RSS
All articles

December 21, 2012 07:40 Debian: Security update for libxml

0

Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. Updated packages are available from security.debian.org.

December 21, 2012 07:39 Debian: Security update for Apache

0

A vulnerability has been found in the Apache HTTPD Server. A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.

Updated packages are available from security.debian.org.

December 19, 2012 19:49 Ubuntu: Security update for Linux kernel

0

Brad Spengler discovered a flaw in the Linux kernel’s uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel’s TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

Updated packages are available from security.ubuntu.com.

December 19, 2012 19:47 Ubuntu: Security update for Perl

0

It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the ‘new’ constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. It was discovered that Perl’s ‘x’ string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code.

Ryo Anazawa discovered that the CGI.pm module does not properly escape newlines in Set-Cookie or P3P (Platform for Privacy Preferences Project) headers. An attacker could use this to inject arbitrary headers into responses from applications that use CGI.pm.

Updated packages are available from security.ubuntu.com.

December 19, 2012 19:46 Ubuntu: Security update for Lynx

0

Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. It was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a “man in the middle” (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the FORCE_SSL_PROMPT option in lynx.cfg.

Updated packages are available from security.ubuntu.com.

December 19, 2012 19:45 Red Hat: Security update for libxml2

0

The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Updated packages are available from ftp.redhat.com.

December 19, 2012 19:43 Ubuntu: Security update for Keystone

0

Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner’s expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password.

Updated packages are available from security.ubuntu.com.

December 17, 2012 17:37 Debian: Security update for rssh

0

James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Updated packages are available from security.debian.org.

December 17, 2012 17:36 Ubuntu: Security update for libssh

0

Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

December 17, 2012 17:35 Debian: Security update for TPM

0

Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault.

Updated packages are available from security.debian.org.

December 17, 2012 17:35 Ubuntu: Security update for unity-firefox-extension

0

It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

December 17, 2012 17:32 Ubuntu: Security update for Firefox

0

Security researchers discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. It was discovered that the evalInSandbox function’s JavaScript sandbox context could be circumvented. An attacker could exploit this to perform a cross-site scripting (XSS) attack or steal a copy of a local file if the user has installed an add-on vulnerable to this attack. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

Jonathan Stephens discovered that combining vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text could cause Firefox to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service via application crash or execute arbitrary code with the privliges of the user invoking the program. It was discovered that if a javascript: URL is selected from the list of Firefox “new tab” page, the script will inherit the privileges of the privileged “new tab” page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL. Scott Bell discovered a memory corruption issue in the JavaScript engine. If a user were tricked into opening a malicious website, an attacker could exploit this to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program.

Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. Peter Van der Beken discovered XrayWrapper implementation in Firefox does not consider the compartment during property filtering. An attacker could use this to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. Bobby Holley discovered that cross-origin wrappers were allowing write actions on objects when only read actions should have been properly allowed. This can lead to cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

Masato Kinugawa discovered that when HZ-GB-2312 charset encoding is used for text, the ”~” character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit these to modify the contents, or steal confidential data, within the same domain. Mariusz Mlynski discovered that the location property can be accessed by binary plugins through top.location with a frame whose name attribute’s value is set to “top”. This can allow for possible cross-site scripting (XSS) attacks through plugins. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Mariusz Mlynski discovered that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. If a user were tricked into opening a malicious web page, an attacker could execute arbitrary code with the privliges of the user invoking the program.

Abhishek Arya discovered multiple use-after-free and buffer overflow issues in Firefox. If a user were tricked into opening a malicious page, an attacker could exploit these to execute arbitrary code as the user invoking the program. Several memory corruption flaws were discovered in Firefox. If a user were tricked into opening a malicious page, an attacker could exploit these to execute arbitrary code as the user invoking the program.

Updated packages are available from security.ubuntu.com.

December 14, 2012 07:44 Ubuntu: Security update for Thunderbird

0

Security researchers discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird.

It was discovered that the evalInSandbox function’s JavaScript sandbox context could be circumvented. An attacker could exploit this to perform a cross-site scripting (XSS) attack or steal a copy of a local file if the user has installed an add-on vulnerable to this attack. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page and had JavaScript enabled, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Jonathan Stephens discovered that combining vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text could cause Thunderbird to crash. If a user were tricked into opening a malicious E-Mail, an attacker could cause a denial of service via application crash or execute arbitrary code with the privliges of the user invoking the program.

Scott Bell discovered a memory corruption issue in the JavaScript engine. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit this to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. Peter Van der Beken discovered XrayWrapper implementation in Firefox does not consider the compartment during property filtering. If JavaScript were enabled, an attacker could use this to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.

Bobby Holley discovered that cross-origin wrappers were allowing write actions on objects when only read actions should have been properly allowed. This can lead to cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page and had JavaScript enabled, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Masato Kinugawa discovered that when HZ-GB-2312 charset encoding is used for text, the ”~” character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page and had JavaScript enabled, a remote attacker could exploit these to modify the contents, or steal confidential data, within the same domain.

Mariusz Mlynski discovered that the location property can be accessed by binary plugins through top.location with a frame whose name attribute’s value is set to “top”. This can allow for possible cross-site scripting (XSS) attacks through plugins. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page and had JavaScript enabled, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Abhishek Arya discovered multiple use-after-free and buffer overflow issues in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program.

Several memory corruption flaws were discovered in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program.

Updated packages are available from security.ubuntu.com.

December 14, 2012 07:43 Ubuntu: Security update for Apache Tomcat

0

It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication.

Updated packages are available from security.ubuntu.com.

December 14, 2012 07:42 Ubuntu: Security update for libunity-webapps

0

It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

December 14, 2012 07:41 Red Hat: Security update for Mozilla Firefox

0

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A buffer overflow flaw was found in the way Firefox handled GIF (Graphics Interchange Format) images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox.

A flaw was found in the way the Style Inspector tool in Firefox handled certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web Developer -> Inspect) on malicious CSS could result in the execution of HTML and CSS content with chrome privileges. A flaw was found in the way Firefox decoded the HZ-GB-2312 character encoding. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. A flaw was found in the location object implementation in Firefox. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins.

A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. A flaw was found in the evalInSandbox implementation in Firefox. Malicious content could use this flaw to perform cross-site scripting attacks.

Updated packages are available from ftp.redhat.com.

December 14, 2012 07:40 Red Hat: Security update for Mozilla Thunderbird

0

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was found in the way Thunderbird handled GIF (Graphics Interchange Format) images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird.

A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character encoding. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. A flaw was found in the location object implementation in Thunderbird. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks.

A flaw was found in the evalInSandbox implementation in Thunderbird. Malicious content could use this flaw to perform cross-site scripting attacks.

Updated packages are available from ftp.redhat.com.

December 12, 2012 08:43 Ubuntu: Security update for Python Keyring

0

Dwayne Litzenberger discovered that Python Keyring’s CryptedFileKeyring file format used weak cryptography. A local attacker may use this issue to brute-force CryptedFileKeyring keyring files. It was discovered that Python Keyring created keyring files with insecure permissions. A local attacker could use this issue to access keyring files belonging to other users.

Updated packages are available from security.ubuntu.com.

December 12, 2012 08:43 Debian: Security update for TIFF

0

It was discovered that ppm2tiff of the tiff tools, a set of utilities for TIFF manipulation and conversion, is not properly checking the return value of an internal function used in order to detect integer overflows. As a consequence, ppm2tiff suffers of a heap-based buffer overflow. This allows attacker to potentially execute arbitrary code via a crafted ppm image, especially in scenarios in which images are automatically processed.

Updated packages are available from security.debian.org.

December 12, 2012 08:42 Ubuntu: Security update for Django

0

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users.

Updated packages are available from security.ubuntu.com.

December 12, 2012 08:41 Debian: Security update for TYPO3

0

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, SQL injection, and information disclosure vulnerabilities.

Updated packages are available from security.debian.org.

December 12, 2012 08:40 Ubuntu: Security update for LibTIFF

0

It was discovered that LibTIFF incorrectly handled certain malformed images using the PixarLog compression format. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Huzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly handled certain malformed PPM images. If a user or automated system were tricked into opening a specially crafted PPM image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Updated packages are available from security.ubuntu.com.

December 12, 2012 08:39 Red Hat: Security update for MySQL

0

MySQL is a multi-user, multi-threaded SQL database server. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages. Updated packages are available from ftp.redhat.com.

December 12, 2012 08:38 Red Hat: Security update for libproxy

0

libproxy is a library that handles all the details of proxy configuration. A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration (PAC) files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an application using libproxy to crash or, possibly, execute arbitrary code, if the proxy settings obtained by libproxy (from the environment or the desktop environment settings) instructed the use of a PAC proxy configuration.

Updated packages are available from ftp.redhat.com.

December 12, 2012 08:37 Red Hat: Security update for nspluginwrapper

0

nspluginwrapper is a utility which allows 32-bit plug-ins to run in a 64-bit browser environment. It was not possible for plug-ins wrapped by nspluginwrapper to discover whether the browser was running in Private Browsing mode. This flaw could lead to plug-ins wrapped by nspluginwrapper using normal mode while they were expected to run in Private Browsing mode.

December 12, 2012 08:36 Red Hat: Security update for GEGL

0

GEGL (Generic Graphics Library) is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially-crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code.

Updated packages are available from ftp.redhat.com.

December 12, 2012 08:35 Ubuntu: Security update for Libav

0

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

December 12, 2012 08:35 Ubuntu: Security update for libproxy

0

Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

December 12, 2012 08:34 Debian: Security update for Radsecproxy

0

Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations.

Updated packages are available from security.debian.org.

December 10, 2012 08:38 Ubuntu: Security update for Qt

0

Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.

Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

GNOME Commander

A GNOME based filemanager.

Screenshot

Project Spotlight

checkit

A file integrity tool.