All articles

February 20, 2013 09:09 Red Hat: Security update for OpenJDK 6

0

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.

A flaw was found in the AWT component’s clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. Multiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.

It was discovered that the RMI component’s CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack.

Updated packages are available from ftp.redhat.com.

February 20, 2013 09:07 Red Hat: Security update for flash-plugin

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-04, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.

Updated packages are available from ftp.redhat.com.

February 20, 2013 09:06 Debian: Security update for IRCD-Hybrid

0

Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an Internet Relay Chat server. A remote attacker may use an error in the masks validation and crash the server.

Updated packages are available from security.debian.org.

February 20, 2013 09:05 Red Hat: Security update for xen

0

The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged guest user in a para-virtualized guest (a DomU) could create a crafted kernel or ramdisk image that, when attempting to use it during guest start, could result in an out-of-memory condition in the privileged domain (the Dom0).

Updated packages are available from ftp.redhat.com.

February 20, 2013 09:03 Ubuntu: Security update for Keystone

0

Dan Prince discovered that Keystone did not properly perform input validation when handling certain error conditions. An unauthenticated user could exploit this to cause a denial of service in Keystone API servers via disk space exhaustion.

Updated packages are available from security.ubuntu.com.

February 18, 2013 18:15 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The “grep –color xsave /proc/cpuinfo” command can be used to verify if your system has the XSAVE CPU feature.)

A memory disclosure flaw was found in the way the load_script() function in the binfmt_script binary format handler handled excessive recursions. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space by executing specially-crafted scripts.

Updated packages are available from ftp.redhat.com.

February 18, 2013 18:14 Ubuntu: Security update for QXL

0

It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service.

Updated packages are available from security.ubuntu.com.

February 18, 2013 18:13 Debian: Security update for nagios3

0

A buffer overflow problem has been found in nagios3, a host/service/network monitoring and management system. A mailicious client could craft a request to history.cgi and cause application crashes.

Updated packages are available from security.debian.org.

February 18, 2013 18:11 Debian: Security update for Samba

0

Jann Horn had reported two vulnerabilities in Samba, a popular cross-platform network file and printer sharing suite. In particular, these vulnerabilities affect to SWAT, the Samba Web Administration Tool. An attacker can integrate a SWAT page into a malicious web page via a frame or iframe and then overlaid by other content. If an authenticated valid user interacts with this malicious web page, she might perform unintended changes in the Samba settings. An attacker can persuade a valid SWAT user, who is logged in, to click in a malicious link and trigger arbitrary unintended changes in the Samba settings.

Updated packages are available from security.debian.org.

February 18, 2013 17:41 Debian: Security update for libupnp4

0

Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp4 could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution.

Updated packages are available from security.debian.org.

February 15, 2013 16:14 Debian: Security update for libupnp4

0

Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp4 could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution.

February 15, 2013 16:11 Debian: Security update for libupnp

0

Multiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution.

Updated packages are available from security.debian.org.

February 15, 2013 16:09 Red Hat: Security update for MySQL

0

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.

Updated packages are available from ftp.redhat.com.

February 15, 2013 16:01 Red Hat: Security update for libxml2

0

These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash.

Updated packages are available from ftp.redhat.com.

February 15, 2013 14:01 Red Hat: Security update for X11 video driver

0

The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. A flaw was found in the way the host’s qemu-kvm qxl driver and the guest’s X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to “1” in the guest), crash the guest.

Updated packages are available from ftp.redhat.com.

February 13, 2013 08:19 Red Hat: Security update for FreeType

0

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

February 13, 2013 08:18 Red Hat: Security update for ABRT

0

ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root.

Updated packages are available from ftp.redhat.com.

February 13, 2013 08:16 Red Hat: Security update for NSS

0

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a Certificate Authority (CA) mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing.

Updated packages are available from ftp.redhat.com.

February 13, 2013 08:14 Ubuntu: Security update for squid

0

It was discovered that squid’s cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack.

Updated packages are available from security.ubuntu.com.

February 11, 2013 10:45 Ubuntu: Security update for Inkscape

0

It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. It was discovered that Inkscape attempted to open certain files from the /tmp directory instead of the current directory. A local attacker could trick a user into opening a different file than the one that was intended.

Updated packages are available from security.ubuntu.com.

February 11, 2013 10:43 Debian: Security update for Ruby on Rails

0

Lawrence Pit discovered that Ruby on Rails, a web development framenwork, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML.

Updated packages are available from security.debian.org.

February 11, 2013 10:41 Ubuntu: Security update for Glance

0

Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator’s Swift credentials for a misconfigured or otherwise unusable Swift endpoint.

Updated packages are available from security.ubuntu.com.

February 11, 2013 10:40 Ubuntu: Security update for nova

0

Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes.

Updated packages are available from security.ubuntu.com.

February 11, 2013 10:39 Ubuntu: Security update for libvirt

0

Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

February 08, 2013 10:18 Red Hat: Security update for libvirt

0

The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user.

Updated packages are available from ftp.redhat.com.

February 08, 2013 10:17 Ubuntu: Security update for libssh

0

Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service.

Updated packages are available from security.ubuntu.com.

February 08, 2013 10:15 Ubuntu: Security update for Libav

0

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

February 08, 2013 10:13 Ubuntu: Security update for FFmpeg

0

It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

February 08, 2013 10:12 Debian: Security update for ircd-ratbox

0

It was discovered that a bug in the server capability negotiation code of ircd-ratbox could result in denial of service. Updated packages are available from security.debian.org.

February 06, 2013 08:50 Red Hat: Security update for ipa

0

Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server’s Certificate Authority (CA) certificate to the client during a join, the IPA client enrollment process was susceptible to man-in-the-middle attacks. This flaw could allow an attacker to obtain access to the IPA server using the credentials provided by an IPA client, including administrative access to the entire domain if the join was performed using an administrator’s credentials.

Updated packages are available from ftp.redhat.com.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.