Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in Erlang
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Erlang
ID: MDVSA-2015:174
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: Mo, 30. März 2015, 11:41
Referenzen: http://advisories.mageia.org/MGASA-2014-0553.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693
Applikationen: Erlang

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1427705488-30609-7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:174
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : erlang
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated erlang packages fixes security vulnerability:
 
 An FTP command injection flaw was found in Erlang's FTP module.
 Several
 functions in the FTP module do not properly sanitize the input before
 passing it into a control socket. A local attacker can use this flaw
 to execute arbitrary FTP commands on a system that uses this module
 (CVE-2014-1693).
 
 This update also disables SSLv3 by default to mitigate the POODLE
 issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693
 http://advisories.mageia.org/MGASA-2014-0553.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 c3782d8e70c2560d22368c5cf191c2de 
 mbs2/x86_64/erlang-appmon-R16B02-3.1.mbs2.x86_64.rpm
 aecdc45f5a81807249581c7244e37569 
 mbs2/x86_64/erlang-asn1-R16B02-3.1.mbs2.x86_64.rpm
 477308c25e90cd9518e3b5518dd4f794 
 mbs2/x86_64/erlang-base-R16B02-3.1.mbs2.x86_64.rpm
 5f3d6f1d15ba896c28487190328395b0 
 mbs2/x86_64/erlang-common_test-R16B02-3.1.mbs2.x86_64.rpm
 6f28db799e6740f3a34ce1a1f7a2966f 
 mbs2/x86_64/erlang-compiler-R16B02-3.1.mbs2.x86_64.rpm
 36e6b99c911c5416725e1d849329a438 
 mbs2/x86_64/erlang-cosEventDomain-R16B02-3.1.mbs2.x86_64.rpm
 ba146d18f9759ce77027c3ff65025bc4 
 mbs2/x86_64/erlang-cosEvent-R16B02-3.1.mbs2.x86_64.rpm
 c62b33ca7302a1e25da1b118844fd257 
 mbs2/x86_64/erlang-cosFileTransfer-R16B02-3.1.mbs2.x86_64.rpm
 bb9160c5dfcccc5b506fce6bc6dce5b3 
 mbs2/x86_64/erlang-cosNotification-R16B02-3.1.mbs2.x86_64.rpm
 e514be216077fae803723a972df68ddc 
 mbs2/x86_64/erlang-cosProperty-R16B02-3.1.mbs2.x86_64.rpm
 999b7f423e8ad3a4ec9789c1b0228f44 
 mbs2/x86_64/erlang-cosTime-R16B02-3.1.mbs2.x86_64.rpm
 31459904189e725bc21e894b0479ce0a 
 mbs2/x86_64/erlang-cosTransactions-R16B02-3.1.mbs2.x86_64.rpm
 b5c015e8d8b30ae7809e08c3551985d8 
 mbs2/x86_64/erlang-crypto-R16B02-3.1.mbs2.x86_64.rpm
 c807878d781f028af448cc2b7bcb988b 
 mbs2/x86_64/erlang-debugger-R16B02-3.1.mbs2.x86_64.rpm
 a97e3c12ae0325d78bf6001ce23428a3 
 mbs2/x86_64/erlang-devel-R16B02-3.1.mbs2.x86_64.rpm
 21362da5ce27a71bcc9d4aa4465cabc5 
 mbs2/x86_64/erlang-dialyzer-R16B02-3.1.mbs2.x86_64.rpm
 2adab55b7e7389bc5400ef4fef7c027a 
 mbs2/x86_64/erlang-diameter-R16B02-3.1.mbs2.x86_64.rpm
 e4b575315ec1423361711503fd160145 
 mbs2/x86_64/erlang-docbuilder-R16B02-3.1.mbs2.x86_64.rpm
 7d556a1077b9ab6ceec582831be37905 
 mbs2/x86_64/erlang-edoc-R16B02-3.1.mbs2.x86_64.rpm
 4be0a333cef6fb9956fceaf89d715468 
 mbs2/x86_64/erlang-eldap-R16B02-3.1.mbs2.x86_64.rpm
 53c53de3b5efc19e193d7c56001a8a07 
 mbs2/x86_64/erlang-emacs-R16B02-3.1.mbs2.x86_64.rpm
 7eac22f0cc244076781ca2803c662768 
 mbs2/x86_64/erlang-erl_docgen-R16B02-3.1.mbs2.x86_64.rpm
 80249961f16f82dbc66f7de771e98735 
 mbs2/x86_64/erlang-erl_interface-R16B02-3.1.mbs2.x86_64.rpm
 fbf5c957d14e3c09a43eafd03cb19ab2 
 mbs2/x86_64/erlang-et-R16B02-3.1.mbs2.x86_64.rpm
 73cfce1e58cdb676a470ee16d84b52a2 
 mbs2/x86_64/erlang-eunit-R16B02-3.1.mbs2.x86_64.rpm
 76553169fa04132330658a8b6dfc21af 
 mbs2/x86_64/erlang-gs-R16B02-3.1.mbs2.x86_64.rpm
 ef9e5fe8657eea48de2d5b7c1a230587 
 mbs2/x86_64/erlang-hipe-R16B02-3.1.mbs2.x86_64.rpm
 1fbbab73409ab496bf65acfef0159b12 
 mbs2/x86_64/erlang-ic-R16B02-3.1.mbs2.x86_64.rpm
 13029c97b65202f4246267568a08665d 
 mbs2/x86_64/erlang-inets-R16B02-3.1.mbs2.x86_64.rpm
 82769f0678e9653e60f34b8e1204022c 
 mbs2/x86_64/erlang-jinterface-R16B02-3.1.mbs2.x86_64.rpm
 164e49370da7c102a102e3d7938692fd 
 mbs2/x86_64/erlang-manpages-R16B02-3.1.mbs2.x86_64.rpm
 ea23fe6568707738a77744047b1784af 
 mbs2/x86_64/erlang-megaco-R16B02-3.1.mbs2.x86_64.rpm
 6ccadf1b58574ffe626ff7b11e96294e 
 mbs2/x86_64/erlang-mnesia-R16B02-3.1.mbs2.x86_64.rpm
 ddfc6f940edc76a2c96776f632a0359b 
 mbs2/x86_64/erlang-observer-R16B02-3.1.mbs2.x86_64.rpm
 236ccf95ce563e21883810dec7aec43f 
 mbs2/x86_64/erlang-odbc-R16B02-3.1.mbs2.x86_64.rpm
 9ad313bfab1ba9c8efcbc0e65b179ddf 
 mbs2/x86_64/erlang-orber-R16B02-3.1.mbs2.x86_64.rpm
 227fee7ff295d10ff377cd5e85bc260d 
 mbs2/x86_64/erlang-os_mon-R16B02-3.1.mbs2.x86_64.rpm
 f9466de44e540cfc315d6d187c73933e 
 mbs2/x86_64/erlang-otp_mibs-R16B02-3.1.mbs2.x86_64.rpm
 ea1ded7ffbf11aebeefa69d5ed4e46ed 
 mbs2/x86_64/erlang-parsetools-R16B02-3.1.mbs2.x86_64.rpm
 79401ec3c2a53510b5c18fa5ec9c48cd 
 mbs2/x86_64/erlang-percept-R16B02-3.1.mbs2.x86_64.rpm
 71bc4854a1521759767da77f6dbafd95 
 mbs2/x86_64/erlang-pman-R16B02-3.1.mbs2.x86_64.rpm
 a029b242eedb3b776c2a0a514c276ba8 
 mbs2/x86_64/erlang-public_key-R16B02-3.1.mbs2.x86_64.rpm
 abb2e8ca95dc45ce97e73f24db27456a 
 mbs2/x86_64/erlang-reltool-R16B02-3.1.mbs2.x86_64.rpm
 3a4517790ca1f36a78efaf2c64d11de1 
 mbs2/x86_64/erlang-runtime_tools-R16B02-3.1.mbs2.x86_64.rpm
 166a784fcc6045fbb9efbef6290641d7 
 mbs2/x86_64/erlang-snmp-R16B02-3.1.mbs2.x86_64.rpm
 827213abaec61dcde9e8f779e7a8d331 
 mbs2/x86_64/erlang-ssh-R16B02-3.1.mbs2.x86_64.rpm
 093a3ccdd934156cb434c0b795d8d982 
 mbs2/x86_64/erlang-ssl-R16B02-3.1.mbs2.x86_64.rpm
 72e9c7fb38a3116b1a00d2c4fccbf88e 
 mbs2/x86_64/erlang-stack-R16B02-3.1.mbs2.x86_64.rpm
 8b77c2ca0438ec1c1adbc99280291f8c 
 mbs2/x86_64/erlang-syntax_tools-R16B02-3.1.mbs2.x86_64.rpm
 03bae9355926cd7ecc29476eabac629e 
 mbs2/x86_64/erlang-test_server-R16B02-3.1.mbs2.x86_64.rpm
 1f23126813a9f02705174b9f243ac8be 
 mbs2/x86_64/erlang-toolbar-R16B02-3.1.mbs2.x86_64.rpm
 df9f88f56c816780d093c5d8426779ce 
 mbs2/x86_64/erlang-tools-R16B02-3.1.mbs2.x86_64.rpm
 b65670938b9d8c22226e7189349eb5c4 
 mbs2/x86_64/erlang-tv-R16B02-3.1.mbs2.x86_64.rpm
 d5bc3f1de4e19b43f26f35a05b133f23 
 mbs2/x86_64/erlang-typer-R16B02-3.1.mbs2.x86_64.rpm
 1d9ca7574b5fea1a3730c5db14357387 
 mbs2/x86_64/erlang-webtool-R16B02-3.1.mbs2.x86_64.rpm
 95f2dba7a7a8ec8150eae75f2a4a1a1d 
 mbs2/x86_64/erlang-wx-R16B02-3.1.mbs2.x86_64.rpm
 2ea9cb729265b4eb387367b154d1d5aa 
 mbs2/x86_64/erlang-xmerl-R16B02-3.1.mbs2.x86_64.rpm 
 5426c5858d7b207f8cdcd5ad4beb3ed3  mbs2/SRPMS/erlang-R16B02-3.1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVGQBGmqjQ0CJFipgRAlMOAJ4+XKgZ2ajTf/2V3nFSk3g0aRxWbgCbBX3D
V03y7WmjZTY0C9ZyD13tQfg=
=GBGW
-----END PGP SIGNATURE-----


------------=_1427705488-30609-7
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427705488-30609-7--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung