Ubuntu Security Notice 1734-1 - Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion.
6d3859f8e73a01c731e048bd1058cbd83ecde2953d41aa5b88921039d3de8376Red Hat Security Advisory 2013-0550-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv4 systems through a NAT64 server. A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones. If a remote attacker sent a specially-crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default.
be9b3927189a1166d36e2cf7d1edc674fbba7aea987f7b05d7bef60fe0de9dd9Red Hat Security Advisory 2013-0547-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. CloudForms System Engine can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments. It was found that the "/usr/share/katello/script/katello-generate-passphrase" utility, which is run during the installation and configuration process, set world-readable permissions on the "/etc/katello/secure/passphrase" file. A local attacker could use this flaw to obtain the passphrase for Katello, giving them access to information they would otherwise not have access to.
339740d9406c3350301caab4ada52a15b3430be5af36a984271eda01e623b9b6Red Hat Security Advisory 2013-0545-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. CloudForms Cloud Engine is a management application for cloud resources. It was found that the Aeolus Configuration Server stored passwords in plain text in the world-readable "/var/log/aeolus-configserver/configserver.log" file. A local attacker could use this flaw to obtain the administrative passwords for other services.
289d775b58d68820148aa9883ca53a46eccbfdd48348721c182bb2dfa5c860ccRed Hat Security Advisory 2013-0551-01 - Adobe Reader allows users to view and print documents in Portable Document Format. This update fixes two security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-07, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.5.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.
b5678dbc538551c8b44179f8422625403d44e85d0e42dd8fd82f22dab2e7f6c9Red Hat Security Advisory 2013-0505-02 - Squid is a high-performance proxy caching server for web clients that supports FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way the Squid Cache Manager processed certain requests. A remote attacker who is able to access the Cache Manager CGI could use this flaw to cause Squid to consume an excessive amount of memory. Due to a bug in the ConnStateData::noteMoreBodySpaceAvailable() function, child processes of Squid terminated upon encountering a failed assertion. An upstream patch has been provided and Squid child processes no longer terminate.
f92dd78de16315f861e5ab75471d33381f6ccb43aae9c20d97fc87566f9db500Red Hat Security Advisory 2013-0503-03 - The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performing an LDAP modify relative distinguished name operation. After modrdn was used to move part of a tree, the ACLs defined on the moved were not properly enforced until the server was restarted. This could allow LDAP users to access information that should be restricted by the defined ACLs.
81f266349d360bc98f9ba001b096803762605fe489020374a17f656017a2aed6Red Hat Security Advisory 2013-0500-02 - The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project, which provides drivers for Hewlett-Packard printers and multi-function peripherals. Several temporary file handling flaws were found in HPLIP. A local attacker could use these flaws to perform a symbolic link attack, overwriting arbitrary files accessible to a process using HPLIP. The CVE-2013-0200 issues were discovered by Tim Waugh of Red Hat.
d0e265e67da2b6518e25c5a95ef17a56c0cd1044ceaa1d1df7600cf3916e91b6Red Hat Security Advisory 2013-0277-02 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplification attacks. In order to fully address this issue, libvirt package users are advised to install updated libvirt packages. Refer to RHSA-2013:0276 for additional information.
69f64a8faf20496d8acc9c8b3c87f09f8d380a6cb7de2df96355d561e0a0394bRed Hat Security Advisory 2013-0499-02 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.
be4a4f35af787c54658b20d107cfe272957cfaa2dae54a130663d846f2c788abRed Hat Security Advisory 2013-0496-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file.
3a925a69e9ed312b981ff3a349917d1490658caff3fcba8bf43104f107a6da83Ubuntu Security Notice 1733-1 - Jean-Philippe Aumasson discovered that Ruby incorrectly generated predictable hash values. An attacker could use this issue to generate hash collisions and cause a denial of service. Evgeny Ermakov discovered that documentation generated by rdoc is vulnerable to a cross-site scripting issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Various other issues were also addressed.
dddd7e4c2113ee021334b4b14478e4a1ed7d308a57d26ab172def828073de257Ubuntu Security Notice 1732-1 - Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Stephen Henson discovered that OpenSSL incorrectly performed signature verification for OCSP responses. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
3840d7b0427c8c47a692ec2a92d448203e10c63f63d934450bf70540d9f0574dRed Hat Security Advisory 2013-0276-02 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was discovered that libvirt made certain invalid assumptions about dnsmasq's command line options when setting up DNS masquerading for virtual machines, resulting in dnsmasq incorrectly processing network packets from network interfaces that were intended to be prohibited. This update includes the changes necessary to call dnsmasq with a new command line option, which was introduced to dnsmasq via RHSA-2013:0277.
68a3d89546b9f2deade7e656586c7b374600b35508e282a078dfd3fde24aec1fRed Hat Security Advisory 2013-0521-02 - Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users' "~/.pam_environment" files. If an application's PAM configuration contained "user_readenv=1", a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained "user_readenv=1", a local attacker could use this flaw to cause the application to enter an infinite loop.
3db6488fc0487eab8391005641b6b481366220faead1fe7681d7aa18230fd1a5Red Hat Security Advisory 2013-0528-02 - Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. It was found that the current default configuration of IPA servers did not publish correct CRLs. The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica.
45016e5ee1f76f0230ab979a2d9d985ccfd287ab8df26c332f25591bf1c6bb45Red Hat Security Advisory 2013-0523-02 - Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon, by inserting a specially-crafted smart card.
be07020b588234f73d83cecb4bcda0a3b7242abbce8063504b00397ae11b7313Red Hat Security Advisory 2013-0525-02 - PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset messages. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon, by inserting a specially-crafted smart card.
1acdfdf6fb86eb0d32e327d3148d42360a9310c27d3d44d65b35cdeed54eaa0eRed Hat Security Advisory 2013-0526-02 - Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck".
e08ff921196b2815195dea8231682ab8432082abc43871f1c79a14563cf4bb4cRed Hat Security Advisory 2013-0514-02 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code.
51ca25f841a5b9db7f1889bde177da130e829b07d0bf513a8219250ea936a8f8Red Hat Security Advisory 2013-0522-02 - The GNU Debugger allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the "show auto-load safe-path" and "set auto-load safe-path" GDB commands.
cbf039fec0ced80f94fb0ffd1a100734dfa706918fe7b4753deec7a66d4a2385Red Hat Security Advisory 2013-0520-02 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts.
cc2d82431b7724dffbd1e1d10167102f8893f413a9eb44dd0dce08dd119b4ef9Red Hat Security Advisory 2013-0511-02 - Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of Identity Management in Red Hat Enterprise Linux. Multiple cross-site scripting flaws were discovered in Certificate System. An attacker could use these flaws to perform a cross-site scripting attack against victims using Certificate System's web interface.
2086b178b0c0319456115918e19130d42519af136e6ee4418e4f4bd230e13ad5Red Hat Security Advisory 2013-0519-02 - OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc's error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its memory or, potentially, execute arbitrary code.
fb4c0807ded976e32bae9182da0fa9a8423f588150cae073a4d4482f9e4f8d2aRed Hat Security Advisory 2013-0517-02 - The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. These updated util-linux-ng packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes.
e50c39bf7344de3fea858940c56def62377126d41405e0c2b1144f60a83ba79c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed