OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093This bulletin summary lists seven released Microsoft security bulletins for June, 2014.
2e5cf9708d6b05150022d162acbbc340b9f9910047c40c89b83e6ff160c9bdd2WordPress JW Player plugin for Flash and HTML5 video version 2.1.2 suffers from a cross site request forgery vulnerability.
cdad1816681799d29e33dcf89e7fae83ab2ea38a2b1dc10c7013fdde5171470eWordPress Member Approval plugin suffers from a cross site request forgery vulnerability.
cf0e211277b3af8f29f890eaee047abd87d67ab49da7b4f8644f2926c3e15974WordPress Featured Comments plugin version 1.2.1 suffers from a cross site request forgery vulnerability.
d55e12b29bb097aaa69cddaf0f0966990c52d8ce0e2c0f13e9ce04ea64081b96Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
bd21c3071ebd2748be93ab69f92a2df8a758d1b418b5dfa81b16acb38bed7e83Mandriva Linux Security Advisory 2014-109 - A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.
2dac6f0975791c3374b1c28f1e4f21fe44bba9a3591e659d6062a5f8cff8a5d6Mandriva Linux Security Advisory 2014-107 - Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash. It was discovered that libtasn1 library function asn1_get_bit_der() could incorrectly report negative bit length of the value read from ASN.1 input. This could possibly lead to an out of bounds access in an application using libtasn1, for example in case if application tried to terminate read value with NUL byte. A NULL pointer dereference flaw was found in libtasn1's asn1_read_value_type() / asn1_read_value() function. If an application called the function with a NULL value for an ivalue argument to determine the amount of memory needed to store data to be read from the ASN.1 input, libtasn1 could incorrectly attempt to dereference the NULL pointer, causing an application using the library to crash. The packages for mes5 have been patched to correct these issues and the packages for mbs1 have been upgraded to the 3.6 version where these issues has been fixed.
6084645b18303c08ddea0b6685c126bac08365a0a77c976b079a38f918704baaMandriva Linux Security Advisory 2014-106 - The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service via a long non-initial fragment. The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service via a DTLS hello message in an invalid DTLS handshake. OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability. The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service by triggering a NULL certificate value. The updated packages have been upgraded to the 1.0.0m version where these security flaws has been fixed.
48f862f1ec9f79ef93afa61e6a540e861053e40f6e8a0a84ba793504cfbe045cDebian Linux Security Advisory 2954-1 - It was discovered that the Dovecot email server is vulnerable to a denial of service attack against imap/pop3-login processes due to incorrect handling of the closure of inactive SSL/TLS connections.
f7b574186100faa3350fd62bea077a55c41e1162c8a545f104e6d1fc73023950Mandriva Linux Security Advisory 2014-105 - The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service via a DTLS hello message in an invalid DTLS handshake. OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability. The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service by triggering a NULL certificate value. The updated packages have been patched to correct these issues.
b523e6f4d6874c07a78e1a2c0de14ee677a943c3a06224f3b3fad2bc2d0b9053Gentoo Linux Security Advisory 201406-8 - Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.359 are affected.
b79c18efed4e91b739392cd57d6ed7faa3e7ec1adca24d3ac8d462f11e1a4f6eUbuntu Security Notice 2242-1 - It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
8ef8b768e474af9f532c9bef95aa6237af0bb781c79056bce28ff6548b102ac8Mandriva Linux Security Advisory 2014-110 - Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials. libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site.
75ea9fddd56a8f483f19f04372a8d6ef9a7dc3e7b6a70eeaa8e03e77757a707cMandriva Linux Security Advisory 2014-112 - Multiple vulnerabilities has been discovered and corrected in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. Various other issues were also addressed. The updated packages have been patched to correct these issues.
f520b2a1af54463c5702534c185216ba941c354cf4597245c36aca5f2c74ab96Mandriva Linux Security Advisory 2014-111 - A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS.
25a9b8566656ec84dcef7b521af403abd6e8c20af97b14b958771c7694673d6eSlackware Security Advisory - New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
6ccaa63bae36ebf2fee8dfc6bb315c90f04190112dec98873bd2c97833e1fea3Mandriva Linux Security Advisory 2014-108 - A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.
b53b2b8afd1cd8d78b77e12a89c948d256e021c14cbb05865fe90ccf85a1edd6WordPress SCv1 theme suffers from a file disclosure vulnerability. Note that this finding houses site-specific data.
2e93c64b312f97c111675434e17d000dca89e84f10422112287ab469ee1273b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed