Mandriva Linux Security Advisory 2015-214 - The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs.
c302ec3d51ab5341c57f021ffc07bdc2d71a1751d7ad214e9065351b15fec43dMandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098.
0e94abe5e27fe5c6984390ceef5e20904126efa7257c4f4f53cde5ada9829724A vulnerability has been discovered that affects the certificate verification functions provided by the HNDS service found on the Centro Grande (ADB version) DSL routers of Swisscom. The flaw allows an attacker to have access to management functions that are normally reserved for the Swisscom support. Furthermore, this vulnerability combined with other vulnerabilities allow to completely compromise the Centro Grande (ADB) routers. Available Proof-of-Concept code enables a remote root shell on a victim's router.
f499313153621ff0da41ea39b1fcf63d873186851a10fffc5df7c8dea562cba3Red Hat Security Advisory 2015-0891-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. This issue was found by Paolo Bonzini of Red Hat.
276a854e02c6ec07038497b82f9bb9506cbbaac13a26ae82ea6343e4bcfca098Red Hat Security Advisory 2015-0888-01 - Red Hat Enterprise Virtualization Manager 3.5.1 is now available. It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service. It was discovered that a directory shared between the ovirt-engine-dwhd service and a plug-in used during the service's startup had incorrect permissions. A local user could use this flaw to access files in this directory, which could potentially contain sensitive information.
ca7ceffd1d748a83925a9856f16bb79722cb033187b6a3fc14ffbd62fba7ea48Ubuntu Security Notice 2581-1 - Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files.
c5f32b53adf6c35ee6bc7624cce314688e2fd1a323fb96fceb4332b763658430Mandriva Linux Security Advisory 2015-212 - An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures.
5d632c802729d6afa088371dd777ff906d4a5f0bfbcccd4d11559d46754410c2Ubuntu Security Notice 2570-1 - An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.
a1b89c9fb9b5a3f400af9982c99e77c800de8f17d203e170237f354bff80606aOpen-Xchange Server 6 and OX AppSuite versions 7.6.1 and below suffer from multiple cross site scripting vulnerabilities.
0631e8cc651e7c9442b7d94ef0687aa105118b9d15a7f3df9861fe4949e88104All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch.
e14bc9f35bf13a67b98981ea4b74e9432b3624b8a7bccf2d1aad94a07d646feeUbuntu Security Notice 2580-1 - It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.
88f12e032c72a7978de45fa5ee30e9df27a082edd84f1f50f7f2e7542f99e1ffMandriva Linux Security Advisory 2015-211 - glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for the service that work properly.
c3e463b13df505d85b05845372bc13d6c0bed8ff47059b7731230c0714853b21Mandriva Linux Security Advisory 2015-210 - A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.
1415b78b12044db0e659dff979e0ab2d6fe56f133897650f516ab14c247201c3Mandriva Linux Security Advisory 2015-209 - Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.
7240fd4534def87429d91c637b7729d5691e7f8862de87105b7fb9fae468642eMandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update.
9828baab829b1cfc2c285e37421924ea4be6c7aa0f1b88b7541140dd6250d318Mandriva Linux Security Advisory 2015-207 - Updated perl-Module-Signature package fixes the following security Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying the contents of a CPAN module, Module::Signature ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute automatically during make test When generating checksums from the signed manifest, Module::Signature used two argument open() calls to read the files. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. Several modules were loaded at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious module so that they would load from the '.' path in \@INC.
f15c8d16a91a259723b265ed700d69f88cdaffa4d9b22c45fa33716cc633d9d2Mandriva Linux Security Advisory 2015-206 - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.
0f49b40c5245b1a901652fda923ccb5d25207d1dc5ad349b0a1484d554d3794cMandriva Linux Security Advisory 2015-205 - disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. DonnchaC discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors. Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points now no longer allow multiple cells of that type on the same circuit. The tor package has been updated to version 0.2.4.27, fixing these issues.
3f8c2c6c3c6ba4ee0c6fa2a297a9758203ce3ca5828f73a99d3217e6d31b4a3aUbuntu Security Notice 2579-1 - It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behavior by adding a prefix to environment variables. Sites using program maps will need to adapt to the new variable names, or revert to the previous names by using a new configuration option called FORCE_STANDARD_PROGRAM_MAP_ENV. Various other issues were also addressed.
7380ef8c0ba9c845147cd4a70a015db6877390005781b9fe2fd2f9917fcacea3Mandriva Linux Security Advisory 2015-204 - librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. The change to fix this is not backward compatible with older versions of librsync. Backward compatibility can be obtained using the new rdiff sig --hash=md4 option or through specifying the signature magic in the API, but this should not be used when either the old or new file contain untrusted data. Also, any applications that use the librsync library will need to be recompiled against the updated library. The rdiff-backup packages have been rebuilt for this reason.
f38e16d3da5b3852e8cc748629c4c028e924bad76e990f1120415ab0a14a350eDebian Linux Security Advisory 3238-1 - Several vulnerabilities were discovered in the chromium web browser.
914899feb17ca95c0602b6f2f4f452518d9f4ae92cfda0698f1e2f62822782c3Debian Linux Security Advisory 3237-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
aa8f1362fe2b1e520df3774e9b5a3562a1ce08175dfc089a7a41b13a71abdb2eUbuntu Security Notice 2578-1 - Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled certain HWP files. If a user were tricked into opening a specially crafted HWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Various other issues were also addressed.
71ac5f10710fff2f31331f2c65bc2031d90e66ec9887af391ff933321248c56eDebian Linux Security Advisory 3236-1 - It was discovered that missing input sanitising in Libreoffice's filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened.
c77dd6afcab68062a457b065150401c354358678553b7b0f31c38b3269e3b29fDebian Linux Security Advisory 3235-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
7f63fd15e24f32bf99334d534a5089daac7730ea3359f45be9d8eabcf4eba4e8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed