LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2014:044: zarafa Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users (CVE-2014-0037, CVE-2014-0079). [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:044
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : zarafa
 Date    : February 19, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Robert Scheck discovered multiple vulnerabilities in Zarafa that could
 allow a remote unauthenticated attacker to crash the zarafa-server
 daemon, preventing access to any other legitimate Zarafa users
 (CVE-2014-0037, CVE-2014-0079).
 
 The updated packages have been upgraded to the 7.1.8 version which
 is not vulnerable to these issues.
 
 Additionally kyotocabinet 1.2.76 packages is also being provided due
 to new dependencies.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0037
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0079
 https://bugzilla.redhat.com/show_bug.cgi?id=1056767
 https://bugzilla.redhat.com/show_bug.cgi?id=1059903
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 d16e0d8878edda24781c7aa95aa9d9d0  mbs1/x86_64/kyotocabinet-1.2.76-1.mbs1.x86_64.rpm
 6fd70948ad85912830fd1b2fe603b5fe  mbs1/x86_64/kyotocabinet-api-doc-1.2.76-1.mbs1.noarch.rpm
 a62410307fbba4857685fcdf5c7b7c80  mbs1/x86_64/lib64kyotocabinet16-1.2.76-1.mbs1.x86_64.rpm
 81b53cf87d92f99e63bee13c0a3341de  mbs1/x86_64/lib64kyotocabinet-devel-1.2.76-1.mbs1.x86_64.rpm
 50bab0eed141d22e945860eba1677604  mbs1/x86_64/lib64zarafa0-7.1.8-1.mbs1.x86_64.rpm
 285e1fab4f7fbb90b47afffa4e48843a  mbs1/x86_64/lib64zarafa-devel-7.1.8-1.mbs1.x86_64.rpm
 bd1609b8c463232cdc561d30c2576cea  mbs1/x86_64/php-mapi-7.1.8-1.mbs1.x86_64.rpm
 85a7deaad1f5d40af9b7f45c90d169c2  mbs1/x86_64/python-MAPI-7.1.8-1.mbs1.x86_64.rpm
 f27e206845698b040c1d0ebe07139b52  mbs1/x86_64/zarafa-7.1.8-1.mbs1.x86_64.rpm
 6707f723548326f14f184e6abc9b5b8f  mbs1/x86_64/zarafa-archiver-7.1.8-1.mbs1.x86_64.rpm
 49159ba3392ea940b856187444fa1f10  mbs1/x86_64/zarafa-caldav-7.1.8-1.mbs1.x86_64.rpm
 adee30eedd5c028c7b3b0b7d3fcce79f  mbs1/x86_64/zarafa-client-7.1.8-1.mbs1.x86_64.rpm
 a624c1b0b07ffc86b1fc4588032be771  mbs1/x86_64/zarafa-common-7.1.8-1.mbs1.x86_64.rpm
 f02d202a9ee027cf39549bbe94567598  mbs1/x86_64/zarafa-dagent-7.1.8-1.mbs1.x86_64.rpm
 06a01cb9c185881f143e07e76450573f  mbs1/x86_64/zarafa-gateway-7.1.8-1.mbs1.x86_64.rpm
 f58ca4cbf70505795034ea685d1504b9  mbs1/x86_64/zarafa-ical-7.1.8-1.mbs1.x86_64.rpm
 bca69f6009cfa4c753ae86e73809be30  mbs1/x86_64/zarafa-indexer-7.1.8-1.mbs1.x86_64.rpm
 c6f02794ecf4e45cc8b15a489b1f549b  mbs1/x86_64/zarafa-monitor-7.1.8-1.mbs1.x86_64.rpm
 7bfd2eabb0ff6ecb2426483212a08e8e  mbs1/x86_64/zarafa-server-7.1.8-1.mbs1.x86_64.rpm
 52cab9632d64fb0aa84492a676f3e03f  mbs1/x86_64/zarafa-spooler-7.1.8-1.mbs1.x86_64.rpm
 bc60f4f3b7a27f7c6e5c1450fb3eaab8  mbs1/x86_64/zarafa-utils-7.1.8-1.mbs1.x86_64.rpm
 afaaf4b84e1afc898928737a6a9d2dea  mbs1/x86_64/zarafa-webaccess-7.1.8-1.mbs1.noarch.rpm 
 53efe802a9b0794bafa5865ba5e712b2  mbs1/SRPMS/kyotocabinet-1.2.76-1.mbs1.src.rpm
 fdc86a3de819acc0d641f89245b1c4a0  mbs1/SRPMS/zarafa-7.1.8-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
State-of-the-art spear phishing and defenses
Linux kernel source code repositories get better security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.