All articles

January 11, 2013 17:04 Ubuntu: Security update for FFmpeg

0

It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

January 11, 2013 17:03 Ubuntu: Security update for the Linux kernel

0

A flaw was discovered in the Linux kernel’s handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.

Updated packages are available from security.ubuntu.com.

January 09, 2013 07:00 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity).

Updated packages are available from ftp.redhat.com.

January 09, 2013 06:58 Red Hat: Security update for libtiff

0

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.

A heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. A missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code.

Updated packages are available from ftp.redhat.com.

January 09, 2013 06:56 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to “illinois”), a local, unprivileged user could trigger this flaw and cause a denial of service. A NULL pointer dereference flaw was found in the way a new node’s hot added memory was propagated to other nodes’ zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service.

A flaw was found in the way the Linux kernel’s IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system.

Updated packages are available from ftp.redhat.com.

January 09, 2013 06:55 Ubuntu: Security update for apport

0

Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.

Updated packages are available from security.ubuntu.com.

January 09, 2013 06:52 Ubuntu: Security update for bogofilter

0

Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

January 07, 2013 07:46 Ubuntu: Security update for Aptdaemon

0

It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.

Updated packages are available from security.ubuntu.com.

January 07, 2013 07:45 Debian: Security update for tiff

0

The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code.

Updated packages are available from security.debian.org.

January 07, 2013 07:44 Debian: Security update for Icedove

0

Multiple vulnerabilities have been found in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. The evalInSandbox implementation uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. The HZ-GB-2312 character-set implementation does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

Use-after-free vulnerability in the gfxFont::GetFontEntry function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. Multiple unspecified vulnerabilities in the browser engine could allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code.

Updated packages are available from security.debian.org.

January 07, 2013 07:43 Ubuntu: Security update for Nova

0

Eric Windisch discovered that Nova did not properly clear LVM-backed images before they were reallocated which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances.

Updated packages are available from security.ubuntu.com.

January 07, 2013 07:42 Ubuntu: Security update for APT

0

It was discovered that APT set inappropriate permissions on the term.log file. A local attacker could use this flaw to possibly obtain sensitive information. Updated packages are available from security.ubuntu.com.

January 04, 2013 07:50 Debian: Security update for libcgi-pm-perl

0

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.

Updated packages are available from security.debian.org.

January 04, 2013 07:48 Debian: Security update for Perl

0

Two vulnerabilities were discovered in the implementation of the Perl programming language. The x operator could cause the Perl interpreter to crash if very long strings were created. The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers.

Updated packages are available from security.debian.org.

January 04, 2013 07:48 Debian: Security update for bogofilter

0

A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution.

Updated packages are available from security.debian.org.

January 04, 2013 07:47 Ubuntu: Security update for the Linux kernel

0

Zhang Zuotao discovered a bug in the Linux kernel’s handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.

Updated packages are available from security.ubuntu.com.

January 04, 2013 07:46 Ubuntu: Security update for the Linux kernel

0

Zhang Zuotao discovered a bug in the Linux kernel’s handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.

Updated packages are available from security.ubuntu.com.

January 02, 2013 07:56 Ubuntu: Security update for MySQL

0

It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

January 02, 2013 07:55 Ubuntu: Security update for GIMP

0

It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.

Updated packages are available from security.ubuntu.com.

January 02, 2013 07:54 Debian: Security update for Iceweasel

0

Multiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox. Heap-based buffer overflow in the nsWindow::OnExposeEvent function could allow remote attackers to execute arbitrary code. Multiple unspecified vulnerabilities in the browser engine could allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code.

The HZ-GB-2312 character-set implementation does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. The evalInSandbox implementation uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. Use-after-free vulnerability in the gfxFont::GetFontEntry function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Updated packages are available from security.debian.org.

January 02, 2013 07:51 Debian: Security update for xen

0

Multiple denial of service vulnerabilities have been discovered in the xen hypervisor. One of the issue could even lead to privilege escalation from guest to host. A VM that controls a PCIE device directly can cause it to issue DMA requests to invalid addresses. Although these requests are denied by the I/OMMU, the hypervisor needs to handle the interrupt and clear the error from the I/OMMU, and this can be used to live-lock a CPU and potentially hang the host. A guest which sets a VCPU with an inappropriate deadline can cause an infinite loop in Xen, blocking the affected physical CPU indefinitely.

When set_p2m_entry fails, Xen’s internal data structures (the p2m and m2p tables) can get out of sync. This failure can be triggered by unusual guest behaviour exhausting the memory reserved for the p2m table. If it happens, subsequent guest-invoked memory operations can cause Xen to fail an assertion and crash. The HVMOP_pagetable_dying hypercall does not correctly check the caller’s pagetable state, leading to a hypervisor crash. Due to inappropriate duplicate use of the same loop control variable, passing bad arguments to GNTTABOP_get_status_frames can cause an infinite loop in the compat hypercall handler.

Downgrading the grant table version of a guest involves freeing its status pages. This freeing was incomplete - the page(s) are freed back to the allocator, but not removed from the domain’s tracking list. This would cause list corruption, eventually leading to a hypervisor crash. The handler for XENMEM_exchange accesses guest memory without range checking the guest provided addresses, thus allowing these accesses to include the hypervisor reserved range. guest_physmap_mark_populate_on_demand(), before carrying out its actual operation, checks that the subject GFNs are not in use. If that check fails, the code prints a message and bypasses the gfn_unlock() matching the gfn_lock() carried out before entering the loop.

Allowing arbitrary extent_order input values for XENMEM_decrease_reservation, XENMEM_populate_physmap, and XENMEM_exchange can cause arbitrarily long time being spent in loops without allowing vital other code to get a chance to execute. This may also cause inconsistent state resulting at the completion of these hypercalls.

Updated packages are available from security.debian.org.

January 02, 2013 07:50 Red Hat: Security update for MySQL

0

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon.

Updated packages are available from ftp.redhat.com.

December 27, 2012 17:26 Red Hat: Security update for BIND

0

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. A flaw was found in the DNS64 implementation in BIND. If a remote attacker sent a specially-crafted query to a named server, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default.

Updated packages are available from ftp.redhat.com.

December 27, 2012 17:25 Ubuntu: Security update for Bind

0

It was discovered that Bind incorrectly handled certain crafted queries when DNS64 was enabled. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

Updated packages are available from security.ubuntu.com.

December 27, 2012 17:24 Ubuntu: Security update for libxml2

0

It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

December 27, 2012 17:23 Ubuntu: Security update for LibTIFF

0

It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Updated packages are available from security.ubuntu.com.

December 27, 2012 17:22 Ubuntu: Security update for CUPS

0

It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.

Updated packages are available from security.ubuntu.com.

December 21, 2012 07:46 Red Hat: Security update for Linux kernel

0

These packages contain the Linux kernel. A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction (such as losing network connectivity).

Updated packages are available from ftp.redhat.com.

December 21, 2012 07:44 Red Hat: Security update for Linux kernel

0

These packages contain the Linux kernel. A race condition in the way asynchronous I/O and fallocate() interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. A flaw in the way the Xen hypervisor implementation range checked guest provided addresses in the XENMEM_exchange hypercall could allow a malicious, para-virtualized guest administrator to crash the hypervisor or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.

A flaw in the Reliable Datagram Sockets (RDS) protocol implementation could allow a local, unprivileged user to cause a denial of service. A race condition in the way access to inet->opt ip_options was synchronized in the TCP/IP protocol suite implementation. Depending on the network facing applications running on the system, a remote attacker could possibly trigger this flaw to cause a denial of service. A local, unprivileged user could use this flaw to cause a denial of service regardless of the applications the system runs. The Xen hypervisor implementation did not properly restrict the period values used to initialize per VCPU periodic timers. A privileged guest user could cause an infinite loop on the physical CPU. If the watchdog were enabled, it would detect said loop and panic the host system.

A flaw in the way the Xen hypervisor implementation handled set_p2m_entry() error conditions could allow a privileged, fully-virtualized guest user to crash the hypervisor.

Updated packages are available from ftp.redhat.com.

December 21, 2012 07:43 Debian: Security update for MySQL

0

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects.

Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.