VARIoT IoT vulnerabilities database
| VAR-201502-0067 | CVE-2015-1546 | OpenLDAP of servers/slapd/filter.c Inside get_vrFilter Function double memory vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. OpenLDAP of servers/slapd/filter.c Inside get_vrFilter The function has a deficiency in freeing up memory twice, resulting in service disruption ( crash ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. OpenLDAP slapd is prone to multiple denial-of-service vulnerabilities.
Successful exploits may allow an attacker to cause an affected application to crash, resulting in a denial-of-service condition. OpenLDAP is a free and open source implementation of the Lightweight Directory Access Protocol (LDAP) from the OpenLDAP Foundation in the United States, which is included in Linux distributions.
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
8cf3267fdb2dd7fe3e3d45560bdb21d0 mbs2/x86_64/lib64ldap2.4_2-2.4.40-1.mbs2.x86_64.rpm
865d9a982ce84212ac326c3c1e765bd7 mbs2/x86_64/lib64ldap2.4_2-devel-2.4.40-1.mbs2.x86_64.rpm
5257553f4101f109f611fb4a1169e032 mbs2/x86_64/lib64ldap2.4_2-static-devel-2.4.40-1.mbs2.x86_64.rpm
559e20b8fb73db0a2596ae53debb1171 mbs2/x86_64/openldap-2.4.40-1.mbs2.x86_64.rpm
d768c2cfd50d48df2c6d50cba2804f22 mbs2/x86_64/openldap-back_bdb-2.4.40-1.mbs2.x86_64.rpm
ca1be9bfd5f8494412dacd1704446a3d mbs2/x86_64/openldap-back_mdb-2.4.40-1.mbs2.x86_64.rpm
10616f8ee850c96f6f31a56c04b2f5c8 mbs2/x86_64/openldap-back_sql-2.4.40-1.mbs2.x86_64.rpm
abe8987076d7c071cf0556717824f968 mbs2/x86_64/openldap-clients-2.4.40-1.mbs2.x86_64.rpm
167cde52384ff479dbf66c9c3b9c1875 mbs2/x86_64/openldap-doc-2.4.40-1.mbs2.x86_64.rpm
7bb0cde0c37e82616d7e1c2f51339ea9 mbs2/x86_64/openldap-servers-2.4.40-1.mbs2.x86_64.rpm
fa9deaf6135eb3443dfa4ea2d5906d03 mbs2/x86_64/openldap-servers-devel-2.4.40-1.mbs2.x86_64.rpm
712530d38d7091f1feab1b0f214d8440 mbs2/x86_64/openldap-testprogs-2.4.40-1.mbs2.x86_64.rpm
e2a1576a5731e854ac0395c65014b8ea mbs2/x86_64/openldap-tests-2.4.40-1.mbs2.x86_64.rpm
38e739f91027490ef87474d6053b663f mbs2/SRPMS/openldap-2.4.40-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFYFxmqjQ0CJFipgRApm0AJ4xcpT1u7CPnC7I7aiJTISBkiS08ACghGEn
vp6R7J2vex/HG9fkmQLo5EI=
=FTac
-----END PGP SIGNATURE-----
| VAR-201502-0106 | CVE-2015-0314 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the BitmapFilter class. The class is not marked as final, so it can be extended. When extending the class and adding it to a filters array, Adobe Flash tries to execute a non-existent method at a specific offset. Failed attacks may cause denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.442"
References
==========
[ 1 ] CVE-2015-0301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0301
[ 2 ] CVE-2015-0302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0302
[ 3 ] CVE-2015-0303
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0303
[ 4 ] CVE-2015-0304
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0304
[ 5 ] CVE-2015-0305
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0305
[ 6 ] CVE-2015-0306
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0306
[ 7 ] CVE-2015-0307
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0307
[ 8 ] CVE-2015-0308
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0308
[ 9 ] CVE-2015-0309
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0309
[ 10 ] CVE-2015-0310
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0310
[ 11 ] CVE-2015-0311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0311
[ 12 ] CVE-2015-0314
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0314
[ 13 ] CVE-2015-0315
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0315
[ 14 ] CVE-2015-0316
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0316
[ 15 ] CVE-2015-0317
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0317
[ 16 ] CVE-2015-0318
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0318
[ 17 ] CVE-2015-0319
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0319
[ 18 ] CVE-2015-0320
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0320
[ 19 ] CVE-2015-0321
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0321
[ 20 ] CVE-2015-0322
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0322
[ 21 ] CVE-2015-0323
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0323
[ 22 ] CVE-2015-0324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0324
[ 23 ] CVE-2015-0325
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0325
[ 24 ] CVE-2015-0326
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0326
[ 25 ] CVE-2015-0327
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0327
[ 26 ] CVE-2015-0328
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0328
[ 27 ] CVE-2015-0329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0329
[ 28 ] CVE-2015-0330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0330
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0140-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0140.html
Issue date: 2015-02-06
CVE Names: CVE-2015-0314 CVE-2015-0315 CVE-2015-0316
CVE-2015-0317 CVE-2015-0318 CVE-2015-0319
CVE-2015-0320 CVE-2015-0321 CVE-2015-0322
CVE-2015-0323 CVE-2015-0324 CVE-2015-0325
CVE-2015-0326 CVE-2015-0327 CVE-2015-0328
CVE-2015-0329 CVE-2015-0330
=====================================================================
1.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1190068 - flash-plugin: multiple code execution flaws (APSB15-04)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.442-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.442-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.442-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.442-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.442-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.442-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.442-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.442-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.442-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.442-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0314
https://access.redhat.com/security/cve/CVE-2015-0315
https://access.redhat.com/security/cve/CVE-2015-0316
https://access.redhat.com/security/cve/CVE-2015-0317
https://access.redhat.com/security/cve/CVE-2015-0318
https://access.redhat.com/security/cve/CVE-2015-0319
https://access.redhat.com/security/cve/CVE-2015-0320
https://access.redhat.com/security/cve/CVE-2015-0321
https://access.redhat.com/security/cve/CVE-2015-0322
https://access.redhat.com/security/cve/CVE-2015-0323
https://access.redhat.com/security/cve/CVE-2015-0324
https://access.redhat.com/security/cve/CVE-2015-0325
https://access.redhat.com/security/cve/CVE-2015-0326
https://access.redhat.com/security/cve/CVE-2015-0327
https://access.redhat.com/security/cve/CVE-2015-0328
https://access.redhat.com/security/cve/CVE-2015-0329
https://access.redhat.com/security/cve/CVE-2015-0330
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU1NKPXlSAg2UNWIIRAuaMAKCrTaZA9Qbqdqmms8W0dscYkNvkiQCeIiHs
Rb1nXRLO0fFKuancn8e1EKw=
=IZLG
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201502-0121 | CVE-2015-0589 | Cisco WebEx Meetings Server Management Web Any with root privileges in the interface OS Command execution vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460. Vendors have confirmed this vulnerability Bug ID CSCuj40460 It is released as.Remotely authenticated users can specify any OS The command may be executed. Cisco WebEx Meetings Server is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input.
Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application.
This issue is being tracked by Cisco bug ID CSCuj40460. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There are security vulnerabilities in the web management interface of CWMS versions 1.0 to 1.5
| VAR-201502-0135 | CVE-2015-0601 | Cisco Unified IP 9900 phones Service disruption in other firmware (DoS) Vulnerabilities |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. The device provides voice, video and other functions.
This issue is tracked by Cisco Bug ID CSCup92790
| VAR-201502-0138 | CVE-2015-0604 | Cisco Unified IP 9900 phones Of firmware Web Framework uploading file vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424. Vendors have confirmed this vulnerability Bug ID CSCup90424 It is released as.Skillfully crafted by a third party HTTP Via a request, a file may be uploaded to any location in the phone's file system. The Cisco Unified IP Phone 9900 is a 9900 series IP telephony terminal device from Cisco. The device provides voice, video and other functions. This may aid in further attacks.
This issue is tracked by Cisco Bug ID CSCup90424
| VAR-201502-0411 | CVE-2015-1212 | Google Chrome Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Google Chrome is prone to multiple vulnerabilities.
Attackers may exploit these issues to execute arbitrary code, bypass the same-origin policy and gain elevated privileges; other attacks are also possible. Google Chrome is a web browser developed by Google (Google). ============================================================================
Ubuntu Security Notice USN-2495-1
February 10, 2015
oxide-qt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide. (CVE-2015-1209)
It was discovered that V8 did not properly consider frame access
restrictions when throwing exceptions in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same origin restrictions.
(CVE-2015-1210)
It was discovered that Chromium did not properly restrict the URI scheme
during ServiceWorker registration. If a user were tricked in to
downloading and opening a specially crafted HTML file, an attacker could
potentially exploit this to bypass security restrictions. (CVE-2015-1212)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
liboxideqtcore0 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2015:0163-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0163.html
Issue date: 2015-02-10
CVE Names: CVE-2015-1209 CVE-2015-1210 CVE-2015-1211
CVE-2015-1212
=====================================================================
1. Summary:
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 40.0.2214.111, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1190123 - CVE-2015-1209 chromium-browser: use-after-free in DOM
1190124 - CVE-2015-1210 chromium-browser: cross-origin-bypass in V8 bindings
1190125 - CVE-2015-1211 chromium-browser: privilege escalation in service workers
1190158 - CVE-2015-1212 chromium-browser: various security fixes in Chrome 40.0.2214.111
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-1209
https://access.redhat.com/security/cve/CVE-2015-1210
https://access.redhat.com/security/cve/CVE-2015-1211
https://access.redhat.com/security/cve/CVE-2015-1212
https://access.redhat.com/security/updates/classification/#important
http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU2oc6XlSAg2UNWIIRArgRAJ0UDk0z8qCzqVFIRSEuiIgr3tP9swCfdFO2
59ank3BbCLmfdBRtQ9lpFz4=
=mT/S
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 40.0.2214.111 >= 40.0.2214.111
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to cause a Denial of Service condition,
gain privileges via a filesystem: URI, or have other unspecified
impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-40.0.2214.111"
References
==========
[ 1 ] CVE-2014-7923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923
[ 2 ] CVE-2014-7924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924
[ 3 ] CVE-2014-7925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925
[ 4 ] CVE-2014-7926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926
[ 5 ] CVE-2014-7927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927
[ 6 ] CVE-2014-7928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928
[ 7 ] CVE-2014-7929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929
[ 8 ] CVE-2014-7930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930
[ 9 ] CVE-2014-7931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931
[ 10 ] CVE-2014-7932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932
[ 11 ] CVE-2014-7933
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933
[ 12 ] CVE-2014-7934
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934
[ 13 ] CVE-2014-7935
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935
[ 14 ] CVE-2014-7936
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936
[ 15 ] CVE-2014-7937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
[ 16 ] CVE-2014-7938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938
[ 17 ] CVE-2014-7939
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939
[ 18 ] CVE-2014-7940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940
[ 19 ] CVE-2014-7941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941
[ 20 ] CVE-2014-7942
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942
[ 21 ] CVE-2014-7943
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943
[ 22 ] CVE-2014-7944
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944
[ 23 ] CVE-2014-7945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945
[ 24 ] CVE-2014-7946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946
[ 25 ] CVE-2014-7947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947
[ 26 ] CVE-2014-7948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948
[ 27 ] CVE-2014-9646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646
[ 28 ] CVE-2014-9647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647
[ 29 ] CVE-2014-9648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648
[ 30 ] CVE-2015-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205
[ 31 ] CVE-2015-1209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209
[ 32 ] CVE-2015-1210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210
[ 33 ] CVE-2015-1211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211
[ 34 ] CVE-2015-1212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212
[ 35 ] CVE-2015-1346
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346
[ 36 ] CVE-2015-1359
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359
[ 37 ] CVE-2015-1360
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360
[ 38 ] CVE-2015-1361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-13.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201502-0410 | CVE-2015-1211 | Google Chrome of content/browser/service_worker/service_worker_dispatcher_host.cc Vulnerability gained in |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. Google Chrome is prone to multiple vulnerabilities.
Attackers may exploit these issues to execute arbitrary code, bypass the same-origin policy and gain elevated privileges; other attacks are also possible. Google Chrome is a web browser developed by Google (Google). ============================================================================
Ubuntu Security Notice USN-2495-1
February 10, 2015
oxide-qt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide. (CVE-2015-1209)
It was discovered that V8 did not properly consider frame access
restrictions when throwing exceptions in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same origin restrictions. If a user were tricked in to
downloading and opening a specially crafted HTML file, an attacker could
potentially exploit this to bypass security restrictions. (CVE-2015-1212)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
liboxideqtcore0 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2015:0163-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0163.html
Issue date: 2015-02-10
CVE Names: CVE-2015-1209 CVE-2015-1210 CVE-2015-1211
CVE-2015-1212
=====================================================================
1. Summary:
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 40.0.2214.111, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1190123 - CVE-2015-1209 chromium-browser: use-after-free in DOM
1190124 - CVE-2015-1210 chromium-browser: cross-origin-bypass in V8 bindings
1190125 - CVE-2015-1211 chromium-browser: privilege escalation in service workers
1190158 - CVE-2015-1212 chromium-browser: various security fixes in Chrome 40.0.2214.111
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-1209
https://access.redhat.com/security/cve/CVE-2015-1210
https://access.redhat.com/security/cve/CVE-2015-1211
https://access.redhat.com/security/cve/CVE-2015-1212
https://access.redhat.com/security/updates/classification/#important
http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU2oc6XlSAg2UNWIIRArgRAJ0UDk0z8qCzqVFIRSEuiIgr3tP9swCfdFO2
59ank3BbCLmfdBRtQ9lpFz4=
=mT/S
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201502-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: February 17, 2015
Bugs: #537366, #539094
ID: 201502-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to cause Denial of Service or gain
escalated privileges.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 40.0.2214.111 >= 40.0.2214.111
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to cause a Denial of Service condition,
gain privileges via a filesystem: URI, or have other unspecified
impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-40.0.2214.111"
References
==========
[ 1 ] CVE-2014-7923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923
[ 2 ] CVE-2014-7924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924
[ 3 ] CVE-2014-7925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925
[ 4 ] CVE-2014-7926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926
[ 5 ] CVE-2014-7927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927
[ 6 ] CVE-2014-7928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928
[ 7 ] CVE-2014-7929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929
[ 8 ] CVE-2014-7930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930
[ 9 ] CVE-2014-7931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931
[ 10 ] CVE-2014-7932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932
[ 11 ] CVE-2014-7933
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933
[ 12 ] CVE-2014-7934
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934
[ 13 ] CVE-2014-7935
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935
[ 14 ] CVE-2014-7936
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936
[ 15 ] CVE-2014-7937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
[ 16 ] CVE-2014-7938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938
[ 17 ] CVE-2014-7939
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939
[ 18 ] CVE-2014-7940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940
[ 19 ] CVE-2014-7941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941
[ 20 ] CVE-2014-7942
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942
[ 21 ] CVE-2014-7943
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943
[ 22 ] CVE-2014-7944
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944
[ 23 ] CVE-2014-7945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945
[ 24 ] CVE-2014-7946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946
[ 25 ] CVE-2014-7947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947
[ 26 ] CVE-2014-7948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948
[ 27 ] CVE-2014-9646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646
[ 28 ] CVE-2014-9647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647
[ 29 ] CVE-2014-9648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648
[ 30 ] CVE-2015-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205
[ 31 ] CVE-2015-1209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209
[ 32 ] CVE-2015-1210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210
[ 33 ] CVE-2015-1211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211
[ 34 ] CVE-2015-1212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212
[ 35 ] CVE-2015-1346
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346
[ 36 ] CVE-2015-1359
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359
[ 37 ] CVE-2015-1360
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360
[ 38 ] CVE-2015-1361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-13.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201502-0409 | CVE-2015-1210 | Google Chrome Used in Blink of V8 Vulnerability to bypass same origin policy in binding |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Google Chrome is prone to multiple vulnerabilities.
Attackers may exploit these issues to execute arbitrary code, bypass the same-origin policy and gain elevated privileges; other attacks are also possible. Google Chrome is a web browser developed by Google (Google). Blink is a browser typesetting engine (rendering engine) jointly developed by Google and Opera Software. There is a security vulnerability in the 'V8ThrowException::createDOMException' function in the bindings/core/v8/V8ThrowException.cpp file in the bindings/core/v8/V8ThrowException.cpp file of Blink used in Google Chrome. Framework access restrictions. The following versions are affected: Google Chrome 40.0.2214.93 and earlier for Windows, OS X, and Linux, and Google Chrome 40.0.2214.89 and earlier for Android. ============================================================================
Ubuntu Security Notice USN-2495-1
February 10, 2015
oxide-qt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide. (CVE-2015-1209)
It was discovered that V8 did not properly consider frame access
restrictions when throwing exceptions in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same origin restrictions.
(CVE-2015-1210)
It was discovered that Chromium did not properly restrict the URI scheme
during ServiceWorker registration. If a user were tricked in to
downloading and opening a specially crafted HTML file, an attacker could
potentially exploit this to bypass security restrictions. (CVE-2015-1212)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
liboxideqtcore0 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2015:0163-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0163.html
Issue date: 2015-02-10
CVE Names: CVE-2015-1209 CVE-2015-1210 CVE-2015-1211
CVE-2015-1212
=====================================================================
1. Summary:
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 40.0.2214.111, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1190123 - CVE-2015-1209 chromium-browser: use-after-free in DOM
1190124 - CVE-2015-1210 chromium-browser: cross-origin-bypass in V8 bindings
1190125 - CVE-2015-1211 chromium-browser: privilege escalation in service workers
1190158 - CVE-2015-1212 chromium-browser: various security fixes in Chrome 40.0.2214.111
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-1209
https://access.redhat.com/security/cve/CVE-2015-1210
https://access.redhat.com/security/cve/CVE-2015-1211
https://access.redhat.com/security/cve/CVE-2015-1212
https://access.redhat.com/security/updates/classification/#important
http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU2oc6XlSAg2UNWIIRArgRAJ0UDk0z8qCzqVFIRSEuiIgr3tP9swCfdFO2
59ank3BbCLmfdBRtQ9lpFz4=
=mT/S
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201502-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: February 17, 2015
Bugs: #537366, #539094
ID: 201502-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to cause Denial of Service or gain
escalated privileges.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 40.0.2214.111 >= 40.0.2214.111
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to cause a Denial of Service condition,
gain privileges via a filesystem: URI, or have other unspecified
impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-40.0.2214.111"
References
==========
[ 1 ] CVE-2014-7923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923
[ 2 ] CVE-2014-7924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924
[ 3 ] CVE-2014-7925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925
[ 4 ] CVE-2014-7926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926
[ 5 ] CVE-2014-7927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927
[ 6 ] CVE-2014-7928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928
[ 7 ] CVE-2014-7929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929
[ 8 ] CVE-2014-7930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930
[ 9 ] CVE-2014-7931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931
[ 10 ] CVE-2014-7932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932
[ 11 ] CVE-2014-7933
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933
[ 12 ] CVE-2014-7934
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934
[ 13 ] CVE-2014-7935
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935
[ 14 ] CVE-2014-7936
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936
[ 15 ] CVE-2014-7937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
[ 16 ] CVE-2014-7938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938
[ 17 ] CVE-2014-7939
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939
[ 18 ] CVE-2014-7940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940
[ 19 ] CVE-2014-7941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941
[ 20 ] CVE-2014-7942
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942
[ 21 ] CVE-2014-7943
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943
[ 22 ] CVE-2014-7944
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944
[ 23 ] CVE-2014-7945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945
[ 24 ] CVE-2014-7946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946
[ 25 ] CVE-2014-7947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947
[ 26 ] CVE-2014-7948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948
[ 27 ] CVE-2014-9646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646
[ 28 ] CVE-2014-9647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647
[ 29 ] CVE-2014-9648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648
[ 30 ] CVE-2015-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205
[ 31 ] CVE-2015-1209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209
[ 32 ] CVE-2015-1210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210
[ 33 ] CVE-2015-1211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211
[ 34 ] CVE-2015-1212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212
[ 35 ] CVE-2015-1346
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346
[ 36 ] CVE-2015-1359
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359
[ 37 ] CVE-2015-1360
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360
[ 38 ] CVE-2015-1361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-13.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201502-0408 | CVE-2015-1209 | Google Chrome Used in Blink of DOM Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlBy a third party shadow-root Crafted to induce improper handling of anchors JavaScript Service disruption through code (DoS) There is a possibility of being affected unspecified, such as being in a state. Google Chrome is prone to multiple vulnerabilities.
Attackers may exploit these issues to execute arbitrary code, bypass the same-origin policy and gain elevated privileges; other attacks are also possible. Google Chrome is a web browser developed by Google (Google). Blink is a browser typesetting engine (rendering engine) jointly developed by Google and Opera Software. The following versions are affected: Google Chrome 40.0.2214.93 and earlier for Windows, OS X, and Linux, and Google Chrome 40.0.2214.89 and earlier for Android. ============================================================================
Ubuntu Security Notice USN-2495-1
February 10, 2015
oxide-qt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide. (CVE-2015-1209)
It was discovered that V8 did not properly consider frame access
restrictions when throwing exceptions in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same origin restrictions.
(CVE-2015-1210)
It was discovered that Chromium did not properly restrict the URI scheme
during ServiceWorker registration. If a user were tricked in to
downloading and opening a specially crafted HTML file, an attacker could
potentially exploit this to bypass security restrictions. (CVE-2015-1212)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
liboxideqtcore0 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs 1.4.3-0ubuntu0.14.10.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs 1.4.3-0ubuntu0.14.04.1
oxideqt-codecs-extra 1.4.3-0ubuntu0.14.04.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2015:0163-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0163.html
Issue date: 2015-02-10
CVE Names: CVE-2015-1209 CVE-2015-1210 CVE-2015-1211
CVE-2015-1212
=====================================================================
1. Summary:
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 40.0.2214.111, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1190123 - CVE-2015-1209 chromium-browser: use-after-free in DOM
1190124 - CVE-2015-1210 chromium-browser: cross-origin-bypass in V8 bindings
1190125 - CVE-2015-1211 chromium-browser: privilege escalation in service workers
1190158 - CVE-2015-1212 chromium-browser: various security fixes in Chrome 40.0.2214.111
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
Source:
chromium-browser-40.0.2214.111-1.el6_6.src.rpm
i386:
chromium-browser-40.0.2214.111-1.el6_6.i686.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.i686.rpm
x86_64:
chromium-browser-40.0.2214.111-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-40.0.2214.111-1.el6_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-1209
https://access.redhat.com/security/cve/CVE-2015-1210
https://access.redhat.com/security/cve/CVE-2015-1211
https://access.redhat.com/security/cve/CVE-2015-1212
https://access.redhat.com/security/updates/classification/#important
http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU2oc6XlSAg2UNWIIRArgRAJ0UDk0z8qCzqVFIRSEuiIgr3tP9swCfdFO2
59ank3BbCLmfdBRtQ9lpFz4=
=mT/S
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201502-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: February 17, 2015
Bugs: #537366, #539094
ID: 201502-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to cause Denial of Service or gain
escalated privileges.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 40.0.2214.111 >= 40.0.2214.111
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to cause a Denial of Service condition,
gain privileges via a filesystem: URI, or have other unspecified
impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-40.0.2214.111"
References
==========
[ 1 ] CVE-2014-7923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923
[ 2 ] CVE-2014-7924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924
[ 3 ] CVE-2014-7925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925
[ 4 ] CVE-2014-7926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926
[ 5 ] CVE-2014-7927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927
[ 6 ] CVE-2014-7928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928
[ 7 ] CVE-2014-7929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929
[ 8 ] CVE-2014-7930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930
[ 9 ] CVE-2014-7931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931
[ 10 ] CVE-2014-7932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932
[ 11 ] CVE-2014-7933
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933
[ 12 ] CVE-2014-7934
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934
[ 13 ] CVE-2014-7935
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935
[ 14 ] CVE-2014-7936
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936
[ 15 ] CVE-2014-7937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
[ 16 ] CVE-2014-7938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938
[ 17 ] CVE-2014-7939
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939
[ 18 ] CVE-2014-7940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940
[ 19 ] CVE-2014-7941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941
[ 20 ] CVE-2014-7942
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942
[ 21 ] CVE-2014-7943
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943
[ 22 ] CVE-2014-7944
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944
[ 23 ] CVE-2014-7945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945
[ 24 ] CVE-2014-7946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946
[ 25 ] CVE-2014-7947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947
[ 26 ] CVE-2014-7948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948
[ 27 ] CVE-2014-9646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646
[ 28 ] CVE-2014-9647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647
[ 29 ] CVE-2014-9648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648
[ 30 ] CVE-2015-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205
[ 31 ] CVE-2015-1209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209
[ 32 ] CVE-2015-1210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210
[ 33 ] CVE-2015-1211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211
[ 34 ] CVE-2015-1212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212
[ 35 ] CVE-2015-1346
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346
[ 36 ] CVE-2015-1359
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359
[ 37 ] CVE-2015-1360
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360
[ 38 ] CVE-2015-1361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-13.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201502-0134 | CVE-2015-0600 | Cisco Unified IP Phone 9900 Service disruption in the firmware expansion of the series firmware (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. Vendors have confirmed this vulnerability Bug ID CSCuq12139 It is released as.Denial of service operation via a packet crafted by a third party ( log off ) There is a possibility of being put into a state. The device provides voice, video and other functions. This vulnerability could be exploited by a remote attacker to cause a denial of service by sending a specially crafted packet.
This issue is tracked by Cisco Bug ID CSCuq12139
| VAR-201502-0136 | CVE-2015-0602 | Cisco Unified IP Phones 9900 Series Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. Vendors have confirmed this vulnerability Bug ID CSCuq12117 It is released as.If a third party intercepts the network, important information may be obtained. The device provides voice, video and other functions. A remote attacker exploited the vulnerability to gain sensitive information by sniffing the network. This may aid in further attacks.
This issue is tracked by Cisco Bug ID CSCuq12117
| VAR-201502-0137 | CVE-2015-0603 | Cisco Unified IP 9900 phones Service disruption in other firmware (DoS) Vulnerabilities |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. The Cisco Unified IP Phone 9900 is a 9900 series IP telephony terminal device from Cisco. The device provides voice, video and other functions. A security vulnerability exists in the Cisco Unified IP Phone 9900 Series. A local attacker could exploit the vulnerability to cause a denial of service (suspend, restart, or block startup).
This issue is tracked by Cisco Bug ID CSCup90474
| VAR-201502-0133 | CVE-2015-0599 | C-Series Rack Servers Run on Cisco Unified Computing System Vulnerable to a clickjacking attack |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. Vendors have confirmed this vulnerability Bug ID CSCuf50138 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlSkillfully crafted by a third party Web Through the site, clickjacking attacks can be performed and other unspecified effects can be received. Cisco Unified Computing System C-Series Rack Servers is prone to a cross-frame scripting vulnerability.
Successful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible. Cisco Integrated Management Controller (IMC) is a set of management tools used for it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The vulnerability is caused by the program not properly restricting the use of IFRAME elements
| VAR-201502-0413 | CVE-2015-1348 | Aruba Instant Heap-based buffer overflow vulnerability in some firmware |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. Aruba Networks Instant Access Point is prone to a remote heap-based buffer-overflow vulnerability. The solution supports virtual Aruba mobility controllers on 802.11n access points (APs), creating enterprise-class wireless local area networks (WLANs) and enterprise entry-level Wi-Fi networks
| VAR-201503-0144 | CVE-2015-2787 | PHP of ext/standard/var_unserializer.re of process_nested_data Vulnerability in arbitrary code execution in function |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. This vulnerability CVE-2015-0231 And related issues. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. PHP is prone to a remote code-execution vulnerability. Failed attempts will likely result in denial-of-service conditions.
Following are vulnerable:
PHP 5.4.x prior to 5.4.39
PHP 5.5.x prior to 5.5.23
PHP 5.6.x prior to 5.6.7. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A use-after-free vulnerability exists in the 'process_nested_data' function in PHP's ext/standard/var_unserializer.re file. ==========================================================================
Ubuntu Security Notice USN-2572-1
April 20, 2015
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in PHP. This issue only applied to
Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-2787)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.4
php5-cgi 5.5.12+dfsg-2ubuntu4.4
php5-cli 5.5.12+dfsg-2ubuntu4.4
php5-fpm 5.5.12+dfsg-2ubuntu4.4
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9
php5-cgi 5.5.9+dfsg-1ubuntu4.9
php5-cli 5.5.9+dfsg-1ubuntu4.9
php5-fpm 5.5.9+dfsg-1ubuntu4.9
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.18
php5-cgi 5.3.10-1ubuntu3.18
php5-cli 5.3.10-1ubuntu3.18
php5-fpm 5.3.10-1ubuntu3.18
Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.30
php5-cgi 5.3.2-1ubuntu4.30
php5-cli 5.3.2-1ubuntu4.30
In general, a standard system update will make all the necessary changes. 6) - i386, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: php security and bug fix update
Advisory ID: RHSA-2015:1135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1135.html
Issue date: 2015-06-23
CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705
CVE-2014-9709 CVE-2015-0231 CVE-2015-0232
CVE-2015-0273 CVE-2015-2301 CVE-2015-2348
CVE-2015-2783 CVE-2015-2787 CVE-2015-3307
CVE-2015-3329 CVE-2015-3330 CVE-2015-3411
CVE-2015-3412 CVE-2015-4021 CVE-2015-4022
CVE-2015-4024 CVE-2015-4025 CVE-2015-4026
CVE-2015-4147 CVE-2015-4148 CVE-2015-4598
CVE-2015-4599 CVE-2015-4600 CVE-2015-4601
CVE-2015-4602 CVE-2015-4603 CVE-2015-4604
CVE-2015-4605
=====================================================================
1. Summary:
Updated php packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the PHP module for the Apache httpd web server
handled pipelined requests. (CVE-2015-3330)
A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)
An uninitialized pointer use flaw was found in PHP's Exif extension.
(CVE-2015-0232)
An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. (CVE-2015-4022)
Multiple flaws were discovered in the way PHP performed object
unserialization. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,
CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)
It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,
CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)
Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)
Multiple flaws were found in PHP's File Information (fileinfo) extension.
A remote attacker could cause a PHP application to crash if it used
fileinfo to identify type of attacker supplied files. (CVE-2014-9652,
CVE-2015-4604, CVE-2015-4605)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
This update also fixes the following bugs:
* The libgmp library in some cases terminated unexpectedly with a
segmentation fault when being used with other libraries that use the GMP
memory management. With this update, PHP no longer changes libgmp memory
allocators, which prevents the described crash from occurring. (BZ#1212305)
* When using the Open Database Connectivity (ODBC) API, the PHP process
in some cases terminated unexpectedly with a segmentation fault. The
underlying code has been adjusted to prevent this crash. (BZ#1212299)
* Previously, running PHP on a big-endian system sometimes led to memory
corruption in the fileinfo module.
(BZ#1212298)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions
1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo
1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing
1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()
1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS
1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods
1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions
1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize
1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
ppc64:
php-5.4.16-36.el7_1.ppc64.rpm
php-cli-5.4.16-36.el7_1.ppc64.rpm
php-common-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-gd-5.4.16-36.el7_1.ppc64.rpm
php-ldap-5.4.16-36.el7_1.ppc64.rpm
php-mysql-5.4.16-36.el7_1.ppc64.rpm
php-odbc-5.4.16-36.el7_1.ppc64.rpm
php-pdo-5.4.16-36.el7_1.ppc64.rpm
php-pgsql-5.4.16-36.el7_1.ppc64.rpm
php-process-5.4.16-36.el7_1.ppc64.rpm
php-recode-5.4.16-36.el7_1.ppc64.rpm
php-soap-5.4.16-36.el7_1.ppc64.rpm
php-xml-5.4.16-36.el7_1.ppc64.rpm
php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-5.4.16-36.el7_1.s390x.rpm
php-cli-5.4.16-36.el7_1.s390x.rpm
php-common-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-gd-5.4.16-36.el7_1.s390x.rpm
php-ldap-5.4.16-36.el7_1.s390x.rpm
php-mysql-5.4.16-36.el7_1.s390x.rpm
php-odbc-5.4.16-36.el7_1.s390x.rpm
php-pdo-5.4.16-36.el7_1.s390x.rpm
php-pgsql-5.4.16-36.el7_1.s390x.rpm
php-process-5.4.16-36.el7_1.s390x.rpm
php-recode-5.4.16-36.el7_1.s390x.rpm
php-soap-5.4.16-36.el7_1.s390x.rpm
php-xml-5.4.16-36.el7_1.s390x.rpm
php-xmlrpc-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.ael7b_1.src.rpm
ppc64le:
php-5.4.16-36.ael7b_1.ppc64le.rpm
php-cli-5.4.16-36.ael7b_1.ppc64le.rpm
php-common-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-gd-5.4.16-36.ael7b_1.ppc64le.rpm
php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm
php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm
php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm
php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm
php-process-5.4.16-36.ael7b_1.ppc64le.rpm
php-recode-5.4.16-36.ael7b_1.ppc64le.rpm
php-soap-5.4.16-36.ael7b_1.ppc64le.rpm
php-xml-5.4.16-36.ael7b_1.ppc64le.rpm
php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
php-bcmath-5.4.16-36.el7_1.ppc64.rpm
php-dba-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-devel-5.4.16-36.el7_1.ppc64.rpm
php-embedded-5.4.16-36.el7_1.ppc64.rpm
php-enchant-5.4.16-36.el7_1.ppc64.rpm
php-fpm-5.4.16-36.el7_1.ppc64.rpm
php-intl-5.4.16-36.el7_1.ppc64.rpm
php-mbstring-5.4.16-36.el7_1.ppc64.rpm
php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm
php-pspell-5.4.16-36.el7_1.ppc64.rpm
php-snmp-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-bcmath-5.4.16-36.el7_1.s390x.rpm
php-dba-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-devel-5.4.16-36.el7_1.s390x.rpm
php-embedded-5.4.16-36.el7_1.s390x.rpm
php-enchant-5.4.16-36.el7_1.s390x.rpm
php-fpm-5.4.16-36.el7_1.s390x.rpm
php-intl-5.4.16-36.el7_1.s390x.rpm
php-mbstring-5.4.16-36.el7_1.s390x.rpm
php-mysqlnd-5.4.16-36.el7_1.s390x.rpm
php-pspell-5.4.16-36.el7_1.s390x.rpm
php-snmp-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm
php-dba-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-devel-5.4.16-36.ael7b_1.ppc64le.rpm
php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm
php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm
php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm
php-intl-5.4.16-36.ael7b_1.ppc64le.rpm
php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm
php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm
php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2783
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-3307
https://access.redhat.com/security/cve/CVE-2015-3329
https://access.redhat.com/security/cve/CVE-2015-3330
https://access.redhat.com/security/cve/CVE-2015-3411
https://access.redhat.com/security/cve/CVE-2015-3412
https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4025
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/cve/CVE-2015-4599
https://access.redhat.com/security/cve/CVE-2015-4600
https://access.redhat.com/security/cve/CVE-2015-4601
https://access.redhat.com/security/cve/CVE-2015-4602
https://access.redhat.com/security/cve/CVE-2015-4603
https://access.redhat.com/security/cve/CVE-2015-4604
https://access.redhat.com/security/cve/CVE-2015-4605
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O
dtqycPWs+07GhjmZ6NNx5Bg=
=FREZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PHP: Multiple vulnerabilities
Date: June 19, 2016
Bugs: #537586, #541098, #544186, #544330, #546872, #549538,
#552408, #555576, #555830, #556952, #559612, #562882,
#571254, #573892, #577376
ID: 201606-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in PHP, the worst of which
could lead to arbitrary code execution, or cause a Denial of Service
condition.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
PHP 5.4 is now masked in Portage:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
==========
[ 1 ] CVE-2013-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
[ 2 ] CVE-2014-9705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
[ 3 ] CVE-2014-9709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
[ 4 ] CVE-2015-0231
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
[ 5 ] CVE-2015-0273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
[ 6 ] CVE-2015-1351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
[ 7 ] CVE-2015-1352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
[ 8 ] CVE-2015-2301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
[ 9 ] CVE-2015-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
[ 10 ] CVE-2015-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
[ 11 ] CVE-2015-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
[ 12 ] CVE-2015-3329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
[ 13 ] CVE-2015-3330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
[ 14 ] CVE-2015-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
[ 15 ] CVE-2015-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
[ 16 ] CVE-2015-4025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
[ 17 ] CVE-2015-4026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
[ 18 ] CVE-2015-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
[ 19 ] CVE-2015-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
[ 20 ] CVE-2015-4642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
[ 21 ] CVE-2015-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
[ 22 ] CVE-2015-4644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
[ 23 ] CVE-2015-6831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
[ 24 ] CVE-2015-6832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
[ 25 ] CVE-2015-6833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
[ 26 ] CVE-2015-6834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
[ 27 ] CVE-2015-6835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
[ 28 ] CVE-2015-6836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
[ 29 ] CVE-2015-6837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
[ 30 ] CVE-2015-6838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
[ 31 ] CVE-2015-7803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
[ 32 ] CVE-2015-7804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. The php55 packages provide a recent stable release of PHP with
the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a
number of additional utilities. (CVE-2014-9709)
A use-after-free flaw was found in PHP's OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory
| VAR-201502-0213 | CVE-2014-8021 | Cisco AnyConnect Secure Mobility Client and Cisco HostScan Engine cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149. Vendors have confirmed this vulnerability Bug ID CSCup82990 ,and CSCuq80149 It is released as.Applet pass URL Depending on the problem, any Web Script or HTML May be inserted.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID's CSCup82990 and CSCuq80149
| VAR-201502-0477 | CVE-2015-0929 | SerVision HVG Video Gateway web interface contains multiple vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. SerVision HVG Video Gateway is an intelligent video gateway product from SerVision, Israel. This may aid in further attacks
| VAR-201502-0369 | CVE-2015-1357 | plural Siemens Ruggedcom WIN Vulnerability to get password hash on device |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. Security vulnerabilities exist in several Siemens Ruggedcom products.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks
| VAR-201502-0391 | CVE-2015-1448 | plural Siemens Ruggedcom WIN Vulnerability that bypasses authentication in device firmware integrated management service |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. There are security holes in the integrated management services for several Siemens Ruggedcom products. A remote attacker could exploit the vulnerability to bypass authentication and perform administrator actions.
Siemens Ruggedcom WIN products running firmware versions prior to BS4.4.4621.32 are vulnerable
| VAR-201502-0392 | CVE-2015-1449 | plural Siemens Ruggedcom WIN Integrated device firmware Web Server buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. Siemens Ruggedcom WIN51xx, WIN52xx, WIN70xx and WIN72xx are broadband wireless base station products from Siemens AG. A remote attacker can exploit this vulnerability to execute arbitrary code. Ruggedcom WIN products are prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts may result in a denial-of-service condition