Articles / Security

All articles tagged with Security

September 05, 2012 11:53 Ubuntu: Security update for OpenSSL

0

It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications. Updated packages are available from security.ubuntu.com.

September 05, 2012 11:52 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel’s netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. Updated packages are available from ftp.redhat.com.

September 03, 2012 06:46 Ubuntu: Security update for the Linux kernel

0

An error was discovered in the Linux kernel’s memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Updated packages are available from security.ubuntu.com.

September 03, 2012 06:45 Ubuntu: Security update for libexif

0

Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information.

Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service. Dan Fandrich discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

September 03, 2012 06:44 SuSE: Security update for libexif

0

Various overflows and other security related bugs in libexif were found by the Google Security team and fixed by the libexif developers. Updated packages are available from download.opensuse.org.

September 03, 2012 06:42 Red Hat: Security update for Pidgin

0

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message.

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially-crafted emoticon tags.

Updated packages are available from ftp.redhat.com.

September 03, 2012 06:42 Debian: Security update for FreeBSD

0

Rafal Wojtczuk from Bromium discovered that FreeBSD wasn’t handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users. Updated packages are available from security.debian.org.

August 31, 2012 06:06 Debian: Security update for NSD

0

Marek Vavruša and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. his can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks. Updated packages are available from security.debian.org.

August 31, 2012 06:05 Ubuntu: Security update for TIFF

0

Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Updated packages are available from security.ubuntu.com.

August 31, 2012 06:04 Ubuntu: Security update for KDE PIM

0

It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened. Updated packages are available from security.ubuntu.com.

August 31, 2012 06:03 SuSE: Security update for pidgin, finch and libpurple

0

This update of pidgin fixes a stack-based buffer overflow in the MXit protocol which could have potentially been exploited by remote attackers to execute arbitrary code in the context of the user running pidgin. Updated packages are available from download.opensuse.org.

August 31, 2012 06:01 Red Hat: Security update for glibc

0

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc’s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

Updated packages are available from ftp.redhat.com.

August 29, 2012 07:01 Red Hat: Security update for glibc

0

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

Updated packages are available from ftp.redhat.com.

August 29, 2012 07:00 SuSE: Security update for XEN

0

This update of XEN fixed multiple security flaws that could be exploited by local attackers to cause a Denial of Service or potentially escalate privileges. Updated packages are available from download.opensuse.org.

August 29, 2012 06:59 Ubuntu: Security update for Thunderbird

0

Security researchers discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Mariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks.

Mario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution in the HTML feed view. Arthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Bobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Thunderbird.

Tony Payne discovered an out-of-bounds memory read in Mozilla’s color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash. Frédéric Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks. Bill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird.

Karthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user’s OAuth 2.0 access tokens and OpenID credentials. It was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Thunderbird.

August 29, 2012 06:57 Ubuntu: Security update for Firefox

0

Security researchers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Abhishek Arya discovered four memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Mariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. Mario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution in the HTML feed view. Arthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Bobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. Tony Payne discovered an out-of-bounds memory read in Mozilla’s color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash. Frédéric Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks.

Bill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Karthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user’s OAuth 2.0 access tokens and OpenID credentials. Matt McCutchen discovered a clickjacking vulnerability in the certificate warning page. A remote attacker could trick a user into accepting a malicious certificate via a crafted certificate warning page.

Mario Gomes and Soroush Dalili discovered that javascript was not filtered out of feed URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. A vulnerability was discovered in the context menu of data: URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Firefox.

Updated packages are available from ftp.redhat.com.

August 29, 2012 06:56 Red Hat: Security update for Network Security Services

0

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 (Abstract Syntax Notation One) decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP (Online Certificate Status Protocol) response.

It was found that a Certificate Authority (CA) issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted.

Updated packages are available from ftp.redhat.com.

August 27, 2012 11:42 Red Hat: Security update for Mozilla Thunderbird

0

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges. A flaw in the way Thunderbird called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing trusted content.

A flaw in a parser utility class used by Thunderbird to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Thunderbird. This issue could have affected other Thunderbird components or add-ons that assume the class returns sanitized input. A flaw in the way Thunderbird handled X-Frame-Options headers could allow malicious content to perform a clickjacking attack. A flaw in the way Content Security Policy (CSP) reports were generated by Thunderbird could allow malicious content to steal a victim’s OAuth 2.0 access tokens and OpenID credentials.

A flaw in the way Thunderbird handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted.

Updated packages are available from ftp.redhat.com.

August 27, 2012 11:41 Red Hat: Security update for Network Security Services

0

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 (Abstract Syntax Notation One) decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP (Online Certificate Status Protocol) response.

Updated packages are available from ftp.redhat.com.

August 27, 2012 11:40 Red Hat: Security update for Mozilla Firefox

0

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges. A flaw in the context menu functionality in Firefox could allow a malicious website to bypass intended restrictions and allow a cross-site scripting attack.

A page different to that in the address bar could be displayed when dragging and dropping to the address bar, possibly making it easier for a malicious site or user to perform a phishing attack. A flaw in the way Firefox called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. A flaw in a parser utility class used by Firefox to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Firefox. This issue could have affected other browser components or add-ons that assume the class returns sanitized input.

A flaw in the way Firefox handled X-Frame-Options headers could allow a malicious website to perform a clickjacking attack. A flaw in the way Content Security Policy (CSP) reports were generated by Firefox could allow a malicious web page to steal a victim’s OAuth 2.0 access tokens and OpenID credentials. A flaw in the way Firefox handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted.

A flaw in the way Firefox handled feed:javascript URLs could allow output filtering to be bypassed, possibly leading to a cross-site scripting attack.

Updated packages are available from ftp.redhat.com.

August 27, 2012 11:38 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the data_len parameter of the sock_alloc_send_pskb() function in the networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

Updated packages are available from ftp.redhat.com.

August 27, 2012 11:36 Debian: Security update for Iceweasel

0

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications. Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to the execution of arbitrary code. Mario Gomes and Code Audit Labs discovered that it is possible to force iceweasel to display the URL of the previous entered site through drag and drop actions to the address bar. This can be abused to perform phishing attacks.

Abhishek Arya discovered a use-after-free problem in nsDocument::AdoptNode that may lead to the execution of arbitrary code. moz_bug_r_a4 discovered that it is possible to perform cross-site scripting attacks through the context menu when using data: URLs. moz_bug_r_a4 discovered that in certain cases, javascript: URLs can be executed so that scripts can escape the JavaScript sandbox and run with elevated privileges.

Updated packages are available from security.debian.org.

August 24, 2012 08:00 Debian: Security update for Iceape

0

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to the execution of arbitrary code. Abhishek Arya discovered a use-after-free problem in nsDocument::AdoptNode that may lead to the execution of arbitrary code. moz_bug_r_a4 discovered that in certain cases, javascript:: URLs can be executed so that scripts can escape the JavaScript sandbox and run with elevated privileges. This can lead to arbitrary code execution.

Updated packages are available from security.debian.org.

August 24, 2012 07:59 Red Hat: Security update for sudo

0

The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications.

Updated packages are available from ftp.redhat.com.

August 24, 2012 07:59 Ubuntu: Security update for Linux kernel

0

A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. An error was found in the Linux kernel’s IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded.

Updated packages are available from security.ubuntu.com.

August 24, 2012 07:57 SuSE: Security update for bind

0

An update to bind fixes one vulnerability. Records with zero length rdata field could have crashed named or disclose portions of memory to clients. Updated packages are available from download.opensuse.org.

August 24, 2012 07:55 Ubuntu: Security update for OpenJDK

0

It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that multiple flaws existed in the OpenJDK font manager’s layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. It was discovered that the SynthLookAndFeel class from Swing in OpenJDK did not properly prevent access to certain UI elements from outside the current application context. An attacker could create a Java application or applet that used this flaw to cause a denial of service through crashing the JVM or bypass Java sandbox restrictions.

It was discovered that OpenJDK runtime library classes could create temporary files with insecure permissions. A local attacker could use this to gain access to sensitive information. It was discovered that OpenJDK did not handle CRLs (Certificate Revocation Lists) properly. A remote attacker could use this to gain access to sensitive information. It was discovered that the OpenJDK HotSpot Virtual Machine did not properly verify the bytecode of the class to be executed. A remote attacker could create a Java application or applet that used this to cause a denial of service through crashing the JVM or bypass Java sandbox restrictions.

It was discovered that the OpenJDK XML (Extensible Markup Language) parser did not properly handle some XML documents. An attacker could create an XML document that caused a denial of service in a Java application or applet parsing the document.

Updated packages are available from security.ubuntu.com.

August 22, 2012 09:28 Debian: Security update for eXtplorer

0

John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited for example, to create an administrative user account by tricking an logged administrator to visiting an attacker-defined web link.

Updated packages are available from security.debian.org.

August 22, 2012 09:27 Debian: Security update for Mono

0

Marcus Meissner discovered that the web server included in Mono performed insufficient sanitising of requests, resulting in cross-site scripting. Updated packages are available from security.debian.org.

August 22, 2012 09:25 Debian: Security update for Puppet

0

Several security vulnerabilities have been found in Puppet, a centralized configuration management. Authenticated clients could read arbitrary files on the puppet master. Authenticated clients could delete arbitrary files on the puppet master. The report of the most recent Puppet run was stored with world- readable permissions, resulting in information disclosure. Agent hostnames were insufficiently validated.

Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.