VARIoT IoT vulnerabilities database
| VAR-201508-0172 | CVE-2015-3187 | Apache Subversion of svn_repos_trace_node_locations Vulnerability in obtaining important path information in functions |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Apache Subversion is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
Apache Subversion 1.8.0 through 1.8.13 and 1.7.0 through 1.7.20 are vulnerable. The system is compatible with the Concurrent Versions System (CVS). ============================================================================
Ubuntu Security Notice USN-2721-1
August 20, 2015
subversion vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description:
- subversion: Advanced version control system
Details:
It was discovered that the Subversion mod_dav_svn module incorrectly
handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-3580)
It was discovered that the Subversion mod_dav_svn module incorrectly
handled requests requiring a lookup for a virtual transaction name that
does not exist. This issue only affected Ubuntu
14.04 LTS. (CVE-2014-8108)
Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly
handled large numbers of REPORT requests. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)
Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve
modules incorrectly certain crafted parameter combinations. (CVE-2015-0248)
Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly
handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)
C. A remote attacker could use this
issue to read hidden files via the path name. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
C. Michael Pilato discovered that Subversion incorrectly handled path-based
authorization. (CVE-2015-3187)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libapache2-svn 1.8.10-5ubuntu1.1
libsvn1 1.8.10-5ubuntu1.1
subversion 1.8.10-5ubuntu1.1
Ubuntu 14.04 LTS:
libapache2-svn 1.8.8-1ubuntu3.2
libsvn1 1.8.8-1ubuntu3.2
subversion 1.8.8-1ubuntu3.2
Ubuntu 12.04 LTS:
libapache2-svn 1.6.17dfsg-3ubuntu3.5
libsvn1 1.6.17dfsg-3ubuntu3.5
subversion 1.6.17dfsg-3ubuntu3.5
In general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-4 Xcode 7.3
Xcode 7.3 is now available and addresses the following:
otool
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes
(@squiffy)
subversion
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in subversion versions
prior to 1.7.21, the most serious of which may have led to remote
code execution. These were addressed by updating subversion to
version 1.7.22. Michael Pilato, CollabNet
Xcode 7.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq
OiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8
vXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T
4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl
cuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt
6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq
gEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12
OitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5
UfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9
8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd
COicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw
cU0NiqyyiqU1H29UaU50
=9aiD
-----END PGP SIGNATURE-----
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201610-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Subversion, Serf: Multiple Vulnerabilities
Date: October 11, 2016
Bugs: #500482, #518716, #519202, #545348, #556076, #567810,
#581448, #586046
ID: 201610-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Subversion and Serf, the
worst of which could lead to execution of arbitrary code.
Background
==========
Subversion is a version control system intended to eventually replace
CVS. Like CVS, it has an optional client-server architecture (where the
server can be an Apache server running mod_svn, or an ssh program as in
CVS's :ext: method). In addition to supporting the features found in
CVS, Subversion also provides support for moving and copying files and
directories.
The serf library is a high performance C-based HTTP client library
built upon the Apache Portable Runtime (APR) library.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4
*> 1.8.16
2 net-libs/serf < 1.3.7 >= 1.3.7
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Subversion and Serf.
Please review the CVE identifiers referenced below for details
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, conduct a man-in-the-middle attack, obtain
sensitive information, or cause a Denial of Service Condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Subversion users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
==========
[ 1 ] CVE-2014-0032
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032
[ 2 ] CVE-2014-3504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504
[ 3 ] CVE-2014-3522
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522
[ 4 ] CVE-2014-3528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528
[ 5 ] CVE-2015-0202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202
[ 6 ] CVE-2015-0248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248
[ 7 ] CVE-2015-0251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251
[ 8 ] CVE-2015-3184
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184
[ 9 ] CVE-2015-3187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187
[ 10 ] CVE-2015-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259
[ 11 ] CVE-2016-2167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167
[ 12 ] CVE-2016-2168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: subversion security update
Advisory ID: RHSA-2015:1742-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html
Issue date: 2015-09-08
CVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184
CVE-2015-3187
=====================================================================
1. Summary:
Updated subversion packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes. The
mod_dav_svn module is used with the Apache HTTP Server to allow access
to Subversion repositories via HTTP.
An assertion failure flaw was found in the way the SVN server processed
certain requests with dynamically evaluated revision numbers. A remote
attacker could use this flaw to cause the SVN server (both svnserve and
httpd with the mod_dav_svn module) to crash. (CVE-2015-0248)
It was found that the mod_authz_svn module did not properly restrict
anonymous access to Subversion repositories under certain configurations
when used with Apache httpd 2.4.x. This could allow a user to anonymously
access files in a Subversion repository, which should only be accessible to
authenticated users. (CVE-2015-3184)
It was found that the mod_dav_svn module did not properly validate the
svn:author property of certain requests. An attacker able to create new
revisions could use this flaw to spoof the svn:author property.
(CVE-2015-0251)
It was found that when an SVN server (both svnserve and httpd with the
mod_dav_svn module) searched the history of a file or a directory, it would
disclose its location in the repository if that file or directory was not
readable (for example, if it had been moved). (CVE-2015-3187)
Red Hat would like to thank the Apache Software Foundation for reporting
these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the
original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael
Pilato of CollabNet as the original reporter of CVE-2015-3184 and
CVE-2015-3187 flaws.
All subversion users should upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, for the update to take effect, you must restart the httpd
daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are
serving Subversion repositories via the svn:// protocol.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1205138 - CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers
1205140 - CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
1247249 - CVE-2015-3184 subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
1247252 - CVE-2015-3187 subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
subversion-1.7.14-7.el7_1.1.src.rpm
x86_64:
mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm
subversion-1.7.14-7.el7_1.1.i686.rpm
subversion-1.7.14-7.el7_1.1.x86_64.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm
subversion-devel-1.7.14-7.el7_1.1.i686.rpm
subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm
subversion-gnome-1.7.14-7.el7_1.1.i686.rpm
subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm
subversion-javahl-1.7.14-7.el7_1.1.i686.rpm
subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm
subversion-kde-1.7.14-7.el7_1.1.i686.rpm
subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm
subversion-libs-1.7.14-7.el7_1.1.i686.rpm
subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
subversion-perl-1.7.14-7.el7_1.1.i686.rpm
subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm
subversion-python-1.7.14-7.el7_1.1.x86_64.rpm
subversion-ruby-1.7.14-7.el7_1.1.i686.rpm
subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm
subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
subversion-1.7.14-7.el7_1.1.src.rpm
x86_64:
mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm
subversion-1.7.14-7.el7_1.1.i686.rpm
subversion-1.7.14-7.el7_1.1.x86_64.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm
subversion-devel-1.7.14-7.el7_1.1.i686.rpm
subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm
subversion-gnome-1.7.14-7.el7_1.1.i686.rpm
subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm
subversion-javahl-1.7.14-7.el7_1.1.i686.rpm
subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm
subversion-kde-1.7.14-7.el7_1.1.i686.rpm
subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm
subversion-libs-1.7.14-7.el7_1.1.i686.rpm
subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
subversion-perl-1.7.14-7.el7_1.1.i686.rpm
subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm
subversion-python-1.7.14-7.el7_1.1.x86_64.rpm
subversion-ruby-1.7.14-7.el7_1.1.i686.rpm
subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm
subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
subversion-1.7.14-7.el7_1.1.src.rpm
ppc64:
mod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm
subversion-1.7.14-7.el7_1.1.ppc64.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm
subversion-libs-1.7.14-7.el7_1.1.ppc.rpm
subversion-libs-1.7.14-7.el7_1.1.ppc64.rpm
s390x:
mod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm
subversion-1.7.14-7.el7_1.1.s390x.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm
subversion-libs-1.7.14-7.el7_1.1.s390.rpm
subversion-libs-1.7.14-7.el7_1.1.s390x.rpm
x86_64:
mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm
subversion-1.7.14-7.el7_1.1.x86_64.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm
subversion-libs-1.7.14-7.el7_1.1.i686.rpm
subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
subversion-1.7.14-7.ael7b_1.1.src.rpm
ppc64le:
mod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
subversion-1.7.14-7.el7_1.1.ppc.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm
subversion-devel-1.7.14-7.el7_1.1.ppc.rpm
subversion-devel-1.7.14-7.el7_1.1.ppc64.rpm
subversion-gnome-1.7.14-7.el7_1.1.ppc.rpm
subversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm
subversion-javahl-1.7.14-7.el7_1.1.ppc.rpm
subversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm
subversion-kde-1.7.14-7.el7_1.1.ppc.rpm
subversion-kde-1.7.14-7.el7_1.1.ppc64.rpm
subversion-perl-1.7.14-7.el7_1.1.ppc.rpm
subversion-perl-1.7.14-7.el7_1.1.ppc64.rpm
subversion-python-1.7.14-7.el7_1.1.ppc64.rpm
subversion-ruby-1.7.14-7.el7_1.1.ppc.rpm
subversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm
subversion-tools-1.7.14-7.el7_1.1.ppc64.rpm
s390x:
subversion-1.7.14-7.el7_1.1.s390.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm
subversion-devel-1.7.14-7.el7_1.1.s390.rpm
subversion-devel-1.7.14-7.el7_1.1.s390x.rpm
subversion-gnome-1.7.14-7.el7_1.1.s390.rpm
subversion-gnome-1.7.14-7.el7_1.1.s390x.rpm
subversion-javahl-1.7.14-7.el7_1.1.s390.rpm
subversion-javahl-1.7.14-7.el7_1.1.s390x.rpm
subversion-kde-1.7.14-7.el7_1.1.s390.rpm
subversion-kde-1.7.14-7.el7_1.1.s390x.rpm
subversion-perl-1.7.14-7.el7_1.1.s390.rpm
subversion-perl-1.7.14-7.el7_1.1.s390x.rpm
subversion-python-1.7.14-7.el7_1.1.s390x.rpm
subversion-ruby-1.7.14-7.el7_1.1.s390.rpm
subversion-ruby-1.7.14-7.el7_1.1.s390x.rpm
subversion-tools-1.7.14-7.el7_1.1.s390x.rpm
x86_64:
subversion-1.7.14-7.el7_1.1.i686.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm
subversion-devel-1.7.14-7.el7_1.1.i686.rpm
subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm
subversion-gnome-1.7.14-7.el7_1.1.i686.rpm
subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm
subversion-javahl-1.7.14-7.el7_1.1.i686.rpm
subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm
subversion-kde-1.7.14-7.el7_1.1.i686.rpm
subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm
subversion-perl-1.7.14-7.el7_1.1.i686.rpm
subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm
subversion-python-1.7.14-7.el7_1.1.x86_64.rpm
subversion-ruby-1.7.14-7.el7_1.1.i686.rpm
subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm
subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm
subversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
subversion-1.7.14-7.el7_1.1.src.rpm
x86_64:
mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm
subversion-1.7.14-7.el7_1.1.x86_64.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm
subversion-libs-1.7.14-7.el7_1.1.i686.rpm
subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
subversion-1.7.14-7.el7_1.1.i686.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm
subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm
subversion-devel-1.7.14-7.el7_1.1.i686.rpm
subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm
subversion-gnome-1.7.14-7.el7_1.1.i686.rpm
subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm
subversion-javahl-1.7.14-7.el7_1.1.i686.rpm
subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm
subversion-kde-1.7.14-7.el7_1.1.i686.rpm
subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm
subversion-perl-1.7.14-7.el7_1.1.i686.rpm
subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm
subversion-python-1.7.14-7.el7_1.1.x86_64.rpm
subversion-ruby-1.7.14-7.el7_1.1.i686.rpm
subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm
subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0248
https://access.redhat.com/security/cve/CVE-2015-0251
https://access.redhat.com/security/cve/CVE-2015-3184
https://access.redhat.com/security/cve/CVE-2015-3187
https://access.redhat.com/security/updates/classification/#moderate
https://subversion.apache.org/security/CVE-2015-0248-advisory.txt
https://subversion.apache.org/security/CVE-2015-3184-advisory.txt
https://subversion.apache.org/security/CVE-2015-0251-advisory.txt
https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b
KVJwbobNcmPzKule+9U7RnM=
=F2J4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201507-0142 | CVE-2015-2847 | Honeywell International Tuxedo Touch Security Bypass Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlClient by a third party - From server data stream USERACCT By deleting the request, access restrictions may be avoided. Honeywell International Tuxedo Touch is Honeywell International's suite of automated touch controllers for businesses and homes that control cameras, thermostats, fixtures, smart locks, and shading via the Web or related apps. Curtains, etc.
An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
| VAR-201605-0279 | CVE-2015-7360 | Fortinet FortiSandbox Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature.". Fortinet FortiSandbox of Web User interface (WebUI) Contains a cross-site scripting vulnerability.By any third party, via Web Script or HTML May be inserted. Fortinet FortiSandbox is an APT (Advanced Persistent Threat) protection device from Fortinet. The device provides dual sandbox technology, dynamic threat intelligence, real-time control panels and reporting. A cross-site scripting vulnerability exists in Fortinet FortiSandbox 2.0.3 and earlier that caused the program to not adequately filter user-submitted input. When a user browses an affected website, their browser will execute any script code provided by the attacker. This can lead to an attacker stealing cookie-based authentication and initiating other attacks.
FortiSandbox 2.0.3 and prior versions are vulnerable
| VAR-201507-0516 | CVE-2015-4288 | plural Cisco Security Appliance LDAP Vulnerability in server implementation |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. Vendors have confirmed this vulnerability Bug ID CSCuo29561 , CSCuv40466 ,and CSCuv40470 It is released as.Man-in-the-middle attacks (man-in-the-middle attack) May masquerade as a server through a crafted certificate and retrieve important information. The Cisco WSA is a set of web security appliances. ESA is a set of email security devices. Content SMA is a set of content security management devices. A number of Cisco product LDAP servers have security vulnerabilities. The program failed to validate the X.509 certificate on the SSL server side. Multiple Cisco Products are prone to a security-bypass vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks.
This issue is being tracked by Cisco Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470
| VAR-201507-0143 | CVE-2015-2848 | Honeywell International Tuxedo Touch Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. Honeywell International Tuxedo Touch is Honeywell International's suite of automated touch controllers for businesses and homes that control cameras, thermostats, fixtures, smart locks, and shading via the Web or related apps. Curtains, etc. A remote attacker could exploit the vulnerability to perform actions with user privileges and send commands to a home automation device. This may lead to further attacks
| VAR-201601-0359 | CVE-2015-7362 | Fortinet FortiClient Linux SSLVPN Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program. Fortinet FortiClient SSLVPN is prone to a local privilege-escalation vulnerability.
Local attackers may exploit this issue to execute arbitrary code with root privileges. Fortinet FortiClient Linux SSLVPN is a Linux-based VPN client from Fortinet for connecting to Fortinet devices. A security vulnerability exists in Fortinet FortiClient Linux SSLVPN builds prior to 2313
| VAR-201510-0212 | CVE-2015-7361 | FortiOS Vulnerable to shell access |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors. Fortinet FortiGate running FortiOS is a set of security operating systems developed by Fortinet, a company dedicated to FortiGate network security platforms. The system provides users with multiple security functions such as firewall, antivirus, IPSec / SSL VPN, Web content filtering, and anti-spam.
A security bypass vulnerability exists in Fortinet FortiGate running FortiOS 5.2.3. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations. This may aid in further attacks.
FortiOS 5.2.3 is vulnerable. A remote attacker could exploit this vulnerability to gain shell access
| VAR-201508-0594 | CVE-2015-3626 | FortiGate Runs on the device FortiGate of DHCP Monitor of Web User interface (WebUI) Page cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. FortiOS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam
| VAR-201508-0529 | CVE-2015-2323 | FortiOS In TLS Content forgery vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets. Fortinet FortiOS is prone to a security-bypass weakness.
Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.
FortiOS 5.2.0 through 5.2.3 and 5.0.0 through 5.0.11 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Fortinet FortiOS versions 5.0.0 to 5.0.1 and 5.2.0 to 5.2.3 have a security vulnerability
| VAR-201507-0713 | No CVE | TOTOLINK Router Models Backdoor Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
TOTOLINK manufactures routers, wireless access points and network equipment. There is a backdoor vulnerability in TOTOLINK Router Models. An attacker can bypass the authentication system by using the hidden /boafrm/formSysCmd form and use a remote execution code on the HTTP remote management interface.
| VAR-201507-0710 | CVE-2025-34125 | D-Link Cookie Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: Critical |
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise. The D-Link DSP-W110A1_FW105B01 is a socket that controls the power switch wirelessly. D-Link has a remote upload and code execution vulnerability. The D-Link DSP-W110A1 is a Wi-Fi smart router.
The D-Link DSP-W110A1 suffers from a command injection vulnerability due to improper input parameter filtering
| VAR-201508-0255 | CVE-2015-5537 | Rugged Operating System (ROS) SSL 3.0 Protocol downgrade SSL Decryption vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. This vulnerability CVE-2014-3566 Is a different vulnerability.Man-in-the-middle attacks (man-in-the-middle attack) May get plain text data through padding oracle attacks. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The Rugged Operating System (ROS) has a security vulnerability that allows an attacker to reduce the client to SSLv3 through a man-in-the-middle attack instead of the TLS v1.x protocol, and then use the BEAST type of attack to decrypt the communication. Siemens RuggedCom ROS and ROX devices are prone to an information disclosure vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. Siemens RuggedCom ROS and ROX II is a set of operating systems used in RuggedCom series switches from Siemens, Germany. The vulnerability stems from the fact that the program does not implement CBC padding correctly
| VAR-201507-0231 | CVE-2015-0681 | Cisco IOS and IOS XE of TFTP Service disruption at the server (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733. Vendors have confirmed this vulnerability Bug ID CSCts66733 It is released as.Service disruption by a third party ( Device hang or reload ) There is a possibility of being put into a state. A remote attacker could exploit the vulnerability to cause a denial of service (device hangs or reloads).
This issue is being tracked by Cisco Bug ID CSCts66733. The following products and versions are affected: Cisco IOS 12.2(44)SQ1 release, 12.2(33)XN1 release, 12.4(25e)JAM1 release, 12.4(25e)JAO5m release, 12.4(23)JY release, 15.0(2)ED1 release , 15.0(2) EY3 version, 15.1(3) SVF4a version, 15.2(2) JB1 version; IOS XE 2.5.x version, 2.6.x version, 3.1.xS version, 3.2.xS version, 3.3.xS version, 3.4 .xS version, 3.5.xS version before 3.6.0S, 3.1.xSG version, 3.2.xSG version, 3.3.xSG version before 3.4.0SG, 3.2.xSE version before 3.3.0SE, 3.2.xXO version before 3.3.0XO, 3.2.xSQ version, 3.3.xSQ version, 3.4.xSQ version
| VAR-201507-0523 | CVE-2015-4235 | Cisco Application Policy Infrastructure Controller Device software and Nexus 9000 ACI In device software root Privileged vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991. Vendors have confirmed this vulnerability Bug IDs CSCuu72094 and CSCuv11991 It is released as.By a third party APIC Through unspecified use of the cluster management configuration feature of root You may get permission. The Cisco Application Policy Infrastructure is a controller that automates the management of application-centric infrastructure. The Cisco Nexus 9000 Series ACI Mode Switches is a 9000 Series switch for Application-Centric Infrastructure (ACI). This may aid in further attacks.
This issue is being tracked by Cisco Bug IDs CSCuu72094 and CSCuv11991
| VAR-201507-0546 | CVE-2015-4262 | Cisco Unified MeetingPlace Web Conferencing Password change function vulnerable to arbitrary password reset |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. Unified MeetingPlace Web Conferencing is prone to a security-bypass vulnerability.
Successful exploits may allow attackers to use the reset credentials to gain full control of the application. This may aid in further attacks.
This issue is being tracked by Cisco Bug ID CSCuu51839. The HTTP session function in does not validate the session ID in the HTTP request
| VAR-201507-0513 | CVE-2015-4285 | ASR9k Runs on the device Cisco IOS XR of Local Packet Transport Services Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. Vendors have confirmed this vulnerability Bug ID CSCur88273 It is released as.By a third party TCP and UDP Service operation is disrupted by continuously sending traffic to the port. ( Resource consumption ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XR Software for ASR 9000 Series routers is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial of service (DoS) condition.
This issue is being tracked by Cisco Bug ID CSCur88273. The vulnerability stems from the fact that the program does not correctly handle the basic flow items, resulting in TCP and UDP ports being opened incorrectly. The following releases are affected: Cisco IOS XR Release 5.1.2, Release 5.1.3, Release 5.2.1, Release 5.2.2
| VAR-201508-0620 | CVE-2015-5600 | Openssh of sshd of auth2-chall.c Inside kbdint_next_device Vulnerability to execute brute force attacks in functions |
CVSS V2: 8.5 CVSS V3: 8.1 Severity: HIGH |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. Openssh of sshd of auth2-chall.c Inside kbdint_next_device The function is a keyboard interaction within a single connection (keyboard-interactive) The brute force is not adequately restricted for device processing. (brute-force) Attacks or service disruption (CPU Resource consumption ) There are vulnerabilities that are put into a state.By a third party ssh of -oKbdInteractiveDevices Brute force through an overly long and redundant list of options (brute-force) Attacks or service disruption (CPU Resource consumption ) There is a possibility of being put into a state. OpenSSH is prone to a security-bypass weakness.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. These vulnerabilities
include:
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy
Encryption" also known as "POODLE", which could be exploited remotely
resulting in disclosure of information.
The following firmware versions of Virtual Connect (VC) are impacted:
HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45
HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21
Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,
CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and
CVE-2016-2842.
Corrected: 2015-07-28 19:58:44 UTC (stable/10, 10.2-PRERELEASE)
2015-07-28 19:58:44 UTC (stable/10, 10.2-BETA2-p2)
2015-07-28 19:59:04 UTC (releng/10.2, 10.2-RC1-p1)
2015-07-28 19:59:11 UTC (releng/10.1, 10.1-RELEASE-p16)
2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE)
2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21)
2015-07-30 10:09:07 UTC (stable/8, 8.4-STABLE)
2015-07-30 10:09:31 UTC (releng/8.4, 8.4-RELEASE-p36)
CVE Name: CVE-2014-2653, CVE-2015-5600
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>. Revision history
v1.0 2015-02-25 Initial release.
v1.1 2015-07-30 Revised patch for FreeBSD 8.x to address regression when
keyboard interactive authentication is used.
The security of the SSH connection relies on the server authenticating
itself to the client as well as the user authenticating itself to the
server. SSH servers uses host keys to verify their identity.
RFC 4255 has defined a method of verifying SSH host keys using Domain
Name System Security (DNSSEC), by publishing the key fingerprint using
DNS with "SSHFP" resource record. RFC 6187 has defined methods to use
a signature by a trusted certification authority to bind a given public
key to a given digital identity with X.509v3 certificates.
The PAM (Pluggable Authentication Modules) library provides a flexible
framework for user authentication and session setup / teardown.
II. Problem Description
OpenSSH clients does not correctly verify DNS SSHFP records when a server
offers a certificate. [CVE-2014-2653]
OpenSSH servers which are configured to allow password authentication
using PAM (default) would allow many password attempts.
III. Impact
A malicious server may be able to force a connecting client to skip DNS
SSHFP record check and require the user to perform manual host verification
of the host key fingerprint. This could allow man-in-the-middle attack
if the user does not carefully check the fingerprint. [CVE-2015-5600]
IV. Workaround
Systems that do not use OpenSSH are not affected.
There is no workaround for CVE-2014-2653, but the problem only affects
networks where DNSsec and SSHFP is properly configured. Users who uses
SSH should always check server host key fingerprints carefully when
prompted.
System administrators can set:
UsePAM no
In their /etc/ssh/sshd_config and restart sshd service to workaround the
problem described as CVE-2015-5600 at expense of losing features provided
by the PAM framework.
We recommend system administrators to disable password based authentication
completely, and use key based authentication exclusively in their SSH server
configuration, when possible. This would eliminate the possibility of being
ever exposed to password brute force attack.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
SSH service has to be restarted after the update. A reboot is recommended
but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
SSH service has to be restarted after the update. A reboot is recommended
but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 9.3, 10.1, 10.2]
# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh.patch
# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh.patch.asc
# gpg --verify openssh.patch.asc
[FreeBSD 8.4]
# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch
# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8.patch.asc
# gpg --verify openssh-8.patch.asc
# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patc
# fetch https://security.FreeBSD.org/patches/SA-15:16/openssh-8-errata.patch.asc
# gpg --verify openssh-8-errata.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the SSH service, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r286067
releng/8.4/ r286068
stable/9/ r285977
releng/9.3/ r285980
stable/10/ r285976
releng/10.1/ r285979
releng/10.2/ r285978
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssh security, bug fix, and enhancement update
Advisory ID: RHSA-2015:2088-06
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2088.html
Issue date: 2015-11-19
CVE Names: CVE-2015-5600 CVE-2015-6563 CVE-2015-6564
=====================================================================
1. Summary:
Updated openssh packages that fix multiple security issues, several bugs,
and add various enhancements are now available for Red Hat Enterprise
Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.
A flaw was found in the way OpenSSH handled PAM authentication when using
privilege separation. An attacker with valid credentials on the system and
able to fully compromise a non-privileged pre-authentication process using
a different flaw could use this flaw to authenticate as other users. An attacker able to fully
compromise a non-privileged pre-authentication process using a different
flaw could possibly cause sshd to crash or execute arbitrary code with
root privileges. (CVE-2015-6564)
It was discovered that the OpenSSH sshd daemon did not check the list of
keyboard-interactive authentication methods for duplicates. (CVE-2015-5600)
It was found that the OpenSSH ssh-agent, a program to hold private keys
used for public key authentication, was vulnerable to password guessing
attacks. An attacker able to connect to the agent could use this flaw to
conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)
This update fixes the following bugs:
* Previously, the sshd_config(5) man page was misleading and could thus
confuse the user. This update improves the man page text to clearly
describe the AllowGroups feature. (BZ#1150007)
* The limit for the function for restricting the number of files listed
using the wildcard character (*) that prevents the Denial of Service (DoS)
for both server and client was previously set too low. Consequently, the
user reaching the limit was prevented from listing a directory with a large
number of files over Secure File Transfer Protocol (SFTP). This update
increases the aforementioned limit, thus fixing this bug. (BZ#1160377)
* When the ForceCommand option with a pseudoterminal was used and the
MaxSession option was set to "2", multiplexed SSH connections did not work
as expected. After the user attempted to open a second multiplexed
connection, the attempt failed if the first connection was still open. This
update modifies OpenSSH to issue only one audit message per session, and
the user is thus able to open two multiplexed connections in this
situation. (BZ#1199112)
* The ssh-copy-id utility failed if the account on the remote server did
not use an sh-like shell. Remote commands have been modified to run in an
sh-like shell, and ssh-copy-id now works also with non-sh-like shells.
(BZ#1201758)
* Due to a race condition between auditing messages and answers when using
ControlMaster multiplexing, one session in the shared connection randomly
and unexpectedly exited the connection. This update fixes the race
condition in the auditing code, and multiplexing connections now work as
expected even with a number of sessions created at once. (BZ#1240613)
In addition, this update adds the following enhancements:
* As not all Lightweight Directory Access Protocol (LDAP) servers possess
a default schema, as expected by the ssh-ldap-helper program, this update
provides the user with an ability to adjust the LDAP query to get public
keys from servers with a different schema, while the default functionality
stays untouched. (BZ#1201753)
* With this enhancement update, the administrator is able to set
permissions for files uploaded using Secure File Transfer Protocol (SFTP).
(BZ#1197989)
* This update provides the LDAP schema in LDAP Data Interchange Format
(LDIF) format as a complement to the old schema previously accepted
by OpenLDAP. (BZ#1184938)
* With this update, the user can selectively disable the Generic Security
Services API (GSSAPI) key exchange algorithms as any normal key exchange.
(BZ#1253062)
Users of openssh are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1125110 - pam_namespace usage is not consistent across system-wide PAM configuration
1160377 - sftp is failing using wildcards and many files
1178116 - Default selinux policy prevents ssh-ldap-helper from connecting to LDAP server
1181591 - No Documentation= line in the sshd.service file
1184938 - Provide LDIF version of LPK schema
1187597 - sshd -T does not show all (default) options, inconsistency
1197666 - ssh client using HostbasedAuthentication aborts in FIPS mode
1197989 - RFE: option to let openssh/sftp force the exact permissions on newly uploaded files
1238238 - openssh: weakness of agent locking (ssh-add -x) to password guessing
1245969 - CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
1252844 - CVE-2015-6563 openssh: Privilege separation weakness related to PAM support
1252852 - CVE-2015-6564 openssh: Use-after-free bug related to PAM support
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
openssh-6.6.1p1-22.el7.src.rpm
x86_64:
openssh-6.6.1p1-22.el7.x86_64.rpm
openssh-askpass-6.6.1p1-22.el7.x86_64.rpm
openssh-clients-6.6.1p1-22.el7.x86_64.rpm
openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm
openssh-keycat-6.6.1p1-22.el7.x86_64.rpm
openssh-server-6.6.1p1-22.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
openssh-debuginfo-6.6.1p1-22.el7.i686.rpm
openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm
openssh-ldap-6.6.1p1-22.el7.x86_64.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
openssh-6.6.1p1-22.el7.src.rpm
x86_64:
openssh-6.6.1p1-22.el7.x86_64.rpm
openssh-clients-6.6.1p1-22.el7.x86_64.rpm
openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm
openssh-keycat-6.6.1p1-22.el7.x86_64.rpm
openssh-server-6.6.1p1-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
openssh-askpass-6.6.1p1-22.el7.x86_64.rpm
openssh-debuginfo-6.6.1p1-22.el7.i686.rpm
openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm
openssh-ldap-6.6.1p1-22.el7.x86_64.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
openssh-6.6.1p1-22.el7.src.rpm
aarch64:
openssh-6.6.1p1-22.el7.aarch64.rpm
openssh-clients-6.6.1p1-22.el7.aarch64.rpm
openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm
openssh-keycat-6.6.1p1-22.el7.aarch64.rpm
openssh-server-6.6.1p1-22.el7.aarch64.rpm
ppc64:
openssh-6.6.1p1-22.el7.ppc64.rpm
openssh-askpass-6.6.1p1-22.el7.ppc64.rpm
openssh-clients-6.6.1p1-22.el7.ppc64.rpm
openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm
openssh-keycat-6.6.1p1-22.el7.ppc64.rpm
openssh-server-6.6.1p1-22.el7.ppc64.rpm
ppc64le:
openssh-6.6.1p1-22.el7.ppc64le.rpm
openssh-askpass-6.6.1p1-22.el7.ppc64le.rpm
openssh-clients-6.6.1p1-22.el7.ppc64le.rpm
openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm
openssh-keycat-6.6.1p1-22.el7.ppc64le.rpm
openssh-server-6.6.1p1-22.el7.ppc64le.rpm
s390x:
openssh-6.6.1p1-22.el7.s390x.rpm
openssh-askpass-6.6.1p1-22.el7.s390x.rpm
openssh-clients-6.6.1p1-22.el7.s390x.rpm
openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm
openssh-keycat-6.6.1p1-22.el7.s390x.rpm
openssh-server-6.6.1p1-22.el7.s390x.rpm
x86_64:
openssh-6.6.1p1-22.el7.x86_64.rpm
openssh-askpass-6.6.1p1-22.el7.x86_64.rpm
openssh-clients-6.6.1p1-22.el7.x86_64.rpm
openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm
openssh-keycat-6.6.1p1-22.el7.x86_64.rpm
openssh-server-6.6.1p1-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64:
openssh-askpass-6.6.1p1-22.el7.aarch64.rpm
openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm
openssh-ldap-6.6.1p1-22.el7.aarch64.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.aarch64.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.aarch64.rpm
ppc64:
openssh-debuginfo-6.6.1p1-22.el7.ppc.rpm
openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm
openssh-ldap-6.6.1p1-22.el7.ppc64.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.ppc64.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.ppc.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64.rpm
ppc64le:
openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm
openssh-ldap-6.6.1p1-22.el7.ppc64le.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.ppc64le.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64le.rpm
s390x:
openssh-debuginfo-6.6.1p1-22.el7.s390.rpm
openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm
openssh-ldap-6.6.1p1-22.el7.s390x.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.s390x.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.s390.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.s390x.rpm
x86_64:
openssh-debuginfo-6.6.1p1-22.el7.i686.rpm
openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm
openssh-ldap-6.6.1p1-22.el7.x86_64.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
openssh-6.6.1p1-22.el7.src.rpm
x86_64:
openssh-6.6.1p1-22.el7.x86_64.rpm
openssh-askpass-6.6.1p1-22.el7.x86_64.rpm
openssh-clients-6.6.1p1-22.el7.x86_64.rpm
openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm
openssh-keycat-6.6.1p1-22.el7.x86_64.rpm
openssh-server-6.6.1p1-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
openssh-debuginfo-6.6.1p1-22.el7.i686.rpm
openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm
openssh-ldap-6.6.1p1-22.el7.x86_64.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-5600
https://access.redhat.com/security/cve/CVE-2015-6563
https://access.redhat.com/security/cve/CVE-2015-6564
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWTj/BXlSAg2UNWIIRAgIEAJ4+Nlu4NsYtiDloNVrVn2F/vT/9kACdEHqE
h3XwDOy3+OSs/h1DEpVBtV0=
=x/s+
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05128992
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05128992
Version: 1
HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service
(DoS), Access Restriction Bypass
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-05-11
Last Updated: 2016-05-11
Potential Security Impact: Remote Access Restriction Bypass, Denial of
Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
A vulnerability in OpenSSH has been addressed by HPE 3PAR OS. The vulnerabily
could be exploited remotely resulting in Denial of Service (DoS) or access
restriction bypass.
References:
- CVE-2015-5600
- PSRT110106
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPE 3PAR OS versions 3.1.3 and later, prior to 3.2.1 MU5 and 3.2.2 MU2
running OpenSSH
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has provided the following software updates and mitigation information to
resolve the vulnerability in 3PAR OS running OpenSSH.
+ 3PAR OS 3.2.1 MU5 and 3.2.2 MU2
- HPE recommends prior impacted versions update to 3PAR OS 3.2.1 MU5 or
3.2.2 MU2.
+ 3PAR OS 3.1.3 is also vulnerable but will not be fixed.
**Mitigation:** The best protection to guard against exploitation of this
vulnerability is to securely configure and operate the storage array in
accordance with the *HPE 3PAR Configuration Guidelines* documentation. Please
contact HPE Technical Support for assistance.
HISTORY
Version:1 (rev.1) - 11 May 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners. ============================================================================
Ubuntu Security Notice USN-2710-2
August 18, 2015
openssh regression
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-2710-1 introduced a regression in OpenSSH. The upstream fix for
CVE-2015-5600 caused a regression resulting in random authentication
failures in non-default configurations. This update fixes the problem. If an additional vulnerability were discovered in
the OpenSSH unprivileged child process, this issue could allow a remote
attacker to perform user impersonation. (CVE number pending)
Jann Horn discovered that OpenSSH incorrectly handled time windows for
X connections.
(CVE-2015-5600)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
openssh-server 1:6.7p1-5ubuntu1.3
Ubuntu 14.04 LTS:
openssh-server 1:6.6p1-2ubuntu2.3
Ubuntu 12.04 LTS:
openssh-server 1:5.9p1-5ubuntu1.7
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201512-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSH: Multiple vulnerabilities
Date: December 20, 2015
Bugs: #553724, #555518, #557340
ID: 201512-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in OpenSSH, the worst of which
could lead to arbitrary code execution, or cause a Denial of Service
condition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openssh < 7.1_p1-r2 >= 7.1_p1-r2
Description
===========
Multiple vulnerabilities have been discovered in OpenSSH. Please review
the CVE identifiers referenced below for details.
Impact
======
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-6.9_p1-r2"
References
==========
[ 1 ] CVE-2015-5352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5352
[ 2 ] CVE-2015-5600
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5600
[ 3 ] CVE-2015-6563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6563
[ 4 ] CVE-2015-6564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6564
[ 5 ] CVE-2015-6565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6565
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201512-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201508-0600 | CVE-2015-0851 | OpenSAML-C and Shibboleth Service Provider Used in XMLTooling-C Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. A security vulnerability exists in versions prior to Advantech WebAccess 8.1 that could be exploited by a remote attacker to cause a denial of service (out of bounds memory access). XMLTooling-C is prone to a denial-of-service vulnerability.
Remote attackers can exploit this issue to cause the application using affected library to crash, denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3321-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
July 30, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xmltooling
CVE ID : CVE-2015-0851
Debian Bug : 793855
The InCommon Shibboleth Training team discovered that XMLTooling, a
C++ XML parsing library, did not properly handle an exception when
parsing well-formed but schema-invalid XML.
For the oldstable distribution (wheezy), this problem has been fixed
in version 1.4.2-5+deb7u1.
For the stable distribution (jessie), this problem has been fixed in
version 1.5.3-2+deb8u1.
For the unstable distribution (sid), this problem will be fixed shortly.
We recommend that you upgrade your xmltooling packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVuoLsAAoJEK+lG9bN5XPLpgUP/07/YpmqvpItmNLfLvnE5yRD
lLBc5TgD1oOOcV9SWk8fMdwU+YQ/uWOaBOYWXLwmTgriSXZgLSTUVn3BhWp9o7AQ
/7E0wCBGrRErx/cQ1FOrRXAaZhXPgimaL9+7RPs+wkruIUyjhzHcj+TR13CkdHIE
GI6Ah1NwuMWmqADXZd+XM3nV7Lieg9JBoXxsn0ZSY/7/BwwZh/HSME81+JmEvmTW
OL+knet01hwVH39XI7fGgnpfRqxqTNf1gqmAu4Q0lbHcVClLDYtZlPpUQ55/evks
rNyFaN5QmzMhZiiAcy6yakVKKFx/fdrAKog9xtfTUicBmkxFREQfy+CjhY7GmY4o
o1S4DcV52z5YC3emSHUyQxqlwrKUzJznfVzjCLb289kS7JaySuYRuPM64y33Wyom
nqXFZfjzgPIjskBqdxrctabDIcTHy0Mk+97yyMC8R8Wkw/00pzhcu6AIhGczSkCO
cyOGOvdaDKFSj0RDqgJWuFtuKiJVSaClMJZTYNJATlKXeHtVHFptSo5POQAFXOEt
BBeMRlw+gYhykNIjZTewHhiv/R27bjGaoV1lIcc3MMo6vhbOGmp6rjnMfTUYLO85
eDiiGn406vBB/4C5vvfSBBLpdnm6cSLQHHfLXGpU7wdIh2O1YAIo24Qp6Y9Njo5p
p0yQgYhONZ0+MuBclNES
=Jzdd
-----END PGP SIGNATURE-----
| VAR-201508-0289 | CVE-2015-5084 | Siemens SIMATIC WinCC Sm@rtClient for Android Password Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. Siemens SIMATIC WinCC Sm@rtClient for Android is a client program on Android. Siemens SIMATIC is an automation software in a single engineering environment. Multiple Siemens products are prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to disclose sensitive information. Information obtained may lead to further attacks. Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications for Android are a set of client applications based on the Android platform of Siemens, Germany, which provide remote mobile operation and observation of the SIMATIC HMI system. The vulnerability stems from the fact that the program does not store passwords correctly
| VAR-201903-0657 | CVE-2015-3965 | Hospira Symbiq Infusion System Vulnerabilities related to authorization, permissions, and access control |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. Hospira Symbiq Infusion System Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hospira Symbiq Infusion System is prone to an unauthorized-access vulnerability.
Attackers can exploit this issue in conjunction with previously identified vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks.
Hospira Symbiq Infusion System 3.13 and prior are vulnerable. Hospira Symbiq Infusion System is an intelligent infusion system developed by Hospira, USA. An unauthorized access vulnerability exists in Hospira Symbiq Infusion System 3.13 and earlier