RSS
All articles

December 10, 2012 08:37 Ubuntu: Security update for Apache

0

It was discovered that the mod_negotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that the Apache HTTP Server was vulnerable to the “CRIME” SSL data compression attack. Although this issue had been mitigated on the client with newer web browsers, this update also disables SSL data compression on the server. A new SSLCompression directive for Apache has been backported that may be used to re-enable SSL data compression in certain environments.

Updated packages are available from security.ubuntu.com.

December 10, 2012 08:36 Ubuntu: Security update for Glance

0

Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.

Updated packages are available from security.ubuntu.com.

December 10, 2012 08:33 Ubuntu: Security update for Icedtea-Web

0

Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program.

Updated packages are available from security.ubuntu.com.

December 10, 2012 08:32 Red Hat: Security update for IcedTea-Web

0

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start. A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code.

Updated packages are available from ftp.redhat.com.

December 07, 2012 07:45 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service.

Updated packages are available from ftp.redhat.com.

December 07, 2012 07:43 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the Linux kernel’s memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges.

It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges.

Updated packages are available from ftp.redhat.com.

December 07, 2012 07:42 Ubuntu: Security update for Remote Login Service

0

It was discovered that Remote Login Service incorrectly purged account information when switching users. A local attacker could use this issue to possibly obtain sensitive information.

Updated packages are available from security.ubuntu.com.

December 07, 2012 07:41 Ubuntu: Security update for Mesa

0

It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

December 07, 2012 07:40 Ubuntu: Security update for Munin

0

It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. It was discovered that Munin incorrectly handled plugin state file permissions. An attacker obtaining privileges of the munin user could use this issue to escalate privileges to root. It was discovered that Munin incorrectly handled specifying an alternate configuration file. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the web server.

Updated packages are available from security.ubuntu.com.

December 05, 2012 16:23 Ubuntu: Security update for MySQL

0

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

Updated packages are available from security.ubuntu.com.

December 05, 2012 16:21 Debian: Security update for Iceape

0

Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey. Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors. A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

Updated packages are available from security.debian.org.

December 05, 2012 16:20 Debian: Security update for libproxy

0

The Red Hat Security Response Team discovered that libproxy, a library for automatic proxy configuration management, applied insufficient validation to the Content-Length header sent by a server providing a proxy.pac file. Such remote server could trigger an integer overflow and consequently overflow an in-memory buffer.

Updated packages are available from security.debian.org.

December 05, 2012 16:20 Debian: Security update for OpenOffice

0

High-Tech Bridge SA Security Research Lab discovered multiple null-pointer dereferences based vulnerabilities in OpenOffice which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (MS Powerpoint 2003) and XLS (MS Excel 2003).

Updated packages are available from security.debian.org.

December 05, 2012 16:17 Red Hat: Security update for kdelibs

0

The kdelibs packages provide libraries for the K Desktop Environment (KDE). Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS (Cascading Style Sheets) parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs (such as Konqueror) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.

Updated packages are available from ftp.redhat.com.

December 03, 2012 11:19 Red Hat: Security update for Mozilla Thunderbird

0

Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code.

Updated packages are available from ftp.redhat.com.

December 03, 2012 11:18 Debian: Security update for Icedove

0

Multiple vulnerabilities have been discovered in Icedove, Debian’s version of the Mozilla Thunderbird mail client. Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Icedove does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Icedove does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors. A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

Updated packages are available from security.debian.org.

December 03, 2012 11:17 Red Hat: Security update for Mozilla Firefox

0

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Firefox to execute arbitrary code.

Updated packages are available from ftp.redhat.com.

December 03, 2012 11:16 Ubuntu: Security update for Firefox

0

Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object.

Updated packages are available from security.ubuntu.com.

December 03, 2012 11:15 Debian: Security update for RTFM

0

It was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class. Updated packages are available from security.debian.org.

November 30, 2012 07:29 Debian: Security update for Request Tracker

0

Several vulnerabilities were discovered in Request Tracker, an issue tracking system. Authenticated users can add arbitrary headers or content to mail generated by RT. A CSRF vulnerability may allow attackers to toggle ticket bookmarks.

If users follow a crafted URI and log in to RT, they may trigger actions which would ordinarily blocked by the CSRF prevention logic. Several different vulnerabilities in GnuPG processing allow attackers to cause RT to improperly sign outgoing email. If GnuPG support is enabled, authenticated users attackers can create arbitrary files as the web server user, which may enable arbitrary code execution.

Updated packages are available from security.debian.org.

November 30, 2012 07:28 Ubuntu: Security update for OpenJDK

0

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service.

Updated packages are available from security.ubuntu.com.

November 30, 2012 07:27 Ubuntu: Security update for Exim

0

It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.

Updated packages are available from security.ubuntu.com.

November 30, 2012 07:26 Debian: Security update for Exim

0

It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.

Updated packages are available from security.debian.org.

November 30, 2012 07:24 Ubuntu: Security update for WebKit

0

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Updated packages are available from security.ubuntu.com.

November 28, 2012 15:24 Ubuntu: Security update for Python

0

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information.

It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the ‘-R’ command line option and honors setting the PYTHONHASHSEED environment variable to ‘random’ to salt str and datetime objects with an unpredictable value. Serhiy Storchaka discovered that the UTF16 decoder in Python did not properly reset internal variables after error handling. An attacker could exploit this to cause a denial of service via memory corruption.

Updated packages are available from security.ubuntu.com.

November 28, 2012 15:22 Debian: Security update for Iceweasel

0

Multiple vulnerabilities have been discovered in Iceweasel, Debian’s version of the Mozilla Firefox web browser. Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Iceweasel does not properly restrict calls to DOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.

A Use-after-free vulnerability in the IME State Manager implementation allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Iceweasel does not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. A use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function allows remote attackers to execute arbitrary code via unspecified vectors. A use-after-free vulnerability in the nsTextEditRules::WillInsert function allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. A heap-based buffer overflow in the nsWav-eReader::DecodeAudioData function allows remote attackers to execute arbitrary code via unspecified vectors.

A heap-based buffer overflow in the Convolve3x3 function allows remote attackers to execute arbitrary code via unspecified vectors.

Updated packages are available from security.debian.org.

November 28, 2012 15:21 Ubuntu: Security update for Python

0

It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This updates adds the ‘-R’ command line option and honors setting the PYTHONHASHSEED environment variable to ‘random’ to salt str and datetime objects with an unpredictable value.

Serhiy Storchaka discovered that the UTF16 decoder in Python did not properly reset internal variables after error handling. An attacker could exploit this to cause a denial of service via memory corruption.

Updated packages are available from security.ubuntu.com.

November 28, 2012 15:20 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service.

Updated packages are available from ftp.redhat.com.

November 28, 2012 15:18 Debian: Security update for Tinyproxy

0

gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers. Updated packages are available from security.debian.org.

November 26, 2012 07:55 Debian: Security update for ViewVC

0

Several vulnerabilities were found in ViewVC, a web interface for CVS and Subversion repositories. Remote attackers can bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks via the limit parameter. The remote SVN views functionality does not properly perform authorization, which allows remote attackers to bypass intended access restrictions.

The SVN revision view does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information. “function name” lines returned by diff are not properly escaped, allowing attackers with commit access to perform cross site scripting.

Updated packages are available from security.debian.org.

Screenshot

Project Spotlight

Ada EL

A library which implements an expression language similar to JSP and JSF.

Screenshot

Project Spotlight

GlusterFS

A poly-protocol, unified distributed filesystem.