VARIoT IoT vulnerabilities database

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. Vendors report this vulnerability Bug ID CSCul26267 Published as. Supplementary information : CWE Vulnerability types by CWE-19: Data Handling ( Data processing ) Has been identified. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following versions are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, 9.x prior to 9.1(2)SU2, and 10.0 prior to 10.0(1)SU1

The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089. Vendors have confirmed this vulnerability Bug ID CSCul28089 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party SIP Service operation disruption due to improper termination of session ( Port consumption ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following versions are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, 9.x prior to 9.1(2)SU2, and 10.0 prior to 10.0(1)SU1

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819. Vendors have confirmed this vulnerability Bug ID CSCul69819 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party SIP TCP Service operation disruption due to improper termination of connection ( Core dump and reboot ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following releases are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, and 9.x prior to 9.1(2)SU2

Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. The Ceragon FiberAir IP-10 is a wireless microwave transmission device from Israel's Ceragon. Ceragon FiberAir IP-10 is prone to an information-disclosure vulnerability

Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlA third party may execute arbitrary code. Google Chrome is prone to multiple unspecified remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. Versions prior to Google Chrome 41.0.2272.118 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201506-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: June 23, 2015 Bugs: #545300, #546728, #548108, #549944 ID: 201506-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 43.0.2357.65 >= 43.0.2357.65 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker can cause arbitrary remote code execution, Denial of Service or bypass of security mechanisms. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-43.0.2357.65" References ========== [ 1 ] CVE-2015-1233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1233 [ 2 ] CVE-2015-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1234 [ 3 ] CVE-2015-1235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1235 [ 4 ] CVE-2015-1236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1236 [ 5 ] CVE-2015-1237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1237 [ 6 ] CVE-2015-1238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1238 [ 7 ] CVE-2015-1240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1240 [ 8 ] CVE-2015-1241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1241 [ 9 ] CVE-2015-1242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1242 [ 10 ] CVE-2015-1243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1243 [ 11 ] CVE-2015-1244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1244 [ 12 ] CVE-2015-1245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1245 [ 13 ] CVE-2015-1246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1246 [ 14 ] CVE-2015-1247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1247 [ 15 ] CVE-2015-1248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1248 [ 16 ] CVE-2015-1250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1250 [ 17 ] CVE-2015-1251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1251 [ 18 ] CVE-2015-1252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1252 [ 19 ] CVE-2015-1253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1253 [ 20 ] CVE-2015-1254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1254 [ 21 ] CVE-2015-1255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1255 [ 22 ] CVE-2015-1256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1256 [ 23 ] CVE-2015-1257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1257 [ 24 ] CVE-2015-1258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1258 [ 25 ] CVE-2015-1259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1259 [ 26 ] CVE-2015-1260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1260 [ 27 ] CVE-2015-1262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1262 [ 28 ] CVE-2015-1263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1263 [ 29 ] CVE-2015-1264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1264 [ 30 ] CVE-2015-1265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1265 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201506-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2015:0778-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0778.html Issue date: 2015-04-06 CVE Names: CVE-2015-1233 CVE-2015-1234 ===================================================================== 1. Summary: Updated chromium-browser packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1233, CVE-2015-1234) All Chromium users should upgrade to these updated packages, which contain Chromium version 41.0.2272.118, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1233 https://access.redhat.com/security/cve/CVE-2015-1234 https://access.redhat.com/security/updates/classification/#critical http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVIpk8XlSAg2UNWIIRAqvfAJ4gF/bAUqQnIGEvpjz2gm98etxcJQCdEYz1 RYA4PeHRl1iWQQ2YMJdo6rg= =oA8r -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2556-1 April 07, 2015 oxide-qt vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. (CVE-2015-1233) A buffer overflow was discovered in the GPU service. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2015-1234) It was discovered that Oxide did not correctly manage the lifetime of BrowserContext, resulting in a potential use-after-free in some circumstances. (CVE-2015-1317) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: liboxideqtcore0 1.5.6-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.5.6-0ubuntu0.14.04.2 In general, a standard system update will make all the necessary changes

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of communication between the GPU process and the renderer processes. The issue lies in the verification of values from the renderer without copying them out of a shared memory section. An attacker can leverage this vulnerability to execute code under the context of the current process. Google Chrome is prone to a buffer-overflow vulnerability. Failed exploit attempts may result in a denial-of-service condition. Versions prior to Google Chrome 41.0.2272.118 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2015:0778-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0778.html Issue date: 2015-04-06 CVE Names: CVE-2015-1233 CVE-2015-1234 ===================================================================== 1. Summary: Updated chromium-browser packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1233, CVE-2015-1234) All Chromium users should upgrade to these updated packages, which contain Chromium version 41.0.2272.118, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1208422 - CVE-2015-1233 chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution 1208424 - CVE-2015-1234 chromium-browser: buffer overflow via race condition in GPU 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-41.0.2272.118-1.el6_6.src.rpm i386: chromium-browser-41.0.2272.118-1.el6_6.i686.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm x86_64: chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1233 https://access.redhat.com/security/cve/CVE-2015-1234 https://access.redhat.com/security/updates/classification/#critical http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVIpk8XlSAg2UNWIIRAqvfAJ4gF/bAUqQnIGEvpjz2gm98etxcJQCdEYz1 RYA4PeHRl1iWQQ2YMJdo6rg= =oA8r -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2556-1 April 07, 2015 oxide-qt vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine library for Qt (QML plugin) Details: It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. (CVE-2015-1233) A buffer overflow was discovered in the GPU service. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2015-1234) It was discovered that Oxide did not correctly manage the lifetime of BrowserContext, resulting in a potential use-after-free in some circumstances. (CVE-2015-1317) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: liboxideqtcore0 1.5.6-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.5.6-0ubuntu0.14.04.2 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201506-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: June 23, 2015 Bugs: #545300, #546728, #548108, #549944 ID: 201506-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 43.0.2357.65 >= 43.0.2357.65 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-43.0.2357.65" References ========== [ 1 ] CVE-2015-1233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1233 [ 2 ] CVE-2015-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1234 [ 3 ] CVE-2015-1235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1235 [ 4 ] CVE-2015-1236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1236 [ 5 ] CVE-2015-1237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1237 [ 6 ] CVE-2015-1238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1238 [ 7 ] CVE-2015-1240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1240 [ 8 ] CVE-2015-1241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1241 [ 9 ] CVE-2015-1242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1242 [ 10 ] CVE-2015-1243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1243 [ 11 ] CVE-2015-1244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1244 [ 12 ] CVE-2015-1245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1245 [ 13 ] CVE-2015-1246 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1246 [ 14 ] CVE-2015-1247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1247 [ 15 ] CVE-2015-1248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1248 [ 16 ] CVE-2015-1250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1250 [ 17 ] CVE-2015-1251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1251 [ 18 ] CVE-2015-1252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1252 [ 19 ] CVE-2015-1253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1253 [ 20 ] CVE-2015-1254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1254 [ 21 ] CVE-2015-1255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1255 [ 22 ] CVE-2015-1256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1256 [ 23 ] CVE-2015-1257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1257 [ 24 ] CVE-2015-1258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1258 [ 25 ] CVE-2015-1259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1259 [ 26 ] CVE-2015-1260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1260 [ 27 ] CVE-2015-1262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1262 [ 28 ] CVE-2015-1263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1263 [ 29 ] CVE-2015-1264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1264 [ 30 ] CVE-2015-1265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1265 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201506-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue being tracked by Cisco Bug ID CSCup90168. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A security vulnerability exists in Cisco UCDM release 8.1(4)

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. This issue is tracked by Cisco Bug ID CSCup94744. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A security vulnerability exists in Cisco UCDM release 8.1(4)

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCuq52515. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The vulnerability is caused by the program not adequately filtering the input submitted by the user. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 fails to properly handle routing neighbor advertisements. An unauthenticated attacker sends a malicious IP packet to the affected device, causing the device to stop responding. Cisco ASR 9000 Series Routers are prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCub31873. Cisco IOS XE is an operating system developed by Cisco for its network equipment. There is a security vulnerability in versions earlier than Cisco IOS XE 3.7.5S. The vulnerability is caused by the fact that the program does not correctly handle the adjacency relationship of routers

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request

Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition has a security vulnerability that could allow an attacker to execute malicious content in a vulnerable web application. The server reads the data directly from the HTTP request and then returns it in the HTTP response. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible

Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities. A local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions

Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAccess restrictions may be avoided by using an unattended workstation by a third party. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition does not delete the session after the user quits, which allows the attacker to reuse the current session. Successful exploits may allow an attacker to gain unauthorized access to the affected application

Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. This may aid in further attacks

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. Inductive Automation Ignition The brute force ( Brute force attack ) A vulnerability exists that bypasses the protection mechanism. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition prevents security attacks from violent attacks. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service (DoS) amplification attacks. Multiple products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information or crash the system, resulting in a denial-of-service condition. Other attacks are also possible. IBM Security Access Manager (ISAM) for Web (formerly known as IBM Tivoli Access Manager for e-business) is a set of products used in user authentication, authorization and Web single sign-on solutions of IBM Corporation in the United States. It provides user access management and Web application protection function. The following versions are affected: ISAM for Web 7.0 with firmware 7.0.0.11 and earlier, and ISAM for Web 8.0 with firmware 8.0.0.1 through 8.0.0.5 and 8.0.1.0

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. (plaintext-recovery attack) There is a vulnerability that can be executed. RC4 is a stream encryption algorithm with variable key length developed by American software developer Ronald Rivest. The algorithm consists of a pseudo-random number generator and an XOR operation, and supports encryption and decryption using the same key. There is a security loophole in the RC4 algorithm used in the TLS protocol and the SSL protocol. - The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. HP Performance Manager v9.0x and v9.20. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04779034 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04779034 Version: 2 HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-09-15 Last Updated: 2015-10-01 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerabilities have been identified with HP P6000 Command View Software . They are the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", and the RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" which could be exploited remotely to allow disclosure of information. References: CVE-2014-3566 - "POODLE" CVE-2015-2808 - "Bar Mitzvah" SSRT102013 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP P6000 Command View Software v10.3.6 and earlier running on Windows and Linux BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has released the following software update to resolve the vulnerability in HP P6000 Command View Software. HP P6000 Command View Software v10.3.7 The HP P6000 Command View 10.3.7 software can be obtained at the HP Support Center here: http://h20565.www2.hpe.com/portal/site/hpsc by signing into your HP Passport account. Note: A valid HP Passport account is required to access this software. For more information about downloading this software, contact your HP representative. HISTORY Version:1 (rev.1) - 15 September 2015 Initial release Version:2 (rev.2) - 1 October 2015 Added CVE-2015-2808, added documentation on how to find the update. Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Service Manager Software versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2015-2808 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI d=emr_na-c01345499 RESOLUTION HPE has made the following mitigation information available to resolve the vulnerability for the impacted versions of HPE Service Manager: https://softw aresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document /KM01566352 For versions 9.30, 9.31, 9.32, 9.33, 9.34 please: Upgrade to SM 9.35.P4 (recommended) or SM 9.34.P5 SM9.35 P4 package, SM 9.35 AIX Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143332 SM 9.35 HP Itanium Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143206 SM 9.35 HP Itanium Server for Oracle 12c 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143388 SM 9.35 Linux Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143530 SM 9.35 Solaris Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143276 SM 9.35 Windows Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143589 SM 9.34.P5 package, AIX Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02310304 HP Itanium Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02311066 Linux Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02310566 Solaris Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02311656 Windows Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02310486 For version 9.35 please: Upgrade to SM 9.35.P4 SM9.35 P4 package, SM 9.35 AIX Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143332 SM 9.35 HP Itanium Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143206 SM 9.35 HP Itanium Server for Oracle 12c 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143388 SM 9.35 Linux Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143530 SM 9.35 Solaris Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143276 SM 9.35 Windows Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143589 For version 9.40 please: Upgrade to SM 9.41.P3 SM9.41.P3 package, Service Manager 9.41.3016 p3 - Server for AIX https://softwaresupport.hpe.com/km/KM02236813 Service Manager 9.41.3016 p3 - Server for HP-UX/IA https://softwaresupport.hpe.com/km/KM02236897 Service Manager 9.41.3016 p3 - Server for Linux https://softwaresupport.hpe.com/km/KM02236827 Service Manager 9.41.3016 p3 - Server for Solaris https://softwaresupport.hpe.com/km/KM02236843 Service Manager 9.41.3016 p3 - Server for Windows https://softwaresupport.hpe.com/km/KM02236929 HISTORY Version:1 (rev.1) - 1 July 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-2696-1 July 30, 2015 openjdk-7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenJDK 7. Software Description: - openjdk-7: Open Source Java implementation Details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748) Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. An attacker could exploit these to expose sensitive data over the network. A remote attacker could exploit this to cause a denial of service. (CVE-2015-4749) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: icedtea-7-jre-jamvm 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jdk 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jre 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jre-headless 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jre-lib 7u79-2.5.6-0ubuntu1.15.04.1 openjdk-7-jre-zero 7u79-2.5.6-0ubuntu1.15.04.1 Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jdk 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre-headless 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre-lib 7u79-2.5.6-0ubuntu1.14.04.1 openjdk-7-jre-zero 7u79-2.5.6-0ubuntu1.14.04.1 This update uses a new upstream release, which includes additional bug fixes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:1230-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1230.html Issue date: 2015-07-15 CVE Names: CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.src.rpm i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2625 https://access.redhat.com/security/cve/CVE-2015-2628 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11 https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVpljRXlSAg2UNWIIRAl93AJ0bTWDExJ3gT6Vf3jj7gLWm1931JQCfSHwy geoA6gBwA56Ep9ZcHnUCxAU= =qQgk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - x86_64 3. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211771 - CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment) 1219212 - CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass 1219215 - CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass 1219223 - CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK) 6