All articles

August 22, 2012 09:24 Debian: Security update for OpenJDK

0

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. Multiple errors in the CORBA implementation could lead to breakouts of the Java sandbox Missing input sanitising in the font manager could lead to the execution of arbitrary code. The SynthLookAndFeel Swing class could be abused to break out of the Java sandbox.

Several temporary files were created insecurely, resulting in local information disclosure. Certificate revocation lists were incorrectly implemented. Validation errors in the bytecode verifier of the Hotspot VM could lead to breakouts of the Java sandbox.

Missing input sanitising in the XML parser could lead to denial of service through an infinite loop.

Updated packages are available from security.debian.org.

August 22, 2012 09:23 SuSE: Security update for ClamAV

0

This update addresses possible evasion cases in some archive formats and stability issues in portions of the bytecode engine. Updated packages are available from download.opensuse.org.

August 20, 2012 07:35 Ubuntu: Security update for Puppet

0

It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the “Delete” method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. It was discovered that Puppet incorrectly set file permissions on the last_run_report.yaml file. An attacker could use this flaw to access sensitive information.

It was discovered that Puppet incorrectly handled agent certificate names. An attacker could use this flaw to create a specially crafted certificate and trick an administrator into signing a certificate that can then be used to man-in-the-middle agent nodes.

Updated packages are available from security.ubuntu.com.

August 20, 2012 07:34 Ubuntu: Security update for Qt

0

It was discovered that Qt did not properly handle wildcard domain names or IP addresses in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. A heap-based buffer overflow was discovered in the HarfBuzz module. If a user were tricked into opening a crafted font file in a Qt application, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Qt did not properly handle greyscale TIFF images. If a Qt application could be made to process a crafted TIFF file, an attacker could cause a denial of service.

Updated packages are available from security.ubuntu.com.

August 20, 2012 07:32 Ubuntu: Security update for Rhythmbox

0

Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. Updated packages are available from security.ubuntu.com.

August 20, 2012 07:31 Ubuntu: Security update for Nova

0

Dan Prince discovered that the Nova scheduler, when using DifferentHostFilter or SameHostFilter, would make repeated database instance lookup calls based on passed scheduler hints. An authenticated attacker could use this to cause a denial of service. Updated packages are available from security.ubuntu.com.

August 20, 2012 07:29 Ubuntu: Security update for X.Org X server

0

The X.Org X server could be made to crash if a specially crafted input device was added. Updated packages are available from security.ubuntu.com.

August 17, 2012 09:23 Red Hat: Security update for OpenJPEG

0

OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG (such as image_to_j2k), would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

August 17, 2012 09:22 Red Hat: Security update for Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. A flaw was found in the way the key management facility handled replacement session keyrings on process forks. A local, unprivileged user could use this flaw to cause a denial of service.

Updated packages are available from ftp.redhat.com.

August 17, 2012 09:20 Ubuntu: Security update for Pidgin

0

Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service.

Julia Lawall discovered that Pidgin incorrectly cleared memory contents used in cryptographic operations. An attacker could exploit this to read the memory contents, leading to an information disclosure. Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled nickname changes inside chat rooms in the XMPP protocol handler. A remote attacker could exploit this by changing nicknames, leading to a denial of service. Thijs Alkemade discovered that Pidgin incorrectly handled off-line instant messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service.

José Valentín Gutiérrez discovered that Pidgin incorrectly handled SOCKS5 proxy connections during file transfer requests in the XMPP protocol handler. A remote attacker could send a specially crafted request and cause Pidgin to crash, leading to a denial of service. Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Ulf Härnhammar discovered that Pidgin incorrectly handled messages with in-line images in the MXit protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

Updated packages are available from security.ubuntu.com.

August 17, 2012 09:15 Debian: Security update for Pidgin

0

Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution.

Updated packages are available from security.ubuntu.com.

August 17, 2012 09:13 Ubuntu: Security update for tiff

0

It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Updated packages are available from security.ubuntu.com.

August 15, 2012 08:34 Ubuntu: Security update for Nova

0

Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. Pádraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges.

Updated packages are available from security.ubuntu.com.

August 15, 2012 08:33 SuSE: New cobbler packages fix security vulnerabilities

0

This update of cobbler fixes a remote code execution flaw which could have been exploited through cobbler’s XMLRPC API. Updated packages are available from download.opensuse.org.

August 15, 2012 08:32 Red Hat: Updated libtiff packages fix multiple security i...

0

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code.

Updated packages are available from ftp.redhat.com.

August 15, 2012 08:32 Ubuntu: New Libreoffice packages fix security vulnerabili...

0

Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

August 15, 2012 08:30 Ubuntu: New OpenOffice.org packages fix security vulnerab...

0

A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

August 13, 2012 10:55 Debian: Security update for mod_security

0

Qualys Vulnerability & Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where both ‘Content:Disposition: attachment’ and ‘Content-Type: multipart’ were present in HTTP headers, the vulernability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents. Updated packages are available from security.debian.org.

August 13, 2012 10:55 Debian: Security update for Zend Framework

0

An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used. Updated packages are available from security.debian.org.

August 13, 2012 10:54 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

Stephan Mueller reported a flaw in the Linux kernel’s dl2k network driver’s handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel’s hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system priviliges. A flaw was discovered in the Linux kernel’s NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

Updated packages are available from security.ubuntu.com.

August 13, 2012 10:53 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

A flaw was discovered in the Linux kernel’s NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Updated packages are available from security.ubuntu.com.

August 13, 2012 10:52 Ubuntu: New AccountsService packages fix security vulnera...

0

Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions. Updated packages are available from security.ubuntu.com.

August 03, 2012 16:51 Ubuntu: New PyCrypto packages fix security vulnerabilities

0

It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys. Updated packages are available from security.debian.org.

August 03, 2012 16:50 Debian: Security update for libspring-2.5-java

0

It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to access sensitive information using HTTP requests. Updated packages are available from security.debian.org.

August 03, 2012 16:49 Debian: Security update for bcfg2

0

It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges. Updated packages are available from security.debian.org.

August 03, 2012 16:47 Red Hat: Updated php packages fix multiple security issues

0

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack.

A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. It was found that PHP did not check the zend_strndup() function’s return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application.

Updated packages are available from ftp.redhat.com.

August 03, 2012 16:43 Red Hat: Updated php packages fix multiple security issues

0

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack.

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength.

A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. A NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially-crafted input to crash an application that uses tidy::diagnose. It was found that PHP did not check the zend_strndup() function’s return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application.

Updated packages are available from ftp.redhat.com.

August 01, 2012 06:12 Red Hat: Updated php53 packages fix multiple security issues

0

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack.

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength.

A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. It was found that PHP did not check the zend_strndup() function’s return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application.

Updated packages are available from ftp.redhat.com.

August 01, 2012 06:10 Ubuntu: New Network Manager packages fix security vulnera...

0

It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager. Updated packages are available from security.ubuntu.com.

August 01, 2012 06:07 Red Hat: Updated kernel packages fix various security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.

A flaw was found in the way the XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. It was found that the register set (regset) common infrastructure implementation did not check if the required get and set handlers were initialized. A local, unprivileged user could use this flaw to cause a denial of service by performing a register set operation with a ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request.

A race condition was found in the memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system.

Updated packages are available from ftp.redhat.com.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.