User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDVSA-2014:121 (libgadu)

From:  security@mandriva.com
To:  security-announce@lists.mandriva.com
Subject:  [Security Announce] [ MDVSA-2014:121 ] libgadu
Date:  Tue, 10 Jun 2014 19:32:00 +0200
Message-ID:  <E1WuPtw-0006t1-Kn@titan.mandriva.com>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:121 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libgadu Date : June 10, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-3775). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3775 http://advisories.mageia.org/MGASA-2014-0246.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 4dfdf7e47f33ffaa4054e184e069768b mbs1/x86_64/lib64gadu3-1.11.4-1.mbs1.x86_64.rpm cca9ba22c27c0b8f4f6b7dff5a2717d7 mbs1/x86_64/lib64gadu-devel-1.11.4-1.mbs1.x86_64.rpm 050c8f1d0d39b4071d3f3ac04a821fe8 mbs1/SRPMS/libgadu-1.11.4-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTlxb8mqjQ0CJFipgRAt4OAJ9jErd8aXMHYTBIOWC4CUkxpvflsgCgpw6M TsyLk4Mt7gd1Tq+bukw7LkI= =kzm8 -----END PGP SIGNATURE----- To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com _______________________________________________________


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds