Mandriva Linux Security Advisory 2015-132 - Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when pasting text.
7caba1a1569f27dfa32052197fe65c95f9b0725e42dbede12ab796a0b7717007
Mandriva Linux Security Advisory 2015-130 - Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
20a277fb8c92c74a610c9de21b3046e5452a361ef4c9abd90afd6a2b60b739e2
Mandriva Linux Security Advisory 2015-129 - Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Due to an incomplete fix for 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.
81e3a6da88aa29facafd616dc8b716c1aff7f0e2b4c29f1fd07c25ee27dde04b
Mandriva Linux Security Advisory 2015-128 - Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery.
cb9739113128522a737faf859a00100344d4478aa8f5695a3ca0946630baede8
Mandriva Linux Security Advisory 2015-127 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
c2afdf6df232dfa0f1e7f2d6a4b68eb64ea16f42e60c5be7a833ec29608114c8
Mandriva Linux Security Advisory 2015-126 - Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library's TZ parser or open files the user would not otherwise have access to. Arbitrary file access via TZ could also be used in a denial of service attack by reading from a file or fifo that will block. The sudo package has been updated to version 1.8.12, fixing this issue and several other bugs.
8a0130eeeff7921e595c61a9a46685d549a4e0891e7f1dcf5025327e5898c01b
Mandriva Linux Security Advisory 2015-125 - The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set. The application decoder for the Ad hoc On-Demand Distance Vector protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults. It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code. .
cccdf6a08416c7e233f85d97827ddb003d99b7d183693360b958ba81f6accaa2
Mandriva Linux Security Advisory 2015-124 - Chad Vizino reported that within a TORQUE Resource Manager job a non-root user could use a vulnerability in the tm_adopt() library call to kill processes he/she doesn't own including root-owned ones on any node in a job. This update implements the upstream fixes.
0b6cf337451bd08a3491d44990a5a552c523304d3702af295a7b53c842bd5444
Mandriva Linux Security Advisory 2015-122 - Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and other bugs.
c7da1e9be1c32cf25afd74ccbcad2cf938f8531d4970615f5b0a048c46d0b8e2
Mandriva Linux Security Advisory 2015-120 - A vulnerability was found in the mechanism wpa_cli and hostapd_cli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpa_cli/hostapd_cli process (which may be root in common use cases. Using the Mandriva wpa_supplicant package, systems are exposed to the vulnerability if operating as a WPS registrar.
ce79535d525247ae701a512f6701feaf970e965a4ae177cdd17bfbae1cfeae0b
Mandriva Linux Security Advisory 2015-123 - Updated unzip package fix multiple security vulnerabilities.
29ba50a03d278e126684809bd7aa9750c907fee11e1960b53dcaa74fc369fe53
Mandriva Linux Security Advisory 2015-121 - Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. The default settings in wget have been changed such that wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the wget command.
59bdc8205dc2a955b3e45bdfe18e3e28e22b1aa03648e070bbd52cf091cea9be
Mandriva Linux Security Advisory 2015-118 - xlockmore before 5.45 contains a security flaw related to a bad value of fnt for pyro2 which could cause an X error. This update backports the fix for version 5.43.
e85f5b9978d1d48083d112d1981054504721b85104a09e7979c2770518094988
Mandriva Linux Security Advisory 2015-119 - Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service. Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash.
9a99ccedd34c67a048ace0a5867356eb6858bcbd1dc024890093acb3993ef4e1
Mandriva Linux Security Advisory 2015-117 - Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs.
e043d01b911de8a521c0058b5ae096fcc95d7709a23796108284394e82aef97a
Mandriva Linux Security Advisory 2015-116 - Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash. It was discovered that libtasn1 library function asn1_get_bit_der() could incorrectly report negative bit length of the value read from ASN.1 input. This could possibly lead to an out of bounds access in an application using libtasn1, for example in case if application tried to terminate read value with NUL byte. A NULL pointer dereference flaw was found in libtasn1's asn1_read_value_type() / asn1_read_value() function. If an application called the function with a NULL value for an ivalue argument to determine the amount of memory needed to store data to be read from the ASN.1 input, libtasn1 could incorrectly attempt to dereference the NULL pointer, causing an application using the library to crash.
c4e199c0ab79d1649e49098959c6c8f3c0dcefdc5a01643028b98300c6a849fb
Mandriva Linux Security Advisory 2015-115 - The LXC driver in libvirt 1.0.1 through 1.2.1 allows local users to delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc//root and the virInitctlSetRunLevel function. Various other issues have also been addressed.
6ae8444cee405a1fa17b4071c1f7b85b191e5b4db7e6d53ab6a0a1a1d4adf05d
Mandriva Linux Security Advisory 2015-114 - Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifscreds.c.
f1e6762ecc0694c92ec16406ad07849adad4c3f5d3a5f58d36f81013a08b2cf9
Mandriva Linux Security Advisory 2015-112 - Updated python-lxml packages fix a security vulnerability. The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters. A remote attacker could use this flaw to serve malicious content to an application using the clean_html() function to process HTML, possibly allowing the attacker to inject malicious code into a website generated by this application.
9782c7173bedc95f4c5df27002270a1202ff8a53b872b31ce533d108fb837b01
Mandriva Linux Security Advisory 2015-113 - Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging around for a long time.
02bb0de3a8646cbeff42c1216386daf1423a1ee06013225762cc7befed905053
Mandriva Linux Security Advisory 2015-110 - Updated postgresql packages fix multiple security vulnerabilities.
cd647c5ff4321218c25352d015eb51dfa7a69e9781099b68aae8665b6a5a10de
Mandriva Linux Security Advisory 2015-111 - It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.
6c45babaeca1ec041e913e0a86d595448e15db3a18b9abd9cc95bfd525ba2526
Mandriva Linux Security Advisory 2015-105 - A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick. A buffer overflow flaw was found in the way ImageMagick writes PSD images when the input data has a large number of unlabeled layers. ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code.
9d4477f8ef6747ae1cfb8e5a1b1423691dd7cc8643385f46f1b29bdd1eed3a8c
Mandriva Linux Security Advisory 2015-109 - Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Keryn Knight discovered that Django incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. Note that this issue only affected python-django. Cross-site scripting vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a \@property.
73ed54e1b87bdc65f660a901fe9524ca68b38f6616915656e7bcdd6f60701f1c
Mandriva Linux Security Advisory 2015-108 - Cross-site scripting vulnerability in scheduler/client.c in Common Unix Printing System before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.
029c517fb2aafd25bf90e98f07319e0f00c7a6d282bf8e64661bb76a2f70f6a8