VARIoT IoT vulnerabilities database
| VAR-201504-0271 | CVE-2015-0691 | Cisco Secure Desktop of Cache Cleaner Specific distributed with Cisco JAR Vulnerability to execute arbitrary command in file |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. Vendors have confirmed this vulnerability Bug ID CSCup83001 It is released as.Skillfully crafted by a third party Web Arbitrary commands may be executed via the site. Cisco Secure Desktop (CSD) is a secure desktop product of Cisco (Cisco), which can reduce the number of cookies, browser history, temporary files and downloads in the system after remote user logout or SSL VPN session timeout through encryption function. remaining risks
| VAR-201506-0465 | CVE-2015-3330 | PHP of sapi/apache2handler/sapi_apache2.c of php_handler Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter.". PHP is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following versions are affected: PHP prior to 5.4.40, 5.5.x prior to 5.5.24, and 5.6.x prior to 5.6.8. ==========================================================================
Ubuntu Security Notice USN-2572-1
April 20, 2015
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in PHP. This issue only applied to
Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)
It was discovered that PHP incorrectly handled unserializing PHAR files.
(CVE-2015-2787)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4
php5-cgi 5.5.12+dfsg-2ubuntu4.4
php5-cli 5.5.12+dfsg-2ubuntu4.4
php5-fpm 5.5.12+dfsg-2ubuntu4.4
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9
php5-cgi 5.5.9+dfsg-1ubuntu4.9
php5-cli 5.5.9+dfsg-1ubuntu4.9
php5-fpm 5.5.9+dfsg-1ubuntu4.9
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.18
php5-cgi 5.3.10-1ubuntu3.18
php5-cli 5.3.10-1ubuntu3.18
php5-fpm 5.3.10-1ubuntu3.18
Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.30
php5-cgi 5.3.2-1ubuntu4.30
php5-cli 5.3.2-1ubuntu4.30
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded.
This update fixes some security issues.
Please note that this package build also moves the configuration files
from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz
Slackware 14.1 package:
9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz
Slackware -current package:
30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz
Slackware x86_64 -current package:
1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.40-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: php security and bug fix update
Advisory ID: RHSA-2015:1135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html
Issue date: 2015-06-23
CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705
CVE-2014-9709 CVE-2015-0231 CVE-2015-0232
CVE-2015-0273 CVE-2015-2301 CVE-2015-2348
CVE-2015-2783 CVE-2015-2787 CVE-2015-3307
CVE-2015-3329 CVE-2015-3330 CVE-2015-3411
CVE-2015-3412 CVE-2015-4021 CVE-2015-4022
CVE-2015-4024 CVE-2015-4025 CVE-2015-4026
CVE-2015-4147 CVE-2015-4148 CVE-2015-4598
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601
CVE-2015-4602 CVE-2015-4603 CVE-2015-4604
CVE-2015-4605
=====================================================================
1. Summary:
Updated php packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the PHP module for the Apache httpd web server
handled pipelined requests. (CVE-2015-3330)
A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)
An uninitialized pointer use flaw was found in PHP's Exif extension.
(CVE-2015-0232)
An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. (CVE-2015-4022)
Multiple flaws were discovered in the way PHP performed object
unserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,
CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)
It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,
CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)
Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)
Multiple flaws were found in PHP's File Information (fileinfo) extension.
A remote attacker could cause a PHP application to crash if it used
fileinfo to identify type of attacker supplied files. (CVE-2014-9652,
CVE-2015-4604, CVE-2015-4605)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
This update also fixes the following bugs:
* The libgmp library in some cases terminated unexpectedly with a
segmentation fault when being used with other libraries that use the GMP
memory management. With this update, PHP no longer changes libgmp memory
allocators, which prevents the described crash from occurring. (BZ#1212305)
* When using the Open Database Connectivity (ODBC) API, the PHP process
in some cases terminated unexpectedly with a segmentation fault. The
underlying code has been adjusted to prevent this crash. (BZ#1212299)
* Previously, running PHP on a big-endian system sometimes led to memory
corruption in the fileinfo module. This update adjusts the behavior of
the PHP pointer so that it can be freed without causing memory corruption.
(BZ#1212298)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions
1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo
1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing
1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()
1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS
1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods
1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions
1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize
1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
ppc64:
php-5.4.16-36.el7_1.ppc64.rpm
php-cli-5.4.16-36.el7_1.ppc64.rpm
php-common-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-gd-5.4.16-36.el7_1.ppc64.rpm
php-ldap-5.4.16-36.el7_1.ppc64.rpm
php-mysql-5.4.16-36.el7_1.ppc64.rpm
php-odbc-5.4.16-36.el7_1.ppc64.rpm
php-pdo-5.4.16-36.el7_1.ppc64.rpm
php-pgsql-5.4.16-36.el7_1.ppc64.rpm
php-process-5.4.16-36.el7_1.ppc64.rpm
php-recode-5.4.16-36.el7_1.ppc64.rpm
php-soap-5.4.16-36.el7_1.ppc64.rpm
php-xml-5.4.16-36.el7_1.ppc64.rpm
php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-5.4.16-36.el7_1.s390x.rpm
php-cli-5.4.16-36.el7_1.s390x.rpm
php-common-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-gd-5.4.16-36.el7_1.s390x.rpm
php-ldap-5.4.16-36.el7_1.s390x.rpm
php-mysql-5.4.16-36.el7_1.s390x.rpm
php-odbc-5.4.16-36.el7_1.s390x.rpm
php-pdo-5.4.16-36.el7_1.s390x.rpm
php-pgsql-5.4.16-36.el7_1.s390x.rpm
php-process-5.4.16-36.el7_1.s390x.rpm
php-recode-5.4.16-36.el7_1.s390x.rpm
php-soap-5.4.16-36.el7_1.s390x.rpm
php-xml-5.4.16-36.el7_1.s390x.rpm
php-xmlrpc-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.ael7b_1.src.rpm
ppc64le:
php-5.4.16-36.ael7b_1.ppc64le.rpm
php-cli-5.4.16-36.ael7b_1.ppc64le.rpm
php-common-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-gd-5.4.16-36.ael7b_1.ppc64le.rpm
php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm
php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm
php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm
php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm
php-process-5.4.16-36.ael7b_1.ppc64le.rpm
php-recode-5.4.16-36.ael7b_1.ppc64le.rpm
php-soap-5.4.16-36.ael7b_1.ppc64le.rpm
php-xml-5.4.16-36.ael7b_1.ppc64le.rpm
php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
php-bcmath-5.4.16-36.el7_1.ppc64.rpm
php-dba-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-devel-5.4.16-36.el7_1.ppc64.rpm
php-embedded-5.4.16-36.el7_1.ppc64.rpm
php-enchant-5.4.16-36.el7_1.ppc64.rpm
php-fpm-5.4.16-36.el7_1.ppc64.rpm
php-intl-5.4.16-36.el7_1.ppc64.rpm
php-mbstring-5.4.16-36.el7_1.ppc64.rpm
php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm
php-pspell-5.4.16-36.el7_1.ppc64.rpm
php-snmp-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-bcmath-5.4.16-36.el7_1.s390x.rpm
php-dba-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-devel-5.4.16-36.el7_1.s390x.rpm
php-embedded-5.4.16-36.el7_1.s390x.rpm
php-enchant-5.4.16-36.el7_1.s390x.rpm
php-fpm-5.4.16-36.el7_1.s390x.rpm
php-intl-5.4.16-36.el7_1.s390x.rpm
php-mbstring-5.4.16-36.el7_1.s390x.rpm
php-mysqlnd-5.4.16-36.el7_1.s390x.rpm
php-pspell-5.4.16-36.el7_1.s390x.rpm
php-snmp-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm
php-dba-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-devel-5.4.16-36.ael7b_1.ppc64le.rpm
php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm
php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm
php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm
php-intl-5.4.16-36.ael7b_1.ppc64le.rpm
php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm
php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm
php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2783
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-3307
https://access.redhat.com/security/cve/CVE-2015-3329
https://access.redhat.com/security/cve/CVE-2015-3330
https://access.redhat.com/security/cve/CVE-2015-3411
https://access.redhat.com/security/cve/CVE-2015-3412
https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4025
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/cve/CVE-2015-4599
https://access.redhat.com/security/cve/CVE-2015-4600
https://access.redhat.com/security/cve/CVE-2015-4601
https://access.redhat.com/security/cve/CVE-2015-4602
https://access.redhat.com/security/cve/CVE-2015-4603
https://access.redhat.com/security/cve/CVE-2015-4604
https://access.redhat.com/security/cve/CVE-2015-4605
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O
dtqycPWs+07GhjmZ6NNx5Bg=
=FREZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PHP: Multiple vulnerabilities
Date: June 19, 2016
Bugs: #537586, #541098, #544186, #544330, #546872, #549538,
#552408, #555576, #555830, #556952, #559612, #562882,
#571254, #573892, #577376
ID: 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in PHP, the worst of which
could lead to arbitrary code execution, or cause a Denial of Service
condition.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
PHP 5.4 is now masked in Portage:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
==========
[ 1 ] CVE-2013-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
[ 2 ] CVE-2014-9705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
[ 3 ] CVE-2014-9709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
[ 4 ] CVE-2015-0231
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
[ 5 ] CVE-2015-0273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
[ 6 ] CVE-2015-1351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
[ 7 ] CVE-2015-1352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
[ 8 ] CVE-2015-2301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
[ 9 ] CVE-2015-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
[ 10 ] CVE-2015-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
[ 11 ] CVE-2015-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
[ 12 ] CVE-2015-3329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
[ 13 ] CVE-2015-3330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
[ 14 ] CVE-2015-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
[ 15 ] CVE-2015-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
[ 16 ] CVE-2015-4025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
[ 17 ] CVE-2015-4026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
[ 18 ] CVE-2015-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
[ 19 ] CVE-2015-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
[ 20 ] CVE-2015-4642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
[ 21 ] CVE-2015-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
[ 22 ] CVE-2015-4644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
[ 23 ] CVE-2015-6831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
[ 24 ] CVE-2015-6832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
[ 25 ] CVE-2015-6833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
[ 26 ] CVE-2015-6834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
[ 27 ] CVE-2015-6835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
[ 28 ] CVE-2015-6836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
[ 29 ] CVE-2015-6837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
[ 30 ] CVE-2015-6838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
[ 31 ] CVE-2015-7803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
[ 32 ] CVE-2015-7804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201505-0365 | CVE-2015-2347 | Huawei SEQ Analyst Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/. The platform provides functions such as service debugging, user complaint handling, troubleshooting, user experience management and deployment of value-added services. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. #Document Title:
============
Huawei SEQ Analyst - Multiple Reflected Cross Site Scripting (XSS)
#Release Date:
===========
15 Apr 2015
#CVE-ID:
=======
CVE-2015-2347
#Product & Service Introduction:
=======================
SEQ Analyst is a platform for business quality monitoring and management by
individual user and multiple vendors in a quasi-realtime and retraceable
manner
More Details & Manual ;
http://download.huawei.com/download/filedownload.do?modelID=bulletin&refID=IN0000056669,101
#Vulnerability Disclosure Timeline:
========================
3 Mar 2015 Bug reported to the vendor.
6 Mar 2015 Vendor returned ; investigating
16 Mar 2015 Asked about the case.
16 Mar 2015 Vendor has validated the issue.
17 Mar 2015 There aren't any fix the issue.
18 Mar 2015 CVE number assigned
15 Apr 2015 Fixed
#Affected Product(s):
===============
Huawei Technologies Co. Ltd
| VAR-201708-0342 | CVE-2015-3617 | Fortinet FortiManager Vulnerabilities related to authorization, permissions, and access control |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. Fortinet FortiManager Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiManager is prone to following security vulnerabilities:
1. A remote privilege-escalation vulnerability
2. An HTML-injection vulnerability
3. An SQL-injection vulnerability
4. A local privilege-escalation vulnerability
5. An arbitrary file-download vulnerability
Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management
| VAR-201708-0339 | CVE-2015-3614 | Fortinet FortiManager Vulnerable to information disclosure |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. FortiManager is prone to following security vulnerabilities:
1. A remote privilege-escalation vulnerability
2. An HTML-injection vulnerability
3. An SQL-injection vulnerability
4. A local privilege-escalation vulnerability
5. An arbitrary file-download vulnerability
Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management
| VAR-201708-0340 | CVE-2015-3615 | FortiManager Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. FortiManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiManager is prone to following security vulnerabilities:
1. A remote privilege-escalation vulnerability
2. An HTML-injection vulnerability
3. An SQL-injection vulnerability
4. A local privilege-escalation vulnerability
5. An arbitrary file-download vulnerability
Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management
| VAR-201708-0341 | CVE-2015-3616 | Fortinet FortiManager In SQL Injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. Fortinet FortiManager Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiManager is prone to following security vulnerabilities:
1. A remote privilege-escalation vulnerability
2. An HTML-injection vulnerability
3. An SQL-injection vulnerability
4. A local privilege-escalation vulnerability
5. An arbitrary file-download vulnerability
Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. A SQL injection vulnerability exists in Fortinet FortiManager 5.0.x prior to 5.0.11 and 5.2.x prior to 5.2.2
| VAR-201504-0280 | CVE-2015-0700 | Cisco Secure Access Control Server Solution Engine of monitoring-and-report Section Dashboard Page cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. Vendors have confirmed this vulnerability Bug ID CSCuj62924 It is released as.A third party may be able to hijack the authentication of any user.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCuj62924. This solution provides functions such as centralized management of access types, devices, and user groups for accessing network resources
| VAR-202002-0835 | CVE-2015-3613 | FortiManager Vulnerabilities in permissions management |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page. FortiManager Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FortiManager is prone to following security vulnerabilities:
1. A remote privilege-escalation vulnerability
2. An HTML-injection vulnerability
3. An SQL-injection vulnerability
4. A local privilege-escalation vulnerability
5. An arbitrary file-download vulnerability
Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. An attacker could exploit this vulnerability to elevate privileges
| VAR-202002-0833 | CVE-2015-3611 | FortiManager In OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. FortiManager In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FortiManager is prone to following security vulnerabilities:
1. A remote privilege-escalation vulnerability
2. An HTML-injection vulnerability
3. An SQL-injection vulnerability
4. A local privilege-escalation vulnerability
5. An arbitrary file-download vulnerability
Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Attackers can exploit this vulnerability to execute system commands
| VAR-202002-0834 | CVE-2015-3612 | FortiManager Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. FortiManager Contains a cross-site scripting vulnerability.The information may be obtained and the information may be altered. FortiManager is prone to following security vulnerabilities:
1. A remote privilege-escalation vulnerability
2. An HTML-injection vulnerability
3. An SQL-injection vulnerability
4. A local privilege-escalation vulnerability
5. An arbitrary file-download vulnerability
Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-201504-0275 | CVE-2015-0695 | Cisco ASR 9000 Runs on the device Cisco IOS XR Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957. Vendors have confirmed this vulnerability Bug ID CSCur62957 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS XR Software. Allows an attacker to exploit this vulnerability to initiate a denial of service attack. The vulnerability is caused by the incorrect handling of the bridge-group virtual interface (BVI )flow
| VAR-201504-0276 | CVE-2015-0696 | Cisco TelePresence Collaboration Desk and Room Endpoints Runs on the device Cisco TC Software login page cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977. Vendors have confirmed this vulnerability Bug ID CSCuq94977 It is released as.By any third party Web Script or HTML May be inserted.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue being tracked by Cisco Bug ID CSCuq94977. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)
| VAR-201504-0279 | CVE-2015-0699 | Cisco Unified Communications Manager of Interactive Voice Response In the component SQL Injection vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. Vendors have confirmed this vulnerability Bug ID CSCut21563 It is released as.By any third party SQL The command may be executed.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue being tracked by Cisco Bug ID CSCut21563. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Interactive Voice Response (IVR) is a component that provides an open, extensible, feature-rich foundation for creating and delivering IVR (Interactive Voice Response) applications. There is a SQL injection vulnerability in the IVR component of CUCM 10.5 (1.98991.13), which is caused by the fact that the program does not fully validate the input submitted by the user before constructing the SQL query statement
| VAR-201504-0277 | CVE-2015-0697 | Cisco TelePresence Collaboration Desk and Room Endpoints Runs on the device Cisco TC Software login page open redirect vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. Vendors have confirmed this vulnerability Bug ID CSCuq94980 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack.
An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)
| VAR-201504-0278 | CVE-2015-0698 | Cisco Web Security Appliance device software vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213. Vendors have confirmed this vulnerability Bug ID CSCut39213 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue being tracked by Cisco Bug ID CSCut39213.
Cisco Web Security Appliance 8.5.0-497 is vulnerable; other versions may also be affected. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. The vulnerability is caused by the program not adequately filtering user-submitted input
| VAR-201512-0551 | CVE-2015-4334 | Blue Coat ProxySG of SGOS Vulnerability in which important information is obtained in default settings |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. Bluecoat ProxySG is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Blue Coat Systems ProxySG is a set of security Web gateway equipment of American Blue Coat Systems company. The appliance provides user authentication, web filtering, data loss protection, and more to control all web traffic. Remote attackers can use the 407 HTTP status code to exploit this vulnerability to obtain sensitive information. The following versions are affected: Blue Coat Systems ProxySG prior to 6.2.16.5, 6.5 prior to 6.5.7.1, and 6.6 prior to 6.6.2.1
| VAR-201505-0137 | CVE-2015-2219 | Lenovo System Update Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. Lenovo System Update is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this vulnerability to execute arbitrary commands with SYSTEM privileges.
Lenovo System Update 5.6.0.27 and prior versions are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc
| VAR-201504-0548 | CVE-2015-3043 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. Attacks on this vulnerability 2015 Year 4 Observed on the moon. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. The following versions are affected: Adobe Flash Player 13.0.0.277 and earlier versions and 17.0.0.134 and earlier versions based on Windows and OS X platforms, Adobe Flash Player 11.2.202.451 and earlier versions based on Linux systems. (Widely exploited in April 2015).
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.457"
References
==========
[ 1 ] CVE-2015-0346
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0346
[ 2 ] CVE-2015-0347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0347
[ 3 ] CVE-2015-0348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0348
[ 4 ] CVE-2015-0349
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0349
[ 5 ] CVE-2015-0350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0350
[ 6 ] CVE-2015-0351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0351
[ 7 ] CVE-2015-0352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0352
[ 8 ] CVE-2015-0353
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0353
[ 9 ] CVE-2015-0354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0354
[ 10 ] CVE-2015-0355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0355
[ 11 ] CVE-2015-0356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0356
[ 12 ] CVE-2015-0357
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0357
[ 13 ] CVE-2015-0358
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0358
[ 14 ] CVE-2015-0359
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0359
[ 15 ] CVE-2015-0360
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0360
[ 16 ] CVE-2015-3038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3038
[ 17 ] CVE-2015-3039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3039
[ 18 ] CVE-2015-3040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3040
[ 19 ] CVE-2015-3041
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3041
[ 20 ] CVE-2015-3042
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3042
[ 21 ] CVE-2015-3043
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3043
[ 22 ] CVE-2015-3044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3044
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201504-07
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0813-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0813.html
Issue date: 2015-04-15
CVE Names: CVE-2015-0346 CVE-2015-0347 CVE-2015-0348
CVE-2015-0349 CVE-2015-0350 CVE-2015-0351
CVE-2015-0352 CVE-2015-0353 CVE-2015-0354
CVE-2015-0355 CVE-2015-0356 CVE-2015-0357
CVE-2015-0358 CVE-2015-0359 CVE-2015-0360
CVE-2015-3038 CVE-2015-3039 CVE-2015-3040
CVE-2015-3041 CVE-2015-3042 CVE-2015-3043
CVE-2015-3044
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-06
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349,
CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354,
CVE-2015-0355, CVE-2015-0356, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360,
CVE-2015-3038, CVE-2015-3039, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)
A security bypass flaw was found in flash-plugin that could lead to the
disclosure of sensitive information. (CVE-2015-3044)
Two memory information leak flaws were found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1211869 - flash-plugin: multiple code execution issues fixed in APSB15-06
1211894 - CVE-2015-3044 flash-plugin: security bypass leading to information disclosure (APSB15-06)
1211898 - CVE-2015-0357 CVE-2015-3040 flash-plugin: information leaks leading to ASLR bypass (APSB15-06)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.457-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.457-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.457-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.457-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0346
https://access.redhat.com/security/cve/CVE-2015-0347
https://access.redhat.com/security/cve/CVE-2015-0348
https://access.redhat.com/security/cve/CVE-2015-0349
https://access.redhat.com/security/cve/CVE-2015-0350
https://access.redhat.com/security/cve/CVE-2015-0351
https://access.redhat.com/security/cve/CVE-2015-0352
https://access.redhat.com/security/cve/CVE-2015-0353
https://access.redhat.com/security/cve/CVE-2015-0354
https://access.redhat.com/security/cve/CVE-2015-0355
https://access.redhat.com/security/cve/CVE-2015-0356
https://access.redhat.com/security/cve/CVE-2015-0357
https://access.redhat.com/security/cve/CVE-2015-0358
https://access.redhat.com/security/cve/CVE-2015-0359
https://access.redhat.com/security/cve/CVE-2015-0360
https://access.redhat.com/security/cve/CVE-2015-3038
https://access.redhat.com/security/cve/CVE-2015-3039
https://access.redhat.com/security/cve/CVE-2015-3040
https://access.redhat.com/security/cve/CVE-2015-3041
https://access.redhat.com/security/cve/CVE-2015-3042
https://access.redhat.com/security/cve/CVE-2015-3043
https://access.redhat.com/security/cve/CVE-2015-3044
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVLmOuXlSAg2UNWIIRAhCpAKCQYartNTxOyN7YneEoLHmonLVYxwCeJeZL
9gBkw1TFVgaSAtPj0Xh+ubg=
=LVW2
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201504-0547 | CVE-2015-3042 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.457"
References
==========
[ 1 ] CVE-2015-0346
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0346
[ 2 ] CVE-2015-0347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0347
[ 3 ] CVE-2015-0348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0348
[ 4 ] CVE-2015-0349
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0349
[ 5 ] CVE-2015-0350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0350
[ 6 ] CVE-2015-0351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0351
[ 7 ] CVE-2015-0352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0352
[ 8 ] CVE-2015-0353
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0353
[ 9 ] CVE-2015-0354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0354
[ 10 ] CVE-2015-0355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0355
[ 11 ] CVE-2015-0356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0356
[ 12 ] CVE-2015-0357
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0357
[ 13 ] CVE-2015-0358
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0358
[ 14 ] CVE-2015-0359
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0359
[ 15 ] CVE-2015-0360
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0360
[ 16 ] CVE-2015-3038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3038
[ 17 ] CVE-2015-3039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3039
[ 18 ] CVE-2015-3040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3040
[ 19 ] CVE-2015-3041
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3041
[ 20 ] CVE-2015-3042
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3042
[ 21 ] CVE-2015-3043
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3043
[ 22 ] CVE-2015-3044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3044
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201504-07
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0813-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0813.html
Issue date: 2015-04-15
CVE Names: CVE-2015-0346 CVE-2015-0347 CVE-2015-0348
CVE-2015-0349 CVE-2015-0350 CVE-2015-0351
CVE-2015-0352 CVE-2015-0353 CVE-2015-0354
CVE-2015-0355 CVE-2015-0356 CVE-2015-0357
CVE-2015-0358 CVE-2015-0359 CVE-2015-0360
CVE-2015-3038 CVE-2015-3039 CVE-2015-3040
CVE-2015-3041 CVE-2015-3042 CVE-2015-3043
CVE-2015-3044
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-06
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349,
CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354,
CVE-2015-0355, CVE-2015-0356, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360,
CVE-2015-3038, CVE-2015-3039, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)
A security bypass flaw was found in flash-plugin that could lead to the
disclosure of sensitive information. (CVE-2015-3044)
Two memory information leak flaws were found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1211869 - flash-plugin: multiple code execution issues fixed in APSB15-06
1211894 - CVE-2015-3044 flash-plugin: security bypass leading to information disclosure (APSB15-06)
1211898 - CVE-2015-0357 CVE-2015-3040 flash-plugin: information leaks leading to ASLR bypass (APSB15-06)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.457-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.457-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.457-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.457-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
x86_64:
flash-plugin-11.2.202.457-1.el6_6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0346
https://access.redhat.com/security/cve/CVE-2015-0347
https://access.redhat.com/security/cve/CVE-2015-0348
https://access.redhat.com/security/cve/CVE-2015-0349
https://access.redhat.com/security/cve/CVE-2015-0350
https://access.redhat.com/security/cve/CVE-2015-0351
https://access.redhat.com/security/cve/CVE-2015-0352
https://access.redhat.com/security/cve/CVE-2015-0353
https://access.redhat.com/security/cve/CVE-2015-0354
https://access.redhat.com/security/cve/CVE-2015-0355
https://access.redhat.com/security/cve/CVE-2015-0356
https://access.redhat.com/security/cve/CVE-2015-0357
https://access.redhat.com/security/cve/CVE-2015-0358
https://access.redhat.com/security/cve/CVE-2015-0359
https://access.redhat.com/security/cve/CVE-2015-0360
https://access.redhat.com/security/cve/CVE-2015-3038
https://access.redhat.com/security/cve/CVE-2015-3039
https://access.redhat.com/security/cve/CVE-2015-3040
https://access.redhat.com/security/cve/CVE-2015-3041
https://access.redhat.com/security/cve/CVE-2015-3042
https://access.redhat.com/security/cve/CVE-2015-3043
https://access.redhat.com/security/cve/CVE-2015-3044
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVLmOuXlSAg2UNWIIRAhCpAKCQYartNTxOyN7YneEoLHmonLVYxwCeJeZL
9gBkw1TFVgaSAtPj0Xh+ubg=
=LVW2
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce