RSS
All articles

October 15, 2012 05:50 Debian: Security update for QEMU

0

Multiple vulnerabilities have been discovered in qemu, a fast processor emulator. The snapshot mode of QEMU (-snapshot) incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks (including arbitrary file overwriting and guest information disclosure) due to a race condition. QEMU does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest with access to the vulnerable virtual console could overwrite memory of QEMU and escalate privileges to that of the qemu process.

Updated packages are available from security.debian.org.

October 15, 2012 05:48 Debian: Security update for xen

0

Multiple denial of service vulnerabilities have been discovered in xen, an hypervisor. It was discovered that set_debugreg allows writes to reserved bits of the DR7 debug control register on amd64 (x86-64) paravirtualised guests, allowing a guest to crash the host. Matthew Daley discovered that XENMEM_populate_physmap, when called with the MEMF_populate_on_demand flag set, a BUG (detection routine) can be triggered if a translating paging mode is not being used, allowing a guest to crash the host.

Updated packages are available from security.debian.org.

October 15, 2012 05:47 Debian: Security update for Xen Qemu

0

Multiple vulnerabilities have been discovered in the Xen Qemu Device Model virtual machine hardware emulator. The device model for HVM domains does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest with access to the vulnerable virtual console could overwrite memory of the device model and escalate privileges to that of the device model process. The qemu monitor was enabled by default, allowing administrators of a guest to access resources of the host, possibly escalate privileges or access resources belonging to another guest.

Updated packages are available from security.debian.org.

October 15, 2012 05:45 Debian: Security update for Qemu

0

Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The snapshot mode of Qemu (-snapshot) incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks (including arbitrary file overwriting and guest information disclosure) due to a race condition. Qemu does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest with access to the vulnerable virtual console could overwrite memory of Qemu and escalate privileges to that of the qemu process.

Updated packages are available from security.debian.org.

October 15, 2012 05:44 Debian: Security update for Beaker

0

It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. Updated packages are available from security.debian.org.

October 15, 2012 05:39 Debian: Security update for Mahara

0

Emanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitization and insufficient encoding of user-supplied data. Updated packages are available from security.debian.org.

October 12, 2012 06:59 Ubuntu: Security update for the Linux kernel

0

Some errors where discovered in the Linux kernel’s UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system.

Updated packages are available from security.ubuntu.com.

October 12, 2012 06:58 Debian: Security update for Zabbix

0

It was discovered that Zabbix, a network monitoring solution, does not properly validate user input used as a part of an SQL query. This may allow unauthenticated attackers to execute arbitrary SQL commands (SQL injection) and possibly escalate privileges.

Updated packages are available from security.debian.org.

October 12, 2012 06:49 Debian: Security update for MoinMoin

0

It was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions (privilege escalation) or lack expected permissions.

Updated packages are available from security.debian.org.

October 12, 2012 06:45 Red Hat: Security update for KVM

0

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.

Updated packages are available from ftp.redhat.com.

October 12, 2012 06:44 Red Hat: Security update for xen

0

The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host.

Updated packages are available from ftp.redhat.com.

October 10, 2012 07:37 Ubuntu: Security update for the Linux kernel

0

Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the Linux kernel’s Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.

Updated packages are available from security.ubuntu.com.

October 10, 2012 07:36 Ubuntu: Security update for the Linux kernel

0

A flaw was found in the Linux kernel’s Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.

Updated packages are available from security.ubuntu.com.

October 10, 2012 07:35 Ubuntu: Security update for OpenJDK

0

It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a remote attacker, in conjunction with other vulnerabilities, to bypass Java sandbox restrictions.

Updated packages are available from security.ubuntu.com.

October 10, 2012 07:34 Ubuntu: Security update for OpenStack Keystone

0

Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users’ tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. Derek Higgins discovered that OpenStack Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that has been disabled or has a changed password.

Updated packages are available from security.ubuntu.com.

October 10, 2012 07:33 Red Hat: Security update for OpenJDK

0

These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.

Updated packages are available from ftp.redhat.com.

October 10, 2012 07:31 Red Hat: Security update for OpenJDK

0

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.

Updated packages are available from ftp.redhat.com.

October 08, 2012 05:33 Debian: Security update for TYPO3

0

Several vulnerabilities were discovered in TYPO3, a content management system. An insecure call to unserialize in the help system enables arbitrary code execution by authenticated users. The TYPO3 backend contains several cross-site scripting vulnerabilities.

Authenticated users who can access the configuration module can obtain the encryption key, allowing them to escalate their privileges. The RemoveXSS HTML sanitizer did not remove several HTML5 JavaScript, thus failing to mitigate the impact of cross-site scripting vulnerabilities.

Updated packages are available from security.debian.org.

October 08, 2012 05:32 Debian: Security update for otrs2

0

It was discovered that otrs2, a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer. This update also improves the HTML security filter to detect tag nesting. Updated packages are available from security.debian.org.

October 08, 2012 05:30 Ubuntu: Security update for Thunderbird

0

Security researchers discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Mariusz Mlynsk discovered that it is possible to shadow the location object using Object.defineProperty. This could potentially result in a cross-site scripting (XSS) attack against plugins. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted E-Mail, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain.

Frédéric Hoguin discovered that bitmap format images with a negative height could potentially result in memory corruption. If the user were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that Thunderbird’s WebGL implementation was vulnerable to multiple memory safety issues. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Arthur Gerkis discovered multiple memory safety issues in Thunderbird’s Scalable Vector Graphics (SVG) implementation. If the user were tricked into opening a specially crafted image, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird.

Christoph Diehl discovered multiple memory safety issues in the bundled Graphite 2 library. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Nicolas Grégoire discovered an out-of-bounds read in the format-number feature of XSLT. This could potentially cause inaccurate formatting of numbers and information leakage. It was discovered that when the DOMParser is used to parse text/html data in a Thunderbird extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and potentially be combined with other attacks to become exploitable.

It was discovered that, in some instances, certain security checks in the location object could be bypassed. This could allow for the loading of restricted content and can potentially be combined with other issues to become exploitable. Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird.

Updated packages are available from security.ubuntu.com.

October 08, 2012 05:29 Debian: Security update for rtfm

0

It was discovered that rtfm, the Request Tracker FAQ Manager, contains multiple cross-site scripting vulnerabilities in the topic administration page. Updated packages are available from security.debian.org.

October 08, 2012 05:25 Ubuntu: Security update for Firefox

0

Security researchers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mariusz Mlynsk discovered that it is possible to shadow the location object using Object.defineProperty. This could potentially result in a cross-site scripting (XSS) attack against plugins. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain.

Mariusz Mlynski discovered an escalation of privilege vulnerability through about:newtab. This could possibly lead to potentially code execution with the privileges of the user invoking Firefox. Frédéric Hoguin discovered that bitmap format images with a negative height could potentially result in memory corruption. If the user were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Firefox’s WebGL implementation was vulnerable to multiple memory safety issues. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Arthur Gerkis discovered multiple memory safety issues in Firefox’s Scalable Vector Graphics (SVG) implementation. If the user were tricked into opening a specially crafted image, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Christoph Diehl discovered multiple memory safety issues in the bundled Graphite 2 library. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Nicolas Grégoire discovered an out-of-bounds read in the format-number feature of XSLT. This could potentially cause inaccurate formatting of numbers and information leakage.

Mark Goodwin discovered that under certain circumstances, Firefox’s developer tools could allow remote debugging even when disabled. It was discovered that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and potentially be combined with other attacks to become exploitable. Mark Poticha discovered that under certain circumstances incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This could potentially be used for phishing attacks.

It was discovered that, in some instances, certain security checks in the location object could be bypassed. This could allow for the loading of restricted content and can potentially be combined with other issues to become exploitable. Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Updated packages are available from security.ubuntu.com.

October 05, 2012 07:02 Red Hat: Security update for Mozilla Firefox

0

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a malicious Scalable Vector Graphics (SVG) image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox.

A flaw was found in the way Firefox decoded embedded bitmap images in Icon Format (ICO) files. A web page containing a malicious ICO file could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way the “eval” command was handled by the Firefox Web Console. Running “eval” in the Web Console while viewing a web page containing malicious content could possibly cause Firefox to execute arbitrary code with the privileges of the user running Firefox. An out-of-bounds memory read flaw was found in the way Firefox used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). A web page containing malicious content could possibly cause an information leak, or cause Firefox to crash.

It was found that the SSL certificate information for a previously visited site could be displayed in the address bar while the main window displayed a new page. This could lead to phishing attacks as attackers could use this flaw to trick users into believing they are viewing a trusted site. A flaw was found in the location object implementation in Firefox. Malicious content could use this flaw to possibly allow restricted content to be loaded.

Updated packages are available from ftp.redhat.com.

October 05, 2012 07:02 Red Hat: Security update for Mozilla Firefox

0

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a malicious Scalable Vector Graphics (SVG) image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox.

A flaw was found in the way Firefox decoded embedded bitmap images in Icon Format (ICO) files. A web page containing a malicious ICO file could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way the “eval” command was handled by the Firefox Web Console. Running “eval” in the Web Console while viewing a web page containing malicious content could possibly cause Firefox to execute arbitrary code with the privileges of the user running Firefox. An out-of-bounds memory read flaw was found in the way Firefox used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). A web page containing malicious content could possibly cause an information leak, or cause Firefox to crash.

It was found that the SSL certificate information for a previously visited site could be displayed in the address bar while the main window displayed a new page. This could lead to phishing attacks as attackers could use this flaw to trick users into believing they are viewing a trusted site. A flaw was found in the location object implementation in Firefox. Malicious content could use this flaw to possibly allow restricted content to be loaded.

Updated packages are available from ftp.redhat.com.

October 05, 2012 07:01 Red Hat: Security update for Mozilla Thunderbird

0

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malicious Scalable Vector Graphics (SVG) image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the way Thunderbird rendered certain images using WebGL. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird.

A flaw was found in the way Thunderbird decoded embedded bitmap images in Icon Format (ICO) files. Content containing a malicious ICO file could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way the “eval” command was handled by the Thunderbird Error Console. Running “eval” in the Error Console while viewing malicious content could possibly cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. An out-of-bounds memory read flaw was found in the way Thunderbird used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). Malicious content could possibly cause an information leak, or cause Thunderbird to crash.

A flaw was found in the location object implementation in Thunderbird. Malicious content could use this flaw to possibly allow restricted content to be loaded.

Updated packages are available from ftp.redhat.com.

October 05, 2012 07:00 Ubuntu: Security update for libGData

0

Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol. Updated packages are available from security.ubuntu.com.

October 05, 2012 06:54 Ubuntu: Security update for libgc

0

It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator (libgc). These could allow an attacker to cause a denial of service or possibly execute arbitrary code. Updated packages are available from security.ubuntu.com.

October 04, 2012 08:52 Red Hat: Security update for Python Paste

0

Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications.

It was discovered that paster did not drop supplementary group privileges when started by the root user. Running “paster serve” as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application.

Updated packages are available from ftp.redhat.com.

October 04, 2012 08:50 Red Hat: Security update for glibc

0

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly.

Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc’s functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code.

Updated packages are available from ftp.redhat.com.

October 04, 2012 08:49 Debian: Security update for PostgreSQL

0

Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. contrib/xml2’s xslt_process() can be used to read and write external files and URLs. xml_parse() fetches external files or URLs to resolve DTD and entity references in XML values. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

Sculptor

A DSL and code generator for Java enterprise applications.

Screenshot

Project Spotlight

Clonezilla

A partition or disk cloning tool similar to Symantec Ghost.