VARIoT IoT vulnerabilities database

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. This vulnerability CVE-2015-3118 , CVE-2015-3124 , CVE-2015-3127 , CVE-2015-3128 , CVE-2015-3129 , CVE-2015-3131 , CVE-2015-3132 , CVE-2015-3137 , CVE-2015-4428 , CVE-2015-4430 ,and CVE-2015-5117 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. A use-after-free vulnerability exists in several Adobe products. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.481" References ========== [ 1 ] CVE-2014-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578 [ 2 ] CVE-2015-3113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113 [ 3 ] CVE-2015-3114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114 [ 4 ] CVE-2015-3115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115 [ 5 ] CVE-2015-3116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116 [ 6 ] CVE-2015-3117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117 [ 7 ] CVE-2015-3118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118 [ 8 ] CVE-2015-3119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119 [ 9 ] CVE-2015-3120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120 [ 10 ] CVE-2015-3121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121 [ 11 ] CVE-2015-3122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122 [ 12 ] CVE-2015-3123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123 [ 13 ] CVE-2015-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124 [ 14 ] CVE-2015-3125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125 [ 15 ] CVE-2015-3126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126 [ 16 ] CVE-2015-3127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127 [ 17 ] CVE-2015-3128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128 [ 18 ] CVE-2015-3129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129 [ 19 ] CVE-2015-3130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130 [ 20 ] CVE-2015-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131 [ 21 ] CVE-2015-3132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132 [ 22 ] CVE-2015-3133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133 [ 23 ] CVE-2015-3134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134 [ 24 ] CVE-2015-3135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135 [ 25 ] CVE-2015-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136 [ 26 ] CVE-2015-3137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137 [ 27 ] CVE-2015-4428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428 [ 28 ] CVE-2015-4429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429 [ 29 ] CVE-2015-4430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430 [ 30 ] CVE-2015-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431 [ 31 ] CVE-2015-4432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432 [ 32 ] CVE-2015-4433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433 [ 33 ] CVE-2015-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116 [ 34 ] CVE-2015-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117 [ 35 ] CVE-2015-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118 [ 36 ] CVE-2015-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1214-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1214.html Issue date: 2015-07-08 CVE Names: CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119) Multiple security bypass flaws were found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2014-0578, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.481. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1240832 - CVE-2015-5119 flash-plugin: code execution issue in APSA15-03 / APSB15-16 1241171 - flash-plugin: multiple code execution issues fixed in APSB15-16 1241173 - flash-plugin: information disclosure issues fixed in APSB15-16 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.481-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.481-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.481-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.481-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0578 https://access.redhat.com/security/cve/CVE-2015-3114 https://access.redhat.com/security/cve/CVE-2015-3115 https://access.redhat.com/security/cve/CVE-2015-3116 https://access.redhat.com/security/cve/CVE-2015-3117 https://access.redhat.com/security/cve/CVE-2015-3118 https://access.redhat.com/security/cve/CVE-2015-3119 https://access.redhat.com/security/cve/CVE-2015-3120 https://access.redhat.com/security/cve/CVE-2015-3121 https://access.redhat.com/security/cve/CVE-2015-3122 https://access.redhat.com/security/cve/CVE-2015-3123 https://access.redhat.com/security/cve/CVE-2015-3124 https://access.redhat.com/security/cve/CVE-2015-3125 https://access.redhat.com/security/cve/CVE-2015-3126 https://access.redhat.com/security/cve/CVE-2015-3127 https://access.redhat.com/security/cve/CVE-2015-3128 https://access.redhat.com/security/cve/CVE-2015-3129 https://access.redhat.com/security/cve/CVE-2015-3130 https://access.redhat.com/security/cve/CVE-2015-3131 https://access.redhat.com/security/cve/CVE-2015-3132 https://access.redhat.com/security/cve/CVE-2015-3133 https://access.redhat.com/security/cve/CVE-2015-3134 https://access.redhat.com/security/cve/CVE-2015-3135 https://access.redhat.com/security/cve/CVE-2015-3136 https://access.redhat.com/security/cve/CVE-2015-3137 https://access.redhat.com/security/cve/CVE-2015-4428 https://access.redhat.com/security/cve/CVE-2015-4429 https://access.redhat.com/security/cve/CVE-2015-4430 https://access.redhat.com/security/cve/CVE-2015-4431 https://access.redhat.com/security/cve/CVE-2015-4432 https://access.redhat.com/security/cve/CVE-2015-4433 https://access.redhat.com/security/cve/CVE-2015-5116 https://access.redhat.com/security/cve/CVE-2015-5117 https://access.redhat.com/security/cve/CVE-2015-5118 https://access.redhat.com/security/cve/CVE-2015-5119 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-16.html https://helpx.adobe.com/security/products/flash-player/apsa15-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVnYzEXlSAg2UNWIIRAiYOAJ4hyudjAqMbqOcLAA47WlvgoVG25gCdF1BZ bxdi7YGr3vmk1ppaEImDJNg= =KEcy -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116. This vulnerability CVE-2014-0578 , CVE-2015-3116 , CVE-2015-3125 ,and CVE-2015-5116 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can bypass the same origin policy. Attackers can exploit these issues to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further attacks. Security flaws exist in several Adobe products. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.481" References ========== [ 1 ] CVE-2014-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578 [ 2 ] CVE-2015-3113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113 [ 3 ] CVE-2015-3114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114 [ 4 ] CVE-2015-3115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115 [ 5 ] CVE-2015-3116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116 [ 6 ] CVE-2015-3117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117 [ 7 ] CVE-2015-3118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118 [ 8 ] CVE-2015-3119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119 [ 9 ] CVE-2015-3120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120 [ 10 ] CVE-2015-3121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121 [ 11 ] CVE-2015-3122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122 [ 12 ] CVE-2015-3123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123 [ 13 ] CVE-2015-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124 [ 14 ] CVE-2015-3125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125 [ 15 ] CVE-2015-3126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126 [ 16 ] CVE-2015-3127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127 [ 17 ] CVE-2015-3128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128 [ 18 ] CVE-2015-3129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129 [ 19 ] CVE-2015-3130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130 [ 20 ] CVE-2015-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131 [ 21 ] CVE-2015-3132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132 [ 22 ] CVE-2015-3133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133 [ 23 ] CVE-2015-3134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134 [ 24 ] CVE-2015-3135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135 [ 25 ] CVE-2015-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136 [ 26 ] CVE-2015-3137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137 [ 27 ] CVE-2015-4428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428 [ 28 ] CVE-2015-4429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429 [ 29 ] CVE-2015-4430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430 [ 30 ] CVE-2015-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431 [ 31 ] CVE-2015-4432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432 [ 32 ] CVE-2015-4433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433 [ 33 ] CVE-2015-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116 [ 34 ] CVE-2015-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117 [ 35 ] CVE-2015-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118 [ 36 ] CVE-2015-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1214-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1214.html Issue date: 2015-07-08 CVE Names: CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119) Multiple security bypass flaws were found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2014-0578, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.481. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1240832 - CVE-2015-5119 flash-plugin: code execution issue in APSA15-03 / APSB15-16 1241171 - flash-plugin: multiple code execution issues fixed in APSB15-16 1241173 - flash-plugin: information disclosure issues fixed in APSB15-16 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.481-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.481-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.481-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.481-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0578 https://access.redhat.com/security/cve/CVE-2015-3114 https://access.redhat.com/security/cve/CVE-2015-3115 https://access.redhat.com/security/cve/CVE-2015-3116 https://access.redhat.com/security/cve/CVE-2015-3117 https://access.redhat.com/security/cve/CVE-2015-3118 https://access.redhat.com/security/cve/CVE-2015-3119 https://access.redhat.com/security/cve/CVE-2015-3120 https://access.redhat.com/security/cve/CVE-2015-3121 https://access.redhat.com/security/cve/CVE-2015-3122 https://access.redhat.com/security/cve/CVE-2015-3123 https://access.redhat.com/security/cve/CVE-2015-3124 https://access.redhat.com/security/cve/CVE-2015-3125 https://access.redhat.com/security/cve/CVE-2015-3126 https://access.redhat.com/security/cve/CVE-2015-3127 https://access.redhat.com/security/cve/CVE-2015-3128 https://access.redhat.com/security/cve/CVE-2015-3129 https://access.redhat.com/security/cve/CVE-2015-3130 https://access.redhat.com/security/cve/CVE-2015-3131 https://access.redhat.com/security/cve/CVE-2015-3132 https://access.redhat.com/security/cve/CVE-2015-3133 https://access.redhat.com/security/cve/CVE-2015-3134 https://access.redhat.com/security/cve/CVE-2015-3135 https://access.redhat.com/security/cve/CVE-2015-3136 https://access.redhat.com/security/cve/CVE-2015-3137 https://access.redhat.com/security/cve/CVE-2015-4428 https://access.redhat.com/security/cve/CVE-2015-4429 https://access.redhat.com/security/cve/CVE-2015-4430 https://access.redhat.com/security/cve/CVE-2015-4431 https://access.redhat.com/security/cve/CVE-2015-4432 https://access.redhat.com/security/cve/CVE-2015-4433 https://access.redhat.com/security/cve/CVE-2015-5116 https://access.redhat.com/security/cve/CVE-2015-5117 https://access.redhat.com/security/cve/CVE-2015-5118 https://access.redhat.com/security/cve/CVE-2015-5119 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-16.html https://helpx.adobe.com/security/products/flash-player/apsa15-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVnYzEXlSAg2UNWIIRAiYOAJ4hyudjAqMbqOcLAA47WlvgoVG25gCdF1BZ bxdi7YGr3vmk1ppaEImDJNg= =KEcy -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. Grandstream GXV3611_HD Is a network camera for surveillance. Grandstream GXV3611_HD Is SQL There is an injection vulnerability. An attacker can use this vulnerability to SQL It is possible to perform injection attacks. CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') http://cwe.mitre.org/data/definitions/89.htmlBy a remote third party SQL By injection, the settings of the device may be viewed or changed. Grandstream GXV3611_HD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Grandstream GXV3611_HD 1.0.3.6 is vulnerable

Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656. An attacker can exploit this issue to take the web service offline, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuu37656. The program supports access to corporate phone and voicemail, etc. via USB headset or USB speaker

Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52679. An attacker can exploit this issue to reload the affected device; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCut52679

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721. Vendors have confirmed this vulnerability Bug ID CSCuu94721 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuu94721. The following products and versions are affected: Cisco FireSIGHT System Software Versions 5.4.1.2 and 6.0.0

The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202. This issue is being tracked by Cisco Bug ID CSCty94202

Tableau Server is enterprise intelligence software that provides browser-based analysis that anyone can learn and use. Tableau Server has sensitive information disclosure and permission bypass loopholes, allowing remote attackers to use vulnerability locks to manage user operations, obtain sensitive information, and bypass restricted access to the data of privileged publishers.

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. ISC BIND 9 There is a service disruption (DoS) Vulnerabilities exist. ISC BIND 9 Is DNSSEC There is a vulnerability that causes recursive name resolution processing with validation enabled to end abnormally under certain conditions. In addition, National Vulnerability Database (NVD) Then CWE-17 It is published as CWE-17: Code http://cwe.mitre.org/data/definitions/17.htmlDNSSEC Cache with validation enabled DNS When operating a server, service operation is interrupted by a remote third party. (DoS) There is a possibility of being attacked. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. 6) - i386, x86_64 3. Corrected: 2015-07-07 21:43:23 UTC (stable/9, 9.3-STABLE) 2015-07-07 21:44:01 UTC (releng/9.3, 9.3-RELEASE-p19) 2015-07-07 21:43:23 UTC (stable/8, 8.4-STABLE) 2015-07-07 21:44:01 UTC (releng/8.4, 8.4-RELEASE-p33) CVE Name: CVE-2015-4620 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. The libdns library is a library of DNS protocol support functions. II. III. Impact An attacker who can cause specific queries to be sent to a nameserver could cause named(8) to crash, resulting in a denial of service. IV. Workaround No workaround is available, but hosts not running named(8) are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-15:11/bind-9.patch # fetch https://security.FreeBSD.org/patches/SA-15:11/bind-9.patch.asc # gpg --verify bind-9.patch.asc [FreeBSD 8.4] # fetch https://security.FreeBSD.org/patches/SA-15:11/bind-8.patch # fetch https://security.FreeBSD.org/patches/SA-15:11/bind-8.patch.asc # gpg --verify bind-8.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r285257 releng/8.4/ r285258 stable/9/ r285257 releng/9.3/ r285258 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2015:1443-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1443.html Issue date: 2015-07-20 CVE Names: CVE-2015-4620 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1237258 - CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-18.el7_1.2.src.rpm noarch: bind-license-9.9.4-18.el7_1.2.noarch.rpm x86_64: bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm bind-libs-9.9.4-18.el7_1.2.i686.rpm bind-libs-9.9.4-18.el7_1.2.x86_64.rpm bind-libs-lite-9.9.4-18.el7_1.2.i686.rpm bind-libs-lite-9.9.4-18.el7_1.2.x86_64.rpm bind-utils-9.9.4-18.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-18.el7_1.2.x86_64.rpm bind-chroot-9.9.4-18.el7_1.2.x86_64.rpm bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm bind-devel-9.9.4-18.el7_1.2.i686.rpm bind-devel-9.9.4-18.el7_1.2.x86_64.rpm bind-lite-devel-9.9.4-18.el7_1.2.i686.rpm bind-lite-devel-9.9.4-18.el7_1.2.x86_64.rpm bind-sdb-9.9.4-18.el7_1.2.x86_64.rpm bind-sdb-chroot-9.9.4-18.el7_1.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-18.el7_1.2.src.rpm noarch: bind-license-9.9.4-18.el7_1.2.noarch.rpm x86_64: bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm bind-libs-9.9.4-18.el7_1.2.i686.rpm bind-libs-9.9.4-18.el7_1.2.x86_64.rpm bind-libs-lite-9.9.4-18.el7_1.2.i686.rpm bind-libs-lite-9.9.4-18.el7_1.2.x86_64.rpm bind-utils-9.9.4-18.el7_1.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-18.el7_1.2.x86_64.rpm bind-chroot-9.9.4-18.el7_1.2.x86_64.rpm bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm bind-devel-9.9.4-18.el7_1.2.i686.rpm bind-devel-9.9.4-18.el7_1.2.x86_64.rpm bind-lite-devel-9.9.4-18.el7_1.2.i686.rpm bind-lite-devel-9.9.4-18.el7_1.2.x86_64.rpm bind-sdb-9.9.4-18.el7_1.2.x86_64.rpm bind-sdb-chroot-9.9.4-18.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-18.el7_1.2.src.rpm noarch: bind-license-9.9.4-18.el7_1.2.noarch.rpm ppc64: bind-9.9.4-18.el7_1.2.ppc64.rpm bind-chroot-9.9.4-18.el7_1.2.ppc64.rpm bind-debuginfo-9.9.4-18.el7_1.2.ppc.rpm bind-debuginfo-9.9.4-18.el7_1.2.ppc64.rpm bind-libs-9.9.4-18.el7_1.2.ppc.rpm bind-libs-9.9.4-18.el7_1.2.ppc64.rpm bind-libs-lite-9.9.4-18.el7_1.2.ppc.rpm bind-libs-lite-9.9.4-18.el7_1.2.ppc64.rpm bind-utils-9.9.4-18.el7_1.2.ppc64.rpm s390x: bind-9.9.4-18.el7_1.2.s390x.rpm bind-chroot-9.9.4-18.el7_1.2.s390x.rpm bind-debuginfo-9.9.4-18.el7_1.2.s390.rpm bind-debuginfo-9.9.4-18.el7_1.2.s390x.rpm bind-libs-9.9.4-18.el7_1.2.s390.rpm bind-libs-9.9.4-18.el7_1.2.s390x.rpm bind-libs-lite-9.9.4-18.el7_1.2.s390.rpm bind-libs-lite-9.9.4-18.el7_1.2.s390x.rpm bind-utils-9.9.4-18.el7_1.2.s390x.rpm x86_64: bind-9.9.4-18.el7_1.2.x86_64.rpm bind-chroot-9.9.4-18.el7_1.2.x86_64.rpm bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm bind-libs-9.9.4-18.el7_1.2.i686.rpm bind-libs-9.9.4-18.el7_1.2.x86_64.rpm bind-libs-lite-9.9.4-18.el7_1.2.i686.rpm bind-libs-lite-9.9.4-18.el7_1.2.x86_64.rpm bind-utils-9.9.4-18.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-18.ael7b_1.2.src.rpm noarch: bind-license-9.9.4-18.ael7b_1.2.noarch.rpm ppc64le: bind-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-chroot-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-debuginfo-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-libs-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-libs-lite-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-utils-9.9.4-18.ael7b_1.2.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bind-debuginfo-9.9.4-18.el7_1.2.ppc.rpm bind-debuginfo-9.9.4-18.el7_1.2.ppc64.rpm bind-devel-9.9.4-18.el7_1.2.ppc.rpm bind-devel-9.9.4-18.el7_1.2.ppc64.rpm bind-lite-devel-9.9.4-18.el7_1.2.ppc.rpm bind-lite-devel-9.9.4-18.el7_1.2.ppc64.rpm bind-sdb-9.9.4-18.el7_1.2.ppc64.rpm bind-sdb-chroot-9.9.4-18.el7_1.2.ppc64.rpm s390x: bind-debuginfo-9.9.4-18.el7_1.2.s390.rpm bind-debuginfo-9.9.4-18.el7_1.2.s390x.rpm bind-devel-9.9.4-18.el7_1.2.s390.rpm bind-devel-9.9.4-18.el7_1.2.s390x.rpm bind-lite-devel-9.9.4-18.el7_1.2.s390.rpm bind-lite-devel-9.9.4-18.el7_1.2.s390x.rpm bind-sdb-9.9.4-18.el7_1.2.s390x.rpm bind-sdb-chroot-9.9.4-18.el7_1.2.s390x.rpm x86_64: bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm bind-devel-9.9.4-18.el7_1.2.i686.rpm bind-devel-9.9.4-18.el7_1.2.x86_64.rpm bind-lite-devel-9.9.4-18.el7_1.2.i686.rpm bind-lite-devel-9.9.4-18.el7_1.2.x86_64.rpm bind-sdb-9.9.4-18.el7_1.2.x86_64.rpm bind-sdb-chroot-9.9.4-18.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: bind-debuginfo-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-devel-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-lite-devel-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-sdb-9.9.4-18.ael7b_1.2.ppc64le.rpm bind-sdb-chroot-9.9.4-18.ael7b_1.2.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.9.4-18.el7_1.2.src.rpm noarch: bind-license-9.9.4-18.el7_1.2.noarch.rpm x86_64: bind-9.9.4-18.el7_1.2.x86_64.rpm bind-chroot-9.9.4-18.el7_1.2.x86_64.rpm bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm bind-libs-9.9.4-18.el7_1.2.i686.rpm bind-libs-9.9.4-18.el7_1.2.x86_64.rpm bind-libs-lite-9.9.4-18.el7_1.2.i686.rpm bind-libs-lite-9.9.4-18.el7_1.2.x86_64.rpm bind-utils-9.9.4-18.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.9.4-18.el7_1.2.i686.rpm bind-debuginfo-9.9.4-18.el7_1.2.x86_64.rpm bind-devel-9.9.4-18.el7_1.2.i686.rpm bind-devel-9.9.4-18.el7_1.2.x86_64.rpm bind-lite-devel-9.9.4-18.el7_1.2.i686.rpm bind-lite-devel-9.9.4-18.el7_1.2.x86_64.rpm bind-sdb-9.9.4-18.el7_1.2.x86_64.rpm bind-sdb-chroot-9.9.4-18.el7_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVrSOfXlSAg2UNWIIRAjE2AJwLMq6iJxePYpd9dGwC7hDW/FOJkgCff3lG RAy0mT5xI+tv+CZjJV1+fpU= =4EM5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Release Date: 2015-07-17 Last Updated: 2015-07-17 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. References: CVE-2015-1349 CVE-2015-4620 SSRT101976 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 running BIND 9.7.3 prior to C.9.7.3.7.0 HP-UX B.11.31 running BIND 9.9.4 prior to C.9.9.4.3.0 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-1349 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2015-4620 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided updated versions of the BIND service to resolve this vulnerability. BIND 9.7.3 for HP-UX Release Depot Name Download location B.11.31 (PA and IA) HP_UX_11.31_HPUX-NameServer_C.9.7.3.7.0_HP-UX_B.11.31_IA_PA.depot https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe r=BIND BIND 9.9.4 for HP-UX Release Depot Name Download location B.11.31 (PA and IA) HP_UX_11.31_HPUX-NameServer_C.9.9.4.3.0_HP-UX_B.11.31_IA_PA.depot https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe r=BIND MANUAL ACTIONS: Yes - Update Download and install the software update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For BIND 9.7.3 HP-UX B.11.31 ================== NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.7.3.7.0 or subsequent For BIND 9.9.4 HP-UX B.11.31 ================== NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.9.4.3.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 17 July 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-2669-1 July 07, 2015 bind9 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: bind9 1:9.9.5.dfsg-9ubuntu0.1 Ubuntu 14.10: bind9 1:9.9.5.dfsg-4.3ubuntu0.3 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.3 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.11 In general, a standard system update will make all the necessary changes. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.7_P1-i486-1_slack14.1.txz: Upgraded. This will result in a denial of service to clients who rely on that resolver. For more information, see: https://kb.isc.org/article/AA-01267/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P1-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P1-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P1-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P1-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P1-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P1-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P1-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P2-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P2-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 38e658538037036f3d77108dcf0865c3 bind-9.9.7_P1-i486-1_slack13.0.txz Slackware x86_64 13.0 package: ce60a95cf08aae43ad371c3344b5ceac bind-9.9.7_P1-x86_64-1_slack13.0.txz Slackware 13.1 package: 32873005a0cf1fefe87c968dabaa69f7 bind-9.9.7_P1-i486-1_slack13.1.txz Slackware x86_64 13.1 package: b4660cadd8c2c0db82b63bce019cd425 bind-9.9.7_P1-x86_64-1_slack13.1.txz Slackware 13.37 package: 60559eab25abe9c4227e786dfbda5ec0 bind-9.9.7_P1-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 466a456646c4f7a36646d7f802364877 bind-9.9.7_P1-x86_64-1_slack13.37.txz Slackware 14.0 package: c333a145f504bd7457030e8b8a016ed2 bind-9.9.7_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 79d7fb87a229627e8a48ed2cdfb0b000 bind-9.9.7_P1-x86_64-1_slack14.0.txz Slackware 14.1 package: 8c5c206b1a1d9ceab53efc04904afcda bind-9.9.7_P1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 01e296eacac7717a2b42090be480007f bind-9.9.7_P1-x86_64-1_slack14.1.txz Slackware -current package: ec06a2234cb84ed6509cdc34355a1ca2 n/bind-9.10.2_P2-i486-1.txz Slackware x86_64 -current package: 7dacb77256d58669f8426a1e0137c4b3 n/bind-9.10.2_P2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.9.7_P1-i486-1_slack14.1.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201510-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Denial of Service Date: October 18, 2015 Bugs: #540640, #553584, #556150, #559462 ID: 201510-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in BIND could lead to a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.10.2_p4 >= 9.10.2_p4 Description =========== A vulnerability has been discovered in BIND's named utility leading to a Denial of Service condition. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.2_p4" References ========== [ 1 ] CVE-2015-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1349 [ 2 ] CVE-2015-4620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620 [ 3 ] CVE-2015-5477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5477 [ 4 ] CVE-2015-5722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5722 [ 5 ] CVE-2015-5986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5986 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201510-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. Adobe Flash Player of ActionScript 3 ByteArray Class uses freed memory (use-after-free) Vulnerabilities exist. ByteArray - AS3 http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/utils/ByteArray.htmlThe user who uses the product has been crafted Flash Accessed or crafted websites containing content Microsoft Office Opening a document may lead to arbitrary code execution on the user's web browser. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. ActionScript 3 (AS3) is an object-oriented programming language developed by Adobe for its Flash product. The following versions are affected: Adobe Flash Player 18.0.0.194 and earlier and 13.0.0.296 and earlier on Windows and OS X, and 11.2.202.468 and earlier on Linux. (widely exploited in July 2015). Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.481" References ========== [ 1 ] CVE-2014-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0578 [ 2 ] CVE-2015-3113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113 [ 3 ] CVE-2015-3114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3114 [ 4 ] CVE-2015-3115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3115 [ 5 ] CVE-2015-3116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3116 [ 6 ] CVE-2015-3117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3117 [ 7 ] CVE-2015-3118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3118 [ 8 ] CVE-2015-3119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3119 [ 9 ] CVE-2015-3120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3120 [ 10 ] CVE-2015-3121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3121 [ 11 ] CVE-2015-3122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3122 [ 12 ] CVE-2015-3123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3123 [ 13 ] CVE-2015-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3124 [ 14 ] CVE-2015-3125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3125 [ 15 ] CVE-2015-3126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3126 [ 16 ] CVE-2015-3127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3127 [ 17 ] CVE-2015-3128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3128 [ 18 ] CVE-2015-3129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3129 [ 19 ] CVE-2015-3130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3130 [ 20 ] CVE-2015-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3131 [ 21 ] CVE-2015-3132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3132 [ 22 ] CVE-2015-3133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3133 [ 23 ] CVE-2015-3134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3134 [ 24 ] CVE-2015-3135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3135 [ 25 ] CVE-2015-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3136 [ 26 ] CVE-2015-3137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3137 [ 27 ] CVE-2015-4428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4428 [ 28 ] CVE-2015-4429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4429 [ 29 ] CVE-2015-4430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4430 [ 30 ] CVE-2015-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4431 [ 31 ] CVE-2015-4432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4432 [ 32 ] CVE-2015-4433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4433 [ 33 ] CVE-2015-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5116 [ 34 ] CVE-2015-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5117 [ 35 ] CVE-2015-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5118 [ 36 ] CVE-2015-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5119 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1214-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1214.html Issue date: 2015-07-08 CVE Names: CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119) Multiple security bypass flaws were found in flash-plugin that could lead to the disclosure of sensitive information. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1240832 - CVE-2015-5119 flash-plugin: code execution issue in APSA15-03 / APSB15-16 1241171 - flash-plugin: multiple code execution issues fixed in APSB15-16 1241173 - flash-plugin: information disclosure issues fixed in APSB15-16 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.481-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.481-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.481-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.481-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.481-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.481-1.el6_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0578 https://access.redhat.com/security/cve/CVE-2015-3114 https://access.redhat.com/security/cve/CVE-2015-3115 https://access.redhat.com/security/cve/CVE-2015-3116 https://access.redhat.com/security/cve/CVE-2015-3117 https://access.redhat.com/security/cve/CVE-2015-3118 https://access.redhat.com/security/cve/CVE-2015-3119 https://access.redhat.com/security/cve/CVE-2015-3120 https://access.redhat.com/security/cve/CVE-2015-3121 https://access.redhat.com/security/cve/CVE-2015-3122 https://access.redhat.com/security/cve/CVE-2015-3123 https://access.redhat.com/security/cve/CVE-2015-3124 https://access.redhat.com/security/cve/CVE-2015-3125 https://access.redhat.com/security/cve/CVE-2015-3126 https://access.redhat.com/security/cve/CVE-2015-3127 https://access.redhat.com/security/cve/CVE-2015-3128 https://access.redhat.com/security/cve/CVE-2015-3129 https://access.redhat.com/security/cve/CVE-2015-3130 https://access.redhat.com/security/cve/CVE-2015-3131 https://access.redhat.com/security/cve/CVE-2015-3132 https://access.redhat.com/security/cve/CVE-2015-3133 https://access.redhat.com/security/cve/CVE-2015-3134 https://access.redhat.com/security/cve/CVE-2015-3135 https://access.redhat.com/security/cve/CVE-2015-3136 https://access.redhat.com/security/cve/CVE-2015-3137 https://access.redhat.com/security/cve/CVE-2015-4428 https://access.redhat.com/security/cve/CVE-2015-4429 https://access.redhat.com/security/cve/CVE-2015-4430 https://access.redhat.com/security/cve/CVE-2015-4431 https://access.redhat.com/security/cve/CVE-2015-4432 https://access.redhat.com/security/cve/CVE-2015-4433 https://access.redhat.com/security/cve/CVE-2015-5116 https://access.redhat.com/security/cve/CVE-2015-5117 https://access.redhat.com/security/cve/CVE-2015-5118 https://access.redhat.com/security/cve/CVE-2015-5119 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-16.html https://helpx.adobe.com/security/products/flash-player/apsa15-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVnYzEXlSAg2UNWIIRAiYOAJ4hyudjAqMbqOcLAA47WlvgoVG25gCdF1BZ bxdi7YGr3vmk1ppaEImDJNg= =KEcy -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. Adobe Flash Player freed memory use (use-after-free) Vulnerability exists. Adobe Flash Player for, ActionScript 3 of opaqueBackground Use of freed memory due to processing (use-after-free) This vulnerability can be exploited to corrupt memory. Proof-of-Concept The code is publicly available. opaqueBackgroundhttp://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/display/DisplayObject.html#opaqueBackground note that, National Vulnerability Database (NVD) Then CWE-416 It is published as. CWE-416: Use After Freehttp://cwe.mitre.org/data/definitions/416.htmlA user of the product may be infected with a maliciously crafted Flash Accessing websites containing crafted content or Microsoft Office By opening a document, arbitrary code may be executed on the user's web browser. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. ActionScript 3 (AS3) is an object-oriented programming language developed by Adobe for its Flash product. (widely exploited in July 2015). Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.508" References ========== [ 1 ] CVE-2015-3107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107 [ 2 ] CVE-2015-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5122 [ 3 ] CVE-2015-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5123 [ 4 ] CVE-2015-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5124 [ 5 ] CVE-2015-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5125 [ 6 ] CVE-2015-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5127 [ 7 ] CVE-2015-5129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5129 [ 8 ] CVE-2015-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5130 [ 9 ] CVE-2015-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5131 [ 10 ] CVE-2015-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5132 [ 11 ] CVE-2015-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5133 [ 12 ] CVE-2015-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5134 [ 13 ] CVE-2015-5539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5539 [ 14 ] CVE-2015-5540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5540 [ 15 ] CVE-2015-5541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5541 [ 16 ] CVE-2015-5544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5544 [ 17 ] CVE-2015-5545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5545 [ 18 ] CVE-2015-5546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5546 [ 19 ] CVE-2015-5547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5547 [ 20 ] CVE-2015-5548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5548 [ 21 ] CVE-2015-5549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5549 [ 22 ] CVE-2015-5550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5550 [ 23 ] CVE-2015-5551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5551 [ 24 ] CVE-2015-5552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5552 [ 25 ] CVE-2015-5553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5553 [ 26 ] CVE-2015-5554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5554 [ 27 ] CVE-2015-5555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5555 [ 28 ] CVE-2015-5556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5556 [ 29 ] CVE-2015-5557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5557 [ 30 ] CVE-2015-5558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5558 [ 31 ] CVE-2015-5559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5559 [ 32 ] CVE-2015-5560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5560 [ 33 ] CVE-2015-5561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5561 [ 34 ] CVE-2015-5562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5562 [ 35 ] CVE-2015-5563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5563 [ 36 ] CVE-2015-5564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5564 [ 37 ] CVE-2015-5965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5965 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201508-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1235-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1235.html Issue date: 2015-07-16 CVE Names: CVE-2015-5122 CVE-2015-5123 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-18 listed in the References section. Two flaws were found in the way flash-plugin displayed certain SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1242216 - CVE-2015-5122 CVE-2015-5123 flash-plugin: two code execution issues in APSA15-04 / APSB15-18 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.491-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.491-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.491-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.491-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.491-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.491-1.el6_6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.491-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.491-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.491-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.491-1.el6_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5122 https://access.redhat.com/security/cve/CVE-2015-5123 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-18.html https://helpx.adobe.com/security/products/flash-player/apsa15-04.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVp+WCXlSAg2UNWIIRAsPvAKC4jqtQIpeXv33Wj/vKMotQ4sdPZwCgibDD MzLG3LQTopnph72hflS2aDE= =XzfT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04796784 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04796784 Version: 1 HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-09-14 Last Updated: 2015-09-14 Potential Security Impact: Remote Denial of Service (DoS), Unauthorized Access to Data Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY HP has released updates to the HP ThinPro and HP Smart Zero Core operating systems to address two vulnerabilities found in Adobe Flash Player versions v11.x through v11.2.202.481 on Linux. References: CVE-2015-5122 CVE-2015-5123 SSRT102253 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Smart Zero Core v4.4 HP Smart Zero Core v5.0 HP Smart Zero Core v5.1 HP Smart Zero Core v5.2 HP ThinPro v4.4 HP ThinPro v5.0 HP ThinPro v5.1 HP ThinPro v5.2 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has released updates to the HP ThinPro and HP Smart Zero Core operating systems to address these Adobe Flash Player vulnerabilities. HP ThinPro 4.4 and HP Smart Zero Core 4.4 http://ftp.hp.com/pub/tcdebian/upda tes/4.4/service_packs/flash11.2.202.491-4.4-5.2-x86.xar HP ThinPro 5.0 and HP Smart Zero Core 5.0 http://ftp.hp.com/pub/tcdebian/upda tes/5.0/service_packs/flash11.2.202.491-4.4-5.2-x86.xar HP ThinPro 5.1 and HP Smart Zero Core 5.1 http://ftp.hp.com/pub/tcdebian/upda tes/5.1/service_packs/flash11.2.202.491-4.4-5.2-x86.xar HP ThinPro 5.2 and HP Smart Zero Core 5.2 ( http://ftp.hp.com/pub/tcdebian/up dates/5.2/service_packs/flash11.2.202.491-4.4-5.2-x86.xar HISTORY Version:1 (rev.1) - 14 September 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The vulnerabilities could be exploited remotely resulting in execution of code or Denial of Service (DoS). - iMC PLAT prior to 7.1 E0303P16 - iMC SHM prior to 7.1 E0301P05 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has provided the following software updates to resolve the vulnerabilities in iMC SHM and iMC PLAT. + iMC SHM 7.1 E0301P05 or later for the following Products/SKUs: - JG398A HP IMC Service Health Manager Software Module License - JG398AAE HP IMC Service Health Manager Software Module E-LTU + iMC PLAT 7.1 E0303P16 or later for the following Products/SKUs: - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU - JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU - JG659AAE HP IMC Smart Connect VAE E-LTU - JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU - JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU HISTORY Version:1 (rev.1) - 28 January 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Libxml2 is prone to a denial-of-service vulnerability. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. xmlreader is one of the components used to read XML. A security vulnerability exists in libxml's xmlreader component. For the oldstable distribution (wheezy), these problems have been fixed in version 2.8.0+dfsg1-7+wheezy5. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. For the unstable distribution (sid), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2015:2550-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2550.html Issue date: 2015-12-07 CVE Names: CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 ===================================================================== 1. Summary: Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955) Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1211278 - CVE-2015-1819 libxml2: denial of service processing a crafted XML document 1213957 - libxml2: out-of-bounds memory access when parsing an unclosed HTML comment 1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access 1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() 1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input 1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey 1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl 1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW 1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration 1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar 1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc 1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode 1281955 - libxml2: Multiple out-of-bounds reads in xmlDictComputeFastKey.isra.2 and xmlDictAddString.isra.O 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm aarch64: libxml2-2.9.1-6.el7_2.2.aarch64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm libxml2-devel-2.9.1-6.el7_2.2.aarch64.rpm libxml2-python-2.9.1-6.el7_2.2.aarch64.rpm ppc64: libxml2-2.9.1-6.el7_2.2.ppc.rpm libxml2-2.9.1-6.el7_2.2.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc64.rpm libxml2-python-2.9.1-6.el7_2.2.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.2.ppc64le.rpm s390x: libxml2-2.9.1-6.el7_2.2.s390.rpm libxml2-2.9.1-6.el7_2.2.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm libxml2-devel-2.9.1-6.el7_2.2.s390.rpm libxml2-devel-2.9.1-6.el7_2.2.s390x.rpm libxml2-python-2.9.1-6.el7_2.2.s390x.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: libxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm libxml2-static-2.9.1-6.el7_2.2.aarch64.rpm ppc64: libxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm libxml2-static-2.9.1-6.el7_2.2.ppc.rpm libxml2-static-2.9.1-6.el7_2.2.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.2.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm libxml2-static-2.9.1-6.el7_2.2.s390.rpm libxml2-static-2.9.1-6.el7_2.2.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1819 https://access.redhat.com/security/cve/CVE-2015-5312 https://access.redhat.com/security/cve/CVE-2015-7497 https://access.redhat.com/security/cve/CVE-2015-7498 https://access.redhat.com/security/cve/CVE-2015-7499 https://access.redhat.com/security/cve/CVE-2015-7500 https://access.redhat.com/security/cve/CVE-2015-7941 https://access.redhat.com/security/cve/CVE-2015-7942 https://access.redhat.com/security/cve/CVE-2015-8241 https://access.redhat.com/security/cve/CVE-2015-8242 https://access.redhat.com/security/cve/CVE-2015-8317 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWZZK6XlSAg2UNWIIRAlx5AKCfIxP9TLM+V/vmQq6MVeUpjiGltgCgnOgZ IOmptwborGrgz5fLqra3STg= =bVgd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A website may be able to track sensitive user information Description: A hidden web page may be able to access device- orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden. CVE-ID CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net) WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Denial of Service Date: July 07, 2015 Bugs: #546720 ID: 201507-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in libxml2 allows a remote attacker to cause Denial of Service. Background ========== libxml2 is the XML C parser and toolkit developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.2-r1 >= 2.9.2-r1 Description =========== libxml2 returns the empty string when the allocation limit is encountered while constructing the attribute value string. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.2-r1" References ========== [ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following: apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659 Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762 Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195 Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551 Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc. Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab Tcl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. CVE-ID CVE-2015-8126 : Adam Mariš TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171 OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----

cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter. AirLive BU-2015 , BU-3026 , MD-3025 The firmware of OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Airlive is an IP surveillance network solution provider and security product vendor. An attacker could use this vulnerability to inject arbitrary commands by sending a constructed request to the file. Multiple AirLive Products are prone to multiple OS command-injection vulnerabilities. OvisLink AirLive IP Cameras MD-3025, IP Cameras BU-3026 and IP Cameras BU-2015 are network camera products of OvisLink. The following products are affected: OvisLink AirLive IP Cameras MD-3025 with firmware version 1.81, IP Cameras BU-3026 with firmware version 1.43, IP Cameras BU-2015 with firmware version 1.03.18

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A remote attacker can execute arbitrary queries on the underlying database. According to ANTLabs, only HTTPS connections are vulnerable to this type of attack. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

WAS China Mobile Proxy Server is to meet the high informationization group customers 'mobile office, production control, marketing services and other informatization needs through mobile terminals. The group customers' intranets are deployed for application coupling with their OA, ERP and CRP Gateway. A common SQL injection vulnerability exists in the MAS China Mobile proxy server, allowing attackers to use this vulnerability to obtain database sensitive information.

cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. plural AirLive Product firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OvisLink Airlive IP Cameras WL-2000CAM and Airlive IP Cameras POE-200CAM are OvisLink's network camera products. Operating system command injection vulnerability exists in the /cgi-bin/mft/wireless_mft.cgi binary of OvisLink AirLive IP Cameras WL-2000CAM and Airlive IP Cameras POE-200CAM. The attacker can use the hard-coded certificate in the configuration file of the Boa Web server to use the vulnerability to decode the certificate and obtain access rights to the device. Multiple AirLive Products are prone to multiple OS command-injection vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary OS commands in the context of the affected application. The following versions and products are affected: AirLive BU-2015 with firmware version 1.03.18 16.06.2014; AirLive BU-3026 with firmware version 1.43 21.08.2014; AirLive MD-3025 with firmware version 1.81 21.08.2014; .1.6.18 AirLive WL-2000CAM with firmware version 14.10.2011; AirLive POE-200CAM v2 with firmware version LM.1.6.17.01

Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A cross-site scripting vulnerability exists in the index-login.ant file in the ANTlabs InnGate firmware for several ANTlabs devices. If the user can be tempted to click on an XSS injection link. A remote attacker could exploit this vulnerability to obtain a user credential administrator panel. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Multiple F5 BIG-IP products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. F5 BIG-IQ Cloud, etc. Cloud is a component that provides iApp lifecycle management and BIG-IP deployment in public and private clouds. Device is a component that provides device inventory, status, backup, update, upgrade and license management. Security is a centralized management component that provides F5 AFM and ASM security solutions. The following products and versions are affected: F5 BIG-IQ Cloud 4.4.0 to 4.5.0, Device 4.4.0 to 4.5.0, Security 4.4.0 to 4.5.0, ADC 4.5.0

Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220. An attacker can exploit this issue to crash the affected device; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCus84220. The appliance also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, anti-spam, and more

Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream. Mozilla Firefox and Thunderbird are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, to gain elevated privileges, to access sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks. Note #1: The issue described by CVE-2015-2721 has been moved to BID 83398 (Mozilla Network Security Services CVE-2015-2721 Security Bypass Vulnerability) for better documentation. Note #2: The issue described by CVE-2015-2730 has been moved to BID 83399 (Mozilla Network Security Services CVE-2015-2730 Security Bypass Vulnerability) for better documentation. Mozilla Firefox on OS X is an open source web browser based on the OS X platform of the Mozilla Foundation of the United States. There is a security vulnerability in Mozilla Firefox versions earlier than 39.0 based on the OS X platform. The vulnerability stems from the fact that local keystroke information is included when the program records crash events. Background ========== Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-38.5.0" All Firefox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.5.0" All Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.5.0"= All Thunderbird-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.5.0" References ========== [ 1 ] CVE-2015-0798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0798 [ 2 ] CVE-2015-0799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0799 [ 3 ] CVE-2015-0801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0801 [ 4 ] CVE-2015-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0802 [ 5 ] CVE-2015-0803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0803 [ 6 ] CVE-2015-0804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0804 [ 7 ] CVE-2015-0805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0805 [ 8 ] CVE-2015-0806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0806 [ 9 ] CVE-2015-0807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0807 [ 10 ] CVE-2015-0808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0808 [ 11 ] CVE-2015-0810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0810 [ 12 ] CVE-2015-0811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0811 [ 13 ] CVE-2015-0812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0812 [ 14 ] CVE-2015-0813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0813 [ 15 ] CVE-2015-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0814 [ 16 ] CVE-2015-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0815 [ 17 ] CVE-2015-0816 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0816 [ 18 ] CVE-2015-2706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2706 [ 19 ] CVE-2015-2721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721 [ 20 ] CVE-2015-2722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2722 [ 21 ] CVE-2015-2724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2724 [ 22 ] CVE-2015-2725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2725 [ 23 ] CVE-2015-2726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2726 [ 24 ] CVE-2015-2727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2727 [ 25 ] CVE-2015-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2728 [ 26 ] CVE-2015-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2729 [ 27 ] CVE-2015-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2730 [ 28 ] CVE-2015-2731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2731 [ 29 ] CVE-2015-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2733 [ 30 ] CVE-2015-2734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2734 [ 31 ] CVE-2015-2735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2735 [ 32 ] CVE-2015-2736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2736 [ 33 ] CVE-2015-2737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2737 [ 34 ] CVE-2015-2738 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2738 [ 35 ] CVE-2015-2739 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2739 [ 36 ] CVE-2015-2740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2740 [ 37 ] CVE-2015-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2741 [ 38 ] CVE-2015-2742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2742 [ 39 ] CVE-2015-2743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2743 [ 40 ] CVE-2015-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2808 [ 41 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000 [ 42 ] CVE-2015-4495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4495 [ 43 ] CVE-2015-4513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4513 [ 44 ] CVE-2015-4514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4514 [ 45 ] CVE-2015-4515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4515 [ 46 ] CVE-2015-4518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4518 [ 47 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 48 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 49 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 50 ] CVE-2015-7187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7187 [ 51 ] CVE-2015-7188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7188 [ 52 ] CVE-2015-7189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7189 [ 53 ] CVE-2015-7191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7191 [ 54 ] CVE-2015-7192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7192 [ 55 ] CVE-2015-7193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7193 [ 56 ] CVE-2015-7194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7194 [ 57 ] CVE-2015-7195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7195 [ 58 ] CVE-2015-7196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7196 [ 59 ] CVE-2015-7197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7197 [ 60 ] CVE-2015-7198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7198 [ 61 ] CVE-2015-7199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7199 [ 62 ] CVE-2015-7200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7200 [ 63 ] CVE-2015-7201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7201 [ 64 ] CVE-2015-7202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7202 [ 65 ] CVE-2015-7203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7203 [ 66 ] CVE-2015-7204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7204 [ 67 ] CVE-2015-7205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7205 [ 68 ] CVE-2015-7207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7207 [ 69 ] CVE-2015-7208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7208 [ 70 ] CVE-2015-7210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7210 [ 71 ] CVE-2015-7211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7211 [ 72 ] CVE-2015-7212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7212 [ 73 ] CVE-2015-7213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7213 [ 74 ] CVE-2015-7214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7214 [ 75 ] CVE-2015-7215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7215 [ 76 ] CVE-2015-7216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7216 [ 77 ] CVE-2015-7217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7217 [ 78 ] CVE-2015-7218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7218 [ 79 ] CVE-2015-7219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7219 [ 80 ] CVE-2015-7220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7220 [ 81 ] CVE-2015-7221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7221 [ 82 ] CVE-2015-7222 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7222 [ 83 ] CVE-2015-7223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7223 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201512-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5