You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa zarafa

Sigurnosni nedostatak programskog paketa zarafa

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:040
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : zarafa
Date : February 10, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated zarafa packages fix security vulnerability:

Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and
Zarafa WebApp that could allow a remote unauthenticated attacker to
exhaust the disk space of /tmp (CVE-2014-9465).

This update also adds some patches from Robert Scheck which correct
some packaging issues with zarafa-webaccess.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9465
http://advisories.mageia.org/MGASA-2015-0049.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
d02d0aa971a2c9beb08ba13cb301f2fa mbs1/x86_64/lib64zarafa0-7.1.8-1.2.mbs1.x86_64.rpm
7c145a1654a5a3e5750446f5bde487ce mbs1/x86_64/lib64zarafa-devel-7.1.8-1.2.mbs1.x86_64.rpm
10c3a04e8fb13007acac27aae499cc18 mbs1/x86_64/php-mapi-7.1.8-1.2.mbs1.x86_64.rpm
d4da6ee2d2f06358f9b67e53c27524cf mbs1/x86_64/python-MAPI-7.1.8-1.2.mbs1.x86_64.rpm
b06a463514ee33bf4d37e1e7479ca748 mbs1/x86_64/zarafa-7.1.8-1.2.mbs1.x86_64.rpm
4b0a8bf9a24c613cefcf7fd5610752ff mbs1/x86_64/zarafa-archiver-7.1.8-1.2.mbs1.x86_64.rpm
dea3b4b66caca2166561fa050f5fb244 mbs1/x86_64/zarafa-caldav-7.1.8-1.2.mbs1.x86_64.rpm
de149a1fd48201d03ff2f3e0015a83d0 mbs1/x86_64/zarafa-client-7.1.8-1.2.mbs1.x86_64.rpm
0ac2f836530e46e1919dbb90f0701c9e mbs1/x86_64/zarafa-common-7.1.8-1.2.mbs1.x86_64.rpm
8d6951d361fccd3c56cac0acbcbe4c8b mbs1/x86_64/zarafa-dagent-7.1.8-1.2.mbs1.x86_64.rpm
96676de89197b21e00f1c3ae1fe7f4c9 mbs1/x86_64/zarafa-gateway-7.1.8-1.2.mbs1.x86_64.rpm
f7e0752b64296f57ff1a7cf25ba527f9 mbs1/x86_64/zarafa-ical-7.1.8-1.2.mbs1.x86_64.rpm
ff69a904aba0aa7690fd645fea4209ff mbs1/x86_64/zarafa-indexer-7.1.8-1.2.mbs1.x86_64.rpm
466da62fd624f682da8e2bd6d4c38f39 mbs1/x86_64/zarafa-monitor-7.1.8-1.2.mbs1.x86_64.rpm
1c9ea1fa3ba9943ea75faf26f9bd1f3b mbs1/x86_64/zarafa-server-7.1.8-1.2.mbs1.x86_64.rpm
16334cfe056a1f1efa622c3e6be41d5e mbs1/x86_64/zarafa-spooler-7.1.8-1.2.mbs1.x86_64.rpm
027e4549c0405734692872df31ee0f4a mbs1/x86_64/zarafa-utils-7.1.8-1.2.mbs1.x86_64.rpm
9c4a6ca376d462077c6d21d3f3543eff mbs1/x86_64/zarafa-webaccess-7.1.8-1.2.mbs1.noarch.rpm
3362a5851bb152d92e85a5f985dd2103 mbs1/SRPMS/zarafa-7.1.8-1.2.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU2g92mqjQ0CJFipgRAoQFAJ9oJTTa4Cv8NG4Yvfd2Wgs9qtBCxQCfdTmn
cjn/5HlYotdAIrZtRhLqDcQ=
=5Uns
—–END PGP SIGNATURE—–

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa cabextract

Otkriven je sigurnosni nedostatak u programskom paketu cabextract za operacijski sustav Mandriva. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanja...

Close