[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2015:040 ] zarafa



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:040
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : zarafa
 Date    : February 10, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated zarafa packages fix security vulnerability:
 
 Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and
 Zarafa WebApp that could allow a remote unauthenticated attacker to
 exhaust the disk space of /tmp (CVE-2014-9465).
 
 This update also adds some patches from Robert Scheck which correct
 some packaging issues with zarafa-webaccess.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9465
 http://advisories.mageia.org/MGASA-2015-0049.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 d02d0aa971a2c9beb08ba13cb301f2fa  mbs1/x86_64/lib64zarafa0-7.1.8-1.2.mbs1.x86_64.rpm
 7c145a1654a5a3e5750446f5bde487ce  mbs1/x86_64/lib64zarafa-devel-7.1.8-1.2.mbs1.x86_64.rpm
 10c3a04e8fb13007acac27aae499cc18  mbs1/x86_64/php-mapi-7.1.8-1.2.mbs1.x86_64.rpm
 d4da6ee2d2f06358f9b67e53c27524cf  mbs1/x86_64/python-MAPI-7.1.8-1.2.mbs1.x86_64.rpm
 b06a463514ee33bf4d37e1e7479ca748  mbs1/x86_64/zarafa-7.1.8-1.2.mbs1.x86_64.rpm
 4b0a8bf9a24c613cefcf7fd5610752ff  mbs1/x86_64/zarafa-archiver-7.1.8-1.2.mbs1.x86_64.rpm
 dea3b4b66caca2166561fa050f5fb244  mbs1/x86_64/zarafa-caldav-7.1.8-1.2.mbs1.x86_64.rpm
 de149a1fd48201d03ff2f3e0015a83d0  mbs1/x86_64/zarafa-client-7.1.8-1.2.mbs1.x86_64.rpm
 0ac2f836530e46e1919dbb90f0701c9e  mbs1/x86_64/zarafa-common-7.1.8-1.2.mbs1.x86_64.rpm
 8d6951d361fccd3c56cac0acbcbe4c8b  mbs1/x86_64/zarafa-dagent-7.1.8-1.2.mbs1.x86_64.rpm
 96676de89197b21e00f1c3ae1fe7f4c9  mbs1/x86_64/zarafa-gateway-7.1.8-1.2.mbs1.x86_64.rpm
 f7e0752b64296f57ff1a7cf25ba527f9  mbs1/x86_64/zarafa-ical-7.1.8-1.2.mbs1.x86_64.rpm
 ff69a904aba0aa7690fd645fea4209ff  mbs1/x86_64/zarafa-indexer-7.1.8-1.2.mbs1.x86_64.rpm
 466da62fd624f682da8e2bd6d4c38f39  mbs1/x86_64/zarafa-monitor-7.1.8-1.2.mbs1.x86_64.rpm
 1c9ea1fa3ba9943ea75faf26f9bd1f3b  mbs1/x86_64/zarafa-server-7.1.8-1.2.mbs1.x86_64.rpm
 16334cfe056a1f1efa622c3e6be41d5e  mbs1/x86_64/zarafa-spooler-7.1.8-1.2.mbs1.x86_64.rpm
 027e4549c0405734692872df31ee0f4a  mbs1/x86_64/zarafa-utils-7.1.8-1.2.mbs1.x86_64.rpm
 9c4a6ca376d462077c6d21d3f3543eff  mbs1/x86_64/zarafa-webaccess-7.1.8-1.2.mbs1.noarch.rpm 
 3362a5851bb152d92e85a5f985dd2103  mbs1/SRPMS/zarafa-7.1.8-1.2.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU2g92mqjQ0CJFipgRAoQFAJ9oJTTa4Cv8NG4Yvfd2Wgs9qtBCxQCfdTmn
cjn/5HlYotdAIrZtRhLqDcQ=
=5Uns
-----END PGP SIGNATURE-----