Mandriva Linux Security Advisory 2013-033 - It was reported that cronie 1.4.8 would leak certain file descriptors. On systems where /etc/crontab is not world-readable this could be an information disclosure concern.
1a7884577d60880b106fa9d04cab7e1268d5c3e11f121e99b38f488d3197eca8
Mandriva Linux Security Advisory 2013-023 - Long line inputs could trigger a segfault in the sort, uniq and join utilities. The updated packages have been patched to correct these issues.
4729f4e2c14fb165029c44fc4d92aca5e29bcb55fe1284459286d4db03b691d2
Mandriva Linux Security Advisory 2013-032 - A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names and evaluating /dev/fd file names in conditional command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash. Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability. NOTE: This advisory was previously given the MDVSA-2013:019 identifier by mistake.
be4cc49cd24a196a81801507077493f6d5b6505240cbd1cdcad5ea0b1cf45094
Mandriva Linux Security Advisory 2013-032 - A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash. Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability. NOTE: This advisory was previousely given the MDVSA-2013:019 identifier by mistake.
be4cc49cd24a196a81801507077493f6d5b6505240cbd1cdcad5ea0b1cf45094
Mandriva Linux Security Advisory 2013-031 - A race condition in automake could allow a local attacker to run arbitrary code with the privileges of the user running make distcheck. The updated packages have been patched to correct this issue. NOTE: This advisory was previously given the MDVSA-2013:018 identifier by mistake.
e294d443c461ab3a4eaac2eb48442781bfd88f63dd38656ad8f01d4ca0aaa535
Mandriva Linux Security Advisory 2013-030 - arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. The updated packages have been patched to correct this issue. NOTE: This advisory was previously given the MDVSA-2013:017 identifier by mistake.
0505a196f55926f15d6cb566bcc0fa6443081e9103253277a4f228afe93a8f0c
Mandriva Linux Security Advisory 2013-029 - A vulnerability has been discovered and corrected in ModSecurity versions equal to and less than 2.6.8 are vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0. The updated packages have been patched to correct this issue. NOTE: This advisory was previously given the MDVSA-2013:016 identifier by mistake.
3a4c8cb2ec8cbb188a3b45c1fe8be3d087b363870ba1049dddb28977edd910bc
Mandriva Linux Security Advisory 2013-046 - libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code. ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
1bb3d5db21ce892eb1fd9a1e10d922e458909fc1193c482e784a2674aa1ccdfc
Mandriva Linux Security Advisory 2013-045 - Multiple double free flaws, buffer overflow flaws, invalid free flaws, and improper overflow checks in libssh before 0.5.3 could enable a denial of service attack against libssh clients, or possibly arbitrary code execution. Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service.
b001afcc00872bffb479840552f9f98c8e4a053611dc49aa61aa6b801599a2cb
Mandriva Linux Security Advisory 2013-044 - A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
73bad9261abfe9c231244ae6d4030c33576b1d84858b39517e63f472f6ad4f5c
Mandriva Linux Security Advisory 2013-043 - This update fixes insecure getenv() usage in libgssglue, which could be used under some circumstances by local attackers do gain root privileges.
1fcd91ea96726db4478cf13582052b7ca9ca576e1909135d44bd7e922de538a2
Mandriva Linux Security Advisory 2013-042 - Fixed a kadmind denial of service issue, which could only be triggered by an administrator with the create privilege. The MIT krb5 KDC daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability. It was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled. The updated packages have been patched to correct these issues.
65d7c91ab60b56895fd6c4431a74ebbaeb093af8cc2390162141b1a01ff503bc
Mandriva Linux Security Advisory 2013-041 - Directory traversal vulnerability in html2ps before 1.0b7 allows remote attackers to read arbitrary files via directory traversal sequences in SSI directives. The updated packages have been upgraded to the 1.0b7 version which is not affected by this issue.
1fa4814c07bc8bca667036258259a004c60f2ba2087fd1099e4fa1abe25f22e9
Mandriva Linux Security Advisory 2013-040 - Nadhem Alfardan and Kenny Paterson devised an attack that recovers some bits of the plaintext of a GnuTLS session that utilizes that CBC ciphersuites, by using timing information. The gnutls package has been updated to latest 3.0.28 version to fix above problem.
de6eef5b3dc190a2ada3f4d3a3d599cf4d5598e5c13cc92438cf547c6118f792
Mandriva Linux Security Advisory 2013-001 - Versions of GnuPG less than or equal to 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key. The updated packages have been patched to correct this issue.
12827540dfa9ee3a39050476e3908f52454cae83d58879b966623f58d86c6dde
Mandriva Linux Security Advisory 2013-039 - A null pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format fonts. A remote attacker could provide a specially-crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash. An out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash. An out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application.
d49ca19caa3552a985483bf312f8b9da7c61ef20cb6c78b0bcf036f2b62efd1f
Mandriva Linux Security Advisory 2013-038 - It was found that the unix module ignored the password expiration setting in /etc/shadow. If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied. Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long not after timestamp in a client certificate.
97a87842f4bb36244f5f2a4fc25aafa1b286a4047adb05026796f134d2d0bc56
Mandriva Linux Security Advisory 2013-037 - Fetchmail version 6.3.9 enabled all SSL workarounds which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application encrypt some data for him -- which is not easily the case. A denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort. A rogue NTML server could use this flaw to cause fetchmail executable crash. This advisory provides the latest version of fetchmail which is not vulnerable to these issues.
c76ad44c65411555e02143fd2c153856141766d5118f31e52fc5a2366e01c35c
Mandriva Linux Security Advisory 2013-036 - An integer overflow in the function jpeg_data_load_data in the exif program could cause a data read beyond the end of a buffer, causing an application crash or leakage of potentially sensitive information when parsing a crafted JPEG file. The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to this issue.
754944eef269681687b7e7fce622ad18c60808cb575b176e05056d26a1560f49
Mandriva Linux Security Advisory 2013-035 - A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. A buffer overflow in the exif_entry_format_value function in libexif/exif-entry.c in libexif 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags. A heap-based out-of-bounds array read in the exif_data_load_data function in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. A divide-by-zero error in the mnote_olympus_entry_get_value function while formatting EXIF maker note tags in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service via an image with crafted EXIF tags. An off-by-one error in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an image with crafted EXIF tags. An integer underflow in the exif_entry_get_value function can cause a heap overflow and potentially arbitrary code execution while formatting an EXIF tag, if the function is called with a buffer size parameter equal to zero or one. The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to these issues.
3f68c7396a81d27d6543d5491ee91a4d8f88db4750fe2299e55e40d6145ca3d8
Mandriva Linux Security Advisory 2013-034 - During the process of CUPS socket activation code refactoring in favour of systemd capability a security flaw was found in the way CUPS service honored Listen localhost:631 cupsd.conf configuration option. The setting was recognized properly for IPv4-enabled systems, but failed to be correctly applied for IPv6-enabled systems. As a result, a remote attacker could use this flaw to obtain access to the CUPS web-based administration interface.The fix for now is to not enable IP-based systemd socket activation by default. This update adds a patch to correct printing problems with some USB connected printers in cups 1.5.4. Further, this update should correct possible printing problems with the following printers since the update to cups 1.5.4. Canon, Inc. PIXMA iP4200 Canon, Inc. PIXMA iP4300 Canon, Inc. MP500 Canon, Inc. MP510 Canon, Inc. MP550 Canon, Inc. MP560 Brother Industries, Ltd, HL-1430 Laser Printer Brother Industries, Ltd, HL-1440 Laser Printer Oki Data Corp. Okipage 14ex Printer Oki Data Corp. B410d Xerox Phaser 3124 All Zebra devices Additionally, patches have been added to fix printing from newer apple devices and to correct an error in the \%post script which prevented the cups service from starting when freshly installed.
5d444b01d0f0716fdf13057572d0ea25d5e0bd149fc8ccb9ef4cd3709df478f2
F0xChas3r is a forensic tool for extracting and viewing internet artifacts from Mozilla Firefox. The internet artifacts include bookmark, auto-complete, download, cookie, DomStorage, history, extension and cache records. All the outputs will be saved into CSV file with UTC time.
4fa6d2540816014047006fa13458ba935ad5850ee82f723dfaee600cd085fe5a
Mandriva Linux Security Advisory 2013-027 - ClamAV 0.97.7 addresses several reported potential security bugs.
348c8ad640b7ec396e4a2856599150ac0de18a1b9881c6f81c8ef45a8db9205f
Red Hat Security Advisory 2013-0710-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in how Puppet handled certain HTTP PUT requests. An attacker with valid authentication credentials, and authorized to save to the authenticated client's own report, could construct a malicious request that could possibly cause the Puppet master to execute arbitrary code. A flaw was found in how Puppet handled the "template" and "inline_template" functions during catalog compilation. If an authenticated attacker were to requests its catalog from the Puppet master, it could possibly result in arbitrary code execution when the catalog is compiled.
287e00cc1e326aec1722ac557fce76b5e0388b5683cb3624788e846953353c44
Red Hat Security Advisory 2013-0708-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain access to resources they should no longer be able to access. A flaw was found in the way Keystone handled tenant names in token requests. A request containing an excessively long tenant name could cause Keystone to consume a large amount of CPU and memory. With this update, the maximum HTTP request size is limited to 112k. This can be changed via the "max_request_body_size" option in "/etc/keystone/keystone.conf".
d3684c547efc8d0c630d7a4cacf91ff67bf5c34699d87d171be83b7f0262b58e