VARIoT IoT vulnerabilities database
| VAR-201504-0585 | No CVE | ASUS RT-G32 Router Cross-Site Scripting Vulnerability and Cross-Site Request Forgery Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
ASUS RT-G32 Router is a wireless router product from ASUS.
Cross-site scripting vulnerabilities and cross-site request forgery vulnerabilities exist in ASUS RT-G32 routers using firmware version 2.0.2.6 and 2.0.3.2. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication and performing unauthorized operations. Other attacks may also be possible
| VAR-201504-0302 | CVE-2015-2115 | HP Capture and Route Software Vulnerability in which important information is obtained |
CVSS V2: 2.7 CVSS V3: - Severity: LOW |
Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information via unknown vectors.
An attacker can exploit this issue to gain access to sensitive information from the application; this may lead to further attacks. The solution provides functions such as file finding, distribution, and tracking, and supports record retention, document security, and privacy. There are security holes in HPCR. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04633710
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04633710
Version: 1
HPSBPI03315 rev.1 - HP Capture and Route Software, Remote Information
Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. The vulnerability could be exploited remotely resulting in
information disclosure.
References:
CVE-2015-2115
SSRT102023
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Go to
https://h20566.www2.hp.com/hpsc/swd/public/detail?swItemId=co-146674-1
2. Select "Download" to download the HPCR 1_4 Patch 1 file.
- HPCR 1.3 or HPCR 1.3 FP1
1. Go to either:
- ftp://cr1_3:h}PV3he=@h2.usa.hp.com
- https://h2.usa.hp.com/hprc
Enter the following credentials (Case sensitive):
Login: cr1_3
Password: h}PV3he=
2. Select the appropriate patch version for HPCR 1.3 (HPCR 1_3 Patch 7)
or HPCR 1.3 FP1 (HPCR 1_3 FP1 Patch 1).
3. Save the selected zip file using your web browsers instructions.
HISTORY
Version:1 (rev.1) - 24 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlU6fL4ACgkQ4B86/C0qfVncUwCgr2hJ+M0X80YS1+p8pFFC5ywb
q0wAnjbue9wu92giSxJwcoBMelcfkYq7
=+bok
-----END PGP SIGNATURE-----
| VAR-201505-0274 | CVE-2014-8361 | Multiple vulnerabilities in multiple ELECOM products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: Medium |
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Provided by Buffalo Co., Ltd. WSR-300HP is wireless LAN It's a router. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service condition. Realtek SDK is a set of SDK development kit developed by Realtek
| VAR-201504-0477 | CVE-2015-3414 | SQLite Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. The system has the characteristics of independence, isolation, and cross-platform. There is a security vulnerability in SQLite versions prior to 3.8.9. The vulnerability is caused by the program not correctly handling the 'dequote' operation of the collation-sequence name. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: SQLite: Multiple vulnerabilities
Date: July 07, 2015
Bugs: #546626
ID: 201507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in SQLite, allowing
context-dependent attackers to cause a Denial of Service condition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/sqlite < 3.8.9 >= 3.8.9
Description
===========
Multiple vulnerabilities have been discovered in SQLite. Please review
the CVE identifiers referenced below for details.
Impact
======
A context-dependent attacker could possibly cause a Denial of Service
condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All SQLite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.8.9"
References
==========
[ 1 ] CVE-2015-3414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3414
[ 2 ] CVE-2015-3415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3415
[ 3 ] CVE-2015-3416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3416
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201507-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: sqlite security update
Advisory ID: RHSA-2015:1635-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1635.html
Issue date: 2015-08-17
CVE Names: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416
=====================================================================
1. Summary:
An updated sqlite package that fixes three security issues is now available
for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
3. Description:
SQLite is a C library that implements an SQL database engine. A large
subset of SQL92 is supported. A complete database is stored in a single
disk file. The API is designed for convenience and ease of use.
Applications that link against SQLite can enjoy the power and flexibility
of an SQL database without the administrative hassles of supporting a
separate database server.
A flaw was found in the way SQLite handled dequoting of collation-sequence
names.
(CVE-2015-3414)
It was found that SQLite's sqlite3VdbeExec() function did not properly
implement comparison operators. A local attacker could submit a specially
crafted CHECK statement that would crash the SQLite process, or have other
unspecified impacts. (CVE-2015-3415)
It was found that SQLite's sqlite3VXPrintf() function did not properly
handle precision and width values during floating-point conversions.
(CVE-2015-3416)
All sqlite users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1212353 - CVE-2015-3414 sqlite: use of uninitialized memory when parsing collation sequences in src/where.c
1212356 - CVE-2015-3415 sqlite: invalid free() in src/vdbe.c
1212357 - CVE-2015-3416 sqlite: stack buffer overflow in src/printf.c
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
sqlite-3.7.17-6.el7_1.1.src.rpm
x86_64:
sqlite-3.7.17-6.el7_1.1.i686.rpm
sqlite-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm
x86_64:
lemon-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
sqlite-3.7.17-6.el7_1.1.src.rpm
x86_64:
sqlite-3.7.17-6.el7_1.1.i686.rpm
sqlite-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm
x86_64:
lemon-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
sqlite-3.7.17-6.el7_1.1.src.rpm
ppc64:
sqlite-3.7.17-6.el7_1.1.ppc.rpm
sqlite-3.7.17-6.el7_1.1.ppc64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.ppc.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm
sqlite-devel-3.7.17-6.el7_1.1.ppc.rpm
sqlite-devel-3.7.17-6.el7_1.1.ppc64.rpm
s390x:
sqlite-3.7.17-6.el7_1.1.s390.rpm
sqlite-3.7.17-6.el7_1.1.s390x.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.s390.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm
sqlite-devel-3.7.17-6.el7_1.1.s390.rpm
sqlite-devel-3.7.17-6.el7_1.1.s390x.rpm
x86_64:
sqlite-3.7.17-6.el7_1.1.i686.rpm
sqlite-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
sqlite-3.7.17-6.ael7b_1.1.src.rpm
ppc64le:
sqlite-3.7.17-6.ael7b_1.1.ppc64le.rpm
sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm
sqlite-devel-3.7.17-6.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm
ppc64:
lemon-3.7.17-6.el7_1.1.ppc64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.ppc64.rpm
s390x:
lemon-3.7.17-6.el7_1.1.s390x.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm
sqlite-tcl-3.7.17-6.el7_1.1.s390x.rpm
x86_64:
lemon-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.ael7b_1.1.noarch.rpm
ppc64le:
lemon-3.7.17-6.ael7b_1.1.ppc64le.rpm
sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm
sqlite-tcl-3.7.17-6.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
sqlite-3.7.17-6.el7_1.1.src.rpm
x86_64:
sqlite-3.7.17-6.el7_1.1.i686.rpm
sqlite-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm
x86_64:
lemon-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3414
https://access.redhat.com/security/cve/CVE-2015-3415
https://access.redhat.com/security/cve/CVE-2015-3416
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFV0c4vXlSAg2UNWIIRAk8jAJ9ya3aROVTX8RDQ+RlCcls0ddR6CACfaeH9
Q91hN45yeXgVnmom/HYSQRU=
=814S
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in expat
Description: Multiple issues existed in expat. These issues were
addressed by updating expat to version 2.2.0.
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
https://bugzilla.redhat.com/show_bug.cgi?id=1212353
https://bugzilla.redhat.com/show_bug.cgi?id=1212356
https://bugzilla.redhat.com/show_bug.cgi?id=1212357
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
adb7e2731d814af7948c8a65662e7c71 mbs1/x86_64/lemon-3.8.9-1.mbs1.x86_64.rpm
8c9620460c62d0f7d07bd5fee68ac038 mbs1/x86_64/lib64sqlite3_0-3.8.9-1.mbs1.x86_64.rpm
f060fd3ca68302f59e47e9bc1b336d4b mbs1/x86_64/lib64sqlite3-devel-3.8.9-1.mbs1.x86_64.rpm
0fdd2e8a7456b51773b2a131534b9867 mbs1/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs1.x86_64.rpm
14682c0d09a3dc73f4405ee136c6115d mbs1/x86_64/sqlite3-tcl-3.8.9-1.mbs1.x86_64.rpm
c2fc81b9162865ecdcef85aaa805507f mbs1/x86_64/sqlite3-tools-3.8.9-1.mbs1.x86_64.rpm
474e6b9bc6a7299f8ab34a90893bbd96 mbs1/SRPMS/sqlite3-3.8.9-1.mbs1.src.rpm
Mandriva Business Server 2/X86_64:
44c4a002a3480388751603981327a21d mbs2/x86_64/lemon-3.8.9-1.mbs2.x86_64.rpm
9d2ded51447e5f133c37257635ef4f22 mbs2/x86_64/lib64sqlite3_0-3.8.9-1.mbs2.x86_64.rpm
42c8fce0126487fa0a72b4f5f1b5e852 mbs2/x86_64/lib64sqlite3-devel-3.8.9-1.mbs2.x86_64.rpm
a93c0f348006f6675779bf7cd5c9f547 mbs2/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs2.x86_64.rpm
792f42a7a38d7947e7b5d0ea67510de2 mbs2/x86_64/sqlite3-tcl-3.8.9-1.mbs2.x86_64.rpm
947e30fcb8c4f19b1398d6e29adc29ac mbs2/x86_64/sqlite3-tools-3.8.9-1.mbs2.x86_64.rpm
150cb2acc870d5ca8a343f21edef4248 mbs2/SRPMS/sqlite3-3.8.9-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVQdZEmqjQ0CJFipgRAvj9AJ9qeo094/bpIyYh46OHXWO6W26qUACg4mCP
t5Ka/OioHfZ/AmIloxds0/s=
=X45P
-----END PGP SIGNATURE-----
.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
f34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz
Slackware 14.1 package:
6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz
Slackware -current package:
020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz
Slackware x86_64 -current package:
681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.43-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address
| VAR-201504-0147 | CVE-2015-3143 | cURL and libcurl Vulnerabilities connected as other users |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. Both Haxx curl and libcurl are products of the Swedish company Haxx. ============================================================================
Ubuntu Security Notice USN-2591-1
April 30, 2015
curl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP
credentials when subsequently connecting to the same host over HTTP.
(CVE-2015-3143)
Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names.
If a user or automated system were tricked into using a specially crafted
host name, an attacker could possibly use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04.
If a user or automated system were tricked into parsing a specially crafted
cookie, an attacker could possibly use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04.
(CVE-2015-3145)
Isaac Boukris discovered that when using Negotiate authenticated
connections, curl could incorrectly authenticate the entire connection and
not just specific HTTP requests. (CVE-2015-3148)
Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers
both to servers and proxies by default, contrary to expectations. This
issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libcurl3 7.38.0-3ubuntu2.2
libcurl3-gnutls 7.38.0-3ubuntu2.2
libcurl3-nss 7.38.0-3ubuntu2.2
Ubuntu 14.10:
libcurl3 7.37.1-1ubuntu3.4
libcurl3-gnutls 7.37.1-1ubuntu3.4
libcurl3-nss 7.37.1-1ubuntu3.4
Ubuntu 14.04 LTS:
libcurl3 7.35.0-1ubuntu2.5
libcurl3-gnutls 7.35.0-1ubuntu2.5
libcurl3-nss 7.35.0-1ubuntu2.5
Ubuntu 12.04 LTS:
libcurl3 7.22.0-3ubuntu4.14
libcurl3-gnutls 7.22.0-3ubuntu4.14
libcurl3-nss 7.22.0-3ubuntu4.14
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: cURL: Multiple vulnerabilities
Date: September 24, 2015
Bugs: #547376, #552618
ID: 201509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in cURL, the worst of which
can allow remote attackers to cause Denial of Service condition.
Background
==========
cURL is a tool and libcurl is a library for transferring data with URL
syntax.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
===========
Multiple vulnerabilities have been discovered in cURL. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
==========
[ 1 ] CVE-2015-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143
[ 2 ] CVE-2015-3144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144
[ 3 ] CVE-2015-3145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145
[ 4 ] CVE-2015-3148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148
[ 5 ] CVE-2015-3236
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236
[ 6 ] CVE-2015-3237
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04986859
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04986859
Version: 1
HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware
7 and cURL, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-02-19
Last Updated: 2016-02-19
Potential Security Impact: Remote Unauthorized Access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities in cURL and libcurl have been addressed
with HPE iMC PLAT and other HP and H3C products using Comware 7. The
vulnerabilities could be exploited remotely resulting in unauthorized access.
References:
- CVE-2015-3143
- CVE-2015-3148
- SSRT102110
- PSRT110028
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has released the following software updates to resolve the
vulnerabilities in Comware 7 and iMC Plat.
**COMWARE 7 Products**
+ 12500 (Comware 7) R7375
* HP Network Products
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JC072B HP 12500 Main Processing Unit
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis
- JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis
- JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis
- JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis
- JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
- JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module
- JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module
- JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module
- JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module
- JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module
- JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module
- JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module
- JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant
Module
- JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module
- JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module
- JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module
- JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module
- JG798A HP FlexFabric 12508E Fabric Module
* H3C Products
- H3C S12508 Routing Switch (AC-1) (0235A0GE)
- H3C S12518 Routing Switch (AC-1) (0235A0GF)
- H3C S12508 Chassis (0235A0E6)
- H3C S12508 Chassis (0235A38N)
- H3C S12518 Chassis (0235A0E7)
- H3C S12518 Chassis (0235A38M)
- H3C 12508 DC Switch Chassis (0235A38L)
- H3C 12518 DC Switch Chassis (0235A38K)
+ 10500 (Comware 7) R7168
* HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating
System
- JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE
Module
- JH192A HP 10500 48-port Gig-T (RJ45) SE Module
- JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module
- JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module
- JH195A HP 10500 6-port 40GbE QSFP+ EC Module
- JH196A HP 10500 2-port 100GbE CFP EC Module
- JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module
+ 12900 (Comware 7) R1137
* HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
+ 5900 (Comware 7) R2422P01
* HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
+ 5920 (Comware 7) R2422P01
* HP Network Products
- JG296A HP 5920AF-24XG Switch
- JG555A HP 5920AF-24XG TAA Switch
+ MSR1000 (Comware 7) R0304P04
* HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
+ MSR2000 (Comware 7) R0304P04
* HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
+ MSR3000 (Comware 7) R0304P04
* HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
+ MSR4000 (Comware 7) R0304P04
* HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
+ VSR (Comware 7) E0321
* HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation
Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
+ 7900 (Comware 7) R2137
* HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main
Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main
Processing Unit
+ 5130 (Comware 7) R3109P09
* HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
+ 5700 (Comware 7) R2422P01
* HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
+ 5930 (Comware 7) R2422P01
* HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
+ HSR6602 (Comware 7) R7103P05
* HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
+ HSR6800 (Comware 7) R7103P05
* HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit
+ 1950 R3109P09
* HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
**iMC**
+ iMC Plat iMC Plat 7.1 (E0303P13)
* HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center
Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management
Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
HISTORY
Version:1 (rev.1) - 19 February 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package:
9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package:
00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package:
76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package:
8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package:
0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package:
4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security, bug fix, and enhancement update
Advisory ID: RHSA-2015:1254-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html
Issue date: 2015-07-22
Updated on: 2014-12-15
CVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150
CVE-2015-3143 CVE-2015-3148
=====================================================================
1. Summary:
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
3. Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl to access a specially crafted URL via an HTTP
proxy could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available
with libcurl. Attackers could abuse the fallback to force downgrade of the
SSL version. The fallback has been removed from libcurl. Users requiring
this functionality can explicitly enable SSLv3.0 through the libcurl API.
(BZ#1154059)
* A single upload transfer through the FILE protocol opened the destination
file twice. If the inotify kernel subsystem monitored the file, two events
were produced unnecessarily. The file is now opened only once per upload.
(BZ#883002)
* Utilities using libcurl for SCP/SFTP transfers could terminate
unexpectedly when the system was running in FIPS mode. (BZ#1008178)
* Using the "--retry" option with the curl utility could cause curl to
terminate unexpectedly with a segmentation fault. Now, adding "--retry" no
longer causes curl to crash. (BZ#1009455)
* The "curl --trace-time" command did not use the correct local time when
printing timestamps. Now, "curl --trace-time" works as expected.
(BZ#1120196)
* The valgrind utility could report dynamically allocated memory leaks on
curl exit. Now, curl performs a global shutdown of the NetScape Portable
Runtime (NSPR) library on exit, and valgrind no longer reports the memory
leaks. (BZ#1146528)
* Previously, libcurl returned an incorrect value of the
CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to
the HTTP response. Now, the returned value is valid. (BZ#1161163)
Enhancements:
* The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for
specifying the minor version of the TLS protocol to be negotiated by NSS.
The "--tlsv1" option now negotiates the highest version of the TLS protocol
supported by both the client and the server. (BZ#1012136)
* It is now possible to explicitly enable or disable the ECC and the new
AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
835898 - Bug in DNS cache causes connections until restart of libcurl-using processes
883002 - curl used with file:// protocol opens and closes a destination file twice
997185 - sendrecv.c example incorrect type for sockfd
1008178 - curl scp download fails in fips mode
1011083 - CA certificate cannot be specified by nickname [documentation bug]
1011101 - manpage typos found using aspell
1058767 - curl does not support ECDSA certificates
1104160 - Link in curl man page is wrong
1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain
1154059 - curl: Disable out-of-protocol fallback to SSL 3.0
1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS
1156422 - curl does not allow explicit control of DHE ciphers
1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE
1168137 - curl closes connection after HEAD request fails
1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
curl-7.19.7-46.el6.src.rpm
i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm
x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64:
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
curl-7.19.7-46.el6.src.rpm
x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
curl-7.19.7-46.el6.src.rpm
i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
ppc64:
curl-7.19.7-46.el6.ppc64.rpm
curl-debuginfo-7.19.7-46.el6.ppc.rpm
curl-debuginfo-7.19.7-46.el6.ppc64.rpm
libcurl-7.19.7-46.el6.ppc.rpm
libcurl-7.19.7-46.el6.ppc64.rpm
libcurl-devel-7.19.7-46.el6.ppc.rpm
libcurl-devel-7.19.7-46.el6.ppc64.rpm
s390x:
curl-7.19.7-46.el6.s390x.rpm
curl-debuginfo-7.19.7-46.el6.s390.rpm
curl-debuginfo-7.19.7-46.el6.s390x.rpm
libcurl-7.19.7-46.el6.s390.rpm
libcurl-7.19.7-46.el6.s390x.rpm
libcurl-devel-7.19.7-46.el6.s390.rpm
libcurl-devel-7.19.7-46.el6.s390x.rpm
x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
curl-7.19.7-46.el6.src.rpm
i386:
curl-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64:
curl-7.19.7-46.el6.x86_64.rpm
curl-debuginfo-7.19.7-46.el6.i686.rpm
curl-debuginfo-7.19.7-46.el6.x86_64.rpm
libcurl-7.19.7-46.el6.i686.rpm
libcurl-7.19.7-46.el6.x86_64.rpm
libcurl-devel-7.19.7-46.el6.i686.rpm
libcurl-devel-7.19.7-46.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3613
https://access.redhat.com/security/cve/CVE-2014-3707
https://access.redhat.com/security/cve/CVE-2014-8150
https://access.redhat.com/security/cve/CVE-2015-3143
https://access.redhat.com/security/cve/CVE-2015-3148
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn
emWApg/iYw5vIs3rWoqmU7A=
=p+Xb
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://advisories.mageia.org/MGASA-2015-0179.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
fd3f4894f5c5215c29b84d70f2c6ada2 mbs1/x86_64/curl-7.24.0-3.9.mbs1.x86_64.rpm
a00d0747b4d6ae22475948119a42efc4 mbs1/x86_64/curl-examples-7.24.0-3.9.mbs1.x86_64.rpm
d5291ae320dd5766e4b981ff66b36e19 mbs1/x86_64/lib64curl4-7.24.0-3.9.mbs1.x86_64.rpm
62d5295190433ca4ff7d2cda746d6b16 mbs1/x86_64/lib64curl-devel-7.24.0-3.9.mbs1.x86_64.rpm
5bcf6538291f947870a9ccfe62c9ea6d mbs1/SRPMS/curl-7.24.0-3.9.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVRx8emqjQ0CJFipgRAsfvAJ9Sn2C56m2GSJfYRC+l1x9iUmoePwCeOcgv
C0vndeaT5lGPwsIYy65q4r4=
=GbzX
-----END PGP SIGNATURE-----
| VAR-201504-0102 | CVE-2015-1151 | Apple OS X Server of Wiki On the server Activity and People Vulnerabilities that circumvent restrictions on the page |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified.
Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Wiki Server is one of the web-based services that provides functions such as wikis, blogs, calendars, and contacts
| VAR-201504-0101 | CVE-2015-1150 | Apple OS X Server of Firewall Vulnerability that bypasses network access restrictions in components |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlA third party may be able to circumvent network access restrictions by sending packets that were intended for custom rule blocks. Apple Mac OS X Server is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Firewall is one of the firewall components
| VAR-201504-0286 | CVE-2015-0707 | Cisco FireSIGHT Management Center of FireSIGHT system Software cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCus85425. Cisco FireSIGHT System Software on Sourcefire 3D Sensor devices is a management center based on 3D Sensor devices of Cisco (Cisco), which supports centralized management of network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services. Lights-Out Management (LOM) is one implementation that supports system administrators to monitor and manage servers remotely
| VAR-201504-0442 | CVE-2015-3447 | Dell SonicWall SonicOS of macIpSpoofView.html Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
SonicOS 7.5.0.12 and 6.0 are vulnerable. Dell SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of Dell (Dell). A cross-site scripting vulnerability exists in the macIpSpoofView.html file of Dell SonicWall SonicOS versions 7.5.0.12 and 6.x
| VAR-201504-0150 | CVE-2015-3148 | cURL and libcurl Vulnerabilities connected as other users |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can connect as another user via a request. cURL/libcURL is prone to a remote security-bypass vulnerability.
An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
cURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. ============================================================================
Ubuntu Security Notice USN-2591-1
April 30, 2015
curl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP
credentials when subsequently connecting to the same host over HTTP.
(CVE-2015-3143)
Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names.
If a user or automated system were tricked into using a specially crafted
host name, an attacker could possibly use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04.
If a user or automated system were tricked into parsing a specially crafted
cookie, an attacker could possibly use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)
Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers
both to servers and proxies by default, contrary to expectations. This
issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libcurl3 7.38.0-3ubuntu2.2
libcurl3-gnutls 7.38.0-3ubuntu2.2
libcurl3-nss 7.38.0-3ubuntu2.2
Ubuntu 14.10:
libcurl3 7.37.1-1ubuntu3.4
libcurl3-gnutls 7.37.1-1ubuntu3.4
libcurl3-nss 7.37.1-1ubuntu3.4
Ubuntu 14.04 LTS:
libcurl3 7.35.0-1ubuntu2.5
libcurl3-gnutls 7.35.0-1ubuntu2.5
libcurl3-nss 7.35.0-1ubuntu2.5
Ubuntu 12.04 LTS:
libcurl3 7.22.0-3ubuntu4.14
libcurl3-gnutls 7.22.0-3ubuntu4.14
libcurl3-nss 7.22.0-3ubuntu4.14
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: cURL: Multiple vulnerabilities
Date: September 24, 2015
Bugs: #547376, #552618
ID: 201509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in cURL, the worst of which
can allow remote attackers to cause Denial of Service condition.
Background
==========
cURL is a tool and libcurl is a library for transferring data with URL
syntax.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
===========
Multiple vulnerabilities have been discovered in cURL. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
==========
[ 1 ] CVE-2015-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143
[ 2 ] CVE-2015-3144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144
[ 3 ] CVE-2015-3145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145
[ 4 ] CVE-2015-3148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148
[ 5 ] CVE-2015-3236
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236
[ 6 ] CVE-2015-3237
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04986859
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04986859
Version: 1
HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware
7 and cURL, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-02-19
Last Updated: 2016-02-19
Potential Security Impact: Remote Unauthorized Access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities in cURL and libcurl have been addressed
with HPE iMC PLAT and other HP and H3C products using Comware 7. The
vulnerabilities could be exploited remotely resulting in unauthorized access.
References:
- CVE-2015-3143
- CVE-2015-3148
- SSRT102110
- PSRT110028
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has released the following software updates to resolve the
vulnerabilities in Comware 7 and iMC Plat.
**COMWARE 7 Products**
+ 12500 (Comware 7) R7375
* HP Network Products
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JC072B HP 12500 Main Processing Unit
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis
- JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis
- JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis
- JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis
- JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
- JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module
- JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module
- JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module
- JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module
- JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module
- JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module
- JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module
- JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant
Module
- JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module
- JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module
- JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module
- JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module
- JG798A HP FlexFabric 12508E Fabric Module
* H3C Products
- H3C S12508 Routing Switch (AC-1) (0235A0GE)
- H3C S12518 Routing Switch (AC-1) (0235A0GF)
- H3C S12508 Chassis (0235A0E6)
- H3C S12508 Chassis (0235A38N)
- H3C S12518 Chassis (0235A0E7)
- H3C S12518 Chassis (0235A38M)
- H3C 12508 DC Switch Chassis (0235A38L)
- H3C 12518 DC Switch Chassis (0235A38K)
+ 10500 (Comware 7) R7168
* HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating
System
- JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE
Module
- JH192A HP 10500 48-port Gig-T (RJ45) SE Module
- JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module
- JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module
- JH195A HP 10500 6-port 40GbE QSFP+ EC Module
- JH196A HP 10500 2-port 100GbE CFP EC Module
- JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module
+ 12900 (Comware 7) R1137
* HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
+ 5900 (Comware 7) R2422P01
* HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
+ 5920 (Comware 7) R2422P01
* HP Network Products
- JG296A HP 5920AF-24XG Switch
- JG555A HP 5920AF-24XG TAA Switch
+ MSR1000 (Comware 7) R0304P04
* HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
+ MSR2000 (Comware 7) R0304P04
* HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
+ MSR3000 (Comware 7) R0304P04
* HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
+ MSR4000 (Comware 7) R0304P04
* HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
+ VSR (Comware 7) E0321
* HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation
Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
+ 7900 (Comware 7) R2137
* HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main
Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main
Processing Unit
+ 5130 (Comware 7) R3109P09
* HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
+ 5700 (Comware 7) R2422P01
* HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
+ 5930 (Comware 7) R2422P01
* HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
+ HSR6602 (Comware 7) R7103P05
* HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
+ HSR6800 (Comware 7) R7103P05
* HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit
+ 1950 R3109P09
* HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
**iMC**
+ iMC Plat iMC Plat 7.1 (E0303P13)
* HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center
Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management
Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
HISTORY
Version:1 (rev.1) - 19 February 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security, bug fix, and enhancement update
Advisory ID: RHSA-2015:2159-06
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2159.html
Issue date: 2015-11-19
CVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150
CVE-2015-3143 CVE-2015-3148
=====================================================================
1. Summary:
Updated curl packages that fix multiple security issues, several bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial
literal IP addresses when parsing received HTTP cookies. An attacker able
to trick a user into connecting to a malicious server could use this flaw
to set the user's cookie to a crafted domain, making other cookie-related
issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication
of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS
option for a handle, using the handle's duplicate could cause the
application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs
with embedded end-of-line characters. An attacker able to make an
application using libcurl access a specially crafted URL via an HTTP proxy
could use this flaw to inject additional headers to the request or
construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and
Negotatiate authentication incorrectly. If an application uses libcurl
and the affected mechanisms in a specifc way, certain requests to a
previously NTLM-authenticated server could appears as sent by the wrong
authenticated user. Additionally, the initial set of credentials for HTTP
Negotiate-authenticated requests could be reused in subsequent requests,
although a different set of credentials was specified. (CVE-2015-3143,
CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
* An out-of-protocol fallback to SSL 3.0 was available with libcurl.
Attackers could abuse the fallback to force downgrade of the SSL version.
The fallback has been removed from libcurl. Users requiring this
functionality can explicitly enable SSL 3.0 through the libcurl API.
(BZ#1154060)
* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can
explicitly disable them through the libcurl API. (BZ#1170339)
* FTP operations such as downloading files took a significantly long time
to complete. Now, the FTP implementation in libcurl correctly sets blocking
direction and estimated timeout for connections, resulting in faster FTP
transfers. (BZ#1218272)
Enhancements:
* With the updated packages, it is possible to explicitly enable or disable
new Advanced Encryption Standard (AES) cipher suites to be used for the TLS
protocol. (BZ#1066065)
* The libcurl library did not implement a non-blocking SSL handshake, which
negatively affected performance of applications based on the libcurl multi
API. The non-blocking SSL handshake has been implemented in libcurl, and
the libcurl multi API now immediately returns the control back to the
application whenever it cannot read or write data from or to the underlying
network socket. (BZ#1091429)
* The libcurl library used an unnecessarily long blocking delay for actions
with no active file descriptors, even for short operations. Some actions,
such as resolving a host name using /etc/hosts, took a long time to
complete. The blocking code in libcurl has been modified so that the
initial delay is short and gradually increases until an event occurs.
(BZ#1130239)
All curl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1130239 - Difference in curl performance between RHEL6 and RHEL7
1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain
1154060 - curl: Disable out-of-protocol fallback to SSL 3.0
1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS
1161182 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE
1166264 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth [RHEL-7]
1170339 - use the default min/max TLS version provided by NSS
1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented
1218272 - Performance problem with libcurl and FTP on RHEL7.X
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
curl-7.29.0-25.el7.src.rpm
x86_64:
curl-7.29.0-25.el7.x86_64.rpm
curl-debuginfo-7.29.0-25.el7.i686.rpm
curl-debuginfo-7.29.0-25.el7.x86_64.rpm
libcurl-7.29.0-25.el7.i686.rpm
libcurl-7.29.0-25.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
curl-debuginfo-7.29.0-25.el7.i686.rpm
curl-debuginfo-7.29.0-25.el7.x86_64.rpm
libcurl-devel-7.29.0-25.el7.i686.rpm
libcurl-devel-7.29.0-25.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
curl-7.29.0-25.el7.src.rpm
x86_64:
curl-7.29.0-25.el7.x86_64.rpm
curl-debuginfo-7.29.0-25.el7.i686.rpm
curl-debuginfo-7.29.0-25.el7.x86_64.rpm
libcurl-7.29.0-25.el7.i686.rpm
libcurl-7.29.0-25.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
curl-debuginfo-7.29.0-25.el7.i686.rpm
curl-debuginfo-7.29.0-25.el7.x86_64.rpm
libcurl-devel-7.29.0-25.el7.i686.rpm
libcurl-devel-7.29.0-25.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
curl-7.29.0-25.el7.src.rpm
aarch64:
curl-7.29.0-25.el7.aarch64.rpm
curl-debuginfo-7.29.0-25.el7.aarch64.rpm
libcurl-7.29.0-25.el7.aarch64.rpm
libcurl-devel-7.29.0-25.el7.aarch64.rpm
ppc64:
curl-7.29.0-25.el7.ppc64.rpm
curl-debuginfo-7.29.0-25.el7.ppc.rpm
curl-debuginfo-7.29.0-25.el7.ppc64.rpm
libcurl-7.29.0-25.el7.ppc.rpm
libcurl-7.29.0-25.el7.ppc64.rpm
libcurl-devel-7.29.0-25.el7.ppc.rpm
libcurl-devel-7.29.0-25.el7.ppc64.rpm
ppc64le:
curl-7.29.0-25.el7.ppc64le.rpm
curl-debuginfo-7.29.0-25.el7.ppc64le.rpm
libcurl-7.29.0-25.el7.ppc64le.rpm
libcurl-devel-7.29.0-25.el7.ppc64le.rpm
s390x:
curl-7.29.0-25.el7.s390x.rpm
curl-debuginfo-7.29.0-25.el7.s390.rpm
curl-debuginfo-7.29.0-25.el7.s390x.rpm
libcurl-7.29.0-25.el7.s390.rpm
libcurl-7.29.0-25.el7.s390x.rpm
libcurl-devel-7.29.0-25.el7.s390.rpm
libcurl-devel-7.29.0-25.el7.s390x.rpm
x86_64:
curl-7.29.0-25.el7.x86_64.rpm
curl-debuginfo-7.29.0-25.el7.i686.rpm
curl-debuginfo-7.29.0-25.el7.x86_64.rpm
libcurl-7.29.0-25.el7.i686.rpm
libcurl-7.29.0-25.el7.x86_64.rpm
libcurl-devel-7.29.0-25.el7.i686.rpm
libcurl-devel-7.29.0-25.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
curl-7.29.0-25.el7.src.rpm
x86_64:
curl-7.29.0-25.el7.x86_64.rpm
curl-debuginfo-7.29.0-25.el7.i686.rpm
curl-debuginfo-7.29.0-25.el7.x86_64.rpm
libcurl-7.29.0-25.el7.i686.rpm
libcurl-7.29.0-25.el7.x86_64.rpm
libcurl-devel-7.29.0-25.el7.i686.rpm
libcurl-devel-7.29.0-25.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3613
https://access.redhat.com/security/cve/CVE-2014-3707
https://access.redhat.com/security/cve/CVE-2014-8150
https://access.redhat.com/security/cve/CVE-2015-3143
https://access.redhat.com/security/cve/CVE-2015-3148
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWTkDjXlSAg2UNWIIRAiUIAKCDiD6XED0dZ145uiyufkWCK1ogUACgnQTY
3iELkxAEAUfZ3lJlUq4u7Uo=
=rhuc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package:
9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package:
00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package:
76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package:
8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package:
0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package:
4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address.
When parsing HTTP cookies, if the parsed cookie's path element consists
of a single double-quote, libcurl would try to write to an invalid
heap memory address.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://advisories.mageia.org/MGASA-2015-0179.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm
545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm
489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm
f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm
7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVRx6SmqjQ0CJFipgRAsv7AJsGLZHuYYZT8iRkvolcBF+ePjliPQCgiMzQ
Zx1PuIPOF3w+XtJcN53OGY4=
=Gfiz
-----END PGP SIGNATURE-----
| VAR-201504-0285 | CVE-2015-0706 | Cisco FireSIGHT system Software open redirect vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. Cisco FireSIGHT system The software contains an open redirect vulnerability. Vendors have confirmed this vulnerability Bug ID CSCut06060 , CSCut06056 ,and CSCus98966 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. Cisco FireSIGHT System Software is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible.
This issue is being tracked by Cisco Bug IDs CSCut06060, CSCut06056, and CSCus98966. Cisco FireSIGHT System Software on Sourcefire 3D Sensor devices is a management center based on 3D Sensor devices of Cisco (Cisco), which supports centralized management of network security and operation functions of Cisco ASA and Cisco FirePOWER network security devices using FirePOWER Services. Lights-Out Management (LOM) is one implementation that supports system administrators to monitor and manage servers remotely. The following versions are affected: Cisco FireSIGHT System Software Release 5.3.1.1, Release 5.3.1.2, Release 6.0.0
| VAR-201504-0149 | CVE-2015-3145 | cURL and libcurl of sanitize_cookie_path Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. cURL/libcURL are prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Both Haxx curl and libcurl are products of the Swedish company Haxx. There is a security vulnerability in the 'sanitize_cookie_path' function of Haxx cURL and libcurl versions 7.31.0 to 7.41.0. The vulnerability is caused by the program not calculating the index correctly. ============================================================================
Ubuntu Security Notice USN-2591-1
April 30, 2015
curl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP
credentials when subsequently connecting to the same host over HTTP.
(CVE-2015-3143)
Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. This issue only affected Ubuntu 14.10 and Ubuntu 15.04.
(CVE-2015-3144)
Hanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)
Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers
both to servers and proxies by default, contrary to expectations. This
issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libcurl3 7.38.0-3ubuntu2.2
libcurl3-gnutls 7.38.0-3ubuntu2.2
libcurl3-nss 7.38.0-3ubuntu2.2
Ubuntu 14.10:
libcurl3 7.37.1-1ubuntu3.4
libcurl3-gnutls 7.37.1-1ubuntu3.4
libcurl3-nss 7.37.1-1ubuntu3.4
Ubuntu 14.04 LTS:
libcurl3 7.35.0-1ubuntu2.5
libcurl3-gnutls 7.35.0-1ubuntu2.5
libcurl3-nss 7.35.0-1ubuntu2.5
Ubuntu 12.04 LTS:
libcurl3 7.22.0-3ubuntu4.14
libcurl3-gnutls 7.22.0-3ubuntu4.14
libcurl3-nss 7.22.0-3ubuntu4.14
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2591-1
CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148,
CVE-2015-3153
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2
https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4
https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5
https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: cURL: Multiple vulnerabilities
Date: September 24, 2015
Bugs: #547376, #552618
ID: 201509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in cURL, the worst of which
can allow remote attackers to cause Denial of Service condition.
Background
==========
cURL is a tool and libcurl is a library for transferring data with URL
syntax.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
===========
Multiple vulnerabilities have been discovered in cURL. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
==========
[ 1 ] CVE-2015-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143
[ 2 ] CVE-2015-3144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144
[ 3 ] CVE-2015-3145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145
[ 4 ] CVE-2015-3148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148
[ 5 ] CVE-2015-3236
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236
[ 6 ] CVE-2015-3237
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3232-1 security@debian.org
http://www.debian.org/security/ Alessandro Ghedini
April 22, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : curl
CVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148
Several vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2015-3143
NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent
over the connection authenticated as a different user. This is
similar to the issue fixed in DSA-2849-1.
CVE-2015-3144
When parsing URLs with a zero-length hostname (such as "http://:80"),
libcurl would try to read from an invalid memory address. This
issue only affects the upcoming stable (jessie) and unstable (sid)
distributions.
CVE-2015-3145
When parsing HTTP cookies, if the parsed cookie's "path" element
consists of a single double-quote, libcurl would try to write to an
invalid heap memory address. This issue only affects the
upcoming stable (jessie) and unstable (sid) distributions.
CVE-2015-3148
When doing HTTP requests using the Negotiate authentication method
along with NTLM, the connection used would not be marked as
authenticated, making it possible to reuse it and send requests for
one user over the connection authenticated as a different user.
For the stable distribution (wheezy), these problems have been fixed in
version 7.26.0-1+wheezy13.
For the upcoming stable distribution (jessie), these problems have been
fixed in version 7.38.0-4+deb8u1.
For the unstable distribution (sid), these problems have been fixed in
version 7.42.0-1.
We recommend that you upgrade your curl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVN484AAoJEK+lG9bN5XPL5isP/2PLo2iCsaKPAl4FCMC7G8uj
D3WJgAx3dID1+FwDU/2GX7L4Lb8u7iDGY7qVJV09cdYVJUb9U5hiHrrjthR3WMhi
qpK+2d3RtbzdKb83RJ+Ye/Px0O3wBtO5WZ5o8fWoPHXMPZzo9bPuqBHtYciNrhea
ot3fWCK6TWCazSx4wU2MSoDhmu+GjxUqAwI9XhzKi5ui4YuUDZIGAZXe2XSmpyZy
KyMFSTaEMCg972rWXmBJfq6mbiEkkNWKfPCFvLmDJAQA9RR9f6euTo4BOV2/NpJ7
m0OhXwofCy/7TIontfO+j+rB0p3pVI2YEC9zSF7ITqggH47rVjkeEGEO+fDOEKJz
QqiATeDY77z5WINVFFDukbw5lMy+os848+r8WbfhWv7PMozWncIjcSxzBkTvX3QY
iG2khFbpEYXnBt/JFXnCtYVMO94KhAw8+9e0+mOZvexglEo/tIcsseK20eu8KDw0
pDPpuqvxYF47uQTts/kNVkC4Yk5ZdCnIzZCoUUbfJ/5Lo+8pRlUCd3aOgIAfwwp5
TPXdTLr3cLajVBPWUwRolvuQD7fdht0294UlKZwGhXlYJ9UwqDVfYwAoc2KVt4hI
mRMbBRdyy+LVzIOMXqYgOU0njpTZj+lTAWZkbeVmdMMUU/u0l2peGabJUbUmk35j
3UCM8MZyw4I0qI5KGlL1
=FvPw
-----END PGP SIGNATURE-----
.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package:
9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package:
00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package:
76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package:
8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package:
0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package:
4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148
http://advisories.mageia.org/MGASA-2015-0179.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm
545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm
489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm
f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm
7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
| VAR-201504-0283 | CVE-2015-0704 | Cisco Unified MeetingPlace of API Cross-site request forgery vulnerability in functionality |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884. Vendors have confirmed this vulnerability Bug ID CSCus95884 It is released as.A third party may be able to hijack the authentication of any user.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCus95884. This solution provides a user environment that integrates voice, video and Web conferencing
| VAR-201504-0284 | CVE-2015-0705 | Cisco Unified MeetingPlace of web-services Directory SOAP API Endpoint cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494. Vendors have confirmed this vulnerability Bug ID CSCus97494 It is released as.A third party could hijack the administrator's authentication and create an administrator account.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCus97494. This solution provides a user environment that integrates voice, video and Web conferencing. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05157667
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05157667
Version: 1
HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware,
Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request
Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-06-01
Last Updated: 2016-06-01
Potential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial
of Service (DoS), Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Multiple potential security vulnerabilities have been identified in HPE
BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities
include:
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy
Encryption" also known as "POODLE", which could be exploited remotely
resulting in disclosure of information.
The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which
could be exploited remotely resulting in disclosure of information.
Additional OpenSSL and OpenSSH vulnerabilities which could be remotely
exploited resulting in Denial of Service (DoS), disclosure of information, or
Cross-site Request Forgery (CSRF).
References:
CVE-2016-0800
CVE-2016-0799
CVE-2016-2842
CVE-2015-1789
CVE-2015-1791
CVE-2015-3194
CVE-2015-0705
CVE-2015-5600
CVE-2014-3566
CVE-2008-5161
SSRT102281
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The following firmware versions of Virtual Connect (VC) are impacted:
HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45
HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21
Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,
CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and
CVE-2016-2842.
The following products run the impacted versions of Virtual Connect (VC)
firmware:
HPE VC Flex-10 10Gb Enet Module
HPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem
HPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem
HPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2016-0800 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2015-0705 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has provided an updated version of the BladeSystem c-Class Virtual
Connect (VC) firmware to address these vulnerabilities.
HPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50
The update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public
/detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d
HISTORY
Version:1 (rev.1) - 1 June 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJXTzCcAAoJEGIGBBYqRO9/2WkH/3hK9T1TfCdTez88iHsjM8cd
l29ZGztEOUcNKPwu2FhOmAy/WDhAZMX5LK7IK0j6ClCNAW7HFBwxxdGfeF1CEL13
ChofD1q2bD585qVql2AlbaNisI90iurnAT1sgrcTs+roz2+sQ8kJutET+iDPoZmH
GOt1KM63PSkSzhjj01pSjol00gaMgXxbbbEAgma4XawjVtZxuRXf9bRaLTQl76Mo
Bo7IsioI+Hms/oCiy9TtFp21+Hyg2DrEhjrfe+6g84FEg0+sCr9JRxyZv7TDFzjV
oOzuMKpAu9Q68ZkoLWNVLv0eyiaqSvivqrgm0uU6+F5emSWgOl5G0xPhtexDrCg=
=cZnZ
-----END PGP SIGNATURE-----
| VAR-201509-0438 | CVE-2015-1781 | GNU C Library of gethostbyname_r And other unspecified NSS Buffer overflow vulnerability in functions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. GNU glibc is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users.
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781
https://rhn.redhat.com/errata/RHSA-2015-0863.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
92aa475c44c712eaf19898ef76e04183 mbs1/x86_64/glibc-2.14.1-12.12.mbs1.x86_64.rpm
606cdd33e041f9853eae18f53c9d73de mbs1/x86_64/glibc-devel-2.14.1-12.12.mbs1.x86_64.rpm
133deb850840d464335e5c659cba1627 mbs1/x86_64/glibc-doc-2.14.1-12.12.mbs1.noarch.rpm
7a3d5170647c52cd4a34d2dcda711397 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.12.mbs1.noarch.rpm
96c842afb6110ac18a40b843b51548fc mbs1/x86_64/glibc-i18ndata-2.14.1-12.12.mbs1.x86_64.rpm
703e73278d416a53096fe19c7652c95e mbs1/x86_64/glibc-profile-2.14.1-12.12.mbs1.x86_64.rpm
12f09ed16d9c4b0f9a94e931569dacc3 mbs1/x86_64/glibc-static-devel-2.14.1-12.12.mbs1.x86_64.rpm
09715361d0af4a4dd5fba44239c5e690 mbs1/x86_64/glibc-utils-2.14.1-12.12.mbs1.x86_64.rpm
c9a293ac29070d215eb1988bba58aaec mbs1/x86_64/nscd-2.14.1-12.12.mbs1.x86_64.rpm
8d8b74de2d7c0e982e0ad82ac73091b2 mbs1/SRPMS/glibc-2.14.1-12.12.mbs1.src.rpm
Mandriva Business Server 2/X86_64:
e59cee8712d211add638c1b6c1952fa6 mbs2/x86_64/glibc-2.18-10.2.mbs2.x86_64.rpm
baf9e44f8c4f82c75a0154d44b6fce72 mbs2/x86_64/glibc-devel-2.18-10.2.mbs2.x86_64.rpm
f3eb6e3ed435f8a06dcffbfa7a44525b mbs2/x86_64/glibc-doc-2.18-10.2.mbs2.noarch.rpm
5df45f7cae82ef7d354fa14c7ac363c9 mbs2/x86_64/glibc-i18ndata-2.18-10.2.mbs2.x86_64.rpm
24ef48d58c7a4114068e7b70dbefad79 mbs2/x86_64/glibc-profile-2.18-10.2.mbs2.x86_64.rpm
5f67c12f02dbc3f4cbf78f1a8c7d5ad5 mbs2/x86_64/glibc-static-devel-2.18-10.2.mbs2.x86_64.rpm
f24e67e1ed1b01e5305c28b3a9b02852 mbs2/x86_64/glibc-utils-2.18-10.2.mbs2.x86_64.rpm
bae4b399bc43be8af24ddd93257ca31a mbs2/x86_64/nscd-2.18-10.2.mbs2.x86_64.rpm
740d9b3d14292be8847da92243340b62 mbs2/SRPMS/glibc-2.18-10.2.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: glibc security update
Advisory ID: RHSA-2015:2589-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2589.html
Issue date: 2015-12-09
CVE Names: CVE-2013-7423 CVE-2015-1472 CVE-2015-1473
CVE-2015-1781 CVE-2015-5277
=====================================================================
1. Summary:
Updated glibc packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 7.1 Extended Update Support.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64
3. Description:
The glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name
Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.
It was discovered that the nss_files backend for the Name Service Switch in
glibc would return incorrect data to applications or corrupt the heap
(depending on adjacent heap contents). (CVE-2015-5277)
It was discovered that, under certain circumstances, glibc's getaddrinfo()
function would send DNS queries to random file descriptors. An attacker
could potentially use this flaw to send DNS queries to unintended
recipients, resulting in information disclosure or data loss due to the
application encountering corrupted data. (CVE-2013-7423)
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and
other related functions computed the size of a buffer when passed a
misaligned buffer as input. (CVE-2015-1781)
A heap-based buffer overflow flaw and a stack overflow flaw were found in
glibc's swscanf() function. (CVE-2015-1472, CVE-2015-1473)
The CVE-2015-5277 issue was discovered by Sumit Bose and Lukáš Slebodník of
Red Hat, and the CVE-2015-1781 issue was discovered by Arjun Shankar of Red
Hat.
All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1187109 - CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load
1188235 - CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf
1199525 - CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer
1209105 - CVE-2015-1473 glibc: Stack-overflow in glibc swscanf
1262914 - CVE-2015-5277 glibc: data corruption while reading the NSS files database
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1):
Source:
glibc-2.17-79.el7_1.src.rpm
x86_64:
glibc-2.17-79.el7_1.i686.rpm
glibc-2.17-79.el7_1.x86_64.rpm
glibc-common-2.17-79.el7_1.x86_64.rpm
glibc-debuginfo-2.17-79.el7_1.i686.rpm
glibc-debuginfo-2.17-79.el7_1.x86_64.rpm
glibc-debuginfo-common-2.17-79.el7_1.i686.rpm
glibc-debuginfo-common-2.17-79.el7_1.x86_64.rpm
glibc-devel-2.17-79.el7_1.i686.rpm
glibc-devel-2.17-79.el7_1.x86_64.rpm
glibc-headers-2.17-79.el7_1.x86_64.rpm
glibc-utils-2.17-79.el7_1.x86_64.rpm
nscd-2.17-79.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):
x86_64:
glibc-debuginfo-2.17-79.el7_1.i686.rpm
glibc-debuginfo-2.17-79.el7_1.x86_64.rpm
glibc-debuginfo-common-2.17-79.el7_1.i686.rpm
glibc-debuginfo-common-2.17-79.el7_1.x86_64.rpm
glibc-static-2.17-79.el7_1.i686.rpm
glibc-static-2.17-79.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source:
glibc-2.17-79.el7_1.src.rpm
ppc64:
glibc-2.17-79.el7_1.ppc.rpm
glibc-2.17-79.el7_1.ppc64.rpm
glibc-common-2.17-79.el7_1.ppc64.rpm
glibc-debuginfo-2.17-79.el7_1.ppc.rpm
glibc-debuginfo-2.17-79.el7_1.ppc64.rpm
glibc-debuginfo-common-2.17-79.el7_1.ppc.rpm
glibc-debuginfo-common-2.17-79.el7_1.ppc64.rpm
glibc-devel-2.17-79.el7_1.ppc.rpm
glibc-devel-2.17-79.el7_1.ppc64.rpm
glibc-headers-2.17-79.el7_1.ppc64.rpm
glibc-utils-2.17-79.el7_1.ppc64.rpm
nscd-2.17-79.el7_1.ppc64.rpm
s390x:
glibc-2.17-79.el7_1.s390.rpm
glibc-2.17-79.el7_1.s390x.rpm
glibc-common-2.17-79.el7_1.s390x.rpm
glibc-debuginfo-2.17-79.el7_1.s390.rpm
glibc-debuginfo-2.17-79.el7_1.s390x.rpm
glibc-debuginfo-common-2.17-79.el7_1.s390.rpm
glibc-debuginfo-common-2.17-79.el7_1.s390x.rpm
glibc-devel-2.17-79.el7_1.s390.rpm
glibc-devel-2.17-79.el7_1.s390x.rpm
glibc-headers-2.17-79.el7_1.s390x.rpm
glibc-utils-2.17-79.el7_1.s390x.rpm
nscd-2.17-79.el7_1.s390x.rpm
x86_64:
glibc-2.17-79.el7_1.i686.rpm
glibc-2.17-79.el7_1.x86_64.rpm
glibc-common-2.17-79.el7_1.x86_64.rpm
glibc-debuginfo-2.17-79.el7_1.i686.rpm
glibc-debuginfo-2.17-79.el7_1.x86_64.rpm
glibc-debuginfo-common-2.17-79.el7_1.i686.rpm
glibc-debuginfo-common-2.17-79.el7_1.x86_64.rpm
glibc-devel-2.17-79.el7_1.i686.rpm
glibc-devel-2.17-79.el7_1.x86_64.rpm
glibc-headers-2.17-79.el7_1.x86_64.rpm
glibc-utils-2.17-79.el7_1.x86_64.rpm
nscd-2.17-79.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source:
glibc-2.17-79.ael7b_1.src.rpm
ppc64le:
glibc-2.17-79.ael7b_1.ppc64le.rpm
glibc-common-2.17-79.ael7b_1.ppc64le.rpm
glibc-debuginfo-2.17-79.ael7b_1.ppc64le.rpm
glibc-debuginfo-common-2.17-79.ael7b_1.ppc64le.rpm
glibc-devel-2.17-79.ael7b_1.ppc64le.rpm
glibc-headers-2.17-79.ael7b_1.ppc64le.rpm
glibc-utils-2.17-79.ael7b_1.ppc64le.rpm
nscd-2.17-79.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.1):
ppc64:
glibc-debuginfo-2.17-79.el7_1.ppc.rpm
glibc-debuginfo-2.17-79.el7_1.ppc64.rpm
glibc-debuginfo-common-2.17-79.el7_1.ppc.rpm
glibc-debuginfo-common-2.17-79.el7_1.ppc64.rpm
glibc-static-2.17-79.el7_1.ppc.rpm
glibc-static-2.17-79.el7_1.ppc64.rpm
s390x:
glibc-debuginfo-2.17-79.el7_1.s390.rpm
glibc-debuginfo-2.17-79.el7_1.s390x.rpm
glibc-debuginfo-common-2.17-79.el7_1.s390.rpm
glibc-debuginfo-common-2.17-79.el7_1.s390x.rpm
glibc-static-2.17-79.el7_1.s390.rpm
glibc-static-2.17-79.el7_1.s390x.rpm
x86_64:
glibc-debuginfo-2.17-79.el7_1.i686.rpm
glibc-debuginfo-2.17-79.el7_1.x86_64.rpm
glibc-debuginfo-common-2.17-79.el7_1.i686.rpm
glibc-debuginfo-common-2.17-79.el7_1.x86_64.rpm
glibc-static-2.17-79.el7_1.i686.rpm
glibc-static-2.17-79.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.1):
ppc64le:
glibc-debuginfo-2.17-79.ael7b_1.ppc64le.rpm
glibc-debuginfo-common-2.17-79.ael7b_1.ppc64le.rpm
glibc-static-2.17-79.ael7b_1.ppc64le.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2013-7423
https://access.redhat.com/security/cve/CVE-2015-1472
https://access.redhat.com/security/cve/CVE-2015-1473
https://access.redhat.com/security/cve/CVE-2015-1781
https://access.redhat.com/security/cve/CVE-2015-5277
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWaAjFXlSAg2UNWIIRAqokAKC0aLqDf57HbtwD3FAwRH36DkG2bwCgpiHu
dnRSyot5nK1GdxiUPgMF99E=
=aoOW
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce.
The CVE-2015-7547 vulnerability listed below is considered to have
critical impact.
CVE-2014-8121
Robin Hack discovered that the nss_files database did not
correctly implement enumeration interleaved with name-based or
ID-based lookups. This could cause the enumeration enter an
endless loop, leading to a denial of service. Most applications are not
affected by this vulnerability because they use aligned buffers.
CVE-2015-7547
The Google Security Team and Red Hat discovered that the eglibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a stack-based buffer overflow and
arbitrary code execution. This vulnerability affects most
applications which perform host name resolution using getaddrinfo,
including system services.
CVE-2015-8776
Adam Nielsen discovered that if an invalid separated time value
is passed to strftime, the strftime function could crash or leak
information. Applications normally pass only valid time
information to strftime; no affected applications are known.
CVE-2015-8777
Hector Marco-Gisbert reported that LD_POINTER_GUARD was not
ignored for SUID programs, enabling an unintended bypass of a
security feature. This update causes eglibc to always ignore the
LD_POINTER_GUARD environment variable.
CVE-2015-8778
Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r
functions did not check the size argument properly, leading to a
crash (denial of service) for certain arguments. No impacted
applications are known at this time.
CVE-2015-8779
The catopen function contains several unbound stack allocations
(stack overflows), causing it the crash the process (denial of
service). No applications where this issue has a security impact
are currently known.
The following fixed vulnerabilities currently lack CVE assignment:
Joseph Myers reported discovered that an integer overflow in the
strxfrm can lead to heap-based buffer overflow, possibly allowing
arbitrary code execution. In addition, a fallback path in strxfrm
uses an unbounded stack allocation (stack overflow), leading to a
crash or erroneous application behavior.
Kostya Serebryany reported that the fnmatch function could skip
over the terminating NUL character of a malformed pattern, causing
an application calling fnmatch to crash (denial of service). On
GNU/Linux systems, wide-oriented character streams are rarely
used, and no affected applications are known.
Andreas Schwab reported a memory leak (memory allocation without a
matching deallocation) while processing certain DNS answers in
getaddrinfo, related to the _nss_dns_gethostbyname4_r function.
This vulnerability could lead to a denial of service.
While it is only necessary to ensure that all processes are not using
the old eglibc anymore, it is recommended to reboot the machines after
applying the security upgrade.
For the oldstable distribution (wheezy), these problems have been fixed
in version 2.13-38+deb7u10.
We recommend that you upgrade your eglibc packages. ==========================================================================
Ubuntu Security Notice USN-2985-2
May 26, 2016
eglibc, glibc regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-2985-1 introduced a regression in the GNU C Library.
Software Description:
- glibc: GNU C Library
- eglibc: GNU C Library
Details:
USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for
CVE-2014-9761 introduced a regression which affected applications that
use the libm library but were not fully restarted after the upgrade.
This update removes the fix for CVE-2014-9761 and a future update
will be provided to address this issue.
We apologize for the inconvenience.
Original advisory details:
Martin Carpenter discovered that pt_chown in the GNU C Library did not
properly check permissions for tty files.
(CVE-2013-2207, CVE-2016-2856)
Robin Hack discovered that the Name Service Switch (NSS) implementation in
the GNU C Library did not properly manage its file descriptors.
(CVE-2014-8121)
Joseph Myers discovered that the GNU C Library did not properly handle long
arguments to functions returning a representation of Not a Number (NaN).
(CVE-2014-9761)
Arjun Shankar discovered that in certain situations the nss_dns code in the
GNU C Library did not properly account buffer sizes when passed an
unaligned buffer. (CVE-2015-1781)
Sumit Bose and Lukas Slebodnik discovered that the Name Service
Switch (NSS) implementation in the GNU C Library did not handle long
lines in the files databases correctly. (CVE-2015-8776)
Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed
the pointer-guarding protection mechanism to be disabled by honoring the
LD_POINTER_GUARD environment variable across privilege boundaries. (CVE-2015-8778)
Maksymilian Arciemowicz discovered a stack-based buffer overflow in the
catopen function in the GNU C Library when handling long catalog names. (CVE-2015-8779)
Florian Weimer discovered that the getnetbyname implementation in the GNU C
Library did not properly handle long names passed as arguments. (CVE-2016-3075)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libc-bin 2.21-0ubuntu4.3
libc6 2.21-0ubuntu4.3
libc6-dev 2.21-0ubuntu4.3
Ubuntu 14.04 LTS:
libc-bin 2.19-0ubuntu6.9
libc6 2.19-0ubuntu6.9
libc6-dev 2.19-0ubuntu6.9
Ubuntu 12.04 LTS:
libc-bin 2.15-0ubuntu10.15
libc6 2.15-0ubuntu10.15
libc6-dev 2.15-0ubuntu10.15
After a standard system update you need to reboot your computer to
make all the necessary changes.
Please review the CVEs referenced below for additional vulnerabilities
that had already been fixed in previous versions of sys-libs/glibc, for
which we have not issued a GLSA before.
Workaround
==========
A number of mitigating factors for CVE-2015-7547 have been identified.
Please review the upstream advisory and references below.
Resolution
==========
All GNU C Library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.21-r2"
It is important to ensure that no running process uses the old glibc
anymore. The easiest way to achieve that is by rebooting the machine
after updating the sys-libs/glibc package.
Note: Should you run into compilation failures while updating, please
see bug 574948.
References
==========
[ 1 ] CVE-2013-7423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423
[ 2 ] CVE-2014-0475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475
[ 3 ] CVE-2014-0475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475
[ 4 ] CVE-2014-5119
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119
[ 5 ] CVE-2014-6040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040
[ 6 ] CVE-2014-7817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817
[ 7 ] CVE-2014-8121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121
[ 8 ] CVE-2014-9402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402
[ 9 ] CVE-2015-1472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472
[ 10 ] CVE-2015-1781
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781
[ 11 ] CVE-2015-7547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547
[ 12 ] CVE-2015-8776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776
[ 13 ] CVE-2015-8778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778
[ 14 ] CVE-2015-8779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779
[ 15 ] Google Online Security Blog: "CVE-2015-7547: glibc getaddrinfo
stack-based buffer overflow"
https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta=
ddrinfo-stack.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201602-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201506-0464 | CVE-2015-3329 | PHP of phar_internal.h of phar_set_inode Stack-based buffer overflow vulnerability in functions |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ==========================================================================
Ubuntu Security Notice USN-2572-1
April 20, 2015
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in PHP. This issue only applied to
Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)
It was discovered that PHP incorrectly handled unserializing PHAR files.
(CVE-2015-2787)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4
php5-cgi 5.5.12+dfsg-2ubuntu4.4
php5-cli 5.5.12+dfsg-2ubuntu4.4
php5-fpm 5.5.12+dfsg-2ubuntu4.4
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9
php5-cgi 5.5.9+dfsg-1ubuntu4.9
php5-cli 5.5.9+dfsg-1ubuntu4.9
php5-fpm 5.5.9+dfsg-1ubuntu4.9
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.18
php5-cgi 5.3.10-1ubuntu3.18
php5-cli 5.3.10-1ubuntu3.18
php5-fpm 5.3.10-1ubuntu3.18
Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.30
php5-cgi 5.3.2-1ubuntu4.30
php5-cli 5.3.2-1ubuntu4.30
In general, a standard system update will make all the necessary changes. 6) - i386, x86_64
3. (CVE-2014-9709)
A double free flaw was found in zend_ts_hash_graceful_destroy() function in
the PHP ZTS module. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: php security and bug fix update
Advisory ID: RHSA-2015:1135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html
Issue date: 2015-06-23
CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705
CVE-2014-9709 CVE-2015-0231 CVE-2015-0232
CVE-2015-0273 CVE-2015-2301 CVE-2015-2348
CVE-2015-2783 CVE-2015-2787 CVE-2015-3307
CVE-2015-3329 CVE-2015-3330 CVE-2015-3411
CVE-2015-3412 CVE-2015-4021 CVE-2015-4022
CVE-2015-4024 CVE-2015-4025 CVE-2015-4026
CVE-2015-4147 CVE-2015-4148 CVE-2015-4598
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601
CVE-2015-4602 CVE-2015-4603 CVE-2015-4604
CVE-2015-4605
=====================================================================
1. Summary:
Updated php packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the PHP module for the Apache httpd web server
handled pipelined requests. A remote attacker could use this flaw to
trigger the execution of a PHP script in a deinitialized interpreter,
causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)
A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)
An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)
An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)
Multiple flaws were discovered in the way PHP performed object
unserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,
CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)
It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,
CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)
Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)
Multiple flaws were found in PHP's File Information (fileinfo) extension.
A remote attacker could cause a PHP application to crash if it used
fileinfo to identify type of attacker supplied files. (CVE-2014-9652,
CVE-2015-4604, CVE-2015-4605)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
This update also fixes the following bugs:
* The libgmp library in some cases terminated unexpectedly with a
segmentation fault when being used with other libraries that use the GMP
memory management. With this update, PHP no longer changes libgmp memory
allocators, which prevents the described crash from occurring. (BZ#1212305)
* When using the Open Database Connectivity (ODBC) API, the PHP process
in some cases terminated unexpectedly with a segmentation fault. The
underlying code has been adjusted to prevent this crash. (BZ#1212299)
* Previously, running PHP on a big-endian system sometimes led to memory
corruption in the fileinfo module. This update adjusts the behavior of
the PHP pointer so that it can be freed without causing memory corruption.
(BZ#1212298)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions
1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo
1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing
1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()
1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS
1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods
1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions
1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize
1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
ppc64:
php-5.4.16-36.el7_1.ppc64.rpm
php-cli-5.4.16-36.el7_1.ppc64.rpm
php-common-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-gd-5.4.16-36.el7_1.ppc64.rpm
php-ldap-5.4.16-36.el7_1.ppc64.rpm
php-mysql-5.4.16-36.el7_1.ppc64.rpm
php-odbc-5.4.16-36.el7_1.ppc64.rpm
php-pdo-5.4.16-36.el7_1.ppc64.rpm
php-pgsql-5.4.16-36.el7_1.ppc64.rpm
php-process-5.4.16-36.el7_1.ppc64.rpm
php-recode-5.4.16-36.el7_1.ppc64.rpm
php-soap-5.4.16-36.el7_1.ppc64.rpm
php-xml-5.4.16-36.el7_1.ppc64.rpm
php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-5.4.16-36.el7_1.s390x.rpm
php-cli-5.4.16-36.el7_1.s390x.rpm
php-common-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-gd-5.4.16-36.el7_1.s390x.rpm
php-ldap-5.4.16-36.el7_1.s390x.rpm
php-mysql-5.4.16-36.el7_1.s390x.rpm
php-odbc-5.4.16-36.el7_1.s390x.rpm
php-pdo-5.4.16-36.el7_1.s390x.rpm
php-pgsql-5.4.16-36.el7_1.s390x.rpm
php-process-5.4.16-36.el7_1.s390x.rpm
php-recode-5.4.16-36.el7_1.s390x.rpm
php-soap-5.4.16-36.el7_1.s390x.rpm
php-xml-5.4.16-36.el7_1.s390x.rpm
php-xmlrpc-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.ael7b_1.src.rpm
ppc64le:
php-5.4.16-36.ael7b_1.ppc64le.rpm
php-cli-5.4.16-36.ael7b_1.ppc64le.rpm
php-common-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-gd-5.4.16-36.ael7b_1.ppc64le.rpm
php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm
php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm
php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm
php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm
php-process-5.4.16-36.ael7b_1.ppc64le.rpm
php-recode-5.4.16-36.ael7b_1.ppc64le.rpm
php-soap-5.4.16-36.ael7b_1.ppc64le.rpm
php-xml-5.4.16-36.ael7b_1.ppc64le.rpm
php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
php-bcmath-5.4.16-36.el7_1.ppc64.rpm
php-dba-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-devel-5.4.16-36.el7_1.ppc64.rpm
php-embedded-5.4.16-36.el7_1.ppc64.rpm
php-enchant-5.4.16-36.el7_1.ppc64.rpm
php-fpm-5.4.16-36.el7_1.ppc64.rpm
php-intl-5.4.16-36.el7_1.ppc64.rpm
php-mbstring-5.4.16-36.el7_1.ppc64.rpm
php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm
php-pspell-5.4.16-36.el7_1.ppc64.rpm
php-snmp-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-bcmath-5.4.16-36.el7_1.s390x.rpm
php-dba-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-devel-5.4.16-36.el7_1.s390x.rpm
php-embedded-5.4.16-36.el7_1.s390x.rpm
php-enchant-5.4.16-36.el7_1.s390x.rpm
php-fpm-5.4.16-36.el7_1.s390x.rpm
php-intl-5.4.16-36.el7_1.s390x.rpm
php-mbstring-5.4.16-36.el7_1.s390x.rpm
php-mysqlnd-5.4.16-36.el7_1.s390x.rpm
php-pspell-5.4.16-36.el7_1.s390x.rpm
php-snmp-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm
php-dba-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-devel-5.4.16-36.ael7b_1.ppc64le.rpm
php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm
php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm
php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm
php-intl-5.4.16-36.ael7b_1.ppc64le.rpm
php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm
php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm
php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2783
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-3307
https://access.redhat.com/security/cve/CVE-2015-3329
https://access.redhat.com/security/cve/CVE-2015-3330
https://access.redhat.com/security/cve/CVE-2015-3411
https://access.redhat.com/security/cve/CVE-2015-3412
https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4025
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/cve/CVE-2015-4599
https://access.redhat.com/security/cve/CVE-2015-4600
https://access.redhat.com/security/cve/CVE-2015-4601
https://access.redhat.com/security/cve/CVE-2015-4602
https://access.redhat.com/security/cve/CVE-2015-4603
https://access.redhat.com/security/cve/CVE-2015-4604
https://access.redhat.com/security/cve/CVE-2015-4605
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O
dtqycPWs+07GhjmZ6NNx5Bg=
=FREZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PHP: Multiple vulnerabilities
Date: June 19, 2016
Bugs: #537586, #541098, #544186, #544330, #546872, #549538,
#552408, #555576, #555830, #556952, #559612, #562882,
#571254, #573892, #577376
ID: 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in PHP, the worst of which
could lead to arbitrary code execution, or cause a Denial of Service
condition.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
PHP 5.4 is now masked in Portage:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
==========
[ 1 ] CVE-2013-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
[ 2 ] CVE-2014-9705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
[ 3 ] CVE-2014-9709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
[ 4 ] CVE-2015-0231
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
[ 5 ] CVE-2015-0273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
[ 6 ] CVE-2015-1351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
[ 7 ] CVE-2015-1352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
[ 8 ] CVE-2015-2301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
[ 9 ] CVE-2015-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
[ 10 ] CVE-2015-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
[ 11 ] CVE-2015-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
[ 12 ] CVE-2015-3329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
[ 13 ] CVE-2015-3330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
[ 14 ] CVE-2015-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
[ 15 ] CVE-2015-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
[ 16 ] CVE-2015-4025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
[ 17 ] CVE-2015-4026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
[ 18 ] CVE-2015-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
[ 19 ] CVE-2015-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
[ 20 ] CVE-2015-4642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
[ 21 ] CVE-2015-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
[ 22 ] CVE-2015-4644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
[ 23 ] CVE-2015-6831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
[ 24 ] CVE-2015-6832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
[ 25 ] CVE-2015-6833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
[ 26 ] CVE-2015-6834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
[ 27 ] CVE-2015-6835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
[ 28 ] CVE-2015-6836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
[ 29 ] CVE-2015-6837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
[ 30 ] CVE-2015-6838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
[ 31 ] CVE-2015-7803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
[ 32 ] CVE-2015-7804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
CVE-2015-4024
Denial of service when processing multipart/form-data requests.
For the oldstable distribution (wheezy), these problems have been fixed
in version 5.4.41-0+deb7u1.
For the stable distribution (jessie), these problems have been fixed in
version 5.6.9+dfsg-0+deb8u1.
For the testing distribution (stretch), these problems have been fixed
in version 5.6.9+dfsg-1.
For the unstable distribution (sid), these problems have been fixed in
version 5.6.9+dfsg-1.
We recommend that you upgrade your php5 packages
| VAR-201504-0281 | CVE-2015-0702 | Cisco Unified MeetingPlace of Custom Prompts Arbitrary code execution vulnerability in implementation of upload |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. Vendors have confirmed this vulnerability Bug ID CSCus95712 It is released as. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified.
Successful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing
| VAR-201504-0282 | CVE-2015-0703 | Cisco Unified MeetingPlace Management Web Interface cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCus95857. This solution provides a user environment that integrates voice, video and Web conferencing
| VAR-201504-0625 | No CVE | D-Link DIR-890L Command Execution Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The D-Link DIR-890L is a router device. A command execution vulnerability exists in the D-Link DIR-890L. An attacker can exploit the vulnerability to gain remote control of the server host.
| VAR-201504-0559 | CVE-2014-7886 | Hewlett-Packard Network Automation contains multiple vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
HP Network Automation Has multiple vulnerabilities in the web administration screen. HP Network Automation Contains multiple vulnerabilities including cross-site request forgery, cross-site scripting, and clickjacking issues. For more information HP security bulletin Please confirm. HP security bulletin http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04574207By sending a management request unintended by the user to the server by remote third party guidance, privilege escalation, information leakage, code execution, service operation interruption (DoS) May be affected. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574207
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04574207
Version: 1
HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
References:
CVE-2014-7886
VU#750060
SSRT101865
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Note: Customers running Network Automation v9.0X and v9.1X should upgrade to
v09.22.02 to resolve these issues.
Network Automation Patch v09.22.02: NA_00027
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea
rch/document/KM01512941
Network Automation Patch v10.00.01: NA_00028
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea
rch/document/KM01512943
See Knowledge Document for further configuration information:
https://softwaresupport.hp.com/group/softwaresupport/search-
result/-/facetsearch/document/KM01411842
HISTORY
Version:1 (rev.1) - 15 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlUu3sQACgkQ4B86/C0qfVmrngCffhWHa2TLzf7x2XGUwK54dXnE
2tMAnR0B6tyjj14ZPHADJte6ytb4tGyI
=sl7r
-----END PGP SIGNATURE-----