VARIoT IoT vulnerabilities database
| VAR-201504-0197 | CVE-2015-0612 | Cisco Unity Connection of Connection Conversation Manager Service disruption in the process (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062. Vendors have confirmed this vulnerability Bug ID CSCuh25062 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlSkillfully crafted by a third party UDP Service disruption via packets (SIP Stop ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial of service condition.
These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following releases are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU6, 8.6 prior to 8.6(2a)SU4, and 9.x prior to 9.1(2)SU2
| VAR-201504-0198 | CVE-2015-0613 | Cisco Unity Connection of Connection Conversation Manager Service disruption in the process (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444. Vendors have confirmed this vulnerability Bug ID CSCul20444 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlSkillfully crafted by a third party SIP INVITE Service disruption via message ( Core dump and reboot ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial of service condition.
These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following versions are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, 9.x prior to 9.1(2)SU2, and 10.0 prior to 10.0(1)SU1
| VAR-201504-0199 | CVE-2015-0614 | Cisco Unity Connection of Connection Conversation Manager Denial of service in process (DoS) Vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. Vendors report this vulnerability Bug ID CSCul26267 Published as. Supplementary information : CWE Vulnerability types by CWE-19: Data Handling ( Data processing ) Has been identified. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial of service condition.
These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following versions are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, 9.x prior to 9.1(2)SU2, and 10.0 prior to 10.0(1)SU1
| VAR-201504-0200 | CVE-2015-0615 | Cisco Unity Connection Service disruption in the implementation of call processing (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089. Vendors have confirmed this vulnerability Bug ID CSCul28089 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party SIP Service operation disruption due to improper termination of session ( Port consumption ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial of service condition.
These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following versions are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, 9.x prior to 9.1(2)SU2, and 10.0 prior to 10.0(1)SU1
| VAR-201504-0201 | CVE-2015-0616 | Cisco Unity Connection of Connection Conversation Manager Service disruption in the process (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819. Vendors have confirmed this vulnerability Bug ID CSCul69819 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party SIP TCP Service operation disruption due to improper termination of connection ( Core dump and reboot ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial of service condition.
These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following releases are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, and 9.x prior to 9.1(2)SU2
| VAR-201706-0182 | CVE-2015-0936 | Ceragon FibeAir IP-10 In SSH Vulnerability for which access rights are acquired |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. The Ceragon FiberAir IP-10 is a wireless microwave transmission device from Israel's Ceragon. Ceragon FiberAir IP-10 is prone to an information-disclosure vulnerability
| VAR-201504-0422 | CVE-2015-1233 | Google Chrome Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlA third party may execute arbitrary code. Google Chrome is prone to multiple unspecified remote code-execution vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to Google Chrome 41.0.2272.118 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201506-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: June 23, 2015
Bugs: #545300, #546728, #548108, #549944
ID: 201506-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been fixed in Chromium, the worst of
which can cause arbitrary remote code execution.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 43.0.2357.65 >= 43.0.2357.65
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker can cause arbitrary remote code execution, Denial of
Service or bypass of security mechanisms.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-43.0.2357.65"
References
==========
[ 1 ] CVE-2015-1233
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1233
[ 2 ] CVE-2015-1234
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1234
[ 3 ] CVE-2015-1235
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1235
[ 4 ] CVE-2015-1236
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1236
[ 5 ] CVE-2015-1237
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1237
[ 6 ] CVE-2015-1238
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1238
[ 7 ] CVE-2015-1240
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1240
[ 8 ] CVE-2015-1241
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1241
[ 9 ] CVE-2015-1242
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1242
[ 10 ] CVE-2015-1243
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1243
[ 11 ] CVE-2015-1244
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1244
[ 12 ] CVE-2015-1245
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1245
[ 13 ] CVE-2015-1246
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1246
[ 14 ] CVE-2015-1247
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1247
[ 15 ] CVE-2015-1248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1248
[ 16 ] CVE-2015-1250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1250
[ 17 ] CVE-2015-1251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1251
[ 18 ] CVE-2015-1252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1252
[ 19 ] CVE-2015-1253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1253
[ 20 ] CVE-2015-1254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1254
[ 21 ] CVE-2015-1255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1255
[ 22 ] CVE-2015-1256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1256
[ 23 ] CVE-2015-1257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1257
[ 24 ] CVE-2015-1258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1258
[ 25 ] CVE-2015-1259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1259
[ 26 ] CVE-2015-1260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1260
[ 27 ] CVE-2015-1262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1262
[ 28 ] CVE-2015-1263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1263
[ 29 ] CVE-2015-1264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1264
[ 30 ] CVE-2015-1265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1265
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: chromium-browser security update
Advisory ID: RHSA-2015:0778-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0778.html
Issue date: 2015-04-06
CVE Names: CVE-2015-1233 CVE-2015-1234
=====================================================================
1. Summary:
Updated chromium-browser packages that fix two security issues are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1233, CVE-2015-1234)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 41.0.2272.118, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
Source:
chromium-browser-41.0.2272.118-1.el6_6.src.rpm
i386:
chromium-browser-41.0.2272.118-1.el6_6.i686.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm
x86_64:
chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
Source:
chromium-browser-41.0.2272.118-1.el6_6.src.rpm
i386:
chromium-browser-41.0.2272.118-1.el6_6.i686.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm
x86_64:
chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
Source:
chromium-browser-41.0.2272.118-1.el6_6.src.rpm
i386:
chromium-browser-41.0.2272.118-1.el6_6.i686.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm
x86_64:
chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-1233
https://access.redhat.com/security/cve/CVE-2015-1234
https://access.redhat.com/security/updates/classification/#critical
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVIpk8XlSAg2UNWIIRAqvfAJ4gF/bAUqQnIGEvpjz2gm98etxcJQCdEYz1
RYA4PeHRl1iWQQ2YMJdo6rg=
=oA8r
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ============================================================================
Ubuntu Security Notice USN-2556-1
April 07, 2015
oxide-qt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide. (CVE-2015-1233)
A buffer overflow was discovered in the GPU service. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash. (CVE-2015-1234)
It was discovered that Oxide did not correctly manage the lifetime of
BrowserContext, resulting in a potential use-after-free in some
circumstances. (CVE-2015-1317)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
liboxideqtcore0 1.5.6-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.5.6-0ubuntu0.14.04.2
In general, a standard system update will make all the necessary changes
| VAR-201504-0423 | CVE-2015-1234 | Google Chrome of gpu/command_buffer/service/gles2_cmd_decoder.cc Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of communication between the GPU process and the renderer processes. The issue lies in the verification of values from the renderer without copying them out of a shared memory section. An attacker can leverage this vulnerability to execute code under the context of the current process. Google Chrome is prone to a buffer-overflow vulnerability. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to Google Chrome 41.0.2272.118 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: chromium-browser security update
Advisory ID: RHSA-2015:0778-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0778.html
Issue date: 2015-04-06
CVE Names: CVE-2015-1233 CVE-2015-1234
=====================================================================
1. Summary:
Updated chromium-browser packages that fix two security issues are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1233, CVE-2015-1234)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 41.0.2272.118, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1208422 - CVE-2015-1233 chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution
1208424 - CVE-2015-1234 chromium-browser: buffer overflow via race condition in GPU
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
Source:
chromium-browser-41.0.2272.118-1.el6_6.src.rpm
i386:
chromium-browser-41.0.2272.118-1.el6_6.i686.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm
x86_64:
chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
Source:
chromium-browser-41.0.2272.118-1.el6_6.src.rpm
i386:
chromium-browser-41.0.2272.118-1.el6_6.i686.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm
x86_64:
chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
Source:
chromium-browser-41.0.2272.118-1.el6_6.src.rpm
i386:
chromium-browser-41.0.2272.118-1.el6_6.i686.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.i686.rpm
x86_64:
chromium-browser-41.0.2272.118-1.el6_6.x86_64.rpm
chromium-browser-debuginfo-41.0.2272.118-1.el6_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-1233
https://access.redhat.com/security/cve/CVE-2015-1234
https://access.redhat.com/security/updates/classification/#critical
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVIpk8XlSAg2UNWIIRAqvfAJ4gF/bAUqQnIGEvpjz2gm98etxcJQCdEYz1
RYA4PeHRl1iWQQ2YMJdo6rg=
=oA8r
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ============================================================================
Ubuntu Security Notice USN-2556-1
April 07, 2015
oxide-qt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Oxide.
Software Description:
- oxide-qt: Web browser engine library for Qt (QML plugin)
Details:
It was discovered that Chromium did not properly handle the interaction
of IPC, the gamepad API and V8. (CVE-2015-1233)
A buffer overflow was discovered in the GPU service. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash. (CVE-2015-1234)
It was discovered that Oxide did not correctly manage the lifetime of
BrowserContext, resulting in a potential use-after-free in some
circumstances. (CVE-2015-1317)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
liboxideqtcore0 1.5.6-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0 1.5.6-0ubuntu0.14.04.2
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201506-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: June 23, 2015
Bugs: #545300, #546728, #548108, #549944
ID: 201506-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been fixed in Chromium, the worst of
which can cause arbitrary remote code execution.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 43.0.2357.65 >= 43.0.2357.65
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-43.0.2357.65"
References
==========
[ 1 ] CVE-2015-1233
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1233
[ 2 ] CVE-2015-1234
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1234
[ 3 ] CVE-2015-1235
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1235
[ 4 ] CVE-2015-1236
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1236
[ 5 ] CVE-2015-1237
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1237
[ 6 ] CVE-2015-1238
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1238
[ 7 ] CVE-2015-1240
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1240
[ 8 ] CVE-2015-1241
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1241
[ 9 ] CVE-2015-1242
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1242
[ 10 ] CVE-2015-1243
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1243
[ 11 ] CVE-2015-1244
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1244
[ 12 ] CVE-2015-1245
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1245
[ 13 ] CVE-2015-1246
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1246
[ 14 ] CVE-2015-1247
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1247
[ 15 ] CVE-2015-1248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1248
[ 16 ] CVE-2015-1250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1250
[ 17 ] CVE-2015-1251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1251
[ 18 ] CVE-2015-1252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1252
[ 19 ] CVE-2015-1253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1253
[ 20 ] CVE-2015-1254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1254
[ 21 ] CVE-2015-1255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1255
[ 22 ] CVE-2015-1256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1256
[ 23 ] CVE-2015-1257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1257
[ 24 ] CVE-2015-1258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1258
[ 25 ] CVE-2015-1259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1259
[ 26 ] CVE-2015-1260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1260
[ 27 ] CVE-2015-1262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1262
[ 28 ] CVE-2015-1263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1263
[ 29 ] CVE-2015-1264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1264
[ 30 ] CVE-2015-1265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1265
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-04
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201504-0263 | CVE-2015-0682 | Cisco Unified Communications Domain Manager Vulnerable to arbitrary code execution |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue being tracked by Cisco Bug ID CSCup90168. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A security vulnerability exists in Cisco UCDM release 8.1(4)
| VAR-201504-0264 | CVE-2015-0683 | Cisco Unified Communications Domain Manager Vulnerability in which important information is obtained |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.
Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks.
This issue is tracked by Cisco Bug ID CSCup94744. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A security vulnerability exists in Cisco UCDM release 8.1(4)
| VAR-201504-0265 | CVE-2015-0684 | Cisco Unified Communications Domain Manager of Image Management In the component SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.
Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue is tracked by Cisco Bug ID CSCuq52515. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The vulnerability is caused by the program not adequately filtering the input submitted by the user. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands
| VAR-201504-0266 | CVE-2015-0685 | ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 fails to properly handle routing neighbor advertisements. An unauthenticated attacker sends a malicious IP packet to the affected device, causing the device to stop responding. Cisco ASR 9000 Series Routers are prone to a remote denial-of-service vulnerability.
This issue is being tracked by Cisco Bug ID CSCub31873. Cisco IOS XE is an operating system developed by Cisco for its network equipment. There is a security vulnerability in versions earlier than Cisco IOS XE 3.7.5S. The vulnerability is caused by the fact that the program does not correctly handle the adjacency relationship of routers
| VAR-201503-0073 | CVE-2015-0985 | XZERES 442SR Wind Turbines Run on XZERES 442SR OS Vulnerable to cross-site request forgery |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request
| VAR-201504-0075 | CVE-2015-0976 |
Inductive Automation Ignition Cross-Site Scripting Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201503-0316 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition has a security vulnerability that could allow an attacker to execute malicious content in a vulnerable web application. The server reads the data directly from the HTTP request and then returns it in the HTTP response.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks
| VAR-201504-0078 | CVE-2015-0992 | Inductive Automation Ignition Vulnerability in which important information is obtained |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation
| VAR-201504-0066 | CVE-2015-0995 | Inductive Automation Ignition Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation.
An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible
| VAR-201504-0076 | CVE-2015-0990 | Ecava IntegraXor SCADA Server Vulnerability gained in |
CVSS V2: 4.4 CVSS V3: - Severity: MEDIUM |
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlRenamed by the local user in the default installation directory DLL You may get permission through. IntegraXor is a human-machine interface for creating and running web-based SCADA systems. IntegraXor SCADA Server Prior to 4.2.4488, there was a security vulnerability in handling renamed malicious DLLs. If an attacker ported an unsafe DLL in the default installation location, malicious code could be executed in the affected application. Ecava Integraxor SCADA Server is prone to multiple local arbitrary code-execution vulnerabilities.
A local attacker can leverage these issues to execute arbitrary code with application privileges. Failed attempts may lead to denial-of-service conditions
| VAR-201504-0079 | CVE-2015-0993 | Inductive Automation Ignition Invalid Session Expiration Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAccess restrictions may be avoided by using an unattended workstation by a third party. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition does not delete the session after the user quits, which allows the attacker to reuse the current session.
Successful exploits may allow an attacker to gain unauthorized access to the affected application
| VAR-201504-0077 | CVE-2015-0991 | Inductive Automation Ignition Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. This may aid in further attacks
| VAR-201504-0065 | CVE-2015-0994 | Inductive Automation Ignition Security Bypass Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. Inductive Automation Ignition The brute force ( Brute force attack ) A vulnerability exists that bypasses the protection mechanism. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition prevents security attacks from violent attacks.
An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible