Articles / SuSE

All articles tagged with SuSE

September 03, 2012 06:44 SuSE: Security update for libexif

0

Various overflows and other security related bugs in libexif were found by the Google Security team and fixed by the libexif developers. Updated packages are available from download.opensuse.org.

August 31, 2012 06:03 SuSE: Security update for pidgin, finch and libpurple

0

This update of pidgin fixes a stack-based buffer overflow in the MXit protocol which could have potentially been exploited by remote attackers to execute arbitrary code in the context of the user running pidgin. Updated packages are available from download.opensuse.org.

August 29, 2012 07:00 SuSE: Security update for XEN

0

This update of XEN fixed multiple security flaws that could be exploited by local attackers to cause a Denial of Service or potentially escalate privileges. Updated packages are available from download.opensuse.org.

August 24, 2012 07:57 SuSE: Security update for bind

0

An update to bind fixes one vulnerability. Records with zero length rdata field could have crashed named or disclose portions of memory to clients. Updated packages are available from download.opensuse.org.

August 22, 2012 09:23 SuSE: Security update for ClamAV

0

This update addresses possible evasion cases in some archive formats and stability issues in portions of the bytecode engine. Updated packages are available from download.opensuse.org.

August 15, 2012 08:33 SuSE: New cobbler packages fix security vulnerabilities

0

This update of cobbler fixes a remote code execution flaw which could have been exploited through cobbler’s XMLRPC API. Updated packages are available from download.opensuse.org.

August 01, 2012 06:04 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host.

Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests.

Updated packages are available from download.opensuse.org.

July 27, 2012 04:58 SuSE: New Pidgin packages fix security vulnerabilities

0

Various remote triggerable crashes in pidgin have been fixed. In some situations the MSN server sends text that isn’t UTF-8 encoded, and Pidgin fails to verify the text’s encoding. In some cases this can lead to a crash when attempting to display the text (). Incoming messages with certain characters or character encodings can cause clients to crash. A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests.

Updated packages are available from download.opensuse.org.

July 18, 2012 05:14 SuSE: New Linux kernel packages fix security vulnerabilities

0

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. The befs_follow_linkl function did not validate the lenght attribute of long symlinsk, which allowed local users to cause a denial of service (incorrect pointer dereference and Ooops) by accessing a long symlink on a malformed Be filesystem.

A memory corruption possibility was fixed in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. A BUG() error report in the nfs4xdr routines on a NFSv4 mount was fixed that could happen during mknod. Also, mounting a corrupted hfs filesystem could lead to a buffer overflow.

Updated packages are available from download.opensuse.org.

July 11, 2012 05:54 SuSE: New Firefox packages fix security vulnerabilities

0

MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Security researcher James Forshaw found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla’s updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable.

Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy’s (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure.

Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed.

Security researcher Abhishek Arya used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable.

Updated packages are available from download.opensuse.org.

July 06, 2012 10:56 SuSE: New bind packages fix security vulnerability

0

A remote denial of service in the bind nameserver via zero length rdata fields was fixed. Updated packages are available from download.opensuse.org.

July 04, 2012 13:14 SuSE: New pidgin-otr packages fix security vulnerabilities

0

A format string flaw in pidgin-otr could have caused a denial of service condition or even potentially allowed attackers to execute arbitrary code. This has been fixed. Updated packages are available from download.opensuse.org.

June 25, 2012 07:28 SuSE: New Firefox kernel packages fix security vulnerabil...

0

MozillaFirefox was updated to the 10.0.4 ESR release to fix various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Christian Holler a reported memory safety and security problem affecting Firefox 11. Security researchers reported memory safety problems and crashes that affect Firefox ESR and Firefox 11.

Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. This can leave users vulnerable to cross-site scripting (XSS) attacks on maliciously crafted web pages.

Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Mozilla community member Matias Juntunen discovered an error in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments from FindMaxUshortElement. This bug causes maximum index to be computed incorrectly within WebGL.drawElements, allowing the reading of illegal video memory. Security researchers Jordi Chancel and Eddy Bordi reported that they could short-circuit page loads to show the address of a different site than what is loaded in the window in the addressbar. Security researcher Chris McGowen independently reported the same flaw, and further demonstrated that this could lead to loading scripts from the attacker’s site, leaving users vulnerable to cross-site scripting (XSS) attacks.

Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server. Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection.

Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution. Mateusz Jurczyk of the Google Security Team discovered an off-by-one error in the OpenType Sanitizer using the Address Sanitizer tool. This can lead to an out-of-bounds read and execution of an uninitialized function pointer during parsing and possible remote code execution. Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks.

Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for phishing attacks where a malicious page can spoof the identify of another seemingly secure site.

Updated packages are available from download.opensuse.org.

June 19, 2012 10:45 SuSE: New openssl packages fix security vulnerabilities

0

This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. Additionally, a check for negative buffer length values was added. Updated packages are available from download.opensuse.org.

May 29, 2012 04:49 SuSE: New Firefox packages fix remote vulnerabilities

0

MozillaFirefox was updated to the 10.0.4 ESR release to fix various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable.

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number systems. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. This can leave users vulnerable to cross-site scripting (XSS) attacks on maliciously crafted web pages.

Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. This is created by using cairo-dwrite to attempt to render fonts on an unsupported code path. This corruption causes a potentially exploitable crash on affected systems. Mozilla community member Matias Juntunen discovered an error in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments from FindMaxUshortElement. This bug causes maximum index to be computed incorrectly within WebGL.drawElements, allowing the reading of illegal video memory.

Security researchers Jordi Chancel and Eddy Bordi reported that they could short-circuit page loads to show the address of a different site than what is loaded in the window in the addressbar. Security researcher Chris McGowen independently reported the same flaw, and further demonstrated that this could lead to loading scripts from the attacker’s site, leaving users vulnerable to cross-site scripting (XSS) attacks. Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server.

Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection. Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.

Mateusz Jurczyk of the Google Security Team discovered an off-by-one error in the OpenType Sanitizer using the Address Sanitizer tool. This can lead to an out-of-bounds read and execution of an uninitialized function pointer during parsing and possible remote code execution. MFSA 2012-32 / CVE-2011-1187: Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks.

Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for phishing attacks where a malicious page can spoof the identify of another seemingly secure site.

Updated packages are available from download.opensuse.org.

May 21, 2012 07:51 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.26, fixing lots of bugs and security issues. A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. A local attacker could oops the kernel using memory control groups and eventfds.

The path length users can build using epoll() has been limited to avoid local attackers consuming lots of kernel CPU time. The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. Access to the /proc/pid/taskstats file now requires root access to avoid side channel (timing keypresses etc.) attacks on other users.

An oops in jbd/jbd2 has been fixed that could be caused by specific filesystem access patterns. A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. An oops in jbd/jbd2 has been fixed that could be caused by mounting a malicious prepared filesystem.

Updated packages are available from download.opensuse.org.

May 15, 2012 09:13 SuSE: New Linux kernel packages fix security vulnerabilities

0

The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. A local attacker could oops the kernel using memory control groups and eventfds.

Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. Access to the /proc/pid/taskstats file requires root access to avoid side channel (timing keypresses etc.) attacks on other users.

Fixed an oops in jbd/jbd2 that could be caused by specific filesystem access patterns. A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. Fixed a oops in jbd/jbd2 that could be caused by mounting a malicious prepared filesystem.

Updated packages are available from download.opensuse.org.

May 15, 2012 09:11 SuSE: New freetype packages fix security vulnerabilities

0

Specially crafted font files could have caused buffer overflows in freetype, which could have been exploited for remote code execution. Updated packages are available from download.opensuse.org.

May 13, 2012 18:56 SuSE: New freetype2 packages fix security vulnerabilities

0

Specially crafted font files could have caused buffer overflows in freetype, which could be exploited for remote code execution. Updated packages are available from download.opensuse.org.

May 11, 2012 06:31 SuSE: New samba packages fix security vulnerabilities

0

A remote code execution flaw in Samba has been fixed. A PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. Updated packages are available from download.opensuse.org.

May 02, 2012 17:11 SuSE: New PHP packages fix security vulnerabilities

0

This update of PHP5 fixes multiple security flaws. Missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference). Specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content. A stack based buffer overflow in php5’s Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header.

Temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections.

Updated packages are available from download.opensuse.org.

April 27, 2012 08:36 SuSE: New flash-player packages fix security vulnerabilities

0

Adobe Flash Player 11.1.102.63 fixes a memory corruption vulnerability in the NetStream class that could lead to code execution. Updated packages are available from download.opensuse.org.

April 27, 2012 08:33 SuSE: New Firefox packages fix security vulnerabilities

0

Mozilla Firefox was updated to 10.0.3 ESR to fix various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Updated packages are available from download.opensuse.org.

April 08, 2012 15:50 SuSE: New samba packages fix security vulnerabilities

0

This Samba file server update fixes various security issues. A heap-based buffer overflow that could be exploited by remote, unauthenticated attackers to crash the smbd daemon or potentially execute arbitrary code via specially crafted SMB AndX request packets was fixed. A cross site scripting problem in SWAT was fixed. A possible denial of service caused by memory corruption was fixed. A buffer overflow in sid_parse() was fixed to correctly check the input lengths when reading a binary representation of a Windows Security ID (SID).

A possible buffer overrun in chain_reply code of pre-3.4 versions was addressed. An uninitialized variable read could have caused an smbd crash, which was fixed. Samba now takes extra care that a mount point of mount.cifs isn’t changed during mount.

Updated packages are available from download.opensuse.org.

April 06, 2012 18:49 SuSE: New samba packages fix security vulnerabilities

0

This update of Samba fixes a heap-based buffer overflow that could be exploited by remote, unauthenticated attackers to crash the smbd daemon or potentially execute arbitrary code via specially crafted SMB AndX request packets. Updated packages are available from download.opensuse.org.

April 06, 2012 18:48 SuSE: New flash-player packages fix security vulnerabilities

0

Flash-player 11.1.102.63 fixes two security issues. A memory corruption vulnerability in Matrix3D could lead to code executionn. Integer errors could lead to information disclosure. Updated packages are available from download.opensuse.org.

April 06, 2012 18:40 SuSE: New libvorbis packages fix security vulnerabilities

0

Specially crafted Ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code. Updated packages are available from download.opensuse.org.

April 04, 2012 07:38 SuSE: New puppet packages fix security vulnerabilities

0

This update of puppet fixes two vulnerabilities that could potentially be exploited by local attackers to escalate privileges due to improper privilege dropping and file handling issues (symlink flaws) in puppet. Updated packages are available from download.opensuse.org.

April 02, 2012 08:17 SuSE: New libvorbis packages fix security vulnerabilities

0

Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code. Updated packages are available from download.opensuse.org.

March 28, 2012 06:59 SuSE: New systemd packages fix security vulnerabilities

0

systemd-logind, part of the systemd package, keeps track of user logins and sessions. Upon login it creates dedicated files inside the /run/user/ directory in an insecure manner. This allows local attackers to create symlinks inside arbitrary directories. Further exploitation steps allow local attackers to gain root access. Updated packages are available from download.opensuse.org.

Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit