VARIoT IoT vulnerabilities database

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. Insecure Default Password Vulnerability 4. 5. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS 3000, etc. are all products of Japan Yokogawa (Yokogawa). Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server. Exaquantum is a plant information management system (PIMS) for the process industry

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server

Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to perform unauthorized operations

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. The vulnerability is caused by the program ignoring the X-Frame-Options HTTP header

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-2914 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. Securifi Almond is a wireless router product from Securifi. Securifi Almond has a man-in-the-middle attack vulnerability. ID value

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. OpenLDAP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses the following: apache_mod_php Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30. CVE-ID CVE-2015-7803 CVE-2015-7804 AppSandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt Bluetooth Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7108 : Ian Beer of Google Project Zero CFNetwork HTTPProtocol Available for: OS X El Capitan v10.11 and v10.11.1 Impact: An attacker with a privileged network position may be able to bypass HSTS Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea) Compression Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru Configuration Profiles Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local attacker may be able to install a configuration profile without admin privileges Description: An issue existed when installing configuration profiles. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-7062 : David Mulder of Dell Software CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team CoreMedia Playback Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7074 : Apple CVE-2015-7075 Disk Images Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7110 : Ian Beer of Google Project Zero EFI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in the kernel loader. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7063 : Apple File Bookmark Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A path validation issue existed in app scoped bookmarks. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7071 : Apple Hypervisor Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A use after free issue existed in the handling of VM objects. This issue was addressed through improved memory management. CVE-ID CVE-2015-7078 : Ian Beer of Google Project Zero iBooks Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard) ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A null pointer dereference issue was addressed through improved input validation. CVE-ID CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7077 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7109 : Juwei Lin of TrendMicro IOHIDFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero IOKit SCSI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero IOThunderboltFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference existed in IOThunderboltFamily's handling of certain userclient types. This issue was addressed through improved validation of IOThunderboltFamily contexts. CVE-ID CVE-2015-7067 : Juwei Lin of TrendMicro Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool) Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero kext tools Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A validation issue existed during the loading of kernel extensions. This issue was addressed through additional verification. CVE-ID CVE-2015-7052 : Apple Keychain Access Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to masquerade as the Keychain Server. Description: An issue existed in how Keychain Access interacted with Keychain Agent. This issue was resolved by removing legacy functionality. CVE-ID CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi- Min Hu of Tsinghua University, and Xinhui Han of Peking University libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift libc Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM) libexpat Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in expat Description: Multiple vulnerabilities existed in expat version prior to 2.1.0. These were addressed by updating expat to versions 2.1.0. CVE-ID CVE-2012-0876 : Vincent Danen CVE-2012-1147 : Kurt Seifried CVE-2012-1148 : Kurt Seifried libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological University OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7065 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks OpenLDAP Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote unauthenticated client may be able to cause a denial of service Description: An input validation issue existed in OpenLDAP. This issue was addressed through improved input validation. CVE-ID CVE-2015-6908 OpenSSH Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 CVE-2015-5334 QuickLook Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7107 Sandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple Security Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc. Security Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google Security Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may gain access to a user's Keychain items Description: An issue existed in the validation of access control lists for keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-7058 System Integrity Protection Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to execute arbitrary code with system privileges Description: A privilege issue existed in handling union mounts. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7044 : MacDefender Installation note: Security Update 2015-008 is recommended for all users and improves the security of OS X. After installing this update, the QuickTime 7 web browser plug-in will no longer be enabled by default. Learn what to do if you still need this legacy plug-in. https://support.apple.com/en-us/HT205081 OS X El Capitan v10.11.2 includes the security content of Safari 9.0.2: https://support.apple.com/en-us/HT205639 OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn +XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz 0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36 Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T gvIdn3N1k8hWpmYDjxZd =Yi/n -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openldap security update Advisory ID: RHSA-2015:1840-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1840.html Issue date: 2015-09-29 CVE Names: CVE-2015-6908 ===================================================================== 1. Summary: Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908) All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: openldap-2.3.43-29.el5_11.src.rpm i386: compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm openldap-2.3.43-29.el5_11.i386.rpm openldap-clients-2.3.43-29.el5_11.i386.rpm openldap-debuginfo-2.3.43-29.el5_11.i386.rpm x86_64: compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm compat-openldap-2.3.43_2.2.29-29.el5_11.x86_64.rpm openldap-2.3.43-29.el5_11.i386.rpm openldap-2.3.43-29.el5_11.x86_64.rpm openldap-clients-2.3.43-29.el5_11.x86_64.rpm openldap-debuginfo-2.3.43-29.el5_11.i386.rpm openldap-debuginfo-2.3.43-29.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: openldap-2.3.43-29.el5_11.src.rpm i386: openldap-debuginfo-2.3.43-29.el5_11.i386.rpm openldap-devel-2.3.43-29.el5_11.i386.rpm openldap-servers-2.3.43-29.el5_11.i386.rpm openldap-servers-overlays-2.3.43-29.el5_11.i386.rpm openldap-servers-sql-2.3.43-29.el5_11.i386.rpm x86_64: openldap-debuginfo-2.3.43-29.el5_11.i386.rpm openldap-debuginfo-2.3.43-29.el5_11.x86_64.rpm openldap-devel-2.3.43-29.el5_11.i386.rpm openldap-devel-2.3.43-29.el5_11.x86_64.rpm openldap-servers-2.3.43-29.el5_11.x86_64.rpm openldap-servers-overlays-2.3.43-29.el5_11.x86_64.rpm openldap-servers-sql-2.3.43-29.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: openldap-2.3.43-29.el5_11.src.rpm i386: compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm openldap-2.3.43-29.el5_11.i386.rpm openldap-clients-2.3.43-29.el5_11.i386.rpm openldap-debuginfo-2.3.43-29.el5_11.i386.rpm openldap-devel-2.3.43-29.el5_11.i386.rpm openldap-servers-2.3.43-29.el5_11.i386.rpm openldap-servers-overlays-2.3.43-29.el5_11.i386.rpm openldap-servers-sql-2.3.43-29.el5_11.i386.rpm ia64: compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm compat-openldap-2.3.43_2.2.29-29.el5_11.ia64.rpm openldap-2.3.43-29.el5_11.i386.rpm openldap-2.3.43-29.el5_11.ia64.rpm openldap-clients-2.3.43-29.el5_11.ia64.rpm openldap-debuginfo-2.3.43-29.el5_11.i386.rpm openldap-debuginfo-2.3.43-29.el5_11.ia64.rpm openldap-devel-2.3.43-29.el5_11.ia64.rpm openldap-servers-2.3.43-29.el5_11.ia64.rpm openldap-servers-overlays-2.3.43-29.el5_11.ia64.rpm openldap-servers-sql-2.3.43-29.el5_11.ia64.rpm ppc: compat-openldap-2.3.43_2.2.29-29.el5_11.ppc.rpm compat-openldap-2.3.43_2.2.29-29.el5_11.ppc64.rpm openldap-2.3.43-29.el5_11.ppc.rpm openldap-2.3.43-29.el5_11.ppc64.rpm openldap-clients-2.3.43-29.el5_11.ppc.rpm openldap-debuginfo-2.3.43-29.el5_11.ppc.rpm openldap-debuginfo-2.3.43-29.el5_11.ppc64.rpm openldap-devel-2.3.43-29.el5_11.ppc.rpm openldap-devel-2.3.43-29.el5_11.ppc64.rpm openldap-servers-2.3.43-29.el5_11.ppc.rpm openldap-servers-overlays-2.3.43-29.el5_11.ppc.rpm openldap-servers-sql-2.3.43-29.el5_11.ppc.rpm s390x: compat-openldap-2.3.43_2.2.29-29.el5_11.s390.rpm compat-openldap-2.3.43_2.2.29-29.el5_11.s390x.rpm openldap-2.3.43-29.el5_11.s390.rpm openldap-2.3.43-29.el5_11.s390x.rpm openldap-clients-2.3.43-29.el5_11.s390x.rpm openldap-debuginfo-2.3.43-29.el5_11.s390.rpm openldap-debuginfo-2.3.43-29.el5_11.s390x.rpm openldap-devel-2.3.43-29.el5_11.s390.rpm openldap-devel-2.3.43-29.el5_11.s390x.rpm openldap-servers-2.3.43-29.el5_11.s390x.rpm openldap-servers-overlays-2.3.43-29.el5_11.s390x.rpm openldap-servers-sql-2.3.43-29.el5_11.s390x.rpm x86_64: compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm compat-openldap-2.3.43_2.2.29-29.el5_11.x86_64.rpm openldap-2.3.43-29.el5_11.i386.rpm openldap-2.3.43-29.el5_11.x86_64.rpm openldap-clients-2.3.43-29.el5_11.x86_64.rpm openldap-debuginfo-2.3.43-29.el5_11.i386.rpm openldap-debuginfo-2.3.43-29.el5_11.x86_64.rpm openldap-devel-2.3.43-29.el5_11.i386.rpm openldap-devel-2.3.43-29.el5_11.x86_64.rpm openldap-servers-2.3.43-29.el5_11.x86_64.rpm openldap-servers-overlays-2.3.43-29.el5_11.x86_64.rpm openldap-servers-sql-2.3.43-29.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: openldap-2.4.40-6.el6_7.src.rpm i386: openldap-2.4.40-6.el6_7.i686.rpm openldap-clients-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.i686.rpm x86_64: openldap-2.4.40-6.el6_7.i686.rpm openldap-2.4.40-6.el6_7.x86_64.rpm openldap-clients-2.4.40-6.el6_7.x86_64.rpm openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-devel-2.4.40-6.el6_7.i686.rpm openldap-servers-2.4.40-6.el6_7.i686.rpm openldap-servers-sql-2.4.40-6.el6_7.i686.rpm x86_64: openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.x86_64.rpm openldap-devel-2.4.40-6.el6_7.i686.rpm openldap-devel-2.4.40-6.el6_7.x86_64.rpm openldap-servers-2.4.40-6.el6_7.x86_64.rpm openldap-servers-sql-2.4.40-6.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openldap-2.4.40-6.el6_7.src.rpm x86_64: openldap-2.4.40-6.el6_7.i686.rpm openldap-2.4.40-6.el6_7.x86_64.rpm openldap-clients-2.4.40-6.el6_7.x86_64.rpm openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.x86_64.rpm openldap-devel-2.4.40-6.el6_7.i686.rpm openldap-devel-2.4.40-6.el6_7.x86_64.rpm openldap-servers-2.4.40-6.el6_7.x86_64.rpm openldap-servers-sql-2.4.40-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openldap-2.4.40-6.el6_7.src.rpm i386: openldap-2.4.40-6.el6_7.i686.rpm openldap-clients-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-devel-2.4.40-6.el6_7.i686.rpm openldap-servers-2.4.40-6.el6_7.i686.rpm ppc64: openldap-2.4.40-6.el6_7.ppc.rpm openldap-2.4.40-6.el6_7.ppc64.rpm openldap-clients-2.4.40-6.el6_7.ppc64.rpm openldap-debuginfo-2.4.40-6.el6_7.ppc.rpm openldap-debuginfo-2.4.40-6.el6_7.ppc64.rpm openldap-devel-2.4.40-6.el6_7.ppc.rpm openldap-devel-2.4.40-6.el6_7.ppc64.rpm openldap-servers-2.4.40-6.el6_7.ppc64.rpm s390x: openldap-2.4.40-6.el6_7.s390.rpm openldap-2.4.40-6.el6_7.s390x.rpm openldap-clients-2.4.40-6.el6_7.s390x.rpm openldap-debuginfo-2.4.40-6.el6_7.s390.rpm openldap-debuginfo-2.4.40-6.el6_7.s390x.rpm openldap-devel-2.4.40-6.el6_7.s390.rpm openldap-devel-2.4.40-6.el6_7.s390x.rpm openldap-servers-2.4.40-6.el6_7.s390x.rpm x86_64: openldap-2.4.40-6.el6_7.i686.rpm openldap-2.4.40-6.el6_7.x86_64.rpm openldap-clients-2.4.40-6.el6_7.x86_64.rpm openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.x86_64.rpm openldap-devel-2.4.40-6.el6_7.i686.rpm openldap-devel-2.4.40-6.el6_7.x86_64.rpm openldap-servers-2.4.40-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-servers-sql-2.4.40-6.el6_7.i686.rpm ppc64: openldap-debuginfo-2.4.40-6.el6_7.ppc64.rpm openldap-servers-sql-2.4.40-6.el6_7.ppc64.rpm s390x: openldap-debuginfo-2.4.40-6.el6_7.s390x.rpm openldap-servers-sql-2.4.40-6.el6_7.s390x.rpm x86_64: openldap-debuginfo-2.4.40-6.el6_7.x86_64.rpm openldap-servers-sql-2.4.40-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openldap-2.4.40-6.el6_7.src.rpm i386: openldap-2.4.40-6.el6_7.i686.rpm openldap-clients-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-devel-2.4.40-6.el6_7.i686.rpm openldap-servers-2.4.40-6.el6_7.i686.rpm x86_64: openldap-2.4.40-6.el6_7.i686.rpm openldap-2.4.40-6.el6_7.x86_64.rpm openldap-clients-2.4.40-6.el6_7.x86_64.rpm openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-debuginfo-2.4.40-6.el6_7.x86_64.rpm openldap-devel-2.4.40-6.el6_7.i686.rpm openldap-devel-2.4.40-6.el6_7.x86_64.rpm openldap-servers-2.4.40-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openldap-debuginfo-2.4.40-6.el6_7.i686.rpm openldap-servers-sql-2.4.40-6.el6_7.i686.rpm x86_64: openldap-debuginfo-2.4.40-6.el6_7.x86_64.rpm openldap-servers-sql-2.4.40-6.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openldap-2.4.39-7.el7_1.src.rpm x86_64: openldap-2.4.39-7.el7_1.i686.rpm openldap-2.4.39-7.el7_1.x86_64.rpm openldap-clients-2.4.39-7.el7_1.x86_64.rpm openldap-debuginfo-2.4.39-7.el7_1.i686.rpm openldap-debuginfo-2.4.39-7.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openldap-debuginfo-2.4.39-7.el7_1.i686.rpm openldap-debuginfo-2.4.39-7.el7_1.x86_64.rpm openldap-devel-2.4.39-7.el7_1.i686.rpm openldap-devel-2.4.39-7.el7_1.x86_64.rpm openldap-servers-2.4.39-7.el7_1.x86_64.rpm openldap-servers-sql-2.4.39-7.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openldap-2.4.39-7.el7_1.src.rpm x86_64: openldap-2.4.39-7.el7_1.i686.rpm openldap-2.4.39-7.el7_1.x86_64.rpm openldap-clients-2.4.39-7.el7_1.x86_64.rpm openldap-debuginfo-2.4.39-7.el7_1.i686.rpm openldap-debuginfo-2.4.39-7.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openldap-debuginfo-2.4.39-7.el7_1.i686.rpm openldap-debuginfo-2.4.39-7.el7_1.x86_64.rpm openldap-devel-2.4.39-7.el7_1.i686.rpm openldap-devel-2.4.39-7.el7_1.x86_64.rpm openldap-servers-2.4.39-7.el7_1.x86_64.rpm openldap-servers-sql-2.4.39-7.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openldap-2.4.39-7.el7_1.src.rpm ppc64: openldap-2.4.39-7.el7_1.ppc.rpm openldap-2.4.39-7.el7_1.ppc64.rpm openldap-clients-2.4.39-7.el7_1.ppc64.rpm openldap-debuginfo-2.4.39-7.el7_1.ppc.rpm openldap-debuginfo-2.4.39-7.el7_1.ppc64.rpm openldap-devel-2.4.39-7.el7_1.ppc.rpm openldap-devel-2.4.39-7.el7_1.ppc64.rpm openldap-servers-2.4.39-7.el7_1.ppc64.rpm s390x: openldap-2.4.39-7.el7_1.s390.rpm openldap-2.4.39-7.el7_1.s390x.rpm openldap-clients-2.4.39-7.el7_1.s390x.rpm openldap-debuginfo-2.4.39-7.el7_1.s390.rpm openldap-debuginfo-2.4.39-7.el7_1.s390x.rpm openldap-devel-2.4.39-7.el7_1.s390.rpm openldap-devel-2.4.39-7.el7_1.s390x.rpm openldap-servers-2.4.39-7.el7_1.s390x.rpm x86_64: openldap-2.4.39-7.el7_1.i686.rpm openldap-2.4.39-7.el7_1.x86_64.rpm openldap-clients-2.4.39-7.el7_1.x86_64.rpm openldap-debuginfo-2.4.39-7.el7_1.i686.rpm openldap-debuginfo-2.4.39-7.el7_1.x86_64.rpm openldap-devel-2.4.39-7.el7_1.i686.rpm openldap-devel-2.4.39-7.el7_1.x86_64.rpm openldap-servers-2.4.39-7.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openldap-2.4.39-7.ael7b_1.src.rpm ppc64le: openldap-2.4.39-7.ael7b_1.ppc64le.rpm openldap-clients-2.4.39-7.ael7b_1.ppc64le.rpm openldap-debuginfo-2.4.39-7.ael7b_1.ppc64le.rpm openldap-devel-2.4.39-7.ael7b_1.ppc64le.rpm openldap-servers-2.4.39-7.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openldap-debuginfo-2.4.39-7.el7_1.ppc64.rpm openldap-servers-sql-2.4.39-7.el7_1.ppc64.rpm s390x: openldap-debuginfo-2.4.39-7.el7_1.s390x.rpm openldap-servers-sql-2.4.39-7.el7_1.s390x.rpm x86_64: openldap-debuginfo-2.4.39-7.el7_1.x86_64.rpm openldap-servers-sql-2.4.39-7.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: openldap-debuginfo-2.4.39-7.ael7b_1.ppc64le.rpm openldap-servers-sql-2.4.39-7.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openldap-2.4.39-7.el7_1.src.rpm x86_64: openldap-2.4.39-7.el7_1.i686.rpm openldap-2.4.39-7.el7_1.x86_64.rpm openldap-clients-2.4.39-7.el7_1.x86_64.rpm openldap-debuginfo-2.4.39-7.el7_1.i686.rpm openldap-debuginfo-2.4.39-7.el7_1.x86_64.rpm openldap-devel-2.4.39-7.el7_1.i686.rpm openldap-devel-2.4.39-7.el7_1.x86_64.rpm openldap-servers-2.4.39-7.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openldap-debuginfo-2.4.39-7.el7_1.x86_64.rpm openldap-servers-sql-2.4.39-7.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-6908 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWCmcKXlSAg2UNWIIRAgn9AKC6H/fZbUDj3e0AyA/xkOrOx+U+/QCeIpMZ iKKXpo+XKDlK4zZLlWedI64= =yvhg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the oldstable distribution (wheezy), this problem has been fixed in version 2.4.31-2+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.4.40+dfsg-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.4.42+dfsg-2. ============================================================================ Ubuntu Security Notice USN-2742-1 September 16, 2015 openldap vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenLDAP. (CVE-2015-6908) Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration. Depending on how the database is configure, this may allow users to impersonate others by modifying attributes such as their Unix user and group numbers. (CVE-2014-9713) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: slapd 2.4.31-1+nmu2ubuntu12.3 Ubuntu 14.04 LTS: slapd 2.4.31-1+nmu2ubuntu8.2 Ubuntu 12.04 LTS: slapd 2.4.28-1.1ubuntu4.6 In general, a standard system update will make all the necessary changes. For existing installations, access rules that begin with "to *" need to be manually adjusted to remove any instances of "by self write"

Huawei FusionAccess is a desktop management system of Huawei FusionCloud desktop cloud solution from China's Huawei. The system can distribute, maintain and recycle virtual desktops for users through a graphical portal interface. A denial of service vulnerability exists in Huawei FusionAccess. An attacker could use this vulnerability to cause a denial of service. Huawei FusionAccess is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions

SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. SAP NetWeaver is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SAP NetWeaver 7.40 is vulnerable; other versions may also be affected

SAP NetWeaver is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SAP NetWeaver 7.40 is vulnerable; other versions may also be affected.

Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. Multiple F5 products are prone to a directory-traversal vulnerability. An attacker can exploit this issue to obtain sensitive information that could aid in further attacks. The former is an all-in-one network device that integrates functions such as network traffic management, application security management, and load balancing. The latter is a tool that provides a view of the entire BIG-IP application delivery infrastructure and optimizes application performance

Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. An attacker may exploit this issue to cause a denial-of-service condition or a partial memory override. This issue is being tracked by Cisco Bug ID CSCug21497.https://tools.cisco.com/bugsearch/bug/CSCug21497. The appliance offers spam protection, email encryption, data loss prevention, and more

Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCur32005 and CSCur07907. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. A security vulnerability exists in Cisco WSA versions 8.0.6-078 and 8.0.6-115 due to the fact that the program waits for a DNS response before processing a newly received DNS request

Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuv80423. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation

An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access and device restart) via unknown vectors. Huawei eSpace U1910, eSpace U1911, eSpace U1930, eSpace U1960, eSpace U1980, and eSpace U1981 are Huawei eSpace U1900 series switches. A security vulnerability exists in the Huawei eSpace U1910/U1911/U1930/U1960/U1980/U1981. An attacker can use the vulnerability to submit a special request for a denial of service attack. The Huawei eSpace U1900 is a unified gateway product. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network. Huawei WLAN AC6005 is a wireless access controller product from China Huawei. An information disclosure vulnerability exists in the mDNS module module of several Huawei WLAN AC products. An attacker could exploit the vulnerability to disclose sensitive information. The following products and versions are affected: WLAN AC6005 V200R005C00, V200R005C10, and V200R006C00 WLAN AC6605 V200R005C00, V200R005C10, and V200R006C00 WLAN ACU2 V200R005C00, V200R005C10, and V200R006C00. mDNS is one of the multicast DNS transmission modules. The vulnerability stems from the fact that the program does not handle mDNS correctly

Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuu47016. The solution supports identifying and classifying multiple applications, exporting performance indicators of applications, and setting different services according to the priority of applications (QoS), etc. A security vulnerability exists in Cisco AVC 15.3(3)JA release

Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuw09620 . This appliance is mainly used to manage all policies, reports, audit information, etc. of email and web security appliances