VARIoT IoT vulnerabilities database
| VAR-202003-1194 | CVE-2015-5684 | Lenovo Service Engine Classic buffer overflow vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. Lenovo Service Engine (LSE) Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Multiple products are prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition
| VAR-201508-0616 | CVE-2015-5618 | Chiyu Technology fingerprint access control contains multiple vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871. Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting (XSS) vulnerability and an authentication bypass vulnerability. Chiyu BF-630 and BF-630W are network fingerprint access controllers from Chiyu. There are security holes in the Chiyu BF-630 and BF-630W fingerprint access-control devices.
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions on the affected device. This may aid in further attacks
| VAR-201508-0309 | CVE-2015-2870 | Chiyu Technology fingerprint access control contains multiple vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Chiyu BF-630, BF-630W and BF-660C are products of Chiyu. Both the BF-630 and BF-630W are networked fingerprint access controllers. BF-660C is a network type fingerprint access control attendance machine.
An attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users
| VAR-201508-0601 | CVE-2015-2890 | BIOS implementations fail to properly set UEFI write protections after waking from sleep mode |
CVSS V2: 7.2 CVSS V3: 6.0 Severity: MEDIUM |
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. plural Dell Device firmware BIOS Implementation locks protection mechanism to wake from sleep BIOS_CNTL Is not processed, EFI There is a vulnerability that allows a flash attack to be executed. This vulnerability CVE-2015-3692 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlBy using the access right to the console by a local user, EFI A flash attack may be performed. Dell Latitude and others are products of Dell. There are security vulnerabilities in the BIOS implementation of several Dell devices. The BIOS_CNTL lock protection mechanism was not enforced when the program resumed from sleep mode
| VAR-201508-0279 | CVE-2015-1009 | Schneider Electric InduSoft Password storage vulnerability |
CVSS V2: 1.7 CVSS V3: - Severity: LOW |
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. InduSoft Web Studio is a SCADA system and embedded instrumentation solution for developing human-machine interfaces, supervisory control and data acquisition. Multiple Schneider Electric products are prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information which may aid in further attacks.
The following products are vulnerable:
InduSoft Web Studio 7.1.3.4 and prior
InTouch Machine Edition 2014 7.1.3.4 and prior
| VAR-201508-0385 | CVE-2015-1970 | IBM WebSphere DataPower XC10 Vulnerability in obtaining important information in appliances |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. IBM WebSphere DataPower XC10 is a high-speed cache platform of IBM Corporation in the United States. The platform enables distributed caching of data with little to no change to existing applications
| VAR-201508-0499 | CVE-2015-4289 | Cisco AnyConnect Secure Mobility Client Vulnerable to directory traversal |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.
Exploiting this issue can allow an attacker to write or overwrite arbitrary files in users context. Information harvested may aid in launching further attacks.
This issue is being tracked by Cisco Bug ID CSCut93920
| VAR-201508-0500 | CVE-2015-4291 | Cisco ASR 1000 Run on device Cisco IOS XE Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business.
Attackers can exploit this issue to reload the affected device, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtd72617
| VAR-201508-0501 | CVE-2015-4292 | Cisco Prime Central for Hosted Collaboration Solution Management interface cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCuv45818. The platform provides functions such as secure access authentication and real-time fault analysis
| VAR-201508-0502 | CVE-2015-4294 | Cisco Unified Communications Manager IM and Presence Service Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. Cisco Unified Communications Manager IM and Presence Service Contains a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCut41766
| VAR-201508-0503 | CVE-2015-4295 | Cisco Unified Communications Manager of Prime Collaboration Deployment component In root Vulnerabilities that can be used to obtain authentication information |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
This issue is being tracked by Cisco BugId CSCuv21819. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Prime Collaboration Deployment is one of the enterprise collaboration network management solution components
| VAR-201508-0074 | CVE-2015-5696 | Dell Netvault Backup Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. Dell NetVault Backup is prone to a denial-of-service vulnerability.
Remote attackers can exploit this issue to cause denial-of-service conditions for legitimate users. The solution protects data and applications in physical and virtual environments
| VAR-201507-0690 | No CVE | D-Link DCS-2103 HTML Injection Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
D-link DCS-2103 is a network camera product from D-Link.
D-Link DCS-2103 has an HTML injection vulnerability and a cross-site request forgery vulnerability. A remote attacker could use these vulnerabilities to perform unauthorized operations, execute arbitrary scripts or HTML code in the context of a browser, and steal cookie-based authentication. Other attacks are also possible
| VAR-201507-0518 | CVE-2015-4293 | Cisco IOS XE Denial of service in the implementation of packet reassembly (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. Cisco IOS XE is an operating system developed by Cisco Systems for its network devices. This vulnerability is caused by an ATTN-3-SYNC_TIMEOUT error message sent to the console and system logs when the program execution fragment packet reassembly fails.
An attacker can exploit this issue to consume CPU resources and cause a denial-of-service condition.
This issue is being tracked by Cisco Bug ID CSCuo37957
| VAR-201507-0514 | CVE-2015-4286 | Cisco Unified Computing System Central Software Web Vulnerability to read arbitrary files in the framework |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. Cisco UCS Central Software is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.
This issue being tracked by Cisco Bug ID CSCuu41377
| VAR-201507-0517 | CVE-2015-4290 | Mac OS X Run on Cisco AnyConnect Secure Mobility Client Service disruption in the kernel extension (DoS) Vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255. Vendors have confirmed this vulnerability Bug ID CSCut12255 It is released as.Local user disrupts service operation due to problems with adjacent memory areas ( panic ) There is a possibility of being put into a state. Cisco AnyConnect Secure Mobility Client is prone to a local denial-of-service vulnerability.
A local attacker can exploit this issue to cause a denial-of-service condition.
This issue is being tracked by Cisco bug ID CSCut12255
| VAR-201507-0037 | CVE-2015-5477 |
ISC BIND Denial of service vulnerability
Related entries in the VARIoT exploits database: VAR-E-201505-0004, VAR-E-201505-0003, VAR-E-201505-0002 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. ISC BIND is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause a denial-of-service. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: bind security update
Advisory ID: RHSA-2015:1513-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1513.html
Issue date: 2015-07-28
CVE Names: CVE-2015-5477
=====================================================================
1. Summary:
Updated bind packages that fix one security issue are now available for Red
Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
A flaw was found in the way BIND handled requests for TKEY DNS resource
records. A remote attacker could use this flaw to make named (functioning
as an authoritative DNS server or a DNS resolver) exit unexpectedly with an
assertion failure via a specially crafted DNS request packet.
(CVE-2015-5477)
Red Hat would like to thank ISC for reporting this issue. Upstream
acknowledges Jonathan Foote as the original reporter.
All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
bind-9.8.2-0.37.rc1.el6_7.2.src.rpm
i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.i686.rpm
x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
bind-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.i686.rpm
x86_64:
bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
bind-9.8.2-0.37.rc1.el6_7.2.src.rpm
x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
bind-9.8.2-0.37.rc1.el6_7.2.src.rpm
i386:
bind-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.i686.rpm
ppc64:
bind-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.ppc.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.ppc.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
s390x:
bind-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.s390.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.s390.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
x86_64:
bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.i686.rpm
ppc64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.ppc.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.ppc.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.ppc64.rpm
s390x:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.s390.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.s390.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.s390x.rpm
x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
bind-9.8.2-0.37.rc1.el6_7.2.src.rpm
i386:
bind-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.i686.rpm
x86_64:
bind-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-chroot-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-libs-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-utils-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.i686.rpm
x86_64:
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-debuginfo-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.i686.rpm
bind-devel-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
bind-sdb-9.8.2-0.37.rc1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
bind-9.9.4-18.el7_1.3.src.rpm
noarch:
bind-license-9.9.4-18.el7_1.3.noarch.rpm
x86_64:
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-9.9.4-18.el7_1.3.i686.rpm
bind-libs-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm
bind-utils-9.9.4-18.el7_1.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bind-9.9.4-18.el7_1.3.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.3.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-devel-9.9.4-18.el7_1.3.i686.rpm
bind-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
bind-9.9.4-18.el7_1.3.src.rpm
noarch:
bind-license-9.9.4-18.el7_1.3.noarch.rpm
x86_64:
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-9.9.4-18.el7_1.3.i686.rpm
bind-libs-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm
bind-utils-9.9.4-18.el7_1.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bind-9.9.4-18.el7_1.3.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.3.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-devel-9.9.4-18.el7_1.3.i686.rpm
bind-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
bind-9.9.4-18.el7_1.3.src.rpm
noarch:
bind-license-9.9.4-18.el7_1.3.noarch.rpm
ppc64:
bind-9.9.4-18.el7_1.3.ppc64.rpm
bind-chroot-9.9.4-18.el7_1.3.ppc64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.ppc.rpm
bind-debuginfo-9.9.4-18.el7_1.3.ppc64.rpm
bind-libs-9.9.4-18.el7_1.3.ppc.rpm
bind-libs-9.9.4-18.el7_1.3.ppc64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.ppc.rpm
bind-libs-lite-9.9.4-18.el7_1.3.ppc64.rpm
bind-utils-9.9.4-18.el7_1.3.ppc64.rpm
s390x:
bind-9.9.4-18.el7_1.3.s390x.rpm
bind-chroot-9.9.4-18.el7_1.3.s390x.rpm
bind-debuginfo-9.9.4-18.el7_1.3.s390.rpm
bind-debuginfo-9.9.4-18.el7_1.3.s390x.rpm
bind-libs-9.9.4-18.el7_1.3.s390.rpm
bind-libs-9.9.4-18.el7_1.3.s390x.rpm
bind-libs-lite-9.9.4-18.el7_1.3.s390.rpm
bind-libs-lite-9.9.4-18.el7_1.3.s390x.rpm
bind-utils-9.9.4-18.el7_1.3.s390x.rpm
x86_64:
bind-9.9.4-18.el7_1.3.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.3.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-9.9.4-18.el7_1.3.i686.rpm
bind-libs-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm
bind-utils-9.9.4-18.el7_1.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
bind-9.9.4-18.ael7b_1.3.src.rpm
noarch:
bind-license-9.9.4-18.ael7b_1.3.noarch.rpm
ppc64le:
bind-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-chroot-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-debuginfo-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-libs-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-libs-lite-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-utils-9.9.4-18.ael7b_1.3.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bind-debuginfo-9.9.4-18.el7_1.3.ppc.rpm
bind-debuginfo-9.9.4-18.el7_1.3.ppc64.rpm
bind-devel-9.9.4-18.el7_1.3.ppc.rpm
bind-devel-9.9.4-18.el7_1.3.ppc64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.ppc.rpm
bind-lite-devel-9.9.4-18.el7_1.3.ppc64.rpm
bind-sdb-9.9.4-18.el7_1.3.ppc64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.ppc64.rpm
s390x:
bind-debuginfo-9.9.4-18.el7_1.3.s390.rpm
bind-debuginfo-9.9.4-18.el7_1.3.s390x.rpm
bind-devel-9.9.4-18.el7_1.3.s390.rpm
bind-devel-9.9.4-18.el7_1.3.s390x.rpm
bind-lite-devel-9.9.4-18.el7_1.3.s390.rpm
bind-lite-devel-9.9.4-18.el7_1.3.s390x.rpm
bind-sdb-9.9.4-18.el7_1.3.s390x.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.s390x.rpm
x86_64:
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-devel-9.9.4-18.el7_1.3.i686.rpm
bind-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
bind-debuginfo-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-devel-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-lite-devel-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-sdb-9.9.4-18.ael7b_1.3.ppc64le.rpm
bind-sdb-chroot-9.9.4-18.ael7b_1.3.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
bind-9.9.4-18.el7_1.3.src.rpm
noarch:
bind-license-9.9.4-18.el7_1.3.noarch.rpm
x86_64:
bind-9.9.4-18.el7_1.3.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.3.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-9.9.4-18.el7_1.3.i686.rpm
bind-libs-9.9.4-18.el7_1.3.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.3.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.3.x86_64.rpm
bind-utils-9.9.4-18.el7_1.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bind-debuginfo-9.9.4-18.el7_1.3.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.3.x86_64.rpm
bind-devel-9.9.4-18.el7_1.3.i686.rpm
bind-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.3.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.3.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-5477
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVuCBAXlSAg2UNWIIRApEkAJ9P0OHgik/kkBRgXJ4YnHQ+twrw1wCgpWRM
77IQ31eFv/9qlY2vcXleBMA=
=Jhz9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Release Date: 2015-08-18
Last Updated: 2015-08-18
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running
BIND. This vulnerability could be exploited remotely to create a Denial of
Service (DoS).
References:
CVE-2015-5477
CVE-2014-8500
SSRT102211
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11 running BIND 9.3.2 prior to C.9.3.2.14.0
HP-UX B.11.23 running BIND 9.3.2 prior to C.9.3.2.14.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-5477 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2014-8500 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided updated versions of the BIND service to resolve this
vulnerability.
BIND 9.3.2 for HP-UX Release
Depot Name
Download location
B.11.11 (PA and IA)
HP_UX_11.11_DNSUPGRADE_C.9.3.2.14.0_HP-UX_B.11.11_32_64.depot
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe
r=BIND
BIND 9.3.2 for HP-UX Release
Depot Name
Download location
B.11.23 (PA and IA)
HP_UX_11.23_DNSUPGRADE_C.9.3.2.14.0_HP-UX_B.11.23_IA_PA.depot
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe
r=BIND
MANUAL ACTIONS: Yes - Update
Download and install the software update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
BindUpgrade.BIND-UPGRADE
action: install revision C.9.3.2.14.0 or subsequent
HP-UX B.11.23
==================
BindUpgrade.BIND-UPGRADE
BindUpgrade.BIND2-UPGRADE
action: install revision C.9.3.2.14.0 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 18 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:17.bind Security Advisory
The FreeBSD Project
Topic: BIND remote denial of service vulnerability
Category: contrib
Module: bind
Announced: 2015-07-28
Credits: ISC
Affects: FreeBSD 8.x and FreeBSD 9.x.
Corrected: 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE)
2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21)
2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE)
2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35)
CVE Name: CVE-2015-5477
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
II.
III. Impact
A remote attacker can trigger a crash of a name server. Both recursive and
authoritative servers are affected, and the exposure can not be mitigated
by either ACLs or configuration options limiting or denying service because
the exploitable code occurs early in the packet handling, before checks
enforcing those boundaries.
IV. Workaround
No workaround is available, but systems that are not running BIND are not
vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date. A reboot is
recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
The named service has to be restarted after the update. A reboot is
recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch
# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch.asc
# gpg --verify bind.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r285977
releng/8.4/ r285980
stable/9/ r285977
releng/9.3/ r285980
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. This issue was addressed by updating BIND to version
9.9.7-P2.
CVE-ID
CVE-2015-5477
OS X Server v4.1.5 may be obtained from the Mac App Store. ============================================================================
Ubuntu Security Notice USN-2693-1
July 28, 2015
bind9 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Bind could be made to crash if it received specially crafted network
traffic.
Software Description:
- bind9: Internet Domain Name Server
Details:
Jonathan Foote discovered that Bind incorrectly handled certain TKEY
queries.
(CVE-2015-5477)
Pories Ediansyah discovered that Bind incorrectly handled certain
configurations involving DNS64. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
bind9 1:9.9.5.dfsg-9ubuntu0.2
Ubuntu 14.04 LTS:
bind9 1:9.9.5.dfsg-3ubuntu0.4
Ubuntu 12.04 LTS:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.12
In general, a standard system update will make all the necessary changes.
VCX prior to 9.8.18 with OpenSSH or ISC BIND.
+ VCX 9.8.18 for the following Products/SKUs:
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
HISTORY
Version:1 (rev.1) - 28 January 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy. 6.5) - i386, ppc64, s390x, x86_64
3. A remote attacker could use a specially crafted zone
containing a large number of referrals which, when looked up and processed,
would cause named to use excessive amounts of memory or crash. (CVE-2015-8000)
Note: This issue affects authoritative servers as well as recursive
servers, however authoritative servers are at limited risk if they perform
authentication when making recursive queries to resolve addresses for
servers listed in NS RRSETs
| VAR-201603-0003 | CVE-2015-7551 | Apple OS X Distributed by such products Ruby of ext/fiddle/handle.c of Fiddle::Handle Vulnerabilities in arbitrary code execution |
CVSS V2: 4.6 CVSS V3: 8.4 Severity: HIGH |
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. Ruby is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple OS X is a dedicated operating system developed by Apple for Mac computers. The following products and versions are affected: Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, 2.2 prior to 2.2.4, and Apple OS X prior to 10.11.4. (Note: This issue was originally fixed in the CNNVD-201508-060 patch, but reappeared after DL was implemented using Fiddle and libffi). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-ruby22-ruby security, bug fix, and enhancement update
Advisory ID: RHSA-2018:0583-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0583
Issue date: 2018-03-26
CVE Names: CVE-2009-5147 CVE-2015-7551 CVE-2017-0898
CVE-2017-0899 CVE-2017-0900 CVE-2017-0901
CVE-2017-0902 CVE-2017-0903 CVE-2017-10784
CVE-2017-14033 CVE-2017-14064 CVE-2017-17405
CVE-2017-17790
=====================================================================
1. Summary:
An update for rh-ruby22-ruby is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version:
rh-ruby22-ruby (2.2.9), rh-ruby22-rubygems (2.4.5.4),
rh-ruby22-rubygem-psych (2.0.8.1), rh-ruby22-rubygem-json (1.8.1.1).
(BZ#1549646)
Security Fix(es):
* ruby: Command injection vulnerability in Net::FTP (CVE-2017-17405)
* ruby: Buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898)
* rubygems: Arbitrary file overwrite due to incorrect validation of
specification name (CVE-2017-0901)
* rubygems: DNS hijacking vulnerability (CVE-2017-0902)
* rubygems: Unsafe object deserialization through YAML formatted gem
specifications (CVE-2017-0903)
* ruby: Escape sequence injection vulnerability in the Basic authentication
of WEBrick (CVE-2017-10784)
* ruby: Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033)
* ruby: DL::dlopen could open a library with tainted library name
(CVE-2009-5147, CVE-2015-7551)
* rubygems: Escape sequence in the "summary" field of gemspec
(CVE-2017-0899)
* rubygems: No size limit in summary length of gem spec (CVE-2017-0900)
* ruby: Arbitrary heap exposure during a JSON.generate call
(CVE-2017-14064)
* ruby: Command injection in lib/resolv.rb:lazy_initialize() allows
arbitrary code execution (CVE-2017-17790)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1248935 - CVE-2009-5147 CVE-2015-7551 ruby: DL::dlopen could open a library with tainted library name
1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call
1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name
1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec
1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability
1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec
1491866 - CVE-2017-14033 ruby: Buffer underrun in OpenSSL ASN1 decode
1492012 - CVE-2017-10784 ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
1492015 - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
1500488 - CVE-2017-0903 rubygems: Unsafe object deserialization through YAML formatted gem specifications
1526189 - CVE-2017-17405 ruby: Command injection vulnerability in Net::FTP
1528218 - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
1549646 - Rebase to the latest Ruby 2.2 point release
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-ruby22-ruby-2.2.9-19.el6.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el6.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el6.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el6.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el6.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el6.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el6.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el6.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el6.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el6.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el6.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el6.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el6.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el6.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-ruby22-ruby-2.2.9-19.el7.src.rpm
noarch:
rh-ruby22-ruby-doc-2.2.9-19.el7.noarch.rpm
rh-ruby22-ruby-irb-2.2.9-19.el7.noarch.rpm
rh-ruby22-rubygem-minitest-5.4.3-19.el7.noarch.rpm
rh-ruby22-rubygem-power_assert-0.2.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rake-10.4.2-19.el7.noarch.rpm
rh-ruby22-rubygem-rdoc-4.2.0-19.el7.noarch.rpm
rh-ruby22-rubygem-test-unit-3.0.8-19.el7.noarch.rpm
rh-ruby22-rubygems-devel-2.4.5.4-19.el7.noarch.rpm
x86_64:
rh-ruby22-ruby-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-debuginfo-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-devel-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-libs-2.2.9-19.el7.x86_64.rpm
rh-ruby22-ruby-tcltk-2.2.9-19.el7.x86_64.rpm
rh-ruby22-rubygem-bigdecimal-1.2.6-19.el7.x86_64.rpm
rh-ruby22-rubygem-io-console-0.4.3-19.el7.x86_64.rpm
rh-ruby22-rubygem-json-1.8.1.1-19.el7.x86_64.rpm
rh-ruby22-rubygem-psych-2.0.8.1-19.el7.x86_64.rpm
rh-ruby22-rubygems-2.4.5.4-19.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2009-5147
https://access.redhat.com/security/cve/CVE-2015-7551
https://access.redhat.com/security/cve/CVE-2017-0898
https://access.redhat.com/security/cve/CVE-2017-0899
https://access.redhat.com/security/cve/CVE-2017-0900
https://access.redhat.com/security/cve/CVE-2017-0901
https://access.redhat.com/security/cve/CVE-2017-0902
https://access.redhat.com/security/cve/CVE-2017-0903
https://access.redhat.com/security/cve/CVE-2017-10784
https://access.redhat.com/security/cve/CVE-2017-14033
https://access.redhat.com/security/cve/CVE-2017-14064
https://access.redhat.com/security/cve/CVE-2017-17405
https://access.redhat.com/security/cve/CVE-2017-17790
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFauMCwXlSAg2UNWIIRAt7+AKCI6oUS1rfveUw8jicxIi6EpIyH4wCgqBO0
GhFJ0ZG9kuNetqyols+muU4=
=ZJq+
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update
2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available
and addresses the following:
apache_mod_php
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by updating libpng to version
1.6.20.
CVE-ID
CVE-2015-8126 : Adam Mariš
CVE-2015-8472 : Adam Mariš
AppleRAID
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: A local user may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1735 : Jeonghoon Shin@A.D.D
CVE-2016-1736 : beist and ABH of BoB
Carbon
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .dfont file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2016-1737 : an anonymous researcher
dyld
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An attacker may tamper with code-signed applications to
execute arbitrary code in the application's context
Description: A code signing verification issue existed in dyld. This
issue was addressed with improved validation.
CVE-ID
CVE-2016-1738 : beist and ABH of BoB
FontParser
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
Intel Graphics Driver
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1743 : Piotr Bania of Cisco Talos
CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: A local user may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1745 : sweetchip of Grayhash
IOGraphics
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's
Zero Day Initiative (ZDI)
CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's
Zero Day Initiative (ZDI)
IOHIDFamily
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
IOUSBFamily
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of
Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
CVE-2016-1759 : lokihardt
Kernel
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Clicking a JavaScript link can reveal sensitive user
information
Description: An issue existed in the processing of JavaScript links.
This issue was addressed through improved content security policy
checks.
CVE-ID
CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of
Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 to v10.11.3
Impact: Connecting to a server may leak sensitive user information,
such as a client's private keys
Description: Roaming, which was on by default in the OpenSSH client,
exposed an information leak and a buffer overflow. These issues were
addressed by disabling roaming in the client.
CVE-ID
CVE-2016-0777 : Qualys
CVE-2016-0778 : Qualys
OpenSSH
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Multiple vulnerabilities in LibreSSL
Description: Multiple vulnerabilities existed in LibreSSL versions
prior to 2.1.8. These were addressed by updating LibreSSL to version
2.1.8.
CVE-ID
CVE-2015-5333 : Qualys
CVE-2015-5334 : Qualys
OpenSSL
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: A remote attacker may be able to cause a denial of service
Description: A memory leak existed in OpenSSL versions prior to
0.9.8zh. This issue was addressed by updating OpenSSL to version
0.9.8zh.
CVE-ID
CVE-2015-3195
Python
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by updating libpng to version
1.6.20.
CVE-ID
CVE-2014-9495
CVE-2015-0973
CVE-2015-8126 : Adam Mariš
CVE-2015-8472 : Adam Mariš
QuickTime
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted FlashPix Bitmap Image may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1767 : Francis Provencher from COSIG
CVE-2016-1768 : Francis Provencher from COSIG
QuickTime
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted Photoshop document may lead
to unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1769 : Francis Provencher from COSIG
Reminders
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Clicking a tel link can make a call without prompting the
user
Description: A user was not prompted before invoking a call. This
was addressed through improved entitlement checks. This issue was addressed by updating to
version 2.0.0-p648.
CVE-ID
CVE-2015-7551
Security
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: A local user may be able to check for the existence of
arbitrary files
Description: A permissions issue existed in code signing tools. This
was addressed though additional ownership checks.
CVE-ID
CVE-2016-1773 : Mark Mentovai of Google Inc.
Security
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by removing libpng.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
Wi-Fi
Available for: OS X El Capitan v10.11 to v10.11.3
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1.
https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6
ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w
HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l
Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau
/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi
UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng
O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78
juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF
i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP
Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X
qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q
VZmOKa8qMxB1L/JmdCqy
=mZR+
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3365-1
July 25, 2017
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Ruby. An attacker could possibly use this issue to open libraries with
tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)
Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby
OpenSSL extension incorrectly handled hostname wildcard matching. This
issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)
Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly
handled certain crafted strings. This issue only
applied to Ubuntu 14.04 LTS. (CVE-2015-7551)
It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A
remote attacker could possibly use this issue to inject SMTP commands.
(CVE-2015-9096)
Marcin Noga discovered that Ruby incorrectly handled certain arguments in
a TclTkIp class method. An attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-2337)
It was discovered that Ruby Fiddle::Function.new incorrectly handled
certain arguments. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)
It was discovered that Ruby incorrectly handled the initialization vector
(IV) in GCM mode. (CVE-2016-7798)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libruby2.3 2.3.3-1ubuntu0.1
ruby2.3 2.3.3-1ubuntu0.1
Ubuntu 16.04 LTS:
libruby2.3 2.3.1-2~16.04.2
ruby2.3 2.3.1-2~16.04.2
Ubuntu 14.04 LTS:
libruby1.9.1 1.9.3.484-2ubuntu1.3
libruby2.0 2.0.0.484-1ubuntu2.4
ruby1.9.1 1.9.3.484-2ubuntu1.3
ruby2.0 2.0.0.484-1ubuntu2.4
In general, a standard system update will make all the necessary changes
| VAR-201507-0242 | CVE-2015-0732 | plural Cisco Security Runs on the appliance AsyncOS Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. Vendors have confirmed this vulnerability Bug ID CSCuu37430 , CSCuu37420 , CSCut71981 and CSCuv50167 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. ESA is a set of email security devices. Content SMA is a set of content security management devices. A cross-site scripting vulnerability exists in multiple Cisco product web management interfaces. The program failed to fully validate the parameters. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. The vulnerability is caused by the program's insufficient validation of parameters
| VAR-201507-0515 | CVE-2015-4287 | Cisco Firepower 9000 Run on device Firepower Extensible Operating System Vulnerable to access restrictions |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. Cisco Firepower 9000 Series devices are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.
This issue being tracked by Cisco Bug ID CSCuu82230