All articles

October 29, 2012 08:14 Red Hat: Security update for Apache Qpid

0

Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol (AMQP) in several common programming languages. It was discovered that the Qpid daemon (qpidd) did not allow the number of connections from clients to be restricted. A malicious client could use this flaw to open an excessive amount of connections, preventing other legitimate clients from establishing a connection to qpidd.

Updated packages are available from ftp.redhat.com.

October 29, 2012 08:13 Ubuntu: Security update for the Linux kernel

0

Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. A flaw was discovered in the madvise feature of the Linux kernel’s memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system).

Updated packages are available from security.ubuntu.com.

October 29, 2012 08:12 Red Hat: Security update for libxml2

0

The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

October 29, 2012 08:08 Debian: Security update for Asterisk

0

Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.

Updated packages are available from security.debian.org.

October 26, 2012 15:02 Ubuntu: Security update for ISC DHCP server

0

Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by using environment variables. This update mitigates the issue by sanitizing certain variables in the DHCP shell scripts.

Updated packages are available from security.ubuntu.com.

October 26, 2012 15:00 Red Hat: Security update for spice-gtk

0

The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl-helper, did not clear the environment variables read by the libraries it uses. A local attacker could possibly use this flaw to escalate their privileges by setting specific environment variables before running the helper application.

Updated packages are available from ftp.redhat.com.

October 26, 2012 14:59 Red Hat: Security update for OpenJPEG

0

OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code.

Updated packages are available from ftp.redhat.com.

October 26, 2012 14:59 Ubuntu: Security update for GnuPG

0

It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id.

Updated packages are available from security.ubuntu.com.

October 26, 2012 14:55 Ubuntu: Security update for PHP

0

It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. It was discovered that PHP incorrectly parsed certain PDO prepared statements. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service.

Updated packages are available from security.ubuntu.com.

October 24, 2012 07:38 Debian: Security update for devscripts

0

Multiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier. Raphael Geissert discovered that dscverify does not perform sufficient validation and does not properly escape arguments to external commands, allowing a remote attacker (as when dscverify is used by dget) to execute arbitrary code. Raphael Geissert discovered that dget allows an attacker to delete arbitrary files when processing a specially-crafted .dsc or .changes file, due to insuficient input validation.

Raphael Geissert discovered that dget does not properly escape arguments to external commands when processing .dsc and .changes files, allowing an attacker to execute arbitrary code. Jim Meyering, Red Hat, discovered that annotate-output determines the name of temporary named pipes in a way that allows a local attacker to make it abort, leading to denial of service.

Updated packages are available from security.debian.org.

October 24, 2012 07:38 Ubuntu: Security update for the Linux kernel

0

Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel.

Updated packages are available from security.ubuntu.com.

October 24, 2012 07:34 Ubuntu: Security update for the Linux kernel

0

A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic). Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel.

A flaw was discovered in the madvise feature of the Linux kernel’s memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system).

Updated packages are available from security.ubuntu.com.

October 24, 2012 07:34 Red Hat: Security update for BIND

0

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.

Updated packages are available from ftp.redhat.com.

October 24, 2012 07:33 Red Hat: Security update for BIND

0

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.

Updated packages are available from ftp.redhat.com.

October 22, 2012 21:24 Debian: Security update for Tor

0

Several vulnerabilities have been discovered in Tor, an online privacy tool. Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote, resulting in denial of service. Try to leak less information about what relays a client is choosing to a side-channel attacker. By providing specially crafted date strings to a victim tor instance, an attacker can cause it to run into an assertion and shut down

Updated packages are available from security.debian.org.

October 22, 2012 21:20 Red Hat: Security update for libxslt

0

libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections.

Updated packages are available from ftp.redhat.com.

October 22, 2012 21:19 Red Hat: Security update for PostgreSQL

0

PostgreSQL is an advanced object-relational database management system (DBMS). It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database’s configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query.

Updated packages are available from ftp.redhat.com.

October 22, 2012 21:18 Red Hat: Security update for PostgreSQL

0

PostgreSQL is an advanced object-relational database management system (DBMS). It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database’s configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query.

It was found that the “xml” data type allowed local files and remote URLs to be read with the privileges of the database server to resolve DTD and entity references in the provided XML. An unprivileged database user could use this flaw to read local files they would otherwise not have access to by issuing a specially-crafted SQL query. Note that the full contents of the files were not returned, but portions could be displayed to the user via error messages.

Updated packages are available from ftp.redhat.com.

October 22, 2012 21:17 Red Hat: Security update for D-Bus

0

D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus).

Updated packages are available from ftp.redhat.com.

October 22, 2012 21:13 Ubuntu: Security update for Bind

0

It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

October 19, 2012 11:27 Ubuntu: Security update for Horizon

0

Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.

Updated packages are available from security.ubuntu.com.

October 19, 2012 11:25 Ubuntu: Security update for Keystone

0

Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.

Updated packages are available from security.ubuntu.com.

October 19, 2012 11:21 Red Hat: Security update for Quagga

0

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system.

A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router.

Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message.

Updated packages are available from ftp.redhat.com.

October 19, 2012 11:20 Red Hat: Security update for Quagga

0

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

A NULL pointer dereference flaw was found in the way the bgpd daemon processed malformed route Extended Communities attributes. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system.

A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort.

A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router.

Updated packages are available from ftp.redhat.com.

October 19, 2012 11:18 Debian: Security update for BIND

0

It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. Updated packages are available from security.debian.org.

October 17, 2012 19:47 Red Hat: Security update for libexif

0

The libexif packages provide an Exchangeable image file format (Exif) library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

October 17, 2012 19:40 Red Hat: Security update for Ghostscript

0

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript’s International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript.

Updated packages are available from ftp.redhat.com.

October 17, 2012 19:38 Debian: Security update for freeradius

0

Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.

Updated packages are available from security.debian.org.

October 17, 2012 19:37 Ubuntu: Security update for GIMP

0

Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges. Matthias Weckbecker discovered that GIMP incorrectly handled malformed GIF image files. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.

Updated packages are available from security.ubuntu.com.

October 17, 2012 19:36 Ubuntu: Security update for Django

0

It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that Django incorrectly handled validating certain images. A remote attacker could use this flaw to cause the server to consume memory, leading to a denial of service. Jeroen Dekkers discovered that Django incorrectly handled certain image dimensions. A remote attacker could use this flaw to cause the server to consume resources, leading to a denial of service.

Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.