-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:044 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : zarafa Date : February 19, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users (CVE-2014-0037, CVE-2014-0079). The updated packages have been upgraded to the 7.1.8 version which is not vulnerable to these issues. Additionally kyotocabinet 1.2.76 packages is also being provided due to new dependencies. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0079 https://bugzilla.redhat.com/show_bug.cgi?id=1056767 https://bugzilla.redhat.com/show_bug.cgi?id=1059903 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: d16e0d8878edda24781c7aa95aa9d9d0 mbs1/x86_64/kyotocabinet-1.2.76-1.mbs1.x86_64.rpm 6fd70948ad85912830fd1b2fe603b5fe mbs1/x86_64/kyotocabinet-api-doc-1.2.76-1.mbs1.noarch.rpm a62410307fbba4857685fcdf5c7b7c80 mbs1/x86_64/lib64kyotocabinet16-1.2.76-1.mbs1.x86_64.rpm 81b53cf87d92f99e63bee13c0a3341de mbs1/x86_64/lib64kyotocabinet-devel-1.2.76-1.mbs1.x86_64.rpm 50bab0eed141d22e945860eba1677604 mbs1/x86_64/lib64zarafa0-7.1.8-1.mbs1.x86_64.rpm 285e1fab4f7fbb90b47afffa4e48843a mbs1/x86_64/lib64zarafa-devel-7.1.8-1.mbs1.x86_64.rpm bd1609b8c463232cdc561d30c2576cea mbs1/x86_64/php-mapi-7.1.8-1.mbs1.x86_64.rpm 85a7deaad1f5d40af9b7f45c90d169c2 mbs1/x86_64/python-MAPI-7.1.8-1.mbs1.x86_64.rpm f27e206845698b040c1d0ebe07139b52 mbs1/x86_64/zarafa-7.1.8-1.mbs1.x86_64.rpm 6707f723548326f14f184e6abc9b5b8f mbs1/x86_64/zarafa-archiver-7.1.8-1.mbs1.x86_64.rpm 49159ba3392ea940b856187444fa1f10 mbs1/x86_64/zarafa-caldav-7.1.8-1.mbs1.x86_64.rpm adee30eedd5c028c7b3b0b7d3fcce79f mbs1/x86_64/zarafa-client-7.1.8-1.mbs1.x86_64.rpm a624c1b0b07ffc86b1fc4588032be771 mbs1/x86_64/zarafa-common-7.1.8-1.mbs1.x86_64.rpm f02d202a9ee027cf39549bbe94567598 mbs1/x86_64/zarafa-dagent-7.1.8-1.mbs1.x86_64.rpm 06a01cb9c185881f143e07e76450573f mbs1/x86_64/zarafa-gateway-7.1.8-1.mbs1.x86_64.rpm f58ca4cbf70505795034ea685d1504b9 mbs1/x86_64/zarafa-ical-7.1.8-1.mbs1.x86_64.rpm bca69f6009cfa4c753ae86e73809be30 mbs1/x86_64/zarafa-indexer-7.1.8-1.mbs1.x86_64.rpm c6f02794ecf4e45cc8b15a489b1f549b mbs1/x86_64/zarafa-monitor-7.1.8-1.mbs1.x86_64.rpm 7bfd2eabb0ff6ecb2426483212a08e8e mbs1/x86_64/zarafa-server-7.1.8-1.mbs1.x86_64.rpm 52cab9632d64fb0aa84492a676f3e03f mbs1/x86_64/zarafa-spooler-7.1.8-1.mbs1.x86_64.rpm bc60f4f3b7a27f7c6e5c1450fb3eaab8 mbs1/x86_64/zarafa-utils-7.1.8-1.mbs1.x86_64.rpm afaaf4b84e1afc898928737a6a9d2dea mbs1/x86_64/zarafa-webaccess-7.1.8-1.mbs1.noarch.rpm 53efe802a9b0794bafa5865ba5e712b2 mbs1/SRPMS/kyotocabinet-1.2.76-1.mbs1.src.rpm fdc86a3de819acc0d641f89245b1c4a0 mbs1/SRPMS/zarafa-7.1.8-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTBNy1mqjQ0CJFipgRAhTPAKClNqERpDbJh+nVjQsoU6AzXz+4dACg1s4K 7F9j3wsH0H+FRSDUG7q8KgA= =b7J0 -----END PGP SIGNATURE-----