Advisories » MGASA-2015-0049

Updated zarafa packages fix CVE-2014-9465 and some packaging issues

Publication date: 05 Feb 2015
Modification date: 05 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9465

Description

Updated zarafa packages fix security vulnerability:

Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and Zarafa WebApp
that could allow a remote unauthenticated attacker to exhaust the disk space
of /tmp (CVE-2014-9465).

This update also adds some patches from Robert Scheck which correct some
packaging issues with zarafa-webaccess.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14993
• http://security.robert-scheck.de/cve-2014-9465-zarafa/
• http://www.openwall.com/lists/oss-security/2015/01/03/10
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9465

SRPMS

4/core

• zarafa-7.1.11-1.2.mga4