Mandriva Linux Security Advisory 2013-111 - The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service via a packet with a next extension offset that references this extension or a previous extension.
fcbabe96eeab4c7c9449e22d35c65a6ac17924660b2b13c780e049043a1f8b11
Mandriva Linux Security Advisory 2013-110 - An out-of heap-based buffer bounds read and write flaw, leading to invalid free, was found in the way a tile coder / decoder implementation of OpenJPEG, an open-source JPEG 2000 codec written in C language, performed releasing of previously allocated memory for the TCD encoder handle by processing certain Gray16 TIFF images. A remote attacker could provide a specially-crafted TIFF image file, which once converted into the JPEG 2000 file format with an application linked against OpenJPEG , would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code.
acfabe7c379941314b4673a60453eb592f04a2d4f5f922a4e9d7825824cda873
Red Hat Security Advisory 2013-0730-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-11, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.280.
229b15475a600125cbe66efb21547e288d529a79114d570b06e0232add123fc1
Mandriva Linux Security Advisory 2013-109 - Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to overwrite arbitrary files with root privileges.
843a0c460c98612d0a9be9300e913331425f528ed1566317b92f200025f50fa4
Mandriva Linux Security Advisory 2013-108 - A stack-based buffer overflow flaw was found in the way OpenConnect, a client for Cisco's AnyConnect VPN, performed processing of certain host names, paths, or cookie lists, received from the VPN gateway. A remote VPN gateway could provide a specially-crafted host name, path or cookie list that, when processed by the openconnect client would lead to openconnect executable crash.
9552dd0780c84612ccc954c0db88d9d11d37db1a7c9002fd05605b378e3e97e2
Mandriva Linux Security Advisory 2013-107 - OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via unspecified vectors.
c48f9443738c2be02c39df6ae0fd86612d2e1567ff4597d4e740d308bcec72b0
Mandriva Linux Security Advisory 2013-106 - Updated nss-pam-ldapd packages fixes the following security Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code. The issue can be triggered in a network daemon by opening a large number of connections and forcing a name lookup. This would result in a crash and possibly remote code execution. This issue may also allow local privilege escalation if a suid program does name lookups and doesn't close file descriptors inherited from the parent process.
21cfbe87c25c15f909e0a89e34d4588f1a69067a0cec0040efeda64c62e628fb
Mandriva Linux Security Advisory 2013-105 - The qmailscan plugin for Munin before 2.0 rc6 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
0b800547a1eb079ad1f35bab5387bf7b2ec05ebb4cabe056ef7aabe1863a7514
Mandriva Linux Security Advisory 2013-104 - Mosh versions 1.2 and earlier allow an application to cause the mosh-server to consume large amounts of CPU time with a short ANSI escape sequence. In addition, a malicious mosh-server can cause the mosh-client to consume large amounts of CPU time with a short ANSI escape sequence. This arises because there was no limit on the value of the repeat parameter in some ANSI escape sequences, so even large and nonsensical values would be interpreted by Mosh's terminal emulator.
2f68cc5cef304a5935cca85a49338d9bc6c2ce3a0d4f4f543ab631dce6083566
Mandriva Linux Security Advisory 2013-103 - The glsl shaders are vulnerable to a buffer overrun in parcel_out_uniform_storage::visit_field. When too many uniforms are used, the error will now be caught in check_resources. Additionally, Mesa has been updated to 8.0.4, fixing several bugs.
d7840a16ab0bb30fea72d263d8470871d8b98dc4c0ea527ccb5c73b134311ac9
Mandriva Linux Security Advisory 2013-102 - Updated mariadb packages includes fixes for the following security Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. Various other issues have also been addressed.
70e2790c57a07f5e4f2857ae15cc16b9161c3156270f84700985bcd1aebabe12
Mandriva Linux Security Advisory 2013-101 - Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
e4319262c0d3923346369f85a7845a0d828505c92a7d3c7a2d8918f108dc0ed2
Mandriva Linux Security Advisory 2013-100 - The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service via a request with a header containing an empty token, as demonstrated using the Connection: TE,,Keep-Alive header.
22be207a6d4296eb91de3d6af14859bdba5fa94fb7ecb8401dc6835e88c874da