All articles

July 18, 2012 05:18 Red Hat: Updated libguestfs packages fix one security issue

0

libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state (and did not preserve the file owner or Security-Enhanced Linux context). If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to. Updated packages are available from ftp.redhat.com.

July 18, 2012 05:14 SuSE: New Linux kernel packages fix security vulnerabilities

0

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system. The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card. The befs_follow_linkl function did not validate the lenght attribute of long symlinsk, which allowed local users to cause a denial of service (incorrect pointer dereference and Ooops) by accessing a long symlink on a malformed Be filesystem.

A memory corruption possibility was fixed in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. A BUG() error report in the nfs4xdr routines on a NFSv4 mount was fixed that could happen during mknod. Also, mounting a corrupted hfs filesystem could lead to a buffer overflow.

Updated packages are available from download.opensuse.org.

July 16, 2012 05:25 Ubuntu: New ClamAV packages fix security vulnerabilities

0

It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Updated packages are available from security.ubuntu.com.

July 16, 2012 05:22 Ubuntu: New PHP packages fix security vulnerabilities

0

It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication.

It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. A remote attacker could possibly use this flaw to bypass authentication. It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server, or to perform a denial of service. Alexander Gavrun discovered that the PHP Phar extension incorrectly handled certain malformed TAR files. A remote attacker could use this flaw to perform a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

July 16, 2012 05:21 Debian: Security update for MySQL

0

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects. Updated packages are available from security.debian.org.

July 16, 2012 05:18 Ubuntu: New Raptor packages fix security vulnerabilities

0

Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user’s system or potentially execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

July 16, 2012 05:16 Red Hat: Updated python packages fix multiple security is...

0

Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers).

A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user’s .pypirc file, which can contain usernames and passwords for code repositories.

Updated packages are available from ftp.redhat.com.

July 13, 2012 08:16 Red Hat: Updated python packages fix multiple security is...

0

Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new “PYTHONHASHSEED” environment variable or the Python interpreter’s “-R” command line option can be used. Refer to the python(1) manual page for details.

A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user’s .pypirc file, which can contain usernames and passwords for code repositories.

Updated packages are available from ftp.redhat.com.

July 13, 2012 08:13 Red Hat: Updated kernel packages fix multiple security is...

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. When a set user ID (setuid) application is executed, certain personality flags for controlling the application’s behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions.

It was found that the data_len parameter of the sock_alloc_send_pskb() function in the networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. A race condition was found in the memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system.

A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. A flaw was found in the Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. A race condition was found in the memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service.

Updated packages are available from ftp.redhat.com.

July 13, 2012 08:12 Ubuntu: New FFmpeg packages fix security vulnerabilities

0

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed NSV files. If a user were tricked into opening a crafted NSV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed MJPEG-B files. If a user were tricked into opening a crafted MJPEG-B file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed DPCM files. If a user were tricked into opening a crafted DPCM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectly handled certain malformed KMVC files. If a user were tricked into opening a crafted KMVC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg incorrectly handled certain malformed H.264 files. If a user were tricked into opening a crafted H.264 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

It was discovered that FFmpeg incorrectly handled certain malformed ADPCM files. If a user were tricked into opening a crafted ADPCM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg incorrectly handled certain malformed Atrac 3 files. If a user were tricked into opening a crafted Atrac 3 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg incorrectly handled certain malformed Shorten files. If a user were tricked into opening a crafted Shorten file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

It was discovered that FFmpeg incorrectly handled certain malformed Vorbis files. If a user were tricked into opening a crafted Vorbis file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Fabian Yamaguchi discovered that FFmpeg incorrectly handled certain malformed VQA files. If a user were tricked into opening a crafted VQA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

July 13, 2012 08:10 Ubuntu: New libav packages fix security vulnerabilities

0

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed NSV files. If a user were tricked into opening a crafted NSV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed Kega Game Video (KGV1) files. If a user were tricked into opening a crafted Kega Game Video (KGV1) file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed MJPEG-B files. If a user were tricked into opening a crafted MJPEG-B file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DPCM files. If a user were tricked into opening a crafted DPCM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed KMVC files. If a user were tricked into opening a crafted KMVC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Jeong Wook Oh discovered that Libav incorrectly handled certain malformed ASF files. If a user were tricked into opening a crafted ASF file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Libav incorrectly handled certain malformed Westwood SNDx files. If a user were tricked into opening a crafted Westwood SNDx file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Diana Elena Muscalu discovered that Libav incorrectly handled certain malformed AAC files. If a user were tricked into opening a crafted AAC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

It was discovered that Libav incorrectly handled certain malformed H.264 files. If a user were tricked into opening a crafted H.264 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Libav incorrectly handled certain malformed ADPCM files. If a user were tricked into opening a crafted ADPCM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Libav incorrectly handled certain malformed Atrac 3 files. If a user were tricked into opening a crafted Atrac 3 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

It was discovered that Libav incorrectly handled certain malformed Shorten files. If a user were tricked into opening a crafted Shorten file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Libav incorrectly handled certain malformed Vorbis files. If a user were tricked into opening a crafted Vorbis file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Fabian Yamaguchi discovered that Libav incorrectly handled certain malformed VQA files. If a user were tricked into opening a crafted VQA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

July 13, 2012 08:08 Debian: Security update for openconnect

0

A buffer overflow was discovered in OpenConnect, a client for the Cisco AnyConnect VPN, which could result in denial of service. Updated packages are available from security.debian.org.

July 11, 2012 05:54 SuSE: New Firefox packages fix security vulnerabilities

0

MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Security researcher James Forshaw found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla’s updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable.

Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy’s (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure.

Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed.

Security researcher Abhishek Arya used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable.

Updated packages are available from download.opensuse.org.

July 11, 2012 05:53 Ubuntu: New APT packages fix security vulnerabilities

0

Georgi Guninski discovered that APT relied on GnuPG argument order and did not check GPG subkeys when validating imported keyrings via apt-key net-update. While it appears that a man-in-the-middle attacker cannot exploit this, as a hardening measure this update adjusts apt-key to validate all subkeys when checking for key collisions. Updated packages are available from security.ubuntu.com.

July 11, 2012 05:51 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

A flaw was discovered in the KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Schacher Raindel discovered a flaw in the memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. Stephan Mueller reported a flaw in the dl2k network driver’s handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service.

Timo Warns reported multiple flaws in the hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system priviliges. Xi Wang discovered a flaw in the i915 graphics driver handling of cliprect on 32 bit systems. An unprivileged local attacker could leverage this flaw to cause a denial of service or potentially gain root privileges. Xi Wang discovered a flaw in the i915 graphics driver handling of buffer_count on 32 bit systems. An unprivileged local attacker could leverage this flaw to cause a denial of service or potentially gain root privileges.

Updated packages are available from security.ubuntu.com.

July 11, 2012 05:50 Red Hat: Updated expat packages fix two security issues

0

Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.

A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted.

Updated packages are available from ftp.redhat.com.

July 11, 2012 05:49 Red Hat: Updated java-1.6.0-openjdk packages fix several ...

0

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.

Multiple flaws were discovered in the font manager’s layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions.

It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files.

Updated packages are available from ftp.redhat.com.

July 09, 2012 10:06 Red Hat: Updated java-1.6.0-openjdk packages fix several ...

0

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.

Multiple flaws were discovered in the font manager’s layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop.

It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files.

Updated packages are available from ftp.redhat.com.

July 09, 2012 10:06 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

Andy Adamson discovered a flaw in the Linux kernel’s NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel’s KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Schacher Raindel discovered a flaw in the Linux kernel’s memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges.

Stephan Mueller reported a flaw in the Linux kernel’s dl2k network driver’s handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel’s hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system priviliges. Xi Wang discovered a flaw in the Linux kernel’s i915 graphics driver handling of cliprect on 32 bit systems. An unprivileged local attacker could leverage this flaw to cause a denial of service or potentially gain root privileges.

Xi Wang discovered a flaw in the Linux kernel’s i915 graphics driver handling of buffer_count on 32 bit systems. An unprivileged local attacker could leverage this flaw to cause a denial of service or potentially gain root privileges.

Updated packages are available from security.ubuntu.com.

July 09, 2012 10:05 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

Schacher Raindel discovered a flaw in the Linux kernel’s memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. Updated packages are available from security.ubuntu.com.

July 09, 2012 10:01 Debian: Security update for asterisk

0

Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit. The IAX2 channel driver allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold (when a certain mohinterpret setting is enabled). The Skinny channel driver allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.

Updated packages are available from security.debian.org.

July 09, 2012 09:59 Red Hat: Updated kernel packages fix two security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.

A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel’s IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash.

Updated packages are available from ftp.redhat.com.

July 06, 2012 10:57 Red Hat: Updated kernel packages fix two security issues

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.

It was found that guests could trigger a bug in earlier AMD CPUs, leading to a CPU hard lockup, when running on the Xen hypervisor implementation. An unprivileged user in a 64-bit para-virtualized guest could use this flaw to crash the host.

Updated packages are available from ftp.redhat.com.

July 06, 2012 10:57 Ubuntu: New MySQL packages fix security vulnerabilities

0

It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. Updated packages are available from security.ubuntu.com.

July 06, 2012 10:56 SuSE: New bind packages fix security vulnerability

0

A remote denial of service in the bind nameserver via zero length rdata fields was fixed. Updated packages are available from download.opensuse.org.

July 06, 2012 10:54 Debian: Security update for php5

0

The Phar extension for PHP does not properly handle crafted tar files, leading to a heap-based buffer overflow. PHP applications processing tar files could crash or, potentially, execute arbitrary code. In addition, this update addresses a regression which caused a crash when accessing a global object that is returned as $this from __get. Updated packages are available from security.debian.org.

July 06, 2012 10:54 Debian: Security update for PostgreSQL

0

Two vulnerabilities were discovered in PostgreSQL, an SQL database server. The crypt(text, text) function in the pgcrypto contrib module did not handle certain passwords correctly, ignoring characters after the first character which does not fall into the ASCII range. SECURITY DEFINER and SET attributes for a call handler of a procedural language could crash the database server.

Updated packages are available from security.debian.org.

July 04, 2012 13:19 Debian: Security update for Iceweasel

0

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code. Abhishek Arya discovered a use-after-free problem when working with column layout with absolute positioning in a container that changes size, which may lead to the execution of arbitrary code. Abhishek Arya discovered a heap buffer overflow in utf16 to latin1 character set conersion, allowing to execute arbitray code. Updated packages are available from security.debian.org.

July 04, 2012 13:18 Debian: Security update for nss

0

Kaspar Brand discovered that Mozilla’s Network Security Services (NSS) library did insufficient length checking in the QuickDER decoder, allowing to crash a program using the library. Updated packages are available from security.debian.org.

July 04, 2012 13:17 Debian: Security update for Iceape

0

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code. Abhishek Arya discovered a use-after-free problem when working with column layout with absolute positioning in a container that changes size, which may lead to the execution of arbitrary code. Abhishek Arya discovered a heap buffer overflow in utf16 to latin1 character set conersion, allowing to execute arbitray code. Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.