lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 19 Feb 2014 20:33:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:044 ] zarafa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:044
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : zarafa
 Date    : February 19, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Robert Scheck discovered multiple vulnerabilities in Zarafa that could
 allow a remote unauthenticated attacker to crash the zarafa-server
 daemon, preventing access to any other legitimate Zarafa users
 (CVE-2014-0037, CVE-2014-0079).
 
 The updated packages have been upgraded to the 7.1.8 version which
 is not vulnerable to these issues.
 
 Additionally kyotocabinet 1.2.76 packages is also being provided due
 to new dependencies.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0037
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0079
 https://bugzilla.redhat.com/show_bug.cgi?id=1056767
 https://bugzilla.redhat.com/show_bug.cgi?id=1059903
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 d16e0d8878edda24781c7aa95aa9d9d0  mbs1/x86_64/kyotocabinet-1.2.76-1.mbs1.x86_64.rpm
 6fd70948ad85912830fd1b2fe603b5fe  mbs1/x86_64/kyotocabinet-api-doc-1.2.76-1.mbs1.noarch.rpm
 a62410307fbba4857685fcdf5c7b7c80  mbs1/x86_64/lib64kyotocabinet16-1.2.76-1.mbs1.x86_64.rpm
 81b53cf87d92f99e63bee13c0a3341de  mbs1/x86_64/lib64kyotocabinet-devel-1.2.76-1.mbs1.x86_64.rpm
 50bab0eed141d22e945860eba1677604  mbs1/x86_64/lib64zarafa0-7.1.8-1.mbs1.x86_64.rpm
 285e1fab4f7fbb90b47afffa4e48843a  mbs1/x86_64/lib64zarafa-devel-7.1.8-1.mbs1.x86_64.rpm
 bd1609b8c463232cdc561d30c2576cea  mbs1/x86_64/php-mapi-7.1.8-1.mbs1.x86_64.rpm
 85a7deaad1f5d40af9b7f45c90d169c2  mbs1/x86_64/python-MAPI-7.1.8-1.mbs1.x86_64.rpm
 f27e206845698b040c1d0ebe07139b52  mbs1/x86_64/zarafa-7.1.8-1.mbs1.x86_64.rpm
 6707f723548326f14f184e6abc9b5b8f  mbs1/x86_64/zarafa-archiver-7.1.8-1.mbs1.x86_64.rpm
 49159ba3392ea940b856187444fa1f10  mbs1/x86_64/zarafa-caldav-7.1.8-1.mbs1.x86_64.rpm
 adee30eedd5c028c7b3b0b7d3fcce79f  mbs1/x86_64/zarafa-client-7.1.8-1.mbs1.x86_64.rpm
 a624c1b0b07ffc86b1fc4588032be771  mbs1/x86_64/zarafa-common-7.1.8-1.mbs1.x86_64.rpm
 f02d202a9ee027cf39549bbe94567598  mbs1/x86_64/zarafa-dagent-7.1.8-1.mbs1.x86_64.rpm
 06a01cb9c185881f143e07e76450573f  mbs1/x86_64/zarafa-gateway-7.1.8-1.mbs1.x86_64.rpm
 f58ca4cbf70505795034ea685d1504b9  mbs1/x86_64/zarafa-ical-7.1.8-1.mbs1.x86_64.rpm
 bca69f6009cfa4c753ae86e73809be30  mbs1/x86_64/zarafa-indexer-7.1.8-1.mbs1.x86_64.rpm
 c6f02794ecf4e45cc8b15a489b1f549b  mbs1/x86_64/zarafa-monitor-7.1.8-1.mbs1.x86_64.rpm
 7bfd2eabb0ff6ecb2426483212a08e8e  mbs1/x86_64/zarafa-server-7.1.8-1.mbs1.x86_64.rpm
 52cab9632d64fb0aa84492a676f3e03f  mbs1/x86_64/zarafa-spooler-7.1.8-1.mbs1.x86_64.rpm
 bc60f4f3b7a27f7c6e5c1450fb3eaab8  mbs1/x86_64/zarafa-utils-7.1.8-1.mbs1.x86_64.rpm
 afaaf4b84e1afc898928737a6a9d2dea  mbs1/x86_64/zarafa-webaccess-7.1.8-1.mbs1.noarch.rpm 
 53efe802a9b0794bafa5865ba5e712b2  mbs1/SRPMS/kyotocabinet-1.2.76-1.mbs1.src.rpm
 fdc86a3de819acc0d641f89245b1c4a0  mbs1/SRPMS/zarafa-7.1.8-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTBNy1mqjQ0CJFipgRAhTPAKClNqERpDbJh+nVjQsoU6AzXz+4dACg1s4K
7F9j3wsH0H+FRSDUG7q8KgA=
=b7J0
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ