-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:040 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : zarafa Date : February 10, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated zarafa packages fix security vulnerability: Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp (CVE-2014-9465). This update also adds some patches from Robert Scheck which correct some packaging issues with zarafa-webaccess. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9465 http://advisories.mageia.org/MGASA-2015-0049.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: d02d0aa971a2c9beb08ba13cb301f2fa mbs1/x86_64/lib64zarafa0-7.1.8-1.2.mbs1.x86_64.rpm 7c145a1654a5a3e5750446f5bde487ce mbs1/x86_64/lib64zarafa-devel-7.1.8-1.2.mbs1.x86_64.rpm 10c3a04e8fb13007acac27aae499cc18 mbs1/x86_64/php-mapi-7.1.8-1.2.mbs1.x86_64.rpm d4da6ee2d2f06358f9b67e53c27524cf mbs1/x86_64/python-MAPI-7.1.8-1.2.mbs1.x86_64.rpm b06a463514ee33bf4d37e1e7479ca748 mbs1/x86_64/zarafa-7.1.8-1.2.mbs1.x86_64.rpm 4b0a8bf9a24c613cefcf7fd5610752ff mbs1/x86_64/zarafa-archiver-7.1.8-1.2.mbs1.x86_64.rpm dea3b4b66caca2166561fa050f5fb244 mbs1/x86_64/zarafa-caldav-7.1.8-1.2.mbs1.x86_64.rpm de149a1fd48201d03ff2f3e0015a83d0 mbs1/x86_64/zarafa-client-7.1.8-1.2.mbs1.x86_64.rpm 0ac2f836530e46e1919dbb90f0701c9e mbs1/x86_64/zarafa-common-7.1.8-1.2.mbs1.x86_64.rpm 8d6951d361fccd3c56cac0acbcbe4c8b mbs1/x86_64/zarafa-dagent-7.1.8-1.2.mbs1.x86_64.rpm 96676de89197b21e00f1c3ae1fe7f4c9 mbs1/x86_64/zarafa-gateway-7.1.8-1.2.mbs1.x86_64.rpm f7e0752b64296f57ff1a7cf25ba527f9 mbs1/x86_64/zarafa-ical-7.1.8-1.2.mbs1.x86_64.rpm ff69a904aba0aa7690fd645fea4209ff mbs1/x86_64/zarafa-indexer-7.1.8-1.2.mbs1.x86_64.rpm 466da62fd624f682da8e2bd6d4c38f39 mbs1/x86_64/zarafa-monitor-7.1.8-1.2.mbs1.x86_64.rpm 1c9ea1fa3ba9943ea75faf26f9bd1f3b mbs1/x86_64/zarafa-server-7.1.8-1.2.mbs1.x86_64.rpm 16334cfe056a1f1efa622c3e6be41d5e mbs1/x86_64/zarafa-spooler-7.1.8-1.2.mbs1.x86_64.rpm 027e4549c0405734692872df31ee0f4a mbs1/x86_64/zarafa-utils-7.1.8-1.2.mbs1.x86_64.rpm 9c4a6ca376d462077c6d21d3f3543eff mbs1/x86_64/zarafa-webaccess-7.1.8-1.2.mbs1.noarch.rpm 3362a5851bb152d92e85a5f985dd2103 mbs1/SRPMS/zarafa-7.1.8-1.2.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFU2g92mqjQ0CJFipgRAoQFAJ9oJTTa4Cv8NG4Yvfd2Wgs9qtBCxQCfdTmn cjn/5HlYotdAIrZtRhLqDcQ= =5Uns -----END PGP SIGNATURE-----
