BugTraq
[ MDVSA-2014:044 ] zarafa Feb 19 2014 07:33PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:044
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : zarafa
Date : February 19, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Robert Scheck discovered multiple vulnerabilities in Zarafa that could
allow a remote unauthenticated attacker to crash the zarafa-server
daemon, preventing access to any other legitimate Zarafa users
(CVE-2014-0037, CVE-2014-0079).

The updated packages have been upgraded to the 7.1.8 version which
is not vulnerable to these issues.

Additionally kyotocabinet 1.2.76 packages is also being provided due
to new dependencies.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0079
https://bugzilla.redhat.com/show_bug.cgi?id=1056767
https://bugzilla.redhat.com/show_bug.cgi?id=1059903
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
d16e0d8878edda24781c7aa95aa9d9d0 mbs1/x86_64/kyotocabinet-1.2.76-1.mbs1.x86_64.rpm
6fd70948ad85912830fd1b2fe603b5fe mbs1/x86_64/kyotocabinet-api-doc-1.2.76-1.mbs1.noarch.rpm
a62410307fbba4857685fcdf5c7b7c80 mbs1/x86_64/lib64kyotocabinet16-1.2.76-1.mbs1.x86_64.rpm
81b53cf87d92f99e63bee13c0a3341de mbs1/x86_64/lib64kyotocabinet-devel-1.2.76-1.mbs1.x86_64.rpm
50bab0eed141d22e945860eba1677604 mbs1/x86_64/lib64zarafa0-7.1.8-1.mbs1.x86_64.rpm
285e1fab4f7fbb90b47afffa4e48843a mbs1/x86_64/lib64zarafa-devel-7.1.8-1.mbs1.x86_64.rpm
bd1609b8c463232cdc561d30c2576cea mbs1/x86_64/php-mapi-7.1.8-1.mbs1.x86_64.rpm
85a7deaad1f5d40af9b7f45c90d169c2 mbs1/x86_64/python-MAPI-7.1.8-1.mbs1.x86_64.rpm
f27e206845698b040c1d0ebe07139b52 mbs1/x86_64/zarafa-7.1.8-1.mbs1.x86_64.rpm
6707f723548326f14f184e6abc9b5b8f mbs1/x86_64/zarafa-archiver-7.1.8-1.mbs1.x86_64.rpm
49159ba3392ea940b856187444fa1f10 mbs1/x86_64/zarafa-caldav-7.1.8-1.mbs1.x86_64.rpm
adee30eedd5c028c7b3b0b7d3fcce79f mbs1/x86_64/zarafa-client-7.1.8-1.mbs1.x86_64.rpm
a624c1b0b07ffc86b1fc4588032be771 mbs1/x86_64/zarafa-common-7.1.8-1.mbs1.x86_64.rpm
f02d202a9ee027cf39549bbe94567598 mbs1/x86_64/zarafa-dagent-7.1.8-1.mbs1.x86_64.rpm
06a01cb9c185881f143e07e76450573f mbs1/x86_64/zarafa-gateway-7.1.8-1.mbs1.x86_64.rpm
f58ca4cbf70505795034ea685d1504b9 mbs1/x86_64/zarafa-ical-7.1.8-1.mbs1.x86_64.rpm
bca69f6009cfa4c753ae86e73809be30 mbs1/x86_64/zarafa-indexer-7.1.8-1.mbs1.x86_64.rpm
c6f02794ecf4e45cc8b15a489b1f549b mbs1/x86_64/zarafa-monitor-7.1.8-1.mbs1.x86_64.rpm
7bfd2eabb0ff6ecb2426483212a08e8e mbs1/x86_64/zarafa-server-7.1.8-1.mbs1.x86_64.rpm
52cab9632d64fb0aa84492a676f3e03f mbs1/x86_64/zarafa-spooler-7.1.8-1.mbs1.x86_64.rpm
bc60f4f3b7a27f7c6e5c1450fb3eaab8 mbs1/x86_64/zarafa-utils-7.1.8-1.mbs1.x86_64.rpm
afaaf4b84e1afc898928737a6a9d2dea mbs1/x86_64/zarafa-webaccess-7.1.8-1.mbs1.noarch.rpm
53efe802a9b0794bafa5865ba5e712b2 mbs1/SRPMS/kyotocabinet-1.2.76-1.mbs1.src.rpm
fdc86a3de819acc0d641f89245b1c4a0 mbs1/SRPMS/zarafa-7.1.8-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTBNy1mqjQ0CJFipgRAhTPAKClNqERpDbJh+nVjQsoU6AzXz+4dACg1s4K
7F9j3wsH0H+FRSDUG7q8KgA=
=b7J0
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus