Lucene search

Gentoo FoundationMGASA-2014-0112

HistoryMar 02, 2014 - 2:57 a.m.

Updated zarafa packages fix security vulnerabilities

2014-03-0202:57:23

Gentoo Foundation

advisories.mageia.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON

Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users (CVE-2014-0037, CVE-2014-0079).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchzarafa< 7.1.8-1.1zarafa-7.1.8-1.1.mga3
Mageia4noarchzarafa< 7.1.8-1.1zarafa-7.1.8-1.1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	zarafa	< 7.1.8-1.1	zarafa-7.1.8-1.1.mga3
Mageia	4	noarch	zarafa	< 7.1.8-1.1	zarafa-7.1.8-1.1.mga4

References

www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:044/

bugs.mageia.org/show_bug.cgi?id=12813

lists.fedoraproject.org/pipermail/package-announce/2014-February/128409.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for MGASA-2014-0112