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-031 - Webform Template - Access Bypass
View online: https://drupal.org/node/2216607 * Advisory ID: DRUPAL-SA-CONTRIB-2014-031 * Project: Webform Template [1] (third-party module) * Version: 7.x * Date: 2014-March-12 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Access Bypass DESCRIPTION - This module enables you to copy webform config from one node to another. The module doesn't respect node access when providing possible nodes to copy from. As a result, a user may be disclosed the titles of nodes he does not have view access to and as such he may be able to copy the webform configuration from otherwise hidden nodes. This vulnerability is mitigated by the fact that the system must be using a node access control module and an attacker must have a role that has access to edit nodes of the webform template destination type. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * All Webform Template 6.x-1.x versions. * Webform Template 7.x-1.x versions prior to 7.x-1.3. Drupal core is not affected. If you do not use the contributed Webform Template [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Webform Template module for Drupal 7.x, upgrade to a newer version. The issue is fixed as from 7.x-1.3 [5]. * If using an older version, be aware of the risks consequences. *Note: *For some people, the previous behavior was actually exactly how they used this module. To restore the original functionality, go to the settings ( admin/config/content/webform_template ) and check the Defeat node access checkbox. Also see the Webform Template [6] project page. REPORTED BY - * theunraveler [7] FIXED BY * rv0 [8] the module maintainer COORDINATED BY -- * Rick Manelius [9] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [14] [1] http://drupal.org/project/webform_template [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/webform_template [5] https://drupal.org//drupal.org/node/2216447 [6] http://drupal.org/project/webform_template [7] https://drupal.org/user/71548 [8] https://drupal.org/user/655596 [9] https://drupal.org/user/680072 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NEW VMSA-2014-0002 VMware vSphere updates to third party libraries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- VMware Security Advisory Advisory ID: VMSA-2014-0002 Synopsis:VMware vSphere updates to third party libraries Issue date: 2014-03-11 Updated on: 2014-03-11 (initial advisory) CVE numbers: --NTP --- CVE-2013-5211 --glibc (service console) --- CVE-2013-4332 --JRE-- See references - --- 1. Summary VMware has updated vSphere third party libraries. 2. Relevant releases vCenter Server Appliance 5.5 prior to 5.5 Update 1 VMware vCenter Server 5.5 prior 5.5 Update 1 VMware Update Manager 5.5 prior 5.5 Update 1 VMware ESXi 5.5 without patch ESXi550-201403101-SG 3. Problem Description a. DDoS vulnerability in NTP third party libraries The NTP daemon has a DDoS vulnerability in the handling of the monlist command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack. Mitigation Mitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMwareProduct Running Replace with/ Product Version on Apply Patch = === === = VCSA 5.5 Linux 5.5 Update 1 VCSA 5.1 Linux patch pending VCSA 5.0 Linux patch pending ESXi 5.5 ESXiESXi550-201403101-SG ESXi 5.1 ESXipatch pending ESXi 5.0 ESXipatch pending ESXi 4.1 ESXipatch pending ESXi 4.0 ESXipatch pending ESX 4.1 ESX patch pending ESX 4.0 ESX patch pending b. Update to ESXi glibc package The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-4332 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch == === = ESXi5.5 ESXi ESXi550-201403101-SG ESXi5.1 ESXi patch pending ESXi5.0 ESXi patch pending ESXi4.1 ESXi no patch planned ESXi4.0 ESXi no patch planned ESX 4.1 ESX not applicable ESX 4.0 ESX not applicable c. vCenter and Update Manager, Oracle JRE 1.7 Update 45 Oracle JRE is updated to version JRE 1.7 Update 45, which addresses multiple security issues that existed in earlier releases of Oracle JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch Update Advisory of October 2013. The References section provides a link to this advisory. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ==== === = vCenter Server 5.5 Any 5.5 Update 1 vCenter Server 5.1 Any not applicable ** vCenter Server 5.0 Any not applicable ** vCenter Server 4.1 Windows not applicable ** vCenter Server 4.0 Windows not applicable * Update Manager 5.5 Windows 5.5 Update 1 Update Manager 5.1 Windows not applicable ** Update Manager 5.0 Windows not applicable ** Update Manager 4.1 Windows not applicable * Update Manager 4.0 Windows not applicable * ESXi any ESXinot applicable ESX 4.1 ESX not applicable ** ESX 4.0 ESX not applicable * * this product uses the Oracle JRE 1.5.0 family ** this product uses the Oracle JRE 1.6.0 family 4
[Full-disclosure] [ MDVSA-2014:048 ] gnutls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:048 http://www.mandriva.com/en/support/security/ ___ Package : gnutls Date: March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated gnutls packages fix security vulnerability: It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092 http://advisories.mageia.org/MGASA-2014-0117.html ___ Updated Packages: Mandriva Enterprise Server 5: 102f795d8475e9c9d6df72aeffd9213b mes5/i586/gnutls-2.4.1-2.10mdvmes5.2.i586.rpm 1f87f8bce0222e4bad7f098e9ae04467 mes5/i586/libgnutls26-2.4.1-2.10mdvmes5.2.i586.rpm c9bffc45aaddf198ccf185d130cd06c6 mes5/i586/libgnutls-devel-2.4.1-2.10mdvmes5.2.i586.rpm c713dc5b541177d7ad289853a6be2869 mes5/SRPMS/gnutls-2.4.1-2.10mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 74cf2ef8f62b6695fb7e0302bbd05f21 mes5/x86_64/gnutls-2.4.1-2.10mdvmes5.2.x86_64.rpm 1c915d2bfcadb6cb85ee2a80a3adf6ce mes5/x86_64/lib64gnutls26-2.4.1-2.10mdvmes5.2.x86_64.rpm 62d52e05b82032c7952f2dbf8e60482f mes5/x86_64/lib64gnutls-devel-2.4.1-2.10mdvmes5.2.x86_64.rpm c713dc5b541177d7ad289853a6be2869 mes5/SRPMS/gnutls-2.4.1-2.10mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 53bb1704d26e27aeeeddfdcf093c28a3 mbs1/x86_64/gnutls-3.0.28-1.2.mbs1.x86_64.rpm 9d87ba4210c47fd889e311cfddcbc0eb mbs1/x86_64/lib64gnutls28-3.0.28-1.2.mbs1.x86_64.rpm 3055076fd43b6a23e8ca36ca898e2378 mbs1/x86_64/lib64gnutls-devel-3.0.28-1.2.mbs1.x86_64.rpm 6c7adf3386ec46df821457f8ed0962f0 mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.2.mbs1.x86_64.rpm 2399c9cd4b3b4eb1cd1ad82a2dbbc90e mbs1/SRPMS/gnutls-3.0.28-1.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTHYuPmqjQ0CJFipgRAnO5AJ9UPgEWklfcapkAlRUrevDFRY5w1QCfUwqw BPc793TFRj1+Ic7Ckur6Ahs= =EexV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:049 ] subversion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:049 http://www.mandriva.com/en/support/security/ ___ Package : subversion Date: March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in subversion: The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls http://svn.example.com command (CVE-2014-0032). This advisory provides the latest version of subversion (1.7.16) which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032 http://subversion.apache.org/security/CVE-2014-0032-advisory.txt ___ Updated Packages: Mandriva Enterprise Server 5: 25a0792c0644c3469694b1aed87920c4 mes5/i586/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.i586.rpm 5c4a0db4d471323f53b1062f495cc4d7 mes5/i586/libsvn0-1.7.16-0.1mdvmes5.2.i586.rpm cf1185d10113c2ba5bfa5be6bc2c0c47 mes5/i586/libsvnjavahl1-1.7.16-0.1mdvmes5.2.i586.rpm e3cc87ab3d41b46bf520bb292c12526f mes5/i586/perl-SVN-1.7.16-0.1mdvmes5.2.i586.rpm 27b585a2d79689d73233463841f2bc80 mes5/i586/perl-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm 0039001ca9d125bfb557cffcc2f5b8c5 mes5/i586/python-svn-1.7.16-0.1mdvmes5.2.i586.rpm 4776c4ae660efbbc357c3c35fc9bd01f mes5/i586/python-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm 6708ceca95968af6a53b6181278f8252 mes5/i586/ruby-svn-1.7.16-0.1mdvmes5.2.i586.rpm 261064f1e40912db8c0a863e0b907a6f mes5/i586/ruby-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm a115aab61321b6fa8180c0debfc2ebe2 mes5/i586/subversion-1.7.16-0.1mdvmes5.2.i586.rpm 942c99bfabaf203e5e10ac3ef394e63b mes5/i586/subversion-devel-1.7.16-0.1mdvmes5.2.i586.rpm 32096c5120feb2ea6ece0675ef24412a mes5/i586/subversion-doc-1.7.16-0.1mdvmes5.2.i586.rpm 35943db397129b7b6ab1ec48014356e8 mes5/i586/subversion-server-1.7.16-0.1mdvmes5.2.i586.rpm 377718f8801578a0a02afd21daa9d96d mes5/i586/subversion-tools-1.7.16-0.1mdvmes5.2.i586.rpm be6f8cc3ef11f7219f6a07824795ed41 mes5/i586/svn-javahl-1.7.16-0.1mdvmes5.2.i586.rpm f9511b3a764f7f5c0297b5c6478a05d5 mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: fe630b13878ebd2eef2301836d42a833 mes5/x86_64/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.x86_64.rpm 34ea50c0238c1a71a0fb518ae81441a6 mes5/x86_64/lib64svn0-1.7.16-0.1mdvmes5.2.x86_64.rpm a18979e9ea94488d2862e725b91ac995 mes5/x86_64/lib64svnjavahl1-1.7.16-0.1mdvmes5.2.x86_64.rpm d186d26bf20b5b9cd6b6727f794b0747 mes5/x86_64/perl-SVN-1.7.16-0.1mdvmes5.2.x86_64.rpm ba6923c0cb1f53ac8c96b682df7e5711 mes5/x86_64/perl-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 18ef94dc37d3f7c4b161fdb71cb1900e mes5/x86_64/python-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm e0615817d08e9bdc3151d8de7b6f88da mes5/x86_64/python-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 8f3f546f4b57e2e6fe2d951e02eafde1 mes5/x86_64/ruby-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm 0dd7b95e42ebe58bc5a3a368142f7de6 mes5/x86_64/ruby-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm da5acbb29a65970a911fdfd44e39e9d6 mes5/x86_64/subversion-1.7.16-0.1mdvmes5.2.x86_64.rpm e4ccfd66a649b933ecc7bfd1fdba686d mes5/x86_64/subversion-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 074511092d7547f4c01f7820c4a00cab mes5/x86_64/subversion-doc-1.7.16-0.1mdvmes5.2.x86_64.rpm 2cada523fcd8673de0fb2f99de60dad6 mes5/x86_64/subversion-server-1.7.16-0.1mdvmes5.2.x86_64.rpm 0f435f9026b9460c5be686a4d8218350 mes5/x86_64/subversion-tools-1.7.16-0.1mdvmes5.2.x86_64.rpm 933d8dfd42cdd71c6d43b7bec209a5e7 mes5/x86_64/svn-javahl-1.7.16-0.1mdvmes5.2.x86_64.rpm f9511b3a764f7f5c0297b5c6478a05d5 mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 5095fc2f7b63d2374ba366051a873b58 mbs1/x86_64/apache-mod_dav_svn-1.7.16-0.1.mbs1.x86_64.rpm 633a46f34b6da14ddcab055dcc7b43c6 mbs1/x86_64/lib64svn0-1.7.16-0.1.mbs1.x86_64.rpm 1ca8f4e33ce81302d36912ed217f80b3 mbs1/x86_64/lib64svn-gnome-keyring0-1.7.16-0.1.mbs1.x86_64.rpm f70f985409153583212517dbada5ab0b mbs1/x86_64/lib64svnjavahl1-1.7.16-0.1.mbs1.x86_64.rpm ed488e73c53881ada31cba91eab5b086 mbs1/x86_64/perl-SVN-1.7.16-0.1.mbs1.x86_64.rpm ed510f571e41eb525e342ec597d1cfbe mbs1/x86_64/perl-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm 6d4359f416b2a54ea9bb54275bc9cff2 mbs1/x86_64/python-svn-1.7.16-0.1
[Full-disclosure] [ MDVSA-2014:050 ] wireshark
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:050 http://www.mandriva.com/en/support/security/ ___ Package : wireshark Date: March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities was found and corrected in Wireshark: * The NFS dissector could crash. Discovered by Moshe Kaplan (CVE-2014-2281). * The RLC dissector could crash (CVE-2014-2283). * The MPEG file parser could overflow a buffer. Discovered by Wesley Neelen (CVE-2014-2299). This advisory provides the latest version of Wireshark (1.8.13) which is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299 http://www.wireshark.org/security/wnpa-sec-2014-01.html http://www.wireshark.org/security/wnpa-sec-2014-03.html http://www.wireshark.org/security/wnpa-sec-2014-04.html ___ Updated Packages: Mandriva Enterprise Server 5: 4f641d05af87e5a053edd599e23975c7 mes5/i586/dumpcap-1.8.13-0.1mdvmes5.2.i586.rpm b1a8a82298dd88bde7f9e41b1a73b47d mes5/i586/libwireshark2-1.8.13-0.1mdvmes5.2.i586.rpm 896c658c6ddacc562a0d70366c64aefd mes5/i586/libwireshark-devel-1.8.13-0.1mdvmes5.2.i586.rpm b3287396b309bd0ec077ec03647356ac mes5/i586/rawshark-1.8.13-0.1mdvmes5.2.i586.rpm b05f181a687aee422bcc9d2a0dbedecc mes5/i586/tshark-1.8.13-0.1mdvmes5.2.i586.rpm a3c609066ee5c522f735160b791b3d1d mes5/i586/wireshark-1.8.13-0.1mdvmes5.2.i586.rpm 8e3d5cddff1cf5b3de28e6fd6298a412 mes5/i586/wireshark-tools-1.8.13-0.1mdvmes5.2.i586.rpm 104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: bf3e734f58c22f4a7d4cb9a92c723e6b mes5/x86_64/dumpcap-1.8.13-0.1mdvmes5.2.x86_64.rpm f3f2f97f4a0dab273fe6821f9b3dcda2 mes5/x86_64/lib64wireshark2-1.8.13-0.1mdvmes5.2.x86_64.rpm d7182aa64192b2b4856ce1deb25da35d mes5/x86_64/lib64wireshark-devel-1.8.13-0.1mdvmes5.2.x86_64.rpm ce9a49108e3e37385b1ecd1aec0818b5 mes5/x86_64/rawshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 345d1066d8dda18a06b0f9b0f34b12ff mes5/x86_64/tshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 49cf7c4dbec20d065ff535f5bc500d3b mes5/x86_64/wireshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 79c290d0a6934440a3989e696f6e3a2d mes5/x86_64/wireshark-tools-1.8.13-0.1mdvmes5.2.x86_64.rpm 104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 919616ad2d26713c2d0a4148d06cc671 mbs1/x86_64/dumpcap-1.8.13-1.mbs1.x86_64.rpm 32bc98bd5e9d2e19043d77ba944413fb mbs1/x86_64/lib64wireshark2-1.8.13-1.mbs1.x86_64.rpm e966a54884894738c89859f3768aed5c mbs1/x86_64/lib64wireshark-devel-1.8.13-1.mbs1.x86_64.rpm b96bbb6c34d1bf867e7409392b82817a mbs1/x86_64/rawshark-1.8.13-1.mbs1.x86_64.rpm a803b639bdf2ffa9d905bae772d19498 mbs1/x86_64/tshark-1.8.13-1.mbs1.x86_64.rpm ba694e53492db08cb4db43ae181b519f mbs1/x86_64/wireshark-1.8.13-1.mbs1.x86_64.rpm c24508e134fd8be7216f4a165dc3f71c mbs1/x86_64/wireshark-tools-1.8.13-1.mbs1.x86_64.rpm bc9586d2a42a3b7f52a02843905c7f59 mbs1/SRPMS/wireshark-1.8.13-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTHcXMmqjQ0CJFipgRApA3AJ9dlqu6qQiutinpvBDtprtQHoIKIQCeM396 03x4Ft2ynLHpeO4UFnID4QM= =F8Lb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
Asterisk Project Security Advisory - AST-2014-001 ProductAsterisk SummaryStack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service SusceptibilityRemote Unauthenticated Sessions Severity Moderate Exploits KnownNo Reported On February 21, 2014 Reported By Lucas Molas, researcher at Programa STIC, Fundacion Dr. Manuel Sadosky, Buenos Aires, Argentina Posted On March 10, 2014 Last Updated OnMarch 10, 2014 Advisory Contact Richard Mudgett rmudgett AT digium DOT com CVE Name CVE-2014-2286 Description Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. Resolution The patched versions now handle headers in a fashion that prevents a stack overflow. Users should upgrade to a corrected version, apply the released patches, or disable HTTP support. Affected Versions Product Release Series Asterisk Open Source1.8.x All versions Asterisk Open Source 11.x All versions Asterisk Open Source 12.x All versions Certified Asterisk 1.8.x All versions Certified Asterisk 11.x All versions Corrected In Product Release Asterisk Open Source 1.8.26.1, 11.8.1, 12.1.1 Certified Asterisk1.8.15-cert5, 11.6-cert2 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diffAsterisk 1.8 http://downloads.asterisk.org/pub/security/AST-2014-001-11.diff Asterisk 11 http://downloads.asterisk.org/pub/security/AST-2014-001-12.diff Asterisk 12 http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.15.diff Certified Asterisk 1.8.15 http://downloads.asterisk.org/pub/security/AST-2014-001-11.6.diff Certified Asterisk 11.6 Links https://issues.asterisk.org/jira/browse/ASTERISK-23340 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2014-001.pdf and http://downloads.digium.com/pub/security/AST-2014-001.html Revision History Date Editor Revisions Made 03/10/14 Richard Mudgett Initial Revision. Asterisk Project Security Advisory - AST-2014-001 Copyright (c) 2014 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html
[Full-disclosure] AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver
Asterisk Project Security Advisory - AST-2014-003 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions SeverityModerate Exploits Known No Reported On January 29, 2014 Reported By Joshua Colp jcolp AT digium DOT com Posted On March 10, 2014 Last Updated OnMarch 10, 2014 Advisory ContactJoshua Colp jcolp AT digium DOT com CVE NameCVE-2014-2288 Description A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the qualify_frequency configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect. Resolution This patch adds a check when handling responses challenging for authentication. If no endpoint is associated with the request no retry with authentication will occur. Affected Versions Product Release Series Asterisk Open Source 12.x All Corrected In Product Release Asterisk Open Source 12.x 12.1.1 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff Asterisk 12 Links https://issues.asterisk.org/jira/browse/ASTERISK-23210 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2014-003.pdf and http://downloads.digium.com/pub/security/AST-2014-003.html Revision History Date Editor Revisions Made 03/05/14 Joshua Colp Document Creation Asterisk Project Security Advisory - AST-2014-003 Copyright (c) 2014 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers
Asterisk Project Security Advisory - AST-2014-002 ProductAsterisk SummaryDenial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers Nature of Advisory Denial of Service SusceptibilityRemote Authenticated or Anonymous Sessions Severity Moderate Exploits KnownNo Reported On 2014/02/25 Reported By Corey Farrell Posted On March 10, 2014 Last Updated OnMarch 10, 2014 Advisory Contact Kinsey Moore kmoore AT digium DOT com CVE Name CVE-2014-2287 Description An attacker can use all available file descriptors using SIP INVITE requests. Knowledge required to achieve the attack: * Valid account credentials or anonymous dial in * A valid extension that can be dialed from the SIP account Trigger conditions: * chan_sip configured with session-timers set to originate or accept ** The INVITE request must contain either a Session-Expires or a Min-SE header with malformed values or values disallowed by the system's configuration. * chan_sip configured with session-timers set to refuse ** The INVITE request must offer timer in the Supported header Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly. Resolution Upgrade to a version with the patch integrated or apply the appropriate patch. Affected Versions Product Release Series Asterisk Open Source 1.8.x All Asterisk Open Source 11.x All Asterisk Open Source 12.x All Certified Asterisk 1.8.15 All Certified Asterisk 11.6 All Corrected In Product Release Asterisk Open Source 1.8.x1.8.26.1 Asterisk Open Source 11.x 11.8.1 Asterisk Open Source 12.x 12.1.1 Certified Asterisk 1.8.15 1.8.15-cert5 Certified Asterisk 11.6 11.6-cert2 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diffAsterisk 1.8 http://downloads.asterisk.org/pub
[Full-disclosure] AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling
Asterisk Project Security Advisory - AST-2014-004 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP Channel Driver Subscription Handling Nature of Advisory Denial of Service SusceptibilityRemote Authenticated Sessions Severity Moderate Exploits KnownNo Reported On January 14th, 2014 Reported By Mark Michelson Posted On March 10, 2014 Last Updated OnMarch 10, 2014 Advisory Contact Matt Jordan mjordan AT digium DOT com CVE Name CVE-2014-2289 Description A remotely exploitable crash vulnerability exists in the PJSIP channel driver's handling of SUBSCRIBE requests. If a SUBSCRIBE request is received for the presence Event, and that request has no Accept headers, Asterisk will attempt to access an invalid pointer to the header location. Note that this issue was fixed during a re-architecture of the res_pjsip_pubsub module in Asterisk 12.1.0. As such, this issue has already been resolved in a released version of Asterisk. This notification is being released for users of Asterisk 12.0.0. Resolution Upgrade to Asterisk 12.1.0, or apply the patch noted below to Asterisk 12.0.0. Affected Versions Product Release Series Asterisk Open Source 12.x 12.0.0 Corrected In Product Release Asterisk Open Source12.1.0 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff Asterisk 12 Links https://issues.asterisk.org/jira/browse/ASTERISK-23139 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2014-004.pdf and http://downloads.digium.com/pub/security/AST-2014-004.html Revision History Date Editor Revisions Made 03/05/14 Matt Jordan Initial Revision Asterisk Project Security Advisory - AST-2014-004 Copyright (c) 2014 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20140305-wlc Revision 1.0 For Public Release 2014 March 5 16:00 UTC (GMT) Summary === The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities: * Cisco Wireless LAN Controller Denial of Service Vulnerability * Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability * Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability * Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability * Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability * Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTFyueAAoJEIpI1I6i1Mx3QjIQALqJuwk1Y8YJAG+QM86XNUw3 aT3rlIPdAazREbXTX4VjLVyvdlfdhq8nQOjWf11ipkOU2FvGG+CM4fjk2Mz/4yUv YENEQLb8PZIzAaQh+Jk40DSVlEaNw6QdM5qg/4mz35BDc03TPMOos3W1wB6/erJj D8ml9HxU9+l29RNDkWeeatJUIrpL2jP6YiYdctBSqpm0KP4i5sv8DIMMWvMMqny0 D3rUqlLbYKGA2M6Ho9yOB7f/OF9QckDDqhkMagV1xPMF8ii+1EgLyTD1g33+6Hi5 YS/MrHiRr9g8n0NZQdcM3hfOTZc09ucw5/3iPqhC2H/XGVJOSq8w9vGNjY6dpP9s p0CiNmoX2bISLCzKPkfM9LzeFBENJjhR0owGeGpSvwCgwJ9n97Z9xUqfok+X57QA fenzUOv7dY508+ULBiMr98DWdx59U7fjX61i1Gl361+f8yGljSI+Cp2ObWKHy+gD sa+Em7P7rNUZ/lkzC7vW0svqNNiZioNK9t3SP/MjSUE2qSwpPVUow+FrnR3q/o3l B5Fi3gMxOwCu2pLFgIiIvILDRWU3t0z1PlGv2sF0QmXgFAtd0/aPRDmHTqJ2mi1N stGO/bk1nOcUcPdPLLOy1GQeJzLCR1ow6+FRDCu7BixGjZp5U3/UZtjwoz/ebQnK WCGLHbeJbNdGzOFxAaqz =LECh -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability Advisory ID: cisco-sa-20140305-rpd Revision 1.0 For Public Release 2014 March 5 16:00 UTC (GMT) +- Summary === A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device. The vulnerability is due to improper handling of authentication requests by the web framework. An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device. Cisco has released free software updates that address this vulnerability. There are currently no known workarounds that mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBUxdNdYpI1I6i1Mx3AQKOVQ//fDCH4hGeCpP1cWb2Huz9Oca8WqiDDzFZ yItR++/l1/vFnQpe7hXmuEt1g/eCSOgV7jF/ILCpEjGN7Kh2zF/uYenBX8t6QYsr nd/yO9gr82B/MwMPl8W5HU5jlpo+s82sbIr7X5TGv8+m3yTBLfboD27TQzkuzlZH EoaOd/UnCHWKYJR+ADjG6+HLPY1zvr+gcycsrI8eTPzZmWp5rMjhlNgApYTRcC7P g9EDG5qkkroEWufZpjC6ZX1KwE227WA8EFe0v34xlPjXYGdQK431qDK02QH85fkb lOHpqFfRGAjuVyIhp99cQ+bXCx1vsBoB9vul/L0It68yeo8HePnnAlnjNhEkhQZg cLAwZpEY/ndvcIjj03qfi/q9IFYLpjMrpaJhUJV1Z7Tan2gBf5u5ISlAvqqFIfgo U6X0Lg8nDvN133I1jLCpdpeUKVm19WXntx5oqo/5YWshdClfP2B7Jx7mKLv72Ff4 BpNMQCAXXfa4xV4YQrMPxUlcfwSs8+BVzMaKN0Ewbph/z6fbW/uTCTmy+D1Guu9q G2XA2/Hk7h8+O7gJf5OiHFl/5sHlGeLQ3HHN2+jnizOh66vm/Nko8wc7RtMSfWnh 0mOLK7HHYkPFvnZpLVEHHi7l1CcAHIj+qKt2ZX65I7GQgGWq76usZntIaiqAslij hc8D2np3qGo= =uInA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-029 - Mime Mail - Access Bypass
View online: https://drupal.org/node/2211419 * Advisory ID: DRUPAL-SA-CONTRIB-2014-029 * Project: Mime Mail [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-March-05 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments. By default the module only allows files to be embedded or attached that are located in the public files directory. The module doesn't sufficiently check the file location, considering similar paths in different roots as being located in the public files directory, possibly allowing to send arbitrary files as attachments without permission. This vulnerability is mitigated by the fact that an attacker must be able to compose and send e-mail messages to an arbitrary address and the attached file's location must partly match with the system path of the public files directory. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Mime Mail 6.x-1.x versions prior to 6.x-1.4. * Mime Mail 7.x-1.x versions prior to 7.x-1.0-beta3. Drupal core is not affected. If you do not use the contributed Mime Mail [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Mime Mail module for Drupal 6.x, upgrade to Mime Mail 6.x-1.4 [5] * If you use the Mime Mail module for Drupal 7.x, upgrade to Mime Mail 7.x-1.0-beta3 [6] Also see the Mime Mail [7] project page. REPORTED BY - * Heine Deelstra [8] of the Drupal Security Team FIXED BY * Gabor Seljan [9] the module maintainer * Rick Manelius [10] of the Drupal Security Team COORDINATED BY -- * Rick Manelius [11] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [16] [1] http://drupal.org/project/mimemail [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/mimemail [5] https://drupal.org/node/221 [6] https://drupal.org/node/2211109 [7] http://drupal.org/project/mimemail [8] http://drupal.org/user/17943 [9] http://drupal.org/user/232117 [10] http://drupal.org/user/680072 [11] http://drupal.org/user/680072 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-028 - Masquerade - Access bypass
View online: https://drupal.org/node/2211401 * Advisory ID: DRUPAL-SA-CONTRIB-2014-028 * Project: Masquerade [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-March-05 * Security risk: Highly critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - This module allows a user with the right permissions to switch users. When a user has been limited to only masquerading as certain users via the Enter the users this user is able to masquerade as user profile field, they can still masquerade as any user on the site by using the Enter the username to masquerade as. autocomplete field in the masquerade block. This vulnerability is mitigated by the fact that an attacker must have access to masquerade as another user. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Masquerade 6.x-2.x versions prior to 6.x-1.8. * Masquerade 7.x-2.x versions prior to 7.x-1.0-rc6. Drupal core is not affected. If you do not use the contributed Masquerade [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Masquerade module for Drupal 6.x, upgrade to Masquerade 6.x-1.8 [5] * If you use the Masquerade module for Drupal 7.x, upgrade to Masquerade 7.x-1.0-rc6 [6] Also see the Masquerade [7] project page. REPORTED BY - * Jeff H [8] FIXED BY * Laurence Liss [9], provisional member of the Drupal Security Team * Mark Shropshire [10], one of the Masquerade module maintainers COORDINATED BY -- * Laurence Liss [11], provisional member of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [16] [1] http://drupal.org/project/masquerade [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/masquerade [5] https://drupal.org/node/2210877 [6] https://drupal.org/node/2210879 [7] http://drupal.org/project/masquerade [8] http://drupal.org/user/37837 [9] http://drupal.org/user/724750 [10] http://drupal.org/user/14767 [11] http://drupal.org/user/724750 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-027 - NewsFlash Theme - XSS
View online: https://drupal.org/node/2211381 * Advisory ID: DRUPAL-SA-CONTRIB-2014-027 * Project: NewsFlash [1] (third-party theme) * Version: 6.x, 7.x * Date: 2014-March-05 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - Newsflash is a theme that features 7 color styles, 12 collapsible regions, suckerfish menus, fluid or fixed widths, built-in IE transparent PNG fix, and lots more. The theme does not sanitize the user provided theme setting for the font family CSS property, thereby exposing a cross-site scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission administer themes. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * NewsFlash 6.x-1.x versions prior to 6.x-1.7. * NewsFlash 7.x-1.x versions prior to 7.x-2.5. Drupal core is not affected. If you do not use the contributed NewsFlash [4] theme, there is nothing you need to do. SOLUTION Install the latest version: * If you use the theme NewsFlash for Drupal 7.x, upgrade to NewsFlash 7.x-2.5 [5] * If you use the theme NewsFlash for Drupal 6.x, upgrade to NewsFlash 6.x-1.7 [6] Also see the NewsFlash [7] project page. REPORTED BY - * Dennis Walgaard [8] FIXED BY * Alyx Vance [9] the theme maintainer COORDINATED BY -- * Klaus Purer [10] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [11]. Learn more about the Drupal Security team and their policies [12], writing secure code for Drupal [13], and securing your site [14]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [15] [1] http://drupal.org/project/newsflash [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/newsflash [5] https://drupal.org/node/2210621 [6] https://drupal.org/node/2210619 [7] http://drupal.org/project/newsflash [8] https://drupal.org/user/883702 [9] https://drupal.org/user/1284976 [10] https://drupal.org/user/262198 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration [15] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Update: CVE-2014-0053 Information Disclosure when using Grails
CVE-2014-0053 Information Disclosure in Grails applications Severity: Important Vendor: Grails by Pivotal Product Affected: - Grails Resources plugin 1.0.0 to 1.2.5 Products known to depend on the affected product: - Grails 2.0.0 to 2.3.6 Description: The Grails resources plug-in, a default dependency of Grails since 2.0.0, does not block access to resources located under /WEB-INF or /META-INF by default. This means that both configuration files and class files are publicly accessible when they should be private. Further, the filtering mechanism that applies any configured block does not normalise the requested URI before filtering allowing the block to be bypassed via directory traversal. Mitigation: Users of affected versions should apply one of the following mitigations: - Upgrade the resources plug-in to 1.2.6, configure the resources plug-in to block access to resources under /WEB-INF and /META-INF and the redploy the application - Prevent access to resources under /WEB-INF and /META-INF in the reverse proxy (if one is used) Possible configuration options to block access to /WEB-INF include adding the following to grails-app/conf/Config.groovy: grails.resources.adhoc.includes = ['/images/**', '/css/**', '/js/**', '/plugins/**'] grails.resources.adhoc.excludes = ['**/WEB-INF/**','**/META-INF/**'] Credit: The original /WEB-INF issue was identified by @Ramsharan065 but was reported publicly to the Grails team via Twitter. Pivotal strongly encourages responsible reporting of security vulnerabilities via secur...@gopivotal.com The /META-INF aspects of this issue were identified by numerous individuals and reported responsibly to either the Grails team or to the Pivotal Security team. The directory traversal aspects of this vulnerability were reported to the Pivotal security team by Kristian Mattila. References: https://twitter.com/Ramsharan065/status/434975409134792704 http://www.gopivotal.com/security/cve-2014-0053 (may take 24 hours to update) History: 2014-Feb-16: /WEB-INF issue made public 2014-Feb-19: Initial vulnerability report published 2014-Feb-27: Updated to include information on /META-INF and directory traversal aspects of this vulnerability. Separated out affected product and dependencies Extended affected Grails versions to include 2.3.6 Updated mitigations.___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Prime Infrastructure Command Execution Vulnerability Advisory ID: cisco-sa-20140226-pi Revision 1.0 For Public Release 2014 February 26 16:00 UTC (GMT) Summary === A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command via a specific URL. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released free software updates that address this vulnerability. A software patch that addresses this vulnerability in all affected versions is also available. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTDf6tAAoJEIpI1I6i1Mx3NYgQALW6jEKLiPRD5IZ1j/V4eD5O nsjvGer3XNJVdp3BM1+KU4j/JWSSuCimZcRiZpRDvOeb5ecSDnlyRYzygMo+bsdV fY0PrzOBJ9JxCfWX/9+0MsJZbaBFX1uI/Kic/4vZRhTwE4VsQKV6fhO3drbPaTsT BlkePdhE7tezBoxA2Ek7IXMyRDf/fQOhJE1//INtxkAoig2jauDvQ7k+qSnE2iXq zZRgSCmm9y462U/uf+zWBbGkeyPADEHpBTZB1eiVD7bsQIVmi9iKIUgamCaPtLs4 PeSpwOgvCfA6YEot34HoOP1/XupqekXiWdRnDXromDZACUKe8QpQxVVN/uauaz4s +klrPDoiCDoDKV83LLPIVd7lGW0VzEAgMBk8hy06PGGRwqMSDBmRs8EyoRf2o3J1 nn/FVty8FGhd2CZAcnG8WccUcCjUGZNHKDe1Y7aIdE8b6hvHUgWEgOpE2o2WLZ+w Ivnlk8AQuJrKHmO8sKDk39BNk42U5+PX64bolo60RyCA/0yQ4wmBPFZxxx8JaFYT Vpq/dp99m8B1EpMnZpnBsKsNjMoNWvNhoafbpIRbqIBJx5+JNibmQajke9S+Ge9H SUXY930hKqOKXFFFgHKfoQHL8/P69dPi826VKeOCkPxQm1eHkSVVuJ2enQdkHRug hee5aSj00KvSKL/W1KUA =VfwX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-023 - Project Issue File Review - XSS
View online: https://drupal.org/node/2205767 * Advisory ID: DRUPAL-SA-CONTRIB-2014-023 * Project: Project Issue File Review [1] (third-party module) * Version: 6.x * Date: 2014-February-26 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - The Project Issue File Review (PIFR) module provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing, with a focus on supporting Drupal development. Two scenarios were identified where the module does not sufficiently sanitize user provided input, exposing the 'server' component of the module to cross-site scripting vulnerabilities. The first scenario is mitigated by the fact that an attacker must have a role with the 'manage PIFR environments' administrative permission. The second scenario is mitigated by the fact that an attacker must be able to initiate testing of a patch specially crafted to exploit the vulnerability on the PIFR testing environment, have the testing execute successfully on a PIFR client, and have the client provide the testing results back to the PIFR server component. As one common purpose of this module is to provide validation and testing of user-supplied patches, users of the PIFR module should always consider the 'PIFR client' component of this module as insecure and untrusted, by design. The 'PIFR client' component should always be maintained in a separate network environment, isolated from the 'PIFR server' component or other critical infrastructure. There have been no known exploits of this vulnerability observed or reported on any servers running the PIFR module, including those within Drupal.org's automated testing environment. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Project_Issue_File_Review 6.x-2.x versions prior to 6.x-2.17. Drupal core is not affected. If you do not use the contributed Project Issue File Review [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the PIFR module for Drupal 6.x, upgrade to Project Issue File Review 6.x-2.17 [5]. Be sure to review and consider the associated release notes for all intermediary releases when upgrading. Also see the Project Issue File Review [6] project page. REPORTED BY - * Wim Leers [7] * Jeremy Thorson [8] the module maintainer FIXED BY * Neil Drumm [9] of the Drupal Security Team * Michael Hess [10] of the Drupal Security Team * Jeremy Thorson [11] the module maintainer COORDINATED BY -- * Michael Hess [12] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [13]. Learn more about the Drupal Security team and their policies [14], writing secure code for Drupal [15], and securing your site [16]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [17] [1] http://drupal.org/project/project_issue_file_review [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/project_issue_file_review [5] https://drupal.org/node/2205755 [6] http://drupal.org/project/project_issue_file_review [7] http://drupal.org/user/99777 [8] http://drupal.org/user/148199 [9] http://drupal.org/user/3064 [10] http://drupal.org/user/102818 [11] http://drupal.org/user/148199 [12] http://drupal.org/user/102818 [13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-025 - Open Omega - Access Bypass
View online: https://drupal.org/node/2205877 * Advisory ID: DRUPAL-SA-CONTRIB-2014-025 * Project: Open Omega [1] (third-party theme) * Version: 7.x * Date: 2014-February-26 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - This theme is a sub theme of omega used as as a sample theme for the open Public Distribution. The theme doesn't sufficiently check the users menu access when building the header and footer menus, so that it can expose the title and path of restricted items in the menu. This vulnerability is mitigated by the fact that that it is only present when this menu has items with restricted access that differ by role. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * openomega 7.x-1.x versions prior to 7.x-1.1. Drupal core is not affected. If you do not use the contributed Open Omega [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use this theme for Drupal 7.x, upgrade to Open Omega 7.x-1.1 [5] Also see the Open Omega [6] project page. REPORTED BY - * Peter Taylor [7] FIXED BY * Erik Summerfield [8], the theme maintainer COORDINATED BY -- * Hunter Fox [9] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [14] [1] http://drupal.org/project/openomega [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/openomega [5] https://drupal.org/node/2205859 [6] http://drupal.org/project/openomega [7] http://drupal.org/user/2674141 [8] http://drupal.org/user/189123 [9] http://drupal.org/user/426416 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-024 - Content Lock - CSRF
View online: https://drupal.org/node/2205807 * Advisory ID: DRUPAL-SA-CONTRIB-2014-024 * Project: Content locking (anti-concurrent editing) [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-February-26 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Request Forgery DESCRIPTION - This module prevents people from editing the same content at the same time. It adds a locking layer to nodes. It does not protect from CSRF. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * All 6.x Versions * All 7.x Versions Drupal core is not affected. If you do not use the contributed Content locking (anti-concurrent editing) [4] module, there is nothing you need to do. SOLUTION Uninstall the module, it is no longer maintained . Also see the Content locking (anti-concurrent editing) [5] project page. REPORTED BY - * Eugen Mayer [6] FIXED BY There is no fix for this issue. CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [7]. Learn more about the Drupal Security team and their policies [8], writing secure code for Drupal [9], and securing your site [10]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [11] [1] http://drupal.org/project/content_lock [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/content_lock [5] http://drupal.org/project/content_lock [6] https://drupal.org/user/108406 [7] http://drupal.org/contact [8] http://drupal.org/security-team [9] http://drupal.org/writing-secure-code [10] http://drupal.org/security/secure-configuration [11] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-026 - Mime Mail - Access bypass
View online: https://drupal.org/node/2205991 * Advisory ID: DRUPAL-SA-CONTRIB-2014-026 * Project: Mime Mail [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-February-26 * Security risk: Not critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - The MIME Mail module allows processing of incoming MIME-encoded e-mail messages with embedded images and attachments. The default key for the authentication of incoming messages is generated from a random number. On some platforms (such as Windows) the maximum value of this number is only 32767 which makes the generated key particularly vulnerable to a brute force attack. This vulnerability is mitigated by the fact that the processing of incoming messages needs to be enabled on the site and the default key can be arbitrary changed by the site administrator. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Mime Mail 6.x-1.x versions prior to 6.x-1.3. * Mime Mail 7.x-1.x versions prior to 7.x-1.0-beta2. Drupal core is not affected. If you do not use the contributed Mime Mail [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Mime Mail module for Drupal 6.x, upgrade to Mime Mail 6.x-1.3 [5] * If you use the Mime Mail module for Drupal 7.x, upgrade to Mime Mail 7.x-1.0-beta2 [6] These releases include a stronger authentication process for incoming messages which is backward incompatible. If you are using this feature, make sure to use the HMAC method with the new key generated during the update process to authenticate your messages. Also see the Mime Mail [7] project page. REPORTED BY - * Heine Deelstra [8] of the Drupal Security Team FIXED BY * Gabor Seljan [9] the module maintainer * Rick Manelius [10]provisional Drupal Security Team member COORDINATED BY -- * Hunter Fox [11] of the Drupal Security Team * Rick Manelius [12] provisional Drupal Security Team member. CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [13]. Learn more about the Drupal Security team and their policies [14], writing secure code for Drupal [15], and securing your site [16]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [17] [1] http://drupal.org/project/mimemail [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/mimemail [5] https://drupal.org/node/2205939 [6] https://drupal.org/node/2205949 [7] http://drupal.org/project/mimemail [8] http://drupal.org/user/17943 [9] http://drupal.org/user/232117 [10] http://drupal.org/user/680072 [11] http://drupal.org/user/426416 [12] https://drupal.org/user/680072 [13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:046 ] phpmyadmin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:046 http://www.mandriva.com/en/support/security/ ___ Package : phpmyadmin Date: February 21, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in phpmyadmin: Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action (CVE-2014-1879). This upgrade provides the latest phpmyadmin version (4.1.7) to address this vulnerability. Additionally phpseclib packages has been added due to new dependencies. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1879 http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php ___ Updated Packages: Mandriva Enterprise Server 5: c263bd5b965453ba650bb81a711768eb mes5/i586/phpmyadmin-4.1.7-0.1mdvmes5.2.noarch.rpm defc507ff8600e6188b7e405ea0bb008 mes5/i586/phpseclib-0.3.5-0.1mdvmes5.2.noarch.rpm 3774e20f2f2f66c79986b4882781b82f mes5/SRPMS/phpmyadmin-4.1.7-0.1mdvmes5.2.src.rpm 2243c59f2967dcb463ea444569013862 mes5/SRPMS/phpseclib-0.3.5-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: dbc67b08ffc4c7a25a27d092e2bff4eb mes5/x86_64/phpmyadmin-4.1.7-0.1mdvmes5.2.noarch.rpm 7e740e3937991151e80fea25f8747a5b mes5/x86_64/phpseclib-0.3.5-0.1mdvmes5.2.noarch.rpm 3774e20f2f2f66c79986b4882781b82f mes5/SRPMS/phpmyadmin-4.1.7-0.1mdvmes5.2.src.rpm 2243c59f2967dcb463ea444569013862 mes5/SRPMS/phpseclib-0.3.5-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 385122f1d627a1107ab0bb93cd343984 mbs1/x86_64/phpmyadmin-4.1.7-1.mbs1.noarch.rpm a27ce27fa10c5750558198f78aaf6626 mbs1/x86_64/phpseclib-0.3.5-1.mbs1.noarch.rpm f8a14ae4521da88c222fae2c4f2d409b mbs1/SRPMS/phpmyadmin-4.1.7-1.mbs1.src.rpm 7dadbad52a3e80ce9b6dc294db313202 mbs1/SRPMS/phpseclib-0.3.5-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTBycEmqjQ0CJFipgRAgsdAJ462zo1iNvM+igFAhA45Z6utcbcEgCg9beb 1hXHfpHC2lTTcODyTFzXdh4= =EktW -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:047 ] postgresql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:047 http://www.mandriva.com/en/support/security/ ___ Package : postgresql Date: February 21, 2014 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in postgresql: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions (CVE-2014-0060). The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any (CVE-2014-0061). If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack (CVE-2014-0062). The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own (CVE-2014-0063). Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past (CVE-2014-0064). Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type (CVE-2014-0065). There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066). Since the temporary server started by make check uses trust authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine (CVE-2014-0067). This advisory provides the latest version of PostgreSQL that is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0067 http://www.postgresql.org/docs/9.2/static/release-9-2-5.html http://www.postgresql.org/docs/9.2/static/release-9-2-6.html http://www.postgresql.org/docs/9.2/static/release-9-2-7.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 79694cb7b4dd67569529507531e9f43c mbs1/x86_64/lib64ecpg9.2_6-9.2.7-1.mbs1.x86_64.rpm 71413fef641ef26dfd364cc0417ec002 mbs1
[Full-disclosure] [ MDVSA-2014:045 ] libtar
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:045 http://www.mandriva.com/en/support/security/ ___ Package : libtar Date: February 20, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter (CVE-2013-4420). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4420 http://www.debian.org/security/2014/dsa-2863.en.html ___ Updated Packages: Mandriva Enterprise Server 5: 9c41216c3e2a51a66b92fac79f24145e mes5/i586/libtar-1.2.11-8.2mdvmes5.2.i586.rpm b3c2c7a0f5b6485cef4cea7b3a1260eb mes5/i586/libtar-devel-1.2.11-8.2mdvmes5.2.i586.rpm 394c02d53c5ed8aee4ba0120c8c323f4 mes5/SRPMS/libtar-1.2.11-8.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 789f1f0d19a70b6270524ae75f82605b mes5/x86_64/libtar-1.2.11-8.2mdvmes5.2.x86_64.rpm 5c599c305977157852f7671e41705f46 mes5/x86_64/libtar-devel-1.2.11-8.2mdvmes5.2.x86_64.rpm 394c02d53c5ed8aee4ba0120c8c323f4 mes5/SRPMS/libtar-1.2.11-8.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: f61a5b919d27fba85205633da3703b17 mbs1/x86_64/libtar-1.2.11-11.2.mbs1.x86_64.rpm 3e6b2e5a5567eb957c7046314788078e mbs1/x86_64/libtar-devel-1.2.11-11.2.mbs1.x86_64.rpm 707c993007a990897d2d85c8a6bdbfd0 mbs1/SRPMS/libtar-1.2.11-11.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTBdUpmqjQ0CJFipgRApKoAKCJMXlB/e7LqDlULfkA4kwaOj5E8ACeLK8A aWsYArQaT0C7Fv83WQrmS6g= =gxwI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RC Trojan 1.1d (Undetected)
It's detected now. ClamAV - PUA.Win32.Packer.Upx-53K7AntiVirus - Trojan ( 000200f91 )K7GW - Trojan ( 000200f91 )Qihoo-360 - HEUR/Malware.QVM06.GenSymantec - WS.Reputation.1TrendMicro-HouseCall - TROJ_GEN.F47V0219 Too bad they killed it already. 2014-02-19 21:17 GMT+01:00 ICSS Security ctrlaltdel...@outlook.pt: Hi, Just releasing my new achievement. What is? RC Trojan AKA Remote Control trojan which allow the control of a computer remotely in the same network (Lan/Wan). It's build in commercial software so it may take a while to get detected but MD5 may be applied. INFO Basicaly it's an http server and a server routine that executes tasks. All can be easily unveiled... Leave any feedback Download: https://www.mediafire.com/?f6mg1yiyklq6otb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:041 ] python
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:041 http://www.mandriva.com/en/support/security/ ___ Package : python Date: February 19, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability was reported in Python#039;s socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912 http://bugs.python.org/issue20246 https://bugzilla.redhat.com/show_bug.cgi?id=1062370 ___ Updated Packages: Mandriva Enterprise Server 5: 9f5d8acdfaff42d2fe7aae145aa6bdf4 mes5/i586/libpython2.5-2.5.2-5.13mdvmes5.2.i586.rpm 87e946a35ed4a041ce15fb328a94962f mes5/i586/libpython2.5-devel-2.5.2-5.13mdvmes5.2.i586.rpm 8e89735ab8baa2f6975f8238b082c059 mes5/i586/python-2.5.2-5.13mdvmes5.2.i586.rpm 903a0bd59758cf89d2cfc6f50dfccf31 mes5/i586/python-base-2.5.2-5.13mdvmes5.2.i586.rpm 12299e01e8a6854b9b737e7134e0c67e mes5/i586/python-docs-2.5.2-5.13mdvmes5.2.i586.rpm 6981e8ff73aea76e7781c9f4eaa16221 mes5/i586/tkinter-2.5.2-5.13mdvmes5.2.i586.rpm b48267baca317515f87ba162ed4eab02 mes5/i586/tkinter-apps-2.5.2-5.13mdvmes5.2.i586.rpm 83a624a38fbf33f8dd30be16c059fedd mes5/SRPMS/python-2.5.2-5.13mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: d29187d3073068ca4dd23a7e873ad23f mes5/x86_64/lib64python2.5-2.5.2-5.13mdvmes5.2.x86_64.rpm 6a982f71c8363e6bce7f8958168702bd mes5/x86_64/lib64python2.5-devel-2.5.2-5.13mdvmes5.2.x86_64.rpm 75bc4436ed423dcedaf209d774bcbfab mes5/x86_64/python-2.5.2-5.13mdvmes5.2.x86_64.rpm 33a74fac35c5009fcc066d774f4b200d mes5/x86_64/python-base-2.5.2-5.13mdvmes5.2.x86_64.rpm 945d27beff9becc2b207027edd6b90e1 mes5/x86_64/python-docs-2.5.2-5.13mdvmes5.2.x86_64.rpm 9163259f05462f665998c2add88f8631 mes5/x86_64/tkinter-2.5.2-5.13mdvmes5.2.x86_64.rpm 63d61503b92a17c04548db2b60faa395 mes5/x86_64/tkinter-apps-2.5.2-5.13mdvmes5.2.x86_64.rpm 83a624a38fbf33f8dd30be16c059fedd mes5/SRPMS/python-2.5.2-5.13mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 949fbdcadfe90fd12d6c6dcc2d1740ef mbs1/x86_64/lib64python2.7-2.7.3-4.5.mbs1.x86_64.rpm 750b20f80e21a7b2a753b736fb3bbb9b mbs1/x86_64/lib64python-devel-2.7.3-4.5.mbs1.x86_64.rpm 9264c30b67dd6fa5438b73ecc9e218aa mbs1/x86_64/python-2.7.3-4.5.mbs1.x86_64.rpm e3245ecc8907e9ae9e8dc70e23d057c6 mbs1/x86_64/python-docs-2.7.3-4.5.mbs1.noarch.rpm b2fa904583d40bca084cc24c1599cc47 mbs1/x86_64/tkinter-2.7.3-4.5.mbs1.x86_64.rpm f115c68c0713f3681d411d635c910374 mbs1/x86_64/tkinter-apps-2.7.3-4.5.mbs1.x86_64.rpm ad12c7fe3e8f82dd0e4836288af1198a mbs1/SRPMS/python-2.7.3-4.5.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTBF1JmqjQ0CJFipgRAhDEAJ9tmnwSQ16RCBiNjXc7qge0Q/oXnQCgmsKL 7otvc41VTF+HbIhMxfFud6Y= =PIy4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:042 ] tomcat6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:042 http://www.mandriva.com/en/support/security/ ___ Package : tomcat6 Date: February 19, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated tomcat6 packages fix security vulnerabilities: It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service (CVE-2012-3544). A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc (CVE-2013-1571). A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root (CVE-2013-1976). It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim#039;s credentials (CVE-2013-2067). Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067 http://advisories.mageia.org/MGASA-2014-0082.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 8b304fbd6b68bef47f85ef31d0bea344 mbs1/x86_64/tomcat6-6.0.39-1.mbs1.noarch.rpm 7243145c6a5be3a964e69db023ee71c9 mbs1/x86_64/tomcat6-admin-webapps-6.0.39-1.mbs1.noarch.rpm f2c3f53c7b0d0418aed86f12a9f6900c mbs1/x86_64/tomcat6-docs-webapp-6.0.39-1.mbs1.noarch.rpm 54db0f145ed365fd226bb9d5fd31ee64 mbs1/x86_64/tomcat6-el-2.1-api-6.0.39-1.mbs1.noarch.rpm fb001fc02a3c23ea19325c6690aefb36 mbs1/x86_64/tomcat6-javadoc-6.0.39-1.mbs1.noarch.rpm 2db27ac9511a05f7a71ff3d109152e43 mbs1/x86_64/tomcat6-jsp-2.1-api-6.0.39-1.mbs1.noarch.rpm 7c4064e925da652943891f2d7b4e8c2c mbs1/x86_64/tomcat6-lib-6.0.39-1.mbs1.noarch.rpm d7910e6ac4bb2aa6ac1c482e15ad163f mbs1/x86_64/tomcat6-servlet-2.5-api-6.0.39-1.mbs1.noarch.rpm 4bd7543509316993551b12427a4008b6 mbs1/x86_64/tomcat6-systemv-6.0.39-1.mbs1.noarch.rpm 69887526ca4c9a45b44db36fd5576411 mbs1/x86_64/tomcat6-webapps-6.0.39-1.mbs1.noarch.rpm e0bfb83180ae8b86c32a4104d643eabd mbs1/SRPMS/tomcat6-6.0.39-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTBGbfmqjQ0CJFipgRAqoFAJ9rlsBNuojSUoFTrtzjClT1Baj4GACg3oCE t3Cmz3RfMCdPvQPAOR3vuf4= =bOtM -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:043 ] gnutls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:043 http://www.mandriva.com/en/support/security/ ___ Package : gnutls Date: February 19, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated gnutls packages fix security vulnerability: Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior) (CVE-2014-1959). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959 http://advisories.mageia.org/MGASA-2014-0077.html ___ Updated Packages: Mandriva Business Server 1/X86_64: b988bab2fdf23d5f0f4e4924eea9e637 mbs1/x86_64/gnutls-3.0.28-1.1.mbs1.x86_64.rpm 0ade9a8dde81b7c24bac493e280b63e7 mbs1/x86_64/lib64gnutls28-3.0.28-1.1.mbs1.x86_64.rpm 6ee50c78323c0ac7b3389479b66e66ab mbs1/x86_64/lib64gnutls-devel-3.0.28-1.1.mbs1.x86_64.rpm be4ab7e4ae55e41326fa4983944d0407 mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.1.mbs1.x86_64.rpm f53dca5b5c59f61ab8e2db23a55f0e59 mbs1/SRPMS/gnutls-3.0.28-1.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTBH0vmqjQ0CJFipgRAtgfAJ46Wblmntms5o3lPs32w8qPTWeCTgCfYz++ OUuTKze0Lm3n1McIsqOpR/s= =QI+x -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability Advisory ID: cisco-sa-20140219-fwsm Revision 1.0 For Public Release 2014 February 19 16:00 UTC (GMT) +- Summary === Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate the vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-fwsm -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlMEtNcACgkQUddfH3/BbTqQ+wD+NFmMxteh3LtLTfRu/MLP3fUd 1JUZsmYsfWURrVRYKWIA/jCIeNeOrEZk3+us7+gkLQ0m8CPFzYtwmJv0WAuUz4nL =CKL7 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software Advisory ID: cisco-sa-20140219-ips Revision 1.0 For Public Release 2014 February 19 16:00 UTC (GMT) +- Summary === Cisco Intrusion Prevention System (IPS) Software is affected by the following vulnerabilities: Cisco IPS Analysis Engine Denial of Service Vulnerability Cisco IPS Control-Plane MainApp Denial of Service Vulnerability Cisco IPS Jumbo Frame Denial of Service Vulnerability The Cisco IPS Analysis Engine Denial of Service Vulnerability and the Cisco IPS Jumbo Frame Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the Analysis Engine process to become unresponsive or crash. When this occurs, the Cisco IPS will stop inspecting traffic. The Cisco IPS Control-Plane MainApp Denial of Service Vulnerability could allow an unauthenticated, remote attacker to cause the MainApp process to become unresponsive and prevent it from executing several tasks including alert notification, event store management, and sensor authentication. The Cisco IPS web server will also be unavailable while the MainApp process is unresponsive, and other processes such as the Analysis Engine process may not work properly. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of the vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlMEtN8ACgkQUddfH3/BbTqaXgD+NeE2RZeYebqQItuny2wwM75u aKOGy+hgzq4SO1Rd42UA/iTYBple0vixcw47mcP8QlnHxbLNNLvPj8RaD8Yktd+Q =mckJ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability Advisory ID: cisco-sa-20140219-ucsd Revision 1.0 For Public Release 2014 February 19 16:00 UTC (GMT) +- Summary === A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlMEtOsACgkQUddfH3/BbTrerwD9F9frFRfdIPKHUxFOVSdCWw48 nYMwynXoUtbiTFxpPTwA/A1wg6tWwHyIg3OGrhLzxoMxGQzBlk1QfxxaXORde2I8 =zBK2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 Advisory ID: cisco-sa-20140219-phone Revision 1.0 For Public Release 2014 February 19 16:00 UTC (GMT) +- Summary === A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlMEtOUACgkQUddfH3/BbToAgwD/YVTgOAUwc7a7j1oWJqLyWjsi 49ZYhWjP2fS5b9hbKdsA/1STDtpjHVVhRv4AsS8AL2EenDZGj8NyfJPM9CEUjrUm =Ol4C -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS)
View online: https://drupal.org/node/2200453 * Advisory ID: DRUPAL-SA-CONTRIB-2014-021 * Project: Maestro [1] (third-party module) * Version: 7.x * Date: 2014-February-19 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - The Maestro module enables you to create complex workflows, automating business processes. The module doesn't sufficiently filter Role or Organic Group names when displaying them in the workflow details. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create Drupal Roles or Organic Groups. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Maestro 7.x-1.x versions prior to 7.x-1.4. Drupal core is not affected. If you do not use the contributed Maestro [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Maestro module for Drupal 7.x, upgrade to Maestro 7.x-1.4 [5] Also see the Maestro [6] project page. REPORTED BY - * Aron Novak [7] FIXED BY * Aron Novak [8], the reporter * Randy Kolenko [9] the module maintainer COORDINATED BY -- * Greg Knaddison [10] of the Drupal Security Team * Michael Hess [11] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [16] [1] http://drupal.org/project/maestro [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/maestro [5] https://drupal.org/node/2013653 [6] http://drupal.org/project/maestro [7] http://drupal.org/user/61864 [8] http://drupal.org/user/61864 [9] http://drupal.org/user/704970 [10] https://drupal.org/user/36762 [11] https://drupal.org/user/102818/ [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-022 - Slickgrid - Access bypass
View online: https://drupal.org/node/2200491 * Advisory ID: DRUPAL-SA-CONTRIB-2014-22 * Project: Slickgrid [1] (third-party module) * Version: 7.x * Date: 2014-February -22 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - The Slickgrid module is an implementation of the jQuery slickgrid plugin, a lightening fast JavaScript grid/spreadsheet. It defines a slickgrid view style, so all data can be output as an editable grid. The module doesn't check access sufficiently, allowing users to edit and change field values of nodes they should not have access to change. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Slickgrid 7.x-1.x versions Drupal core is not affected. If you do not use the contributed Slickgrid [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Slickgrid module for Drupal 7.x, upgrade to Slickgrid 7.x-2.0 [5] Also see the Slickgrid [6] project page. REPORTED BY - * Tim Wood [7] FIXED BY * Ben Scott [8] * Simon Rycroft [9] the module maintainer COORDINATED BY -- * Greg Knaddison [10] of the Drupal Security Team * Michael Hess [11] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [16] [1] http://drupal.org/project/slickgrid [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/slickgrid [5] https://drupal.org/node/2200475 [6] http://drupal.org/project/slickgrid [7] http://drupal.org/user/23373 [8] http://drupal.org/user/149339 [9] http://drupal.org/user/151544 [10] https://drupal.org/user/36762 [11] https://drupal.org/user/102818/ [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:044 ] zarafa
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:044 http://www.mandriva.com/en/support/security/ ___ Package : zarafa Date: February 19, 2014 Affected: Business Server 1.0 ___ Problem Description: Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users (CVE-2014-0037, CVE-2014-0079). The updated packages have been upgraded to the 7.1.8 version which is not vulnerable to these issues. Additionally kyotocabinet 1.2.76 packages is also being provided due to new dependencies. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0079 https://bugzilla.redhat.com/show_bug.cgi?id=1056767 https://bugzilla.redhat.com/show_bug.cgi?id=1059903 ___ Updated Packages: Mandriva Business Server 1/X86_64: d16e0d8878edda24781c7aa95aa9d9d0 mbs1/x86_64/kyotocabinet-1.2.76-1.mbs1.x86_64.rpm 6fd70948ad85912830fd1b2fe603b5fe mbs1/x86_64/kyotocabinet-api-doc-1.2.76-1.mbs1.noarch.rpm a62410307fbba4857685fcdf5c7b7c80 mbs1/x86_64/lib64kyotocabinet16-1.2.76-1.mbs1.x86_64.rpm 81b53cf87d92f99e63bee13c0a3341de mbs1/x86_64/lib64kyotocabinet-devel-1.2.76-1.mbs1.x86_64.rpm 50bab0eed141d22e945860eba1677604 mbs1/x86_64/lib64zarafa0-7.1.8-1.mbs1.x86_64.rpm 285e1fab4f7fbb90b47afffa4e48843a mbs1/x86_64/lib64zarafa-devel-7.1.8-1.mbs1.x86_64.rpm bd1609b8c463232cdc561d30c2576cea mbs1/x86_64/php-mapi-7.1.8-1.mbs1.x86_64.rpm 85a7deaad1f5d40af9b7f45c90d169c2 mbs1/x86_64/python-MAPI-7.1.8-1.mbs1.x86_64.rpm f27e206845698b040c1d0ebe07139b52 mbs1/x86_64/zarafa-7.1.8-1.mbs1.x86_64.rpm 6707f723548326f14f184e6abc9b5b8f mbs1/x86_64/zarafa-archiver-7.1.8-1.mbs1.x86_64.rpm 49159ba3392ea940b856187444fa1f10 mbs1/x86_64/zarafa-caldav-7.1.8-1.mbs1.x86_64.rpm adee30eedd5c028c7b3b0b7d3fcce79f mbs1/x86_64/zarafa-client-7.1.8-1.mbs1.x86_64.rpm a624c1b0b07ffc86b1fc4588032be771 mbs1/x86_64/zarafa-common-7.1.8-1.mbs1.x86_64.rpm f02d202a9ee027cf39549bbe94567598 mbs1/x86_64/zarafa-dagent-7.1.8-1.mbs1.x86_64.rpm 06a01cb9c185881f143e07e76450573f mbs1/x86_64/zarafa-gateway-7.1.8-1.mbs1.x86_64.rpm f58ca4cbf70505795034ea685d1504b9 mbs1/x86_64/zarafa-ical-7.1.8-1.mbs1.x86_64.rpm bca69f6009cfa4c753ae86e73809be30 mbs1/x86_64/zarafa-indexer-7.1.8-1.mbs1.x86_64.rpm c6f02794ecf4e45cc8b15a489b1f549b mbs1/x86_64/zarafa-monitor-7.1.8-1.mbs1.x86_64.rpm 7bfd2eabb0ff6ecb2426483212a08e8e mbs1/x86_64/zarafa-server-7.1.8-1.mbs1.x86_64.rpm 52cab9632d64fb0aa84492a676f3e03f mbs1/x86_64/zarafa-spooler-7.1.8-1.mbs1.x86_64.rpm bc60f4f3b7a27f7c6e5c1450fb3eaab8 mbs1/x86_64/zarafa-utils-7.1.8-1.mbs1.x86_64.rpm afaaf4b84e1afc898928737a6a9d2dea mbs1/x86_64/zarafa-webaccess-7.1.8-1.mbs1.noarch.rpm 53efe802a9b0794bafa5865ba5e712b2 mbs1/SRPMS/kyotocabinet-1.2.76-1.mbs1.src.rpm fdc86a3de819acc0d641f89245b1c4a0 mbs1/SRPMS/zarafa-7.1.8-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTBNy1mqjQ0CJFipgRAhTPAKClNqERpDbJh+nVjQsoU6AzXz+4dACg1s4K 7F9j3wsH0H+FRSDUG7q8KgA= =b7J0 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CVE-2014-0053 Information Disclosure when using Grails
CVE-2014-0053 Information Disclosure in Grails applications Severity: Important Vendor: Grails by Pivotal Versions Affected: - Grails 2.0.0 to 2.3.5 Description: The Grails resources plug-in, a default dependency of Grails since 2.0.0, does not block access to resources located under /WEB-INF by default. This means that both configuration files and class files are publicly accessible when they should be private. Mitigation: Users of affected versions should apply one of the following mitigations: - Upgrade to Grails 2.3.6 and redeploy the application - Configure the resources plugin to block access to /WEB-INF - Prevent access to /WEB-INF in the reverse proxy (if one is used) Possible configuration options to block access to /WEB-INF include adding the following to grails-app/conf/Config.groovy: grails.resources.adhoc.includes = ['/images/**', '/css/**', '/js/**', '/plugins/**'] grails.resources.adhoc.excludes = ['/WEB-INF/**'] Credit: This issue was identified by @Ramsharan065 but was reported publicly to the Grails team via Twitter. Pivotal strongly encourages responsible reporting of security vulnerabilities via secur...@gopivotal.com References: https://twitter.com/Ramsharan065/status/434975409134792704 https://github.com/grails/grails-core/commit/2d5d2a8b3e40111412051dbbeb32eae005fdcf35 http://www.gopivotal.com/security/cve-2014-0054 (may take up to 24 hours to go live) History: 2014-Feb-16: Issue made public 2014-Feb-19: Initial vulnerability report published___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RC Trojan 1.1d (Undetected)
Hi, Just releasing my new achievement. What is?RC Trojan AKA Remote Control trojan which allow the control of a computer remotely in the same network (Lan/Wan). It's build in commercial software so it may take a while to get detected but MD5 may be applied. INFOBasicaly it's an http server and a server routine that executes tasks.All can be easily unveiled... Leave any feedback Download:https://www.mediafire.com/?f6mg1yiyklq6otb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:039 ] libgadu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:039 http://www.mandriva.com/en/support/security/ ___ Package : libgadu Date: February 18, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated libgadu packages fix security vulnerability: A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487 http://advisories.mageia.org/MGASA-2014-0074.html ___ Updated Packages: Mandriva Enterprise Server 5: 65640d78caeb724856896f6ac5f6ccbf mes5/i586/libgadu3-1.8.1-2.2mdvmes5.2.i586.rpm 23e13f92896af06860593ece27a3a2e5 mes5/i586/libgadu-devel-1.8.1-2.2mdvmes5.2.i586.rpm 2c454d07d7d9abb15fddefe39360c38a mes5/SRPMS/libgadu-1.8.1-2.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 4230f0fb619aeccc503dc95ac9e90798 mes5/x86_64/lib64gadu3-1.8.1-2.2mdvmes5.2.x86_64.rpm 69effc40493fd6a8d8bd9c8b6bb560ef mes5/x86_64/lib64gadu-devel-1.8.1-2.2mdvmes5.2.x86_64.rpm 2c454d07d7d9abb15fddefe39360c38a mes5/SRPMS/libgadu-1.8.1-2.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 16f19b3210caefdcb38653f2c8684792 mbs1/x86_64/lib64gadu3-1.11.3-1.mbs1.x86_64.rpm 9301c10131e11e8ea6ff25f3c804acec mbs1/x86_64/lib64gadu-devel-1.11.3-1.mbs1.x86_64.rpm 07ae07079d369cb322c2af5c254bdc66 mbs1/SRPMS/libgadu-1.11.3-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTAzMwmqjQ0CJFipgRAgx7AKC97Rp24wtYVDJF8WS+euFGuxn7AgCgv4Iu vqtuOjddAPUAm08Wd2GVxBE= =0QwI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:040 ] puppet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:040 http://www.mandriva.com/en/support/security/ ___ Package : puppet Date: February 18, 2014 Affected: Business Server 1.0 ___ Problem Description: A vulnerability has been discovered and corrected in puppet: Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files (CVE-2013-4969). The updated packages have been upgraded to the 2.7.25 version which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969 http://puppetlabs.com/security/cve/cve-2013-4969 ___ Updated Packages: Mandriva Business Server 1/X86_64: 8133fbfdbcc614462c9bf1de4d78ab91 mbs1/x86_64/emacs-puppet-2.7.25-1.mbs1.noarch.rpm 37233dc91400c1e66f59e885d2ebcb84 mbs1/x86_64/puppet-2.7.25-1.mbs1.noarch.rpm f9f247c47e51419f58bc7b3369f9d34e mbs1/x86_64/puppet-server-2.7.25-1.mbs1.noarch.rpm cbea4853816a9ab3b7ea9fc8faa5b44a mbs1/x86_64/vim-puppet-2.7.25-1.mbs1.noarch.rpm 427a3f6bf5b8da3b22c1c4fa3f21ed88 mbs1/SRPMS/puppet-2.7.25-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTA1SJmqjQ0CJFipgRAlgzAJ9LB9BIaJxoGdjimFPnTdsGOcsZnwCfQO1K GpM/NHQ21v8mzdm5qCD0wkE= =kEQX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:035 ] libpng
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:035 http://www.mandriva.com/en/support/security/ ___ Package : libpng Date: February 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated libpng and libpng12 packages fix security vulnerability: The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c (CVE-2013-6954). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954 http://advisories.mageia.org/MGASA-2014-0075.html ___ Updated Packages: Mandriva Enterprise Server 5: 9e459a55c761870ca6b40a12b3d36d66 mes5/i586/libpng3-1.2.31-2.8mdvmes5.2.i586.rpm de27e436523a787cee10ad4318b3c6dd mes5/i586/libpng-devel-1.2.31-2.8mdvmes5.2.i586.rpm dfae88ae67434fb8d6926d747895dae8 mes5/i586/libpng-source-1.2.31-2.8mdvmes5.2.i586.rpm 3b3d03da06f07f56075853827a2dacdb mes5/i586/libpng-static-devel-1.2.31-2.8mdvmes5.2.i586.rpm 4a2f827b292cdc03f63566eae8c812cd mes5/SRPMS/libpng-1.2.31-2.8mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 3fe33312ba78608e46f63cda12b110db mes5/x86_64/lib64png3-1.2.31-2.8mdvmes5.2.x86_64.rpm 90fa95818ad0d287ef9555edef4a882a mes5/x86_64/lib64png-devel-1.2.31-2.8mdvmes5.2.x86_64.rpm 6b7626467754aed28ca5f77904451567 mes5/x86_64/lib64png-static-devel-1.2.31-2.8mdvmes5.2.x86_64.rpm dd60b577dd6e9ce8b934e25ca4e546c8 mes5/x86_64/libpng-source-1.2.31-2.8mdvmes5.2.x86_64.rpm 4a2f827b292cdc03f63566eae8c812cd mes5/SRPMS/libpng-1.2.31-2.8mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 9237e9d4b379d48a06c8cef5f6153549 mbs1/x86_64/lib64png12_0-1.2.49-2.1.mbs1.x86_64.rpm dc285e45a37d56f3846eb390a861f4db mbs1/x86_64/lib64png12-devel-1.2.49-2.1.mbs1.x86_64.rpm df04f10a3f6444219d39ab0dae2dc5eb mbs1/x86_64/lib64png15_15-1.5.10-2.1.mbs1.x86_64.rpm d47b514f7851a4bcfad6b5e63e6b6454 mbs1/x86_64/lib64png-devel-1.5.10-2.1.mbs1.x86_64.rpm fda6b6933c420961f4cdaf8a7d82e986 mbs1/SRPMS/libpng12-1.2.49-2.1.mbs1.src.rpm 03558969532f7161705ef96cef74b019 mbs1/SRPMS/libpng-1.5.10-2.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTAd0ymqjQ0CJFipgRAvVZAKCFN8Mi8xxQmTF9tqO+IJKcYFYk4wCgluTx yzTHgzcGw5oVSkHvJLImowk= =uhOm -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:036 ] varnish
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:036 http://www.mandriva.com/en/support/security/ ___ Package : varnish Date: February 17, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated varnish packages fix security vulnerabilities: Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI (CVE-2013-4484). Also, the services have been converted from SysV init scripts to systemd-native services, which should allow for more consistent behavior. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484 http://advisories.mageia.org/MGASA-2014-0065.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 6000b9509f578e6ea82e6d3b1644b4f2 mbs1/x86_64/lib64varnish1-3.0.3-0.2.mbs1.x86_64.rpm 815b13bbbdab794e2b93dc4506424d6c mbs1/x86_64/lib64varnish-devel-3.0.3-0.2.mbs1.x86_64.rpm 56decba0182e274354a9abb7b18432e6 mbs1/x86_64/varnish-3.0.3-0.2.mbs1.x86_64.rpm 677e6e2ed82db3e64b6ed07bf03258e3 mbs1/SRPMS/varnish-3.0.3-0.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTAhKOmqjQ0CJFipgRAujTAKCGmfMzeDx9PxP7MKyrc9PFB6METwCeMxTj ctxFW9n8yI8AifPeqA0JVrY= =VqTb -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:037 ] ffmpeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:037 http://www.mandriva.com/en/support/security/ ___ Package : ffmpeg Date: February 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated ffmpeg packages fix security vulnerabilities: This updates provides ffmpeg version 0.5.13 and 0.10.11, which fixes several unspecified security vulnerabilities and other bugs which were corrected upstream. ___ References: http://www.ffmpeg.org/security.html http://git.videolan.org/?p=ffmpeg.git;a=log;h=n0.5.13 http://git.videolan.org/?p=ffmpeg.git;a=log;h=n0.10.11 http://advisories.mageia.org/MGASA-2014-0065.html ___ Updated Packages: Mandriva Enterprise Server 5: 7742b0588624f60c376be19b4d89a8fd mes5/i586/ffmpeg-0.5.13-0.1mdvmes5.2.i586.rpm c14a0eb8817bae066df5373687b5d0d6 mes5/i586/libavformats52-0.5.13-0.1mdvmes5.2.i586.rpm 9ecf8648a04938937a8faea452f6d497 mes5/i586/libavutil49-0.5.13-0.1mdvmes5.2.i586.rpm c458420fb9e790aa41d8abf748692c2e mes5/i586/libffmpeg52-0.5.13-0.1mdvmes5.2.i586.rpm eced4907f2997e3f4ca5d1dee2b62016 mes5/i586/libffmpeg-devel-0.5.13-0.1mdvmes5.2.i586.rpm 72bb5e239cafa24058549dea4bdc8f49 mes5/i586/libffmpeg-static-devel-0.5.13-0.1mdvmes5.2.i586.rpm 7ecee41b7b2815b0823a8658ca06 mes5/i586/libpostproc51-0.5.13-0.1mdvmes5.2.i586.rpm 12d20764ba57fbf71ee9654a4eb64d3f mes5/i586/libswscaler0-0.5.13-0.1mdvmes5.2.i586.rpm 6e96bd5abc38a8a8f58a196af556f806 mes5/SRPMS/ffmpeg-0.5.13-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 1624df142a467f3a3de4955dd810a1ce mes5/x86_64/ffmpeg-0.5.13-0.1mdvmes5.2.x86_64.rpm d60b7b155f3ae1f90232ecd32ab5d391 mes5/x86_64/lib64avformats52-0.5.13-0.1mdvmes5.2.x86_64.rpm 595dab63bbec115366304d565b86aeb1 mes5/x86_64/lib64avutil49-0.5.13-0.1mdvmes5.2.x86_64.rpm adabce9fedc7086f039626437b7a8004 mes5/x86_64/lib64ffmpeg52-0.5.13-0.1mdvmes5.2.x86_64.rpm 1816cb6946b0f3548c0c424858c51340 mes5/x86_64/lib64ffmpeg-devel-0.5.13-0.1mdvmes5.2.x86_64.rpm 9466173717a6bb74ac05aff1baf255a8 mes5/x86_64/lib64ffmpeg-static-devel-0.5.13-0.1mdvmes5.2.x86_64.rpm b6eb83c3ee6aebf979475f85bffde920 mes5/x86_64/lib64postproc51-0.5.13-0.1mdvmes5.2.x86_64.rpm 52fbf256d72995e157a1cbacf70a4218 mes5/x86_64/lib64swscaler0-0.5.13-0.1mdvmes5.2.x86_64.rpm 6e96bd5abc38a8a8f58a196af556f806 mes5/SRPMS/ffmpeg-0.5.13-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 9264f9935448582010c136761e90550c mbs1/x86_64/ffmpeg-0.10.11-1.mbs1.x86_64.rpm ff6207bacb56aac2f6a298c2bde79b33 mbs1/x86_64/lib64avcodec53-0.10.11-1.mbs1.x86_64.rpm 3b9202057b4f48eb3d3c4a7041af79ae mbs1/x86_64/lib64avfilter2-0.10.11-1.mbs1.x86_64.rpm 02eb33c9845ffd1bb85f01689e5f7831 mbs1/x86_64/lib64avformat53-0.10.11-1.mbs1.x86_64.rpm 63ef87449b5f5941b503fed7b81444f6 mbs1/x86_64/lib64avutil51-0.10.11-1.mbs1.x86_64.rpm 9adeeb722da49ad90998df4070f284e0 mbs1/x86_64/lib64ffmpeg-devel-0.10.11-1.mbs1.x86_64.rpm cd2e95670c3f87abca0601de3f89e53b mbs1/x86_64/lib64ffmpeg-static-devel-0.10.11-1.mbs1.x86_64.rpm 339ee84802d8662336596cbac58eee43 mbs1/x86_64/lib64postproc52-0.10.11-1.mbs1.x86_64.rpm 98ee40b039272a3e2fc8b13c59c530ff mbs1/x86_64/lib64swresample0-0.10.11-1.mbs1.x86_64.rpm beaa3a178f877b0b2122ec8f24261448 mbs1/x86_64/lib64swscaler2-0.10.11-1.mbs1.x86_64.rpm a0c84e846e09588c4194ec665745b984 mbs1/SRPMS/ffmpeg-0.10.11-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTAh1DmqjQ0CJFipgRAsDrAJ0WKhyBoo611fOC5M8yN9qqcPD3rACeJ7jz m+V0nwlGpKVgBHjhe1cjYdk= =xoRs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored
[Full-disclosure] [ MDVSA-2014:038 ] kernel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:038 http://www.mandriva.com/en/support/security/ ___ Package : kernel Date: February 17, 2014 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in the Linux kernel: The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter (CVE-2014-0038). The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application (CVE-2014-1438). The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call (CVE-2014-1446). The updated packages provides a solution for these security issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446 ___ Updated Packages: Mandriva Business Server 1/X86_64: d1faf9544075ff4790e29edd6e7061f6 mbs1/x86_64/cpupower-3.4.80-1.1.mbs1.x86_64.rpm 3498721d639bf646ed55e2903ce728e4 mbs1/x86_64/kernel-firmware-3.4.80-1.1.mbs1.noarch.rpm f9927f4b1512a26d874a82a99636fb09 mbs1/x86_64/kernel-firmware-3.4.80-1.1.mbs1.src.rpm e874467839b96e04bebd0c5b24f31fc3 mbs1/x86_64/kernel-headers-3.4.80-1.1.mbs1.src.rpm 208f74225f3d18189a871ac308c8df5b mbs1/x86_64/kernel-headers-3.4.80-1.1.mbs1.x86_64.rpm e1f82c2b50db46cdb4db2daa933f7173 mbs1/x86_64/kernel-server-3.4.80-1.1.mbs1.x86_64.rpm ed0d8eed6c61553e73121117bcfc978f mbs1/x86_64/kernel-server-devel-3.4.80-1.1.mbs1.x86_64.rpm 00ca38d2289182149e8f43c6871711e8 mbs1/x86_64/kernel-source-3.4.80-1.mbs1.noarch.rpm 429b6e48ee63a03a83577a710bc5368d mbs1/x86_64/lib64cpupower0-3.4.80-1.1.mbs1.x86_64.rpm a6e3898905be2a8d7ded39a5312f7670 mbs1/x86_64/lib64cpupower-devel-3.4.80-1.1.mbs1.x86_64.rpm 086bc3e49adec4147aa1138ae5d5245c mbs1/x86_64/perf-3.4.80-1.1.mbs1.x86_64.rpm f5a65feb515d65f9f1f526f6294af2c3 mbs1/SRPMS/cpupower-3.4.80-1.1.mbs1.src.rpm 56fafb86f60233b29fcd8d42d35e4678 mbs1/SRPMS/kernel-server-3.4.80-1.1.mbs1.src.rpm 715647161acd9ec082c0a2fef0f35fc3 mbs1/SRPMS/kernel-source-3.4.80-1.mbs1.src.rpm cc72e360fa32823a575d1c9536fdecc3 mbs1/SRPMS/perf-3.4.80-1.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTAiBGmqjQ0CJFipgRAiryAKCz6vqRlzaZ+l0B6QyuMb95i8UVoACgjAGx F7TlfjN081P00FfeKN47Je4= =osPP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com)
= INTERNET SECURITY AUDITORS ALERT 2014-001 - Original release date: February 4, 2014 - Last revised: February 4, 2014 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Scored) - CVE-ID: - = I. VULNERABILITY - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com). II. BACKGROUND - Boxcryptor is an easy-to-use encryption software optimized for the cloud. It allows the secure use of cloud storage services without sacrificing comfort. Boxcryptor supports all major cloud storage providers (such as Dropbox, Google Drive, Microsoft SkyDrive, SugarSync) and supports all the clouds that use the WebDAV standard (such as Cubby, Strato HiDrive, and ownCloud). III. DESCRIPTION - Has been detected a XSS vulnerability in www.boxcryptor.com. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page. IV. PROOF OF CONCEPT - Next, we show a typical request to save changes in My Account option: POST /app/user/modify/userID HTTP/1.1 Host: www.boxcryptor.com ... firstname=firstnamelastname=lastnameusername=email_newsletter= where: - userID is a numeric user ID generated by boxcryptor - firstname is the firstname specified by the user - lastname is the lastname specified by the user - email is the email address specified by the user A malicious user can inject arbitrary HTML/script code in the email parameter. For example: POST /app/user/modify/3805739018726483071 HTTP/1.1 Host: www.boxcryptor.com ... firstname=Johnlastname=Smithusername=johnsm...@gmail.comH1centerThis+is+a+XSS+example/center/H1_newsletter= V. BUSINESS IMPACT - An attacker can execute arbitrary HTML or script code in a targeted user's browser. This can leverage to steal sensitive information as user credentials, personal data, etc. VI. SYSTEMS AFFECTED - www.boxcryptor.com VII. SOLUTION - - VIII. REFERENCES - http://www.isecauditors.com http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) IX. CREDITS - This vulnerability has been discovered by Vicente Aguilera Diaz (vaguilera (at) isecauditors (dot) com). X. REVISION HISTORY - February 4, 2014: Initial release XI. DISCLOSURE TIMELINE - February 4, 2014: Discovered by Internet Security Auditors February 6, 2014: Contact with the developer team February 10, 2014: Confirmed by vendor February 10, 2014: Vendor deployed a new version February 13, 2014: Internet Security Auditors release the advisory XII. LEGAL NOTICES - The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise. Internet Security Auditors accepts no responsibility for any damage caused by the use or misuse of this information. XIII. ABOUT - Internet Security Auditors is a Spain based leader in web application testing, network security, penetration testing, security compliance implementation and assessing. Our clients include some of the largest companies in areas such as finance, telecommunications, insurance, ITC, etc. We are vendor independent provider with a deep expertise since 2001. Our efforts in RD include vulnerability research, open security project collaboration and whitepapers, presentations and security events participation and promotion. For further information regarding our security services, contact us. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:031 ] drupal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:031 http://www.mandriva.com/en/support/security/ ___ Package : drupal Date: February 14, 2014 Affected: Business Server 1.0 ___ Problem Description: Multiple security issues was identified and fixed in drupal: The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors (CVE-2014-1475). The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page (CVE-2014-1476). The updated packages has been upgraded to the 7.26 version which is unaffected by these security flaws. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1476 https://drupal.org/SA-CORE-2014-001 ___ Updated Packages: Mandriva Business Server 1/X86_64: 1561765f33c6a67a7b63ecbc783a8e68 mbs1/x86_64/drupal-7.26-1.mbs1.noarch.rpm 5d8bb1fedd2fc2acfe50272dbc57dc50 mbs1/x86_64/drupal-mysql-7.26-1.mbs1.noarch.rpm 6f4d6b410161ef37d36e055b75ac61bf mbs1/x86_64/drupal-postgresql-7.26-1.mbs1.noarch.rpm 614f9cb70cbb955f445bbb3fc77dc819 mbs1/x86_64/drupal-sqlite-7.26-1.mbs1.noarch.rpm 34636e9e6743b2b8e1e3e4c46156eb6c mbs1/SRPMS/drupal-7.26-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS/g4OmqjQ0CJFipgRAnyuAKCuYKaLOPAPFDMASVzfPls126i77gCgqb64 GSilzcyyvrDTv2pvUEk/ooY= =IgHR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:032 ] flite
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:032 http://www.mandriva.com/en/support/security/ ___ Package : flite Date: February 14, 2014 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in flite: The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information (CVE-2014-0027). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0027 ___ Updated Packages: Mandriva Business Server 1/X86_64: 9ff31a7d8198f78a479e6b61df16e65a mbs1/x86_64/flite-1.3-2.1.mbs1.x86_64.rpm 27f5093dfbae9b8632064a117229a5ff mbs1/x86_64/lib64flite-devel-1.3-2.1.mbs1.x86_64.rpm 1a7c3036c885f25f810cd61a8fef93b8 mbs1/SRPMS/flite-1.3-2.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS/g7tmqjQ0CJFipgRAlH3AJsEAY9WoBk/6vXfc777bnO/wmfz4wCgkceT ME9lIRmMcBhgbZisJLF9qms= =UWue -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:033 ] socat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:033 http://www.mandriva.com/en/support/security/ ___ Package : socat Date: February 14, 2014 Affected: Business Server 1.0 ___ Problem Description: A vulnerability has been discovered and corrected in socat: Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line (CVE-2014-0019). The updated packages have been upgraded to the 1.7.2.3 version which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0019 http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt ___ Updated Packages: Mandriva Business Server 1/X86_64: 556abad28fdb5cc80a15ff69790f4487 mbs1/x86_64/socat-1.7.2.3-1.mbs1.x86_64.rpm 4174e565e7144f2e37712c97163e8292 mbs1/SRPMS/socat-1.7.2.3-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS/hAYmqjQ0CJFipgRAhMEAKDMEcdwHBt5zIul+3JpAHc0hxIJFwCfaunk ncmqVSK6cQLcTIN5dFoju5Q= =BAB9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:034 ] yaml
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:034 http://www.mandriva.com/en/support/security/ ___ Package : yaml Date: February 14, 2014 Affected: Business Server 1.0 ___ Problem Description: A vulnerability has been discovered and corrected in yaml: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow (CVE-2013-6393). The updated packages have been upgraded to the 0.1.5 version which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393 https://bitbucket.org/xi/libyaml/commits/tag/0.1.5 ___ Updated Packages: Mandriva Business Server 1/X86_64: 1e4b37eb517ff916bc1a4079fc67644c mbs1/x86_64/lib64yaml0_2-0.1.5-1.mbs1.x86_64.rpm 3ef60ab7c95691aafd2cbba52d04da9e mbs1/x86_64/lib64yaml-devel-0.1.5-1.mbs1.x86_64.rpm 1198a9d1904527bb54428bd0aff0 mbs1/SRPMS/yaml-0.1.5-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS/hELmqjQ0CJFipgRAn0DAJ9msFRiVQ4jseh/oDdDEtvt3QBXuQCfXMy3 YbR3rskDEyaQwTexrQXgviY= =Y0UW -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:028 ] mariadb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:028 http://www.mandriva.com/en/support/security/ ___ Package : mariadb Date: February 13, 2014 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in mariadb: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string (CVE-2014-0001). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB (CVE-2014-0412). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer (CVE-2014-0437). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling (CVE-2013-5908). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication (CVE-2014-0420). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB (CVE-2014-0393). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition (CVE-2013-5891). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer (CVE-2014-0386). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors (CVE-2014-0401). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking (CVE-2014-0402). The updated packages have been upgraded to the 5.5.35 version which is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html https://mariadb.com/kb/en/mariadb-5535-release-notes/ ___ Updated Packages: Mandriva Business Server 1/X86_64: c4506e2f821bb960753f87e0e4ae358e mbs1/x86_64/lib64mariadb18-5.5.35-1.mbs1.x86_64.rpm 0aabce801de937cf7d0b6e370337ee59 mbs1/x86_64/lib64mariadb-devel-5.5.35-1.mbs1.x86_64.rpm ebec92fb0f77f15039c75970da2fb016 mbs1/x86_64/lib64mariadb-embedded18-5.5.35-1.mbs1.x86_64.rpm 5cbc3bef79b6088611b8e9d949721ca1 mbs1/x86_64/lib64mariadb-embedded-devel-5.5.35-1.mbs1.x86_64.rpm 1aec9579d6bb0c9846bcc19ff6d77d64 mbs1/x86_64/mariadb-5.5.35-1.mbs1.x86_64.rpm a727ddd8d4b38a5423d1f996a77b37a9 mbs1/x86_64/mariadb-bench-5.5.35-1.mbs1.x86_64.rpm 6322005c7cca10c2b069a31c68f74bca mbs1/x86_64/mariadb-client-5.5.35-1.mbs1.x86_64.rpm 39a528d1e4ea9bd4e070229f69af0097 mbs1/x86_64/mariadb-common-5.5.35-1.mbs1.x86_64.rpm ba9f6a9adf6e054851c8cb0b4c97480c mbs1/x86_64/mariadb-common-core-5.5.35-1.mbs1.x86_64.rpm 11a4d25702a5e780d450dd6b0879cc95 mbs1/x86_64/mariadb-core-5.5.35-1.mbs1.x86_64.rpm
[Full-disclosure] [ MDVSA-2014:029 ] mysql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:029 http://www.mandriva.com/en/support/security/ ___ Package : mysql Date: February 13, 2014 Affected: Enterprise Server 5.0 ___ Problem Description: A vulnerabilitt has been discovered and corrected in mysql: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string (CVE-2014-0001). NOTE: Other security issues covered by http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html was resolved 2013-12-20 with the MDVA-2013:015 advisory. The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001 ___ Updated Packages: Mandriva Enterprise Server 5: 3e7f762ebd20b104be59606563fd5c65 mes5/i586/libmysql16-5.1.73-0.2mdvmes5.2.i586.rpm 35eda70bf68702f50a130ef6421af094 mes5/i586/libmysql-devel-5.1.73-0.2mdvmes5.2.i586.rpm f8ef81c51c155a5d48a79f0fee631282 mes5/i586/libmysql-static-devel-5.1.73-0.2mdvmes5.2.i586.rpm c4f11d0f51d268d9c0d3133f6cbfdd63 mes5/i586/mysql-5.1.73-0.2mdvmes5.2.i586.rpm 99e1ad003d1832901c6b8ff29125 mes5/i586/mysql-bench-5.1.73-0.2mdvmes5.2.i586.rpm 25d64aaae3a2646cde20f64a1c61991f mes5/i586/mysql-client-5.1.73-0.2mdvmes5.2.i586.rpm b69a649a8893716cf2028a3bffc05e32 mes5/i586/mysql-common-5.1.73-0.2mdvmes5.2.i586.rpm 610acab526a5a7e69b17ee9634480670 mes5/SRPMS/mysql-5.1.73-0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: b27bd2681a3e70d7679ab7b6bdfabd31 mes5/x86_64/lib64mysql16-5.1.73-0.2mdvmes5.2.x86_64.rpm 4c8580411e4594aa941dbe9cd35acc01 mes5/x86_64/lib64mysql-devel-5.1.73-0.2mdvmes5.2.x86_64.rpm 237a2e303a1f611f8c7d0ecdbe833a98 mes5/x86_64/lib64mysql-static-devel-5.1.73-0.2mdvmes5.2.x86_64.rpm f79e0b73e6c669d1c6adcdb721ebbbe6 mes5/x86_64/mysql-5.1.73-0.2mdvmes5.2.x86_64.rpm 094b24a008e3a69a551f88d1dcd914a0 mes5/x86_64/mysql-bench-5.1.73-0.2mdvmes5.2.x86_64.rpm 6604c2587782b07327796ec066e6a01b mes5/x86_64/mysql-client-5.1.73-0.2mdvmes5.2.x86_64.rpm 0a1f999bffa7a4337a48c112b98a9af9 mes5/x86_64/mysql-common-5.1.73-0.2mdvmes5.2.x86_64.rpm 610acab526a5a7e69b17ee9634480670 mes5/SRPMS/mysql-5.1.73-0.2mdvmes5.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS/QAzmqjQ0CJFipgRAtDjAJ4jP5XhjWZtjLGVWp0sYBjdlI/oewCgw8xp vDC2lkwnvbO7kWvd/4+6nSY= =LeRx -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:026 ] openldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:026 http://www.mandriva.com/en/support/security/ ___ Package : openldap Date: February 12, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in openldap: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search (CVE-2013-4449). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449 ___ Updated Packages: Mandriva Enterprise Server 5: f6f47a0a0de36f77454b42b7d67cad11 mes5/i586/libldap2.4_2-2.4.11-3.6mdvmes5.2.i586.rpm 6ef1ee5fae026d70c3a940b597c2899c mes5/i586/libldap2.4_2-devel-2.4.11-3.6mdvmes5.2.i586.rpm cff64c1d004f5dcadf58893f54bd2b79 mes5/i586/libldap2.4_2-static-devel-2.4.11-3.6mdvmes5.2.i586.rpm 4bc668febb73c0ce41d928f6bc66aead mes5/i586/openldap-2.4.11-3.6mdvmes5.2.i586.rpm 3c22bef679a50ecaf3ea705089b3b787 mes5/i586/openldap-clients-2.4.11-3.6mdvmes5.2.i586.rpm 5bda4d05eb3c630b915aebde7c80410c mes5/i586/openldap-doc-2.4.11-3.6mdvmes5.2.i586.rpm 95e6338873c0b3643cf0983bcd82a933 mes5/i586/openldap-servers-2.4.11-3.6mdvmes5.2.i586.rpm dea70a29075de07ca438417e5b775856 mes5/i586/openldap-testprogs-2.4.11-3.6mdvmes5.2.i586.rpm 0ad5f08372fb554fff145b9f202f8845 mes5/i586/openldap-tests-2.4.11-3.6mdvmes5.2.i586.rpm 8358868a61a01b5204d032d9674e5728 mes5/SRPMS/openldap-2.4.11-3.6mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 9ac984f57b49bcac9c244dcb2ea25f82 mes5/x86_64/lib64ldap2.4_2-2.4.11-3.6mdvmes5.2.x86_64.rpm ad204d57a8e77c683b18fb57db9df223 mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.6mdvmes5.2.x86_64.rpm 0101675decfd5db7f4bcdd2e205e5533 mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.6mdvmes5.2.x86_64.rpm 924c8eb8dce5616f72cfd1c74ec3ffc0 mes5/x86_64/openldap-2.4.11-3.6mdvmes5.2.x86_64.rpm b5483d5352e88095541aa4289c3f762b mes5/x86_64/openldap-clients-2.4.11-3.6mdvmes5.2.x86_64.rpm b2067967b6d3b3eb1a4536b76e8b2052 mes5/x86_64/openldap-doc-2.4.11-3.6mdvmes5.2.x86_64.rpm 6b328f09e078fbcdf8138f60eeb0c3c1 mes5/x86_64/openldap-servers-2.4.11-3.6mdvmes5.2.x86_64.rpm 9517f66ee97e0db3099135fff5c07a19 mes5/x86_64/openldap-testprogs-2.4.11-3.6mdvmes5.2.x86_64.rpm 70b08cd0c8d45322bba7bfbdba2cf202 mes5/x86_64/openldap-tests-2.4.11-3.6mdvmes5.2.x86_64.rpm 8358868a61a01b5204d032d9674e5728 mes5/SRPMS/openldap-2.4.11-3.6mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 1fbea4ddae49067310f9d52862186f12 mbs1/x86_64/lib64ldap2.4_2-2.4.33-2.1.mbs1.x86_64.rpm 3bed34f442d7d99ca6770a0aa334bf0e mbs1/x86_64/lib64ldap2.4_2-devel-2.4.33-2.1.mbs1.x86_64.rpm a10e56dc0d771e8da27059c0d84966fe mbs1/x86_64/lib64ldap2.4_2-static-devel-2.4.33-2.1.mbs1.x86_64.rpm df4a9a4436890707a76fe41c16999800 mbs1/x86_64/openldap-2.4.33-2.1.mbs1.x86_64.rpm 32fd4c412cf89d78e0887734bce10d36 mbs1/x86_64/openldap-clients-2.4.33-2.1.mbs1.x86_64.rpm 958f98530f1119e48d8f6f224d01ca6a mbs1/x86_64/openldap-doc-2.4.33-2.1.mbs1.x86_64.rpm b75dca39829dbca00adc0884e2ca6fbf mbs1/x86_64/openldap-servers-2.4.33-2.1.mbs1.x86_64.rpm 8c4e2d2ef7e480d05ebcf9655adf2a94 mbs1/x86_64/openldap-testprogs-2.4.33-2.1.mbs1.x86_64.rpm 193e318abe419a0689144bf7af70ade6 mbs1/x86_64/openldap-tests-2.4.33-2.1.mbs1.x86_64.rpm 4ebfb4dcbb423c34c48e03e61c96507a mbs1/SRPMS/openldap-2.4.33-2.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS
[Full-disclosure] [Security-news] SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)
View online: https://drupal.org/node/2194621 * Advisory ID: DRUPAL-SA-CONTRIB-2014-014 * Project: Webform Validation [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-February-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - The Webform Validation module enables you to add additional form validation rules to Webforms created by the Webform module. The module doesn't sufficiently filter component name text before display, opening up the possibility of cross site scripting. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to edit Webform content. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Webform Validation 6.x-1.x versions prior to 6.x-1.6. * Webform Validation 7.x-1.x versions prior to 7.x-1.4. Drupal core is not affected. If you do not use the contributed Webform Validation [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Webform Validation module for Drupal 6.x, upgrade to Webform Validation 6.x-1.6 [5]. * If you use the Webform Validation module for Drupal 7.x, upgrade to Webform Validation 7.x-1.4 [6]. The only changes in these new versions are the fixes for this issue. Also see the Webform Validation [7] project page. REPORTED BY - * Maurits Lawende [8] FIXED BY * Maurits Lawende [9] * Liam Morland [10] the module maintainer COORDINATED BY -- * Stella Power [11] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [16] [1] http://drupal.org/project/webform_validation [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/webform_validation [5] https://drupal.org/node/2194011 [6] https://drupal.org/node/2194013 [7] http://drupal.org/project/webform_validation [8] https://drupal.org/user/243897 [9] https://drupal.org/user/243897 [10] https://drupal.org/user/493050 [11] https://drupal.org/user/66894 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass
View online: https://drupal.org/node/2194589 * Advisory ID: DRUPAL-SA-CONTRIB-2014-013 * Project: Chaos tool suite (ctools) [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-02-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - This module provides content editors with an autocomplete callback for entity titles, as well as an ability to embed content within the Chaos tool suite (ctools) framework. Prior to this version, ctools did not sufficiently check access grants for various types of content other than nodes. It also didn't sufficiently check access before displaying content with the relationship plugin. These vulnerabilities are mitigated by the fact that you must be using entities other than node or users for the autocomplete callback, or you must be using the relationship plugin and displaying the content (e.g. in panels). CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Chaos tool suite (ctools) 6.x-1.x versions prior to 6.x-1.11. * Chaos tool suite (ctools) 7.x-1.x versions prior to 7.x-1.4. Drupal core is not affected. If you do not use the contributed Chaos tool suite (ctools) [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Chaos tool suite module for Drupal 6.x, upgrade to ctools 6.x-1.11 [5] * If you use the Chaos tool suite module for Drupal 7.x, upgrade to ctools 7.x-1.4 [6] Also see the Chaos tool suite (ctools) [7] project page. REPORTED BY - * Tim Wood [8] * Heine Deelstra [9] of the Drupal Security Team FIXED BY * Jakob Perry [10] the module maintainer * David Snopek [11] COORDINATED BY -- * Peter Wolanin [12] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [13]. Learn more about the Drupal Security team and their policies [14], writing secure code for Drupal [15], and securing your site [16]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [17] [1] http://drupal.org/project/ctools [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/ctools [5] https://drupal.org/node/2194547 [6] https://drupal.org/node/2194551 [7] http://drupal.org/project/ctools [8] https://drupal.org/user/457434 [9] https://drupal.org/user/17943 [10] https://drupal.org/user/45640 [11] https://drupal.org/user/266527 [12] http://drupal.org/user/49851 [13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-015 - FileField - Access Bypass
View online: https://drupal.org/node/2194639 * Advisory ID: DRUPAL-SA-CONTRIB-2014-015 * Project: FileField [1] (third-party module) * Version: 6.x * Date: 2014-02-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - FileField module allows users to upload files with in conjunction with the Content Construction Kit (CCK) module in Drupal 6. The module doesn't sufficiently check permissions on revisions when determining if a user should have access to a particular file attached to that revision. A user could gain access to private files attached to revisions when they don't have access to the corresponding revision. This vulnerability is mitigated by the fact that an attacker must have access to upload files through FileField module while creating content, and the site must be using a non-core workflow module that allows users to create unpublished revisions of content. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * FileField 6.x-3.x versions prior to 6.x-3.12. Drupal core is not affected. If you do not use the contributed FileField [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the FileField module for Drupal 6.x, upgrade to FileField 6.x-3.12 [5] Also see the FileField [6] project page. REPORTED BY - * Stella Power [7] of the Drupal Security Team FIXED BY * Nate Haug [8] the module maintainer * Stella Power [9] of the Drupal Security Team COORDINATED BY -- * Lee Rowlands [10] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [11]. Learn more about the Drupal Security team and their policies [12], writing secure code for Drupal [13], and securing your site [14]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [15] [1] http://drupal.org/project/filefield [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/filefield [5] https://drupal.org/node/2194103 [6] http://drupal.org/project/filefield [7] https://drupal.org/user/66894 [8] https://drupal.org/user/35821 [9] https://drupal.org/user/66894 [10] https://drupal.org/user/395439 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration [15] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability
View online: https://drupal.org/node/2194135 * Advisory ID: DRUPAL-SA-CONTRIB-2014-016 * Project: MAYO [1] (third-party theme) * Version: 7.x * Date: 2014-02-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - The theme settings allow you to link to a header background file. A URL could be entered that was not properly sanitized leading to XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission administer themes. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * MAYO Theme 7.x-1.x versions prior to 7.x-1.3. Drupal core is not affected. If you do not use the contributed MAYO [4] theme, there is nothing you need to do. SOLUTION Install the latest version: * If you use the theme MAYO for Drupal 7.x, upgrade to MAYO 7.x-1.3 [5] Also see the MAYO [6] project page. REPORTED BY - * Dennis Walgaard [7] FIXED BY * Dennis Walgaard [8] * John Powell [9] the theme maintainer COORDINATED BY -- * Rick Manelius [10] provisional member of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [11]. Learn more about the Drupal Security team and their policies [12], writing secure code for Drupal [13], and securing your site [14]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [15] [1] http://drupal.org/project/mayo [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/mayo [5] https://drupal.org/node/2193987 [6] http://drupal.org/project/mayo [7] http://drupal.org/user/883702 [8] http://drupal.org/user/883702 [9] http://drupal.org/user/797068 [10] http://drupal.org/user/680072 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration [15] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)
View online: https://drupal.org/node/2194655 * Advisory ID: DRUPAL-SA-CONTRIB-2014-017 * Project: Image Resize Filter [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-February-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Denial of Service (DOS) DESCRIPTION - This module enables you to resize images based on the HTML contents of a post. Images with specified height and width properties that differ from the original image result in a resized image being created. The module doesn't limit the number of resized images per post or user, which could allow a user to post a large number of images that need to be resized within a single piece of content. This could cause the server to become overwhelmed by requests to resize images. This vulnerability is mitigated by the fact that an attacker must have a role that allows them to post content that utilizes the image resize filter. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Image Resize Filter 6.x-1.x versions prior to 6.x-1.14. * Image Resize Filter 7.x-1.x versions prior to 7.x-1.14. Drupal core is not affected. If you do not use the contributed Image Resize Filter [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Image Resize Filter module for Drupal 6.x, upgrade to Image Resize Filter 6.x-1.14 [5] * If you use the Image Resize Filter module for Drupal 7.x, upgrade to Image Resize Filter 7.x-1.14 [6] Also see the Image Resize Filter [7] project page. REPORTED BY - * Dave Hansen-Lange [8] FIXED BY * Dave Hansen-Lange [9] * Nate Haug [10] the module maintainer COORDINATED BY -- * Greg Knaddison [11] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [16] [1] http://drupal.org/project/image_resize_filter [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/image_resize_filter [5] https://drupal.org/node/2194063 [6] https://drupal.org/node/2194065 [7] http://drupal.org/project/image_resize_filter [8] https://drupal.org/user/18981 [9] https://drupal.org/user/18981 [10] https://drupal.org/user/35821 [11] http://drupal.org/user/36762 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS)
View online: https://drupal.org/node/2194877 * Advisory ID: DRUPAL-SA-CONTRIB-2014-020 * Project: Drupal Commons [1] (third-party distribution) * Version: 7.x * Date: 2014-02-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - Drupal Commons is a ready-to-use solution for building either internal or external communities. It provides a complete social business software solution for organizations. Drupal Commons displays an activity stream containing messages about actions users take on the site. In some cases, messages about content creation are not properly sanitized, leading to cross site scripting in those messages. The vulnerability is mitigated in that only certain kinds of activity stream messages are affected, and not all arbitrary script can be executed. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Drupal Commons 7.x-3.x versions prior to 7.x-3.9. Drupal core is not affected. If you do not use the contributed Drupal Commons [4] distribution, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Drupal 7 Commons distribution, upgrade to Commons 7.x-3.9 [5] Also see the Drupal Commons [6] project page. REPORTED BY - * Grant Gaudet [7] * Jakob Perry [8] FIXED BY * Jakob Perry [9] the project maintainer * Ezra Gildesgame [10] COORDINATED BY -- * Peter Wolanin [11] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [16] [1] http://drupal.org/project/commons [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/commons [5] https://drupal.org/node/2194777 [6] http://drupal.org/project/commons [7] http://drupal.org/user/360002 [8] http://drupal.org/user/45640 [9] http://drupal.org/user/45640 [10] http://drupal.org/user/69959 [11] https://drupal.org/user/49851 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)
View online: https://drupal.org/node/2194671 * Advisory ID: DRUPAL-SA-CONTRIB-2014-018 * Project: Webform [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-February-12 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same form_key, which can only be managed by carefully crafting the webform structure via a specific set of circumstances. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create webform content. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Webform 6.x-3.x versions prior to 6.x-3.19. * Webform 7.x-3.x versions prior to 7.x-3.19. * Webform 7.x-4.x versions prior to 7.x-4.0-beta2. Drupal core is not affected. If you do not use the contributed Webform [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the webform module for Drupal 6.x, upgrade to webform 6.x-3.20 [5] * If you use the webform module for Drupal 7.x-3.x, upgrade to webform 7.x-3.20 [6] * If you use the webform module for Drupal 7.x-4.x, upgrade to webform 7.x-4.0-beta2 [7] Also see the Webform [8] project page. REPORTED BY - * Maurits Lawende [9] FIXED BY * Nate Haug [10] the module maintainer COORDINATED BY -- * Dan Smith [11] and Lee Rowlands [12] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [13]. Learn more about the Drupal Security team and their policies [14], writing secure code for Drupal [15], and securing your site [16]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [17] [1] http://drupal.org/project/webform [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/webform [5] http://drupal.org/node/2194181 [6] http://drupal.org/node/2194183 [7] http://drupal.org/node/2194175 [8] http://drupal.org/project/webform [9] http://drupal.org/user/243897 [10] http://drupal.org/user/35821 [11] http://drupal.org/user/241220 [12] https://drupal.org/user/395439 [13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)
View online: https://drupal.org/node/2194809 * Advisory ID: DRUPAL-SA-CONTRIB-2014-019 * Project: Easy Social [1] (third-party module) * Version: 7.x * Date: 2014-February-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - This module enables you to add social sharing widgets to your content and pages. The module doesn't sufficiently validate block titles when a user creates a custom block from within the module's admin interface. This vulnerability is mitigated by the fact that an attacker must have a role with the permission administer easy social. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Easy Social 7.x-2.x versions prior to 7.x-2.11. Drupal core is not affected. If you do not use the contributed Easy Social [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Easy Social module for Drupal 7.x, upgrade to Easy Social 7.x-2.11 [5] Also see the Easy Social [6] project page. REPORTED BY - * James Davis [7] FIXED BY * Alex Weber [8] the module maintainer COORDINATED BY -- * Lee Rowlands [9] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [14] [1] http://drupal.org/project/easy_social [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/easy_social [5] https://drupal.org/node/2194401 [6] http://drupal.org/project/easy_social [7] http://drupal.org/user/2766355 [8] http://drupal.org/user/850856 [9] http://drupal.org/user/395439 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:025 ] pidgin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:025 http://www.mandriva.com/en/support/security/ ___ Package : pidgin Date: February 11, 2014 Affected: Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in pidgin: The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences (CVE-2012-6152). Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message (CVE-2013-6477). gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip (CVE-2013-6478). util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response (CVE-2013-6479). libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read (CVE-2013-6481). Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header (CVE-2013-6482). The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply (CVE-2013-6483). The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error (CVE-2013-6484). Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data (CVE-2013-6485). gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185 (CVE-2013-6486). Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow (CVE-2013-6487). Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow (CVE-2013-6489). The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow (CVE-2013-6490). The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message (CVE-2014-0020). This update provides pidgin 2.10.9, which is not vulnerable to these issues. Additionally a build problem conserning sqlite3 was discovered and fixed, therefore fixed sqlite3 packages is also provided with this advisory. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484 http://cve.mitre.org/cgi-bin/cvename.cgi
[Full-disclosure] [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail
= INTERNET SECURITY AUDITORS ALERT 2013-014 - Original release date: March 25th, 2013 - Last revised: March 25th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 (CVSSv2 Base Scored) - CVE-ID: CVE-2013-6229 = I. VULNERABILITY - Multiple reflected XSS vulnerabilities in Atmail WebMail. II. BACKGROUND - Atmail allows users to access IMAP Mailboxes of any server of your choice. The software provides a comprehensive email-suite for accessing user mailboxes, and provides an inbuilt Calendar and Addressbook features. The WebMail Client of Atmail supports any existing IMAP server running under Unix/Linux or Windows systems. III. DESCRIPTION - Has been detected multiple reflected XSS vulnerability: 1) in the view attachment message process 2) in the search message with filter process 3) in the delete message process These vulnerabilities allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser. IV. PROOF OF CONCEPT - 1) View attachment message process When a user opens a file attachment in an email, the link is as follows: http://atmail- server/index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/ID/filenameOriginal/fil e where: - atmail-server is the Atmail WebMail server - ID is the unique ID for the message that contains the attachment - file is the attachment file in the message A malicious user can inject arbitrary HTML/script code in the file parameter. For example: http://atmail- server/index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/ID/filenameOriginal/test .txtH1marqueeThis+is+an+XSS+example 2) Search message with filter process When a user search messages with a filter (for example, using the Friends filter), the link is as follows: POST /index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchRes ultsTab5 HTTP/1.1 Host: atmail-server ... searchQuery=goBack=6from=to=subject=body=filter=filter where: - atmail-server is the Atmail WebMail server - filter is the name of the selected filter by the user A malicious user can inject arbitrary HTML/script code in the filter parameter. Also, This POST HTTP Request can become a GET HTTP Request, making it easier to exploit the vulnerability. For example: http://atmail- server/index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/se archResultsTab5?searchQuery=goBack=6from=to=subject=body=filter=friendsH1marqueeThis +is+an+XSS+example 3) Delete message process When a user select and delete a message, the link is as follows: POST /index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash HTTP/1.1Host: atmail-server ... resultContext=messageListlistFolder=INBOXpageNumber=1unseen%5B21%5D=0mailId%5B %5D=MailIDunseen%5B20%5D=0unseen%5B16%5D=0unseen%5B15%5D=0unseen%5B14%5D=0unseen %5B12%5D=0unseen%5B11%5D=0unseen%5B10%5D=0unseen%5B9%5D=0unseen%5B8%5D=0unseen %5B6%5D=0unseen%5B5%5D=0unseen%5B4%5D=0unseen%5B3%5D=0unseen%5B2%5D=0unseen%5B1%5D=0 where: - atmail-server is the Atmail WebMail server - MailID is the identifier (number) of the mail selected by the user A malicious user can inject arbitrary HTML/script code in the MailID parameter. Also, This POST HTTP Request can become a GET HTTP Request, making it easier to exploit the vulnerability. For example: http://atmail-server/index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash? resultContext=messageListlistFolder=INBOXpageNumber=1unseen%5B21%5D=0mailId%5B %5D=H1marqueeThis+is+an+XSS+exampleunseen%5B20%5D=0unseen%5B16%5D=0unseen %5B15%5D=0unseen%5B14%5D=0unseen%5B12%5D=0unseen%5B11%5D=0unseen%5B10%5D=0unseen %5B9%5D=0unseen%5B8%5D=0unseen%5B6%5D=0unseen%5B5%5D=0unseen%5B4%5D=0unseen%5B3%5D=0unseen %5B2%5D=0unseen%5B1%5D=0 V. BUSINESS IMPACT - An attacker can execute arbitrary HTML or script code in a targeted user's browser, this can leverage to steal sensitive information as user credentials, personal data, etc. VI. SYSTEMS AFFECTED - Tested in Atmail 7.0.2. Other versions may be affected too. VII. SOLUTION - - VIII. REFERENCES - http://www.atmail.com http://www.isecauditors.com IX. CREDITS - This vulnerability has been discovered by Vicente Aguilera Diaz (vaguilera (at) isecauditors (dot) com). X. REVISION HISTORY - March 9, 2013: Initial release March 22, 2013: Last revision XI. DISCLOSURE TIMELINE - March 9, 2013: Discovered by Internet Security Auditors March 22, 2013: Advisory updated with new XSS vulnerable resources October08, 2013: Firt contact with developer team October16
Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration
: From: Mark Litchfield mark () securatary com : As previously stated, I would post an update for Ektron CMS bypassing : the security fix. : A full step by step with the usual screen shots can be found at - : http://www.securatary.com/vulnerabilities Uh... you expect people to login to your site with their Facebook or Twitter credentials, to access these advisories? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration
: : From: Mark Litchfield mark () securatary com : : : As previously stated, I would post an update for Ektron CMS bypassing : : the security fix. : : : A full step by step with the usual screen shots can be found at - : : http://www.securatary.com/vulnerabilities : : Uh... you expect people to login to your site with their Facebook or Twitter : credentials, to access these advisories? : : Errr no ?? Use the other option ?? And if you don't want to register, don't : bother !! Links from /vulnerabilities, directly from advisories off the Research page, and even Follow us on Twitter all drop back to a login page asking for authentication using either Facebook or Twitter. This is not the behavior of the site as of 48 hours ago. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration
: This is not the behavior of the site as of 48 hours ago. : Let me check. Normal registration should also be available ? Infact I : will remove the registration. : : The purpose of this whole registration in the first place was to allow : for future postings I am going to make later this week that would only : be available to registered users. Not necessarily vulnerabilities, but : useful stuff for pentesting. Also all registered users would be given : a 48 hours head start on any new vulnerabilities that I post in the : future. Which is great, but I strongly recommend you allow a site-specific registration for such purposes. Giving up one of the two dominant social media accounts for it is excessive. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure
View online: https://drupal.org/node/2187453 * Advisory ID: DRUPAL-SA-CONTRIB-2014-009 * Project: Tagadelic [1] (third-party module) * Version: 6.x * Date: 2014-February-05 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Information Disclosure DESCRIPTION - This module provides an API and a few simple turnkey modules, which allows you to easily create tagclouds, weighted lists, search-clouds and such. The 6.x-1.x version does not account for node access modules, thus leading to information being disclosed. This vulnerability is mitigated by the fact that a site must be using a node access module. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Tagadelic 6.x-1.x versions. Drupal core is not affected. If you do not use the contributed Tagadelic [4] module, there is nothing you need to do. SOLUTION If you use the Tagadelic module for Drupal 6.x, upgrade to Tagadelic 6.x-1.5 [5] and then disable node access modules, such as taxonomy_access and content_access. Also see the Tagadelic [6] project page. REPORTED BY - * Michael Hess [7] of the Drupal Security Team FIXED BY * Rick Manelius [8] * Sean T. Walsh [9] COORDINATED BY -- * Rick Manelius [10] provisional member of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [11]. Learn more about the Drupal Security team and their policies [12], writing secure code for Drupal [13], and securing your site [14]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [15] [1] http://drupal.org/project/tagadelic [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/tagadelic [5] https://drupal.org/node/217 [6] http://drupal.org/project/tagadelic [7] http://drupal.org/user/102818 [8] https://drupal.org/user/680072 [9] http://drupal.org/user/995722 [10] http://drupal.org/user/680072 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration [15] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-010 Services - Access Bypass and Privilege Escalation
View online: https://drupal.org/node/2189509 * Advisory ID: DRUPAL-SA-CONTRIB-2014-010 * Project: Services [1] (third-party module) * Version: 7.x * Date: 2014-February-05 * Security risk: Highly critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - The Services module enables you to expose an API to third party systems using REST, XML-RPC or other protocols. User update access bypass vulnerability An authenticated user is able to assign additional roles to themselves, which means they can escalate their privileges by assigning an administrative role. This vulnerability is mitigated by the fact that the user must be able to log in on the site, the update operation on the user resource configuration must be enabled, and a site must have an role with more permissions than the authenticated user. Comment access bypass vulnerability As an authenticated user an attacker with the permission to post comments is able to update other users' comments. This vulnerability is mitigated by the fact that the update operation on the comment resource configuration must be enabled. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Services 7.x-3.x versions prior to 7.x-3.6. Drupal core is not affected. If you do not use the contributed Services [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Services module for Drupal 7.x, upgrade to Services 7.x-3.7 [5] Also see the Services [6] project page. REPORTED BY - * The User update access bypass vulnerability was reported by Fredrik Lassen [7]. * The Comment access bypass vulnerability was reported by wedge [8]. FIXED BY * The User update access bypass vulnerability was fixed by Fredrik Lassen [9]. * The Comment access bypass vulnerability was fixed by Kyle Browning [10], the module maintainer. COORDINATED BY -- * Klaus Purer [11] of the Drupal Security Team * Balazs Dianiska [12] a provisional member of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [13]. Learn more about the Drupal Security team and their policies [14], writing secure code for Drupal [15], and securing your site [16]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [17] [1] http://drupal.org/project/services [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/services [5] https://drupal.org/node/2186581 [6] http://drupal.org/project/services [7] https://drupal.org/user/243377 [8] https://drupal.org/user/11442 [9] https://drupal.org/user/243377 [10] https://drupal.org/user/211387 [11] http://drupal.org/user/262198 [12] http://drupal.org/user/58645 [13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure
View online: https://drupal.org/node/2189643 * Advisory ID: DRUPAL-SA-CONTRIB-2014-011 * Project: Push Notifications [1] (third-party module) * Version: 7.x * Date: 2014-February-05 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Information Disclosure DESCRIPTION - This module enables the delivery of push notifications to iOS and Android devices. The module doesn't sufficiently randomize the certificate filenames required for Apple's Push Notification service or protect the files from being publicly accessible, which could allow an attacker to acquire the certificates and broadcast push notifications to the target's user base. This vulnerability primarily affects sites that did not follow the general security best practice of placing certificates into a directory outside of the webroot and did not use password-protected certificate files. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * push_notifications 7.x-1.x versions prior to 7.x-1.1 Drupal core is not affected. If you do not use the contributed Push Notifications [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the push_notifications module for Drupal 7.x and your APNS certificate files are stored in the default directory, upgrade to push_notifications 7.x-1.1 [5] * Navigate to the configuration page for the push_notifications module (admin/config/services/push_notifications/configure) and click the Generate new certificate string button to generate a random filename. Then, rename your APNS certificates according to the instructions on the push notification configuration page. Also see the Push Notifications [6] project page. REPORTED BY - * Graham Bates [7] of the Drupal Security Team FIXED BY * Daniel Hanold [8] the module maintainer COORDINATED BY -- * Laurence Liss [9] provisional member of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [14] [1] http://drupal.org/project/push_notifications [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/push_notifications [5] http://drupal.org/node/2188983 [6] http://drupal.org/project/push_notifications [7] http://drupal.org/user/16029 [8] http://drupal.org/user/339733 [9] http://drupal.org/user/724750 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)
View online: https://drupal.org/node/2189751 * Advisory ID: DRUPAL-SA-CONTRIB-2014-012 * Project: Modal Frame API [1] (third-party module) * Version: 6.x * Date: 2014-February-05 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - This module enables provides an API to render an iframe within a modal dialog based on the jQuery UI Dialog plugin. You should not install this module unless another module requires you to, or you wish to use it for your own custom modules. The module doesn't sufficiently filter user supplied text. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * modalframe 6.x-1.8 and prior versions Drupal core is not affected. If you do not use the contributed Modal Frame API [4] module, there is nothing you need to do. SOLUTION Uninstall the module. It is no longer maintained. Also see the Modal Frame API [5] project page. REPORTED BY - * Erich Beyrent FIXED BY Not applicable. CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [6]. Learn more about the Drupal Security team and their policies [7], writing secure code for Drupal [8], and securing your site [9]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [10] [1] http://drupal.org/project/modalframe [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/modalframe [5] http://drupal.org/project/modalframe [6] http://drupal.org/contact [7] http://drupal.org/security-team [8] http://drupal.org/writing-secure-code [9] http://drupal.org/security/secure-configuration [10] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service
Hello All, Those concerned about security of Java PaaS (Platform as a Service) or cloud services in general might find the following information interesting. Security Explorations discovered multiple security vulnerabilities in the environment of Oracle [1] Java Cloud Service [2]. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center. The nature of the weaknesses identified in Oracle's service indicates that it was not a subject of a thorough security review and penetration testing prior to the public offering. They illustrate known and widely discussed security risks related to Java [3]. They also expose weak understanding of Java security model and attack techniques by Oracle engineers. More information regarding our research can be found at the official pages of SE-2013-01 project: http://www.security-explorations.com/en/SE-2013-01.html We hope the next time Larry Ellison is about to choose between boats and work [4], work is gonna win as obviously certain areas at Oracle need actual work, not the improvisation. Thank you. Best Regards, Adam Gowdiak - Security Explorations http://www.security-explorations.com We bring security research to the new level - References: [1] Oracle Corporation http://www.oracle.com [2] Oracle Java Cloud Service https://cloud.oracle.com/mycloud/f?p=service:java:0 [3] SE-2012-01 Project, Security Vulnerabilities in Java SE http://www.security-explorations.com/en/SE-2012-01.html [4] Ellison ditches own cloud keynote for billionaires' America's Cup boat race http://www.theregister.co.uk/2013/09/24/oracle_openworld_walkout/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-007 - Services - Multiple access bypass vulnerabilities
View online: https://drupal.org/node/2184843 * Advisory ID: DRUPAL-SA-CONTRIB-2014-007 * Project: Services [1] (third-party module) * Version: 7.x * Date: 2014-January-29 * Security risk: Highly critical [2] * Exploitable from: Remote * Vulnerability: Multiple access bypass vulnerabilities DESCRIPTION - This module enables you to expose an API to third party systems using REST, XML-RPC or other protocols. The form API provides a method for developers to submit forms programmatically using the function drupal_form_submit(). During programmatic form submissions, all access checks are deliberately bypassed, and any form element may be submitted regardless of the current user's access level. To facilitate this, a new, optional $form_state['programmed_bypass_access_check'] element has been added to the Drupal 7 form API. If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them. Services relies heavily on programmatic form submission and therefore needs to use this new $form_state['programmed_bypass_access_check'] so that access control parameters and hooks are performed for untrusted users. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Services 7.x-3.x versions prior to 7.x-3.5. Drupal core is not affected. If you do not use the contributed Services [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Services module for Drupal 7.x, upgrade to Services 7.x-3.6 [5] Also see the Services [6] project page. REPORTED BY - * wedge [7] * prjcarr [8] FIXED BY * David Rothstein [9] of the Drupal Security Team * Hunter Fox [10] of the Drupal Security Team * Kyle Browning [11], the module maintainer. COORDINATED BY -- * Hunter Fox [12] of the Drupal Security Team * Klaus Purer [13] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [14]. Learn more about the Drupal Security team and their policies [15], writing secure code for Drupal [16], and securing your site [17]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [18] [1] http://drupal.org/project/services [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/services [5] https://drupal.org/node/2180373 [6] http://drupal.org/project/services [7] https://drupal.org/user/11442 [8] https://drupal.org/user/1223090 [9] https://drupal.org/user/124982 [10] https://drupal.org/user/426416 [11] https://drupal.org/user/211387 [12] http://drupal.org/user/426416 [13] http://drupal.org/user/262198 [14] http://drupal.org/contact [15] http://drupal.org/security-team [16] http://drupal.org/writing-secure-code [17] http://drupal.org/security/secure-configuration [18] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2014-008 - Tribune - Cross Site Scripting (XSS)
View online: https://drupal.org/node/2184845 * Advisory ID: DRUPAL-SA-CONTRIB-2014-008 * Project: Tribune [1] (third-party module) * Version: 6.x, 7.x * Date: 2014-January-29 * Security risk: Highly critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting DESCRIPTION - A tribune is a type of chatroom. The module doesn't sufficiently filter user provided text from Tribune node titles. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create a Tribune node. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Tribune 6.x-1.x versions. * Tribune 7.x-3.x versions. Drupal core is not affected. If you do not use the contributed Tribune [4] module, there is nothing you need to do. SOLUTION Remove the module or otherwise mitigate the issue. Also see the Tribune [5] project page. REPORTED BY - * Raynald Mirville [6] FIXED BY Not applicable. COORDINATED BY -- * Laurence Liss [7] provisional member of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [8]. Learn more about the Drupal Security team and their policies [9], writing secure code for Drupal [10], and securing your site [11]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [12] [1] http://drupal.org/project/tribune [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/tribune [5] http://drupal.org/project/tribune [6] http://drupal.org/user/2737379 [7] http://drupal.org/user/724750 [8] http://drupal.org/contact [9] http://drupal.org/security-team [10] http://drupal.org/writing-secure-code [11] http://drupal.org/security/secure-configuration [12] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:021 ] perl-Proc-Daemon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:021 http://www.mandriva.com/en/support/security/ ___ Package : perl-Proc-Daemon Date: January 24, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated perl-Proc-Daemon package fixes security vulnerability: It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it (CVE-2013-7135). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7135 https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125133.html ___ Updated Packages: Mandriva Enterprise Server 5: eb4625acb3c72e6f7463ad9172843c27 mes5/i586/perl-Proc-Daemon-0.03-5.1mdvmes5.2.noarch.rpm b367ed9786497cd5538474643de43834 mes5/SRPMS/perl-Proc-Daemon-0.03-5.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 81fe1be38c5c3b5b9192e12faf377d43 mes5/x86_64/perl-Proc-Daemon-0.03-5.1mdvmes5.2.noarch.rpm b367ed9786497cd5538474643de43834 mes5/SRPMS/perl-Proc-Daemon-0.03-5.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 3ce0594ce38d205794e581292add47ed mbs1/x86_64/perl-Proc-Daemon-0.140.0-2.1.mbs1.noarch.rpm 16b0dacea233f3735f14d8acaefd15b0 mbs1/SRPMS/perl-Proc-Daemon-0.140.0-2.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS4osimqjQ0CJFipgRAsFXAJ9/52LREmpkJE0+5bwOgJIilPLw6QCg85nc T+mwEZy2fbPsc0IAnm51TAU= =aZC5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:022 ] augeas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:022 http://www.mandriva.com/en/support/security/ ___ Package : augeas Date: January 24, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated augeas packages fix security vulnerabilities: Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack (CVE-2012-0786, CVE-2012-0787). A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content (CVE-2013-6412). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412 https://rhn.redhat.com/errata/RHSA-2013-1537.html https://rhn.redhat.com/errata/RHSA-2014-0044.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 799a59ca268bf8f01dcdf8bfdb5e038f mbs1/x86_64/augeas-1.1.0-1.1.mbs1.x86_64.rpm 83a4643fa57cdab5a5191999bc687925 mbs1/x86_64/augeas-lenses-1.1.0-1.1.mbs1.x86_64.rpm 19623ba70567eed99d718bcad1ce9a35 mbs1/x86_64/lib64augeas0-1.1.0-1.1.mbs1.x86_64.rpm 7f039c5e0a965cfa21fda1dceba9e22f mbs1/x86_64/lib64augeas-devel-1.1.0-1.1.mbs1.x86_64.rpm 123fda0cfde74d4b5f19a0d3ecffe323 mbs1/x86_64/lib64fa1-1.1.0-1.1.mbs1.x86_64.rpm 9bc8bccb4b3d3a7901b018a604e5f5fb mbs1/SRPMS/augeas-1.1.0-1.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS4o6FmqjQ0CJFipgRAqzXAJ9mMIeUMIprErjkvjDP1wMn+C5tSQCgsZKu k5Ku18i2UyRIA0FjIE89kQ8= =F2IH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:023 ] hplip
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:023 http://www.mandriva.com/en/support/security/ ___ Package : hplip Date: January 24, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated hplip packages fix security vulnerabilities: It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files (CVE-2013-6402). It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code (CVE-2013-6427). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6427 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876 ___ Updated Packages: Mandriva Business Server 1/X86_64: adc12c9248b6f2aef16d531f7e50ce41 mbs1/x86_64/hplip-3.12.4-1.3.mbs1.x86_64.rpm e124ee062c8d494e9dfb3fca497c9eed mbs1/x86_64/hplip-doc-3.12.4-1.3.mbs1.x86_64.rpm 8473fa2dc4383384fe473901ccd22447 mbs1/x86_64/hplip-hpijs-3.12.4-1.3.mbs1.x86_64.rpm da5b7c37451bc067f279fec666b45666 mbs1/x86_64/hplip-hpijs-ppds-3.12.4-1.3.mbs1.x86_64.rpm 8494b5a958e0660dcfdd878be5e0c4d6 mbs1/x86_64/hplip-model-data-3.12.4-1.3.mbs1.x86_64.rpm 5f3206efa244ac3a49e8738f3b115936 mbs1/x86_64/lib64hpip0-3.12.4-1.3.mbs1.x86_64.rpm a8b8517ec195e3d6626a6d3bf537d429 mbs1/x86_64/lib64hpip0-devel-3.12.4-1.3.mbs1.x86_64.rpm e808dcb068262a1450f4b2e49924c8a1 mbs1/x86_64/lib64sane-hpaio1-3.12.4-1.3.mbs1.x86_64.rpm 68139aac8cebae63bc0ad47490b6b83e mbs1/SRPMS/hplip-3.12.4-1.3.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS4o8AmqjQ0CJFipgRAt/kAJ9K1QKlPy2r/lF/DgBDldjVIFIksQCcCusG T9Gl/6j4lvhc4YQDWjSuLUM= =Jigf -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:024 ] graphviz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:024 http://www.mandriva.com/en/support/security/ ___ Package : graphviz Date: January 24, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated graphviz packages fix security vulnerabilities: Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file (CVE-2014-0978) and the acceptance of an arbitrarily long digit list by a regular expression matched against user input (CVE-2014-1236). A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0978 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1236 https://bugzilla.redhat.com/show_bug.cgi?id=1049165 https://bugzilla.redhat.com/show_bug.cgi?id=1050872 ___ Updated Packages: Mandriva Enterprise Server 5: 2a18726d58e94c853368f61b74985621 mes5/i586/graphviz-2.20.2-3.2mdvmes5.2.i586.rpm 86576d993d8eb8d9d3cc3275fc59d05c mes5/i586/graphviz-doc-2.20.2-3.2mdvmes5.2.i586.rpm 9445dda34d27a127ab061e8ce46c33e7 mes5/i586/libgraphviz4-2.20.2-3.2mdvmes5.2.i586.rpm 17c580271cff60dd67812a76538b68f2 mes5/i586/libgraphviz-devel-2.20.2-3.2mdvmes5.2.i586.rpm 120f0bd74e4dba0c0b5828fd36114922 mes5/i586/libgraphvizlua0-2.20.2-3.2mdvmes5.2.i586.rpm d2b1ce303b17c855ba9b1e0f36e63c27 mes5/i586/libgraphvizocaml0-2.20.2-3.2mdvmes5.2.i586.rpm cc601eb1d97d5eed0207ad65fd684c14 mes5/i586/libgraphvizperl0-2.20.2-3.2mdvmes5.2.i586.rpm 901ab5b43b485b3b84400bc12c66a737 mes5/i586/libgraphvizphp0-2.20.2-3.2mdvmes5.2.i586.rpm 68471acd054c298d9b518962d8c0c82a mes5/i586/libgraphvizpython0-2.20.2-3.2mdvmes5.2.i586.rpm efec65a3e46b17d91f56c92422da62b5 mes5/i586/libgraphvizr0-2.20.2-3.2mdvmes5.2.i586.rpm a68d0aaefb900d581373ad90007dbf5b mes5/i586/libgraphvizruby0-2.20.2-3.2mdvmes5.2.i586.rpm 13efe709f3cc9dfe77f95d9617feb61b mes5/i586/libgraphviz-static-devel-2.20.2-3.2mdvmes5.2.i586.rpm 7c6ffe31b97e59ed5658c98ef82a1a6d mes5/i586/libgraphviztcl0-2.20.2-3.2mdvmes5.2.i586.rpm 17ca784b83a219d225db1331ac69e9f1 mes5/SRPMS/graphviz-2.20.2-3.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: fc261681ba0e67ae9dd5ab13e3b5595d mes5/x86_64/graphviz-2.20.2-3.2mdvmes5.2.x86_64.rpm 3af864974719f5e7119d96246e7496e5 mes5/x86_64/graphviz-doc-2.20.2-3.2mdvmes5.2.x86_64.rpm b3f45e5ba5980d9eaba89d38ab552e87 mes5/x86_64/lib64graphviz4-2.20.2-3.2mdvmes5.2.x86_64.rpm a0a671a56a1215ce1429062f7362d763 mes5/x86_64/lib64graphviz-devel-2.20.2-3.2mdvmes5.2.x86_64.rpm b1beabec6196ab963f990d1f95d59415 mes5/x86_64/lib64graphvizlua0-2.20.2-3.2mdvmes5.2.x86_64.rpm fadbd28da4026a41d38e7e95b953867e mes5/x86_64/lib64graphvizocaml0-2.20.2-3.2mdvmes5.2.x86_64.rpm 45399effafea89c1255ac03004591005 mes5/x86_64/lib64graphvizperl0-2.20.2-3.2mdvmes5.2.x86_64.rpm 97ebf63c09b7b6dacace0b14d5e03530 mes5/x86_64/lib64graphvizphp0-2.20.2-3.2mdvmes5.2.x86_64.rpm bb3a68ba425490db3d8dd5ef6e4938d7 mes5/x86_64/lib64graphvizpython0-2.20.2-3.2mdvmes5.2.x86_64.rpm 6cc193e79ac549b18ddc2b90b2aac175 mes5/x86_64/lib64graphvizr0-2.20.2-3.2mdvmes5.2.x86_64.rpm d8fc40ea3f32a4cbea5df1b788b216a3 mes5/x86_64/lib64graphvizruby0-2.20.2-3.2mdvmes5.2.x86_64.rpm 43c70bfc1265ab90359d7c2384e093d1 mes5/x86_64/lib64graphviz-static-devel-2.20.2-3.2mdvmes5.2.x86_64.rpm 2f8a47d9bfacac7f54db914485f64b9b mes5/x86_64/lib64graphviztcl0-2.20.2-3.2mdvmes5.2.x86_64.rpm 17ca784b83a219d225db1331ac69e9f1 mes5/SRPMS/graphviz-2.20.2-3.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: c4a2b0a3bc7bece8cd82a3f2bf33b9ec mbs1/x86_64/graphviz-2.28.0-6.1.mbs1.x86_64.rpm 38a95799fa68b8ac74aab2d378fdff0d mbs1/x86_64/graphviz-doc-2.28.0-6.1.mbs1.noarch.rpm 7844c839811ddb469b51f25569ed21df mbs1/x86_64/java-graphviz-2.28.0-6.1.mbs1.x86_64.rpm f0330cca4194aba5f235ec40be9e06a6 mbs1/x86_64/lib64cdt5-2.28.0-6.1.mbs1.x86_64.rpm beea5b9f76b6a46c5a930a2bbbe73ef8 mbs1/x86_64/lib64cgraph6-2.28.0-6.1.mbs1.x86_64.rpm f9bce656a8a26190a01d935ad82f47fd mbs1/x86_64/lib64graph5-2.28.0-6.1.mbs1.x86_64.rpm f6c7bbd2b7580701743b9b9df646ce00 mbs1/x86_64/lib64graphviz-devel-2.28.0-6.1.mbs1.x86_64.rpm 5992fe4c4ac3523f5687f691951bab67 mbs1/x86_64/lib64graphviz-static-devel-2.28.0
[Full-disclosure] [ MDVSA-2014:015 ] cups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:015 http://www.mandriva.com/en/support/security/ ___ Package : cups Date: January 22, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated cups packages fix security vulnerability: Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions (CVE-2013-6891). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891 http://advisories.mageia.org/MGASA-2014-0021.html ___ Updated Packages: Mandriva Business Server 1/X86_64: a6646cbe1804c5d62e37197b3ec90ec8 mbs1/x86_64/cups-1.5.4-1.3.mbs1.x86_64.rpm fa20903729498ec8fbd29c6585abaa9a mbs1/x86_64/cups-common-1.5.4-1.3.mbs1.x86_64.rpm aca4ef10b72a067ab3a7fb36df3fa5d3 mbs1/x86_64/cups-serial-1.5.4-1.3.mbs1.x86_64.rpm d30e3298fe8a3c1f9b8faf86d08b26e0 mbs1/x86_64/lib64cups2-1.5.4-1.3.mbs1.x86_64.rpm 281b77cf4c621cd2afd865f9349b7c90 mbs1/x86_64/lib64cups2-devel-1.5.4-1.3.mbs1.x86_64.rpm 49ea22c6a06c0c71069fe8fa1a7c405c mbs1/x86_64/php-cups-1.5.4-1.3.mbs1.x86_64.rpm 8d940ef3c9ba290046e5120c1e0eb884 mbs1/SRPMS/cups-1.5.4-1.3.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS36NymqjQ0CJFipgRAnUGAKDWT3RVrtLGGx5BB5G/Eq/RCaw/VwCdFGgD FbNNO4sxy/x9TNaaHUrvaHA= =+Ux+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:016 ] spice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:016 http://www.mandriva.com/en/support/security/ ___ Package : spice Date: January 22, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated spice packages fix security vulnerability: A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application (CVE-2013-4282). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282 http://advisories.mageia.org/MGASA-2014-0022.html ___ Updated Packages: Mandriva Business Server 1/X86_64: f054ba777f3e168eb87bb2ee6abfd193 mbs1/x86_64/lib64spice-server1-0.12.2-5.2.mbs1.x86_64.rpm 4d7457a8fc40a236a3dc9383ce4c1ff3 mbs1/x86_64/lib64spice-server-devel-0.12.2-5.2.mbs1.x86_64.rpm 4f4cfaf5098d6fd2a434e2dec4008da4 mbs1/x86_64/spice-client-0.12.2-5.2.mbs1.x86_64.rpm 03a3e63dc3eefbdd801006700bf66568 mbs1/SRPMS/spice-0.12.2-5.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS36P+mqjQ0CJFipgRAgVPAJsEjz2AtwTtwJoW6jPAhGz7nP6qZQCcCspy FLedyI7vlC+uhn4kSVlNGX8= =MeFn -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:017 ] net-snmp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:017 http://www.mandriva.com/en/support/security/ ___ Package : net-snmp Date: January 22, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated net-snmp packages fix security vulnerability: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout (CVE-2012-6151). This update also fixes two other minor issues: IPADDRESS size in python-netsnmp on 64-bit systems and adding btrfs support to hrFSTable. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151 http://advisories.mageia.org/MGASA-2014-0019.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 959228fa98cb764643fda49fc3f2d16b mbs1/x86_64/lib64net-snmp30-5.7.2-1.mbs1.x86_64.rpm 521d3baf5a9bc2b64b645d5fded54b4b mbs1/x86_64/lib64net-snmp-devel-5.7.2-1.mbs1.x86_64.rpm cd4b2bc8aa2adc8cda3d96afb0594e26 mbs1/x86_64/lib64net-snmp-static-devel-5.7.2-1.mbs1.x86_64.rpm 86ebfcc8f265fa0af6b43b4fe07a7edf mbs1/x86_64/net-snmp-5.7.2-1.mbs1.x86_64.rpm 887b5a7ef272830005001bfd899d223d mbs1/x86_64/net-snmp-mibs-5.7.2-1.mbs1.x86_64.rpm 7f6123819e280fd7e88acb01f61e6567 mbs1/x86_64/net-snmp-tkmib-5.7.2-1.mbs1.x86_64.rpm 6a495803e81a1896242b0943230ea895 mbs1/x86_64/net-snmp-trapd-5.7.2-1.mbs1.x86_64.rpm befe57de590d5c41fcc147abc06c1a97 mbs1/x86_64/net-snmp-utils-5.7.2-1.mbs1.x86_64.rpm 56810dcad44c9b1608b6141fa12f9a45 mbs1/x86_64/perl-NetSNMP-5.7.2-1.mbs1.x86_64.rpm a92230ace71657d042cd7bf770c98234 mbs1/x86_64/python-netsnmp-5.7.2-1.mbs1.x86_64.rpm 7e1c7f2c91b059835d1ff01ddd1fdc58 mbs1/SRPMS/net-snmp-5.7.2-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS37hgmqjQ0CJFipgRAjxKAKC6ViJ2WOTAAWJFn11qJpAb/VDpIQCePDvL 7Y2ZoOmPI9yoA8XKT9uUKMk= =y+p/ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:018 ] net-snmp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:018 http://www.mandriva.com/en/support/security/ ___ Package : net-snmp Date: January 22, 2014 Affected: Enterprise Server 5.0 ___ Problem Description: Updated net-snmp packages fix security vulnerability: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout (CVE-2012-6151). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151 http://advisories.mageia.org/MGASA-2014-0019.html ___ Updated Packages: Mandriva Enterprise Server 5: f8f0a08d1422e1b4003de8aa3d5a92b3 mes5/i586/libnet-snmp15-5.4.2-2.5mdvmes5.2.i586.rpm 7354d7ce03ce19875ebf7766eaac223b mes5/i586/libnet-snmp-devel-5.4.2-2.5mdvmes5.2.i586.rpm af910ddbf398b920763afd8a0aa6efcf mes5/i586/libnet-snmp-static-devel-5.4.2-2.5mdvmes5.2.i586.rpm 62ec0b64c14ce97fd7a2c153ff800985 mes5/i586/net-snmp-5.4.2-2.5mdvmes5.2.i586.rpm 53f185c085d12bb6532c74b4a6b490d2 mes5/i586/net-snmp-mibs-5.4.2-2.5mdvmes5.2.i586.rpm b7bd8629ccb5ec2d9f441c179e9a5b46 mes5/i586/net-snmp-tkmib-5.4.2-2.5mdvmes5.2.i586.rpm 584b6a26b64b92332e848250ba2491cd mes5/i586/net-snmp-trapd-5.4.2-2.5mdvmes5.2.i586.rpm f519a0f295cdd31ff914c13b8b2793b3 mes5/i586/net-snmp-utils-5.4.2-2.5mdvmes5.2.i586.rpm 71a1430cb3d89909de74a922e16c976d mes5/i586/perl-NetSNMP-5.4.2-2.5mdvmes5.2.i586.rpm 067bfc9a3e083c3b06ced9fe5ea6b8e8 mes5/SRPMS/net-snmp-5.4.2-2.5mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: eb0e4a047c3d9fcc399ebb279515e699 mes5/x86_64/lib64net-snmp15-5.4.2-2.5mdvmes5.2.x86_64.rpm 2d483c039f7a51c85d2e789bcc4f6832 mes5/x86_64/lib64net-snmp-devel-5.4.2-2.5mdvmes5.2.x86_64.rpm 9cff8141ae025334e28a72e9094e8980 mes5/x86_64/lib64net-snmp-static-devel-5.4.2-2.5mdvmes5.2.x86_64.rpm cd482d038450bdfab7b511bd65d19c95 mes5/x86_64/net-snmp-5.4.2-2.5mdvmes5.2.x86_64.rpm 1c9e0e0668e96d7ca9e0a133ca456c7b mes5/x86_64/net-snmp-mibs-5.4.2-2.5mdvmes5.2.x86_64.rpm cf649ea642fca416e4e50456f61b490a mes5/x86_64/net-snmp-tkmib-5.4.2-2.5mdvmes5.2.x86_64.rpm 70151a375aeeaf10d2778f51fc290ef8 mes5/x86_64/net-snmp-trapd-5.4.2-2.5mdvmes5.2.x86_64.rpm 7d2e59a5f0461390e9de7368d7265d54 mes5/x86_64/net-snmp-utils-5.4.2-2.5mdvmes5.2.x86_64.rpm 3328ba8f787babb05ac149e98e61019c mes5/x86_64/perl-NetSNMP-5.4.2-2.5mdvmes5.2.x86_64.rpm 067bfc9a3e083c3b06ced9fe5ea6b8e8 mes5/SRPMS/net-snmp-5.4.2-2.5mdvmes5.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS37jxmqjQ0CJFipgRAtTgAKCWH6t7+r9QQ55WKzsbyXC9STBPYgCfQcP/ hC6cy1Cr8coc6Y6wcFremeM= =023e -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2014:019 ] elinks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:019 http://www.mandriva.com/en/support/security/ ___ Package : elinks Date: January 22, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated elinks package fixes security vulnerability: When verifying SSL certificates, elinks fails to warn the user if the hostname of the certificate does not match the hostname of the website. The elinks package has been updated to version 0.12-pre6 and patched to fix this issue. ___ References: http://advisories.mageia.org/MGASA-2014-0014.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 1fecee049f4428cb6ba3c7a2c47165f8 mbs1/x86_64/elinks-0.12-2.2.mbs1.x86_64.rpm dd348dca6d0834c1a9b297054fd8542e mbs1/SRPMS/elinks-0.12-2.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS37/+mqjQ0CJFipgRAszFAKCjKF/DhyN4zzNuVavfVvc5qGHQQQCfZT5o ooTjS1fFsF9ptO3pXe7nEO8= =9dNz -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability Advisory ID: cisco-sa-20140122-isdngw Revision 1.0 For Public Release 2014 January 22 16:00 UTC (GMT) +- Summary === Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel (D-channel) causing all calls to be terminated and preventing users from making new calls. Cisco has released free software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlLftyMACgkQUddfH3/BbTqGGQD+KxXwskb8KhJfaOW2Z4L2KEOx UK/LObLc2I9fY+S4+K0A/3nLwJck2HZCZE41WGLchuuFcOlObwEcAOwwR7canYOQ =Z7JB -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability Advisory ID: cisco-sa-20140122-vcs Revision 1.0 For Public Release 2014 January 22 16:00 UTC (GMT) +- Summary === Cisco TelePresence Video Communication Server (VCS) contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is reloaded. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlLftycACgkQUddfH3/BbTpuLQD/QuXcNK44FBAx3wTjIHkBBu3T kguByH4A3S/8k0SiEZYA/0AWAbjBnBeP+2WR5dtyOWhbz977X6wv1mwSnFuwAAW9 =toYB -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco TelePresence System Software Command Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco TelePresence System Software Command Execution Vulnerability Advisory ID: cisco-sa-20140122-cts Revision 1.0 For Public Release 2014 January 22 16:00 UTC (GMT) +- Summary === Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user. Cisco has released free software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlLftvIACgkQUddfH3/BbTrePQD9FSpmHbt1k2llXblHoEoQrOEd 1G5+AeNJnwMANjUfiSsA/RtJM/0hpPgxhq/FekwVXg4FLeNCpfB+UJqEjAhezWzy =RUj5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/