from:"security"

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:051
 http://www.mandriva.com/en/support/security/
 ___

 Package : file
 Date: March 13, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated file package fixes security vulnerability:
 
 It was discovered that file before 5.17 contains a flaw in the handling
 of indirect magic rules in the libmagic library, which leads to an
 infinite recursion when trying to determine the file type of certain
 files (CVE-2014-1943).
 
 Additionally, other well-crafted files might result in long computation
 times (while using 100% CPU) and overlong results.
 
 A flaw was found in the way the file utility determined the type of
 Portable Executable (PE) format files, the executable format used on
 Windows. A malicious PE file could cause the file utility to crash or,
 potentially, execute arbitrary code (CVE-2014-2270).
 
 A memory leak in file has also been fixed.
 
 The affected packages have been upgraded to the 5.12 version and
 patched to correct these flaws.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
 http://advisories.mageia.org/MGASA-2014-0092.html
 http://advisories.mageia.org/MGASA-2014-0123.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 5daf7e68d436107f087e08cbabd55a53  mbs1/x86_64/file-5.12-1.mbs1.x86_64.rpm
 f59233880c730cd02d6e9c9bc2b50040  
mbs1/x86_64/lib64magic1-5.12-1.mbs1.x86_64.rpm
 9d5063b1d1e64d82df88ec926e26be58  
mbs1/x86_64/lib64magic-devel-5.12-1.mbs1.x86_64.rpm
 672916960ebde988649acb12fa9ff534  
mbs1/x86_64/lib64magic-static-devel-5.12-1.mbs1.x86_64.rpm
 f2a64add383b5d18ae6f0c29c2972a49  
mbs1/x86_64/python-magic-5.12-1.mbs1.noarch.rpm 
 a60928e3e2bc266079b8466bd9519eb0  mbs1/SRPMS/file-5.12-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIVxsmqjQ0CJFipgRApnoAJ0WKcVX9puBlpl8mkzhhy8+lFf1DwCeKbTX
B0zUUM//h2BC4yyN9jxSSJU=
=M1BL
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:052 ] net-snmp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:052
 http://www.mandriva.com/en/support/security/
 ___

 Package : net-snmp
 Date: March 13, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated net-snmp packages fix two vulnerabilities:
 
 Remotely exploitable denial of service vulnerability in Net-SNMP,
 in the Linux implementation of the ICMP-MIB, making the SNMP
 agent vulnerable if it is making use of the ICMP-MIB table objects
 (CVE-2014-2284).
 
 Remotely exploitable denial of service vulnerability in Net-SNMP,
 in snmptrapd, due to how it handles trap requests with an empty
 community string when the perl handler is enabled (CVE-2014-2285).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=
 http://advisories.mageia.org/MGASA-2014-0122.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 75e24feeb05a77c70995a9a1175da857  
mbs1/x86_64/lib64net-snmp30-5.7.2-1.1.mbs1.x86_64.rpm
 2eda4de0bd258d015818e0b18de62453  
mbs1/x86_64/lib64net-snmp-devel-5.7.2-1.1.mbs1.x86_64.rpm
 280aa9c311cd4373fd0001ad0b1ac3b3  
mbs1/x86_64/lib64net-snmp-static-devel-5.7.2-1.1.mbs1.x86_64.rpm
 e2e77246cbcf195d3842c029e3e17f80  
mbs1/x86_64/net-snmp-5.7.2-1.1.mbs1.x86_64.rpm
 832ac7ed2bbdc701173d3042d862f8b6  
mbs1/x86_64/net-snmp-mibs-5.7.2-1.1.mbs1.x86_64.rpm
 dbde6cc67a4610c2d2a1aa23e30f2417  
mbs1/x86_64/net-snmp-tkmib-5.7.2-1.1.mbs1.x86_64.rpm
 5c2a7541316aa4f4eddfe19fe04fd97f  
mbs1/x86_64/net-snmp-trapd-5.7.2-1.1.mbs1.x86_64.rpm
 87162adb1b12d29070b53257ceeef286  
mbs1/x86_64/net-snmp-utils-5.7.2-1.1.mbs1.x86_64.rpm
 7e2681b068903c4e28dd5d31ca37ef70  
mbs1/x86_64/perl-NetSNMP-5.7.2-1.1.mbs1.x86_64.rpm
 ed8bcbc6470482d1e78567d06e8e608a  
mbs1/x86_64/python-netsnmp-5.7.2-1.1.mbs1.x86_64.rpm 
 5c6e6b75f38386964efe4340b2436873  mbs1/SRPMS/net-snmp-5.7.2-1.1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIV4rmqjQ0CJFipgRAgWkAJ45l7yEOU6KIy3ySIumvZB0eShVQwCfW1Bh
zMDFEhf4YiB6foTD9u+uUPs=
=STrP
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:053 ] libssh

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:053
 http://www.mandriva.com/en/support/security/
 ___

 Package : libssh
 Date: March 13, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated libssh package fixes security vulnerability:
 
 When using libssh before 0.6.3, a libssh-based server, when accepting
 a new connection, forks and the child process handles the request. The
 RAND_bytes() function of openssl doesn#039;t reset its state after the
 fork, but simply adds the current process id (getpid) to the PRNG
 state, which is not guaranteed to be unique. The most important
 consequence is that servers using EC (ECDSA) or DSA certificates may
 under certain conditions leak their private key (CVE-2014-0017).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017
 http://advisories.mageia.org/MGASA-2014-0119.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 eb6bcbc277a01a3bcc53d43b127becbe  
mbs1/x86_64/lib64ssh4-0.5.2-2.2.mbs1.x86_64.rpm
 417ce1525889e70932b44399293791b0  
mbs1/x86_64/lib64ssh-devel-0.5.2-2.2.mbs1.x86_64.rpm 
 d4bbda02ed47d9b0df5f9e7992a29d6e  mbs1/SRPMS/libssh-0.5.2-2.2.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIV92mqjQ0CJFipgRAn1pAKCI59sSMco0u5/Ff4pa3ut5fvAF/wCgptxb
9kuUknjWGT8mtgJ/+ZmIYwM=
=cv+v
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:054 ] otrs

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:054
 http://www.mandriva.com/en/support/security/
 ___

 Package : otrs
 Date: March 13, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated otrs package fixes security vulnerability:
 
 An attacker could send a specially prepared HTML email to OTRS. If
 he can then trick an agent into following a special link to display
 this email, JavaScript code would be executed (CVE-2014-1695).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1695
 http://advisories.mageia.org/MGASA-2014-0114.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 f913ce8f777c607662375c4cd63995b3  mbs1/x86_64/otrs-3.2.15-1.mbs1.noarch.rpm 
 cf451c6dc24d227df81f277d0542cb9e  mbs1/SRPMS/otrs-3.2.15-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIWA2mqjQ0CJFipgRAmAyAJ4soLFUh+CytH8YdDnszYsa26wzjwCghyCb
IuQkiqLATAUUnFETQnEXFjk=
=t1Xt
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:055 ] owncloud

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:055
 http://www.mandriva.com/en/support/security/
 ___

 Package : owncloud
 Date: March 13, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated owncloud packages fix security vulnerabilities and bugs:
 
 Owncloud versions 5.0.15 and 6.0.2 fix several unspecified security
 vulnerabilities, as well as many other bugs.
 
 See the upstream Changelog for more information.
 ___

 References:

 http://advisories.mageia.org/MGASA-2014-0120.html
 http://owncloud.org/changelog/
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 f17711b6066dab82f39509437f04e75d  
mbs1/x86_64/owncloud-5.0.15-1.mbs1.noarch.rpm 
 a434bc4843526f2c183746e016444cf4  mbs1/SRPMS/owncloud-5.0.15-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIWFMmqjQ0CJFipgRAviGAJ0cr80Fvn/efM4RuxyBA0Me4LgehgCgrYU0
ZEVpHdzwvkLeBxR3d0tUfSE=
=XyRH
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:056 ] apache-commons-fileupload

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:056
 http://www.mandriva.com/en/support/security/
 ___

 Package : apache-commons-fileupload
 Date: March 13, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated apache-commons-fileupload packages fix security vulnerability:
 
 It was discovered that the Apache Commons FileUpload package for Java
 could enter an infinite loop while processing a multipart request with
 a crafted Content-Type, resulting in a denial-of-service condition
 (CVE-2014-0050).
 
 Tomcat 7 includes an embedded copy of the Apache Commons FileUpload
 package, and was affected as well.
 
 Additionally a build problem with maven was discovered, fixed maven
 packages is also being provided with this advisory.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
 http://advisories.mageia.org/MGASA-2014-0109.html
 http://advisories.mageia.org/MGASA-2014-0110.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 3ca8ae458a2a14d7fbb0a70c0b713694  
mbs1/x86_64/apache-commons-fileupload-1.2.2-7.1.mbs1.noarch.rpm
 3b08f11ad938172850ef4ee3ecbba370  
mbs1/x86_64/apache-commons-fileupload-javadoc-1.2.2-7.1.mbs1.noarch.rpm
 1c4c5c3bd6793c2a2450dcefa0e203ef  mbs1/x86_64/maven-3.0.4-29.1.mbs1.noarch.rpm
 8fc65ce434b39c1b4e99ac82c99f360c  
mbs1/x86_64/maven-javadoc-3.0.4-29.1.mbs1.noarch.rpm
 690021e32ef08530eb6e0ffb37f183bb  mbs1/x86_64/tomcat-7.0.41-1.mbs1.noarch.rpm
 ef37839b3c4cc68470895521b9c2f9b1  
mbs1/x86_64/tomcat-admin-webapps-7.0.41-1.mbs1.noarch.rpm
 10d70b5c2912cd31a3300cef68c8ae05  
mbs1/x86_64/tomcat-docs-webapp-7.0.41-1.mbs1.noarch.rpm
 30b9bce5753a84d5b297d09f325ee519  
mbs1/x86_64/tomcat-el-2.2-api-7.0.41-1.mbs1.noarch.rpm
 33f563c0129db18353f5f11ddff9da1f  
mbs1/x86_64/tomcat-javadoc-7.0.41-1.mbs1.noarch.rpm
 b695ab259ef3d94d7ff9d7080c133315  
mbs1/x86_64/tomcat-jsp-2.2-api-7.0.41-1.mbs1.noarch.rpm
 1a973a209c59818baaf9a702b127e4ce  
mbs1/x86_64/tomcat-jsvc-7.0.41-1.mbs1.noarch.rpm
 2401f69cfd2a32b0cbfe08596e03b5af  
mbs1/x86_64/tomcat-lib-7.0.41-1.mbs1.noarch.rpm
 4488a01e207711e525674516ba35166d  
mbs1/x86_64/tomcat-servlet-3.0-api-7.0.41-1.mbs1.noarch.rpm
 8282439d68a86b4df5bb4a497fc355af  
mbs1/x86_64/tomcat-webapps-7.0.41-1.mbs1.noarch.rpm 
 0b2a663187d4e6f84842c8557c0aed88  
mbs1/SRPMS/apache-commons-fileupload-1.2.2-7.1.mbs1.src.rpm
 5838595a6d67a65a1b6ef7cf6010303b  mbs1/SRPMS/maven-3.0.4-29.1.mbs1.src.rpm
 2a1fe32885c43e8c24037d0d14411225  mbs1/SRPMS/tomcat-7.0.41-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIXRwmqjQ0CJFipgRAmzFAKCuhe6bqDCVintv67zSlxhVksDmqQCg5il2
LQ4guSGikHcbr7VUIBHqsAM=
=N5K+
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:057 ] mediawiki

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:057
 http://www.mandriva.com/en/support/security/
 ___

 Package : mediawiki
 Date: March 13, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated mediawiki packages fix multiple vulnerabilities:
 
 MediaWiki user Michael M reported that the fix for CVE-2013-4568
 allowed insertion of escaped CSS values which could pass the CSS
 validation checks, resulting in XSS (CVE-2013-6451).
 
 Chris from RationalWiki reported that SVG files could be uploaded
 that include external stylesheets, which could lead to XSS when an
 XSL was used to include JavaScript (CVE-2013-6452).
 
 During internal review, it was discovered that MediaWiki#039;s SVG
 sanitization could be bypassed when the XML was considered invalid
 (CVE-2013-6453).
 
 During internal review, it was discovered that MediaWiki displayed some
 information about deleted pages in the log API, enhanced RecentChanges,
 and user watchlists (CVE-2013-6472).
 
 Netanel Rubin from Check Point discovered a remote code execution
 vulnerability in MediaWiki#039;s thumbnail generation for DjVu
 files. Internal review also discovered similar logic in the PdfHandler
 extension, which could be exploited in a similar way (CVE-2014-1610).
 
 MediaWiki before 1.22.3 does not block unsafe namespaces, such as a
 W3C XHTML namespace, in uploaded SVG files.  Some client software may
 use these namespaces in a way that results in XSS.  This was fixed
 by disallowing uploading SVG files using non-whitelisted namespaces
 (CVE-2014-2242).
 
 MediaWiki before 1.22.3 performs token comparison that may be
 vulnerable to timing attacks.  This was fixed by making token
 comparison use constant time (CVE-2014-2243).
 
 MediaWiki before 1.22.3 could allow an attacker to perform XSS attacks,
 due to flaw with link handling in api.php.  This was fixed such that
 it won#039;t find links in the middle of api.php links (CVE-2014-2244).
 
 MediaWiki has been updated to version 1.22.3, which fixes these issues,
 as well as several others.
 
 Also, the mediawiki-ldapauthentication and mediawiki-math extensions
 have been updated to newer versions that are compatible with MediaWiki
 1.22.
 
 Additionally, the mediawiki-graphviz extension has been obsoleted,
 due to the fact that it is unmaintained upstream and is vulnerable
 to cross-site scripting attacks.
 
 Note: if you were using the instances feature in these packages to
 support multiple wiki instances, this feature has now been removed.
 You will need to maintain separate wiki instances manually.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6451
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6452
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6453
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6472
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1610
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2242
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2243
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2244
 http://advisories.mageia.org/MGASA-2014-0113.html
 http://advisories.mageia.org/MGASA-2014-0124.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 0763c6b913556fd3d098e14e6711d4c9  
mbs1/x86_64/mediawiki-1.22.3-1.mbs1.noarch.rpm
 3f3d638b7a09dfc700a56f06a0e06629  
mbs1/x86_64/mediawiki-ldapauthentication-2.0f-1.mbs1.noarch.rpm
 c1bdd7ff8e5ab29f74891cb4fa92bff0  
mbs1/x86_64/mediawiki-mysql-1.22.3-1.mbs1.noarch.rpm
 6cd761769b330e837612ed079816019f  
mbs1/x86_64/mediawiki-pgsql-1.22.3-1.mbs1.noarch.rpm
 e484574d3776723c87e46a832daf3c4a  
mbs1/x86_64/mediawiki-sqlite-1.22.3-1.mbs1.noarch.rpm 
 870886ea628aaac381b4ab4210e33ea0  mbs1/SRPMS/mediawiki-1.22.3-1.mbs1.src.rpm
 bfbd6cc7fb3ce82be5c01564c5bfddde  
mbs1/SRPMS/mediawiki-ldapauthentication-2.0f-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID

[Full-disclosure] [ MDVSA-2014:058 ] freeradius

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:058
 http://www.mandriva.com/en/support/security/
 ___

 Package : freeradius
 Date: March 13, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 Updated freeradius package fixes security vulnerability:
 
 SSHA processing in freeradius before 2.2.3 runs into a stack-based
 buffer overflow in the freeradius rlm_pap module if the password
 source uses an unusually long hashed password (CVE-2014-2015).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2015
 http://advisories.mageia.org/MGASA-2014-0088.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 ad944c9074b82a96e5bca829cb9e53a6  
mes5/i586/freeradius-2.1.0-3.2mdvmes5.2.i586.rpm
 a99e3e6e10a0856e4d755d17653865a0  
mes5/i586/freeradius-krb5-2.1.0-3.2mdvmes5.2.i586.rpm
 322a9c4b628cf1e94263c060b6978fde  
mes5/i586/freeradius-ldap-2.1.0-3.2mdvmes5.2.i586.rpm
 e554bcf6daa40436f85ad06b4bc4a81a  
mes5/i586/freeradius-mysql-2.1.0-3.2mdvmes5.2.i586.rpm
 95588e3bdf6cf1f1711416c1966a5683  
mes5/i586/freeradius-postgresql-2.1.0-3.2mdvmes5.2.i586.rpm
 e998de66a546e5f1c325a1aae720ce8d  
mes5/i586/freeradius-unixODBC-2.1.0-3.2mdvmes5.2.i586.rpm
 92cc08607f5a1db4b8181f3fa1f882ac  
mes5/i586/freeradius-web-2.1.0-3.2mdvmes5.2.i586.rpm
 59efbacd16cd43b769194eebd86b9aa8  
mes5/i586/libfreeradius1-2.1.0-3.2mdvmes5.2.i586.rpm
 c22ae710c958e08cd230f90b4a8dd02d  
mes5/i586/libfreeradius-devel-2.1.0-3.2mdvmes5.2.i586.rpm 
 cc1524d78d985dcfe1cc52e0c4167c53  
mes5/SRPMS/freeradius-2.1.0-3.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 56840a173c160cba06a7fb7c80ddb64f  
mes5/x86_64/freeradius-2.1.0-3.2mdvmes5.2.x86_64.rpm
 0941ddc851295f4925de5f583da68475  
mes5/x86_64/freeradius-krb5-2.1.0-3.2mdvmes5.2.x86_64.rpm
 e4af5670c6cab9b67add4e70aed3b684  
mes5/x86_64/freeradius-ldap-2.1.0-3.2mdvmes5.2.x86_64.rpm
 25df0aba6eee4288d21ecda61c30b778  
mes5/x86_64/freeradius-mysql-2.1.0-3.2mdvmes5.2.x86_64.rpm
 b9ccf0bc86cdc0b3cd05bfa4fabacf2a  
mes5/x86_64/freeradius-postgresql-2.1.0-3.2mdvmes5.2.x86_64.rpm
 7826a0387961c9d212be1532f2455664  
mes5/x86_64/freeradius-unixODBC-2.1.0-3.2mdvmes5.2.x86_64.rpm
 d20ac56207ef50426beaea46e1196c63  
mes5/x86_64/freeradius-web-2.1.0-3.2mdvmes5.2.x86_64.rpm
 1dad7dd1a4b40a99c21edc8598b7aeea  
mes5/x86_64/lib64freeradius1-2.1.0-3.2mdvmes5.2.x86_64.rpm
 047d0222be6c58c6757fb63c4489e91e  
mes5/x86_64/lib64freeradius-devel-2.1.0-3.2mdvmes5.2.x86_64.rpm 
 cc1524d78d985dcfe1cc52e0c4167c53  
mes5/SRPMS/freeradius-2.1.0-3.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 0057f36548b76ab4309513af32189a7a  
mbs1/x86_64/freeradius-2.1.12-9.2.mbs1.x86_64.rpm
 bf926a73a78b4d71ed289882174faff0  
mbs1/x86_64/freeradius-krb5-2.1.12-9.2.mbs1.x86_64.rpm
 2a4d779f740e148179a2fa47f6b5d11a  
mbs1/x86_64/freeradius-ldap-2.1.12-9.2.mbs1.x86_64.rpm
 6194d14adfb3a1be7098d6a80c68666c  
mbs1/x86_64/freeradius-mysql-2.1.12-9.2.mbs1.x86_64.rpm
 aa9d2789f6ba9ef13ddcbd8f1401053b  
mbs1/x86_64/freeradius-postgresql-2.1.12-9.2.mbs1.x86_64.rpm
 dced45a8d3116fda640cbf87a92045d9  
mbs1/x86_64/freeradius-sqlite-2.1.12-9.2.mbs1.x86_64.rpm
 6334b8e46550b4386845e965de3ddd6e  
mbs1/x86_64/freeradius-unixODBC-2.1.12-9.2.mbs1.x86_64.rpm
 7c50512bed1debd14c01ac39a23664a0  
mbs1/x86_64/freeradius-web-2.1.12-9.2.mbs1.x86_64.rpm
 180924551409613494f9d37e171981bd  
mbs1/x86_64/lib64freeradius1-2.1.12-9.2.mbs1.x86_64.rpm
 aa658a202d8dfa5d34126b548206afb9  
mbs1/x86_64/lib64freeradius-devel-2.1.12-9.2.mbs1.x86_64.rpm 
 d71925925b1416ea729b8b85c7f0919c  mbs1/SRPMS/freeradius-2.1.12-9.2.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTIaX3mqjQ0CJFipgRAmfrAJ4+2PFcRArhKtgBxVFMRghXs3mB+QCfQNcE
KMIx0VlhDi+BX+cm21ZnGgQ=
=MBcL

[Full-disclosure] CVE-2014-0054 Spring MVC Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)

2014-03-12 Thread Pivotal Security Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

CVE-2014-0054 Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)

Severity: Important

Vendor: Spring by Pivotal

Versions Affected:
- - Spring MVC 3.0.0 to 3.2.8
- - Spring MVC 4.0.0 to 4.0.1
- - Earlier unsupported versions may be affected

Description:
Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided
XML and neither disabled XML external entities nor provided an option to disable
them. Jaxb2RootElementHttpMessageConverter has been modified to provide an
option to control the processing of XML external entities and that processing is
now disabled by default. 

Mitigation:
Users of affected versions should apply the following mitigation:
- - Users of 3.x should upgrade to 3.2.8 or later
- - Users of 4.x should upgrade to 4.0.2 or later

Credit:
This issue was reported to the Spring Framework developers by Spase Markovski.

References:
http://www.gopivotal.com/security/cve-2014-0054
https://jira.springsource.org/browse/SPR-11376
https://github.com/spring-projects/spring-framework/commit/edba32b3093703d5e9ed42b5b8ec23ecc1998398#diff-1f3f1d5cdab9ac92d1ca5ec7def8f131

History:
2014-Mar-11: Initial vulnerability report published.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0

iQIcBAEBAgAGBQJTH4LYAAoJEKSZXFdK82XaOD4P/RQEwgJaQxHpx+WG1z0dvf5K
DuG+p/O+E0zruuTdVZMTdg+i+o3PSBQ/8xjnAJw0S8DeLAClZPC8h/bHr4C1Hy2A
Fd9UIQF0Tuci4nUpaBkYjMsq/DIznhMCI3Md0dclYNj/X9j+mocFiRzhFDI4/2yx
kfN62ks9DMe9YZhc3jqzB01MLnqmx2zVXRX7t1YUrcUpdvgz0m2Cp/xoU4urAf7G
Jggiggc4z9iGJ9B4fbvhJ10jLeNjCf0xI+s612Uq4wQC/+5sZDwaE9BaIiBBS/bI
60nePuGzuGlcXlERPSiswO4U7evBXLJAHWsReMjJODf0+j+LheRUdeqBDGx+MlQ2
1Nz6L/EzYfX3AEm0rLhE1Y51oV2BfkIT5zT0aCb1xZY5Ujwqv1q6S+bTK0M8HrKv
YYkKvXlAHmBW9t0Yk/ONaXT/b843Y/UJD2Zqd0272y2KmewDmAT7A1b8r8b1Yj5W
2Aw/6/2qVgnWLfgBiY0i+9//POnrmp8wDERVAAix/ePk/Mh+KBZAXThzMy77Vm1R
miFXUCo92y0vAQijavn5lO5rhSuKX0205V61ivY6JLPeVqDxdXi6eptXSZuKe3e7
0XyHieN5zZ6nH+UkKSdUFhMSiGx6fQ0YDQm/4wfj5AqJ8ib1lrj/n4zxhTGTJpfy
KyU96xGT6ig9EuA3Sc+E
=N/VV
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CVE-2014-0097 Spring Security Blank password may bypass user authentication

2014-03-12 Thread Pivotal Security Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

CVE-2014-0097 Blank password may bypass user authentication

Severity: Important

Vendor: Spring by Pivotal

Versions Affected:
- - Spring Security 3.2.0 to 3.2.1
- - Spring Security 3.1.0 to 3.1.5

Description:
The ActiveDirectoryLdapAuthenticator does not check the password length. If the
directory allows anonymous binds then it may incorrectly authenticate a user who
supplies an empty password.

Mitigation:
Users of affected versions should apply the following mitigation:
- - Users of 3.2.x should upgrade to 3.2.2

Credit:
This issue was identified by the Spring Development team.

References:
http://www.gopivotal.com/security/cve-2014-0097
https://jira.springsource.org/browse/SEC-2500
https://github.com/spring-projects/spring-security/commit/88559882e967085c47a7e1dcbc4dc32c2c796868
https://github.com/spring-projects/spring-security/commit/7dbb8e777ece8675fa1ef1cb4d6b9be80395
https://github.com/spring-projects/spring-security/commit/a7005bd74241ac8e2e7b38ae31bc4b0f641ef973

History:
2014-Mar-11: Initial vulnerability report published.
2014-Mar-11: Affected versions corrected to add 3.1.0 to 3.1.5
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0

iQIcBAEBAgAGBQJTH4PiAAoJEKSZXFdK82XakpEP/AofBt17ZjSs4MeFcgm/zt1e
tad8nNlYPRxjoUQYexNGLAu6JPIdaaZ1dZib+6vLwX3iKpMNq2dikkiVFk9qPSQY
It/o58+n3e+La5KiEKpUHUnFuUfaOrcI6iojDlb/tIRKZB3UR8c8X562rYNDsMAJ
QgAFaEvlxtNlB273Dq3AuIugpKB1E3Ivk2AFw9n7esutvKac42S8RaCw3FM+t8Hp
OsbkroB8OE9qfi/MSh4loLZDdHakYgRy/mdW/5FYzrnbiOUNIzeyph3KiWFb5col
ox2k9DEDsBbve/jATg/hsL0NvOIIqWA7mO+K/8XiGo4OnUkcDginCrEx01r36YLM
wHIfnjQp6tgngFMC1sJBqaYH5bQ4p6HSiYwWutUTRvRUoXDe3YvPra37lWtgVfAv
otYmZ8BZiQrzMiE5J1UIshekJV6dEhani3kyi3htCvOiBCS2+YMYzKgg16OgVcf5
JYmQKk/yE+ZEeWdTmM0gGK44axUQVNWZpG84JG/n7gDU+/yNO//93/vnID2JE5VK
CzAcP2fazzK4D2u5t1k7JNfArDJ82SrVjEzY0RuZiu+ui/32kidIJY757rMbPV1k
+wiE9429N4vsOisHavNladmUGl2vb5ImcVHiDy6ZyXyF8Xu4lE5YuhLzA5qZ4Ta/
n96+1qDQQZB4HhRKAnIZ
=XpO8
-END PGP SIGNATURE-___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CVE-2014-1904 XSS when using Spring MVC

2014-03-12 Thread Pivotal Security Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

CVE-2014-1904 XSS when using Spring MVC

Severity: Moderate

Vendor: Spring by Pivotal

Versions Affected:
- - Spring MVC 3.0.0 to 3.2.8
- - Spring MVC 4.0.0 to 4.0.1
- - Earlier unsupported versions may be affected

Description:
When a programmer does not specify the action on the Spring form, Spring
automatically populates the action field with the requested uri. An atacker can
use this to inject malicious content into the form.

Mitigation:
Users of affected versions should apply the following mitigation:
- - Users of 3.x should upgrade to 3.2.8 or later
- - Users of 4.x should upgrade to 4.0.2 or later

Credit:
This issue was discovered and reported responsibly to the Pivotal security team
by Paul Wowk of CAaNES LLC.

References:
https://jira.springsource.org/browse/SPR-11426
https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485

History:
2014-Mar-11: Initial vulnerability report published.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0

iQIcBAEBAgAGBQJTH4RmAAoJEKSZXFdK82Xa9cgP/jrsKO2583HNfsIfglZxcnEY
YpKlCbqNeXzwEuACTJGdsilH57Q1mx7CuMGSBUjDi/ayiKfWmlhdZapkvVc8qdPC
2yUeYjKpj70MGedzWODMEPYdpM0bfqpmYep5HPioYA/jj3xQBrcZSQ1FAMCWzSTF
FWyqbkB3qO9F80Vs/E2wKbH/Qm4pEOiaxQg+moCut/RLHYlWKGRFt+ujqd7EUnzY
mGyeUR419F97pA2juF1GAh68R+z2mvwupPMCnc6naMPXtOuZoLZfAwJEoyqdQTyD
NpnKJfeF2PCAGSPT0tlvgyxsW08zVb6QQv2WvKcQMqyDYYqnMpedUK9ZmtykNXYo
ehQjRqSFy/amf+LPdJzYn8Z3bC49RLeOjkRNrWL2tj0gq9gn/PbZNcQxxT1u+z4C
md1TDdv8/N8M8GKc61exm1wnVedPHbanCeYc5g7+fkQm0qu0qmQzHmls3jRedWH2
XqHQ63w4/hpv/tD0YESK+wvXXAP359kqTUmJ3GOhYOAJ9+K4dxyCLXUIsfif4wTq
cJ6yubaLTMI50b+tzfxV0WsF+ez6MEyfXJoNXR8LfEOiTIUWC/5boslrAtAPKgpS
X+ISd4qHLj6AyjoqfBTLSpZecP4RNtxRPJsC04RgKx2yMIjxlO8nghu4z5xYe0L0
d/vOAj1idcQotv/g92jl
=msWo
-END PGP SIGNATURE-___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure

2014-03-12 Thread security-news

View online: https://drupal.org/node/2216269

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-030
   * Project: SexyBookmarks [1] (third-party module)
   * Version: 6.x
   * Date: 2014-March-12
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Information Disclosure

 DESCRIPTION
-

The SexyBookmarks module is a port of the WordPress SexyBookmarks plug-in.
The module adds social bookmarking using the Shareaholic service.

The module discloses the private files location when Drupal 6 is configured
to use private files.

This vulnerability is mitigated by the fact that only sites using private
files are affected.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * All SexyBookmarks 6.x-2.x versions.

Drupal core is not affected. If you do not use the contributed SexyBookmarks
[4] module, there is nothing you need to do.

 SOLUTION


   * If you use the SexyBookmarks module for Drupal 6.x you should disable it.
   * Users can also consider using the Shareaholic [5] module which provides
 similar features. However, the Shareaholic module is currently only
 available for Drupal 7 so affected users would have to upgrade to Drupal 
7
 first.

Also see the SexyBookmarks [6] project page.

 REPORTED BY
-

   * Don Morris [7]

 FIXED BY


Not applicable.

 COORDINATED BY
--

   * Greg Knaddison [8] of the Drupal Security Team
   * Cash Williams [9] provisional member of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [10].

Learn more about the Drupal Security team and their policies [11], writing
secure code for Drupal [12], and securing your site [13].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [14]


[1] http://drupal.org/project/sexybookmarks
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/sexybookmarks
[5] http://drupal.org/project/shareaholic
[6] http://drupal.org/project/sexybookmarks
[7] http://drupal.org/user/79398
[8] http://drupal.org/user/36762
[9] http://drupal.org/user/421070
[10] http://drupal.org/contact
[11] http://drupal.org/security-team
[12] http://drupal.org/writing-secure-code
[13] http://drupal.org/security/secure-configuration
[14] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-031 - Webform Template - Access Bypass

2014-03-12 Thread security-news

View online: https://drupal.org/node/2216607

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-031
   * Project: Webform Template [1] (third-party module)
   * Version: 7.x
   * Date: 2014-March-12
   * Security risk: Less critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access Bypass

 DESCRIPTION
-

This module enables you to copy webform config from one node to another.
The module doesn't respect node access when providing possible nodes to copy
from. As a result, a user may be disclosed the titles of nodes he does not
have view access to and as such he may be able to copy the webform
configuration from otherwise hidden nodes.
This vulnerability is mitigated by the fact that the system must be using a
node access control module and an attacker must have a role that has access
to edit nodes of the webform template destination type.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * All Webform Template 6.x-1.x versions.
   * Webform Template 7.x-1.x versions prior to 7.x-1.3.

Drupal core is not affected. If you do not use the contributed Webform
Template [4] module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Webform Template module for Drupal 7.x, upgrade to a newer
 version. The issue is fixed as from 7.x-1.3 [5].
   * If using an older version, be aware of the risks  consequences.

*Note: *For some people, the previous behavior was actually exactly how they
used this module. To restore the original functionality, go to the settings (
admin/config/content/webform_template ) and check the Defeat node access
checkbox.

Also see the Webform Template [6] project page.

 REPORTED BY
-

   * theunraveler [7]

 FIXED BY


   * rv0 [8] the module maintainer

 COORDINATED BY
--

   * Rick Manelius [9] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [10].

Learn more about the Drupal Security team and their policies [11], writing
secure code for Drupal [12], and securing your site [13].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [14]


[1] http://drupal.org/project/webform_template
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/webform_template
[5] https://drupal.org//drupal.org/node/2216447
[6] http://drupal.org/project/webform_template
[7] https://drupal.org/user/71548
[8] https://drupal.org/user/655596
[9] https://drupal.org/user/680072
[10] http://drupal.org/contact
[11] http://drupal.org/security-team
[12] http://drupal.org/writing-secure-code
[13] http://drupal.org/security/secure-configuration
[14] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] NEW VMSA-2014-0002 VMware vSphere updates to third party libraries

2014-03-11 Thread VMware Security Response Center

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- ---
VMware Security Advisory

Advisory ID: VMSA-2014-0002
Synopsis:VMware vSphere updates to third party libraries 
Issue date:  2014-03-11
Updated on:  2014-03-11 (initial advisory)
CVE numbers: --NTP ---
 CVE-2013-5211
 --glibc (service console) ---
 CVE-2013-4332
 --JRE--
 See references
- ---

1. Summary

   VMware has updated vSphere third party libraries.

2. Relevant releases

   vCenter Server Appliance 5.5 prior to 5.5 Update 1 

   VMware vCenter Server 5.5 prior 5.5 Update 1

   VMware Update Manager 5.5 prior 5.5 Update 1

   VMware ESXi 5.5 without patch ESXi550-201403101-SG

3. Problem Description

   a. DDoS vulnerability in NTP third party libraries

  The NTP daemon has a DDoS vulnerability in the handling of the
  monlist command. An attacker may send a forged request to a
  vulnerable NTP server resulting in an amplified response to the
  intended target of the DDoS attack. 
  
  Mitigation

  Mitigation for this issue is documented in VMware Knowledge Base
  article 2070193. This article also documents when vSphere 
  products are affected.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2013-5211 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMwareProduct Running Replace with/
  Product   Version on  Apply Patch
  = === === =
  VCSA  5.5 Linux   5.5 Update 1  
  VCSA  5.1 Linux   patch pending 
  VCSA  5.0 Linux   patch pending 
  
  ESXi  5.5 ESXiESXi550-201403101-SG
  ESXi  5.1 ESXipatch pending 
  ESXi  5.0 ESXipatch pending 
  ESXi  4.1 ESXipatch pending 
  ESXi  4.0 ESXipatch pending 

  ESX   4.1 ESX patch pending 
  ESX   4.0 ESX patch pending 


  b. Update to ESXi glibc package

 The ESXi glibc package is updated to version
 glibc-2.5-118.el5_10.2 to resolve a security issue.

 The Common Vulnerabilities and Exposures project (cve.mitre.org)
 has assigned the name CVE-2013-4332 to this issue.

 Column 4 of the following table lists the action required to
 remediate the vulnerability in each release, if a solution is
 available.

 VMware  Product   Running  Replace with/
 Product Version   on   Apply Patch
 ==    ===  =
 ESXi5.5   ESXi ESXi550-201403101-SG
 ESXi5.1   ESXi patch pending
 ESXi5.0   ESXi patch pending 
 ESXi4.1   ESXi no patch planned
 ESXi4.0   ESXi no patch planned

 ESX 4.1   ESX  not applicable
 ESX 4.0   ESX  not applicable

  c. vCenter and Update Manager, Oracle JRE 1.7 Update 45
  
 Oracle JRE is updated to version JRE 1.7 Update 45, which
 addresses multiple security issues that existed in earlier
 releases of Oracle JRE. 

 Oracle has documented the CVE identifiers that are addressed
 in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch 
 Update Advisory of October 2013. The References section provides
 a link to this advisory.

 Column 4 of the following table lists the action required to
 remediate the vulnerability in each release, if a solution is
 available.

 VMware   Product   Running Replace with/
 Product  Version   on  Apply Patch
 ====   === =
 vCenter Server   5.5   Any 5.5 Update 1  
 vCenter Server   5.1   Any not applicable **
 vCenter Server   5.0   Any not applicable **
 vCenter Server   4.1   Windows not applicable **
 vCenter Server   4.0   Windows not applicable *

 Update Manager   5.5   Windows 5.5 Update 1 
 Update Manager   5.1   Windows not applicable **
 Update Manager   5.0   Windows not applicable **
 Update Manager   4.1   Windows not applicable *
 Update Manager   4.0   Windows not applicable *

 ESXi any   ESXinot applicable

 ESX  4.1   ESX not applicable **
 ESX  4.0   ESX not applicable *
   
 * this product uses the Oracle JRE 1.5.0 family
 ** this product uses the Oracle JRE 1.6.0 family
 
4

[Full-disclosure] [ MDVSA-2014:048 ] gnutls

2014-03-10 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:048
 http://www.mandriva.com/en/support/security/
 ___

 Package : gnutls
 Date: March 10, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 Updated gnutls packages fix security vulnerability:
 
 It was discovered that GnuTLS did not correctly handle certain errors
 that could occur during the verification of an X.509 certificate,
 causing it to incorrectly report a successful verification. An attacker
 could use this flaw to create a specially crafted certificate that
 could be accepted by GnuTLS as valid for a site chosen by the attacker
 (CVE-2014-0092).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
 http://advisories.mageia.org/MGASA-2014-0117.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 102f795d8475e9c9d6df72aeffd9213b  mes5/i586/gnutls-2.4.1-2.10mdvmes5.2.i586.rpm
 1f87f8bce0222e4bad7f098e9ae04467  
mes5/i586/libgnutls26-2.4.1-2.10mdvmes5.2.i586.rpm
 c9bffc45aaddf198ccf185d130cd06c6  
mes5/i586/libgnutls-devel-2.4.1-2.10mdvmes5.2.i586.rpm 
 c713dc5b541177d7ad289853a6be2869  mes5/SRPMS/gnutls-2.4.1-2.10mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 74cf2ef8f62b6695fb7e0302bbd05f21  
mes5/x86_64/gnutls-2.4.1-2.10mdvmes5.2.x86_64.rpm
 1c915d2bfcadb6cb85ee2a80a3adf6ce  
mes5/x86_64/lib64gnutls26-2.4.1-2.10mdvmes5.2.x86_64.rpm
 62d52e05b82032c7952f2dbf8e60482f  
mes5/x86_64/lib64gnutls-devel-2.4.1-2.10mdvmes5.2.x86_64.rpm 
 c713dc5b541177d7ad289853a6be2869  mes5/SRPMS/gnutls-2.4.1-2.10mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 53bb1704d26e27aeeeddfdcf093c28a3  mbs1/x86_64/gnutls-3.0.28-1.2.mbs1.x86_64.rpm
 9d87ba4210c47fd889e311cfddcbc0eb  
mbs1/x86_64/lib64gnutls28-3.0.28-1.2.mbs1.x86_64.rpm
 3055076fd43b6a23e8ca36ca898e2378  
mbs1/x86_64/lib64gnutls-devel-3.0.28-1.2.mbs1.x86_64.rpm
 6c7adf3386ec46df821457f8ed0962f0  
mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.2.mbs1.x86_64.rpm 
 2399c9cd4b3b4eb1cd1ad82a2dbbc90e  mbs1/SRPMS/gnutls-3.0.28-1.2.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTHYuPmqjQ0CJFipgRAnO5AJ9UPgEWklfcapkAlRUrevDFRY5w1QCfUwqw
BPc793TFRj1+Ic7Ckur6Ahs=
=EexV
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:049 ] subversion

2014-03-10 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:049
 http://www.mandriva.com/en/support/security/
 ___

 Package : subversion
 Date: March 10, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 A vulnerability has been discovered and corrected in subversion:
 
 The get_resource function in repos.c in the mod_dav_svn module
 in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when
 SVNListParentPath is enabled, allows remote attackers to cause a
 denial of service (crash) via vectors related to the server root
 and request methods other than GET, as demonstrated by the svn ls
 http://svn.example.com command (CVE-2014-0032).
 
 This advisory provides the latest version of subversion (1.7.16)
 which is not vulnerable to this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
 http://subversion.apache.org/security/CVE-2014-0032-advisory.txt
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 25a0792c0644c3469694b1aed87920c4  
mes5/i586/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.i586.rpm
 5c4a0db4d471323f53b1062f495cc4d7  
mes5/i586/libsvn0-1.7.16-0.1mdvmes5.2.i586.rpm
 cf1185d10113c2ba5bfa5be6bc2c0c47  
mes5/i586/libsvnjavahl1-1.7.16-0.1mdvmes5.2.i586.rpm
 e3cc87ab3d41b46bf520bb292c12526f  
mes5/i586/perl-SVN-1.7.16-0.1mdvmes5.2.i586.rpm
 27b585a2d79689d73233463841f2bc80  
mes5/i586/perl-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 0039001ca9d125bfb557cffcc2f5b8c5  
mes5/i586/python-svn-1.7.16-0.1mdvmes5.2.i586.rpm
 4776c4ae660efbbc357c3c35fc9bd01f  
mes5/i586/python-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 6708ceca95968af6a53b6181278f8252  
mes5/i586/ruby-svn-1.7.16-0.1mdvmes5.2.i586.rpm
 261064f1e40912db8c0a863e0b907a6f  
mes5/i586/ruby-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 a115aab61321b6fa8180c0debfc2ebe2  
mes5/i586/subversion-1.7.16-0.1mdvmes5.2.i586.rpm
 942c99bfabaf203e5e10ac3ef394e63b  
mes5/i586/subversion-devel-1.7.16-0.1mdvmes5.2.i586.rpm
 32096c5120feb2ea6ece0675ef24412a  
mes5/i586/subversion-doc-1.7.16-0.1mdvmes5.2.i586.rpm
 35943db397129b7b6ab1ec48014356e8  
mes5/i586/subversion-server-1.7.16-0.1mdvmes5.2.i586.rpm
 377718f8801578a0a02afd21daa9d96d  
mes5/i586/subversion-tools-1.7.16-0.1mdvmes5.2.i586.rpm
 be6f8cc3ef11f7219f6a07824795ed41  
mes5/i586/svn-javahl-1.7.16-0.1mdvmes5.2.i586.rpm 
 f9511b3a764f7f5c0297b5c6478a05d5  
mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 fe630b13878ebd2eef2301836d42a833  
mes5/x86_64/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 34ea50c0238c1a71a0fb518ae81441a6  
mes5/x86_64/lib64svn0-1.7.16-0.1mdvmes5.2.x86_64.rpm
 a18979e9ea94488d2862e725b91ac995  
mes5/x86_64/lib64svnjavahl1-1.7.16-0.1mdvmes5.2.x86_64.rpm
 d186d26bf20b5b9cd6b6727f794b0747  
mes5/x86_64/perl-SVN-1.7.16-0.1mdvmes5.2.x86_64.rpm
 ba6923c0cb1f53ac8c96b682df7e5711  
mes5/x86_64/perl-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 18ef94dc37d3f7c4b161fdb71cb1900e  
mes5/x86_64/python-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 e0615817d08e9bdc3151d8de7b6f88da  
mes5/x86_64/python-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 8f3f546f4b57e2e6fe2d951e02eafde1  
mes5/x86_64/ruby-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm
 0dd7b95e42ebe58bc5a3a368142f7de6  
mes5/x86_64/ruby-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 da5acbb29a65970a911fdfd44e39e9d6  
mes5/x86_64/subversion-1.7.16-0.1mdvmes5.2.x86_64.rpm
 e4ccfd66a649b933ecc7bfd1fdba686d  
mes5/x86_64/subversion-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm
 074511092d7547f4c01f7820c4a00cab  
mes5/x86_64/subversion-doc-1.7.16-0.1mdvmes5.2.x86_64.rpm
 2cada523fcd8673de0fb2f99de60dad6  
mes5/x86_64/subversion-server-1.7.16-0.1mdvmes5.2.x86_64.rpm
 0f435f9026b9460c5be686a4d8218350  
mes5/x86_64/subversion-tools-1.7.16-0.1mdvmes5.2.x86_64.rpm
 933d8dfd42cdd71c6d43b7bec209a5e7  
mes5/x86_64/svn-javahl-1.7.16-0.1mdvmes5.2.x86_64.rpm 
 f9511b3a764f7f5c0297b5c6478a05d5  
mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 5095fc2f7b63d2374ba366051a873b58  
mbs1/x86_64/apache-mod_dav_svn-1.7.16-0.1.mbs1.x86_64.rpm
 633a46f34b6da14ddcab055dcc7b43c6  
mbs1/x86_64/lib64svn0-1.7.16-0.1.mbs1.x86_64.rpm
 1ca8f4e33ce81302d36912ed217f80b3  
mbs1/x86_64/lib64svn-gnome-keyring0-1.7.16-0.1.mbs1.x86_64.rpm
 f70f985409153583212517dbada5ab0b  
mbs1/x86_64/lib64svnjavahl1-1.7.16-0.1.mbs1.x86_64.rpm
 ed488e73c53881ada31cba91eab5b086  
mbs1/x86_64/perl-SVN-1.7.16-0.1.mbs1.x86_64.rpm
 ed510f571e41eb525e342ec597d1cfbe  
mbs1/x86_64/perl-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm
 6d4359f416b2a54ea9bb54275bc9cff2  
mbs1/x86_64/python-svn-1.7.16-0.1

[Full-disclosure] [ MDVSA-2014:050 ] wireshark

2014-03-10 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:050
 http://www.mandriva.com/en/support/security/
 ___

 Package : wireshark
 Date: March 10, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 Multiple vulnerabilities was found and corrected in Wireshark:
 
 * The NFS dissector could crash. Discovered by Moshe Kaplan
 (CVE-2014-2281).
 
 * The RLC dissector could crash (CVE-2014-2283).
 
 * The MPEG file parser could overflow a buffer. Discovered by Wesley
 Neelen (CVE-2014-2299).
 
 This advisory provides the latest version of Wireshark (1.8.13)
 which is not vulnerable to these issues.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299
 http://www.wireshark.org/security/wnpa-sec-2014-01.html
 http://www.wireshark.org/security/wnpa-sec-2014-03.html
 http://www.wireshark.org/security/wnpa-sec-2014-04.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 4f641d05af87e5a053edd599e23975c7  
mes5/i586/dumpcap-1.8.13-0.1mdvmes5.2.i586.rpm
 b1a8a82298dd88bde7f9e41b1a73b47d  
mes5/i586/libwireshark2-1.8.13-0.1mdvmes5.2.i586.rpm
 896c658c6ddacc562a0d70366c64aefd  
mes5/i586/libwireshark-devel-1.8.13-0.1mdvmes5.2.i586.rpm
 b3287396b309bd0ec077ec03647356ac  
mes5/i586/rawshark-1.8.13-0.1mdvmes5.2.i586.rpm
 b05f181a687aee422bcc9d2a0dbedecc  mes5/i586/tshark-1.8.13-0.1mdvmes5.2.i586.rpm
 a3c609066ee5c522f735160b791b3d1d  
mes5/i586/wireshark-1.8.13-0.1mdvmes5.2.i586.rpm
 8e3d5cddff1cf5b3de28e6fd6298a412  
mes5/i586/wireshark-tools-1.8.13-0.1mdvmes5.2.i586.rpm 
 104a5965c230eba36b23945ea4d378e6  
mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bf3e734f58c22f4a7d4cb9a92c723e6b  
mes5/x86_64/dumpcap-1.8.13-0.1mdvmes5.2.x86_64.rpm
 f3f2f97f4a0dab273fe6821f9b3dcda2  
mes5/x86_64/lib64wireshark2-1.8.13-0.1mdvmes5.2.x86_64.rpm
 d7182aa64192b2b4856ce1deb25da35d  
mes5/x86_64/lib64wireshark-devel-1.8.13-0.1mdvmes5.2.x86_64.rpm
 ce9a49108e3e37385b1ecd1aec0818b5  
mes5/x86_64/rawshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 345d1066d8dda18a06b0f9b0f34b12ff  
mes5/x86_64/tshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 49cf7c4dbec20d065ff535f5bc500d3b  
mes5/x86_64/wireshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 79c290d0a6934440a3989e696f6e3a2d  
mes5/x86_64/wireshark-tools-1.8.13-0.1mdvmes5.2.x86_64.rpm 
 104a5965c230eba36b23945ea4d378e6  
mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 919616ad2d26713c2d0a4148d06cc671  mbs1/x86_64/dumpcap-1.8.13-1.mbs1.x86_64.rpm
 32bc98bd5e9d2e19043d77ba944413fb  
mbs1/x86_64/lib64wireshark2-1.8.13-1.mbs1.x86_64.rpm
 e966a54884894738c89859f3768aed5c  
mbs1/x86_64/lib64wireshark-devel-1.8.13-1.mbs1.x86_64.rpm
 b96bbb6c34d1bf867e7409392b82817a  mbs1/x86_64/rawshark-1.8.13-1.mbs1.x86_64.rpm
 a803b639bdf2ffa9d905bae772d19498  mbs1/x86_64/tshark-1.8.13-1.mbs1.x86_64.rpm
 ba694e53492db08cb4db43ae181b519f  
mbs1/x86_64/wireshark-1.8.13-1.mbs1.x86_64.rpm
 c24508e134fd8be7216f4a165dc3f71c  
mbs1/x86_64/wireshark-tools-1.8.13-1.mbs1.x86_64.rpm 
 bc9586d2a42a3b7f52a02843905c7f59  mbs1/SRPMS/wireshark-1.8.13-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTHcXMmqjQ0CJFipgRApA3AJ9dlqu6qQiutinpvBDtprtQHoIKIQCeM396
03x4Ft2ynLHpeO4UFnID4QM=
=F8Lb
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.

   Asterisk Project Security Advisory - AST-2014-001

 ProductAsterisk  
 SummaryStack Overflow in HTTP Processing of Cookie Headers.  
Nature of Advisory  Denial Of Service 
  SusceptibilityRemote Unauthenticated Sessions   
 Severity   Moderate  
  Exploits KnownNo
   Reported On  February 21, 2014 
   Reported By  Lucas Molas, researcher at Programa STIC, Fundacion   
  
Dr. Manuel Sadosky, Buenos Aires, Argentina   
Posted On   March 10, 2014
 Last Updated OnMarch 10, 2014
 Advisory Contact   Richard Mudgett rmudgett AT digium DOT com  
 CVE Name   CVE-2014-2286 

Description  Sending a HTTP request that is handled by Asterisk with a
 large number of Cookie headers could overflow the stack. 
 You could even exhaust memory if you sent an unlimited   
 number of headers in the request.

Resolution  The patched versions now handle headers in a fashion that 
prevents a stack overflow. Users should upgrade to a  
corrected version, apply the released patches, or disable 
HTTP support. 

   Affected Versions
Product  Release Series  
 Asterisk Open Source1.8.x   All versions 
 Asterisk Open Source 11.x   All versions 
 Asterisk Open Source 12.x   All versions 
  Certified Asterisk 1.8.x   All versions 
  Certified Asterisk  11.x   All versions 

  Corrected In
 Product  Release 
  Asterisk Open Source   1.8.26.1, 11.8.1, 12.1.1 
   Certified Asterisk1.8.15-cert5, 11.6-cert2 

  Patches  
 SVN URL   Revision 
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diffAsterisk 
 
   1.8  
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-11.diff Asterisk 
 
   11   
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-12.diff Asterisk 
 
   12   
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.15.diff 
Certified 
   Asterisk 
 
   1.8.15   
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-11.6.diff   
Certified 
   Asterisk 
 
   11.6 
 

   Links https://issues.asterisk.org/jira/browse/ASTERISK-23340   

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at 
http://downloads.digium.com/pub/security/AST-2014-001.pdf and 
http://downloads.digium.com/pub/security/AST-2014-001.html

Revision History
  Date  Editor Revisions Made 
03/10/14   Richard Mudgett   Initial Revision.

   Asterisk Project Security Advisory - AST-2014-001
  Copyright (c) 2014 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver

   Asterisk Project Security Advisory - AST-2014-003

  ProductAsterisk 
  SummaryRemote Crash Vulnerability in PJSIP channel driver   
Nature of Advisory   Denial of Service
  Susceptibility Remote Unauthenticated Sessions  
 SeverityModerate 
  Exploits Known No   
Reported On  January 29, 2014 
Reported By  Joshua Colp jcolp AT digium DOT com
 Posted On   March 10, 2014   
  Last Updated OnMarch 10, 2014   
 Advisory ContactJoshua Colp jcolp AT digium DOT com
 CVE NameCVE-2014-2288

Description  A remotely exploitable crash vulnerability exists in the 
 PJSIP channel driver if the qualify_frequency  
 configuration option is enabled on an AOR and the remote 
 SIP server challenges for authentication of the resulting
 OPTIONS request. The response handling code wrongly assumes  
 that a PJSIP endpoint will always be associated with an  
 outgoing request which is incorrect. 

Resolution  This patch adds a check when handling responses challenging   
for authentication. If no endpoint is associated with the 
request no retry with authentication will occur.  

   Affected Versions
 Product   Release Series  
  Asterisk Open Source  12.x   All

  Corrected In
  Product  Release
 Asterisk Open Source 12.x  12.1.1

Patches
   SVN URL  Revision  
   http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff Asterisk   
   12 

   Links https://issues.asterisk.org/jira/browse/ASTERISK-23210   

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at 
http://downloads.digium.com/pub/security/AST-2014-003.pdf and 
http://downloads.digium.com/pub/security/AST-2014-003.html

Revision History
  Date Editor  Revisions Made 
03/05/14   Joshua Colp  Document Creation 

   Asterisk Project Security Advisory - AST-2014-003
  Copyright (c) 2014 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers

   Asterisk Project Security Advisory - AST-2014-002

 ProductAsterisk  
 SummaryDenial of Service Through File Descriptor Exhaustion  
with chan_sip Session-Timers  
Nature of Advisory  Denial of Service 
  SusceptibilityRemote Authenticated or Anonymous Sessions
 Severity   Moderate  
  Exploits KnownNo
   Reported On  2014/02/25
   Reported By  Corey Farrell 
Posted On   March 10, 2014
 Last Updated OnMarch 10, 2014
 Advisory Contact   Kinsey Moore kmoore AT digium DOT com   
 CVE Name   CVE-2014-2287 

Description  An attacker can use all available file descriptors using 
 SIP INVITE requests. 
  
 Knowledge required to achieve the attack:
  
 * Valid account credentials or anonymous dial in 
  
 * A valid extension that can be dialed from the SIP account  
  
 Trigger conditions:  
  
 * chan_sip configured with session-timers set to   
 originate or accept  
  
 ** The INVITE request must contain either a Session-Expires  
 or a Min-SE header with malformed values or values   
 disallowed by the system's configuration.
  
 * chan_sip configured with session-timers set to refuse  
  
 ** The INVITE request must offer timer in the Supported  
 header   
  
 Asterisk will respond with code 400, 420, or 422 for 
 INVITEs meeting this criteria. Each INVITE meeting these 
 conditions will leak a channel and several file  
 descriptors. The file descriptors cannot be released 
 without restarting Asterisk which may allow intrusion
 detection systems to be bypassed by sending the requests 
 slowly.  

Resolution  Upgrade to a version with the patch integrated or apply the   
appropriate patch.

   Affected Versions
 Product   Release Series  
  Asterisk Open Source 1.8.x   All
  Asterisk Open Source  11.x   All
  Asterisk Open Source  12.x   All
   Certified Asterisk  1.8.15  All
   Certified Asterisk   11.6   All

  Corrected In  
 Product  Release 
Asterisk Open Source 1.8.x1.8.26.1
Asterisk Open Source 11.x  11.8.1 
Asterisk Open Source 12.x  12.1.1 
Certified Asterisk 1.8.15   1.8.15-cert5  
 Certified Asterisk 11.6 11.6-cert2   

  Patches  
 SVN URL   Revision 
 
   http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diffAsterisk 
 
   1.8  
 
   http://downloads.asterisk.org/pub

[Full-disclosure] AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling

   Asterisk Project Security Advisory - AST-2014-004

 ProductAsterisk  
 SummaryRemote Crash Vulnerability in PJSIP Channel Driver
Subscription Handling 
Nature of Advisory  Denial of Service 
  SusceptibilityRemote Authenticated Sessions 
 Severity   Moderate  
  Exploits KnownNo
   Reported On  January 14th, 2014
   Reported By  Mark Michelson
Posted On   March 10, 2014
 Last Updated OnMarch 10, 2014
 Advisory Contact   Matt Jordan mjordan AT digium DOT com   
 CVE Name   CVE-2014-2289 

Description  A remotely exploitable crash vulnerability exists in the 
 PJSIP channel driver's handling of SUBSCRIBE requests. If a  
 SUBSCRIBE request is received for the presence Event, and
 that request has no Accept headers, Asterisk will attempt
 to access an invalid pointer to the header location. 
  
 Note that this issue was fixed during a re-architecture of   
 the res_pjsip_pubsub module in Asterisk 12.1.0. As such, 
 this issue has already been resolved in a released version   
 of Asterisk. This notification is being released for users   
 of Asterisk 12.0.0.  

Resolution  Upgrade to Asterisk 12.1.0, or apply the patch noted below
to Asterisk 12.0.0.   

   Affected Versions
 Product   Release Series  
  Asterisk Open Source  12.x   12.0.0 

  Corrected In  
 Product  Release 
   Asterisk Open Source12.1.0 

Patches
   SVN URL  Revision  
   http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff Asterisk   
   12 

   Links https://issues.asterisk.org/jira/browse/ASTERISK-23139   

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at 
http://downloads.digium.com/pub/security/AST-2014-004.pdf and 
http://downloads.digium.com/pub/security/AST-2014-004.html

Revision History
  Date Editor  Revisions Made 
03/05/14   Matt Jordan  Initial Revision  

   Asterisk Project Security Advisory - AST-2014-004
  Copyright (c) 2014 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers

2014-03-05 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Advisory ID: cisco-sa-20140305-wlc

Revision 1.0

For Public Release 2014 March 5 16:00  UTC (GMT)

Summary
===

The Cisco Wireless LAN Controller (WLC) product family is affected by the 
following vulnerabilities:
* Cisco Wireless LAN Controller Denial of Service Vulnerability
* Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points 
Vulnerability
* Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability
* Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability
* Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability
* Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability

Cisco has released free software updates that address these vulnerabilities. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTFyueAAoJEIpI1I6i1Mx3QjIQALqJuwk1Y8YJAG+QM86XNUw3
aT3rlIPdAazREbXTX4VjLVyvdlfdhq8nQOjWf11ipkOU2FvGG+CM4fjk2Mz/4yUv
YENEQLb8PZIzAaQh+Jk40DSVlEaNw6QdM5qg/4mz35BDc03TPMOos3W1wB6/erJj
D8ml9HxU9+l29RNDkWeeatJUIrpL2jP6YiYdctBSqpm0KP4i5sv8DIMMWvMMqny0
D3rUqlLbYKGA2M6Ho9yOB7f/OF9QckDDqhkMagV1xPMF8ii+1EgLyTD1g33+6Hi5
YS/MrHiRr9g8n0NZQdcM3hfOTZc09ucw5/3iPqhC2H/XGVJOSq8w9vGNjY6dpP9s
p0CiNmoX2bISLCzKPkfM9LzeFBENJjhR0owGeGpSvwCgwJ9n97Z9xUqfok+X57QA
fenzUOv7dY508+ULBiMr98DWdx59U7fjX61i1Gl361+f8yGljSI+Cp2ObWKHy+gD
sa+Em7P7rNUZ/lkzC7vW0svqNNiZioNK9t3SP/MjSUE2qSwpPVUow+FrnR3q/o3l
B5Fi3gMxOwCu2pLFgIiIvILDRWU3t0z1PlGv2sF0QmXgFAtd0/aPRDmHTqJ2mi1N
stGO/bk1nOcUcPdPLLOy1GQeJzLCR1ow6+FRDCu7BixGjZp5U3/UZtjwoz/ebQnK
WCGLHbeJbNdGzOFxAaqz
=LECh
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability

2014-03-05 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Cisco Security Advisory: Cisco Small Business Router Password Disclosure 
Vulnerability

Advisory ID: cisco-sa-20140305-rpd

Revision 1.0

For Public Release 2014 March 5 16:00  UTC (GMT)

+-

Summary
===


A vulnerability in the web management interface of the Cisco RV110W Wireless-N 
VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W 
Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain 
administrative-level access to the web management interface of the affected 
device.

The vulnerability is due to improper handling of authentication requests by the 
web framework. An attacker could exploit this vulnerability by intercepting, 
modifying and resubmitting an authentication request. Successful exploitation 
of this vulnerability could give an attacker administrative-level access to the 
web-based administration interface on the affected device.

Cisco has released free software updates that address this vulnerability. There 
are currently no known workarounds that mitigate this vulnerability. This 
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBUxdNdYpI1I6i1Mx3AQKOVQ//fDCH4hGeCpP1cWb2Huz9Oca8WqiDDzFZ
yItR++/l1/vFnQpe7hXmuEt1g/eCSOgV7jF/ILCpEjGN7Kh2zF/uYenBX8t6QYsr
nd/yO9gr82B/MwMPl8W5HU5jlpo+s82sbIr7X5TGv8+m3yTBLfboD27TQzkuzlZH
EoaOd/UnCHWKYJR+ADjG6+HLPY1zvr+gcycsrI8eTPzZmWp5rMjhlNgApYTRcC7P
g9EDG5qkkroEWufZpjC6ZX1KwE227WA8EFe0v34xlPjXYGdQK431qDK02QH85fkb
lOHpqFfRGAjuVyIhp99cQ+bXCx1vsBoB9vul/L0It68yeo8HePnnAlnjNhEkhQZg
cLAwZpEY/ndvcIjj03qfi/q9IFYLpjMrpaJhUJV1Z7Tan2gBf5u5ISlAvqqFIfgo
U6X0Lg8nDvN133I1jLCpdpeUKVm19WXntx5oqo/5YWshdClfP2B7Jx7mKLv72Ff4
BpNMQCAXXfa4xV4YQrMPxUlcfwSs8+BVzMaKN0Ewbph/z6fbW/uTCTmy+D1Guu9q
G2XA2/Hk7h8+O7gJf5OiHFl/5sHlGeLQ3HHN2+jnizOh66vm/Nko8wc7RtMSfWnh
0mOLK7HHYkPFvnZpLVEHHi7l1CcAHIj+qKt2ZX65I7GQgGWq76usZntIaiqAslij
hc8D2np3qGo=
=uInA
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-029 - Mime Mail - Access Bypass

2014-03-05 Thread security-news

View online: https://drupal.org/node/2211419

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-029
   * Project: Mime Mail [1] (third-party module)
   * Version: 6.x, 7.x
   * Date: 2014-March-05
   * Security risk: Less critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access bypass

 DESCRIPTION
-

The MIME Mail module allows to send MIME-encoded e-mail messages with
embedded images and attachments.

By default the module only allows files to be embedded or attached that are
located in the public files directory.

The module doesn't sufficiently check the file location, considering similar
paths in different roots as being located in the public files directory,
possibly allowing to send arbitrary files as attachments without permission.

This vulnerability is mitigated by the fact that an attacker must be able to
compose and send e-mail messages to an arbitrary address and the attached
file's location must partly match with the system path of the public files
directory.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Mime Mail 6.x-1.x versions prior to 6.x-1.4.
   * Mime Mail 7.x-1.x versions prior to 7.x-1.0-beta3.

Drupal core is not affected. If you do not use the contributed Mime Mail [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Mime Mail module for Drupal 6.x, upgrade to Mime Mail
 6.x-1.4 [5]
   * If you use the Mime Mail module for Drupal 7.x, upgrade to Mime Mail
 7.x-1.0-beta3 [6]

Also see the Mime Mail [7] project page.

 REPORTED BY
-

   * Heine Deelstra [8] of the Drupal Security Team

 FIXED BY


   * Gabor Seljan [9] the module maintainer
   * Rick Manelius [10] of the Drupal Security Team

 COORDINATED BY
--

   * Rick Manelius [11] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing
secure code for Drupal [14], and securing your site [15].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [16]


[1] http://drupal.org/project/mimemail
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/mimemail
[5] https://drupal.org/node/221
[6] https://drupal.org/node/2211109
[7] http://drupal.org/project/mimemail
[8] http://drupal.org/user/17943
[9] http://drupal.org/user/232117
[10] http://drupal.org/user/680072
[11] http://drupal.org/user/680072
[12] http://drupal.org/contact
[13] http://drupal.org/security-team
[14] http://drupal.org/writing-secure-code
[15] http://drupal.org/security/secure-configuration
[16] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-028 - Masquerade - Access bypass

2014-03-05 Thread security-news

View online: https://drupal.org/node/2211401

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-028
   * Project: Masquerade [1] (third-party module)
   * Version: 6.x, 7.x
   * Date: 2014-March-05
   * Security risk: Highly critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access bypass

 DESCRIPTION
-

This module allows a user with the right permissions to switch users.

When a user has been limited to only masquerading as certain users via the
Enter the users this user is able to masquerade as user profile field, they
can still masquerade as any user on the site by using the Enter the username
to masquerade as. autocomplete field in the masquerade block.

This vulnerability is mitigated by the fact that an attacker must have access
to masquerade as another user.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Masquerade 6.x-2.x versions prior to 6.x-1.8.
   * Masquerade 7.x-2.x versions prior to 7.x-1.0-rc6.

Drupal core is not affected. If you do not use the contributed Masquerade [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Masquerade module for Drupal 6.x, upgrade to Masquerade
 6.x-1.8 [5]
   * If you use the Masquerade module for Drupal 7.x, upgrade to Masquerade
 7.x-1.0-rc6 [6]

Also see the Masquerade [7] project page.

 REPORTED BY
-

   * Jeff H [8]

 FIXED BY


   * Laurence Liss [9], provisional member of the Drupal Security Team
   * Mark Shropshire [10], one of the Masquerade module maintainers

 COORDINATED BY
--

   * Laurence Liss [11], provisional member of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing
secure code for Drupal [14], and securing your site [15].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [16]


[1] http://drupal.org/project/masquerade
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/masquerade
[5] https://drupal.org/node/2210877
[6] https://drupal.org/node/2210879
[7] http://drupal.org/project/masquerade
[8] http://drupal.org/user/37837
[9] http://drupal.org/user/724750
[10] http://drupal.org/user/14767
[11] http://drupal.org/user/724750
[12] http://drupal.org/contact
[13] http://drupal.org/security-team
[14] http://drupal.org/writing-secure-code
[15] http://drupal.org/security/secure-configuration
[16] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-027 - NewsFlash Theme - XSS

2014-03-05 Thread security-news

View online: https://drupal.org/node/2211381

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-027
   * Project: NewsFlash [1] (third-party theme)
   * Version: 6.x, 7.x
   * Date: 2014-March-05
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

Newsflash is a theme that features 7 color styles, 12 collapsible regions,
suckerfish menus, fluid or fixed widths, built-in IE transparent PNG fix, and
lots more.

The theme does not sanitize the user provided theme setting for the font
family CSS property, thereby exposing a cross-site scripting (XSS)
vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission administer themes.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * NewsFlash 6.x-1.x versions prior to 6.x-1.7.
   * NewsFlash 7.x-1.x versions prior to 7.x-2.5.

Drupal core is not affected. If you do not use the contributed NewsFlash [4]
theme, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the theme NewsFlash for Drupal 7.x, upgrade to NewsFlash
 7.x-2.5 [5]
   * If you use the theme NewsFlash for Drupal 6.x, upgrade to NewsFlash
 6.x-1.7 [6]

Also see the NewsFlash [7] project page.

 REPORTED BY
-

   * Dennis Walgaard [8]

 FIXED BY


   * Alyx Vance [9] the theme maintainer

 COORDINATED BY
--

   * Klaus Purer [10] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [11].

Learn more about the Drupal Security team and their policies [12], writing
secure code for Drupal [13], and securing your site [14].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [15]


[1] http://drupal.org/project/newsflash
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/newsflash
[5] https://drupal.org/node/2210621
[6] https://drupal.org/node/2210619
[7] http://drupal.org/project/newsflash
[8] https://drupal.org/user/883702
[9] https://drupal.org/user/1284976
[10] https://drupal.org/user/262198
[11] http://drupal.org/contact
[12] http://drupal.org/security-team
[13] http://drupal.org/writing-secure-code
[14] http://drupal.org/security/secure-configuration
[15] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Update: CVE-2014-0053 Information Disclosure when using Grails

2014-02-27 Thread Pivotal Security Team

CVE-2014-0053 Information Disclosure in Grails applications

Severity: Important

Vendor: Grails by Pivotal

Product Affected:
- Grails Resources plugin 1.0.0 to 1.2.5

Products known to depend on the affected product:
- Grails 2.0.0 to 2.3.6


Description:
The Grails resources plug-in, a default dependency of Grails since
2.0.0, does not block access to resources located under /WEB-INF or
/META-INF by default. This means that both configuration files and
class files are publicly accessible when they should be private.
Further, the filtering mechanism that applies any configured block
does not normalise the requested URI before filtering allowing the
block to be bypassed via directory traversal.

Mitigation:
Users of affected versions should apply one of the following
mitigations:
- Upgrade the resources plug-in to 1.2.6, configure the resources
  plug-in to block access to resources under /WEB-INF and /META-INF
  and the redploy the application
- Prevent access to resources under /WEB-INF and /META-INF in the
  reverse proxy (if one is used)

Possible configuration options to block access to /WEB-INF include
adding the following to grails-app/conf/Config.groovy:
grails.resources.adhoc.includes = ['/images/**', '/css/**', '/js/**', 
'/plugins/**']
grails.resources.adhoc.excludes = ['**/WEB-INF/**','**/META-INF/**']

Credit:
The original /WEB-INF issue was identified by @Ramsharan065 but was
reported publicly to the Grails team via Twitter. Pivotal strongly
encourages responsible reporting of security vulnerabilities via
secur...@gopivotal.com
The /META-INF aspects of this issue were identified by numerous
individuals and reported responsibly to either the Grails team or to
the Pivotal Security team.
The directory traversal aspects of this vulnerability were reported
to the Pivotal security team by Kristian Mattila.


References:
https://twitter.com/Ramsharan065/status/434975409134792704
http://www.gopivotal.com/security/cve-2014-0053 (may take 24 hours to update)

History:
2014-Feb-16: /WEB-INF issue made public
2014-Feb-19: Initial vulnerability report published
2014-Feb-27: Updated to include information on /META-INF and directory
 traversal aspects of this vulnerability.
 Separated out affected product and dependencies
 Extended affected Grails versions to include 2.3.6
 Updated mitigations.___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability

2014-02-26 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Cisco Prime Infrastructure Command Execution Vulnerability

Advisory ID: cisco-sa-20140226-pi

Revision 1.0

For Public Release 2014 February 26 16:00  UTC (GMT)

Summary
===

A vulnerability in Cisco Prime Infrastructure could allow an authenticated, 
remote attacker to execute arbitrary commands with root-level privileges.

The vulnerability is due to improper validation of URL requests. An attacker 
could exploit this vulnerability by requesting an unauthorized command via a 
specific URL. Successful exploitation could allow an authenticated attacker to 
execute system commands with root-level privileges.

Cisco has released free software updates that address this vulnerability. A 
software patch that addresses this vulnerability in all affected versions is 
also available. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTDf6tAAoJEIpI1I6i1Mx3NYgQALW6jEKLiPRD5IZ1j/V4eD5O
nsjvGer3XNJVdp3BM1+KU4j/JWSSuCimZcRiZpRDvOeb5ecSDnlyRYzygMo+bsdV
fY0PrzOBJ9JxCfWX/9+0MsJZbaBFX1uI/Kic/4vZRhTwE4VsQKV6fhO3drbPaTsT
BlkePdhE7tezBoxA2Ek7IXMyRDf/fQOhJE1//INtxkAoig2jauDvQ7k+qSnE2iXq
zZRgSCmm9y462U/uf+zWBbGkeyPADEHpBTZB1eiVD7bsQIVmi9iKIUgamCaPtLs4
PeSpwOgvCfA6YEot34HoOP1/XupqekXiWdRnDXromDZACUKe8QpQxVVN/uauaz4s
+klrPDoiCDoDKV83LLPIVd7lGW0VzEAgMBk8hy06PGGRwqMSDBmRs8EyoRf2o3J1
nn/FVty8FGhd2CZAcnG8WccUcCjUGZNHKDe1Y7aIdE8b6hvHUgWEgOpE2o2WLZ+w
Ivnlk8AQuJrKHmO8sKDk39BNk42U5+PX64bolo60RyCA/0yQ4wmBPFZxxx8JaFYT
Vpq/dp99m8B1EpMnZpnBsKsNjMoNWvNhoafbpIRbqIBJx5+JNibmQajke9S+Ge9H
SUXY930hKqOKXFFFgHKfoQHL8/P69dPi826VKeOCkPxQm1eHkSVVuJ2enQdkHRug
hee5aSj00KvSKL/W1KUA
=VfwX
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-023 - Project Issue File Review - XSS

View online: https://drupal.org/node/2205767

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-023
   * Project: Project Issue File Review [1] (third-party module)
   * Version: 6.x
   * Date: 2014-February-26
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

The Project Issue File Review (PIFR) module provides an abstracted
client-server model and plugin API for performing distributed operations such
as code review and testing, with a focus on supporting Drupal development.

Two scenarios were identified where the module does not sufficiently sanitize
user provided input, exposing the 'server' component of the module to
cross-site scripting vulnerabilities.

The first scenario is mitigated by the fact that an attacker must have a role
with the 'manage PIFR environments' administrative permission.

The second scenario is mitigated by the fact that an attacker must be able to
initiate testing of a patch specially crafted to exploit the vulnerability on
the PIFR testing environment, have the testing execute successfully on a PIFR
client, and have the client provide the testing results back to the PIFR
server component.

As one common purpose of this module is to provide validation and testing of
user-supplied patches, users of the PIFR module should always consider the
'PIFR client' component of this module as insecure and untrusted, by design.
The 'PIFR client' component should always be maintained in a separate network
environment, isolated from the 'PIFR server' component or other critical
infrastructure.

There have been no known exploits of this vulnerability observed or reported
on any servers running the PIFR module, including those within Drupal.org's
automated testing environment.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Project_Issue_File_Review 6.x-2.x versions prior to 6.x-2.17.

Drupal core is not affected. If you do not use the contributed Project Issue
File Review [4] module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the PIFR module for Drupal 6.x, upgrade to Project Issue File
 Review 6.x-2.17 [5].  Be sure to review and consider the associated
 release notes for all intermediary releases when upgrading.

Also see the Project Issue File Review [6] project page.

 REPORTED BY
-

   * Wim Leers [7]
   * Jeremy Thorson [8] the module maintainer

 FIXED BY


   * Neil Drumm [9] of the Drupal Security Team
   * Michael Hess [10] of the Drupal Security Team
   * Jeremy Thorson [11] the module maintainer

 COORDINATED BY
--

   * Michael Hess [12] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [13].

Learn more about the Drupal Security team and their policies [14], writing
secure code for Drupal [15], and securing your site [16].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [17]


[1] http://drupal.org/project/project_issue_file_review
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/project_issue_file_review
[5] https://drupal.org/node/2205755
[6] http://drupal.org/project/project_issue_file_review
[7] http://drupal.org/user/99777
[8] http://drupal.org/user/148199
[9] http://drupal.org/user/3064
[10] http://drupal.org/user/102818
[11] http://drupal.org/user/148199
[12] http://drupal.org/user/102818
[13] http://drupal.org/contact
[14] http://drupal.org/security-team
[15] http://drupal.org/writing-secure-code
[16] http://drupal.org/security/secure-configuration
[17] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-025 - Open Omega - Access Bypass

View online: https://drupal.org/node/2205877

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-025
   * Project: Open Omega [1] (third-party theme)
   * Version: 7.x
   * Date: 2014-February-26
   * Security risk: Less critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access bypass

 DESCRIPTION
-

This theme is a sub theme of omega used as as a sample theme for the open
Public Distribution.

The theme doesn't sufficiently check the users menu access when building the
header and footer menus, so that it can expose the title and path of
restricted items in the menu.

This vulnerability is mitigated by the fact that that it is only present when
this menu has items with restricted access that differ by role.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * openomega 7.x-1.x versions prior to 7.x-1.1.

Drupal core is not affected. If you do not use the contributed Open Omega [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use this theme for Drupal 7.x, upgrade to Open Omega 7.x-1.1 [5]

Also see the Open Omega [6] project page.

 REPORTED BY
-

   * Peter Taylor [7]

 FIXED BY


   * Erik Summerfield [8], the theme maintainer

 COORDINATED BY
--

   * Hunter Fox [9] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [10].

Learn more about the Drupal Security team and their policies [11], writing
secure code for Drupal [12], and securing your site [13].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [14]


[1] http://drupal.org/project/openomega
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/openomega
[5] https://drupal.org/node/2205859
[6] http://drupal.org/project/openomega
[7] http://drupal.org/user/2674141
[8] http://drupal.org/user/189123
[9] http://drupal.org/user/426416
[10] http://drupal.org/contact
[11] http://drupal.org/security-team
[12] http://drupal.org/writing-secure-code
[13] http://drupal.org/security/secure-configuration
[14] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-024 - Content Lock - CSRF

View online: https://drupal.org/node/2205807

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-024
   * Project: Content locking (anti-concurrent editing) [1] (third-party
 module)
   * Version: 6.x, 7.x
   * Date: 2014-February-26
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Request Forgery

 DESCRIPTION
-

This module prevents people from editing the same content at the same time.
It adds a locking layer to nodes.  It does not protect from CSRF.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * All 6.x Versions
   * All 7.x Versions

Drupal core is not affected. If you do not use the contributed Content
locking (anti-concurrent editing) [4] module, there is nothing you need to
do.

 SOLUTION


Uninstall the module, it is no longer maintained .

Also see the Content locking (anti-concurrent editing) [5] project page.

 REPORTED BY
-

   * Eugen Mayer  [6]

 FIXED BY


There is no fix for this issue.

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [7].

Learn more about the Drupal Security team and their policies [8], writing
secure code for Drupal [9], and securing your site [10].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [11]


[1] http://drupal.org/project/content_lock
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/content_lock
[5] http://drupal.org/project/content_lock
[6] https://drupal.org/user/108406
[7] http://drupal.org/contact
[8] http://drupal.org/security-team
[9] http://drupal.org/writing-secure-code
[10] http://drupal.org/security/secure-configuration
[11] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-026 - Mime Mail - Access bypass

View online: https://drupal.org/node/2205991

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-026
   * Project: Mime Mail [1] (third-party module)
   * Version: 6.x, 7.x
   * Date: 2014-February-26
   * Security risk: Not critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access bypass

 DESCRIPTION
-

The MIME Mail module allows processing of incoming MIME-encoded e-mail
messages with embedded images and attachments.

The default key for the authentication of incoming messages is generated from
a random number. On some platforms (such as Windows) the maximum value of
this number is only 32767 which makes the generated key particularly
vulnerable to a brute force attack.

This vulnerability is mitigated by the fact that the processing of incoming
messages needs to be enabled on the site and the default key can be arbitrary
changed by the site administrator.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Mime Mail 6.x-1.x versions prior to 6.x-1.3.
   * Mime Mail 7.x-1.x versions prior to 7.x-1.0-beta2.

Drupal core is not affected. If you do not use the contributed Mime Mail [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Mime Mail module for Drupal 6.x, upgrade to Mime Mail
 6.x-1.3 [5]
   * If you use the Mime Mail module for Drupal 7.x, upgrade to Mime Mail
 7.x-1.0-beta2 [6]

These releases include a stronger authentication process for incoming
messages which is backward incompatible. If you are using this feature, make
sure to use the HMAC method with the new key generated during the update
process to authenticate your messages.

Also see the Mime Mail [7] project page.

 REPORTED BY
-

   * Heine Deelstra [8] of the Drupal Security Team

 FIXED BY


   * Gabor Seljan [9] the module maintainer
   * Rick Manelius [10]provisional Drupal Security Team member

 COORDINATED BY
--

   * Hunter Fox [11] of the Drupal Security Team
   * Rick Manelius [12] provisional Drupal Security Team member.

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [13].

Learn more about the Drupal Security team and their policies [14], writing
secure code for Drupal [15], and securing your site [16].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [17]


[1] http://drupal.org/project/mimemail
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/mimemail
[5] https://drupal.org/node/2205939
[6] https://drupal.org/node/2205949
[7] http://drupal.org/project/mimemail
[8] http://drupal.org/user/17943
[9] http://drupal.org/user/232117
[10] http://drupal.org/user/680072
[11] http://drupal.org/user/426416
[12] https://drupal.org/user/680072
[13] http://drupal.org/contact
[14] http://drupal.org/security-team
[15] http://drupal.org/writing-secure-code
[16] http://drupal.org/security/secure-configuration
[17] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:046 ] phpmyadmin

2014-02-21 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:046
 http://www.mandriva.com/en/support/security/
 ___

 Package : phpmyadmin
 Date: February 21, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 A vulnerability has been discovered and corrected in phpmyadmin:
 
 Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin
 before 4.1.7 allows remote authenticated users to inject arbitrary
 web script or HTML via a crafted filename in an import action
 (CVE-2014-1879).
 
 This upgrade provides the latest phpmyadmin version (4.1.7) to address
 this vulnerability.
 
 Additionally phpseclib packages has been added due to new dependencies.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1879
 http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 c263bd5b965453ba650bb81a711768eb  
mes5/i586/phpmyadmin-4.1.7-0.1mdvmes5.2.noarch.rpm
 defc507ff8600e6188b7e405ea0bb008  
mes5/i586/phpseclib-0.3.5-0.1mdvmes5.2.noarch.rpm 
 3774e20f2f2f66c79986b4882781b82f  
mes5/SRPMS/phpmyadmin-4.1.7-0.1mdvmes5.2.src.rpm
 2243c59f2967dcb463ea444569013862  
mes5/SRPMS/phpseclib-0.3.5-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 dbc67b08ffc4c7a25a27d092e2bff4eb  
mes5/x86_64/phpmyadmin-4.1.7-0.1mdvmes5.2.noarch.rpm
 7e740e3937991151e80fea25f8747a5b  
mes5/x86_64/phpseclib-0.3.5-0.1mdvmes5.2.noarch.rpm 
 3774e20f2f2f66c79986b4882781b82f  
mes5/SRPMS/phpmyadmin-4.1.7-0.1mdvmes5.2.src.rpm
 2243c59f2967dcb463ea444569013862  
mes5/SRPMS/phpseclib-0.3.5-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 385122f1d627a1107ab0bb93cd343984  
mbs1/x86_64/phpmyadmin-4.1.7-1.mbs1.noarch.rpm
 a27ce27fa10c5750558198f78aaf6626  
mbs1/x86_64/phpseclib-0.3.5-1.mbs1.noarch.rpm 
 f8a14ae4521da88c222fae2c4f2d409b  mbs1/SRPMS/phpmyadmin-4.1.7-1.mbs1.src.rpm
 7dadbad52a3e80ce9b6dc294db313202  mbs1/SRPMS/phpseclib-0.3.5-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTBycEmqjQ0CJFipgRAgsdAJ462zo1iNvM+igFAhA45Z6utcbcEgCg9beb
1hXHfpHC2lTTcODyTFzXdh4=
=EktW
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:047 ] postgresql

2014-02-21 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:047
 http://www.mandriva.com/en/support/security/
 ___

 Package : postgresql
 Date: February 21, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in
 postgresql:
 
 Granting a role without ADMIN OPTION is supposed to prevent the
 grantee from adding or removing members from the granted role, but
 this restriction was easily bypassed by doing SET ROLE first. The
 security impact is mostly that a role member can revoke the access
 of others, contrary to the wishes of his grantor. Unapproved role
 member additions are a lesser concern, since an uncooperative role
 member could provide most of his rights to others anyway by creating
 views or SECURITY DEFINER functions (CVE-2014-0060).
 
 The primary role of PL validator functions is to be called implicitly
 during CREATE FUNCTION, but they are also normal SQL functions
 that a user can call explicitly. Calling a validator on a function
 actually written in some other language was not checked for and could
 be exploited for privilege-escalation purposes. The fix involves
 adding a call to a privilege-checking function in each validator
 function. Non-core procedural languages will also need to make this
 change to their own validator functions, if any (CVE-2014-0061).
 
 If the name lookups come to different conclusions due to concurrent
 activity, we might perform some parts of the DDL on a different
 table than other parts. At least in the case of CREATE INDEX, this
 can be used to cause the permissions checks to be performed against
 a different table than the index creation, allowing for a privilege
 escalation attack (CVE-2014-0062).
 
 The MAXDATELEN constant was too small for the longest possible value of
 type interval, allowing a buffer overrun in interval_out(). Although
 the datetime input functions were more careful about avoiding buffer
 overrun, the limit was short enough to cause them to reject some valid
 inputs, such as input containing a very long timezone name. The ecpg
 library contained these vulnerabilities along with some of its own
 (CVE-2014-0063).
 
 Several functions, mostly type input functions, calculated an
 allocation size without checking for overflow. If overflow did
 occur, a too-small buffer would be allocated and then written past
 (CVE-2014-0064).
 
 Use strlcpy() and related functions to provide a clear guarantee
 that fixed-size buffers are not overrun. Unlike the preceding items,
 it is unclear whether these cases really represent live issues,
 since in most cases there appear to be previous constraints on the
 size of the input string. Nonetheless it seems prudent to silence
 all Coverity warnings of this type (CVE-2014-0065).
 
 There are relatively few scenarios in which crypt() could return NULL,
 but contrib/chkpass would crash if it did. One practical case in which
 this could be an issue is if libc is configured to refuse to execute
 unapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066).
 
 Since the temporary server started by make check uses trust
 authentication, another user on the same machine could connect to it
 as database superuser, and then potentially exploit the privileges of
 the operating-system user who started the tests. A future release will
 probably incorporate changes in the testing procedure to prevent this
 risk, but some public discussion is needed first. So for the moment,
 just warn people against using make check when there are untrusted
 users on the same machine (CVE-2014-0067).
 
 This advisory provides the latest version of PostgreSQL that is not
 vulnerable to these issues.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0067
 http://www.postgresql.org/docs/9.2/static/release-9-2-5.html
 http://www.postgresql.org/docs/9.2/static/release-9-2-6.html
 http://www.postgresql.org/docs/9.2/static/release-9-2-7.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 79694cb7b4dd67569529507531e9f43c  
mbs1/x86_64/lib64ecpg9.2_6-9.2.7-1.mbs1.x86_64.rpm
 71413fef641ef26dfd364cc0417ec002  
mbs1

[Full-disclosure] [ MDVSA-2014:045 ] libtar

2014-02-20 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:045
 http://www.mandriva.com/en/support/security/
 ___

 Package : libtar
 Date: February 20, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 A directory traversal attack was reported against libtar, a C library
 for manipulating tar archives. The application does not validate
 the filenames inside the tar archive, allowing to extract files in
 arbitrary path. An attacker can craft a tar file to override files
 beyond the tar_extract_glob and tar_extract_all prefix parameter
 (CVE-2013-4420).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4420
 http://www.debian.org/security/2014/dsa-2863.en.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 9c41216c3e2a51a66b92fac79f24145e  mes5/i586/libtar-1.2.11-8.2mdvmes5.2.i586.rpm
 b3c2c7a0f5b6485cef4cea7b3a1260eb  
mes5/i586/libtar-devel-1.2.11-8.2mdvmes5.2.i586.rpm 
 394c02d53c5ed8aee4ba0120c8c323f4  mes5/SRPMS/libtar-1.2.11-8.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 789f1f0d19a70b6270524ae75f82605b  
mes5/x86_64/libtar-1.2.11-8.2mdvmes5.2.x86_64.rpm
 5c599c305977157852f7671e41705f46  
mes5/x86_64/libtar-devel-1.2.11-8.2mdvmes5.2.x86_64.rpm 
 394c02d53c5ed8aee4ba0120c8c323f4  mes5/SRPMS/libtar-1.2.11-8.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 f61a5b919d27fba85205633da3703b17  
mbs1/x86_64/libtar-1.2.11-11.2.mbs1.x86_64.rpm
 3e6b2e5a5567eb957c7046314788078e  
mbs1/x86_64/libtar-devel-1.2.11-11.2.mbs1.x86_64.rpm 
 707c993007a990897d2d85c8a6bdbfd0  mbs1/SRPMS/libtar-1.2.11-11.2.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTBdUpmqjQ0CJFipgRApKoAKCJMXlB/e7LqDlULfkA4kwaOj5E8ACeLK8A
aWsYArQaT0C7Fv83WQrmS6g=
=gxwI
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] RC Trojan 1.1d (Undetected)

2014-02-20 Thread ICSS Security

It's detected now.
ClamAV - PUA.Win32.Packer.Upx-53K7AntiVirus - Trojan ( 000200f91 )K7GW - Trojan 
( 000200f91 )Qihoo-360 - HEUR/Malware.QVM06.GenSymantec - 
WS.Reputation.1TrendMicro-HouseCall - TROJ_GEN.F47V0219
 Too bad they killed it already.
 
 2014-02-19 21:17 GMT+01:00 ICSS Security ctrlaltdel...@outlook.pt:
  Hi,
 
  Just releasing my new achievement.
 
  What is?
  
  RC Trojan AKA Remote Control trojan which allow the control of a computer
  remotely in the same network (Lan/Wan).
 
  It's build in commercial software so it may take a while to get detected but
  MD5 may be applied.
 
  INFO
  
  Basicaly it's an http server and a server routine that executes tasks.
  All can be easily unveiled...
 
  Leave any feedback
 
  Download:
  https://www.mediafire.com/?f6mg1yiyklq6otb
 
  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/

  ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:041 ] python

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:041
 http://www.mandriva.com/en/support/security/
 ___

 Package : python
 Date: February 19, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 A vulnerability was reported in Python#039;s socket module, due to a
 boundary error within the sock_recvfrom_into() function, which could
 be exploited to cause a buffer overflow. This could be used to crash a
 Python application that uses the socket.recvfrom_info() function or,
 possibly, execute arbitrary code with the permissions of the user
 running vulnerable Python code (CVE-2014-1912).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912
 http://bugs.python.org/issue20246
 https://bugzilla.redhat.com/show_bug.cgi?id=1062370
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 9f5d8acdfaff42d2fe7aae145aa6bdf4  
mes5/i586/libpython2.5-2.5.2-5.13mdvmes5.2.i586.rpm
 87e946a35ed4a041ce15fb328a94962f  
mes5/i586/libpython2.5-devel-2.5.2-5.13mdvmes5.2.i586.rpm
 8e89735ab8baa2f6975f8238b082c059  mes5/i586/python-2.5.2-5.13mdvmes5.2.i586.rpm
 903a0bd59758cf89d2cfc6f50dfccf31  
mes5/i586/python-base-2.5.2-5.13mdvmes5.2.i586.rpm
 12299e01e8a6854b9b737e7134e0c67e  
mes5/i586/python-docs-2.5.2-5.13mdvmes5.2.i586.rpm
 6981e8ff73aea76e7781c9f4eaa16221  
mes5/i586/tkinter-2.5.2-5.13mdvmes5.2.i586.rpm
 b48267baca317515f87ba162ed4eab02  
mes5/i586/tkinter-apps-2.5.2-5.13mdvmes5.2.i586.rpm 
 83a624a38fbf33f8dd30be16c059fedd  mes5/SRPMS/python-2.5.2-5.13mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d29187d3073068ca4dd23a7e873ad23f  
mes5/x86_64/lib64python2.5-2.5.2-5.13mdvmes5.2.x86_64.rpm
 6a982f71c8363e6bce7f8958168702bd  
mes5/x86_64/lib64python2.5-devel-2.5.2-5.13mdvmes5.2.x86_64.rpm
 75bc4436ed423dcedaf209d774bcbfab  
mes5/x86_64/python-2.5.2-5.13mdvmes5.2.x86_64.rpm
 33a74fac35c5009fcc066d774f4b200d  
mes5/x86_64/python-base-2.5.2-5.13mdvmes5.2.x86_64.rpm
 945d27beff9becc2b207027edd6b90e1  
mes5/x86_64/python-docs-2.5.2-5.13mdvmes5.2.x86_64.rpm
 9163259f05462f665998c2add88f8631  
mes5/x86_64/tkinter-2.5.2-5.13mdvmes5.2.x86_64.rpm
 63d61503b92a17c04548db2b60faa395  
mes5/x86_64/tkinter-apps-2.5.2-5.13mdvmes5.2.x86_64.rpm 
 83a624a38fbf33f8dd30be16c059fedd  mes5/SRPMS/python-2.5.2-5.13mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 949fbdcadfe90fd12d6c6dcc2d1740ef  
mbs1/x86_64/lib64python2.7-2.7.3-4.5.mbs1.x86_64.rpm
 750b20f80e21a7b2a753b736fb3bbb9b  
mbs1/x86_64/lib64python-devel-2.7.3-4.5.mbs1.x86_64.rpm
 9264c30b67dd6fa5438b73ecc9e218aa  mbs1/x86_64/python-2.7.3-4.5.mbs1.x86_64.rpm
 e3245ecc8907e9ae9e8dc70e23d057c6  
mbs1/x86_64/python-docs-2.7.3-4.5.mbs1.noarch.rpm
 b2fa904583d40bca084cc24c1599cc47  mbs1/x86_64/tkinter-2.7.3-4.5.mbs1.x86_64.rpm
 f115c68c0713f3681d411d635c910374  
mbs1/x86_64/tkinter-apps-2.7.3-4.5.mbs1.x86_64.rpm 
 ad12c7fe3e8f82dd0e4836288af1198a  mbs1/SRPMS/python-2.7.3-4.5.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTBF1JmqjQ0CJFipgRAhDEAJ9tmnwSQ16RCBiNjXc7qge0Q/oXnQCgmsKL
7otvc41VTF+HbIhMxfFud6Y=
=PIy4
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:042 ] tomcat6

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:042
 http://www.mandriva.com/en/support/security/
 ___

 Package : tomcat6
 Date: February 19, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated tomcat6 packages fix security vulnerabilities:
 
 It was discovered that Tomcat incorrectly handled certain requests
 submitted using chunked transfer encoding. A remote attacker could
 use this flaw to cause the Tomcat server to stop responding, resulting
 in a denial of service (CVE-2012-3544).
 
 A frame injection in the Javadoc component in Oracle Java SE 7
 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45
 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote
 attackers to affect integrity via unknown vectors related to Javadoc
 (CVE-2013-1571).
 
 A flaw was found in the way the tomcat6 init script handled the
 tomcat6-initd.log log file. A malicious web application deployed on
 Tomcat could use this flaw to perform a symbolic link attack to change
 the ownership of an arbitrary system file to that of the tomcat user,
 allowing them to escalate their privileges to root (CVE-2013-1976).
 
 It was discovered that Tomcat incorrectly handled certain
 authentication requests. A remote attacker could possibly use this
 flaw to inject a request that would get executed with a victim#039;s
 credentials (CVE-2013-2067).
 
 Note: With this update, tomcat6-initd.log has been moved from
 /var/log/tomcat6/ to the /var/log/ directory.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067
 http://advisories.mageia.org/MGASA-2014-0082.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 8b304fbd6b68bef47f85ef31d0bea344  mbs1/x86_64/tomcat6-6.0.39-1.mbs1.noarch.rpm
 7243145c6a5be3a964e69db023ee71c9  
mbs1/x86_64/tomcat6-admin-webapps-6.0.39-1.mbs1.noarch.rpm
 f2c3f53c7b0d0418aed86f12a9f6900c  
mbs1/x86_64/tomcat6-docs-webapp-6.0.39-1.mbs1.noarch.rpm
 54db0f145ed365fd226bb9d5fd31ee64  
mbs1/x86_64/tomcat6-el-2.1-api-6.0.39-1.mbs1.noarch.rpm
 fb001fc02a3c23ea19325c6690aefb36  
mbs1/x86_64/tomcat6-javadoc-6.0.39-1.mbs1.noarch.rpm
 2db27ac9511a05f7a71ff3d109152e43  
mbs1/x86_64/tomcat6-jsp-2.1-api-6.0.39-1.mbs1.noarch.rpm
 7c4064e925da652943891f2d7b4e8c2c  
mbs1/x86_64/tomcat6-lib-6.0.39-1.mbs1.noarch.rpm
 d7910e6ac4bb2aa6ac1c482e15ad163f  
mbs1/x86_64/tomcat6-servlet-2.5-api-6.0.39-1.mbs1.noarch.rpm
 4bd7543509316993551b12427a4008b6  
mbs1/x86_64/tomcat6-systemv-6.0.39-1.mbs1.noarch.rpm
 69887526ca4c9a45b44db36fd5576411  
mbs1/x86_64/tomcat6-webapps-6.0.39-1.mbs1.noarch.rpm 
 e0bfb83180ae8b86c32a4104d643eabd  mbs1/SRPMS/tomcat6-6.0.39-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTBGbfmqjQ0CJFipgRAqoFAJ9rlsBNuojSUoFTrtzjClT1Baj4GACg3oCE
t3Cmz3RfMCdPvQPAOR3vuf4=
=bOtM
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:043 ] gnutls

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:043
 http://www.mandriva.com/en/support/security/
 ___

 Package : gnutls
 Date: February 19, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated gnutls packages fix security vulnerability:
 
 Suman Jana reported a vulnerability that affects the certificate
 verification functions of gnutls 3.1.x and gnutls 3.2.x. A version
 1 intermediate certificate will be considered as a CA certificate
 by default (something that deviates from the documented behavior)
 (CVE-2014-1959).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
 http://advisories.mageia.org/MGASA-2014-0077.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 b988bab2fdf23d5f0f4e4924eea9e637  mbs1/x86_64/gnutls-3.0.28-1.1.mbs1.x86_64.rpm
 0ade9a8dde81b7c24bac493e280b63e7  
mbs1/x86_64/lib64gnutls28-3.0.28-1.1.mbs1.x86_64.rpm
 6ee50c78323c0ac7b3389479b66e66ab  
mbs1/x86_64/lib64gnutls-devel-3.0.28-1.1.mbs1.x86_64.rpm
 be4ab7e4ae55e41326fa4983944d0407  
mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.1.mbs1.x86_64.rpm 
 f53dca5b5c59f61ab8e2db23a55f0e59  mbs1/SRPMS/gnutls-3.0.28-1.1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTBH0vmqjQ0CJFipgRAtgfAJ46Wblmntms5o3lPs32w8qPTWeCTgCfYz++
OUuTKze0Lm3n1McIsqOpR/s=
=QI+x
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability

2014-02-19 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy 
Denial of Service Vulnerability

Advisory ID: cisco-sa-20140219-fwsm

Revision 1.0

For Public Release 2014 February 19 16:00  UTC (GMT)

+-

Summary
===

Cisco Firewall Services Module (FWSM) Software contains a vulnerability that 
could allow an unauthenticated, remote attacker to cause a reload of an 
affected system.

The vulnerability is due to a race condition when releasing the memory 
allocated by the cut-through proxy function. An attacker could exploit this 
vulnerability by sending traffic to match the condition that triggers 
cut-through proxy authentication.

Cisco has released free software updates that address this vulnerability. 
Workarounds that mitigate the vulnerability are not available. This advisory is 
available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-fwsm

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iF4EAREKAAYFAlMEtNcACgkQUddfH3/BbTqQ+wD+NFmMxteh3LtLTfRu/MLP3fUd
1JUZsmYsfWURrVRYKWIA/jCIeNeOrEZk3+us7+gkLQ0m8CPFzYtwmJv0WAuUz4nL
=CKL7
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software

2014-02-19 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software

Advisory ID: cisco-sa-20140219-ips

Revision 1.0

For Public Release 2014 February 19 16:00  UTC (GMT)

+-

Summary
===

Cisco Intrusion Prevention System (IPS) Software is affected by the following 
vulnerabilities:

Cisco IPS Analysis Engine Denial of Service Vulnerability
Cisco IPS Control-Plane MainApp Denial of Service Vulnerability
Cisco IPS Jumbo Frame Denial of Service Vulnerability

The Cisco IPS Analysis Engine Denial of Service Vulnerability and the Cisco IPS 
Jumbo Frame Denial of Service Vulnerability could allow an unauthenticated, 
remote attacker to cause the Analysis Engine process to become unresponsive or 
crash. When this occurs, the Cisco IPS will stop inspecting traffic.

The Cisco IPS Control-Plane MainApp Denial of Service Vulnerability could allow 
an unauthenticated, remote attacker to cause the MainApp process to become 
unresponsive and prevent it from executing several tasks including alert 
notification, event store management, and sensor authentication. The Cisco IPS 
web server will also be unavailable while the MainApp process is unresponsive, 
and other processes such as the Analysis Engine process may not work properly.
 
Cisco has released free software updates that address these vulnerabilities. 
Workarounds that mitigate some of the vulnerabilities are available. This 
advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iF4EAREKAAYFAlMEtN8ACgkQUddfH3/BbTqaXgD+NeE2RZeYebqQItuny2wwM75u
aKOGy+hgzq4SO1Rd42UA/iTYBple0vixcw47mcP8QlnHxbLNNLvPj8RaD8Yktd+Q
=mckJ
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability

2014-02-19 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability

Advisory ID: cisco-sa-20140219-ucsd

Revision 1.0

For Public Release 2014 February 19 16:00  UTC (GMT)

+-

Summary
===

A vulnerability in Cisco Unified Computing System (UCS) Director could allow an 
unauthenticated, remote attacker to take complete control of the affected 
device.

The vulnerability is due to a default root user account created during 
installation. An attacker could exploit this vulnerability by accessing the 
server command-line interface (CLI) remotely using the default account 
credentials. An exploit could allow the attacker to log in with the default 
credentials, which provide full administrative rights to the system.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iF4EAREKAAYFAlMEtOsACgkQUddfH3/BbTrerwD9F9frFRfdIPKHUxFOVSdCWw48
nYMwynXoUtbiTFxpPTwA/A1wg6tWwHyIg3OGrhLzxoMxGQzBlk1QfxxaXORde2I8
=zBK2
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905

2014-02-19 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP 
Phone 3905

Advisory ID: cisco-sa-20140219-phone

Revision 1.0

For Public Release 2014 February 19 16:00  UTC (GMT)

+-

Summary
===

A vulnerability in the Cisco Unified SIP Phone 3905 could allow an 
unauthenticated, remote attacker to gain root-level access to an affected 
device.

Cisco has released free software updates that address this vulnerability. 
Workarounds that mitigate this vulnerability are not available.  This advisory 
is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iF4EAREKAAYFAlMEtOUACgkQUddfH3/BbToAgwD/YVTgOAUwc7a7j1oWJqLyWjsi
49ZYhWjP2fS5b9hbKdsA/1STDtpjHVVhRv4AsS8AL2EenDZGj8NyfJPM9CEUjrUm
=Ol4C
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS)

2014-02-19 Thread security-news

View online: https://drupal.org/node/2200453

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-021
   * Project: Maestro [1] (third-party module)
   * Version: 7.x
   * Date: 2014-February-19
   * Security risk: Less critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

The Maestro module enables you to create complex workflows, automating
business processes.
The module doesn't sufficiently filter Role or Organic Group names when
displaying them in the workflow details.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission to create Drupal Roles or Organic Groups.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Maestro 7.x-1.x versions prior to 7.x-1.4.

Drupal core is not affected. If you do not use the contributed Maestro [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Maestro module for Drupal 7.x, upgrade to Maestro 7.x-1.4
 [5]

Also see the Maestro [6] project page.

 REPORTED BY
-

   * Aron Novak [7]

 FIXED BY


   * Aron Novak [8], the reporter
   * Randy Kolenko [9] the module maintainer

 COORDINATED BY
--

   * Greg Knaddison [10] of the Drupal Security Team
   * Michael Hess [11] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing
secure code for Drupal [14], and securing your site [15].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [16]


[1] http://drupal.org/project/maestro
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/maestro
[5] https://drupal.org/node/2013653
[6] http://drupal.org/project/maestro
[7] http://drupal.org/user/61864
[8] http://drupal.org/user/61864
[9] http://drupal.org/user/704970
[10] https://drupal.org/user/36762
[11] https://drupal.org/user/102818/
[12] http://drupal.org/contact
[13] http://drupal.org/security-team
[14] http://drupal.org/writing-secure-code
[15] http://drupal.org/security/secure-configuration
[16] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-022 - Slickgrid - Access bypass

2014-02-19 Thread security-news

View online: https://drupal.org/node/2200491

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-22
   * Project: Slickgrid [1] (third-party module)
   * Version: 7.x
   * Date: 2014-February -22
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access bypass

 DESCRIPTION
-

The Slickgrid module is an implementation of the jQuery slickgrid plugin, a
lightening fast JavaScript grid/spreadsheet. It defines a slickgrid view
style, so all data can be output as an editable grid.

The module doesn't check access sufficiently, allowing users to edit and
change field values of nodes they should not have access to change.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Slickgrid 7.x-1.x versions

Drupal core is not affected. If you do not use the contributed Slickgrid [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Slickgrid module for Drupal 7.x, upgrade to Slickgrid
 7.x-2.0 [5]

Also see the Slickgrid [6] project page.

 REPORTED BY
-

   * Tim Wood [7]

 FIXED BY


   * Ben Scott [8]
   * Simon Rycroft [9] the module maintainer

 COORDINATED BY
--

   * Greg Knaddison [10] of the Drupal Security Team
   * Michael Hess [11] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing
secure code for Drupal [14], and securing your site [15].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [16]


[1] http://drupal.org/project/slickgrid
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/slickgrid
[5] https://drupal.org/node/2200475
[6] http://drupal.org/project/slickgrid
[7] http://drupal.org/user/23373
[8] http://drupal.org/user/149339
[9] http://drupal.org/user/151544
[10] https://drupal.org/user/36762
[11] https://drupal.org/user/102818/
[12] http://drupal.org/contact
[13] http://drupal.org/security-team
[14] http://drupal.org/writing-secure-code
[15] http://drupal.org/security/secure-configuration
[16] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:044 ] zarafa

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:044
 http://www.mandriva.com/en/support/security/
 ___

 Package : zarafa
 Date: February 19, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Robert Scheck discovered multiple vulnerabilities in Zarafa that could
 allow a remote unauthenticated attacker to crash the zarafa-server
 daemon, preventing access to any other legitimate Zarafa users
 (CVE-2014-0037, CVE-2014-0079).
 
 The updated packages have been upgraded to the 7.1.8 version which
 is not vulnerable to these issues.
 
 Additionally kyotocabinet 1.2.76 packages is also being provided due
 to new dependencies.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0037
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0079
 https://bugzilla.redhat.com/show_bug.cgi?id=1056767
 https://bugzilla.redhat.com/show_bug.cgi?id=1059903
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 d16e0d8878edda24781c7aa95aa9d9d0  
mbs1/x86_64/kyotocabinet-1.2.76-1.mbs1.x86_64.rpm
 6fd70948ad85912830fd1b2fe603b5fe  
mbs1/x86_64/kyotocabinet-api-doc-1.2.76-1.mbs1.noarch.rpm
 a62410307fbba4857685fcdf5c7b7c80  
mbs1/x86_64/lib64kyotocabinet16-1.2.76-1.mbs1.x86_64.rpm
 81b53cf87d92f99e63bee13c0a3341de  
mbs1/x86_64/lib64kyotocabinet-devel-1.2.76-1.mbs1.x86_64.rpm
 50bab0eed141d22e945860eba1677604  
mbs1/x86_64/lib64zarafa0-7.1.8-1.mbs1.x86_64.rpm
 285e1fab4f7fbb90b47afffa4e48843a  
mbs1/x86_64/lib64zarafa-devel-7.1.8-1.mbs1.x86_64.rpm
 bd1609b8c463232cdc561d30c2576cea  mbs1/x86_64/php-mapi-7.1.8-1.mbs1.x86_64.rpm
 85a7deaad1f5d40af9b7f45c90d169c2  
mbs1/x86_64/python-MAPI-7.1.8-1.mbs1.x86_64.rpm
 f27e206845698b040c1d0ebe07139b52  mbs1/x86_64/zarafa-7.1.8-1.mbs1.x86_64.rpm
 6707f723548326f14f184e6abc9b5b8f  
mbs1/x86_64/zarafa-archiver-7.1.8-1.mbs1.x86_64.rpm
 49159ba3392ea940b856187444fa1f10  
mbs1/x86_64/zarafa-caldav-7.1.8-1.mbs1.x86_64.rpm
 adee30eedd5c028c7b3b0b7d3fcce79f  
mbs1/x86_64/zarafa-client-7.1.8-1.mbs1.x86_64.rpm
 a624c1b0b07ffc86b1fc4588032be771  
mbs1/x86_64/zarafa-common-7.1.8-1.mbs1.x86_64.rpm
 f02d202a9ee027cf39549bbe94567598  
mbs1/x86_64/zarafa-dagent-7.1.8-1.mbs1.x86_64.rpm
 06a01cb9c185881f143e07e76450573f  
mbs1/x86_64/zarafa-gateway-7.1.8-1.mbs1.x86_64.rpm
 f58ca4cbf70505795034ea685d1504b9  
mbs1/x86_64/zarafa-ical-7.1.8-1.mbs1.x86_64.rpm
 bca69f6009cfa4c753ae86e73809be30  
mbs1/x86_64/zarafa-indexer-7.1.8-1.mbs1.x86_64.rpm
 c6f02794ecf4e45cc8b15a489b1f549b  
mbs1/x86_64/zarafa-monitor-7.1.8-1.mbs1.x86_64.rpm
 7bfd2eabb0ff6ecb2426483212a08e8e  
mbs1/x86_64/zarafa-server-7.1.8-1.mbs1.x86_64.rpm
 52cab9632d64fb0aa84492a676f3e03f  
mbs1/x86_64/zarafa-spooler-7.1.8-1.mbs1.x86_64.rpm
 bc60f4f3b7a27f7c6e5c1450fb3eaab8  
mbs1/x86_64/zarafa-utils-7.1.8-1.mbs1.x86_64.rpm
 afaaf4b84e1afc898928737a6a9d2dea  
mbs1/x86_64/zarafa-webaccess-7.1.8-1.mbs1.noarch.rpm 
 53efe802a9b0794bafa5865ba5e712b2  mbs1/SRPMS/kyotocabinet-1.2.76-1.mbs1.src.rpm
 fdc86a3de819acc0d641f89245b1c4a0  mbs1/SRPMS/zarafa-7.1.8-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTBNy1mqjQ0CJFipgRAhTPAKClNqERpDbJh+nVjQsoU6AzXz+4dACg1s4K
7F9j3wsH0H+FRSDUG7q8KgA=
=b7J0
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CVE-2014-0053 Information Disclosure when using Grails

2014-02-19 Thread Pivotal Security Team

CVE-2014-0053 Information Disclosure in Grails applications

Severity: Important

Vendor: Grails by Pivotal

Versions Affected:
- Grails 2.0.0 to 2.3.5

Description:
The Grails resources plug-in, a default dependency of Grails since
2.0.0, does not block access to resources located under /WEB-INF by
default. This means that both configuration files and class files
are publicly accessible when they should be private.

Mitigation:
Users of affected versions should apply one of the following
mitigations:
- Upgrade to Grails 2.3.6 and redeploy the application
- Configure the resources plugin to block access to /WEB-INF
- Prevent access to /WEB-INF in the reverse proxy (if one is used)

Possible configuration options to block access to /WEB-INF include
adding the following to grails-app/conf/Config.groovy:
grails.resources.adhoc.includes = ['/images/**', '/css/**', '/js/**', 
'/plugins/**']
grails.resources.adhoc.excludes = ['/WEB-INF/**']

Credit:
This issue was identified by @Ramsharan065 but was reported publicly
to the Grails team via Twitter. Pivotal strongly encourages responsible
reporting of security vulnerabilities via secur...@gopivotal.com

References:
https://twitter.com/Ramsharan065/status/434975409134792704
https://github.com/grails/grails-core/commit/2d5d2a8b3e40111412051dbbeb32eae005fdcf35
http://www.gopivotal.com/security/cve-2014-0054 (may take up to 24 hours to go 
live)

History:
2014-Feb-16: Issue made public
2014-Feb-19: Initial vulnerability report published___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] RC Trojan 1.1d (Undetected)

2014-02-19 Thread ICSS Security

Hi,
Just releasing my new achievement.
What is?RC Trojan AKA Remote Control trojan which allow the control of 
a computer remotely in the same network (Lan/Wan).
It's build in commercial software so it may take a while to get detected but 
MD5 may be applied.
INFOBasicaly it's an http server and a server routine that executes 
tasks.All can be easily unveiled...
Leave any feedback
Download:https://www.mediafire.com/?f6mg1yiyklq6otb 
  ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:039 ] libgadu

2014-02-18 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:039
 http://www.mandriva.com/en/support/security/
 ___

 Package : libgadu
 Date: February 18, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 Updated libgadu packages fix security vulnerability:
 
 A malicious server or man-in-the-middle could send a large value for
 Content-Length and cause an integer overflow which could lead to a
 buffer overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
 http://advisories.mageia.org/MGASA-2014-0074.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 65640d78caeb724856896f6ac5f6ccbf  
mes5/i586/libgadu3-1.8.1-2.2mdvmes5.2.i586.rpm
 23e13f92896af06860593ece27a3a2e5  
mes5/i586/libgadu-devel-1.8.1-2.2mdvmes5.2.i586.rpm 
 2c454d07d7d9abb15fddefe39360c38a  mes5/SRPMS/libgadu-1.8.1-2.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 4230f0fb619aeccc503dc95ac9e90798  
mes5/x86_64/lib64gadu3-1.8.1-2.2mdvmes5.2.x86_64.rpm
 69effc40493fd6a8d8bd9c8b6bb560ef  
mes5/x86_64/lib64gadu-devel-1.8.1-2.2mdvmes5.2.x86_64.rpm 
 2c454d07d7d9abb15fddefe39360c38a  mes5/SRPMS/libgadu-1.8.1-2.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 16f19b3210caefdcb38653f2c8684792  
mbs1/x86_64/lib64gadu3-1.11.3-1.mbs1.x86_64.rpm
 9301c10131e11e8ea6ff25f3c804acec  
mbs1/x86_64/lib64gadu-devel-1.11.3-1.mbs1.x86_64.rpm 
 07ae07079d369cb322c2af5c254bdc66  mbs1/SRPMS/libgadu-1.11.3-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTAzMwmqjQ0CJFipgRAgx7AKC97Rp24wtYVDJF8WS+euFGuxn7AgCgv4Iu
vqtuOjddAPUAm08Wd2GVxBE=
=0QwI
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:040 ] puppet

2014-02-18 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:040
 http://www.mandriva.com/en/support/security/
 ___

 Package : puppet
 Date: February 18, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 A vulnerability has been discovered and corrected in puppet:
 
 Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise
 (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to
 overwrite arbitrary files via a symlink attack on unspecified files
 (CVE-2013-4969).
 
 The updated packages have been upgraded to the 2.7.25 version which
 is not vulnerable to this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969
 http://puppetlabs.com/security/cve/cve-2013-4969
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 8133fbfdbcc614462c9bf1de4d78ab91  
mbs1/x86_64/emacs-puppet-2.7.25-1.mbs1.noarch.rpm
 37233dc91400c1e66f59e885d2ebcb84  mbs1/x86_64/puppet-2.7.25-1.mbs1.noarch.rpm
 f9f247c47e51419f58bc7b3369f9d34e  
mbs1/x86_64/puppet-server-2.7.25-1.mbs1.noarch.rpm
 cbea4853816a9ab3b7ea9fc8faa5b44a  
mbs1/x86_64/vim-puppet-2.7.25-1.mbs1.noarch.rpm 
 427a3f6bf5b8da3b22c1c4fa3f21ed88  mbs1/SRPMS/puppet-2.7.25-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTA1SJmqjQ0CJFipgRAlgzAJ9LB9BIaJxoGdjimFPnTdsGOcsZnwCfQO1K
GpM/NHQ21v8mzdm5qCD0wkE=
=kEQX
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:035 ] libpng

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:035
 http://www.mandriva.com/en/support/security/
 ___

 Package : libpng
 Date: February 17, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 Updated libpng and libpng12 packages fix security vulnerability:
 
 The png_do_expand_palette function in libpng before 1.6.8 allows remote
 attackers to cause a denial of service (NULL pointer dereference and
 application crash) via a PLTE chunk of zero bytes or a NULL palette,
 related to pngrtran.c and pngset.c (CVE-2013-6954).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954
 http://advisories.mageia.org/MGASA-2014-0075.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 9e459a55c761870ca6b40a12b3d36d66  
mes5/i586/libpng3-1.2.31-2.8mdvmes5.2.i586.rpm
 de27e436523a787cee10ad4318b3c6dd  
mes5/i586/libpng-devel-1.2.31-2.8mdvmes5.2.i586.rpm
 dfae88ae67434fb8d6926d747895dae8  
mes5/i586/libpng-source-1.2.31-2.8mdvmes5.2.i586.rpm
 3b3d03da06f07f56075853827a2dacdb  
mes5/i586/libpng-static-devel-1.2.31-2.8mdvmes5.2.i586.rpm 
 4a2f827b292cdc03f63566eae8c812cd  mes5/SRPMS/libpng-1.2.31-2.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 3fe33312ba78608e46f63cda12b110db  
mes5/x86_64/lib64png3-1.2.31-2.8mdvmes5.2.x86_64.rpm
 90fa95818ad0d287ef9555edef4a882a  
mes5/x86_64/lib64png-devel-1.2.31-2.8mdvmes5.2.x86_64.rpm
 6b7626467754aed28ca5f77904451567  
mes5/x86_64/lib64png-static-devel-1.2.31-2.8mdvmes5.2.x86_64.rpm
 dd60b577dd6e9ce8b934e25ca4e546c8  
mes5/x86_64/libpng-source-1.2.31-2.8mdvmes5.2.x86_64.rpm 
 4a2f827b292cdc03f63566eae8c812cd  mes5/SRPMS/libpng-1.2.31-2.8mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 9237e9d4b379d48a06c8cef5f6153549  
mbs1/x86_64/lib64png12_0-1.2.49-2.1.mbs1.x86_64.rpm
 dc285e45a37d56f3846eb390a861f4db  
mbs1/x86_64/lib64png12-devel-1.2.49-2.1.mbs1.x86_64.rpm
 df04f10a3f6444219d39ab0dae2dc5eb  
mbs1/x86_64/lib64png15_15-1.5.10-2.1.mbs1.x86_64.rpm
 d47b514f7851a4bcfad6b5e63e6b6454  
mbs1/x86_64/lib64png-devel-1.5.10-2.1.mbs1.x86_64.rpm 
 fda6b6933c420961f4cdaf8a7d82e986  mbs1/SRPMS/libpng12-1.2.49-2.1.mbs1.src.rpm
 03558969532f7161705ef96cef74b019  mbs1/SRPMS/libpng-1.5.10-2.1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTAd0ymqjQ0CJFipgRAvVZAKCFN8Mi8xxQmTF9tqO+IJKcYFYk4wCgluTx
yzTHgzcGw5oVSkHvJLImowk=
=uhOm
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:036 ] varnish

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:036
 http://www.mandriva.com/en/support/security/
 ___

 Package : varnish
 Date: February 17, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated varnish packages fix security vulnerabilities:
 
 Varnish before 3.0.5 allows remote attackers to cause a denial of
 service (child-process crash and temporary caching outage) via a GET
 request with trailing whitespace characters and no URI (CVE-2013-4484).
 
 Also, the services have been converted from SysV init scripts to
 systemd-native services, which should allow for more consistent
 behavior.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484
 http://advisories.mageia.org/MGASA-2014-0065.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 6000b9509f578e6ea82e6d3b1644b4f2  
mbs1/x86_64/lib64varnish1-3.0.3-0.2.mbs1.x86_64.rpm
 815b13bbbdab794e2b93dc4506424d6c  
mbs1/x86_64/lib64varnish-devel-3.0.3-0.2.mbs1.x86_64.rpm
 56decba0182e274354a9abb7b18432e6  
mbs1/x86_64/varnish-3.0.3-0.2.mbs1.x86_64.rpm 
 677e6e2ed82db3e64b6ed07bf03258e3  mbs1/SRPMS/varnish-3.0.3-0.2.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTAhKOmqjQ0CJFipgRAujTAKCGmfMzeDx9PxP7MKyrc9PFB6METwCeMxTj
ctxFW9n8yI8AifPeqA0JVrY=
=VqTb
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:037 ] ffmpeg

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:037
 http://www.mandriva.com/en/support/security/
 ___

 Package : ffmpeg
 Date: February 17, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 Updated ffmpeg packages fix security vulnerabilities:
 
 This updates provides ffmpeg version 0.5.13 and 0.10.11, which fixes
 several unspecified security vulnerabilities and other bugs which
 were corrected upstream.
 ___

 References:

 http://www.ffmpeg.org/security.html
 http://git.videolan.org/?p=ffmpeg.git;a=log;h=n0.5.13
 http://git.videolan.org/?p=ffmpeg.git;a=log;h=n0.10.11
 http://advisories.mageia.org/MGASA-2014-0065.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 7742b0588624f60c376be19b4d89a8fd  mes5/i586/ffmpeg-0.5.13-0.1mdvmes5.2.i586.rpm
 c14a0eb8817bae066df5373687b5d0d6  
mes5/i586/libavformats52-0.5.13-0.1mdvmes5.2.i586.rpm
 9ecf8648a04938937a8faea452f6d497  
mes5/i586/libavutil49-0.5.13-0.1mdvmes5.2.i586.rpm
 c458420fb9e790aa41d8abf748692c2e  
mes5/i586/libffmpeg52-0.5.13-0.1mdvmes5.2.i586.rpm
 eced4907f2997e3f4ca5d1dee2b62016  
mes5/i586/libffmpeg-devel-0.5.13-0.1mdvmes5.2.i586.rpm
 72bb5e239cafa24058549dea4bdc8f49  
mes5/i586/libffmpeg-static-devel-0.5.13-0.1mdvmes5.2.i586.rpm
 7ecee41b7b2815b0823a8658ca06  
mes5/i586/libpostproc51-0.5.13-0.1mdvmes5.2.i586.rpm
 12d20764ba57fbf71ee9654a4eb64d3f  
mes5/i586/libswscaler0-0.5.13-0.1mdvmes5.2.i586.rpm 
 6e96bd5abc38a8a8f58a196af556f806  mes5/SRPMS/ffmpeg-0.5.13-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 1624df142a467f3a3de4955dd810a1ce  
mes5/x86_64/ffmpeg-0.5.13-0.1mdvmes5.2.x86_64.rpm
 d60b7b155f3ae1f90232ecd32ab5d391  
mes5/x86_64/lib64avformats52-0.5.13-0.1mdvmes5.2.x86_64.rpm
 595dab63bbec115366304d565b86aeb1  
mes5/x86_64/lib64avutil49-0.5.13-0.1mdvmes5.2.x86_64.rpm
 adabce9fedc7086f039626437b7a8004  
mes5/x86_64/lib64ffmpeg52-0.5.13-0.1mdvmes5.2.x86_64.rpm
 1816cb6946b0f3548c0c424858c51340  
mes5/x86_64/lib64ffmpeg-devel-0.5.13-0.1mdvmes5.2.x86_64.rpm
 9466173717a6bb74ac05aff1baf255a8  
mes5/x86_64/lib64ffmpeg-static-devel-0.5.13-0.1mdvmes5.2.x86_64.rpm
 b6eb83c3ee6aebf979475f85bffde920  
mes5/x86_64/lib64postproc51-0.5.13-0.1mdvmes5.2.x86_64.rpm
 52fbf256d72995e157a1cbacf70a4218  
mes5/x86_64/lib64swscaler0-0.5.13-0.1mdvmes5.2.x86_64.rpm 
 6e96bd5abc38a8a8f58a196af556f806  mes5/SRPMS/ffmpeg-0.5.13-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 9264f9935448582010c136761e90550c  mbs1/x86_64/ffmpeg-0.10.11-1.mbs1.x86_64.rpm
 ff6207bacb56aac2f6a298c2bde79b33  
mbs1/x86_64/lib64avcodec53-0.10.11-1.mbs1.x86_64.rpm
 3b9202057b4f48eb3d3c4a7041af79ae  
mbs1/x86_64/lib64avfilter2-0.10.11-1.mbs1.x86_64.rpm
 02eb33c9845ffd1bb85f01689e5f7831  
mbs1/x86_64/lib64avformat53-0.10.11-1.mbs1.x86_64.rpm
 63ef87449b5f5941b503fed7b81444f6  
mbs1/x86_64/lib64avutil51-0.10.11-1.mbs1.x86_64.rpm
 9adeeb722da49ad90998df4070f284e0  
mbs1/x86_64/lib64ffmpeg-devel-0.10.11-1.mbs1.x86_64.rpm
 cd2e95670c3f87abca0601de3f89e53b  
mbs1/x86_64/lib64ffmpeg-static-devel-0.10.11-1.mbs1.x86_64.rpm
 339ee84802d8662336596cbac58eee43  
mbs1/x86_64/lib64postproc52-0.10.11-1.mbs1.x86_64.rpm
 98ee40b039272a3e2fc8b13c59c530ff  
mbs1/x86_64/lib64swresample0-0.10.11-1.mbs1.x86_64.rpm
 beaa3a178f877b0b2122ec8f24261448  
mbs1/x86_64/lib64swscaler2-0.10.11-1.mbs1.x86_64.rpm 
 a0c84e846e09588c4194ec665745b984  mbs1/SRPMS/ffmpeg-0.10.11-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTAh1DmqjQ0CJFipgRAsDrAJ0WKhyBoo611fOC5M8yN9qqcPD3rACeJ7jz
m+V0nwlGpKVgBHjhe1cjYdk=
=xoRs
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored

[Full-disclosure] [ MDVSA-2014:038 ] kernel

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:038
 http://www.mandriva.com/en/support/security/
 ___

 Package : kernel
 Date: February 17, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 The compat_sys_recvmmsg function in net/compat.c in the Linux kernel
 before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users
 to gain privileges via a recvmmsg system call with a crafted timeout
 pointer parameter (CVE-2014-0038).
 
 The restore_fpu_checking function in
 arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8
 on the AMD K7 and K8 platforms does not clear pending exceptions
 before proceeding to an EMMS instruction, which allows local users
 to cause a denial of service (task kill) or possibly gain privileges
 via a crafted application (CVE-2014-1438).
 
 The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux
 kernel before 3.12.8 does not initialize a certain structure member,
 which allows local users to obtain sensitive information from kernel
 memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG
 ioctl call (CVE-2014-1446).
 
 The updated packages provides a solution for these security issues.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 d1faf9544075ff4790e29edd6e7061f6  
mbs1/x86_64/cpupower-3.4.80-1.1.mbs1.x86_64.rpm
 3498721d639bf646ed55e2903ce728e4  
mbs1/x86_64/kernel-firmware-3.4.80-1.1.mbs1.noarch.rpm
 f9927f4b1512a26d874a82a99636fb09  
mbs1/x86_64/kernel-firmware-3.4.80-1.1.mbs1.src.rpm
 e874467839b96e04bebd0c5b24f31fc3  
mbs1/x86_64/kernel-headers-3.4.80-1.1.mbs1.src.rpm
 208f74225f3d18189a871ac308c8df5b  
mbs1/x86_64/kernel-headers-3.4.80-1.1.mbs1.x86_64.rpm
 e1f82c2b50db46cdb4db2daa933f7173  
mbs1/x86_64/kernel-server-3.4.80-1.1.mbs1.x86_64.rpm
 ed0d8eed6c61553e73121117bcfc978f  
mbs1/x86_64/kernel-server-devel-3.4.80-1.1.mbs1.x86_64.rpm
 00ca38d2289182149e8f43c6871711e8  
mbs1/x86_64/kernel-source-3.4.80-1.mbs1.noarch.rpm
 429b6e48ee63a03a83577a710bc5368d  
mbs1/x86_64/lib64cpupower0-3.4.80-1.1.mbs1.x86_64.rpm
 a6e3898905be2a8d7ded39a5312f7670  
mbs1/x86_64/lib64cpupower-devel-3.4.80-1.1.mbs1.x86_64.rpm
 086bc3e49adec4147aa1138ae5d5245c  mbs1/x86_64/perf-3.4.80-1.1.mbs1.x86_64.rpm 
 f5a65feb515d65f9f1f526f6294af2c3  mbs1/SRPMS/cpupower-3.4.80-1.1.mbs1.src.rpm
 56fafb86f60233b29fcd8d42d35e4678  
mbs1/SRPMS/kernel-server-3.4.80-1.1.mbs1.src.rpm
 715647161acd9ec082c0a2fef0f35fc3  
mbs1/SRPMS/kernel-source-3.4.80-1.mbs1.src.rpm
 cc72e360fa32823a575d1c9536fdecc3  mbs1/SRPMS/perf-3.4.80-1.1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTAiBGmqjQ0CJFipgRAiryAKCz6vqRlzaZ+l0B6QyuMb95i8UVoACgjAGx
F7TlfjN081P00FfeKN47Je4=
=osPP
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ISecAuditors Security Advisories] - Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com)

2014-02-14 Thread ISecAuditors Security Advisories

=
INTERNET SECURITY AUDITORS ALERT 2014-001
- Original release date: February 4, 2014
- Last revised: February 4, 2014
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID: -
=

I. VULNERABILITY
-
Reflected XSS vulnerability in Boxcryptor (www.boxcryptor.com).

II. BACKGROUND
-
Boxcryptor is an easy-to-use encryption software optimized for the
cloud. It allows the secure use of cloud storage services without
sacrificing comfort.

Boxcryptor supports all major cloud storage providers (such as Dropbox,
Google Drive, Microsoft SkyDrive, SugarSync) and supports all the clouds
that use the

WebDAV standard (such as Cubby, Strato HiDrive, and ownCloud).

III. DESCRIPTION
-
Has been detected a XSS vulnerability in www.boxcryptor.com.

Cross-Site Scripting attacks are a type of injection problem, in which
malicious scripts are injected into the otherwise benign and trusted web
sites.
Cross-site scripting (XSS) attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser
side script, to a

different end user. Flaws that allow these attacks to succeed are quite
widespread and occur anywhere a web application uses input from a user
in the output

it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting
user. The end user’s browser has no way to know that the script should
not be trusted,

and will execute the script. Because it thinks the script came from a
trusted source, the malicious script can access any cookies, session
tokens, or other

sensitive information retained by your browser and used with that site.
These scripts can even rewrite the content of the HTML page.

IV. PROOF OF CONCEPT
-
Next, we show a typical request to save changes in My Account option:

POST /app/user/modify/userID HTTP/1.1
Host: www.boxcryptor.com
...
firstname=firstnamelastname=lastnameusername=email_newsletter=

where:
- userID is a numeric user ID generated by boxcryptor
- firstname is the firstname specified by the user
- lastname is the lastname specified by the user
- email is the email address specified by the user

A malicious user can inject arbitrary HTML/script code in the email
parameter.
For example:

POST /app/user/modify/3805739018726483071 HTTP/1.1
Host: www.boxcryptor.com
...
firstname=Johnlastname=Smithusername=johnsm...@gmail.comH1centerThis+is+a+XSS+example/center/H1_newsletter=

V. BUSINESS IMPACT
-
An attacker can execute arbitrary HTML or script code in a targeted
user's browser. This can leverage to steal sensitive information as user
credentials,

personal data, etc.

VI. SYSTEMS AFFECTED
-
www.boxcryptor.com

VII. SOLUTION
-
-

VIII. REFERENCES
-
http://www.isecauditors.com
http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

IX. CREDITS
-
This vulnerability has been discovered
by Vicente Aguilera Diaz (vaguilera (at) isecauditors (dot) com).

X. REVISION HISTORY
-
February 4, 2014: Initial release

XI. DISCLOSURE TIMELINE
-
February 4, 2014: Discovered by Internet Security Auditors
February 6, 2014: Contact with the developer team
February 10, 2014: Confirmed by vendor
February 10, 2014: Vendor deployed a new version
February 13, 2014: Internet Security Auditors release the advisory

XII. LEGAL NOTICES
-
The information contained within this advisory is supplied as-is with
no warranties or guarantees of fitness of use or otherwise. Internet
Security

Auditors accepts no responsibility for any damage caused by the use or
misuse of this information.

XIII. ABOUT
-
Internet Security Auditors is a Spain based leader in web application
testing, network security, penetration testing, security compliance
implementation and

assessing. Our clients include some of the largest companies in areas
such as finance, telecommunications, insurance, ITC, etc. We are vendor
independent

provider with a deep expertise since 2001. Our efforts in RD include
vulnerability research, open security project collaboration and
whitepapers,

presentations and security events participation and promotion. For
further information regarding our security services, contact us.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:031 ] drupal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:031
 http://www.mandriva.com/en/support/security/
 ___

 Package : drupal
 Date: February 14, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Multiple security issues was identified and fixed in drupal:
 
 The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows
 remote OpenID users to authenticate as other users via unspecified
 vectors (CVE-2014-1475).
 
 The Taxonomy module in Drupal 7.x before 7.26, when upgraded from
 an earlier version of Drupal, does not properly restrict access to
 unpublished content, which allows remote authenticated users to obtain
 sensitive information via a listing page (CVE-2014-1476).
 
 The updated packages has been upgraded to the 7.26 version which is
 unaffected by these security flaws.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1475
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1476
 https://drupal.org/SA-CORE-2014-001
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 1561765f33c6a67a7b63ecbc783a8e68  mbs1/x86_64/drupal-7.26-1.mbs1.noarch.rpm
 5d8bb1fedd2fc2acfe50272dbc57dc50  
mbs1/x86_64/drupal-mysql-7.26-1.mbs1.noarch.rpm
 6f4d6b410161ef37d36e055b75ac61bf  
mbs1/x86_64/drupal-postgresql-7.26-1.mbs1.noarch.rpm
 614f9cb70cbb955f445bbb3fc77dc819  
mbs1/x86_64/drupal-sqlite-7.26-1.mbs1.noarch.rpm 
 34636e9e6743b2b8e1e3e4c46156eb6c  mbs1/SRPMS/drupal-7.26-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS/g4OmqjQ0CJFipgRAnyuAKCuYKaLOPAPFDMASVzfPls126i77gCgqb64
GSilzcyyvrDTv2pvUEk/ooY=
=IgHR
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:032 ] flite

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:032
 http://www.mandriva.com/en/support/security/
 ___

 Package : flite
 Date: February 14, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in flite:
 
 The play_wave_from_socket function in audio/auserver.c in Flite 1.4
 allows local users to modify arbitrary files via a symlink attack
 on /tmp/awb.wav. NOTE: some of these details are obtained from third
 party information (CVE-2014-0027).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0027
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 9ff31a7d8198f78a479e6b61df16e65a  mbs1/x86_64/flite-1.3-2.1.mbs1.x86_64.rpm
 27f5093dfbae9b8632064a117229a5ff  
mbs1/x86_64/lib64flite-devel-1.3-2.1.mbs1.x86_64.rpm 
 1a7c3036c885f25f810cd61a8fef93b8  mbs1/SRPMS/flite-1.3-2.1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS/g7tmqjQ0CJFipgRAlH3AJsEAY9WoBk/6vXfc777bnO/wmfz4wCgkceT
ME9lIRmMcBhgbZisJLF9qms=
=UWue
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:033 ] socat

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:033
 http://www.mandriva.com/en/support/security/
 ___

 Package : socat
 Date: February 14, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 A vulnerability has been discovered and corrected in socat:
 
 Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and
 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial
 of service (segmentation fault) via a long server name in the
 PROXY-CONNECT address in the command line (CVE-2014-0019).
 
 The updated packages have been upgraded to the 1.7.2.3 version which
 is not vulnerable to this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0019
 http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 556abad28fdb5cc80a15ff69790f4487  mbs1/x86_64/socat-1.7.2.3-1.mbs1.x86_64.rpm 
 4174e565e7144f2e37712c97163e8292  mbs1/SRPMS/socat-1.7.2.3-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS/hAYmqjQ0CJFipgRAhMEAKDMEcdwHBt5zIul+3JpAHc0hxIJFwCfaunk
ncmqVSK6cQLcTIN5dFoju5Q=
=BAB9
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:034 ] yaml

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:034
 http://www.mandriva.com/en/support/security/
 ___

 Package : yaml
 Date: February 14, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 A vulnerability has been discovered and corrected in yaml:
 
 The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before
 0.1.5 performs an incorrect cast, which allows remote attackers to
 cause a denial of service (application crash) and possibly execute
 arbitrary code via crafted tags in a YAML document, which triggers
 a heap-based buffer overflow (CVE-2013-6393).
 
 The updated packages have been upgraded to the 0.1.5 version which
 is not vulnerable to this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6393
 https://bitbucket.org/xi/libyaml/commits/tag/0.1.5
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 1e4b37eb517ff916bc1a4079fc67644c  
mbs1/x86_64/lib64yaml0_2-0.1.5-1.mbs1.x86_64.rpm
 3ef60ab7c95691aafd2cbba52d04da9e  
mbs1/x86_64/lib64yaml-devel-0.1.5-1.mbs1.x86_64.rpm 
 1198a9d1904527bb54428bd0aff0  mbs1/SRPMS/yaml-0.1.5-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS/hELmqjQ0CJFipgRAn0DAJ9msFRiVQ4jseh/oDdDEtvt3QBXuQCfXMy3
YbR3rskDEyaQwTexrQXgviY=
=Y0UW
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:028 ] mariadb

2014-02-13 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:028
 http://www.mandriva.com/en/support/security/
 ___

 Package : mariadb
 Date: February 13, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in mariadb:
 
 Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before
 5.5.35 allows remote database servers to cause a denial of service
 (crash) and possibly execute arbitrary code via a long server version
 string (CVE-2014-0001).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
 allows remote authenticated users to affect availability via unknown
 vectors related to InnoDB (CVE-2014-0412).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
 allows remote authenticated users to affect availability via unknown
 vectors related to Optimizer (CVE-2014-0437).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
 allows remote attackers to affect availability via unknown vectors
 related to Error Handling (CVE-2013-5908).
 
 Unspecified vulnerability in the MySQL Server component in Oracle MySQL
 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated
 users to affect availability via unknown vectors related to Replication
 (CVE-2014-0420).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
 allows remote authenticated users to affect integrity via unknown
 vectors related to InnoDB (CVE-2014-0393).
 
 Unspecified vulnerability in the MySQL Server component in Oracle MySQL
 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated
 users to affect availability via unknown vectors related to Partition
 (CVE-2013-5891).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
 allows remote authenticated users to affect availability via unknown
 vectors related to Optimizer (CVE-2014-0386).
 
 Unspecified vulnerability in the MySQL Server component in Oracle MySQL
 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows
 remote authenticated users to affect availability via unknown vectors
 (CVE-2014-0401).
 
 Unspecified vulnerability in the MySQL Server component in Oracle
 MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
 allows remote authenticated users to affect availability via unknown
 vectors related to Locking (CVE-2014-0402).
 
 The updated packages have been upgraded to the 5.5.35 version which
 is not vulnerable to these issues.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5891
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
 https://mariadb.com/kb/en/mariadb-5535-release-notes/
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 c4506e2f821bb960753f87e0e4ae358e  
mbs1/x86_64/lib64mariadb18-5.5.35-1.mbs1.x86_64.rpm
 0aabce801de937cf7d0b6e370337ee59  
mbs1/x86_64/lib64mariadb-devel-5.5.35-1.mbs1.x86_64.rpm
 ebec92fb0f77f15039c75970da2fb016  
mbs1/x86_64/lib64mariadb-embedded18-5.5.35-1.mbs1.x86_64.rpm
 5cbc3bef79b6088611b8e9d949721ca1  
mbs1/x86_64/lib64mariadb-embedded-devel-5.5.35-1.mbs1.x86_64.rpm
 1aec9579d6bb0c9846bcc19ff6d77d64  mbs1/x86_64/mariadb-5.5.35-1.mbs1.x86_64.rpm
 a727ddd8d4b38a5423d1f996a77b37a9  
mbs1/x86_64/mariadb-bench-5.5.35-1.mbs1.x86_64.rpm
 6322005c7cca10c2b069a31c68f74bca  
mbs1/x86_64/mariadb-client-5.5.35-1.mbs1.x86_64.rpm
 39a528d1e4ea9bd4e070229f69af0097  
mbs1/x86_64/mariadb-common-5.5.35-1.mbs1.x86_64.rpm
 ba9f6a9adf6e054851c8cb0b4c97480c  
mbs1/x86_64/mariadb-common-core-5.5.35-1.mbs1.x86_64.rpm
 11a4d25702a5e780d450dd6b0879cc95  
mbs1/x86_64/mariadb-core-5.5.35-1.mbs1.x86_64.rpm

[Full-disclosure] [ MDVSA-2014:029 ] mysql

2014-02-13 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:029
 http://www.mandriva.com/en/support/security/
 ___

 Package : mysql
 Date: February 13, 2014
 Affected: Enterprise Server 5.0
 ___

 Problem Description:

 A vulnerabilitt has been discovered and corrected in mysql:
 
 Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before
 5.5.35 allows remote database servers to cause a denial of service
 (crash) and possibly execute arbitrary code via a long server version
 string (CVE-2014-0001).
 
 NOTE: Other security issues covered by
 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
 was resolved 2013-12-20 with the MDVA-2013:015 advisory.
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 3e7f762ebd20b104be59606563fd5c65  
mes5/i586/libmysql16-5.1.73-0.2mdvmes5.2.i586.rpm
 35eda70bf68702f50a130ef6421af094  
mes5/i586/libmysql-devel-5.1.73-0.2mdvmes5.2.i586.rpm
 f8ef81c51c155a5d48a79f0fee631282  
mes5/i586/libmysql-static-devel-5.1.73-0.2mdvmes5.2.i586.rpm
 c4f11d0f51d268d9c0d3133f6cbfdd63  mes5/i586/mysql-5.1.73-0.2mdvmes5.2.i586.rpm
 99e1ad003d1832901c6b8ff29125  
mes5/i586/mysql-bench-5.1.73-0.2mdvmes5.2.i586.rpm
 25d64aaae3a2646cde20f64a1c61991f  
mes5/i586/mysql-client-5.1.73-0.2mdvmes5.2.i586.rpm
 b69a649a8893716cf2028a3bffc05e32  
mes5/i586/mysql-common-5.1.73-0.2mdvmes5.2.i586.rpm 
 610acab526a5a7e69b17ee9634480670  mes5/SRPMS/mysql-5.1.73-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b27bd2681a3e70d7679ab7b6bdfabd31  
mes5/x86_64/lib64mysql16-5.1.73-0.2mdvmes5.2.x86_64.rpm
 4c8580411e4594aa941dbe9cd35acc01  
mes5/x86_64/lib64mysql-devel-5.1.73-0.2mdvmes5.2.x86_64.rpm
 237a2e303a1f611f8c7d0ecdbe833a98  
mes5/x86_64/lib64mysql-static-devel-5.1.73-0.2mdvmes5.2.x86_64.rpm
 f79e0b73e6c669d1c6adcdb721ebbbe6  
mes5/x86_64/mysql-5.1.73-0.2mdvmes5.2.x86_64.rpm
 094b24a008e3a69a551f88d1dcd914a0  
mes5/x86_64/mysql-bench-5.1.73-0.2mdvmes5.2.x86_64.rpm
 6604c2587782b07327796ec066e6a01b  
mes5/x86_64/mysql-client-5.1.73-0.2mdvmes5.2.x86_64.rpm
 0a1f999bffa7a4337a48c112b98a9af9  
mes5/x86_64/mysql-common-5.1.73-0.2mdvmes5.2.x86_64.rpm 
 610acab526a5a7e69b17ee9634480670  mes5/SRPMS/mysql-5.1.73-0.2mdvmes5.2.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS/QAzmqjQ0CJFipgRAtDjAJ4jP5XhjWZtjLGVWp0sYBjdlI/oewCgw8xp
vDC2lkwnvbO7kWvd/4+6nSY=
=LeRx
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:026 ] openldap

2014-02-12 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:026
 http://www.mandriva.com/en/support/security/
 ___

 Package : openldap
 Date: February 12, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 A vulnerability has been discovered and corrected in openldap:
 
 The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not
 properly count references, which allows remote attackers to cause
 a denial of service (slapd crash) by unbinding immediately after a
 search request, which triggers rwm_conn_destroy to free the session
 context while it is being used by rwm_op_search (CVE-2013-4449).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 f6f47a0a0de36f77454b42b7d67cad11  
mes5/i586/libldap2.4_2-2.4.11-3.6mdvmes5.2.i586.rpm
 6ef1ee5fae026d70c3a940b597c2899c  
mes5/i586/libldap2.4_2-devel-2.4.11-3.6mdvmes5.2.i586.rpm
 cff64c1d004f5dcadf58893f54bd2b79  
mes5/i586/libldap2.4_2-static-devel-2.4.11-3.6mdvmes5.2.i586.rpm
 4bc668febb73c0ce41d928f6bc66aead  
mes5/i586/openldap-2.4.11-3.6mdvmes5.2.i586.rpm
 3c22bef679a50ecaf3ea705089b3b787  
mes5/i586/openldap-clients-2.4.11-3.6mdvmes5.2.i586.rpm
 5bda4d05eb3c630b915aebde7c80410c  
mes5/i586/openldap-doc-2.4.11-3.6mdvmes5.2.i586.rpm
 95e6338873c0b3643cf0983bcd82a933  
mes5/i586/openldap-servers-2.4.11-3.6mdvmes5.2.i586.rpm
 dea70a29075de07ca438417e5b775856  
mes5/i586/openldap-testprogs-2.4.11-3.6mdvmes5.2.i586.rpm
 0ad5f08372fb554fff145b9f202f8845  
mes5/i586/openldap-tests-2.4.11-3.6mdvmes5.2.i586.rpm 
 8358868a61a01b5204d032d9674e5728  
mes5/SRPMS/openldap-2.4.11-3.6mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 9ac984f57b49bcac9c244dcb2ea25f82  
mes5/x86_64/lib64ldap2.4_2-2.4.11-3.6mdvmes5.2.x86_64.rpm
 ad204d57a8e77c683b18fb57db9df223  
mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.6mdvmes5.2.x86_64.rpm
 0101675decfd5db7f4bcdd2e205e5533  
mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.6mdvmes5.2.x86_64.rpm
 924c8eb8dce5616f72cfd1c74ec3ffc0  
mes5/x86_64/openldap-2.4.11-3.6mdvmes5.2.x86_64.rpm
 b5483d5352e88095541aa4289c3f762b  
mes5/x86_64/openldap-clients-2.4.11-3.6mdvmes5.2.x86_64.rpm
 b2067967b6d3b3eb1a4536b76e8b2052  
mes5/x86_64/openldap-doc-2.4.11-3.6mdvmes5.2.x86_64.rpm
 6b328f09e078fbcdf8138f60eeb0c3c1  
mes5/x86_64/openldap-servers-2.4.11-3.6mdvmes5.2.x86_64.rpm
 9517f66ee97e0db3099135fff5c07a19  
mes5/x86_64/openldap-testprogs-2.4.11-3.6mdvmes5.2.x86_64.rpm
 70b08cd0c8d45322bba7bfbdba2cf202  
mes5/x86_64/openldap-tests-2.4.11-3.6mdvmes5.2.x86_64.rpm 
 8358868a61a01b5204d032d9674e5728  
mes5/SRPMS/openldap-2.4.11-3.6mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 1fbea4ddae49067310f9d52862186f12  
mbs1/x86_64/lib64ldap2.4_2-2.4.33-2.1.mbs1.x86_64.rpm
 3bed34f442d7d99ca6770a0aa334bf0e  
mbs1/x86_64/lib64ldap2.4_2-devel-2.4.33-2.1.mbs1.x86_64.rpm
 a10e56dc0d771e8da27059c0d84966fe  
mbs1/x86_64/lib64ldap2.4_2-static-devel-2.4.33-2.1.mbs1.x86_64.rpm
 df4a9a4436890707a76fe41c16999800  
mbs1/x86_64/openldap-2.4.33-2.1.mbs1.x86_64.rpm
 32fd4c412cf89d78e0887734bce10d36  
mbs1/x86_64/openldap-clients-2.4.33-2.1.mbs1.x86_64.rpm
 958f98530f1119e48d8f6f224d01ca6a  
mbs1/x86_64/openldap-doc-2.4.33-2.1.mbs1.x86_64.rpm
 b75dca39829dbca00adc0884e2ca6fbf  
mbs1/x86_64/openldap-servers-2.4.33-2.1.mbs1.x86_64.rpm
 8c4e2d2ef7e480d05ebcf9655adf2a94  
mbs1/x86_64/openldap-testprogs-2.4.33-2.1.mbs1.x86_64.rpm
 193e318abe419a0689144bf7af70ade6  
mbs1/x86_64/openldap-tests-2.4.33-2.1.mbs1.x86_64.rpm 
 4ebfb4dcbb423c34c48e03e61c96507a  mbs1/SRPMS/openldap-2.4.33-2.1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS

[Full-disclosure] [Security-news] SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)

View online: https://drupal.org/node/2194621

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-014
   * Project: Webform Validation [1] (third-party module)
   * Version: 6.x, 7.x
   * Date: 2014-February-12
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

The Webform Validation module enables you to add additional form validation
rules to Webforms created by the Webform module.
The module doesn't sufficiently filter component name text before display,
opening up the possibility of cross site scripting.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission to edit Webform content.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Webform Validation 6.x-1.x versions prior to 6.x-1.6.
   * Webform Validation 7.x-1.x versions prior to 7.x-1.4.

Drupal core is not affected. If you do not use the contributed Webform
Validation [4] module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Webform Validation module for Drupal 6.x, upgrade to
 Webform Validation 6.x-1.6 [5].
   * If you use the Webform Validation module for Drupal 7.x, upgrade to
 Webform Validation 7.x-1.4 [6].

The only changes in these new versions are the fixes for this issue.

Also see the Webform Validation [7] project page.

 REPORTED BY
-

   * Maurits Lawende [8]

 FIXED BY


   * Maurits Lawende [9]
   * Liam Morland [10] the module maintainer

 COORDINATED BY
--

   * Stella Power [11] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing
secure code for Drupal [14], and securing your site [15].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [16]


[1] http://drupal.org/project/webform_validation
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/webform_validation
[5] https://drupal.org/node/2194011
[6] https://drupal.org/node/2194013
[7] http://drupal.org/project/webform_validation
[8] https://drupal.org/user/243897
[9] https://drupal.org/user/243897
[10] https://drupal.org/user/493050
[11] https://drupal.org/user/66894
[12] http://drupal.org/contact
[13] http://drupal.org/security-team
[14] http://drupal.org/writing-secure-code
[15] http://drupal.org/security/secure-configuration
[16] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass

View online: https://drupal.org/node/2194589

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-013
   * Project: Chaos tool suite (ctools) [1] (third-party module)
   * Version: 6.x, 7.x
   * Date: 2014-02-12
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access bypass

 DESCRIPTION
-

This module provides content editors with an autocomplete callback for entity
titles, as well as an ability to embed content within the Chaos tool suite
(ctools) framework.

Prior to this version, ctools did not sufficiently check access grants for
various types of content other than nodes. It also didn't sufficiently check
access before displaying content with the relationship plugin.

These vulnerabilities are mitigated by the fact that you must be using
entities other than node or users for the autocomplete callback, or you must
be using the relationship plugin and displaying the content (e.g. in panels).


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Chaos tool suite (ctools) 6.x-1.x versions prior to 6.x-1.11.
   * Chaos tool suite (ctools) 7.x-1.x versions prior to 7.x-1.4.

Drupal core is not affected. If you do not use the contributed Chaos tool
suite (ctools) [4] module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Chaos tool suite module for Drupal 6.x, upgrade to ctools
 6.x-1.11 [5]
   * If you use the Chaos tool suite module for Drupal 7.x, upgrade to ctools
 7.x-1.4 [6]

Also see the Chaos tool suite (ctools) [7] project page.

 REPORTED BY
-

   * Tim Wood [8]
   * Heine Deelstra [9] of the Drupal Security Team

 FIXED BY


   * Jakob Perry [10] the module maintainer
   * David Snopek [11]

 COORDINATED BY
--

   * Peter Wolanin [12] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [13].

Learn more about the Drupal Security team and their policies [14], writing
secure code for Drupal [15], and securing your site [16].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [17]


[1] http://drupal.org/project/ctools
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/ctools
[5] https://drupal.org/node/2194547
[6] https://drupal.org/node/2194551
[7] http://drupal.org/project/ctools
[8] https://drupal.org/user/457434
[9] https://drupal.org/user/17943
[10] https://drupal.org/user/45640
[11] https://drupal.org/user/266527
[12] http://drupal.org/user/49851
[13] http://drupal.org/contact
[14] http://drupal.org/security-team
[15] http://drupal.org/writing-secure-code
[16] http://drupal.org/security/secure-configuration
[17] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-015 - FileField - Access Bypass

View online: https://drupal.org/node/2194639

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-015
   * Project: FileField [1] (third-party module)
   * Version: 6.x
   * Date: 2014-02-12
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access bypass

 DESCRIPTION
-

FileField module allows users to upload files with in conjunction with the
Content Construction Kit (CCK) module in Drupal 6.

The module doesn't sufficiently check permissions on revisions when
determining if a user should have access to a particular file attached to
that revision. A user could gain access to private files attached to
revisions when they don't have access to the corresponding revision.

This vulnerability is mitigated by the fact that an attacker must have access
to upload files through FileField module while creating content, and the site
must be using a non-core workflow module that allows users to create
unpublished revisions of content.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * FileField 6.x-3.x versions prior to 6.x-3.12.

Drupal core is not affected. If you do not use the contributed FileField [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the FileField module for Drupal 6.x, upgrade to FileField
 6.x-3.12 [5]

Also see the FileField [6] project page.

 REPORTED BY
-

   * Stella Power [7] of the Drupal Security Team

 FIXED BY


   * Nate Haug [8] the module maintainer
   * Stella Power [9] of the Drupal Security Team

 COORDINATED BY
--

   * Lee Rowlands [10] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [11].

Learn more about the Drupal Security team and their policies [12], writing
secure code for Drupal [13], and securing your site [14].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [15]


[1] http://drupal.org/project/filefield
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/filefield
[5] https://drupal.org/node/2194103
[6] http://drupal.org/project/filefield
[7] https://drupal.org/user/66894
[8] https://drupal.org/user/35821
[9] https://drupal.org/user/66894
[10] https://drupal.org/user/395439
[11] http://drupal.org/contact
[12] http://drupal.org/security-team
[13] http://drupal.org/writing-secure-code
[14] http://drupal.org/security/secure-configuration
[15] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability

View online: https://drupal.org/node/2194135

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-016
   * Project: MAYO [1] (third-party theme)
   * Version: 7.x
   * Date: 2014-02-12
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

The theme settings allow you to link to a header background file.
A URL could be entered that was not properly sanitized leading to XSS
vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission administer themes.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * MAYO Theme 7.x-1.x versions prior to 7.x-1.3.

Drupal core is not affected. If you do not use the contributed MAYO [4]
theme, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the theme MAYO for Drupal 7.x, upgrade to MAYO 7.x-1.3 [5]

Also see the MAYO [6] project page.

 REPORTED BY
-

   * Dennis Walgaard [7]

 FIXED BY


   * Dennis Walgaard [8]
   * John Powell [9] the theme maintainer

 COORDINATED BY
--

   * Rick Manelius [10] provisional member of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [11].

Learn more about the Drupal Security team and their policies [12], writing
secure code for Drupal [13], and securing your site [14].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [15]


[1] http://drupal.org/project/mayo
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/mayo
[5] https://drupal.org/node/2193987
[6] http://drupal.org/project/mayo
[7] http://drupal.org/user/883702
[8] http://drupal.org/user/883702
[9] http://drupal.org/user/797068
[10] http://drupal.org/user/680072
[11] http://drupal.org/contact
[12] http://drupal.org/security-team
[13] http://drupal.org/writing-secure-code
[14] http://drupal.org/security/secure-configuration
[15] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)

View online: https://drupal.org/node/2194655

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-017
   * Project: Image Resize Filter [1] (third-party module)
   * Version: 6.x, 7.x
   * Date: 2014-February-12
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Denial of Service (DOS)

 DESCRIPTION
-

This module enables you to resize images based on the HTML contents of a
post. Images with specified height and width properties that differ from the
original image result in a resized image being created.

The module doesn't limit the number of resized images per post or user, which
could allow a user to post a large number of images that need to be resized
within a single piece of content. This could cause the server to become
overwhelmed by requests to resize images.

This vulnerability is mitigated by the fact that an attacker must have a role
that allows them to post content that utilizes the image resize filter.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Image Resize Filter 6.x-1.x versions prior to 6.x-1.14.
   * Image Resize Filter 7.x-1.x versions prior to 7.x-1.14.

Drupal core is not affected. If you do not use the contributed Image Resize
Filter [4] module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Image Resize Filter module for Drupal 6.x, upgrade to 
Image
 Resize Filter 6.x-1.14 [5]
   * If you use the Image Resize Filter module for Drupal 7.x, upgrade to 
Image
 Resize Filter 7.x-1.14 [6]

Also see the Image Resize Filter [7] project page.

 REPORTED BY
-

   * Dave Hansen-Lange [8]

 FIXED BY


   * Dave Hansen-Lange [9]
   * Nate Haug [10] the module maintainer

 COORDINATED BY
--

   * Greg Knaddison [11] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing
secure code for Drupal [14], and securing your site [15].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [16]


[1] http://drupal.org/project/image_resize_filter
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/image_resize_filter
[5] https://drupal.org/node/2194063
[6] https://drupal.org/node/2194065
[7] http://drupal.org/project/image_resize_filter
[8] https://drupal.org/user/18981
[9] https://drupal.org/user/18981
[10] https://drupal.org/user/35821
[11] http://drupal.org/user/36762
[12] http://drupal.org/contact
[13] http://drupal.org/security-team
[14] http://drupal.org/writing-secure-code
[15] http://drupal.org/security/secure-configuration
[16] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS)

View online: https://drupal.org/node/2194877

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-020
   * Project: Drupal Commons [1] (third-party distribution)
   * Version: 7.x
   * Date: 2014-02-12
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

Drupal Commons is a ready-to-use solution for building either internal or
external communities. It provides a complete social business software
solution for organizations. Drupal Commons displays an activity stream
containing messages about actions users take on the site.

In some cases, messages about content creation are not properly sanitized,
leading to cross site scripting in those messages.

The vulnerability is mitigated in that only certain kinds of activity stream
messages are affected, and not all arbitrary script can be executed.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Drupal Commons 7.x-3.x versions prior to 7.x-3.9.

Drupal core is not affected. If you do not use the contributed Drupal Commons
[4] distribution, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Drupal 7 Commons distribution, upgrade to Commons 7.x-3.9
 [5]

Also see the Drupal Commons [6] project page.

 REPORTED BY
-

   * Grant Gaudet [7]
   * Jakob Perry [8]

 FIXED BY


   * Jakob Perry [9] the project maintainer
   * Ezra Gildesgame [10]

 COORDINATED BY
--

   * Peter Wolanin [11] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [12].

Learn more about the Drupal Security team and their policies [13], writing
secure code for Drupal [14], and securing your site [15].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [16]


[1] http://drupal.org/project/commons
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/commons
[5] https://drupal.org/node/2194777
[6] http://drupal.org/project/commons
[7] http://drupal.org/user/360002
[8] http://drupal.org/user/45640
[9] http://drupal.org/user/45640
[10] http://drupal.org/user/69959
[11] https://drupal.org/user/49851
[12] http://drupal.org/contact
[13] http://drupal.org/security-team
[14] http://drupal.org/writing-secure-code
[15] http://drupal.org/security/secure-configuration
[16] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)

View online: https://drupal.org/node/2194671

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-018
   * Project: Webform [1] (third-party module)
   * Version: 6.x, 7.x
   * Date: 2014-February-12
   * Security risk: Critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

The Webform module enables you to create forms which can be used for surveys,
contact forms or other data collection throughout your site.

The module doesn't sufficiently sanitize field label titles when two fields
have the same form_key, which can only be managed by carefully crafting the
webform structure via a specific set of circumstances.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission create webform content.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Webform 6.x-3.x versions prior to 6.x-3.19.
   * Webform 7.x-3.x versions prior to 7.x-3.19.
   * Webform 7.x-4.x versions prior to 7.x-4.0-beta2.

Drupal core is not affected. If you do not use the contributed Webform [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the webform module for Drupal 6.x, upgrade to webform 6.x-3.20
 [5]
   * If you use the webform module for Drupal 7.x-3.x, upgrade to webform
 7.x-3.20 [6]
   * If you use the webform module for Drupal 7.x-4.x, upgrade to webform
 7.x-4.0-beta2 [7]

Also see the Webform [8] project page.

 REPORTED BY
-

   * Maurits Lawende [9]

 FIXED BY


   * Nate Haug [10] the module maintainer

 COORDINATED BY
--

   * Dan Smith [11] and Lee Rowlands [12] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [13].

Learn more about the Drupal Security team and their policies [14], writing
secure code for Drupal [15], and securing your site [16].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [17]


[1] http://drupal.org/project/webform
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/webform
[5] http://drupal.org/node/2194181
[6] http://drupal.org/node/2194183
[7] http://drupal.org/node/2194175
[8] http://drupal.org/project/webform
[9] http://drupal.org/user/243897
[10] http://drupal.org/user/35821
[11] http://drupal.org/user/241220
[12] https://drupal.org/user/395439
[13] http://drupal.org/contact
[14] http://drupal.org/security-team
[15] http://drupal.org/writing-secure-code
[16] http://drupal.org/security/secure-configuration
[17] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)

View online: https://drupal.org/node/2194809

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-019
   * Project: Easy Social [1] (third-party module)
   * Version: 7.x
   * Date: 2014-February-12
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

This module enables you to add social sharing widgets to your content and
pages.
The module doesn't sufficiently validate block titles when a user creates a
custom block from within the module's admin interface.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission administer easy social.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Easy Social 7.x-2.x versions prior to 7.x-2.11.

Drupal core is not affected. If you do not use the contributed Easy Social
[4] module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Easy Social module for Drupal 7.x, upgrade to Easy Social
 7.x-2.11 [5]

Also see the Easy Social [6] project page.

 REPORTED BY
-

   * James Davis [7]

 FIXED BY


   * Alex Weber [8] the module maintainer

 COORDINATED BY
--

   * Lee Rowlands [9] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [10].

Learn more about the Drupal Security team and their policies [11], writing
secure code for Drupal [12], and securing your site [13].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [14]


[1] http://drupal.org/project/easy_social
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/easy_social
[5] https://drupal.org/node/2194401
[6] http://drupal.org/project/easy_social
[7] http://drupal.org/user/2766355
[8] http://drupal.org/user/850856
[9] http://drupal.org/user/395439
[10] http://drupal.org/contact
[11] http://drupal.org/security-team
[12] http://drupal.org/writing-secure-code
[13] http://drupal.org/security/secure-configuration
[14] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:025 ] pidgin

2014-02-11 Thread security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:025
 http://www.mandriva.com/en/support/security/
 ___

 Package : pidgin
 Date: February 11, 2014
 Affected: Enterprise Server 5.0
 ___

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in pidgin:
 
 The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does
 not properly validate UTF-8 data, which allows remote attackers
 to cause a denial of service (application crash) via crafted byte
 sequences (CVE-2012-6152).
 
 Multiple integer signedness errors in libpurple in Pidgin before 2.10.8
 allow remote attackers to cause a denial of service (application crash)
 via a crafted timestamp value in an XMPP message (CVE-2013-6477).
 
 gtkimhtml.c in Pidgin before 2.10.8 does not properly interact
 with underlying library support for wide Pango layouts, which
 allows user-assisted remote attackers to cause a denial of service
 (application crash) via a long URL that is examined with a tooltip
 (CVE-2013-6478).
 
 util.c in libpurple in Pidgin before 2.10.8 does not properly allocate
 memory for HTTP responses that are inconsistent with the Content-Length
 header, which allows remote HTTP servers to cause a denial of service
 (application crash) via a crafted response (CVE-2013-6479).
 
 libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows
 remote attackers to cause a denial of service (crash) via a Yahoo! P2P
 message with a crafted length field, which triggers a buffer over-read
 (CVE-2013-6481).
 
 Pidgin before 2.10.8 allows remote MSN servers to cause a denial
 of service (NULL pointer dereference and crash) via a crafted (1)
 SOAP response, (2) OIM XML response, or (3) Content-Length header
 (CVE-2013-6482).
 
 The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does
 not properly determine whether the from address in an iq reply
 is consistent with the to address in an iq request, which allows
 remote attackers to spoof iq traffic or cause a denial of service
 (NULL pointer dereference and application crash) via a crafted reply
 (CVE-2013-6483).
 
 The STUN protocol implementation in libpurple in Pidgin before 2.10.8
 allows remote STUN servers to cause a denial of service (out-of-bounds
 write operation and application crash) by triggering a socket read
 error (CVE-2013-6484).
 
 Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows
 remote HTTP servers to cause a denial of service (application crash)
 or possibly have unspecified other impact via an invalid chunk-size
 field in chunked transfer-coding data (CVE-2013-6485).
 
 gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted
 remote attackers to execute arbitrary programs via a message containing
 a file: URL that is improperly handled during construction of an
 explorer.exe command. NOTE: this vulnerability exists because of an
 incomplete fix for CVE-2011-3185 (CVE-2013-6486).
 
 Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu
 (gg) parser in Pidgin before 2.10.8 allows remote attackers to have
 an unspecified impact via a large Content-Length value, which triggers
 a buffer overflow (CVE-2013-6487).
 
 Integer signedness error in the MXit functionality in Pidgin
 before 2.10.8 allows remote attackers to cause a denial of service
 (segmentation fault) via a crafted emoticon value, which triggers an
 integer overflow and a buffer overflow (CVE-2013-6489).
 
 The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote
 attackers to have an unspecified impact via a negative Content-Length
 header, which triggers a buffer overflow (CVE-2013-6490).
 
 The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does
 not validate argument counts, which allows remote IRC servers to
 cause a denial of service (application crash) via a crafted message
 (CVE-2014-0020).
 
 This update provides pidgin 2.10.9, which is not vulnerable to
 these issues.
 
 Additionally a build problem conserning sqlite3 was discovered and
 fixed, therefore fixed sqlite3 packages is also provided with this
 advisory.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
 http://cve.mitre.org/cgi-bin/cvename.cgi

[Full-disclosure] [ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail

2014-02-06 Thread ISecAuditors Security Advisories

=
INTERNET SECURITY AUDITORS ALERT 2013-014
- Original release date: March 25th, 2013
- Last revised:  March 25th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID: CVE-2013-6229
=

I. VULNERABILITY
-
Multiple reflected XSS vulnerabilities in Atmail WebMail.


II. BACKGROUND
-
Atmail allows users to access IMAP Mailboxes of any server of your
choice. The software provides

a comprehensive email-suite for accessing user mailboxes, and provides
an inbuilt Calendar and

Addressbook features. The WebMail Client of Atmail supports any existing
IMAP server running

under Unix/Linux or Windows systems.


III. DESCRIPTION
-
Has been detected multiple reflected XSS vulnerability:
1) in the view attachment message process
2) in the search message with filter process
3) in the delete message process

These vulnerabilities allows the execution of arbitrary HTML/script code
to be executed in the

context of the victim user's browser.


IV. PROOF OF CONCEPT
-
1) View attachment message process
When a user opens a file attachment in an email, the link is as follows:

http://atmail-

server/index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/ID/filenameOriginal/fil

e

where:
- atmail-server is the Atmail WebMail server
- ID is the unique ID for the message that contains the attachment
- file is the attachment file in the message

A malicious user can inject arbitrary HTML/script code in the file
parameter. For example:

http://atmail-

server/index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/ID/filenameOriginal/test

.txtH1marqueeThis+is+an+XSS+example


2) Search message with filter process
When a user search messages with a filter (for example, using the
Friends filter), the link is

as follows:

POST

/index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchRes

ultsTab5 HTTP/1.1
Host: atmail-server
...
searchQuery=goBack=6from=to=subject=body=filter=filter

where:
- atmail-server is the Atmail WebMail server
- filter is the name of the selected filter by the user

A malicious user can inject arbitrary HTML/script code in the filter
parameter. Also, This POST

HTTP Request can become a GET HTTP Request, making it easier to exploit
the vulnerability.
For example:

http://atmail-

server/index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/se

archResultsTab5?searchQuery=goBack=6from=to=subject=body=filter=friendsH1marqueeThis

+is+an+XSS+example


3) Delete message process
When a user select and delete a message, the link is as follows:

POST
/index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash
HTTP/1.1Host:

atmail-server
...
resultContext=messageListlistFolder=INBOXpageNumber=1unseen%5B21%5D=0mailId%5B

%5D=MailIDunseen%5B20%5D=0unseen%5B16%5D=0unseen%5B15%5D=0unseen%5B14%5D=0unseen

%5B12%5D=0unseen%5B11%5D=0unseen%5B10%5D=0unseen%5B9%5D=0unseen%5B8%5D=0unseen

%5B6%5D=0unseen%5B5%5D=0unseen%5B4%5D=0unseen%5B3%5D=0unseen%5B2%5D=0unseen%5B1%5D=0

where:
- atmail-server is the Atmail WebMail server
- MailID is the identifier (number) of the mail selected by the user

A malicious user can inject arbitrary HTML/script code in the MailID
parameter. Also, This POST

HTTP Request can become a GET HTTP Request, making it easier to exploit
the vulnerability.
For example:

http://atmail-server/index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash?

resultContext=messageListlistFolder=INBOXpageNumber=1unseen%5B21%5D=0mailId%5B

%5D=H1marqueeThis+is+an+XSS+exampleunseen%5B20%5D=0unseen%5B16%5D=0unseen

%5B15%5D=0unseen%5B14%5D=0unseen%5B12%5D=0unseen%5B11%5D=0unseen%5B10%5D=0unseen

%5B9%5D=0unseen%5B8%5D=0unseen%5B6%5D=0unseen%5B5%5D=0unseen%5B4%5D=0unseen%5B3%5D=0unseen

%5B2%5D=0unseen%5B1%5D=0


V. BUSINESS IMPACT
-
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, this can

leverage to steal sensitive information as user credentials, personal
data, etc.

 
VI. SYSTEMS AFFECTED
-
Tested in Atmail 7.0.2. Other versions may be affected too.

 
VII. SOLUTION
-
-


VIII. REFERENCES
-
http://www.atmail.com
http://www.isecauditors.com


IX. CREDITS
-
This vulnerability has been discovered
by Vicente Aguilera Diaz (vaguilera (at) isecauditors (dot) com).


X. REVISION HISTORY
-
March   9, 2013: Initial release
March   22, 2013: Last revision


XI. DISCLOSURE TIMELINE
-
March   9, 2013: Discovered by Internet Security Auditors
March   22, 2013: Advisory updated with new XSS vulnerable resources
October08, 2013: Firt contact with developer team
October16

Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

2014-02-05 Thread security curmudgeon



: From: Mark Litchfield mark () securatary com

: As previously stated, I would post an update for Ektron CMS bypassing 
: the security fix.


: A full step by step with the usual screen shots can be found at - 
: http://www.securatary.com/vulnerabilities


Uh... you expect people to login to your site with their Facebook or 
Twitter credentials, to access these advisories?


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

2014-02-05 Thread security curmudgeon


:  : From: Mark Litchfield mark () securatary com
:  
:  : As previously stated, I would post an update for Ektron CMS bypassing :
:  the security fix.
:  
:  : A full step by step with the usual screen shots can be found at - :
:  http://www.securatary.com/vulnerabilities
:  
:  Uh... you expect people to login to your site with their Facebook or Twitter
:  credentials, to access these advisories?
: 
: Errr no ??  Use the other option ??  And if you don't want to register, don't
: bother !!

Links from /vulnerabilities, directly from advisories off the Research 
page, and even Follow us on Twitter all drop back to a login page asking 
for authentication using either Facebook or Twitter.

This is not the behavior of the site as of 48 hours ago.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

2014-02-05 Thread security curmudgeon


:  This is not the behavior of the site as of 48 hours ago.

: Let me check.  Normal registration should also be available ? Infact I 
: will remove the registration.
: 
: The purpose of this whole registration in the first place was to allow 
: for future postings I am going to make later this week that would only 
: be available to registered users.  Not necessarily vulnerabilities, but 
: useful stuff for pentesting.  Also all registered users would be given 
: a 48 hours head start on any new vulnerabilities that I post in the 
: future.

Which is great, but I strongly recommend you allow a site-specific 
registration for such purposes. Giving up one of the two dominant social 
media accounts for it is excessive.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure

View online: https://drupal.org/node/2187453

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-009
   * Project: Tagadelic [1] (third-party module)
   * Version: 6.x
   * Date: 2014-February-05
   * Security risk: Less critical [2]
   * Exploitable from: Remote
   * Vulnerability: Information Disclosure

 DESCRIPTION
-

This module provides an API and a few simple turnkey modules, which allows
you to easily create tagclouds, weighted lists, search-clouds and such.

The 6.x-1.x version does not account for node access modules, thus leading to
information being disclosed.

This vulnerability is mitigated by the fact that a site must be using a node
access module.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Tagadelic 6.x-1.x versions.

Drupal core is not affected. If you do not use the contributed Tagadelic [4]
module, there is nothing you need to do.

 SOLUTION


If you use the Tagadelic module for Drupal 6.x, upgrade to Tagadelic 6.x-1.5
[5] and then disable node access modules, such as taxonomy_access and
content_access.

Also see the Tagadelic [6] project page.

 REPORTED BY
-

   * Michael Hess [7] of the Drupal Security Team

 FIXED BY


   * Rick Manelius [8]
   * Sean T. Walsh [9]

 COORDINATED BY
--

   * Rick Manelius [10] provisional member of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [11].

Learn more about the Drupal Security team and their policies [12], writing
secure code for Drupal [13], and securing your site [14].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [15]


[1] http://drupal.org/project/tagadelic
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/tagadelic
[5] https://drupal.org/node/217
[6] http://drupal.org/project/tagadelic
[7] http://drupal.org/user/102818
[8] https://drupal.org/user/680072
[9] http://drupal.org/user/995722
[10] http://drupal.org/user/680072
[11] http://drupal.org/contact
[12] http://drupal.org/security-team
[13] http://drupal.org/writing-secure-code
[14] http://drupal.org/security/secure-configuration
[15] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-010 Services - Access Bypass and Privilege Escalation

View online: https://drupal.org/node/2189509

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-010
   * Project: Services [1] (third-party module)
   * Version: 7.x
   * Date: 2014-February-05
   * Security risk: Highly critical [2]
   * Exploitable from: Remote
   * Vulnerability: Access bypass

 DESCRIPTION
-

The Services module enables you to expose an API to third party systems using
REST, XML-RPC or other protocols.

 User update access bypass vulnerability

An authenticated user is able to assign additional roles to themselves, which
means they can escalate their privileges by assigning an administrative role.

This vulnerability is mitigated by the fact that the user must be able to log
in on the site, the update operation on the user resource configuration must
be enabled, and a site must have an role with more permissions than the
authenticated user.

 Comment access bypass vulnerability

As an authenticated user an attacker with the permission to post comments is
able to update other users' comments.

This vulnerability is mitigated by the fact that the update operation on the
comment resource configuration must be enabled.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Services 7.x-3.x versions prior to 7.x-3.6.

Drupal core is not affected. If you do not use the contributed Services [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Services module for Drupal 7.x, upgrade to Services 
7.x-3.7
 [5]

Also see the Services [6] project page.

 REPORTED BY
-

   * The User update access bypass vulnerability was reported by Fredrik 
Lassen
 [7].
   * The Comment access bypass vulnerability was reported by wedge [8].

 FIXED BY


   * The User update access bypass vulnerability was fixed by Fredrik Lassen
 [9].
   * The Comment access bypass vulnerability was fixed by Kyle Browning [10],
 the module maintainer.

 COORDINATED BY
--

   * Klaus Purer [11] of the Drupal Security Team
   * Balazs Dianiska [12] a provisional member of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [13].

Learn more about the Drupal Security team and their policies [14], writing
secure code for Drupal [15], and securing your site [16].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [17]


[1] http://drupal.org/project/services
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/services
[5] https://drupal.org/node/2186581
[6] http://drupal.org/project/services
[7] https://drupal.org/user/243377
[8] https://drupal.org/user/11442
[9] https://drupal.org/user/243377
[10] https://drupal.org/user/211387
[11] http://drupal.org/user/262198
[12] http://drupal.org/user/58645
[13] http://drupal.org/contact
[14] http://drupal.org/security-team
[15] http://drupal.org/writing-secure-code
[16] http://drupal.org/security/secure-configuration
[17] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure

View online: https://drupal.org/node/2189643

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-011
   * Project: Push Notifications [1] (third-party module)
   * Version: 7.x
   * Date: 2014-February-05
   * Security risk: Less critical [2]
   * Exploitable from: Remote
   * Vulnerability: Information Disclosure

 DESCRIPTION
-

This module enables the delivery of push notifications to iOS and Android
devices.

The module doesn't sufficiently randomize the certificate filenames required
for Apple's Push Notification service or protect the files from being
publicly accessible, which could allow an attacker to acquire the
certificates and broadcast push notifications to the target's user base.

This vulnerability primarily affects sites that did not follow the general
security best practice of placing certificates into a directory outside of
the webroot and did not use password-protected certificate files.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * push_notifications 7.x-1.x versions prior to 7.x-1.1

Drupal core is not affected. If you do not use the contributed Push
Notifications [4] module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the push_notifications module for Drupal 7.x and your APNS
 certificate files are stored in the default directory, upgrade to
 push_notifications 7.x-1.1 [5]
   * Navigate to the configuration page for the push_notifications module
 (admin/config/services/push_notifications/configure) and click the
 Generate new certificate string button to generate a random filename.
 Then, rename your APNS certificates according to the instructions on the
 push notification configuration page.

Also see the Push Notifications [6] project page.

 REPORTED BY
-

   * Graham Bates [7] of the Drupal Security Team

 FIXED BY


   * Daniel Hanold [8] the module maintainer

 COORDINATED BY
--

   * Laurence Liss [9] provisional member of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [10].

Learn more about the Drupal Security team and their policies [11], writing
secure code for Drupal [12], and securing your site [13].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [14]


[1] http://drupal.org/project/push_notifications
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/push_notifications
[5] http://drupal.org/node/2188983
[6] http://drupal.org/project/push_notifications
[7] http://drupal.org/user/16029
[8] http://drupal.org/user/339733
[9] http://drupal.org/user/724750
[10] http://drupal.org/contact
[11] http://drupal.org/security-team
[12] http://drupal.org/writing-secure-code
[13] http://drupal.org/security/secure-configuration
[14] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)

View online: https://drupal.org/node/2189751

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-012
   * Project: Modal Frame API [1] (third-party module)
   * Version: 6.x
   * Date: 2014-February-05
   * Security risk: Moderately critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

This module enables provides an API to render an iframe within a modal dialog
based on the jQuery UI Dialog plugin. You should not install this module
unless another module requires you to, or you wish to use it for your own
custom modules.

The module doesn't sufficiently filter user supplied text.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * modalframe 6.x-1.8 and prior versions

Drupal core is not affected. If you do not use the contributed Modal Frame
API [4] module, there is nothing you need to do.

 SOLUTION


Uninstall the module.  It is no longer maintained.

Also see the Modal Frame API [5] project page.

 REPORTED BY
-

   * Erich Beyrent

 FIXED BY


Not applicable.

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [6].

Learn more about the Drupal Security team and their policies [7], writing
secure code for Drupal [8], and securing your site [9].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [10]


[1] http://drupal.org/project/modalframe
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/modalframe
[5] http://drupal.org/project/modalframe
[6] http://drupal.org/contact
[7] http://drupal.org/security-team
[8] http://drupal.org/writing-secure-code
[9] http://drupal.org/security/secure-configuration
[10] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service

2014-01-31 Thread Security Explorations



Hello All,

Those concerned about security of Java PaaS (Platform as a Service)
or cloud services in general might find the following information
interesting.

Security Explorations discovered multiple security vulnerabilities
in the environment of Oracle [1] Java Cloud Service [2].

Among a total of 28 issues found, there are 16 weaknesses that make
it possible to completely break Java security sandbox of a target
WebLogic server environment. An attacker can further leverage this
to gain access to application deployments of other users of Oracle
Java Cloud service in the same regional data center.

The nature of the weaknesses identified in Oracle's service indicates
that it was not a subject of a thorough security review and penetration
testing prior to the public offering. They illustrate known and widely
discussed security risks related to Java [3]. They also expose weak
understanding of Java security model and attack techniques by Oracle
engineers.

More information regarding our research can be found at the official
pages of SE-2013-01 project:

http://www.security-explorations.com/en/SE-2013-01.html

We hope the next time Larry Ellison is about to choose between boats
and work [4], work is gonna win as obviously certain areas at Oracle
need actual work, not the improvisation.

Thank you.

Best Regards,
Adam Gowdiak

-
Security Explorations
http://www.security-explorations.com
We bring security research to the new level
-

References:
[1] Oracle Corporation
http://www.oracle.com
[2] Oracle Java Cloud Service
https://cloud.oracle.com/mycloud/f?p=service:java:0
[3] SE-2012-01 Project, Security Vulnerabilities in Java SE
http://www.security-explorations.com/en/SE-2012-01.html
[4] Ellison ditches own cloud keynote for billionaires' America's Cup 
boat race

http://www.theregister.co.uk/2013/09/24/oracle_openworld_walkout/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-007 - Services - Multiple access bypass vulnerabilities

2014-01-29 Thread security-news

View online: https://drupal.org/node/2184843

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-007
   * Project: Services [1] (third-party module)
   * Version: 7.x
   * Date: 2014-January-29
   * Security risk: Highly critical [2]
   * Exploitable from: Remote
   * Vulnerability: Multiple access bypass vulnerabilities

 DESCRIPTION
-

This module enables you to expose an API to third party systems using REST,
XML-RPC or other protocols.

The form API provides a method for developers to submit forms
programmatically using the function drupal_form_submit(). During programmatic
form submissions, all access checks are deliberately bypassed, and any form
element may be submitted regardless of the current user's access level.

To facilitate this, a new, optional
$form_state['programmed_bypass_access_check'] element has been added to the
Drupal 7 form API. If this is provided and set to FALSE, drupal_form_submit()
will perform the normal form access checks against the current user while
submitting the form, rather than bypassing them.

Services relies heavily on programmatic form submission and therefore needs
to use this new $form_state['programmed_bypass_access_check'] so that access
control parameters and hooks are performed for untrusted users.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Services 7.x-3.x versions prior to 7.x-3.5.

Drupal core is not affected. If you do not use the contributed Services [4]
module, there is nothing you need to do.

 SOLUTION


Install the latest version:

   * If you use the Services module for Drupal 7.x, upgrade to Services 
7.x-3.6
 [5]

Also see the Services [6] project page.

 REPORTED BY
-

   * wedge [7]
   * prjcarr [8]

 FIXED BY


   * David Rothstein [9] of the Drupal Security Team
   * Hunter Fox [10] of the Drupal Security Team
   * Kyle Browning [11], the module maintainer.

 COORDINATED BY
--

   * Hunter Fox [12] of the Drupal Security Team
   * Klaus Purer [13] of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [14].

Learn more about the Drupal Security team and their policies [15], writing
secure code for Drupal [16], and securing your site [17].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [18]


[1] http://drupal.org/project/services
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/services
[5] https://drupal.org/node/2180373
[6] http://drupal.org/project/services
[7] https://drupal.org/user/11442
[8] https://drupal.org/user/1223090
[9] https://drupal.org/user/124982
[10] https://drupal.org/user/426416
[11] https://drupal.org/user/211387
[12] http://drupal.org/user/426416
[13] http://drupal.org/user/262198
[14] http://drupal.org/contact
[15] http://drupal.org/security-team
[16] http://drupal.org/writing-secure-code
[17] http://drupal.org/security/secure-configuration
[18] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [Security-news] SA-CONTRIB-2014-008 - Tribune - Cross Site Scripting (XSS)

2014-01-29 Thread security-news

View online: https://drupal.org/node/2184845

   * Advisory ID: DRUPAL-SA-CONTRIB-2014-008
   * Project: Tribune [1] (third-party module)
   * Version: 6.x, 7.x
   * Date: 2014-January-29
   * Security risk: Highly critical [2]
   * Exploitable from: Remote
   * Vulnerability: Cross Site Scripting

 DESCRIPTION
-

A tribune is a type of chatroom.

The module doesn't sufficiently filter user provided text from Tribune node
titles.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission to create a Tribune node.


 CVE IDENTIFIER(S) ISSUED


   * /A CVE identifier [3] will be requested, and added upon issuance, in
 accordance with Drupal Security Team processes./

 VERSIONS AFFECTED
---

   * Tribune 6.x-1.x versions.
   * Tribune 7.x-3.x versions.

Drupal core is not affected. If you do not use the contributed Tribune [4]
module, there is nothing you need to do.

 SOLUTION


Remove the module or otherwise mitigate the issue.

Also see the Tribune [5] project page.

 REPORTED BY
-

   * Raynald Mirville [6]

 FIXED BY


Not applicable.

 COORDINATED BY
--

   * Laurence Liss [7] provisional member of the Drupal Security Team

 CONTACT AND MORE INFORMATION


The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [8].

Learn more about the Drupal Security team and their policies [9], writing
secure code for Drupal [10], and securing your site [11].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [12]


[1] http://drupal.org/project/tribune
[2] http://drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] http://drupal.org/project/tribune
[5] http://drupal.org/project/tribune
[6] http://drupal.org/user/2737379
[7] http://drupal.org/user/724750
[8] http://drupal.org/contact
[9] http://drupal.org/security-team
[10] http://drupal.org/writing-secure-code
[11] http://drupal.org/security/secure-configuration
[12] https://twitter.com/drupalsecurity

___
Security-news mailing list
security-n...@drupal.org
Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:021 ] perl-Proc-Daemon

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:021
 http://www.mandriva.com/en/support/security/
 ___

 Package : perl-Proc-Daemon
 Date: January 24, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 Updated perl-Proc-Daemon package fixes security vulnerability:
 
 It was reported that perl-Proc-Daemon, when instructed to write
 a pid file, does that with a umask set to 0, so the pid file ends
 up with mode 666, allowing any user on the system to overwrite it
 (CVE-2013-7135).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7135
 
https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125133.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 eb4625acb3c72e6f7463ad9172843c27  
mes5/i586/perl-Proc-Daemon-0.03-5.1mdvmes5.2.noarch.rpm 
 b367ed9786497cd5538474643de43834  
mes5/SRPMS/perl-Proc-Daemon-0.03-5.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 81fe1be38c5c3b5b9192e12faf377d43  
mes5/x86_64/perl-Proc-Daemon-0.03-5.1mdvmes5.2.noarch.rpm 
 b367ed9786497cd5538474643de43834  
mes5/SRPMS/perl-Proc-Daemon-0.03-5.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 3ce0594ce38d205794e581292add47ed  
mbs1/x86_64/perl-Proc-Daemon-0.140.0-2.1.mbs1.noarch.rpm 
 16b0dacea233f3735f14d8acaefd15b0  
mbs1/SRPMS/perl-Proc-Daemon-0.140.0-2.1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS4osimqjQ0CJFipgRAsFXAJ9/52LREmpkJE0+5bwOgJIilPLw6QCg85nc
T+mwEZy2fbPsc0IAnm51TAU=
=aZC5
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:022 ] augeas

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:022
 http://www.mandriva.com/en/support/security/
 ___

 Package : augeas
 Date: January 24, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated augeas packages fix security vulnerabilities:
 
 Multiple flaws were found in the way Augeas handled configuration files
 when updating them. An application using Augeas to update configuration
 files in a directory that is writable to by a different user (for
 example, an application running as root that is updating files in a
 directory owned by a non-root service user) could have been tricked
 into overwriting arbitrary files or leaking information via a symbolic
 link or mount point attack (CVE-2012-0786, CVE-2012-0787).
 
 A flaw was found in the way Augeas handled certain umask settings
 when creating new configuration files. This flaw could result
 in configuration files being created as world writable, allowing
 unprivileged local users to modify their content (CVE-2013-6412).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0787
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412
 https://rhn.redhat.com/errata/RHSA-2013-1537.html
 https://rhn.redhat.com/errata/RHSA-2014-0044.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 799a59ca268bf8f01dcdf8bfdb5e038f  mbs1/x86_64/augeas-1.1.0-1.1.mbs1.x86_64.rpm
 83a4643fa57cdab5a5191999bc687925  
mbs1/x86_64/augeas-lenses-1.1.0-1.1.mbs1.x86_64.rpm
 19623ba70567eed99d718bcad1ce9a35  
mbs1/x86_64/lib64augeas0-1.1.0-1.1.mbs1.x86_64.rpm
 7f039c5e0a965cfa21fda1dceba9e22f  
mbs1/x86_64/lib64augeas-devel-1.1.0-1.1.mbs1.x86_64.rpm
 123fda0cfde74d4b5f19a0d3ecffe323  
mbs1/x86_64/lib64fa1-1.1.0-1.1.mbs1.x86_64.rpm 
 9bc8bccb4b3d3a7901b018a604e5f5fb  mbs1/SRPMS/augeas-1.1.0-1.1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS4o6FmqjQ0CJFipgRAqzXAJ9mMIeUMIprErjkvjDP1wMn+C5tSQCgsZKu
k5Ku18i2UyRIA0FjIE89kQ8=
=F2IH
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:023 ] hplip

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:023
 http://www.mandriva.com/en/support/security/
 ___

 Package : hplip
 Date: January 24, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated hplip packages fix security vulnerabilities:
 
 It was discovered that the HPLIP Polkit daemon incorrectly handled
 temporary files. A local attacker could possibly use this issue to
 overwrite arbitrary files (CVE-2013-6402).
 
 It was discovered that HPLIP contained an upgrade tool that would
 download code in an unsafe fashion. If a remote attacker were able
 to perform a man-in-the-middle attack, this flaw could be exploited
 to execute arbitrary code (CVE-2013-6427).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6427
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 adc12c9248b6f2aef16d531f7e50ce41  mbs1/x86_64/hplip-3.12.4-1.3.mbs1.x86_64.rpm
 e124ee062c8d494e9dfb3fca497c9eed  
mbs1/x86_64/hplip-doc-3.12.4-1.3.mbs1.x86_64.rpm
 8473fa2dc4383384fe473901ccd22447  
mbs1/x86_64/hplip-hpijs-3.12.4-1.3.mbs1.x86_64.rpm
 da5b7c37451bc067f279fec666b45666  
mbs1/x86_64/hplip-hpijs-ppds-3.12.4-1.3.mbs1.x86_64.rpm
 8494b5a958e0660dcfdd878be5e0c4d6  
mbs1/x86_64/hplip-model-data-3.12.4-1.3.mbs1.x86_64.rpm
 5f3206efa244ac3a49e8738f3b115936  
mbs1/x86_64/lib64hpip0-3.12.4-1.3.mbs1.x86_64.rpm
 a8b8517ec195e3d6626a6d3bf537d429  
mbs1/x86_64/lib64hpip0-devel-3.12.4-1.3.mbs1.x86_64.rpm
 e808dcb068262a1450f4b2e49924c8a1  
mbs1/x86_64/lib64sane-hpaio1-3.12.4-1.3.mbs1.x86_64.rpm 
 68139aac8cebae63bc0ad47490b6b83e  mbs1/SRPMS/hplip-3.12.4-1.3.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS4o8AmqjQ0CJFipgRAt/kAJ9K1QKlPy2r/lF/DgBDldjVIFIksQCcCusG
T9Gl/6j4lvhc4YQDWjSuLUM=
=Jigf
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:024 ] graphviz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:024
 http://www.mandriva.com/en/support/security/
 ___

 Package : graphviz
 Date: January 24, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 ___

 Problem Description:

 Updated graphviz packages fix security vulnerabilities:
 
 Multiple buffer overflow vulnerabilities in graphviz due to an
 error within the yyerror() function (lib/cgraph/scan.l) which can
 be exploited to cause a stack-based buffer overflow via a specially
 crafted file (CVE-2014-0978) and the acceptance of an arbitrarily
 long digit list by a regular expression matched against user input
 (CVE-2014-1236).
 
 A build problem was discovered and fixed in swig while building
 graphviz for Business Server 1, related to the new php-5.5.x version as
 of the MDVSA-2014:014 advisory. Fixed swig packages is being provided
 with this advisory as well.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0978
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1236
 https://bugzilla.redhat.com/show_bug.cgi?id=1049165
 https://bugzilla.redhat.com/show_bug.cgi?id=1050872
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 2a18726d58e94c853368f61b74985621  
mes5/i586/graphviz-2.20.2-3.2mdvmes5.2.i586.rpm
 86576d993d8eb8d9d3cc3275fc59d05c  
mes5/i586/graphviz-doc-2.20.2-3.2mdvmes5.2.i586.rpm
 9445dda34d27a127ab061e8ce46c33e7  
mes5/i586/libgraphviz4-2.20.2-3.2mdvmes5.2.i586.rpm
 17c580271cff60dd67812a76538b68f2  
mes5/i586/libgraphviz-devel-2.20.2-3.2mdvmes5.2.i586.rpm
 120f0bd74e4dba0c0b5828fd36114922  
mes5/i586/libgraphvizlua0-2.20.2-3.2mdvmes5.2.i586.rpm
 d2b1ce303b17c855ba9b1e0f36e63c27  
mes5/i586/libgraphvizocaml0-2.20.2-3.2mdvmes5.2.i586.rpm
 cc601eb1d97d5eed0207ad65fd684c14  
mes5/i586/libgraphvizperl0-2.20.2-3.2mdvmes5.2.i586.rpm
 901ab5b43b485b3b84400bc12c66a737  
mes5/i586/libgraphvizphp0-2.20.2-3.2mdvmes5.2.i586.rpm
 68471acd054c298d9b518962d8c0c82a  
mes5/i586/libgraphvizpython0-2.20.2-3.2mdvmes5.2.i586.rpm
 efec65a3e46b17d91f56c92422da62b5  
mes5/i586/libgraphvizr0-2.20.2-3.2mdvmes5.2.i586.rpm
 a68d0aaefb900d581373ad90007dbf5b  
mes5/i586/libgraphvizruby0-2.20.2-3.2mdvmes5.2.i586.rpm
 13efe709f3cc9dfe77f95d9617feb61b  
mes5/i586/libgraphviz-static-devel-2.20.2-3.2mdvmes5.2.i586.rpm
 7c6ffe31b97e59ed5658c98ef82a1a6d  
mes5/i586/libgraphviztcl0-2.20.2-3.2mdvmes5.2.i586.rpm 
 17ca784b83a219d225db1331ac69e9f1  
mes5/SRPMS/graphviz-2.20.2-3.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 fc261681ba0e67ae9dd5ab13e3b5595d  
mes5/x86_64/graphviz-2.20.2-3.2mdvmes5.2.x86_64.rpm
 3af864974719f5e7119d96246e7496e5  
mes5/x86_64/graphviz-doc-2.20.2-3.2mdvmes5.2.x86_64.rpm
 b3f45e5ba5980d9eaba89d38ab552e87  
mes5/x86_64/lib64graphviz4-2.20.2-3.2mdvmes5.2.x86_64.rpm
 a0a671a56a1215ce1429062f7362d763  
mes5/x86_64/lib64graphviz-devel-2.20.2-3.2mdvmes5.2.x86_64.rpm
 b1beabec6196ab963f990d1f95d59415  
mes5/x86_64/lib64graphvizlua0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 fadbd28da4026a41d38e7e95b953867e  
mes5/x86_64/lib64graphvizocaml0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 45399effafea89c1255ac03004591005  
mes5/x86_64/lib64graphvizperl0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 97ebf63c09b7b6dacace0b14d5e03530  
mes5/x86_64/lib64graphvizphp0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 bb3a68ba425490db3d8dd5ef6e4938d7  
mes5/x86_64/lib64graphvizpython0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 6cc193e79ac549b18ddc2b90b2aac175  
mes5/x86_64/lib64graphvizr0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 d8fc40ea3f32a4cbea5df1b788b216a3  
mes5/x86_64/lib64graphvizruby0-2.20.2-3.2mdvmes5.2.x86_64.rpm
 43c70bfc1265ab90359d7c2384e093d1  
mes5/x86_64/lib64graphviz-static-devel-2.20.2-3.2mdvmes5.2.x86_64.rpm
 2f8a47d9bfacac7f54db914485f64b9b  
mes5/x86_64/lib64graphviztcl0-2.20.2-3.2mdvmes5.2.x86_64.rpm 
 17ca784b83a219d225db1331ac69e9f1  
mes5/SRPMS/graphviz-2.20.2-3.2mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 c4a2b0a3bc7bece8cd82a3f2bf33b9ec  
mbs1/x86_64/graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 38a95799fa68b8ac74aab2d378fdff0d  
mbs1/x86_64/graphviz-doc-2.28.0-6.1.mbs1.noarch.rpm
 7844c839811ddb469b51f25569ed21df  
mbs1/x86_64/java-graphviz-2.28.0-6.1.mbs1.x86_64.rpm
 f0330cca4194aba5f235ec40be9e06a6  
mbs1/x86_64/lib64cdt5-2.28.0-6.1.mbs1.x86_64.rpm
 beea5b9f76b6a46c5a930a2bbbe73ef8  
mbs1/x86_64/lib64cgraph6-2.28.0-6.1.mbs1.x86_64.rpm
 f9bce656a8a26190a01d935ad82f47fd  
mbs1/x86_64/lib64graph5-2.28.0-6.1.mbs1.x86_64.rpm
 f6c7bbd2b7580701743b9b9df646ce00  
mbs1/x86_64/lib64graphviz-devel-2.28.0-6.1.mbs1.x86_64.rpm
 5992fe4c4ac3523f5687f691951bab67  
mbs1/x86_64/lib64graphviz-static-devel-2.28.0

[Full-disclosure] [ MDVSA-2014:015 ] cups

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:015
 http://www.mandriva.com/en/support/security/
 ___

 Package : cups
 Date: January 22, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated cups packages fix security vulnerability:
 
 Jann Horn discovered that the CUPS lppasswd tool incorrectly read a
 user configuration file in certain configurations. A local attacker
 could use this to read sensitive information from certain files,
 bypassing access restrictions (CVE-2013-6891).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891
 http://advisories.mageia.org/MGASA-2014-0021.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 a6646cbe1804c5d62e37197b3ec90ec8  mbs1/x86_64/cups-1.5.4-1.3.mbs1.x86_64.rpm
 fa20903729498ec8fbd29c6585abaa9a  
mbs1/x86_64/cups-common-1.5.4-1.3.mbs1.x86_64.rpm
 aca4ef10b72a067ab3a7fb36df3fa5d3  
mbs1/x86_64/cups-serial-1.5.4-1.3.mbs1.x86_64.rpm
 d30e3298fe8a3c1f9b8faf86d08b26e0  
mbs1/x86_64/lib64cups2-1.5.4-1.3.mbs1.x86_64.rpm
 281b77cf4c621cd2afd865f9349b7c90  
mbs1/x86_64/lib64cups2-devel-1.5.4-1.3.mbs1.x86_64.rpm
 49ea22c6a06c0c71069fe8fa1a7c405c  
mbs1/x86_64/php-cups-1.5.4-1.3.mbs1.x86_64.rpm 
 8d940ef3c9ba290046e5120c1e0eb884  mbs1/SRPMS/cups-1.5.4-1.3.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS36NymqjQ0CJFipgRAnUGAKDWT3RVrtLGGx5BB5G/Eq/RCaw/VwCdFGgD
FbNNO4sxy/x9TNaaHUrvaHA=
=+Ux+
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:016 ] spice

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:016
 http://www.mandriva.com/en/support/security/
 ___

 Package : spice
 Date: January 22, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated spice packages fix security vulnerability:
 
 A stack-based buffer overflow flaw was found in the way the
 reds_handle_ticket() function in the spice-server library handled
 decryption of ticket data provided by the client. A remote user able
 to initiate a SPICE connection to an application acting as a SPICE
 server could use this flaw to crash the application (CVE-2013-4282).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
 http://advisories.mageia.org/MGASA-2014-0022.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 f054ba777f3e168eb87bb2ee6abfd193  
mbs1/x86_64/lib64spice-server1-0.12.2-5.2.mbs1.x86_64.rpm
 4d7457a8fc40a236a3dc9383ce4c1ff3  
mbs1/x86_64/lib64spice-server-devel-0.12.2-5.2.mbs1.x86_64.rpm
 4f4cfaf5098d6fd2a434e2dec4008da4  
mbs1/x86_64/spice-client-0.12.2-5.2.mbs1.x86_64.rpm 
 03a3e63dc3eefbdd801006700bf66568  mbs1/SRPMS/spice-0.12.2-5.2.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS36P+mqjQ0CJFipgRAgVPAJsEjz2AtwTtwJoW6jPAhGz7nP6qZQCcCspy
FLedyI7vlC+uhn4kSVlNGX8=
=MeFn
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:017 ] net-snmp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:017
 http://www.mandriva.com/en/support/security/
 ___

 Package : net-snmp
 Date: January 22, 2014
 Affected: Business Server 1.0
 ___

 Problem Description:

 Updated net-snmp packages fix security vulnerability:
 
 Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle
 a MIB and processing GETNEXT requests, allows remote attackers to
 cause a denial of service (crash or infinite loop, CPU consumption,
 and hang) by causing the AgentX subagent to timeout (CVE-2012-6151).
 
 This update also fixes two other minor issues: IPADDRESS size in
 python-netsnmp on 64-bit systems and adding btrfs support to hrFSTable.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151
 http://advisories.mageia.org/MGASA-2014-0019.html
 ___

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 959228fa98cb764643fda49fc3f2d16b  
mbs1/x86_64/lib64net-snmp30-5.7.2-1.mbs1.x86_64.rpm
 521d3baf5a9bc2b64b645d5fded54b4b  
mbs1/x86_64/lib64net-snmp-devel-5.7.2-1.mbs1.x86_64.rpm
 cd4b2bc8aa2adc8cda3d96afb0594e26  
mbs1/x86_64/lib64net-snmp-static-devel-5.7.2-1.mbs1.x86_64.rpm
 86ebfcc8f265fa0af6b43b4fe07a7edf  mbs1/x86_64/net-snmp-5.7.2-1.mbs1.x86_64.rpm
 887b5a7ef272830005001bfd899d223d  
mbs1/x86_64/net-snmp-mibs-5.7.2-1.mbs1.x86_64.rpm
 7f6123819e280fd7e88acb01f61e6567  
mbs1/x86_64/net-snmp-tkmib-5.7.2-1.mbs1.x86_64.rpm
 6a495803e81a1896242b0943230ea895  
mbs1/x86_64/net-snmp-trapd-5.7.2-1.mbs1.x86_64.rpm
 befe57de590d5c41fcc147abc06c1a97  
mbs1/x86_64/net-snmp-utils-5.7.2-1.mbs1.x86_64.rpm
 56810dcad44c9b1608b6141fa12f9a45  
mbs1/x86_64/perl-NetSNMP-5.7.2-1.mbs1.x86_64.rpm
 a92230ace71657d042cd7bf770c98234  
mbs1/x86_64/python-netsnmp-5.7.2-1.mbs1.x86_64.rpm 
 7e1c7f2c91b059835d1ff01ddd1fdc58  mbs1/SRPMS/net-snmp-5.7.2-1.mbs1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS37hgmqjQ0CJFipgRAjxKAKC6ViJ2WOTAAWJFn11qJpAb/VDpIQCePDvL
7Y2ZoOmPI9yoA8XKT9uUKMk=
=y+p/
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:018 ] net-snmp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2014:018
 http://www.mandriva.com/en/support/security/
 ___

 Package : net-snmp
 Date: January 22, 2014
 Affected: Enterprise Server 5.0
 ___

 Problem Description:

 Updated net-snmp packages fix security vulnerability:
 
 Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle
 a MIB and processing GETNEXT requests, allows remote attackers to
 cause a denial of service (crash or infinite loop, CPU consumption,
 and hang) by causing the AgentX subagent to timeout (CVE-2012-6151).
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151
 http://advisories.mageia.org/MGASA-2014-0019.html
 ___

 Updated Packages:

 Mandriva Enterprise Server 5:
 f8f0a08d1422e1b4003de8aa3d5a92b3  
mes5/i586/libnet-snmp15-5.4.2-2.5mdvmes5.2.i586.rpm
 7354d7ce03ce19875ebf7766eaac223b  
mes5/i586/libnet-snmp-devel-5.4.2-2.5mdvmes5.2.i586.rpm
 af910ddbf398b920763afd8a0aa6efcf  
mes5/i586/libnet-snmp-static-devel-5.4.2-2.5mdvmes5.2.i586.rpm
 62ec0b64c14ce97fd7a2c153ff800985  
mes5/i586/net-snmp-5.4.2-2.5mdvmes5.2.i586.rpm
 53f185c085d12bb6532c74b4a6b490d2  
mes5/i586/net-snmp-mibs-5.4.2-2.5mdvmes5.2.i586.rpm
 b7bd8629ccb5ec2d9f441c179e9a5b46  
mes5/i586/net-snmp-tkmib-5.4.2-2.5mdvmes5.2.i586.rpm
 584b6a26b64b92332e848250ba2491cd  
mes5/i586/net-snmp-trapd-5.4.2-2.5mdvmes5.2.i586.rpm
 f519a0f295cdd31ff914c13b8b2793b3  
mes5/i586/net-snmp-utils-5.4.2-2.5mdvmes5.2.i586.rpm
 71a1430cb3d89909de74a922e16c976d  
mes5/i586/perl-NetSNMP-5.4.2-2.5mdvmes5.2.i586.rpm 
 067bfc9a3e083c3b06ced9fe5ea6b8e8  
mes5/SRPMS/net-snmp-5.4.2-2.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 eb0e4a047c3d9fcc399ebb279515e699  
mes5/x86_64/lib64net-snmp15-5.4.2-2.5mdvmes5.2.x86_64.rpm
 2d483c039f7a51c85d2e789bcc4f6832  
mes5/x86_64/lib64net-snmp-devel-5.4.2-2.5mdvmes5.2.x86_64.rpm
 9cff8141ae025334e28a72e9094e8980  
mes5/x86_64/lib64net-snmp-static-devel-5.4.2-2.5mdvmes5.2.x86_64.rpm
 cd482d038450bdfab7b511bd65d19c95  
mes5/x86_64/net-snmp-5.4.2-2.5mdvmes5.2.x86_64.rpm
 1c9e0e0668e96d7ca9e0a133ca456c7b  
mes5/x86_64/net-snmp-mibs-5.4.2-2.5mdvmes5.2.x86_64.rpm
 cf649ea642fca416e4e50456f61b490a  
mes5/x86_64/net-snmp-tkmib-5.4.2-2.5mdvmes5.2.x86_64.rpm
 70151a375aeeaf10d2778f51fc290ef8  
mes5/x86_64/net-snmp-trapd-5.4.2-2.5mdvmes5.2.x86_64.rpm
 7d2e59a5f0461390e9de7368d7265d54  
mes5/x86_64/net-snmp-utils-5.4.2-2.5mdvmes5.2.x86_64.rpm
 3328ba8f787babb05ac149e98e61019c  
mes5/x86_64/perl-NetSNMP-5.4.2-2.5mdvmes5.2.x86_64.rpm 
 067bfc9a3e083c3b06ced9fe5ea6b8e8  
mes5/SRPMS/net-snmp-5.4.2-2.5mdvmes5.2.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  security*mandriva.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS37jxmqjQ0CJFipgRAtTgAKCWH6t7+r9QQ55WKzsbyXC9STBPYgCfQcP/
hC6cy1Cr8coc6Y6wcFremeM=
=023e
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2014:019 ] elinks