All articles

July 04, 2012 13:15 Debian: Security update for OpenOffice.org

0

It was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution. Those vulnerabilities include integer overflows in PNG image handling and integer overflow in operator new invocation and heap-based buffer overflow inside the MS-ODRAW parser. Updated packages are available from security.debian.org.

July 04, 2012 13:14 SuSE: New pidgin-otr packages fix security vulnerabilities

0

A format string flaw in pidgin-otr could have caused a denial of service condition or even potentially allowed attackers to execute arbitrary code. This has been fixed. Updated packages are available from download.opensuse.org.

July 02, 2012 09:42 Red Hat: Updated bind97 packages fix two security issues

0

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.

A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced.

Updated packages are available from ftp.redhat.com.

July 02, 2012 09:41 Red Hat: Updated bind packages fix two security issues

0

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.

A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced.

Updated packages are available from ftp.redhat.com.

July 02, 2012 09:40 Red Hat: An updated thunderbird package fixes multiple se...

0

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS).

If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim’s system. This issue also affected users opening content from Microsoft Windows shares, or Samba shares, that are mounted on their systems.

Updated packages are available from ftp.redhat.com.

July 02, 2012 09:39 Ubuntu: New python-nova packages fix security vulnerabili...

0

It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol (e.g. ‘TCP’) in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions. Updated packages are available from security.ubuntu.com.

July 02, 2012 09:37 Ubuntu: New Firefox packages fix security vulnerabilities

0

Security researchers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla’s WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time.

Adam Barth discovered that certain inline event handlers were not being blocked properly by the Content Security Policy’s (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba share could load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. An attacker could potentially use this vulnerability to show the contents of these linked files or directories in an iframe, resulting in information disclosure.

Arthur Gerkis discovered a use-after-free vulnerability while replacing/inserting a node in a document. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash.

Abhishek Arya discovered two buffer overflow and one use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Updated packages are available from security.ubuntu.com.

June 28, 2012 21:07 Red Hat: Updated firefox packages fix multiple security i...

0

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application’s intended restrictions, if that application relied on CSP to protect against flaws such as cross-site scripting (XSS).

If a web server hosted HTML files that are stored on a Microsoft Windows share, or a Samba share, loading such files with Firefox could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim’s system. This issue also affected users opening HTML files from Microsoft Windows shares, or Samba shares, that are mounted on their systems.

Updated packages are available from ftp.redhat.com.

June 28, 2012 21:06 Debian: Security update for bind9

0

It was discovered that BIND, a DNS server, can crash while processing resource records containing no data bytes. Both authoritative servers and resolvers are affected. Updated packages are available from security.debian.org.

June 28, 2012 21:05 Ubuntu: New bind packages fix security vulnerabilities

0

Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked.

Updated packages are available from security.ubuntu.com.

June 28, 2012 21:04 Ubuntu: New PostgreSQL packages fix security vulnerabilities

0

It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could use this flaw to cause PostgreSQL to crash, leading to a denial of service.

Updated packages are available from security.ubuntu.com.

June 28, 2012 21:02 Red Hat: Updated openoffice.org packages fix multiple sec...

0

OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the JPEG, PNG, and BMP image file reader implementations in OpenOffice.org. An attacker could provide a specially-crafted JPEG, PNG, or BMP image file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

June 27, 2012 06:16 Debian: Security update for IMP

0

Multiple cross-site scripting (XSS) vulnerabilities were discovered in IMP, the webmail component in the Horde framework. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various crafted parameters. Updated packages are available from security.debian.org.

June 27, 2012 06:15 Debian: Security update for libgdata

0

Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn’t validating certificates against trusted system root CAs when using an https connection. Updated packages are available from security.debian.org.

June 27, 2012 06:14 Debian: Security update for arpwatch

0

Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses. Updated packages are available from security.debian.org.

June 27, 2012 06:13 Red Hat: Updated openssl packages that fix one security i...

0

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. Updated packages are available from ftp.redhat.com.

June 27, 2012 06:11 Red Hat: Updated kernel packages fix one security issue

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the data_len parameter of the sock_alloc_send_pskb() function in the networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access. Updated packages are available from ftp.redhat.com.

June 25, 2012 07:32 Debian: Security update for Nut

0

Sebastian Pohle discovered that upsd, the server of Network UPS Tools (NUT) is vulnerable to a remote denial of service attack. Updated packages are available from security.debian.org.

June 25, 2012 07:28 SuSE: New Firefox kernel packages fix security vulnerabil...

0

MozillaFirefox was updated to the 10.0.4 ESR release to fix various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Christian Holler a reported memory safety and security problem affecting Firefox 11. Security researchers reported memory safety problems and crashes that affect Firefox ESR and Firefox 11.

Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. This can leave users vulnerable to cross-site scripting (XSS) attacks on maliciously crafted web pages.

Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Mozilla community member Matias Juntunen discovered an error in WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments from FindMaxUshortElement. This bug causes maximum index to be computed incorrectly within WebGL.drawElements, allowing the reading of illegal video memory. Security researchers Jordi Chancel and Eddy Bordi reported that they could short-circuit page loads to show the address of a different site than what is loaded in the window in the addressbar. Security researcher Chris McGowen independently reported the same flaw, and further demonstrated that this could lead to loading scripts from the attacker’s site, leaving users vulnerable to cross-site scripting (XSS) attacks.

Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server. Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection.

Mozilla community member Ms2ger found an image rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects. This can lead to a crash on a maliciously crafted web page. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution. Mateusz Jurczyk of the Google Security Team discovered an off-by-one error in the OpenType Sanitizer using the Address Sanitizer tool. This can lead to an out-of-bounds read and execution of an uninitialized function pointer during parsing and possible remote code execution. Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks.

Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for phishing attacks where a malicious page can spoof the identify of another seemingly secure site.

Updated packages are available from download.opensuse.org.

June 25, 2012 07:27 Ubuntu: New Nut packages fix security vulnerabilities

0

Sebastian Pohle discovered that Nut did not properly validate its input when receiving data over the network. If upsd was configured to allow connections over the network, a remote attacker could exploit this to cause a denial of service (application crash). Updated packages are available from security.ubuntu.com.

June 25, 2012 07:25 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

Andy Adamson discovered a flaw in the Linux kernel’s NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. A flaw was discovered in the Linux kernel’s KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS.

Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Schacher Raindel discovered a flaw in the Linux kernel’s memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges.

Updated packages are available from security.ubuntu.com.

June 25, 2012 07:22 Debian: Security update for strongSwan

0

An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. Updated packages are available from security.debian.org.

June 21, 2012 12:50 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

A flaw was found in the Linux’s kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Updated packages are available from security.ubuntu.com.

June 21, 2012 12:49 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier.

Updated packages are available from security.ubuntu.com.

June 21, 2012 12:48 Ubuntu: New OpenSSL packages fix security vulnerabilities

0

Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service.

Updated packages are available from security.ubuntu.com.

June 21, 2012 12:46 Debian: Security update for Request Tracker

0

Several vulnerabilities were discovered in Request Tracker, an issue tracking system. Several cross-site scripting issues have been discovered. Password hashes could be disclosed by privileged users. Several cross-site request forgery vulnerabilities have been found.

The code to support variable envelope return paths allowed the execution of arbitrary code. Disabled groups were not fully accounted as disabled. SQL injection vulnerability, only exploitable by privileged users.

Updated packages are available from security.debian.org.

June 21, 2012 12:45 Debian: Security update for libxml2

0

Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code. Updated packages are available from security.debian.org.

June 19, 2012 10:49 Debian: Security update for sudo

0

It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command. Updated packages are available from security.debian.org.

June 19, 2012 10:47 Ubuntu: New Net-SNMP packages fix security vulnerabilities

0

It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service. Updated packages are available from security.ubuntu.com.

June 19, 2012 10:46 Red Hat: An updated Adobe Flash Player package fixes one ...

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. Updated packages are available from ftp.redhat.com.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.