Mandriva Linux Security Advisory 2015-174 - An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module. This update also disables SSLv3 by default to mitigate the POODLE issue.
7327dff93225125f42183afea1aae6cef8aa7051755efb32071f7d558e419f43
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:174
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : erlang
Date : March 30, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated erlang packages fixes security vulnerability:
An FTP command injection flaw was found in Erlang's FTP module. Several
functions in the FTP module do not properly sanitize the input before
passing it into a control socket. A local attacker can use this flaw
to execute arbitrary FTP commands on a system that uses this module
(CVE-2014-1693).
This update also disables SSLv3 by default to mitigate the POODLE
issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693
http://advisories.mageia.org/MGASA-2014-0553.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
c3782d8e70c2560d22368c5cf191c2de mbs2/x86_64/erlang-appmon-R16B02-3.1.mbs2.x86_64.rpm
aecdc45f5a81807249581c7244e37569 mbs2/x86_64/erlang-asn1-R16B02-3.1.mbs2.x86_64.rpm
477308c25e90cd9518e3b5518dd4f794 mbs2/x86_64/erlang-base-R16B02-3.1.mbs2.x86_64.rpm
5f3d6f1d15ba896c28487190328395b0 mbs2/x86_64/erlang-common_test-R16B02-3.1.mbs2.x86_64.rpm
6f28db799e6740f3a34ce1a1f7a2966f mbs2/x86_64/erlang-compiler-R16B02-3.1.mbs2.x86_64.rpm
36e6b99c911c5416725e1d849329a438 mbs2/x86_64/erlang-cosEventDomain-R16B02-3.1.mbs2.x86_64.rpm
ba146d18f9759ce77027c3ff65025bc4 mbs2/x86_64/erlang-cosEvent-R16B02-3.1.mbs2.x86_64.rpm
c62b33ca7302a1e25da1b118844fd257 mbs2/x86_64/erlang-cosFileTransfer-R16B02-3.1.mbs2.x86_64.rpm
bb9160c5dfcccc5b506fce6bc6dce5b3 mbs2/x86_64/erlang-cosNotification-R16B02-3.1.mbs2.x86_64.rpm
e514be216077fae803723a972df68ddc mbs2/x86_64/erlang-cosProperty-R16B02-3.1.mbs2.x86_64.rpm
999b7f423e8ad3a4ec9789c1b0228f44 mbs2/x86_64/erlang-cosTime-R16B02-3.1.mbs2.x86_64.rpm
31459904189e725bc21e894b0479ce0a mbs2/x86_64/erlang-cosTransactions-R16B02-3.1.mbs2.x86_64.rpm
b5c015e8d8b30ae7809e08c3551985d8 mbs2/x86_64/erlang-crypto-R16B02-3.1.mbs2.x86_64.rpm
c807878d781f028af448cc2b7bcb988b mbs2/x86_64/erlang-debugger-R16B02-3.1.mbs2.x86_64.rpm
a97e3c12ae0325d78bf6001ce23428a3 mbs2/x86_64/erlang-devel-R16B02-3.1.mbs2.x86_64.rpm
21362da5ce27a71bcc9d4aa4465cabc5 mbs2/x86_64/erlang-dialyzer-R16B02-3.1.mbs2.x86_64.rpm
2adab55b7e7389bc5400ef4fef7c027a mbs2/x86_64/erlang-diameter-R16B02-3.1.mbs2.x86_64.rpm
e4b575315ec1423361711503fd160145 mbs2/x86_64/erlang-docbuilder-R16B02-3.1.mbs2.x86_64.rpm
7d556a1077b9ab6ceec582831be37905 mbs2/x86_64/erlang-edoc-R16B02-3.1.mbs2.x86_64.rpm
4be0a333cef6fb9956fceaf89d715468 mbs2/x86_64/erlang-eldap-R16B02-3.1.mbs2.x86_64.rpm
53c53de3b5efc19e193d7c56001a8a07 mbs2/x86_64/erlang-emacs-R16B02-3.1.mbs2.x86_64.rpm
7eac22f0cc244076781ca2803c662768 mbs2/x86_64/erlang-erl_docgen-R16B02-3.1.mbs2.x86_64.rpm
80249961f16f82dbc66f7de771e98735 mbs2/x86_64/erlang-erl_interface-R16B02-3.1.mbs2.x86_64.rpm
fbf5c957d14e3c09a43eafd03cb19ab2 mbs2/x86_64/erlang-et-R16B02-3.1.mbs2.x86_64.rpm
73cfce1e58cdb676a470ee16d84b52a2 mbs2/x86_64/erlang-eunit-R16B02-3.1.mbs2.x86_64.rpm
76553169fa04132330658a8b6dfc21af mbs2/x86_64/erlang-gs-R16B02-3.1.mbs2.x86_64.rpm
ef9e5fe8657eea48de2d5b7c1a230587 mbs2/x86_64/erlang-hipe-R16B02-3.1.mbs2.x86_64.rpm
1fbbab73409ab496bf65acfef0159b12 mbs2/x86_64/erlang-ic-R16B02-3.1.mbs2.x86_64.rpm
13029c97b65202f4246267568a08665d mbs2/x86_64/erlang-inets-R16B02-3.1.mbs2.x86_64.rpm
82769f0678e9653e60f34b8e1204022c mbs2/x86_64/erlang-jinterface-R16B02-3.1.mbs2.x86_64.rpm
164e49370da7c102a102e3d7938692fd mbs2/x86_64/erlang-manpages-R16B02-3.1.mbs2.x86_64.rpm
ea23fe6568707738a77744047b1784af mbs2/x86_64/erlang-megaco-R16B02-3.1.mbs2.x86_64.rpm
6ccadf1b58574ffe626ff7b11e96294e mbs2/x86_64/erlang-mnesia-R16B02-3.1.mbs2.x86_64.rpm
ddfc6f940edc76a2c96776f632a0359b mbs2/x86_64/erlang-observer-R16B02-3.1.mbs2.x86_64.rpm
236ccf95ce563e21883810dec7aec43f mbs2/x86_64/erlang-odbc-R16B02-3.1.mbs2.x86_64.rpm
9ad313bfab1ba9c8efcbc0e65b179ddf mbs2/x86_64/erlang-orber-R16B02-3.1.mbs2.x86_64.rpm
227fee7ff295d10ff377cd5e85bc260d mbs2/x86_64/erlang-os_mon-R16B02-3.1.mbs2.x86_64.rpm
f9466de44e540cfc315d6d187c73933e mbs2/x86_64/erlang-otp_mibs-R16B02-3.1.mbs2.x86_64.rpm
ea1ded7ffbf11aebeefa69d5ed4e46ed mbs2/x86_64/erlang-parsetools-R16B02-3.1.mbs2.x86_64.rpm
79401ec3c2a53510b5c18fa5ec9c48cd mbs2/x86_64/erlang-percept-R16B02-3.1.mbs2.x86_64.rpm
71bc4854a1521759767da77f6dbafd95 mbs2/x86_64/erlang-pman-R16B02-3.1.mbs2.x86_64.rpm
a029b242eedb3b776c2a0a514c276ba8 mbs2/x86_64/erlang-public_key-R16B02-3.1.mbs2.x86_64.rpm
abb2e8ca95dc45ce97e73f24db27456a mbs2/x86_64/erlang-reltool-R16B02-3.1.mbs2.x86_64.rpm
3a4517790ca1f36a78efaf2c64d11de1 mbs2/x86_64/erlang-runtime_tools-R16B02-3.1.mbs2.x86_64.rpm
166a784fcc6045fbb9efbef6290641d7 mbs2/x86_64/erlang-snmp-R16B02-3.1.mbs2.x86_64.rpm
827213abaec61dcde9e8f779e7a8d331 mbs2/x86_64/erlang-ssh-R16B02-3.1.mbs2.x86_64.rpm
093a3ccdd934156cb434c0b795d8d982 mbs2/x86_64/erlang-ssl-R16B02-3.1.mbs2.x86_64.rpm
72e9c7fb38a3116b1a00d2c4fccbf88e mbs2/x86_64/erlang-stack-R16B02-3.1.mbs2.x86_64.rpm
8b77c2ca0438ec1c1adbc99280291f8c mbs2/x86_64/erlang-syntax_tools-R16B02-3.1.mbs2.x86_64.rpm
03bae9355926cd7ecc29476eabac629e mbs2/x86_64/erlang-test_server-R16B02-3.1.mbs2.x86_64.rpm
1f23126813a9f02705174b9f243ac8be mbs2/x86_64/erlang-toolbar-R16B02-3.1.mbs2.x86_64.rpm
df9f88f56c816780d093c5d8426779ce mbs2/x86_64/erlang-tools-R16B02-3.1.mbs2.x86_64.rpm
b65670938b9d8c22226e7189349eb5c4 mbs2/x86_64/erlang-tv-R16B02-3.1.mbs2.x86_64.rpm
d5bc3f1de4e19b43f26f35a05b133f23 mbs2/x86_64/erlang-typer-R16B02-3.1.mbs2.x86_64.rpm
1d9ca7574b5fea1a3730c5db14357387 mbs2/x86_64/erlang-webtool-R16B02-3.1.mbs2.x86_64.rpm
95f2dba7a7a8ec8150eae75f2a4a1a1d mbs2/x86_64/erlang-wx-R16B02-3.1.mbs2.x86_64.rpm
2ea9cb729265b4eb387367b154d1d5aa mbs2/x86_64/erlang-xmerl-R16B02-3.1.mbs2.x86_64.rpm
5426c5858d7b207f8cdcd5ad4beb3ed3 mbs2/SRPMS/erlang-R16B02-3.1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVGQBGmqjQ0CJFipgRAlMOAJ4+XKgZ2ajTf/2V3nFSk3g0aRxWbgCbBX3D
V03y7WmjZTY0C9ZyD13tQfg=
=GBGW
-----END PGP SIGNATURE-----