Mandriva: 2014:116: file

A flaw was found in the way file’s Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237).]
LXer Linux News


Mandriva: 2013:244: davfs2

A vulnerability has been discovered and corrected in davfs2: Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation (CVE-2013-4362). The updated packages have been patched to correct this issue.
LXer Linux News