VARIoT IoT vulnerabilities database
| VAR-201506-0085 | CVE-2015-3101 | Adobe Flash Player and Adobe AIR of Flash Broker integrity level "Low" From "During" Vulnerabilities migrated to |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium Integrity via unspecified vectors. This vulnerability CVE-2015-3098 and CVE-2015-3102 Is a different vulnerability.An attacker could move the integrity level from low to medium.
Attackers can exploit this issue to gain elevated privileges within the application.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201506-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: June 21, 2015
Bugs: #551658
ID: 201506-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-plugins/adobe-flash < 11.2.202.466 >= 11.2.202.466
Description
===========
Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0086 | CVE-2015-3102 | Adobe Flash Player and Adobe AIR Vulnerabilities that bypass the same origin policy |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099. Adobe Flash Player and Adobe AIR Contains a vulnerability that bypasses the same origin policy. This vulnerability CVE-2015-3098 and CVE-2015-3099 Is a different vulnerability.A third party can bypass the same origin policy.
An attacker can exploit these issues to bypass certain same-origin policy restrictions and to access sensitive information, which may aid in further attacks. Security flaws exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0084 | CVE-2015-3100 | Adobe Flash Player and Adobe AIR Vulnerable to stack-based buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105,
CVE-2015-3106, CVE-2015-3107)
Multiple security bypass flaws were found in flash-plugin that could lead
to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
(CVE-2015-3108)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.466.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0083 | CVE-2015-3099 | Adobe Flash Player and Adobe AIR Vulnerabilities that bypass the same origin policy |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3102. Adobe Flash Player and Adobe AIR Contains a vulnerability that bypasses the same origin policy. This vulnerability CVE-2015-3098 and CVE-2015-3102 Is a different vulnerability.A third party can bypass the same origin policy.
An attacker can exploit these issues to bypass certain same-origin policy restrictions and to access sensitive information, which may aid in further attacks. Security flaws exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0082 | CVE-2015-3098 | Adobe Flash Player and Adobe AIR Vulnerabilities that bypass the same origin policy |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102. Adobe Flash Player and Adobe AIR Contains a vulnerability that bypasses the same origin policy. This vulnerability CVE-2015-3099 and CVE-2015-3102 Is a different vulnerability.A third party can bypass the same origin policy.
An attacker can exploit these issues to bypass certain same-origin policy restrictions and to access sensitive information, which may aid in further attacks. Security flaws exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0080 | CVE-2015-3096 | Adobe Flash Player and Adobe AIR In CVE-2014-5333 Vulnerabilities that bypass the protection mechanism |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors. Adobe Flash Player and Adobe AIR Is CVE-2014-5333 A vulnerability exists that bypasses the protection mechanism.By a third party CVE-2014-5333 Protection mechanisms may be bypassed.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security flaws exist in several Adobe products. An attacker could exploit this vulnerability to bypass the cross-site request forgery protection mechanism. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105,
CVE-2015-3106, CVE-2015-3107)
Multiple security bypass flaws were found in flash-plugin that could lead
to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0072 | CVE-2015-3106 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107. Adobe Flash Player and Adobe AIR Use freed memory (Use-after-free) May allow arbitrary code execution vulnerabilities. This vulnerability CVE-2015-3103 and CVE-2015-3107 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Flash Player, Adobe AIR SDK and Adobe AIR SDK & Compiler are all products of American Adobe (Adobe). A use-after-free vulnerability exists in several Adobe products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105,
CVE-2015-3106, CVE-2015-3107)
Multiple security bypass flaws were found in flash-plugin that could lead
to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
(CVE-2015-3108)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.466.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0074 | CVE-2015-3108 | Adobe Flash Player and Adobe AIR In ASLR Vulnerabilities that circumvent protection mechanisms |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. Adobe Flash Player and Adobe AIR Does not properly limit memory address detection, ASLR A vulnerability exists that bypasses the protection mechanism.By the attacker, ASLR Protection mechanisms may be bypassed.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Attackers can exploit this vulnerability to bypass the established ASLR protection mechanism and take control of the affected system. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105,
CVE-2015-3106, CVE-2015-3107)
Multiple security bypass flaws were found in flash-plugin that could lead
to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0071 | CVE-2015-3105 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player and AIR are prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Security flaws exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105,
CVE-2015-3106, CVE-2015-3107)
Multiple security bypass flaws were found in flash-plugin that could lead
to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0073 | CVE-2015-3107 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. Adobe Flash Player and Adobe AIR Use freed memory (Use-after-free) May allow arbitrary code execution vulnerabilities. This vulnerability CVE-2015-3103 and CVE-2015-3106 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Flash Player, Adobe AIR SDK and Adobe AIR SDK & Compiler are all products of American Adobe (Adobe). A use-after-free vulnerability exists in several Adobe products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:1086-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html
Issue date: 2015-06-10
CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099
CVE-2015-3100 CVE-2015-3102 CVE-2015-3103
CVE-2015-3104 CVE-2015-3105 CVE-2015-3106
CVE-2015-3107 CVE-2015-3108
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105,
CVE-2015-3106, CVE-2015-3107)
Multiple security bypass flaws were found in flash-plugin that could lead
to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098,
CVE-2015-3099, CVE-2015-3102)
A memory information leak flaw was found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
(CVE-2015-3108)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.466.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11
1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11
1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.466-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.466-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.466-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3096
https://access.redhat.com/security/cve/CVE-2015-3098
https://access.redhat.com/security/cve/CVE-2015-3099
https://access.redhat.com/security/cve/CVE-2015-3100
https://access.redhat.com/security/cve/CVE-2015-3102
https://access.redhat.com/security/cve/CVE-2015-3103
https://access.redhat.com/security/cve/CVE-2015-3104
https://access.redhat.com/security/cve/CVE-2015-3105
https://access.redhat.com/security/cve/CVE-2015-3106
https://access.redhat.com/security/cve/CVE-2015-3107
https://access.redhat.com/security/cve/CVE-2015-3108
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa
u416jfOUFziDYbxIZyHYjaI=
=EMNe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466"
References
==========
[ 1 ] CVE-2015-3096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096
[ 2 ] CVE-2015-3097
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097
[ 3 ] CVE-2015-3098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098
[ 4 ] CVE-2015-3099
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099
[ 5 ] CVE-2015-3100
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100
[ 6 ] CVE-2015-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101
[ 7 ] CVE-2015-3102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102
[ 8 ] CVE-2015-3103
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103
[ 9 ] CVE-2015-3104
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104
[ 10 ] CVE-2015-3105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105
[ 11 ] CVE-2015-3106
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106
[ 12 ] CVE-2015-3107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107
[ 13 ] CVE-2015-3108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108
[ 14 ] CVE-2015-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0054 | CVE-2014-4875 | Toshiba CHEC Hardcoded Cryptographic Key Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. Toshiba CHEC Is AES There is a problem where the common key is hard-coded. The encryption key is hard-coded (CWE-321) - CVE-2014-4875 Toshiba CHEC of CreateBossCredentials.jar Used for encryption AES There is a problem where the common key is hard-coded. bossinfo.pro An attacker with access to the file was hard-coded AES Using a common key, BOSS It is possible to decrypt encrypted information such as database authentication information. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.htmlBy an attacker with access to the product, BOSS The authentication information of the database may be obtained. Toshiba CHEC is a product of Toshiba Corporation.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks
| VAR-201506-0170 | CVE-2015-0737 | Cisco FireSIGHT System Software Cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099. Cisco FireSIGHT system The software contains a cross-site scripting vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCuu11099. Cisco FireSIGHT System Software is a set of management center software of Cisco (Cisco), which supports centralized management of the network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services
| VAR-201506-0163 | CVE-2015-0771 | Catalyst 6500 Runs on series devices Cisco IOS of WS-IPSEC-3 Service operation disruption in service modules (DoS) Vulnerabilities |
CVSS V2: 6.3 CVSS V3: - Severity: MEDIUM |
The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505. The Cisco Catalyst 6500 Series Switches are a set of 6500 series switches. A denial of service vulnerability exists in Cisco Catalyst 6500 Series Switches that allows remote attackers to submit special requests to overload the switch, causing a denial of service attack.
Attackers can exploit this issue to reload the affected device, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCur70505. WS-IPSEC-3 service is one of the IPsec VPN service modules. The vulnerability is caused by insufficient boundary checks on specially crafted messages when the program establishes an IPsec tunnel
| VAR-201506-0571 | No CVE | Same as TD-9436T camera RTSP protocol buffer overflow vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The same TD-9436T camera is a product produced by Shenzhen Tongwei Digital Technology Co., Ltd.
In the normal user mode, if the method of sending an RTSP packet is setup, and the length of the string between two consecutive semicolons in the Transport field exceeds 135, the machine will experience a buffer overflow and crash. An attacker could use this vulnerability to crash the application.
| VAR-201609-0432 | CVE-2016-4303 | cJSON Library cjson.c Inside parse_string Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. ESnetiPerf3 is a suite of tools for testing the maximum bandwidth in an IP network. A heap buffer overflow vulnerability exists in the JSON processing function of Esnetiperf version 3.1.1. ESnet iPerf3 is prone to a heap-based buffer-overflow vulnerability. Failed attempts will likely cause a denial-of-service condition.
ESnet iPerf3 3.1.1. and 3.1-1 are vulnerable; other versions may also be affected
| VAR-201506-0008 | CVE-2014-9284 | Multiple Buffalo wireless LAN routers vulnerable to OS command injection |
CVSS V2: 7.7 CVSS V3: - Severity: HIGH |
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An authenticated attacker may be able to execute arbitrary OS commands. Buffalo WHR-1166DHP, etc
| VAR-201506-0159 | CVE-2015-0767 | Cisco Edge 340 Device Cisco Edge 300 Vulnerability in software with root privileges |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. Successful exploits will result in the complete compromise of affected computers.
This issue is being tracked by Cisco Bug ID CSCur18132. The former is a digital signage multimedia player device; the latter is a 300 series intelligent open access platform integrating wireless and switch functions
| VAR-201506-0162 | CVE-2015-0770 | Cisco TelePresence Integrator C SX20 Run on device TelePresence TC In software CRLF Injection vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. Cisco TelePresence Integrator C SX20 Run on device TelePresence TC The software includes CRLF An injection vulnerability exists.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.
This issue is being tracked by Cisco Bug ID CSCut79341
| VAR-201506-0271 | CVE-2015-4051 |
Beckhoff IPC Diagnostics Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201506-0209 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService disruption through a crafted request by a third party ( Reboot or shutdown ) It can be unspecified, such as being in a state or creating an arbitrary user. Beckhoff IPC Diagnostics is a set of support software pre-installed in all Beckhoff IPC/PLC (Programmable Logic Controllers) running on the Microsoft Windows operating system. Beckhoff IPC diagnostics is prone to multiple authentication-bypass vulnerabilities.
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
| VAR-201506-0320 | CVE-2015-4148 | PHP of ext/soap/soap.c Inside do_soap_call Vulnerabilities that capture important information in functions |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. PHP is prone to an information-disclosure vulnerability because of a type confusion error.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability stems from the fact that the program does not verify whether the uri attribute is a string. The following versions are affected: PHP prior to 5.4.39, 5.5.x prior to 5.5.23, and 5.6.x prior to 5.6.7. 6) - i386, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: php security and bug fix update
Advisory ID: RHSA-2015:1135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html
Issue date: 2015-06-23
CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705
CVE-2014-9709 CVE-2015-0231 CVE-2015-0232
CVE-2015-0273 CVE-2015-2301 CVE-2015-2348
CVE-2015-2783 CVE-2015-2787 CVE-2015-3307
CVE-2015-3329 CVE-2015-3330 CVE-2015-3411
CVE-2015-3412 CVE-2015-4021 CVE-2015-4022
CVE-2015-4024 CVE-2015-4025 CVE-2015-4026
CVE-2015-4147 CVE-2015-4148 CVE-2015-4598
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601
CVE-2015-4602 CVE-2015-4603 CVE-2015-4604
CVE-2015-4605
=====================================================================
1. Summary:
Updated php packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the PHP module for the Apache httpd web server
handled pipelined requests. A remote attacker could use this flaw to
trigger the execution of a PHP script in a deinitialized interpreter,
causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)
A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)
An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)
An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)
Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,
CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)
It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,
CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)
Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)
Multiple flaws were found in PHP's File Information (fileinfo) extension.
A remote attacker could cause a PHP application to crash if it used
fileinfo to identify type of attacker supplied files. (CVE-2014-9652,
CVE-2015-4604, CVE-2015-4605)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
This update also fixes the following bugs:
* The libgmp library in some cases terminated unexpectedly with a
segmentation fault when being used with other libraries that use the GMP
memory management. With this update, PHP no longer changes libgmp memory
allocators, which prevents the described crash from occurring. (BZ#1212305)
* When using the Open Database Connectivity (ODBC) API, the PHP process
in some cases terminated unexpectedly with a segmentation fault. The
underlying code has been adjusted to prevent this crash. (BZ#1212299)
* Previously, running PHP on a big-endian system sometimes led to memory
corruption in the fileinfo module. This update adjusts the behavior of
the PHP pointer so that it can be freed without causing memory corruption.
(BZ#1212298)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions
1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo
1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing
1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()
1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS
1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods
1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions
1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize
1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
ppc64:
php-5.4.16-36.el7_1.ppc64.rpm
php-cli-5.4.16-36.el7_1.ppc64.rpm
php-common-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-gd-5.4.16-36.el7_1.ppc64.rpm
php-ldap-5.4.16-36.el7_1.ppc64.rpm
php-mysql-5.4.16-36.el7_1.ppc64.rpm
php-odbc-5.4.16-36.el7_1.ppc64.rpm
php-pdo-5.4.16-36.el7_1.ppc64.rpm
php-pgsql-5.4.16-36.el7_1.ppc64.rpm
php-process-5.4.16-36.el7_1.ppc64.rpm
php-recode-5.4.16-36.el7_1.ppc64.rpm
php-soap-5.4.16-36.el7_1.ppc64.rpm
php-xml-5.4.16-36.el7_1.ppc64.rpm
php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-5.4.16-36.el7_1.s390x.rpm
php-cli-5.4.16-36.el7_1.s390x.rpm
php-common-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-gd-5.4.16-36.el7_1.s390x.rpm
php-ldap-5.4.16-36.el7_1.s390x.rpm
php-mysql-5.4.16-36.el7_1.s390x.rpm
php-odbc-5.4.16-36.el7_1.s390x.rpm
php-pdo-5.4.16-36.el7_1.s390x.rpm
php-pgsql-5.4.16-36.el7_1.s390x.rpm
php-process-5.4.16-36.el7_1.s390x.rpm
php-recode-5.4.16-36.el7_1.s390x.rpm
php-soap-5.4.16-36.el7_1.s390x.rpm
php-xml-5.4.16-36.el7_1.s390x.rpm
php-xmlrpc-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.ael7b_1.src.rpm
ppc64le:
php-5.4.16-36.ael7b_1.ppc64le.rpm
php-cli-5.4.16-36.ael7b_1.ppc64le.rpm
php-common-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-gd-5.4.16-36.ael7b_1.ppc64le.rpm
php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm
php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm
php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm
php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm
php-process-5.4.16-36.ael7b_1.ppc64le.rpm
php-recode-5.4.16-36.ael7b_1.ppc64le.rpm
php-soap-5.4.16-36.ael7b_1.ppc64le.rpm
php-xml-5.4.16-36.ael7b_1.ppc64le.rpm
php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
php-bcmath-5.4.16-36.el7_1.ppc64.rpm
php-dba-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-devel-5.4.16-36.el7_1.ppc64.rpm
php-embedded-5.4.16-36.el7_1.ppc64.rpm
php-enchant-5.4.16-36.el7_1.ppc64.rpm
php-fpm-5.4.16-36.el7_1.ppc64.rpm
php-intl-5.4.16-36.el7_1.ppc64.rpm
php-mbstring-5.4.16-36.el7_1.ppc64.rpm
php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm
php-pspell-5.4.16-36.el7_1.ppc64.rpm
php-snmp-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-bcmath-5.4.16-36.el7_1.s390x.rpm
php-dba-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-devel-5.4.16-36.el7_1.s390x.rpm
php-embedded-5.4.16-36.el7_1.s390x.rpm
php-enchant-5.4.16-36.el7_1.s390x.rpm
php-fpm-5.4.16-36.el7_1.s390x.rpm
php-intl-5.4.16-36.el7_1.s390x.rpm
php-mbstring-5.4.16-36.el7_1.s390x.rpm
php-mysqlnd-5.4.16-36.el7_1.s390x.rpm
php-pspell-5.4.16-36.el7_1.s390x.rpm
php-snmp-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm
php-dba-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-devel-5.4.16-36.ael7b_1.ppc64le.rpm
php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm
php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm
php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm
php-intl-5.4.16-36.ael7b_1.ppc64le.rpm
php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm
php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm
php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2783
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-3307
https://access.redhat.com/security/cve/CVE-2015-3329
https://access.redhat.com/security/cve/CVE-2015-3330
https://access.redhat.com/security/cve/CVE-2015-3411
https://access.redhat.com/security/cve/CVE-2015-3412
https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4025
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/cve/CVE-2015-4599
https://access.redhat.com/security/cve/CVE-2015-4600
https://access.redhat.com/security/cve/CVE-2015-4601
https://access.redhat.com/security/cve/CVE-2015-4602
https://access.redhat.com/security/cve/CVE-2015-4603
https://access.redhat.com/security/cve/CVE-2015-4604
https://access.redhat.com/security/cve/CVE-2015-4605
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O
dtqycPWs+07GhjmZ6NNx5Bg=
=FREZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ============================================================================
Ubuntu Security Notice USN-2658-1
July 06, 2015
php5 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL
bytes in file paths. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,
CVE-2015-4598)
Emmanuel Law discovered that the PHP phar extension incorrectly handled
filenames starting with a NULL byte. (CVE-2015-4021)
Max Spelsberg discovered that PHP incorrectly handled the LIST command
when connecting to remote FTP servers. (CVE-2015-4024)
Andrea Palazzo discovered that the PHP Soap client incorrectly validated
data types. (CVE-2015-4147)
Andrea Palazzo discovered that the PHP Soap client incorrectly validated
that the uri property is a string. This issue only affected Ubuntu
15.04. (CVE-2015-4644)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.2
php5-cgi 5.6.4+dfsg-4ubuntu6.2
php5-cli 5.6.4+dfsg-4ubuntu6.2
php5-fpm 5.6.4+dfsg-4ubuntu6.2
Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.6
php5-cgi 5.5.12+dfsg-2ubuntu4.6
php5-cli 5.5.12+dfsg-2ubuntu4.6
php5-fpm 5.5.12+dfsg-2ubuntu4.6
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.11
php5-cgi 5.5.9+dfsg-1ubuntu4.11
php5-cli 5.5.9+dfsg-1ubuntu4.11
php5-fpm 5.5.9+dfsg-1ubuntu4.11
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.19
php5-cgi 5.3.10-1ubuntu3.19
php5-cli 5.3.10-1ubuntu3.19
php5-fpm 5.3.10-1ubuntu3.19
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PHP: Multiple vulnerabilities
Date: June 19, 2016
Bugs: #537586, #541098, #544186, #544330, #546872, #549538,
#552408, #555576, #555830, #556952, #559612, #562882,
#571254, #573892, #577376
ID: 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in PHP, the worst of which
could lead to arbitrary code execution, or cause a Denial of Service
condition.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
PHP 5.4 is now masked in Portage:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
==========
[ 1 ] CVE-2013-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
[ 2 ] CVE-2014-9705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
[ 3 ] CVE-2014-9709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
[ 4 ] CVE-2015-0231
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
[ 5 ] CVE-2015-0273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
[ 6 ] CVE-2015-1351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
[ 7 ] CVE-2015-1352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
[ 8 ] CVE-2015-2301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
[ 9 ] CVE-2015-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
[ 10 ] CVE-2015-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
[ 11 ] CVE-2015-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
[ 12 ] CVE-2015-3329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
[ 13 ] CVE-2015-3330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
[ 14 ] CVE-2015-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
[ 15 ] CVE-2015-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
[ 16 ] CVE-2015-4025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
[ 17 ] CVE-2015-4026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
[ 18 ] CVE-2015-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
[ 19 ] CVE-2015-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
[ 20 ] CVE-2015-4642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
[ 21 ] CVE-2015-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
[ 22 ] CVE-2015-4644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
[ 23 ] CVE-2015-6831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
[ 24 ] CVE-2015-6832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
[ 25 ] CVE-2015-6833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
[ 26 ] CVE-2015-6834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
[ 27 ] CVE-2015-6835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
[ 28 ] CVE-2015-6836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
[ 29 ] CVE-2015-6837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
[ 30 ] CVE-2015-6838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
[ 31 ] CVE-2015-7803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
[ 32 ] CVE-2015-7804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. The php55 packages provide a recent stable release of PHP with
the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a
number of additional utilities. (CVE-2014-9709)
A use-after-free flaw was found in PHP's OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory