Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Erlang
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Erlang
ID: MDVSA-2015:174
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: Mo, 30. März 2015, 11:41
Referenzen: http://advisories.mageia.org/MGASA-2014-0553.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693

Originalnachricht

This is a multi-part message in MIME format...

------------=_1427705488-30609-7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:174
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : erlang
Date : March 30, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated erlang packages fixes security vulnerability:

An FTP command injection flaw was found in Erlang's FTP module.
Several
functions in the FTP module do not properly sanitize the input before
passing it into a control socket. A local attacker can use this flaw
to execute arbitrary FTP commands on a system that uses this module
(CVE-2014-1693).

This update also disables SSLv3 by default to mitigate the POODLE
issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693
http://advisories.mageia.org/MGASA-2014-0553.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
c3782d8e70c2560d22368c5cf191c2de
mbs2/x86_64/erlang-appmon-R16B02-3.1.mbs2.x86_64.rpm
aecdc45f5a81807249581c7244e37569
mbs2/x86_64/erlang-asn1-R16B02-3.1.mbs2.x86_64.rpm
477308c25e90cd9518e3b5518dd4f794
mbs2/x86_64/erlang-base-R16B02-3.1.mbs2.x86_64.rpm
5f3d6f1d15ba896c28487190328395b0
mbs2/x86_64/erlang-common_test-R16B02-3.1.mbs2.x86_64.rpm
6f28db799e6740f3a34ce1a1f7a2966f
mbs2/x86_64/erlang-compiler-R16B02-3.1.mbs2.x86_64.rpm
36e6b99c911c5416725e1d849329a438
mbs2/x86_64/erlang-cosEventDomain-R16B02-3.1.mbs2.x86_64.rpm
ba146d18f9759ce77027c3ff65025bc4
mbs2/x86_64/erlang-cosEvent-R16B02-3.1.mbs2.x86_64.rpm
c62b33ca7302a1e25da1b118844fd257
mbs2/x86_64/erlang-cosFileTransfer-R16B02-3.1.mbs2.x86_64.rpm
bb9160c5dfcccc5b506fce6bc6dce5b3
mbs2/x86_64/erlang-cosNotification-R16B02-3.1.mbs2.x86_64.rpm
e514be216077fae803723a972df68ddc
mbs2/x86_64/erlang-cosProperty-R16B02-3.1.mbs2.x86_64.rpm
999b7f423e8ad3a4ec9789c1b0228f44
mbs2/x86_64/erlang-cosTime-R16B02-3.1.mbs2.x86_64.rpm
31459904189e725bc21e894b0479ce0a
mbs2/x86_64/erlang-cosTransactions-R16B02-3.1.mbs2.x86_64.rpm
b5c015e8d8b30ae7809e08c3551985d8
mbs2/x86_64/erlang-crypto-R16B02-3.1.mbs2.x86_64.rpm
c807878d781f028af448cc2b7bcb988b
mbs2/x86_64/erlang-debugger-R16B02-3.1.mbs2.x86_64.rpm
a97e3c12ae0325d78bf6001ce23428a3
mbs2/x86_64/erlang-devel-R16B02-3.1.mbs2.x86_64.rpm
21362da5ce27a71bcc9d4aa4465cabc5
mbs2/x86_64/erlang-dialyzer-R16B02-3.1.mbs2.x86_64.rpm
2adab55b7e7389bc5400ef4fef7c027a
mbs2/x86_64/erlang-diameter-R16B02-3.1.mbs2.x86_64.rpm
e4b575315ec1423361711503fd160145
mbs2/x86_64/erlang-docbuilder-R16B02-3.1.mbs2.x86_64.rpm
7d556a1077b9ab6ceec582831be37905
mbs2/x86_64/erlang-edoc-R16B02-3.1.mbs2.x86_64.rpm
4be0a333cef6fb9956fceaf89d715468
mbs2/x86_64/erlang-eldap-R16B02-3.1.mbs2.x86_64.rpm
53c53de3b5efc19e193d7c56001a8a07
mbs2/x86_64/erlang-emacs-R16B02-3.1.mbs2.x86_64.rpm
7eac22f0cc244076781ca2803c662768
mbs2/x86_64/erlang-erl_docgen-R16B02-3.1.mbs2.x86_64.rpm
80249961f16f82dbc66f7de771e98735
mbs2/x86_64/erlang-erl_interface-R16B02-3.1.mbs2.x86_64.rpm
fbf5c957d14e3c09a43eafd03cb19ab2
mbs2/x86_64/erlang-et-R16B02-3.1.mbs2.x86_64.rpm
73cfce1e58cdb676a470ee16d84b52a2
mbs2/x86_64/erlang-eunit-R16B02-3.1.mbs2.x86_64.rpm
76553169fa04132330658a8b6dfc21af
mbs2/x86_64/erlang-gs-R16B02-3.1.mbs2.x86_64.rpm
ef9e5fe8657eea48de2d5b7c1a230587
mbs2/x86_64/erlang-hipe-R16B02-3.1.mbs2.x86_64.rpm
1fbbab73409ab496bf65acfef0159b12
mbs2/x86_64/erlang-ic-R16B02-3.1.mbs2.x86_64.rpm
13029c97b65202f4246267568a08665d
mbs2/x86_64/erlang-inets-R16B02-3.1.mbs2.x86_64.rpm
82769f0678e9653e60f34b8e1204022c
mbs2/x86_64/erlang-jinterface-R16B02-3.1.mbs2.x86_64.rpm
164e49370da7c102a102e3d7938692fd
mbs2/x86_64/erlang-manpages-R16B02-3.1.mbs2.x86_64.rpm
ea23fe6568707738a77744047b1784af
mbs2/x86_64/erlang-megaco-R16B02-3.1.mbs2.x86_64.rpm
6ccadf1b58574ffe626ff7b11e96294e
mbs2/x86_64/erlang-mnesia-R16B02-3.1.mbs2.x86_64.rpm
ddfc6f940edc76a2c96776f632a0359b
mbs2/x86_64/erlang-observer-R16B02-3.1.mbs2.x86_64.rpm
236ccf95ce563e21883810dec7aec43f
mbs2/x86_64/erlang-odbc-R16B02-3.1.mbs2.x86_64.rpm
9ad313bfab1ba9c8efcbc0e65b179ddf
mbs2/x86_64/erlang-orber-R16B02-3.1.mbs2.x86_64.rpm
227fee7ff295d10ff377cd5e85bc260d
mbs2/x86_64/erlang-os_mon-R16B02-3.1.mbs2.x86_64.rpm
f9466de44e540cfc315d6d187c73933e
mbs2/x86_64/erlang-otp_mibs-R16B02-3.1.mbs2.x86_64.rpm
ea1ded7ffbf11aebeefa69d5ed4e46ed
mbs2/x86_64/erlang-parsetools-R16B02-3.1.mbs2.x86_64.rpm
79401ec3c2a53510b5c18fa5ec9c48cd
mbs2/x86_64/erlang-percept-R16B02-3.1.mbs2.x86_64.rpm
71bc4854a1521759767da77f6dbafd95
mbs2/x86_64/erlang-pman-R16B02-3.1.mbs2.x86_64.rpm
a029b242eedb3b776c2a0a514c276ba8
mbs2/x86_64/erlang-public_key-R16B02-3.1.mbs2.x86_64.rpm
abb2e8ca95dc45ce97e73f24db27456a
mbs2/x86_64/erlang-reltool-R16B02-3.1.mbs2.x86_64.rpm
3a4517790ca1f36a78efaf2c64d11de1
mbs2/x86_64/erlang-runtime_tools-R16B02-3.1.mbs2.x86_64.rpm
166a784fcc6045fbb9efbef6290641d7
mbs2/x86_64/erlang-snmp-R16B02-3.1.mbs2.x86_64.rpm
827213abaec61dcde9e8f779e7a8d331
mbs2/x86_64/erlang-ssh-R16B02-3.1.mbs2.x86_64.rpm
093a3ccdd934156cb434c0b795d8d982
mbs2/x86_64/erlang-ssl-R16B02-3.1.mbs2.x86_64.rpm
72e9c7fb38a3116b1a00d2c4fccbf88e
mbs2/x86_64/erlang-stack-R16B02-3.1.mbs2.x86_64.rpm
8b77c2ca0438ec1c1adbc99280291f8c
mbs2/x86_64/erlang-syntax_tools-R16B02-3.1.mbs2.x86_64.rpm
03bae9355926cd7ecc29476eabac629e
mbs2/x86_64/erlang-test_server-R16B02-3.1.mbs2.x86_64.rpm
1f23126813a9f02705174b9f243ac8be
mbs2/x86_64/erlang-toolbar-R16B02-3.1.mbs2.x86_64.rpm
df9f88f56c816780d093c5d8426779ce
mbs2/x86_64/erlang-tools-R16B02-3.1.mbs2.x86_64.rpm
b65670938b9d8c22226e7189349eb5c4
mbs2/x86_64/erlang-tv-R16B02-3.1.mbs2.x86_64.rpm
d5bc3f1de4e19b43f26f35a05b133f23
mbs2/x86_64/erlang-typer-R16B02-3.1.mbs2.x86_64.rpm
1d9ca7574b5fea1a3730c5db14357387
mbs2/x86_64/erlang-webtool-R16B02-3.1.mbs2.x86_64.rpm
95f2dba7a7a8ec8150eae75f2a4a1a1d
mbs2/x86_64/erlang-wx-R16B02-3.1.mbs2.x86_64.rpm
2ea9cb729265b4eb387367b154d1d5aa
mbs2/x86_64/erlang-xmerl-R16B02-3.1.mbs2.x86_64.rpm
5426c5858d7b207f8cdcd5ad4beb3ed3 mbs2/SRPMS/erlang-R16B02-3.1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVGQBGmqjQ0CJFipgRAlMOAJ4+XKgZ2ajTf/2V3nFSk3g0aRxWbgCbBX3D
V03y7WmjZTY0C9ZyD13tQfg=
=GBGW
-----END PGP SIGNATURE-----


------------=_1427705488-30609-7
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427705488-30609-7--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung