Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Denial of Service in Zarafa
Aktuelle Meldungen Distributionen
Name: Denial of Service in Zarafa
ID: MDVSA-2015:040
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Di, 10. Februar 2015, 16:47
Referenzen: http://advisories.mageia.org/MGASA-2015-0049.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9465

Originalnachricht

This is a multi-part message in MIME format...

------------=_1423580627-28859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:040
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : zarafa
Date : February 10, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated zarafa packages fix security vulnerability:

Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and
Zarafa WebApp that could allow a remote unauthenticated attacker to
exhaust the disk space of /tmp (CVE-2014-9465).

This update also adds some patches from Robert Scheck which correct
some packaging issues with zarafa-webaccess.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9465
http://advisories.mageia.org/MGASA-2015-0049.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
d02d0aa971a2c9beb08ba13cb301f2fa
mbs1/x86_64/lib64zarafa0-7.1.8-1.2.mbs1.x86_64.rpm
7c145a1654a5a3e5750446f5bde487ce
mbs1/x86_64/lib64zarafa-devel-7.1.8-1.2.mbs1.x86_64.rpm
10c3a04e8fb13007acac27aae499cc18
mbs1/x86_64/php-mapi-7.1.8-1.2.mbs1.x86_64.rpm
d4da6ee2d2f06358f9b67e53c27524cf
mbs1/x86_64/python-MAPI-7.1.8-1.2.mbs1.x86_64.rpm
b06a463514ee33bf4d37e1e7479ca748 mbs1/x86_64/zarafa-7.1.8-1.2.mbs1.x86_64.rpm
4b0a8bf9a24c613cefcf7fd5610752ff
mbs1/x86_64/zarafa-archiver-7.1.8-1.2.mbs1.x86_64.rpm
dea3b4b66caca2166561fa050f5fb244
mbs1/x86_64/zarafa-caldav-7.1.8-1.2.mbs1.x86_64.rpm
de149a1fd48201d03ff2f3e0015a83d0
mbs1/x86_64/zarafa-client-7.1.8-1.2.mbs1.x86_64.rpm
0ac2f836530e46e1919dbb90f0701c9e
mbs1/x86_64/zarafa-common-7.1.8-1.2.mbs1.x86_64.rpm
8d6951d361fccd3c56cac0acbcbe4c8b
mbs1/x86_64/zarafa-dagent-7.1.8-1.2.mbs1.x86_64.rpm
96676de89197b21e00f1c3ae1fe7f4c9
mbs1/x86_64/zarafa-gateway-7.1.8-1.2.mbs1.x86_64.rpm
f7e0752b64296f57ff1a7cf25ba527f9
mbs1/x86_64/zarafa-ical-7.1.8-1.2.mbs1.x86_64.rpm
ff69a904aba0aa7690fd645fea4209ff
mbs1/x86_64/zarafa-indexer-7.1.8-1.2.mbs1.x86_64.rpm
466da62fd624f682da8e2bd6d4c38f39
mbs1/x86_64/zarafa-monitor-7.1.8-1.2.mbs1.x86_64.rpm
1c9ea1fa3ba9943ea75faf26f9bd1f3b
mbs1/x86_64/zarafa-server-7.1.8-1.2.mbs1.x86_64.rpm
16334cfe056a1f1efa622c3e6be41d5e
mbs1/x86_64/zarafa-spooler-7.1.8-1.2.mbs1.x86_64.rpm
027e4549c0405734692872df31ee0f4a
mbs1/x86_64/zarafa-utils-7.1.8-1.2.mbs1.x86_64.rpm
9c4a6ca376d462077c6d21d3f3543eff
mbs1/x86_64/zarafa-webaccess-7.1.8-1.2.mbs1.noarch.rpm
3362a5851bb152d92e85a5f985dd2103 mbs1/SRPMS/zarafa-7.1.8-1.2.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU2g92mqjQ0CJFipgRAoQFAJ9oJTTa4Cv8NG4Yvfd2Wgs9qtBCxQCfdTmn
cjn/5HlYotdAIrZtRhLqDcQ=
=5Uns
-----END PGP SIGNATURE-----


------------=_1423580627-28859-1
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1423580627-28859-1--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung