VARIoT IoT vulnerabilities database
| VAR-201503-0206 | CVE-2015-2301 | PHP ‘ phar_rename_archive 'Reuse the function after the release of the vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The php54 packages provide a recent stable release of PHP with
the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a
number of additional utilities. 6) - i386, x86_64
3.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded.
This update fixes some security issues.
Please note that this package build also moves the configuration files
from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz
Slackware 14.1 package:
9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz
Slackware -current package:
30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz
Slackware x86_64 -current package:
1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.40-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. Summary:
Updated php packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the PHP module for the Apache httpd web server
handled pipelined requests. (CVE-2015-3330)
A flaw was found in the way PHP parsed multipart HTTP POST requests. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,
CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)
It was found that certain PHP functions did not properly handle file names
containing a NULL character. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,
CVE-2015-3411, CVE-2015-3412, CVE-2015-4598)
Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives.
(CVE-2014-9705)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. (CVE-2014-9709)
This update also fixes the following bugs:
* The libgmp library in some cases terminated unexpectedly with a
segmentation fault when being used with other libraries that use the GMP
memory management. With this update, PHP no longer changes libgmp memory
allocators, which prevents the described crash from occurring. (BZ#1212305)
* When using the Open Database Connectivity (ODBC) API, the PHP process
in some cases terminated unexpectedly with a segmentation fault. The
underlying code has been adjusted to prevent this crash. (BZ#1212299)
* Previously, running PHP on a big-endian system sometimes led to memory
corruption in the fileinfo module. This update adjusts the behavior of
the PHP pointer so that it can be freed without causing memory corruption. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions
1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo
1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing
1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode()
1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS
1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods
1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing
1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character
1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile caused by empty entry file name
1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata()
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions
1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions
1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize
1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
ppc64:
php-5.4.16-36.el7_1.ppc64.rpm
php-cli-5.4.16-36.el7_1.ppc64.rpm
php-common-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-gd-5.4.16-36.el7_1.ppc64.rpm
php-ldap-5.4.16-36.el7_1.ppc64.rpm
php-mysql-5.4.16-36.el7_1.ppc64.rpm
php-odbc-5.4.16-36.el7_1.ppc64.rpm
php-pdo-5.4.16-36.el7_1.ppc64.rpm
php-pgsql-5.4.16-36.el7_1.ppc64.rpm
php-process-5.4.16-36.el7_1.ppc64.rpm
php-recode-5.4.16-36.el7_1.ppc64.rpm
php-soap-5.4.16-36.el7_1.ppc64.rpm
php-xml-5.4.16-36.el7_1.ppc64.rpm
php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-5.4.16-36.el7_1.s390x.rpm
php-cli-5.4.16-36.el7_1.s390x.rpm
php-common-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-gd-5.4.16-36.el7_1.s390x.rpm
php-ldap-5.4.16-36.el7_1.s390x.rpm
php-mysql-5.4.16-36.el7_1.s390x.rpm
php-odbc-5.4.16-36.el7_1.s390x.rpm
php-pdo-5.4.16-36.el7_1.s390x.rpm
php-pgsql-5.4.16-36.el7_1.s390x.rpm
php-process-5.4.16-36.el7_1.s390x.rpm
php-recode-5.4.16-36.el7_1.s390x.rpm
php-soap-5.4.16-36.el7_1.s390x.rpm
php-xml-5.4.16-36.el7_1.s390x.rpm
php-xmlrpc-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
php-5.4.16-36.ael7b_1.src.rpm
ppc64le:
php-5.4.16-36.ael7b_1.ppc64le.rpm
php-cli-5.4.16-36.ael7b_1.ppc64le.rpm
php-common-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-gd-5.4.16-36.ael7b_1.ppc64le.rpm
php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm
php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm
php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm
php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm
php-process-5.4.16-36.ael7b_1.ppc64le.rpm
php-recode-5.4.16-36.ael7b_1.ppc64le.rpm
php-soap-5.4.16-36.ael7b_1.ppc64le.rpm
php-xml-5.4.16-36.ael7b_1.ppc64le.rpm
php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
php-bcmath-5.4.16-36.el7_1.ppc64.rpm
php-dba-5.4.16-36.el7_1.ppc64.rpm
php-debuginfo-5.4.16-36.el7_1.ppc64.rpm
php-devel-5.4.16-36.el7_1.ppc64.rpm
php-embedded-5.4.16-36.el7_1.ppc64.rpm
php-enchant-5.4.16-36.el7_1.ppc64.rpm
php-fpm-5.4.16-36.el7_1.ppc64.rpm
php-intl-5.4.16-36.el7_1.ppc64.rpm
php-mbstring-5.4.16-36.el7_1.ppc64.rpm
php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm
php-pspell-5.4.16-36.el7_1.ppc64.rpm
php-snmp-5.4.16-36.el7_1.ppc64.rpm
s390x:
php-bcmath-5.4.16-36.el7_1.s390x.rpm
php-dba-5.4.16-36.el7_1.s390x.rpm
php-debuginfo-5.4.16-36.el7_1.s390x.rpm
php-devel-5.4.16-36.el7_1.s390x.rpm
php-embedded-5.4.16-36.el7_1.s390x.rpm
php-enchant-5.4.16-36.el7_1.s390x.rpm
php-fpm-5.4.16-36.el7_1.s390x.rpm
php-intl-5.4.16-36.el7_1.s390x.rpm
php-mbstring-5.4.16-36.el7_1.s390x.rpm
php-mysqlnd-5.4.16-36.el7_1.s390x.rpm
php-pspell-5.4.16-36.el7_1.s390x.rpm
php-snmp-5.4.16-36.el7_1.s390x.rpm
x86_64:
php-bcmath-5.4.16-36.el7_1.x86_64.rpm
php-dba-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-devel-5.4.16-36.el7_1.x86_64.rpm
php-embedded-5.4.16-36.el7_1.x86_64.rpm
php-enchant-5.4.16-36.el7_1.x86_64.rpm
php-fpm-5.4.16-36.el7_1.x86_64.rpm
php-intl-5.4.16-36.el7_1.x86_64.rpm
php-mbstring-5.4.16-36.el7_1.x86_64.rpm
php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm
php-pspell-5.4.16-36.el7_1.x86_64.rpm
php-snmp-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm
php-dba-5.4.16-36.ael7b_1.ppc64le.rpm
php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm
php-devel-5.4.16-36.ael7b_1.ppc64le.rpm
php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm
php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm
php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm
php-intl-5.4.16-36.ael7b_1.ppc64le.rpm
php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm
php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm
php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm
php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
php-5.4.16-36.el7_1.src.rpm
x86_64:
php-5.4.16-36.el7_1.x86_64.rpm
php-cli-5.4.16-36.el7_1.x86_64.rpm
php-common-5.4.16-36.el7_1.x86_64.rpm
php-debuginfo-5.4.16-36.el7_1.x86_64.rpm
php-gd-5.4.16-36.el7_1.x86_64.rpm
php-ldap-5.4.16-36.el7_1.x86_64.rpm
php-mysql-5.4.16-36.el7_1.x86_64.rpm
php-odbc-5.4.16-36.el7_1.x86_64.rpm
php-pdo-5.4.16-36.el7_1.x86_64.rpm
php-pgsql-5.4.16-36.el7_1.x86_64.rpm
php-process-5.4.16-36.el7_1.x86_64.rpm
php-recode-5.4.16-36.el7_1.x86_64.rpm
php-soap-5.4.16-36.el7_1.x86_64.rpm
php-xml-5.4.16-36.el7_1.x86_64.rpm
php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2783
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-3307
https://access.redhat.com/security/cve/CVE-2015-3329
https://access.redhat.com/security/cve/CVE-2015-3330
https://access.redhat.com/security/cve/CVE-2015-3411
https://access.redhat.com/security/cve/CVE-2015-3412
https://access.redhat.com/security/cve/CVE-2015-4021
https://access.redhat.com/security/cve/CVE-2015-4022
https://access.redhat.com/security/cve/CVE-2015-4024
https://access.redhat.com/security/cve/CVE-2015-4025
https://access.redhat.com/security/cve/CVE-2015-4026
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/cve/CVE-2015-4598
https://access.redhat.com/security/cve/CVE-2015-4599
https://access.redhat.com/security/cve/CVE-2015-4600
https://access.redhat.com/security/cve/CVE-2015-4601
https://access.redhat.com/security/cve/CVE-2015-4602
https://access.redhat.com/security/cve/CVE-2015-4603
https://access.redhat.com/security/cve/CVE-2015-4604
https://access.redhat.com/security/cve/CVE-2015-4605
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O
dtqycPWs+07GhjmZ6NNx5Bg=
=FREZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
For the stable distribution (wheezy), these problems have been fixed in
version 5.4.39-0+deb7u1. This update also fixes a regression in the
curl support introduced in DSA 3195.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
OS X El Capitan 10.11 is now available and addresses the following:
Address Book
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to inject arbitrary code to
processes loading the Address Book framework
Description: An issue existed in Address Book framework's handling
of an environment variable. This issue was addressed through improved
environment variable handling.
CVE-ID
CVE-2015-5897 : Dan Bastone of Gotham Digital Science
AirScan
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may be able
to extract payload from eSCL packets sent over a secure connection
Description: An issue existed in the processing of eSCL packets.
This issue was addressed through improved validation checks.
CVE-ID
CVE-2015-5853 : an anonymous researcher
apache_mod_php
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.27, including one which may have led to remote code execution.
This issue was addressed by updating PHP to version 5.5.27.
CVE-ID
CVE-2014-9425
CVE-2014-9427
CVE-2014-9652
CVE-2014-9705
CVE-2014-9709
CVE-2015-0231
CVE-2015-0232
CVE-2015-0235
CVE-2015-0273
CVE-2015-1351
CVE-2015-1352
CVE-2015-2301
CVE-2015-2305
CVE-2015-2331
CVE-2015-2348
CVE-2015-2783
CVE-2015-2787
CVE-2015-3329
CVE-2015-3330
Apple Online Store Kit
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may gain access to a user's keychain
items
Description: An issue existed in validation of access control lists
for iCloud keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of
Indiana University, Tongxin Li of Peking University, Tongxin Li of
Peking University, Xiaolong Bai of Tsinghua University
AppleEvents
Available for: Mac OS X v10.6.8 and later
Impact: A user connected through screen sharing can send Apple
Events to a local user's session
Description: An issue existed with Apple Event filtering that
allowed some users to send events to other users. This was addressed
by improved Apple Event handling.
CVE-ID
CVE-2015-5849 : Jack Lawrence (@_jackhl)
Audio
Available for: Mac OS X v10.6.8 and later
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A memory corruption issue existed in the handling of
audio files. This issue issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:
Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
bash
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in bash
Description: Multiple vulnerabilities existed in bash versions prior
to 3.2 patch level 57. These issues were addressed by updating bash
version 3.2 to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Certificate Trust Policy
Available for: Mac OS X v10.6.8 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork Cookies
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A cross-domain cookie issue existed in the handling of
top level domains. The issue was address through improved
restrictions of cookie creation.
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork FTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: Malicious FTP servers may be able to cause the client to
perform reconnaissance on other hosts
Description: An issue existed in the handling of FTP packets when
using the PASV command. This issue was resolved through improved
validation.
CVE-ID
CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A maliciously crafted URL may be able to bypass HSTS and
leak sensitive data
Description: A URL parsing vulnerability existed in HSTS handling.
This issue was addressed through improved URL parsing.
CVE-ID
CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: An issue existed in the handling of HSTS state in
Safari private browsing mode. This issue was addressed through
improved state handling.
CVE-ID
CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies
Available for: Mac OS X v10.6.8 and later
Impact: Connecting to a malicious web proxy may set malicious
cookies for a website
Description: An issue existed in the handling of proxy connect
responses. This issue was addressed by removing the set-cookie header
while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of RC4.
An attacker could force the use of RC4, even if the server preferred
better ciphers, by blocking TLS 1.0 and higher connections until
CFNetwork tried SSL 3.0, which only allows RC4. This issue was
addressed by removing the fallback to SSL 3.0.
CoreCrypto
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an
attacker may have been able to determine the RSA private key. This
issue was addressed using improved encryption algorithms.
CoreText
Available for: Mac OS X v10.6.8 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in dyld. This was
addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : @PanguTeam
Disk Images
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in DiskImages. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
dyld
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : TaiG Jailbreak Team
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application can prevent some systems from
booting
Description: An issue existed with the addresses covered by the
protected range register. This issue was fixed by changing the
protected range.
CVE-ID
CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Apple Ethernet Thunderbolt adapter may be able
to affect firmware flashing
Description: Apple Ethernet Thunderbolt adapters could modify the
host firmware if connected during an EFI update. This issue was
addressed by not loading option ROMs during updates.
CVE-ID
CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
Finder
Available for: Mac OS X v10.6.8 and later
Impact: The "Secure Empty Trash" feature may not securely delete
files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of
Trash files on some systems, such as those with flash storage. This
issue was addressed by removing the "Secure Empty Trash" option.
CVE-ID
CVE-2015-5901 : Apple
Game Center
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Game Center application may be able to access a
player's email address
Description: An issue existed in Game Center in the handling of a
player's email. This issue was addressed through improved access
restrictions.
CVE-ID
CVE-2015-5855 : Nasser Alnasser
Heimdal
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to replay Kerberos credentials to
the SMB server
Description: An authentication issue existed in Kerberos
credentials. This issue was addressed through additional validation
of credentials using a list of recently seen credentials.
CVE-ID
CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu
Fan of Microsoft Corporation, China
ICU
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior
to 53.1.0. These issues were addressed by updating ICU to version
55.1.
CVE-ID
CVE-2014-8146
CVE-2014-8147
CVE-2015-5922
Install Framework Legacy
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to gain root privileges
Description: A restriction issue existed in the Install private
framework containing a privileged executable. This issue was
addressed by removing the executable.
CVE-ID
CVE-2015-5888 : Apple
Intel Graphics Driver
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues existed in the Intel
Graphics Driver. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5830 : Yuki MIZUNO (@mzyy94)
CVE-2015-5877 : Camillus Gerard Cai
IOAudioFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOAudioFamily that led to the
disclosure of kernel memory content. This issue was addressed by
permuting kernel pointers.
CVE-ID
CVE-2015-5864 : Luca Todesco
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5871 : Ilja van Sprundel of IOActive
CVE-2015-5872 : Ilja van Sprundel of IOActive
CVE-2015-5873 : Ilja van Sprundel of IOActive
CVE-2015-5890 : Ilja van Sprundel of IOActive
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOGraphics which could have led to
the disclosure of kernel memory layout. This issue was addressed
through improved memory management.
CVE-ID
CVE-2015-5865 : Luca Todesco
IOHIDFamily
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5866 : Apple
CVE-2015-5867 : moony li of Trend Micro
IOStorageFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
Kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local process can modify other processes without
entitlement checks
Description: An issue existed where root processes using the
processor_set_tasks API were allowed to retrieve the task ports of
other processes. This issue was addressed through additional
entitlement checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaca, working from original research by
Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user
space stack cookies. These issues were addressed through improved
generation of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to launch denial of service attacks
on targeted TCP connections without knowing the correct sequence
number
Description: An issue existed in xnu's validation of TCP packet
headers. This issue was addressed through improved TCP packet header
validation.
CVE-ID
CVE-2015-5879 : Jonathan Looney
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in the
handling of IPv6 router advertisements that allowed an attacker to
set the hop limit to an arbitrary value. This issue was addressed by
enforcing a minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory layout. This was addressed through improved initialization of
kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in debugging interfaces that led to
the disclosure of memory content. This issue was addressed by
sanitizing output from debugging interfaces.
CVE-ID
CVE-2015-5870 : Apple
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to cause a system denial of service
Description: A state management issue existed in debugging
functionality. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
libc
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse
Corporation
libpthread
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
libxpc
Available for: Mac OS X v10.6.8 and later
Impact: Many SSH connections could cause a denial of service
Description: launchd had no limit on the number of processes that
could be started by a network connection. This issue was addressed by
limiting the number of SSH processes to 40.
CVE-ID
CVE-2015-5881 : Apple
Login Window
Available for: Mac OS X v10.6.8 and later
Impact: The screen lock may not engage after the specified time
period
Description: An issue existed with captured display locking. The
issue was addressed through improved lock handling.
CVE-ID
CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau
informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni
Vaahtera, and an anonymous researcher
lukemftpd
Available for: Mac OS X v10.6.8 and later
Impact: A remote attacker may be able to deny service to the FTP
server
Description: A glob-processing issue existed in tnftpd. This issue
was addressed through improved glob validation.
CVE-ID
CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
Mail
Available for: Mac OS X v10.6.8 and later
Impact: Printing an email may leak sensitive user information
Description: An issue existed in Mail which bypassed user
preferences when printing an email. This issue was addressed through
improved user preference enforcement.
CVE-ID
CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,
Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim
Technology Partners
Mail
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position may be able to
intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop
Description: An issue existed in handling encryption parameters for
large email attachments sent via Mail Drop. The issue is addressed by
no longer offering Mail Drop when sending an encrypted e-mail.
CVE-ID
CVE-2015-5884 : John McCombs of Integrated Mapping Ltd
Multipeer Connectivity
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to observe unprotected
multipeer data
Description: An issue existed in convenience initializer handling in
which encryption could be actively downgraded to a non-encrypted
session. This issue was addressed by changing the convenience
initializer to require encryption.
CVE-ID
CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An uninitialized memory issue in the kernel led to the
disclosure of kernel memory content. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2015-5831 : Maxime Villard of m00nbsd
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: An issue existed in parsing links in the Notes
application. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A cross-site scripting issue existed in parsing text by
the Notes application. This issue was addressed through improved
input validation.
CVE-ID
CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
OpenSSH
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSH
Description: Multiple vulnerabilities existed in OpenSSH versions
prior to 6.9. These issues were addressed by updating OpenSSH to
version 6.9.
CVE-ID
CVE-2014-2532
OpenSSL
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL versions
prior to 0.9.8zg. These were addressed by updating OpenSSL to version
0.9.8zg.
CVE-ID
CVE-2015-0286
CVE-2015-0287
procmail
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in procmail
Description: Multiple vulnerabilities existed in procmail versions
prior to 3.22. These issues were addressed by removing procmail.
CVE-ID
CVE-2014-3618
remote_cmds
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with root
privileges
Description: An issue existed in the usage of environment variables
by the rsh binary. This issue was addressed by dropping setuid
privileges from the rsh binary.
CVE-ID
CVE-2015-5889 : Philip Pettersson
removefile
Available for: Mac OS X v10.6.8 and later
Impact: Processing malicious data may lead to unexpected application
termination
Description: An overflow fault existed in the checkint division
routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
Ruby
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in Ruby
Description: Multiple vulnerabilities existed in Ruby versions prior
to 2.0.0p645. These were addressed by updating Ruby to version
2.0.0p645.
CVE-ID
CVE-2014-8080
CVE-2014-8090
CVE-2015-1855
Security
Available for: Mac OS X v10.6.8 and later
Impact: The lock state of the keychain may be incorrectly displayed
to the user
Description: A state management issue existed in the way keychain
lock status was tracked. This issue was addressed through improved
state management.
CVE-ID
CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,
Eric E. Lawrence, Apple
Security
Available for: Mac OS X v10.6.8 and later
Impact: A trust evaluation configured to require revocation checking
may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was
specified but not implemented. This issue was addressed by
implementing the flag.
CVE-ID
CVE-2015-5894 : Hannes Oud of kWallet GmbH
Security
Available for: Mac OS X v10.6.8 and later
Impact: A remote server may prompt for a certificate before
identifying itself
Description: Secure Transport accepted the CertificateRequest
message before the ServerKeyExchange message. This issue was
addressed by requiring the ServerKeyExchange first.
CVE-ID
CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of
Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5891 : Ilja van Sprundel of IOActive
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in SMBClient that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-5893 : Ilja van Sprundel of IOActive
SQLite
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5.
These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
Telephony
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker can place phone calls without the user's
knowledge when using Continuity
Description: An issue existed in the authorization checks for
placing phone calls. This issue was addressed through improved
authorization checks.
CVE-ID
CVE-2015-3785 : Dan Bastone of Gotham Digital Science
Terminal
Available for: Mac OS X v10.6.8 and later
Impact: Maliciously crafted text could mislead the user in Terminal
Description: Terminal did not handle bidirectional override
characters in the same way when displaying text and when selecting
text. This issue was addressed by suppressing bidirectional override
characters in Terminal.
CVE-ID
CVE-2015-5883 : an anonymous researcher
tidy
Available for: Mac OS X v10.6.8 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in tidy.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Munoz of NULLGroup.com
CVE-2015-5523 : Fernando Munoz of NULLGroup.com
Time Machine
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may gain access to keychain items
Description: An issue existed in backups by the Time Machine
framework. This issue was addressed through improved coverage of Time
Machine backups.
CVE-ID
CVE-2015-5854 : Jonas Magazinius of Assured AB
Note: OS X El Capitan 10.11 includes the security content of
Safari 9: https://support.apple.com/kb/HT205265.
OS X El Capitan 10.11 may be obtained from the Mac App Store:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw
S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO
/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6
QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54
YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop
hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O
c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR
8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r
N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT
fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1
nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e
g6jld/w5tPuCFhGucE7Z
=XciV
-----END PGP SIGNATURE-----
.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
PHP 5.4 is now masked in Portage:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
==========
[ 1 ] CVE-2013-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
[ 2 ] CVE-2014-9705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
[ 3 ] CVE-2014-9709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
[ 4 ] CVE-2015-0231
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
[ 5 ] CVE-2015-0273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
[ 6 ] CVE-2015-1351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
[ 7 ] CVE-2015-1352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
[ 8 ] CVE-2015-2301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
[ 9 ] CVE-2015-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
[ 10 ] CVE-2015-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
[ 11 ] CVE-2015-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
[ 12 ] CVE-2015-3329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
[ 13 ] CVE-2015-3330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
[ 14 ] CVE-2015-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
[ 15 ] CVE-2015-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
[ 16 ] CVE-2015-4025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
[ 17 ] CVE-2015-4026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
[ 18 ] CVE-2015-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
[ 19 ] CVE-2015-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
[ 20 ] CVE-2015-4642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
[ 21 ] CVE-2015-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
[ 22 ] CVE-2015-4644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
[ 23 ] CVE-2015-6831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
[ 24 ] CVE-2015-6832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
[ 25 ] CVE-2015-6833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
[ 26 ] CVE-2015-6834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
[ 27 ] CVE-2015-6835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
[ 28 ] CVE-2015-6836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
[ 29 ] CVE-2015-6837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
[ 30 ] CVE-2015-6838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
[ 31 ] CVE-2015-7803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
[ 32 ] CVE-2015-7804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:080
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : php
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in php:
It was discovered that the file utility contains a flaw in the handling
of indirect magic rules in the libmagic library, which leads to an
infinite recursion when trying to determine the file type of certain
files (CVE-2014-1943).
A flaw was found in the way the file utility determined the type of
Portable Executable (PE) format files, the executable format used on
Windows. A malicious PE file could cause the file utility to crash or,
potentially, execute arbitrary code (CVE-2014-2270).
The BEGIN regular expression in the awk script detector in
magic/Magdir/commands in file before 5.15 uses multiple wildcards
with unlimited repetitions, which allows context-dependent attackers
to cause a denial of service (CPU consumption) via a crafted ASCII
file that triggers a large amount of backtracking, as demonstrated
via a file with many newline characters (CVE-2013-7345).
PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain
socket with world-writable permissions by default, which allows any
local user to connect to it and execute PHP scripts as the apache user
(CVE-2014-0185).
A flaw was found in the way file's Composite Document Files (CDF)
format parser handle CDF files with many summary info entries.
The cdf_unpack_summary_info() function unnecessarily repeatedly read
the info from the same offset. This led to many file_printf() calls in
cdf_file_property_info(), which caused file to use an excessive amount
of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237).
A flaw was found in the way file parsed property information from
Composite Document Files (CDF) files. A property entry with 0 elements
triggers an infinite loop (CVE-2014-0238).
The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type
Confusion issue related to the SPL ArrayObject and SPLObjectStorage
Types (CVE-2014-3515).
It was discovered that PHP is vulnerable to a heap-based buffer
overflow in the DNS TXT record parsing. A malicious server or
man-in-the-middle attacker could possibly use this flaw to execute
arbitrary code as the PHP interpreter if a PHP application uses
dns_get_record() to perform a DNS query (CVE-2014-4049).
A flaw was found in the way file parsed property information from
Composite Document Files (CDF) files, where the mconvert() function did
not correctly compute the truncated pascal string size (CVE-2014-3478).
Multiple flaws were found in the way file parsed property information
from Composite Document Files (CDF) files, due to insufficient boundary
checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487).
The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type
Confusion issue that can cause it to leak arbitrary process memory
(CVE-2014-4721). NOTE: this vulnerability exists because of an incomplete fix
for CVE-2012-1571 (CVE-2014-3587). NOTE:
this issue exists because of an incomplete fix for CVE-2014-4049
(CVE-2014-3597).
An integer overflow flaw in PHP's unserialize() function was
reported. If unserialize() were used on untrusted data, this
issue could lead to a crash or potentially information disclosure
(CVE-2014-3669).
A heap corruption issue was reported in PHP's exif_thumbnail()
function. A specially-crafted JPEG image could cause the PHP
interpreter to crash or, potentially, execute arbitrary code
(CVE-2014-3670).
If client-supplied input was passed to PHP's cURL client as a URL to
download, it could return local files from the server due to improper
handling of null bytes (PHP#68089).
An out-of-bounds read flaw was found in file's donote() function in the
way the file utility determined the note headers of a elf file. This
could possibly lead to file executable crash (CVE-2014-3710).
A use-after-free flaw was found in PHP unserialize(). An untrusted
input could cause PHP interpreter to crash or, possibly, execute
arbitrary code when processed using unserialize() (CVE-2014-8142).
sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when
mmap is used to read a .php file, does not properly consider the
mapping's length during processing of an invalid file that begins
with a # character and lacks a newline character, which causes an
out-of-bounds read and might allow remote attackers to obtain sensitive
information from php-cgi process memory by leveraging the ability to
upload a .php file or trigger unexpected code execution if a valid
PHP script is present in memory locations adjacent to the mapping
(CVE-2014-9427).
Use after free vulnerability in unserialize() in PHP before 5.5.21
(CVE-2015-0231).
Free called on an uninitialized pointer in php-exif in PHP before
5.5.21 (CVE-2015-0232).
The readelf.c source file has been removed from PHP's bundled copy of
file's libmagic, eliminating exposure to denial of service issues in
ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620
and CVE-2014-9621 in PHP's fileinfo module.
S. Paraschoudis discovered that PHP incorrectly handled memory in
the enchant binding.
Taoguang Chen discovered that PHP incorrectly handled unserializing
objects.
It was discovered that PHP incorrectly handled memory in the phar
extension. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142 (CVE-2015-0231).
An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way libzip, which is embedded in PHP, processed
certain ZIP archives. If an attacker were able to supply a specially
crafted ZIP archive to an application using libzip, it could cause
the application to crash or, possibly, execute arbitrary code
(CVE-2015-2331).
It was discovered that the PHP opcache component incorrectly handled
memory.
It was discovered that the PHP PostgreSQL database extension
incorrectly handled certain pointers.
PHP contains a bundled copy of the file utility's libmagic library,
so it was vulnerable to the libmagic issues. The libzip packages
has been patched to address the CVE-2015-2331 flaw.
A bug in the php zip extension that could cause a crash has been fixed
(mga#13820)
Additionally the jsonc and timezonedb packages has been upgraded to
the latest versions and the PECL packages which requires so has been
rebuilt for php-5.5.23.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://php.net/ChangeLog-5.php#5.5.9
http://php.net/ChangeLog-5.php#5.5.10
http://php.net/ChangeLog-5.php#5.5.11
http://php.net/ChangeLog-5.php#5.5.12
http://php.net/ChangeLog-5.php#5.5.13
http://php.net/ChangeLog-5.php#5.5.14
http://php.net/ChangeLog-5.php#5.5.15
http://php.net/ChangeLog-5.php#5.5.16
http://php.net/ChangeLog-5.php#5.5.17
http://php.net/ChangeLog-5.php#5.5.18
http://php.net/ChangeLog-5.php#5.5.19
http://php.net/ChangeLog-5.php#5.5.20
http://php.net/ChangeLog-5.php#5.5.21
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.5.23
http://www.ubuntu.com/usn/usn-2535-1/
http://www.ubuntu.com/usn/usn-2501-1/
https://bugzilla.redhat.com/show_bug.cgi?id=1204676
http://advisories.mageia.org/MGASA-2014-0163.html
http://advisories.mageia.org/MGASA-2014-0178.html
http://advisories.mageia.org/MGASA-2014-0215.html
http://advisories.mageia.org/MGASA-2014-0258.html
http://advisories.mageia.org/MGASA-2014-0284.html
http://advisories.mageia.org/MGASA-2014-0324.html
http://advisories.mageia.org/MGASA-2014-0367.html
http://advisories.mageia.org/MGASA-2014-0430.html
http://advisories.mageia.org/MGASA-2014-0441.html
http://advisories.mageia.org/MGASA-2014-0542.html
http://advisories.mageia.org/MGASA-2015-0040.html
https://bugs.mageia.org/show_bug.cgi?id=13820
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
a4e09575e26b690bd44801a126795ce9 mbs2/x86_64/apache-mod_php-5.5.23-1.mbs2.x86_64.rpm
e156aaf446f543279f758b767e5ce6f2 mbs2/x86_64/lib64php5_common5-5.5.23-1.mbs2.x86_64.rpm
cf1653dd6b3606ff8983739fe7728502 mbs2/x86_64/lib64zip2-0.11.2-1.1.mbs2.x86_64.rpm
2ed6c588ca428a502ab995726d497527 mbs2/x86_64/lib64zip-devel-0.11.2-1.1.mbs2.x86_64.rpm
91fd4a50d38c904247519a34f71ac9a7 mbs2/x86_64/libzip-0.11.2-1.1.mbs2.x86_64.rpm
0fad2aa8ca3bed422588c7d7c349e3e7 mbs2/x86_64/php-bcmath-5.5.23-1.mbs2.x86_64.rpm
b797a14554b170f1f2c307eebd5011ce mbs2/x86_64/php-bz2-5.5.23-1.mbs2.x86_64.rpm
83abadd87c78c719b585acbfcbf1f54a mbs2/x86_64/php-calendar-5.5.23-1.mbs2.x86_64.rpm
71b728b5c58335c37e9ee059a98179b5 mbs2/x86_64/php-cgi-5.5.23-1.mbs2.x86_64.rpm
d6047e2545b396ad29b2619c3d811b49 mbs2/x86_64/php-cli-5.5.23-1.mbs2.x86_64.rpm
933344ca17f96bd844db47c993b8ce1a mbs2/x86_64/php-ctype-5.5.23-1.mbs2.x86_64.rpm
0278a991ed7a7ea1d51c6651b1157744 mbs2/x86_64/php-curl-5.5.23-1.mbs2.x86_64.rpm
a3f172d95d061f6a2ba9ce562f1068ac mbs2/x86_64/php-dba-5.5.23-1.mbs2.x86_64.rpm
d239cccc6594bfe8169c0b5300ca1dd0 mbs2/x86_64/php-devel-5.5.23-1.mbs2.x86_64.rpm
73a234b9c369a20c349fca7f425b405a mbs2/x86_64/php-doc-5.5.23-1.mbs2.noarch.rpm
ab4caa5f1a397e2f267479f08616d027 mbs2/x86_64/php-dom-5.5.23-1.mbs2.x86_64.rpm
016b8d010a1866935f2a6889b712300c mbs2/x86_64/php-enchant-5.5.23-1.mbs2.x86_64.rpm
f9bd5f358336ea8a997f85f4d690fd40 mbs2/x86_64/php-exif-5.5.23-1.mbs2.x86_64.rpm
9f0ef885d5e7abb84c1b0c6242bd1a54 mbs2/x86_64/php-fileinfo-5.5.23-1.mbs2.x86_64.rpm
f551fc699944abdbd78cd1f74e1db713 mbs2/x86_64/php-filter-5.5.23-1.mbs2.x86_64.rpm
10c6ad89a0707acdff025ee0166b4361 mbs2/x86_64/php-fpm-5.5.23-1.mbs2.x86_64.rpm
fad5946e3ff8bf1d3b7215fee229b934 mbs2/x86_64/php-ftp-5.5.23-1.mbs2.x86_64.rpm
c74071a614cc4f8d5ac612736264aad2 mbs2/x86_64/php-gd-5.5.23-1.mbs2.x86_64.rpm
788e0972b5aa918a0c8ce2b0e30270a6 mbs2/x86_64/php-gettext-5.5.23-1.mbs2.x86_64.rpm
996120d4c1fa233bdb38aedf0718f593 mbs2/x86_64/php-gmp-5.5.23-1.mbs2.x86_64.rpm
e032d9a3c8e078242347623f1ff51b5a mbs2/x86_64/php-hash-5.5.23-1.mbs2.x86_64.rpm
c1da3a1898b05995091ad1c2237bdf6a mbs2/x86_64/php-iconv-5.5.23-1.mbs2.x86_64.rpm
37b4a5d86006024878d397a8478d5a42 mbs2/x86_64/php-imap-5.5.23-1.mbs2.x86_64.rpm
bd10d9a55ee8db73b4d80dae1e14e4e0 mbs2/x86_64/php-ini-5.5.23-1.mbs2.x86_64.rpm
4cb54cd72bd26728bb29f5d00a5174af mbs2/x86_64/php-interbase-5.5.23-1.mbs2.x86_64.rpm
2713dca82ad94d88b379db3fa012ed2d mbs2/x86_64/php-intl-5.5.23-1.mbs2.x86_64.rpm
f0a9187b81e038400dae4e01123b751c mbs2/x86_64/php-json-5.5.23-1.mbs2.x86_64.rpm
c395a0cb573d9432c9e4c2a4b92d1d0f mbs2/x86_64/php-ldap-5.5.23-1.mbs2.x86_64.rpm
f2374e34b874072d2268acf1c72b383a mbs2/x86_64/php-mbstring-5.5.23-1.mbs2.x86_64.rpm
7ca3ce3a9464933af1a147c206c25d0d mbs2/x86_64/php-mcrypt-5.5.23-1.mbs2.x86_64.rpm
dbe828f1c2caa3eef932fc0c14a7e2e9 mbs2/x86_64/php-mssql-5.5.23-1.mbs2.x86_64.rpm
995e9f09906309252d850618c3fffaa6 mbs2/x86_64/php-mysql-5.5.23-1.mbs2.x86_64.rpm
c474c1f1dc45f14ea5357092277d2f22 mbs2/x86_64/php-mysqli-5.5.23-1.mbs2.x86_64.rpm
cdcb4872386b83ef3969f918bf99f941 mbs2/x86_64/php-mysqlnd-5.5.23-1.mbs2.x86_64.rpm
cbb1652273fb07f216c50b8d1b5445c2 mbs2/x86_64/php-odbc-5.5.23-1.mbs2.x86_64.rpm
29ab61a3d1d00ad57c875d87b62d2e12 mbs2/x86_64/php-opcache-5.5.23-1.mbs2.x86_64.rpm
349f796a960ef2207b30a06e386f2653 mbs2/x86_64/php-openssl-5.5.23-1.mbs2.x86_64.rpm
7a7411900384da8741e32a3f6f8036c2 mbs2/x86_64/php-pcntl-5.5.23-1.mbs2.x86_64.rpm
ba3b14e45177b257ada03f7ff4b16deb mbs2/x86_64/php-pdo-5.5.23-1.mbs2.x86_64.rpm
ae5b57dbff67c7595e154313321ff693 mbs2/x86_64/php-pdo_dblib-5.5.23-1.mbs2.x86_64.rpm
8782f71797f7cb271a514b735b19621a mbs2/x86_64/php-pdo_firebird-5.5.23-1.mbs2.x86_64.rpm
ac39db58d4100f3d2d24593d3b5907fc mbs2/x86_64/php-pdo_mysql-5.5.23-1.mbs2.x86_64.rpm
210b990793c2d616fb0aecc4fde28eb6 mbs2/x86_64/php-pdo_odbc-5.5.23-1.mbs2.x86_64.rpm
6ae4df7959ddd3a8a0724ddddbe41a71 mbs2/x86_64/php-pdo_pgsql-5.5.23-1.mbs2.x86_64.rpm
1f9bdab81fa668dd583abe873892993e mbs2/x86_64/php-pdo_sqlite-5.5.23-1.mbs2.x86_64.rpm
f0cbb5dde255f5c8fa3e04e3a5314ab1 mbs2/x86_64/php-pgsql-5.5.23-1.mbs2.x86_64.rpm
e46ac8c820911a6091540e135f103154 mbs2/x86_64/php-phar-5.5.23-1.mbs2.x86_64.rpm
5050a745bfc3b1f5eeced2dd85f79721 mbs2/x86_64/php-posix-5.5.23-1.mbs2.x86_64.rpm
c9093134a518c07f4e8a188987f853d3 mbs2/x86_64/php-readline-5.5.23-1.mbs2.x86_64.rpm
2b48c3f35573e00b5ba4327e8edc05f2 mbs2/x86_64/php-recode-5.5.23-1.mbs2.x86_64.rpm
ae2157230db4d6e28698db384c8f7fcb mbs2/x86_64/php-session-5.5.23-1.mbs2.x86_64.rpm
2610a739bfa29ff11e648c7baa1d8bc3 mbs2/x86_64/php-shmop-5.5.23-1.mbs2.x86_64.rpm
b7999e11cf9d2ab510263e32cabaf312 mbs2/x86_64/php-snmp-5.5.23-1.mbs2.x86_64.rpm
ab665c30f0d2f13baa1c6475b7df7cac mbs2/x86_64/php-soap-5.5.23-1.mbs2.x86_64.rpm
f331837ba716316cef094765a1700101 mbs2/x86_64/php-sockets-5.5.23-1.mbs2.x86_64.rpm
134f8bb18790bd023e73919a794703a0 mbs2/x86_64/php-sqlite3-5.5.23-1.mbs2.x86_64.rpm
4b4aa44d0ac56629610bb0444f199df5 mbs2/x86_64/php-sybase_ct-5.5.23-1.mbs2.x86_64.rpm
fc69f644f36308d81f37f356b76e40a1 mbs2/x86_64/php-sysvmsg-5.5.23-1.mbs2.x86_64.rpm
981b7ef6715aacfe9250b206dbbbad31 mbs2/x86_64/php-sysvsem-5.5.23-1.mbs2.x86_64.rpm
91c006555173d03f1d25899947702673 mbs2/x86_64/php-sysvshm-5.5.23-1.mbs2.x86_64.rpm
62e5fa5fa8b4d89d7835f2f68169af14 mbs2/x86_64/php-tidy-5.5.23-1.mbs2.x86_64.rpm
0c5a9237c710dd098c8bb56018f7a142 mbs2/x86_64/php-timezonedb-2015.1-1.mbs2.x86_64.rpm
d94aa68a9ce76bce5c962c58f37ac5a5 mbs2/x86_64/php-tokenizer-5.5.23-1.mbs2.x86_64.rpm
317c7da32daa223560dc08bbae89d98d mbs2/x86_64/php-wddx-5.5.23-1.mbs2.x86_64.rpm
9b2cf90dfc6f6bdc0431a6f94d43a947 mbs2/x86_64/php-xml-5.5.23-1.mbs2.x86_64.rpm
0a1b6e0beeb36f24f9250a352fbff1e9 mbs2/x86_64/php-xmlreader-5.5.23-1.mbs2.x86_64.rpm
598925bc71347774e805b6fcfcbcf590 mbs2/x86_64/php-xmlrpc-5.5.23-1.mbs2.x86_64.rpm
49a1f8e773e98bb101488b805670651c mbs2/x86_64/php-xmlwriter-5.5.23-1.mbs2.x86_64.rpm
0b7c2f2fe7b3103631dd07d12d443e06 mbs2/x86_64/php-xsl-5.5.23-1.mbs2.x86_64.rpm
5cb68626d863213de934655dac8342c8 mbs2/x86_64/php-zip-5.5.23-1.mbs2.x86_64.rpm
a27bab106c0ba87f220ff35937210a63 mbs2/x86_64/php-zlib-5.5.23-1.mbs2.x86_64.rpm
3dd6a6eeb12c7207446053e4785d6974 mbs2/SRPMS/libzip-0.11.2-1.1.mbs2.src.rpm
5d69769d822628a5bf1485eaa1251b8e mbs2/SRPMS/php-5.5.23-1.mbs2.src.rpm
0a629c11ca23ba56d57f61a754def293 mbs2/SRPMS/php-timezonedb-2015.1-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
| VAR-201503-0072 | CVE-2015-0984 | Honeywell XL Web Controller Directory Traversal Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. Honeywell XL Web Controller is a web-based SCADA system
| VAR-201503-0335 | CVE-2014-9209 | Rockwell Automation FactoryTalk Services Platform and FactoryTalk View Studio of Clean Utility Application vulnerability |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojans in unspecified directories DLL You may get permission through. The FactoryTalk Services Platform provides routine services (such as diagnostics, health monitoring services, and real-time data access) for products and applications in the FactoryTalk system. FactoryTalk View Studio is a configuration software for developing or testing machine-level or monitoring management-level Human Machine Interface (HMI) applications. Multiple native code execution vulnerabilities exist in multiple Rockwell Automation product DLL loads. An attacker can exploit arbitrary exploits and system privileges to execute arbitrary code. Failed attempts may lead to denial-of-service conditions.
The following products are affected:
FactoryTalk Services Platform prior to 2.71.00
FactoryTalk View Studio versions 8.00.00 and prior. A local attacker can use the Trojan horse DLL file to exploit this vulnerability to gain permissions
| VAR-201703-0323 | CVE-2015-1610 | OpenDaylight l2switch of hosttracker Vulnerability in changing host location information |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing.". OpenDaylight l2switch of hosttracker Contains a vulnerability that changes the location of the host. OpenDaylight l2switch is prone to a security-bypass vulnerability.
Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. OpenDaylight is a project of the Linux Foundation in the United States. It is a community-led open source software-defined network framework. It includes a set of modules that can perform network tasks that need to be completed quickly. l2switch is one of the projects that provides layer 2 switch functionality
| VAR-201503-0416 | CVE-2014-9711 | plural Websense Cross-site scripting vulnerability in product research reports |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. TRITON AP-WEB provides real-time protection against advanced threats and data theft for local and remote users; Web Security and Filter (Web security and filtering) prevents network attacks and reduces malware infections. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. ------------------------------------------------------------------------
Multiple Cross-Site Scripting vulnerabilities in Websense Reporting
------------------------------------------------------------------------
Han Sahin, September 2014
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It has been found that Websense Reporting is affected by multiple
Cross-Site Scripting issues. Cross-Site Scripting allows an attacker to
perform a wide variety of actions, such as stealing the victim's session
token or login credentials, performing arbitrary actions on the victim's
behalf, and logging their keystrokes.
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was discovered on Websense Triton v7.8.3 and Websense
appliance modules V-Series v7.7. Other versions may be affected as well.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Websense released hotfix 02 for Websense Triton v7.8.4 in which this
issue is fixed. More information about this hotfix can be found at the
following location:
http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-02-for-Web-Security-Solutions
This issue is resolved in TRITON APX Version 8.0. More information about
the fixed can be found at the following location:
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20140914/multiple_cross_site_scripting_vulnerabilities_in_websense_reporting.html
One example of a vulnerable request parameter is the col. Its value is copied into the value of an HTML tag attribute; encapsulated in double quotation marks. The value echoed unmodified (without output encoding) in the application's response. This vulnerability can be reproduced using the following steps:
- login into Admin GUI;
- open the proof of concept below;
- hover over 'Risk Class' in left corner.
https://<target>:9443/explorer_wse/explorer_anon.exe?col=a86de%27onmouseover%3d%27alert%28document.cookie%29%27de90f&delAdmin=0&startDate=2014-07-31&endDate=2014-08-01
An attacker must trick victims into opening the attacker's specially crafted link. This is for example possible by sending a victim a link in an email or instant message. Once a victim opens the specially crafted link, arbitrary client-side scripting code will be executed in the victim's browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes
| VAR-201503-0172 | CVE-2015-0669 | Cisco IOS of Autonomic Networking Infrastructure Vulnerability in changing configuration settings |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167. Cisco IOS is an operating system developed by Cisco Systems for its network devices.
An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
This issue is tracked by Cisco Bug ID CSCup62167
| VAR-201503-0173 | CVE-2015-0670 | Cisco Small Business IP phone of SPA300 and SPA500 Vulnerability to read audio stream data in the default settings of the series |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. Vendors have confirmed this vulnerability Bug ID CSCuo52482 It is released as.Skillfully crafted by a third party XML Depending on the request, the audio stream data may be read or an outgoing call may be initiated. Cisco Small Business IP phones SPA 300 and SPA 500 are Cisco 300 and SPA 500 series IP telephony products from Cisco. The program failed to set the authentication correctly.
An attacker can exploit this issue to gain unauthorized access to the affected devices. This may aid in further attacks.
This issue is being tracked by Cisco Bug ID CSCuo52482
| VAR-201503-0171 | CVE-2015-0668 | Cisco WebEx Meetings Server Management portal cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737. Vendors have confirmed this vulnerability Bug ID CSCuq66737 It is released as.By any third party Web Script or HTML May be inserted.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCuq66737. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. The administration portal page of CWMS version 2.5 and version 2.5.99.2 has a cross-site scripting vulnerability, which is caused by the program not adequately filtering the input submitted by the user
| VAR-201503-0174 | CVE-2015-0671 | Cisco Videoscape Distribution Suite for Internet Streaming of DNS Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911. Cisco Internet Streamer for VideoScape Delivery System is prone to a remote denial-of-service vulnerability.
A remote attacker may exploit this issue to trigger denial-of-service condition due to excessive CPU and network resource utilization.
This issue is being tracked by Cisco Bug ID CSCun15911 . The solution supports streaming media live broadcast, dynamic acquisition of content library and content caching, etc. A security vulnerability exists in the DNS implementation of Cisco VDS-IS version 3.2(1)
| VAR-201503-0497 | No CVE | "Suspected Backdoor" program in NetCore's full range of routers |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Netcore is a network communication manufacturer in Shenzhen Leike. Its main products include wireless routers, wireless network cards, network cards, hubs, switches, broadband routers, Layer 2, and Layer 4 switches, and optical terminals. A program called IGDPDTD is built into the NetCore router. According to its description, it should be IGD MPT Interface daemon 1.0. The program will start with the router and open the port on the public network. The attacker can execute any system command, upload and download files, and control the router.
| VAR-201706-0187 | CVE-2015-2800 | plural Huawei Campus Service operation interruption in user authentication module of switch products (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. Huawei Campus Series Switches are prone to a denial-of-service vulnerability.
Attackers can exploit this issue to restart the affected device, denying service to legitimate users. Huawei Campus switches S5700, etc. are all switch products of China's Huawei (Huawei). The user authentication module is a module for user login authentication. The following products and versions are affected: Huawei Campus switches S5700 V200R001SPH012 Version; Campus switches S5300 V200R001SPH012 Version; Campus switches S6300 V200R001SPH012 Version; Campus switches S6700 V200R001SPH012 Version; Campus switches S7700 V200R001SPH012 Version; Campus switches S9300 V200R001SPH012 Version; Campus switches S9700 V200R001SPH012 Version
| VAR-201503-0052 | CVE-2015-0209 | OpenSSL ‘ d2i_ECPrivateKey 'Reuse the function after the release of the vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. OpenSSL is prone to remote memory-corruption vulnerability.
Note: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. Additionally a follow-up fix for CVE-2015-0209 is applied.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:
CVE-2015-0286
Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.
CVE-2015-0287
Emilia Kaesper discovered a memory corruption in ASN.1 parsing.
CVE-2015-0292
It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.
CVE-2015-0209
It was discovered that a malformed EC private key might result in
memory corruption.
CVE-2015-0288
It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.
We recommend that you upgrade your openssl packages.
Release Date: 2015-05-19
Last Updated: 2015-05-19
Potential Security Impact: Remote Denial of Service (DoS) and other
vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running
OpenSSL. These vulnerabilities could be exploited remotely to create a remote
Denial of Service (DoS) and other vulnerabilities.
References:
CVE-2015-0204
CVE-2015-0286
CVE-2015-0287
CVE-2015-0289
CVE-2015-0292
CVE-2015-0293
CVE-2015-0209
CVE-2015-0288
SSRT102000
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zf
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The
updates are available from the following URL:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=OPENSSL11I
HP-UX Release
HP-UX OpenSSL depot name
B.11.11 (11i v1)
OpenSSL_A.00.09.08zf.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2)
OpenSSL_A.00.09.08zf.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
OpenSSL_A.00.09.08zf.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install HP-UX OpenSSL A.00.09.08zf or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zf.001 or subsequent
HP-UX B.11.23
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zf.002 or subsequent
HP-UX B.11.31
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zf.003 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 20 May 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does
not ensure that certain swap operations have a constant-time behavior,
which makes it easier for local users to obtain ECDSA nonces via a
FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before
1.0.1g do not properly handle Heartbeat Extension packets, which allows
remote attackers to obtain sensitive information from process memory
via crafted packets that trigger a buffer over-read, as demonstrated
by reading private keys, related to d1_both.c and t1_lib.c, aka the
Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h does not properly restrict processing of ChangeCipherSpec
messages, which allows man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL communications,
and consequently hijack sessions or obtain sensitive information,
via a crafted TLS handshake, aka the CCS Injection vulnerability
(CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
products, uses nondeterministic CBC padding, which makes it easier
for man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue
became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before
1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square
of a BIGNUM value, which might make it easier for remote attackers to
defeat cryptographic protection mechanisms via unspecified vectors,
related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and
crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote
SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger
a loss of forward secrecy by omitting the ServerKeyExchange message
(CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
does not enforce certain constraints on certificate data, which allows
remote attackers to defeat a fingerprint-based certificate-blacklist
protection mechanism by including crafted data within a
certificate's unsigned portion, related to crypto/asn1/a_verify.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c
(CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL
servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate
brute-force decryption by offering a weak ephemeral RSA key in a
noncompliant role, related to the FREAK issue. NOTE: the scope of
this CVE is only client code based on OpenSSL, not EXPORT_RSA issues
associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before
1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a
Diffie-Hellman (DH) certificate without requiring a CertificateVerify
message, which allows remote attackers to obtain access without
knowledge of a private key via crafted TLS Handshake Protocol traffic
to a server that recognizes a Certification Authority with DH support
(CVE-2015-0205).
The updated packages have been upgraded to the 1.0.1m version where
these security flaws has been fixed.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://openssl.org/news/secadv_20150108.txt
http://openssl.org/news/secadv_20150319.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm
9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm
58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm
b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm
a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm
521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:06.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib
Module: openssl
Announced: 2015-03-19
Affects: All supported versions of FreeBSD.
Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE)
2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7)
2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE)
2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11)
2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE)
2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25)
CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,
CVE-2015-0289, CVE-2015-0293
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
Abstract Syntax Notation One (ASN.1) is a standard and notation that
describes rules and structures for representing, encoding, transmitting,
and decoding data in telecommunications and computer networking, which
enables representation of objects that are independent of machine-specific
encoding technique.
II. Problem Description
A malformed elliptic curve private key file could cause a use-after-free
condition in the d2i_ECPrivateKey function. [CVE-2015-0209]
An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp
function to crash with an invalid read. [CVE-2015-0286]
Reusing a structure in ASN.1 parsing may allow an attacker to cause memory
corruption via an invalid write. [CVE-2015-0287]
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. [CVE-2015-0288]
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
[CVE-2015-0289]
A malicious client can trigger an OPENSSL_assert in servers that both support
SSLv2 and enable export cipher suites by sending a specially crafted SSLv2
CLIENT-MASTER-KEY message. [CVE-2015-0293]
III. [CVE-2015-0209]
A remote attacker who is able to send specifically crafted certificates
may be able to crash an OpenSSL client or server. [CVE-2015-0286]
An attacker who can cause invalid writes with applications that parse
structures containing CHOICE or ANY DEFINED BY components and reusing
the structures may be able to cause them to crash. Such reuse is believed
to be rare. OpenSSL clients and servers are not affected. [CVE-2015-0287]
An attacker may be able to crash applications that create a new certificate
request with subject name the same as in an existing, specifically crafted
certificate. This usage is rare in practice. [CVE-2015-0288]
An attacker may be able to crash applications that verify PKCS#7 signatures,
decrypt PKCS#7 data or otherwise parse PKCS#7 structures with specifically
crafted certificates. [CVE-2015-0289]
A malicious client can trigger an OPENSSL_assert in servers that both support
SSLv2 and enable export cipher suites by sending a carefully crafted SSLv2
CLIENT-MASTER-KEY message, resulting in a Denial of Service.
IV. Workaround
No workaround is available. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch
# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc
# gpg --verify openssl-0.9.8.patch.asc
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch
# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc
# gpg --verify openssl-1.0.1.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r280266
releng/8.4/ r280268
stable/9/ r280266
releng/9.3/ r280268
stable/10/ r280266
releng/10.1/ r280268
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://www.openssl.org/news/secadv_20150319.txt>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:06.openssl.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.2 (FreeBSD)
iQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns
hhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp
jhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy
R7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C
3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln
rL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H
t3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs
x/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu
5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH
sLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq
CgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd
UQg3YfrXHDlxCsqEzN7o
=wi0T
-----END PGP SIGNATURE-----
.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded.
Fixes several bugs and security issues:
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
o Removed the export ciphers from the DEFAULT ciphers
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 packages:
9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz
706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages:
5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz
fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Slackware 13.1 packages:
1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz
2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages:
f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz
0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Slackware 13.37 packages:
7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz
e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages:
379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz
54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Slackware 14.0 packages:
8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz
bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz
acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz
b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz
25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Slackware -current packages:
0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz
b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz
Slackware x86_64 -current packages:
99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz
9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release
Advisory ID: RHSA-2016:2957-01
Product: Red Hat JBoss Core Services
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2957.html
Issue date: 2016-12-15
CVE Names: CVE-2012-1148 CVE-2014-3523 CVE-2014-8176
CVE-2015-0209 CVE-2015-0286 CVE-2015-3185
CVE-2015-3194 CVE-2015-3195 CVE-2015-3196
CVE-2015-3216 CVE-2016-0702 CVE-2016-0705
CVE-2016-0797 CVE-2016-0799 CVE-2016-1762
CVE-2016-1833 CVE-2016-1834 CVE-2016-1835
CVE-2016-1836 CVE-2016-1837 CVE-2016-1838
CVE-2016-1839 CVE-2016-1840 CVE-2016-2105
CVE-2016-2106 CVE-2016-2107 CVE-2016-2108
CVE-2016-2109 CVE-2016-2177 CVE-2016-2178
CVE-2016-2842 CVE-2016-3627 CVE-2016-3705
CVE-2016-4447 CVE-2016-4448 CVE-2016-4449
CVE-2016-4459 CVE-2016-4483 CVE-2016-5419
CVE-2016-5420 CVE-2016-6808 CVE-2016-7141
CVE-2016-8612
=====================================================================
1. Summary:
Red Hat JBoss Core Services httpd 2.4.23 is now available from the Red Hat
Customer Portal for Solaris and Microsoft Windows systems.
Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a
replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,
CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,
CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,
CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,
CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)
* This update fixes several flaws in libxml2. (CVE-2016-1762,
CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,
CVE-2016-7141)
* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
* This update fixes two flaws in mod_cluster. (CVE-2016-4459,
CVE-2016-8612)
* A buffer overflow flaw when concatenating virtual host names and URIs was
fixed in mod_jk. (CVE-2016-6808)
* A memory leak flaw was fixed in expat. (CVE-2012-1148)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,
CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,
and CVE-2016-2842. The CVE-2016-4459 issue was discovered by Robert Bost
(Red Hat). Upstream acknowledges Stephen Henson (OpenSSL development team)
as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),
Hanno BAPck, and David Benjamin (Google) as the original reporters of
CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,
CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj
Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom
(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv
University), and Nadia Heninger (University of Pennsylvania) as the
original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as
the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for
more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
801648 - CVE-2012-1148 expat: Memory leak in poolGrow
1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service
1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import
1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression
1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS
1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter
1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak
1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint
1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code
1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation
1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds
1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode
1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data
1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder
1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check
1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow
1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow
1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file
1332820 - CVE-2016-4483 libxml2: out-of-bounds read
1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar
1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
1338700 - CVE-2016-4448 libxml2: Format string vulnerability
1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content
1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey
1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString
1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal
1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat
1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase
1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation
1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass
1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert
1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates
1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI
1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error
5. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]
JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6. References:
https://access.redhat.com/security/cve/CVE-2012-1148
https://access.redhat.com/security/cve/CVE-2014-3523
https://access.redhat.com/security/cve/CVE-2014-8176
https://access.redhat.com/security/cve/CVE-2015-0209
https://access.redhat.com/security/cve/CVE-2015-0286
https://access.redhat.com/security/cve/CVE-2015-3185
https://access.redhat.com/security/cve/CVE-2015-3194
https://access.redhat.com/security/cve/CVE-2015-3195
https://access.redhat.com/security/cve/CVE-2015-3196
https://access.redhat.com/security/cve/CVE-2015-3216
https://access.redhat.com/security/cve/CVE-2016-0702
https://access.redhat.com/security/cve/CVE-2016-0705
https://access.redhat.com/security/cve/CVE-2016-0797
https://access.redhat.com/security/cve/CVE-2016-0799
https://access.redhat.com/security/cve/CVE-2016-1762
https://access.redhat.com/security/cve/CVE-2016-1833
https://access.redhat.com/security/cve/CVE-2016-1834
https://access.redhat.com/security/cve/CVE-2016-1835
https://access.redhat.com/security/cve/CVE-2016-1836
https://access.redhat.com/security/cve/CVE-2016-1837
https://access.redhat.com/security/cve/CVE-2016-1838
https://access.redhat.com/security/cve/CVE-2016-1839
https://access.redhat.com/security/cve/CVE-2016-1840
https://access.redhat.com/security/cve/CVE-2016-2105
https://access.redhat.com/security/cve/CVE-2016-2106
https://access.redhat.com/security/cve/CVE-2016-2107
https://access.redhat.com/security/cve/CVE-2016-2108
https://access.redhat.com/security/cve/CVE-2016-2109
https://access.redhat.com/security/cve/CVE-2016-2177
https://access.redhat.com/security/cve/CVE-2016-2178
https://access.redhat.com/security/cve/CVE-2016-2842
https://access.redhat.com/security/cve/CVE-2016-3627
https://access.redhat.com/security/cve/CVE-2016-3705
https://access.redhat.com/security/cve/CVE-2016-4447
https://access.redhat.com/security/cve/CVE-2016-4448
https://access.redhat.com/security/cve/CVE-2016-4449
https://access.redhat.com/security/cve/CVE-2016-4459
https://access.redhat.com/security/cve/CVE-2016-4483
https://access.redhat.com/security/cve/CVE-2016-5419
https://access.redhat.com/security/cve/CVE-2016-5420
https://access.redhat.com/security/cve/CVE-2016-6808
https://access.redhat.com/security/cve/CVE-2016-7141
https://access.redhat.com/security/cve/CVE-2016-8612
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=distributions&version=2.4.23
https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. ============================================================================
Ubuntu Security Notice USN-2537-1
March 19, 2015
openssl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
It was discovered that OpenSSL incorrectly handled malformed EC private key
files.
(CVE-2015-0209)
Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1
boolean types. (CVE-2015-0286)
Emilia K=C3=A4sper discovered that OpenSSL incorrectly handled ASN.1 structure
reuse.
(CVE-2015-0287)
Brian Carpenter discovered that OpenSSL incorrectly handled invalid
certificate keys. (CVE-2015-0289)
Robert Dugal and David Ramos discovered that OpenSSL incorrectly handled
decoding Base64 encoded data. (CVE-2015-0292)
Sean Burford and Emilia K=C3=A4sper discovered that OpenSSL incorrectly handled
specially crafted SSLv2 CLIENT-MASTER-KEY messages. (CVE-2015-0293)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libssl1.0.0 1.0.1f-1ubuntu9.4
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.11
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.25
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.27
After a standard system update you need to reboot your computer to make
all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
2015-005
OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:
Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A process may gain admin privileges without proper
authentication
Description: An issue existed when checking XPC entitlements. This
issue was addressed through improved entitlement checking.
CVE-ID
CVE-2015-3671 : Emil Kvarnhammar at TrueSec
Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A non-admin user may obtain admin rights
Description: An issue existed in the handling of user
authentication. This issue was addressed through improved error
checking.
CVE-ID
CVE-2015-3672 : Emil Kvarnhammar at TrueSec
Admin Framework
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: An attacker may abuse Directory Utility to gain root
privileges
Description: Directory Utility was able to be moved and modified to
achieve code execution within an entitled process. This issue was
addressed by limiting the disk location that writeconfig clients may
be executed from.
CVE-ID
CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec
afpserver
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A remote attacker may be able to cause unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in the AFP server.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3674 : Dean Jerkovich of NCC Group
apache
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: An attacker may be able to access directories that are
protected with HTTP authentication without knowing the correct
credentials
Description: The default Apache configuration did not include
mod_hfs_apple. If Apache was manually enabled and the configuration
was not changed, some files that should not be accessible might have
been accessible using a specially crafted URL. This issue was
addressed by enabling mod_hfs_apple.
CVE-ID
CVE-2015-3675 : Apple
apache
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Multiple vulnerabilities exist in PHP, the most serious of
which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.24 and 5.4.40. These were addressed by updating PHP to
versions 5.5.24 and 5.4.40.
CVE-ID
CVE-2015-0235
CVE-2015-0273
AppleGraphicsControl
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in AppleGraphicsControl which could
have led to the disclosure of kernel memory layout. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2015-3676 : Chen Liang of KEEN Team
AppleFSCompression
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in LZVN compression that could have
led to the disclosure of kernel memory content. This issue was
addressed through improved memory handling.
CVE-ID
CVE-2015-3677 : an anonymous researcher working with HP's Zero Day
Initiative
AppleThunderboltEDMService
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the handling of
certain Thunderbolt commands from local processes. This issue was
addressed through improved memory handling.
CVE-ID
CVE-2015-3678 : Apple
ATS
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in handling
of certain fonts. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative
CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative
CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3682 : Nuode Wei
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the Bluetooth HCI
interface. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze
Networks
Certificate Trust Policy
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: An attacker with a privileged network position may be able
to intercept network traffic
Description: An intermediate certificate was incorrectly issued by
the certificate authority CNNIC. This issue was addressed through the
addition of a mechanism to trust only a subset of certificates issued
prior to the mis-issuance of the intermediate. Further details are
available at https://support.apple.com/en-us/HT204938
Certificate Trust Policy
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork HTTPAuthentication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Following a maliciously crafted URL may lead to arbitrary
code execution
Description: A memory corruption issue existed in handling of
certain URL credentials. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-3684 : Apple
CoreText
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted text file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of text files. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2015-1157
CVE-2015-3685 : Apple
CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3689 : Apple
coreTLS
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: coreTLS accepted short ephemeral Diffie-Hellman (DH)
keys, as used in export-strength ephemeral DH cipher suites. This
issue, also known as Logjam, allowed an attacker with a privileged
network position to downgrade security to 512-bit DH if the server
supported an export-strength ephemeral DH cipher suite. The issue was
addressed by increasing the default minimum size allowed for DH
ephemeral keys to 768 bits.
CVE-ID
CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck
DiskImages
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue existed in the
processing of disk images. This issue was addressed through improved
memory management.
CVE-ID
CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative
Display Drivers
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the Monitor Control Command Set
kernel extension by which a userland process could control the value
of a function pointer within the kernel. The issue was addressed by
removing the affected interface.
CVE-ID
CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze
Networks
EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application with root privileges may be able to
modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash
when resuming from sleep states. This issue was addressed through
improved locking.
CVE-ID
CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah
and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca
EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may induce memory corruption to
escalate privileges
Description: A disturbance error, also known as Rowhammer, exists
with some DDR3 RAM that could have led to memory corruption. This
issue was mitigated by increasing memory refresh rates.
CVE-ID
CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working
from original research by Yoongu Kim et al (2014)
FontParser
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team
Graphics Driver
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An out of bounds write issue existed in NVIDIA graphics
driver. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-3712 : Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Multiple buffer overflow issues exist in the Intel graphics
driver, the most serious of which may lead to arbitrary code
execution with system privileges
Description: Multiple buffer overflow issues existed in the Intel
graphics driver. These were addressed through additional bounds
checks.
CVE-ID
CVE-2015-3695 : Ian Beer of Google Project Zero
CVE-2015-3696 : Ian Beer of Google Project Zero
CVE-2015-3697 : Ian Beer of Google Project Zero
CVE-2015-3698 : Ian Beer of Google Project Zero
CVE-2015-3699 : Ian Beer of Google Project Zero
CVE-2015-3700 : Ian Beer of Google Project Zero
CVE-2015-3701 : Ian Beer of Google Project Zero
CVE-2015-3702 : KEEN Team
ImageIO
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Multiple vulnerabilities existed in libtiff, the most
serious of which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in libtiff versions
prior to 4.0.4. They were addressed by updating libtiff to version
4.0.4.
CVE-ID
CVE-2014-8127
CVE-2014-8128
CVE-2014-8129
CVE-2014-8130
ImageIO
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted .tiff file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
.tiff files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-3703 : Apple
Install Framework Legacy
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Several issues existed in how Install.framework's
'runner' setuid binary dropped privileges. This was addressed by
properly dropping privileges.
CVE-ID
CVE-2015-3704 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOAcceleratorFamily. These issues were addressed through improved
memory handling.
CVE-ID
CVE-2015-3705 : KEEN Team
CVE-2015-3706 : KEEN Team
IOFireWireFamily
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple null pointer dereference issues existed in the
FireWire driver. These issues were addressed through improved error
checking.
CVE-ID
CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze
Networks
Kernel
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory management issue existed in the handling of
APIs related to kernel extensions which could have led to the
disclosure of kernel memory layout. This issue was addressed through
improved memory management.
CVE-ID
CVE-2015-3720 : Stefan Esser
Kernel
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory management issue existed in the handling of
HFS parameters which could have led to the disclosure of kernel
memory layout. This issue was addressed through improved memory
management.
CVE-ID
CVE-2015-3721 : Ian Beer of Google Project Zero
kext tools
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: kextd followed symbolic links while creating a new
file. This issue was addressed through improved handling of symbolic
links.
CVE-ID
CVE-2015-3708 : Ian Beer of Google Project Zero
kext tools
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A local user may be able to load unsigned kernel extensions
Description: A time-of-check time-of-use (TOCTOU) race condition
condition existed while validating the paths of kernel extensions.
This issue was addressed through improved checks to validate the path
of the kernel extensions.
CVE-ID
CVE-2015-3709 : Ian Beer of Google Project Zero
Mail
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A maliciously crafted email can replace the message content
with an arbitrary webpage when the message is viewed
Description: An issue existed in the support for HTML email which
allowed message content to be refreshed with an arbitrary webpage.
The issue was addressed through restricted support for HTML content.
CVE-ID
CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek
ntfs
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in NTFS that could have led to the
disclosure of kernel memory content. This issue was addressed through
improved memory handling.
CVE-ID
CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative
ntp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: An attacker in a privileged position may be able to perform
a denial of service attack against two ntp clients
Description: Multiple issues existed in the authentication of ntp
packets being received by configured end-points. These issues were
addressed through improved connection state management.
CVE-ID
CVE-2015-1798
CVE-2015-1799
OpenSSL
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Multiple issues exist in OpenSSL, including one that may
allow an attacker to intercept connections to a server that supports
export-grade ciphers
Description: Multiple issues existed in OpenSSL 0.9.8zd which were
addressed by updating OpenSSL to version 0.9.8zf.
CVE-ID
CVE-2015-0209
CVE-2015-0286
CVE-2015-0287
CVE-2015-0288
CVE-2015-0289
CVE-2015-0293
QuickTime
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative
CVE-2015-3662 : kdot working with HP's Zero Day Initiative
CVE-2015-3663 : kdot working with HP's Zero Day Initiative
CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero
Day Initiative
CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai
Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson
of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs
CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs
CVE-2015-3713 : Apple
Security
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: An integer overflow existed in the Security framework
code for parsing S/MIME e-mail and some other signed or encrypted
objects. This issue was addressed through improved validity checking.
CVE-ID
CVE-2013-1741
Security
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Tampered applications may not be prevented from launching
Description: Apps using custom resource rules may have been
susceptible to tampering that would not have invalidated the
signature. This issue was addressed with improved resource
validation.
CVE-ID
CVE-2015-3714 : Joshua Pitts of Leviathan Security Group
Security
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to bypass code signing
checks
Description: An issue existed where code signing did not verify
libraries loaded outside the application bundle. This issue was
addressed with improved bundle verification.
CVE-ID
CVE-2015-3715 : Patrick Wardle of Synack
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: Searching for a malicious file with Spotlight may lead to
command injection
Description: A command injection vulnerability existed in the
handling of filenames of photos added to the local photo library.
This issue was addressed through improved input validation.
CVE-ID
CVE-2015-3716 : Apple
SQLite
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: Multiple buffer overflows existed in SQLite's printf
implementation. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative
System Stats
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious app may be able to compromise systemstatsd
Description: A type confusion issue existed in systemstatsd's
handling of interprocess communication. By sending a maliciously
formatted message to systemstatsd, it may have been possible to
execute arbitrary code as the systemstatsd process. The issue was
addressed through additional type checking.
CVE-ID
CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze
Networks
TrueTypeScaler
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Processing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team
zip
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: Extracting a maliciously crafted zip file using the unzip
tool may lead to an unexpected application termination or arbitrary
code execution
Description: Multiple memory corruption issues existed in the
handling of zip files. These issues were addressed through improved
memory handling.
CVE-ID
CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7.
https://support.apple.com/en-us/HT204950
OS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue
mFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7
kbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo
EKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w
aGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH
cMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL
U4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+
aftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U
TUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC
3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J
1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI
+gGm5FbAxjxElgA/gbaq
=KLda
-----END PGP SIGNATURE-----
| VAR-201503-0055 | CVE-2015-0286 | OpenSSL ‘ ASN1_TYPE_cmp 'Function security vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. OpenSSL is prone to denial-of-service vulnerability.
An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. The Common Vulnerabilities and Exposures project
identifies the following issues:
CVE-2015-0286
Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.
CVE-2015-0287
Emilia Kaesper discovered a memory corruption in ASN.1 parsing.
CVE-2015-0292
It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.
CVE-2015-0209
It was discovered that a malformed EC private key might result in
memory corruption.
CVE-2015-0288
It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service. In this update the export ciphers are removed
from the default cipher list. The
updates are available from the following URL:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=OPENSSL11I
HP-UX Release
HP-UX OpenSSL depot name
B.11.11 (11i v1)
OpenSSL_A.00.09.08zf.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2)
OpenSSL_A.00.09.08zf.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
OpenSSL_A.00.09.08zf.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install HP-UX OpenSSL A.00.09.08zf or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
OS X El Capitan 10.11 is now available and addresses the following:
Address Book
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to inject arbitrary code to
processes loading the Address Book framework
Description: An issue existed in Address Book framework's handling
of an environment variable. This issue was addressed through improved
environment variable handling.
CVE-ID
CVE-2015-5897 : Dan Bastone of Gotham Digital Science
AirScan
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may be able
to extract payload from eSCL packets sent over a secure connection
Description: An issue existed in the processing of eSCL packets.
This issue was addressed through improved validation checks.
CVE-ID
CVE-2015-5853 : an anonymous researcher
apache_mod_php
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.27, including one which may have led to remote code execution.
This issue was addressed by updating PHP to version 5.5.27.
CVE-ID
CVE-2014-9425
CVE-2014-9427
CVE-2014-9652
CVE-2014-9705
CVE-2014-9709
CVE-2015-0231
CVE-2015-0232
CVE-2015-0235
CVE-2015-0273
CVE-2015-1351
CVE-2015-1352
CVE-2015-2301
CVE-2015-2305
CVE-2015-2331
CVE-2015-2348
CVE-2015-2783
CVE-2015-2787
CVE-2015-3329
CVE-2015-3330
Apple Online Store Kit
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may gain access to a user's keychain
items
Description: An issue existed in validation of access control lists
for iCloud keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of
Indiana University, Tongxin Li of Peking University, Tongxin Li of
Peking University, Xiaolong Bai of Tsinghua University
AppleEvents
Available for: Mac OS X v10.6.8 and later
Impact: A user connected through screen sharing can send Apple
Events to a local user's session
Description: An issue existed with Apple Event filtering that
allowed some users to send events to other users. This was addressed
by improved Apple Event handling.
CVE-ID
CVE-2015-5849 : Jack Lawrence (@_jackhl)
Audio
Available for: Mac OS X v10.6.8 and later
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A memory corruption issue existed in the handling of
audio files. This issue issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:
Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
bash
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in bash
Description: Multiple vulnerabilities existed in bash versions prior
to 3.2 patch level 57. These issues were addressed by updating bash
version 3.2 to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Certificate Trust Policy
Available for: Mac OS X v10.6.8 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork Cookies
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A cross-domain cookie issue existed in the handling of
top level domains. The issue was address through improved
restrictions of cookie creation.
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork FTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: Malicious FTP servers may be able to cause the client to
perform reconnaissance on other hosts
Description: An issue existed in the handling of FTP packets when
using the PASV command. This issue was resolved through improved
validation.
CVE-ID
CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A maliciously crafted URL may be able to bypass HSTS and
leak sensitive data
Description: A URL parsing vulnerability existed in HSTS handling.
This issue was addressed through improved URL parsing.
CVE-ID
CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: An issue existed in the handling of HSTS state in
Safari private browsing mode. This issue was addressed through
improved state handling.
CVE-ID
CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies
Available for: Mac OS X v10.6.8 and later
Impact: Connecting to a malicious web proxy may set malicious
cookies for a website
Description: An issue existed in the handling of proxy connect
responses. This issue was addressed by removing the set-cookie header
while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of RC4.
An attacker could force the use of RC4, even if the server preferred
better ciphers, by blocking TLS 1.0 and higher connections until
CFNetwork tried SSL 3.0, which only allows RC4. This issue was
addressed by removing the fallback to SSL 3.0.
CoreCrypto
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an
attacker may have been able to determine the RSA private key. This
issue was addressed using improved encryption algorithms.
CoreText
Available for: Mac OS X v10.6.8 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in dyld. This was
addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : @PanguTeam
Disk Images
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in DiskImages. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
dyld
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : TaiG Jailbreak Team
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application can prevent some systems from
booting
Description: An issue existed with the addresses covered by the
protected range register. This issue was fixed by changing the
protected range.
CVE-ID
CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Apple Ethernet Thunderbolt adapter may be able
to affect firmware flashing
Description: Apple Ethernet Thunderbolt adapters could modify the
host firmware if connected during an EFI update. This issue was
addressed by not loading option ROMs during updates.
CVE-ID
CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
Finder
Available for: Mac OS X v10.6.8 and later
Impact: The "Secure Empty Trash" feature may not securely delete
files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of
Trash files on some systems, such as those with flash storage. This
issue was addressed by removing the "Secure Empty Trash" option.
CVE-ID
CVE-2015-5901 : Apple
Game Center
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Game Center application may be able to access a
player's email address
Description: An issue existed in Game Center in the handling of a
player's email. This issue was addressed through improved access
restrictions.
CVE-ID
CVE-2015-5855 : Nasser Alnasser
Heimdal
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to replay Kerberos credentials to
the SMB server
Description: An authentication issue existed in Kerberos
credentials. This issue was addressed through additional validation
of credentials using a list of recently seen credentials.
CVE-ID
CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu
Fan of Microsoft Corporation, China
ICU
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior
to 53.1.0. These issues were addressed by updating ICU to version
55.1.
CVE-ID
CVE-2014-8146
CVE-2014-8147
CVE-2015-5922
Install Framework Legacy
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to gain root privileges
Description: A restriction issue existed in the Install private
framework containing a privileged executable. This issue was
addressed by removing the executable.
CVE-ID
CVE-2015-5888 : Apple
Intel Graphics Driver
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues existed in the Intel
Graphics Driver. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5830 : Yuki MIZUNO (@mzyy94)
CVE-2015-5877 : Camillus Gerard Cai
IOAudioFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOAudioFamily that led to the
disclosure of kernel memory content. This issue was addressed by
permuting kernel pointers.
CVE-ID
CVE-2015-5864 : Luca Todesco
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5871 : Ilja van Sprundel of IOActive
CVE-2015-5872 : Ilja van Sprundel of IOActive
CVE-2015-5873 : Ilja van Sprundel of IOActive
CVE-2015-5890 : Ilja van Sprundel of IOActive
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOGraphics which could have led to
the disclosure of kernel memory layout. This issue was addressed
through improved memory management.
CVE-ID
CVE-2015-5865 : Luca Todesco
IOHIDFamily
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5866 : Apple
CVE-2015-5867 : moony li of Trend Micro
IOStorageFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
Kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local process can modify other processes without
entitlement checks
Description: An issue existed where root processes using the
processor_set_tasks API were allowed to retrieve the task ports of
other processes. This issue was addressed through additional
entitlement checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaca, working from original research by
Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user
space stack cookies. These issues were addressed through improved
generation of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to launch denial of service attacks
on targeted TCP connections without knowing the correct sequence
number
Description: An issue existed in xnu's validation of TCP packet
headers. This issue was addressed through improved TCP packet header
validation.
CVE-ID
CVE-2015-5879 : Jonathan Looney
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in the
handling of IPv6 router advertisements that allowed an attacker to
set the hop limit to an arbitrary value. This issue was addressed by
enforcing a minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory layout. This was addressed through improved initialization of
kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in debugging interfaces that led to
the disclosure of memory content. This issue was addressed by
sanitizing output from debugging interfaces.
CVE-ID
CVE-2015-5870 : Apple
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to cause a system denial of service
Description: A state management issue existed in debugging
functionality. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
libc
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse
Corporation
libpthread
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
libxpc
Available for: Mac OS X v10.6.8 and later
Impact: Many SSH connections could cause a denial of service
Description: launchd had no limit on the number of processes that
could be started by a network connection. This issue was addressed by
limiting the number of SSH processes to 40.
CVE-ID
CVE-2015-5881 : Apple
Login Window
Available for: Mac OS X v10.6.8 and later
Impact: The screen lock may not engage after the specified time
period
Description: An issue existed with captured display locking. The
issue was addressed through improved lock handling.
CVE-ID
CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau
informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni
Vaahtera, and an anonymous researcher
lukemftpd
Available for: Mac OS X v10.6.8 and later
Impact: A remote attacker may be able to deny service to the FTP
server
Description: A glob-processing issue existed in tnftpd. This issue
was addressed through improved glob validation.
CVE-ID
CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
Mail
Available for: Mac OS X v10.6.8 and later
Impact: Printing an email may leak sensitive user information
Description: An issue existed in Mail which bypassed user
preferences when printing an email. This issue was addressed through
improved user preference enforcement.
CVE-ID
CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,
Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim
Technology Partners
Mail
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position may be able to
intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop
Description: An issue existed in handling encryption parameters for
large email attachments sent via Mail Drop. The issue is addressed by
no longer offering Mail Drop when sending an encrypted e-mail.
CVE-ID
CVE-2015-5884 : John McCombs of Integrated Mapping Ltd
Multipeer Connectivity
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to observe unprotected
multipeer data
Description: An issue existed in convenience initializer handling in
which encryption could be actively downgraded to a non-encrypted
session. This issue was addressed by changing the convenience
initializer to require encryption.
CVE-ID
CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An uninitialized memory issue in the kernel led to the
disclosure of kernel memory content. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2015-5831 : Maxime Villard of m00nbsd
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: An issue existed in parsing links in the Notes
application. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A cross-site scripting issue existed in parsing text by
the Notes application. This issue was addressed through improved
input validation.
CVE-ID
CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
OpenSSH
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSH
Description: Multiple vulnerabilities existed in OpenSSH versions
prior to 6.9. These issues were addressed by updating OpenSSH to
version 6.9.
CVE-ID
CVE-2014-2532
OpenSSL
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL versions
prior to 0.9.8zg. These were addressed by updating OpenSSL to version
0.9.8zg.
CVE-ID
CVE-2015-0286
CVE-2015-0287
procmail
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in procmail
Description: Multiple vulnerabilities existed in procmail versions
prior to 3.22. These issues were addressed by removing procmail.
CVE-ID
CVE-2014-3618
remote_cmds
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with root
privileges
Description: An issue existed in the usage of environment variables
by the rsh binary. This issue was addressed by dropping setuid
privileges from the rsh binary.
CVE-ID
CVE-2015-5889 : Philip Pettersson
removefile
Available for: Mac OS X v10.6.8 and later
Impact: Processing malicious data may lead to unexpected application
termination
Description: An overflow fault existed in the checkint division
routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
Ruby
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in Ruby
Description: Multiple vulnerabilities existed in Ruby versions prior
to 2.0.0p645. These were addressed by updating Ruby to version
2.0.0p645.
CVE-ID
CVE-2014-8080
CVE-2014-8090
CVE-2015-1855
Security
Available for: Mac OS X v10.6.8 and later
Impact: The lock state of the keychain may be incorrectly displayed
to the user
Description: A state management issue existed in the way keychain
lock status was tracked. This issue was addressed through improved
state management.
CVE-ID
CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,
Eric E. Lawrence, Apple
Security
Available for: Mac OS X v10.6.8 and later
Impact: A trust evaluation configured to require revocation checking
may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was
specified but not implemented. This issue was addressed by
implementing the flag.
CVE-ID
CVE-2015-5894 : Hannes Oud of kWallet GmbH
Security
Available for: Mac OS X v10.6.8 and later
Impact: A remote server may prompt for a certificate before
identifying itself
Description: Secure Transport accepted the CertificateRequest
message before the ServerKeyExchange message. This issue was
addressed by requiring the ServerKeyExchange first.
CVE-ID
CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of
Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5891 : Ilja van Sprundel of IOActive
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in SMBClient that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-5893 : Ilja van Sprundel of IOActive
SQLite
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5.
These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
Telephony
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker can place phone calls without the user's
knowledge when using Continuity
Description: An issue existed in the authorization checks for
placing phone calls. This issue was addressed through improved
authorization checks.
CVE-ID
CVE-2015-3785 : Dan Bastone of Gotham Digital Science
Terminal
Available for: Mac OS X v10.6.8 and later
Impact: Maliciously crafted text could mislead the user in Terminal
Description: Terminal did not handle bidirectional override
characters in the same way when displaying text and when selecting
text. This issue was addressed by suppressing bidirectional override
characters in Terminal.
CVE-ID
CVE-2015-5883 : an anonymous researcher
tidy
Available for: Mac OS X v10.6.8 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in tidy.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Munoz of NULLGroup.com
CVE-2015-5523 : Fernando Munoz of NULLGroup.com
Time Machine
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may gain access to keychain items
Description: An issue existed in backups by the Time Machine
framework. This issue was addressed through improved coverage of Time
Machine backups.
CVE-ID
CVE-2015-5854 : Jonas Magazinius of Assured AB
Note: OS X El Capitan 10.11 includes the security content of
Safari 9: https://support.apple.com/kb/HT205265.
OS X El Capitan 10.11 may be obtained from the Mac App Store:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw
S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO
/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6
QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54
YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop
hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O
c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR
8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r
N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT
fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1
nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e
g6jld/w5tPuCFhGucE7Z
=XciV
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04626468
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04626468
Version: 1
HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running
OpenSSL, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-04-06
Last Updated: 2015-04-06
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP IceWall SSO
MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be
exploited remotely resulting in Denial of Service (DoS).
References:
CVE-2015-0209
CVE-2015-0286
CVE-2015-0287
CVE-2015-0288
CVE-2015-0289
SSRT102007
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP IceWall MCRP version 2.1, 2.1 SP1, 2.1 SP2, and 3.0
HP IceWall SSO Dfw version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and 10.0
HP IceWall SSO Agent version 8.0 and 8.0 2007 Update Release 2
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates or workarounds to resolve the
vulnerabilities for HP IceWall SSO MCRP, SSO Dfw, and SSO Agent.
Workaround for HP IceWall SSO MCRP:
- If possible, do not use the CLIENT_CERT and CLIENT_CERTKEY settings in
the host configuration file. Not setting these will prevent MCRP from using
those client certificates for communicating with the back-end web servers.
- If the CLIENT_CERT and CLIENT_CERTKEY settings must be used, then there
is no workaround other than applying a vendor patch for OpenSSL for these
vulnerabilities.
Workaround for HP IceWall SSO Dfw and SSO Agent:
- If possible, do not use client certificates for SSL communication
between the client and server which are running HP IceWall SSO Dfw or SSO
Agent.
- If client certificates for SSL communication between the client and
server must be used, then there is no workaround other than applying a vendor
patch for OpenSSL for these vulnerabilities.
Software updates to resolve the vulnerabilities for OpenSSL:
1. IceWall SSO Dfw 10.0 running on RHEL could be using either the OS
bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still
using the OpenSSL bundled with HP IceWall, please switch to the OpenSSL
library bundled with the OS, and then follow the instructions in step 3.
Documents are available at the following location with instructions to
switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
2. For IceWall SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3 which bundle OpenSSL,
please download the updated OpenSSL at the following location:
http://www.hp.com/jp/icewall_patchaccess
3. For IceWall products running on HP-UX which are using the OS bundled
OpenSSL, please apply the HP-UX OpenSSL update for openssl-0.9.8zf when it is
available from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?product
Number=OPENSSL11I
Note: The HP IceWall product is only available in Japan.
HISTORY
Version:1 (rev.1) - 6 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:062
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : openssl
Date : March 27, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows
remote attackers to inject data across sessions or cause a denial of
service (use-after-free and parsing error) via an SSL connection in
a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does
not ensure that certain swap operations have a constant-time behavior,
which makes it easier for local users to obtain ECDSA nonces via a
FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before
1.0.1g do not properly handle Heartbeat Extension packets, which allows
remote attackers to obtain sensitive information from process memory
via crafted packets that trigger a buffer over-read, as demonstrated
by reading private keys, related to d1_both.c and t1_lib.c, aka the
Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h does not properly restrict processing of ChangeCipherSpec
messages, which allows man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL communications,
and consequently hijack sessions or obtain sensitive information,
via a crafted TLS handshake, aka the CCS Injection vulnerability
(CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
products, uses nondeterministic CBC padding, which makes it easier
for man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue
became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before
1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square
of a BIGNUM value, which might make it easier for remote attackers to
defeat cryptographic protection mechanisms via unspecified vectors,
related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and
crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote
SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger
a loss of forward secrecy by omitting the ServerKeyExchange message
(CVE-2014-3572).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL
servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate
brute-force decryption by offering a weak ephemeral RSA key in a
noncompliant role, related to the FREAK issue. NOTE: the scope of
this CVE is only client code based on OpenSSL, not EXPORT_RSA issues
associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before
1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a
Diffie-Hellman (DH) certificate without requiring a CertificateVerify
message, which allows remote attackers to obtain access without
knowledge of a private key via crafted TLS Handshake Protocol traffic
to a server that recognizes a Certification Authority with DH support
(CVE-2015-0205).
The updated packages have been upgraded to the 1.0.1m version where
these security flaws has been fixed.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://openssl.org/news/secadv_20150108.txt
http://openssl.org/news/secadv_20150319.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm
9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm
58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm
b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm
a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm
521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2015:0715-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0715.html
Issue date: 2015-03-23
CVE Names: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287
CVE-2015-0288 CVE-2015-0289 CVE-2015-0292
CVE-2015-0293
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()
function.
(CVE-2015-0286)
An integer underflow flaw, leading to a buffer overflow, was found in the
way OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because
the data being transferred is not Base64-encoded. (CVE-2015-0292)
A denial of service flaw was found in the way OpenSSL handled SSLv2
handshake messages. A remote attacker could use this flaw to cause a
TLS/SSL server using OpenSSL to exit on a failed assertion if it had both
the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)
A use-after-free flaw was found in the way OpenSSL imported malformed
Elliptic Curve private keys. A specially crafted key file could cause an
application using OpenSSL to crash when imported. (CVE-2015-0209)
An out-of-bounds write flaw was found in the way OpenSSL reused certain
ASN.1 structures. (CVE-2015-0287)
A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate
handling implementation. (CVE-2015-0288)
A NULL pointer dereference was found in the way OpenSSL handled certain
PKCS#7 inputs. An attacker able to make an application using OpenSSL
verify, decrypt, or parse a specially crafted PKCS#7 input could cause that
application to crash. TLS/SSL clients and servers using OpenSSL were not
affected by this flaw. (CVE-2015-0289)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,
and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL
development team as the original reporter of CVE-2015-0286, Emilia Käsper
of the OpenSSL development team as the original reporter of CVE-2015-0287,
Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski
of Google as the original reporter of CVE-2015-0289, Robert Dugal and David
Ramos as the original reporters of CVE-2015-0292, and Sean Burford of
Google and Emilia Käsper of the OpenSSL development team as the original
reporters of CVE-2015-0293.
All openssl users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library must be restarted, or
the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import
1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
1202380 - CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption
1202384 - CVE-2015-0289 openssl: PKCS7 NULL pointer dereference
1202395 - CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding
1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers
1202418 - CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-30.el6_6.7.src.rpm
i386:
openssl-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.7.i686.rpm
openssl-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
openssl-perl-1.0.1e-30.el6_6.7.i686.rpm
openssl-static-1.0.1e-30.el6_6.7.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-30.el6_6.7.src.rpm
x86_64:
openssl-1.0.1e-30.el6_6.7.i686.rpm
openssl-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-30.el6_6.7.src.rpm
i386:
openssl-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
ppc64:
openssl-1.0.1e-30.el6_6.7.ppc.rpm
openssl-1.0.1e-30.el6_6.7.ppc64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.ppc.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm
openssl-devel-1.0.1e-30.el6_6.7.ppc.rpm
openssl-devel-1.0.1e-30.el6_6.7.ppc64.rpm
s390x:
openssl-1.0.1e-30.el6_6.7.s390.rpm
openssl-1.0.1e-30.el6_6.7.s390x.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.s390.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm
openssl-devel-1.0.1e-30.el6_6.7.s390.rpm
openssl-devel-1.0.1e-30.el6_6.7.s390x.rpm
x86_64:
openssl-1.0.1e-30.el6_6.7.i686.rpm
openssl-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-perl-1.0.1e-30.el6_6.7.i686.rpm
openssl-static-1.0.1e-30.el6_6.7.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm
openssl-perl-1.0.1e-30.el6_6.7.ppc64.rpm
openssl-static-1.0.1e-30.el6_6.7.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm
openssl-perl-1.0.1e-30.el6_6.7.s390x.rpm
openssl-static-1.0.1e-30.el6_6.7.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-30.el6_6.7.src.rpm
i386:
openssl-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.7.i686.rpm
openssl-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
openssl-perl-1.0.1e-30.el6_6.7.i686.rpm
openssl-static-1.0.1e-30.el6_6.7.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0209
https://access.redhat.com/security/cve/CVE-2015-0286
https://access.redhat.com/security/cve/CVE-2015-0287
https://access.redhat.com/security/cve/CVE-2015-0288
https://access.redhat.com/security/cve/CVE-2015-0289
https://access.redhat.com/security/cve/CVE-2015-0292
https://access.redhat.com/security/cve/CVE-2015-0293
https://access.redhat.com/security/updates/classification/#moderate
https://www.openssl.org/news/secadv_20150319.txt
https://access.redhat.com/articles/1384453
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVEJ3JXlSAg2UNWIIRAsnPAJsFc2cGj1Hg8zbtE3wCCEj2hRaLaQCfaVRX
z2xamw9PEJVbuKTXaQeLRmQ=
=ZkF+
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded.
Fixes several bugs and security issues:
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
o Removed the export ciphers from the DEFAULT ciphers
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 packages:
9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz
706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages:
5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz
fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Slackware 13.1 packages:
1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz
2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages:
f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz
0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Slackware 13.37 packages:
7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz
e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages:
379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz
54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Slackware 14.0 packages:
8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz
bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz
acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz
b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz
25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Slackware -current packages:
0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz
b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz
Slackware x86_64 -current packages:
99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz
9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a
replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,
CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,
CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,
CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,
CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)
* This update fixes several flaws in libxml2. (CVE-2016-1762,
CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,
CVE-2016-7141)
* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
* This update fixes two flaws in mod_cluster. (CVE-2016-4459,
CVE-2016-8612)
* A buffer overflow flaw when concatenating virtual host names and URIs was
fixed in mod_jk. (CVE-2016-6808)
* A memory leak flaw was fixed in expat.
See the corresponding CVE pages linked to in the References section for
more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files). JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]
JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6
| VAR-201504-0478 | CVE-2015-3415 | SQLite of vdbe.c of sqlite3VdbeExec Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. SQLite is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. An arbitrary code-execution vulnerability
3. A memory-corruption vulnerability
4. Multiple denial-of-service vulnerabilities
An attacker can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions.
SQLite versions prior to 3.8.9 are vulnerable. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. The system has the characteristics of independence, isolation, and cross-platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: SQLite: Multiple vulnerabilities
Date: July 07, 2015
Bugs: #546626
ID: 201507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in SQLite, allowing
context-dependent attackers to cause a Denial of Service condition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/sqlite < 3.8.9 >= 3.8.9
Description
===========
Multiple vulnerabilities have been discovered in SQLite. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All SQLite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.8.9"
References
==========
[ 1 ] CVE-2015-3414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3414
[ 2 ] CVE-2015-3415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3415
[ 3 ] CVE-2015-3416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3416
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201507-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: sqlite security update
Advisory ID: RHSA-2015:1635-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1635.html
Issue date: 2015-08-17
CVE Names: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416
=====================================================================
1. Summary:
An updated sqlite package that fixes three security issues is now available
for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
3. Description:
SQLite is a C library that implements an SQL database engine. A large
subset of SQL92 is supported. A complete database is stored in a single
disk file. The API is designed for convenience and ease of use.
Applications that link against SQLite can enjoy the power and flexibility
of an SQL database without the administrative hassles of supporting a
separate database server.
A flaw was found in the way SQLite handled dequoting of collation-sequence
names. A local attacker could submit a specially crafted COLLATE statement
that would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3414)
It was found that SQLite's sqlite3VdbeExec() function did not properly
implement comparison operators. A local attacker could submit a specially
crafted CHECK statement that would crash the SQLite process, or have other
unspecified impacts. (CVE-2015-3415)
It was found that SQLite's sqlite3VXPrintf() function did not properly
handle precision and width values during floating-point conversions.
A local attacker could submit a specially crafted SELECT statement that
would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3416)
All sqlite users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1212353 - CVE-2015-3414 sqlite: use of uninitialized memory when parsing collation sequences in src/where.c
1212356 - CVE-2015-3415 sqlite: invalid free() in src/vdbe.c
1212357 - CVE-2015-3416 sqlite: stack buffer overflow in src/printf.c
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
sqlite-3.7.17-6.el7_1.1.src.rpm
x86_64:
sqlite-3.7.17-6.el7_1.1.i686.rpm
sqlite-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm
x86_64:
lemon-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
sqlite-3.7.17-6.el7_1.1.src.rpm
x86_64:
sqlite-3.7.17-6.el7_1.1.i686.rpm
sqlite-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm
x86_64:
lemon-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
sqlite-3.7.17-6.el7_1.1.src.rpm
ppc64:
sqlite-3.7.17-6.el7_1.1.ppc.rpm
sqlite-3.7.17-6.el7_1.1.ppc64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.ppc.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm
sqlite-devel-3.7.17-6.el7_1.1.ppc.rpm
sqlite-devel-3.7.17-6.el7_1.1.ppc64.rpm
s390x:
sqlite-3.7.17-6.el7_1.1.s390.rpm
sqlite-3.7.17-6.el7_1.1.s390x.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.s390.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm
sqlite-devel-3.7.17-6.el7_1.1.s390.rpm
sqlite-devel-3.7.17-6.el7_1.1.s390x.rpm
x86_64:
sqlite-3.7.17-6.el7_1.1.i686.rpm
sqlite-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
sqlite-3.7.17-6.ael7b_1.1.src.rpm
ppc64le:
sqlite-3.7.17-6.ael7b_1.1.ppc64le.rpm
sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm
sqlite-devel-3.7.17-6.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm
ppc64:
lemon-3.7.17-6.el7_1.1.ppc64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.ppc64.rpm
s390x:
lemon-3.7.17-6.el7_1.1.s390x.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm
sqlite-tcl-3.7.17-6.el7_1.1.s390x.rpm
x86_64:
lemon-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.ael7b_1.1.noarch.rpm
ppc64le:
lemon-3.7.17-6.ael7b_1.1.ppc64le.rpm
sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm
sqlite-tcl-3.7.17-6.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
sqlite-3.7.17-6.el7_1.1.src.rpm
x86_64:
sqlite-3.7.17-6.el7_1.1.i686.rpm
sqlite-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-devel-3.7.17-6.el7_1.1.i686.rpm
sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch:
sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm
x86_64:
lemon-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm
sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3414
https://access.redhat.com/security/cve/CVE-2015-3415
https://access.redhat.com/security/cve/CVE-2015-3416
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFV0c4vXlSAg2UNWIIRAk8jAJ9ya3aROVTX8RDQ+RlCcls0ddR6CACfaeH9
Q91hN45yeXgVnmom/HYSQRU=
=814S
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ============================================================================
Ubuntu Security Notice USN-2698-1
July 30, 2015
sqlite3 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
SQLite could be made to crash or run programs if it processed specially
crafted queries. This issue only affected Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.04. This issue only affected Ubuntu 15.04. (CVE-2015-3416)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libsqlite3-0 3.8.7.4-1ubuntu0.1
Ubuntu 14.04 LTS:
libsqlite3-0 3.8.2-1ubuntu2.1
Ubuntu 12.04 LTS:
libsqlite3-0 3.7.9-2ubuntu1.2
In general, a standard system update will make all the necessary changes.
For the stable distribution (jessie), these problems have been fixed in
version 3.8.7.1-1+deb8u1.
For the testing distribution (stretch), these problems have been fixed in
version 3.8.9-1.
For the unstable distribution (sid), these problems have been fixed in
version 3.8.9-1.
We recommend that you upgrade your sqlite3 packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-03-28-2 Additional information for
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
iTunes for Windows 12.6 addresses the following:
APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A client certificate was sent in plaintext. This issue
was addressed through improved certificate handling.
CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical
University Munich (TUM)
Entry added March 28, 2017
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in expat
Description: Multiple issues existed in expat. These issues were
addressed by updating expat to version 2.2.0.
CVE-2009-3270
CVE-2009-3560
CVE-2009-3720
CVE-2012-1147
CVE-2012-1148
CVE-2012-6702
CVE-2015-1283
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
libxslt
Available for: Windows 7 and later
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-5029: Holger Fuhrmannek
Entry added March 28, 2017
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab
(tencent.com) working with Trend Micro's Zero Day Initiative
Entry added March 28, 2017
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in element handling. This
issue was addressed through improved validation.
CVE-2017-2479: lokihardt of Google Project Zero
CVE-2017-2480: lokihardt of Google Project Zero
Entry added March 28, 2017
Installation note:
iTunes for Windows 12.6 may be obtained from:
https://www.apple.com/itunes/download/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj
/zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX
sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/
YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER
AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc
diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp
esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom
g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+
lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw
iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE
9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo
VkUmhXDNi0csm+QTi7ZP
=hPjT
-----END PGP SIGNATURE-----
| VAR-201504-0477 | CVE-2015-3414 | SQLite Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. An arbitrary code-execution vulnerability
3. A memory-corruption vulnerability
4. Multiple denial-of-service vulnerabilities
An attacker can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions.
SQLite versions prior to 3.8.9 are vulnerable. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. The system has the characteristics of independence, isolation, and cross-platform. The vulnerability is caused by the program not correctly handling the 'dequote' operation of the collation-sequence name. ============================================================================
Ubuntu Security Notice USN-2698-1
July 30, 2015
sqlite3 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
SQLite could be made to crash or run programs if it processed specially
crafted queries.
Software Description:
- sqlite3: C library that implements an SQL database engine
Details:
It was discovered that SQLite incorrectly handled skip-scan optimization. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7443)
Michal Zalewski discovered that SQLite incorrectly handled dequoting of
collation-sequence names. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.04. (CVE-2015-3414)
Michal Zalewski discovered that SQLite incorrectly implemented comparison
operators. This issue only affected Ubuntu 15.04. (CVE-2015-3415)
Michal Zalewski discovered that SQLite incorrectly handle printf precision
and width values during floating-point conversions. (CVE-2015-3416)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libsqlite3-0 3.8.7.4-1ubuntu0.1
Ubuntu 14.04 LTS:
libsqlite3-0 3.8.2-1ubuntu2.1
Ubuntu 12.04 LTS:
libsqlite3-0 3.7.9-2ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2698-1
CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
Package Information:
https://launchpad.net/ubuntu/+source/sqlite3/3.8.7.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/sqlite3/3.8.2-1ubuntu2.1
https://launchpad.net/ubuntu/+source/sqlite3/3.7.9-2ubuntu1.2
.
For the stable distribution (jessie), these problems have been fixed in
version 3.8.7.1-1+deb8u1.
For the testing distribution (stretch), these problems have been fixed in
version 3.8.9-1.
For the unstable distribution (sid), these problems have been fixed in
version 3.8.9-1.
We recommend that you upgrade your sqlite3 packages.
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
https://bugzilla.redhat.com/show_bug.cgi?id=1212353
https://bugzilla.redhat.com/show_bug.cgi?id=1212356
https://bugzilla.redhat.com/show_bug.cgi?id=1212357
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
adb7e2731d814af7948c8a65662e7c71 mbs1/x86_64/lemon-3.8.9-1.mbs1.x86_64.rpm
8c9620460c62d0f7d07bd5fee68ac038 mbs1/x86_64/lib64sqlite3_0-3.8.9-1.mbs1.x86_64.rpm
f060fd3ca68302f59e47e9bc1b336d4b mbs1/x86_64/lib64sqlite3-devel-3.8.9-1.mbs1.x86_64.rpm
0fdd2e8a7456b51773b2a131534b9867 mbs1/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs1.x86_64.rpm
14682c0d09a3dc73f4405ee136c6115d mbs1/x86_64/sqlite3-tcl-3.8.9-1.mbs1.x86_64.rpm
c2fc81b9162865ecdcef85aaa805507f mbs1/x86_64/sqlite3-tools-3.8.9-1.mbs1.x86_64.rpm
474e6b9bc6a7299f8ab34a90893bbd96 mbs1/SRPMS/sqlite3-3.8.9-1.mbs1.src.rpm
Mandriva Business Server 2/X86_64:
44c4a002a3480388751603981327a21d mbs2/x86_64/lemon-3.8.9-1.mbs2.x86_64.rpm
9d2ded51447e5f133c37257635ef4f22 mbs2/x86_64/lib64sqlite3_0-3.8.9-1.mbs2.x86_64.rpm
42c8fce0126487fa0a72b4f5f1b5e852 mbs2/x86_64/lib64sqlite3-devel-3.8.9-1.mbs2.x86_64.rpm
a93c0f348006f6675779bf7cd5c9f547 mbs2/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs2.x86_64.rpm
792f42a7a38d7947e7b5d0ea67510de2 mbs2/x86_64/sqlite3-tcl-3.8.9-1.mbs2.x86_64.rpm
947e30fcb8c4f19b1398d6e29adc29ac mbs2/x86_64/sqlite3-tools-3.8.9-1.mbs2.x86_64.rpm
150cb2acc870d5ca8a343f21edef4248 mbs2/SRPMS/sqlite3-3.8.9-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-03-28-2 Additional information for
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
iTunes for Windows 12.6 addresses the following:
APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A client certificate was sent in plaintext. This issue
was addressed through improved certificate handling.
CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical
University Munich (TUM)
Entry added March 28, 2017
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in expat
Description: Multiple issues existed in expat. These issues were
addressed by updating expat to version 2.2.0.
CVE-2009-3270
CVE-2009-3560
CVE-2009-3720
CVE-2012-1147
CVE-2012-1148
CVE-2012-6702
CVE-2015-1283
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
libxslt
Available for: Windows 7 and later
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-5029: Holger Fuhrmannek
Entry added March 28, 2017
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab
(tencent.com) working with Trend Micro's Zero Day Initiative
Entry added March 28, 2017
WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in element handling. This
issue was addressed through improved validation.
CVE-2017-2479: lokihardt of Google Project Zero
CVE-2017-2480: lokihardt of Google Project Zero
Entry added March 28, 2017
Installation note:
iTunes for Windows 12.6 may be obtained from:
https://www.apple.com/itunes/download/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj
/zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX
sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/
YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER
AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc
diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp
esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom
g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+
lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw
iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE
9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo
VkUmhXDNi0csm+QTi7ZP
=hPjT
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] php (SSA:2015-198-02)
New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
f34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz
Slackware 14.1 package:
6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz
Slackware -current package:
020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz
Slackware x86_64 -current package:
681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.43-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlWpWykACgkQakRjwEAQIjNnZQCggRIu0k8CJLXAS7PNYC6Sl8oh
WDEAoIvnhdoPno9Yz/j/gOr6MqUljkpe
=n4jG
-----END PGP SIGNATURE-----
| VAR-201504-0479 | CVE-2015-3416 | SQLite of printf.c of sqlite3VXPrintf Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. SQLite is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. An arbitrary code-execution vulnerability
3. A memory-corruption vulnerability
4. Multiple denial-of-service vulnerabilities
An attacker can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions.
SQLite versions prior to 3.8.9 are vulnerable. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. The system has the characteristics of independence, isolation, and cross-platform. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: sqlite security update
Advisory ID: RHSA-2015:1634-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1634.html
Issue date: 2015-08-17
CVE Names: CVE-2015-3416
=====================================================================
1. Summary:
An updated sqlite package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
SQLite is a C library that implements an SQL database engine. A large
subset of SQL92 is supported. A complete database is stored in a single
disk file. The API is designed for convenience and ease of use.
Applications that link against SQLite can enjoy the power and flexibility
of an SQL database without the administrative hassles of supporting a
separate database server.
A local attacker could submit a specially crafted SELECT statement that
would crash the SQLite process, or have other unspecified impacts.
(CVE-2015-3416)
All sqlite users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1212357 - CVE-2015-3416 sqlite: stack buffer overflow in src/printf.c
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
sqlite-3.6.20-1.el6_7.2.src.rpm
i386:
sqlite-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
x86_64:
sqlite-3.6.20-1.el6_7.2.i686.rpm
sqlite-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
lemon-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
sqlite-doc-3.6.20-1.el6_7.2.i686.rpm
sqlite-tcl-3.6.20-1.el6_7.2.i686.rpm
x86_64:
lemon-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-doc-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-tcl-3.6.20-1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
sqlite-3.6.20-1.el6_7.2.src.rpm
x86_64:
sqlite-3.6.20-1.el6_7.2.i686.rpm
sqlite-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
lemon-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-doc-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-tcl-3.6.20-1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
sqlite-3.6.20-1.el6_7.2.src.rpm
i386:
sqlite-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
ppc64:
sqlite-3.6.20-1.el6_7.2.ppc.rpm
sqlite-3.6.20-1.el6_7.2.ppc64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.ppc.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.ppc64.rpm
sqlite-devel-3.6.20-1.el6_7.2.ppc.rpm
sqlite-devel-3.6.20-1.el6_7.2.ppc64.rpm
s390x:
sqlite-3.6.20-1.el6_7.2.s390.rpm
sqlite-3.6.20-1.el6_7.2.s390x.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.s390.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.s390x.rpm
sqlite-devel-3.6.20-1.el6_7.2.s390.rpm
sqlite-devel-3.6.20-1.el6_7.2.s390x.rpm
x86_64:
sqlite-3.6.20-1.el6_7.2.i686.rpm
sqlite-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
lemon-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-doc-3.6.20-1.el6_7.2.i686.rpm
sqlite-tcl-3.6.20-1.el6_7.2.i686.rpm
ppc64:
lemon-3.6.20-1.el6_7.2.ppc64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.ppc64.rpm
sqlite-doc-3.6.20-1.el6_7.2.ppc64.rpm
sqlite-tcl-3.6.20-1.el6_7.2.ppc64.rpm
s390x:
lemon-3.6.20-1.el6_7.2.s390x.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.s390x.rpm
sqlite-doc-3.6.20-1.el6_7.2.s390x.rpm
sqlite-tcl-3.6.20-1.el6_7.2.s390x.rpm
x86_64:
lemon-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-doc-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-tcl-3.6.20-1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
sqlite-3.6.20-1.el6_7.2.src.rpm
i386:
sqlite-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
x86_64:
sqlite-3.6.20-1.el6_7.2.i686.rpm
sqlite-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-devel-3.6.20-1.el6_7.2.i686.rpm
sqlite-devel-3.6.20-1.el6_7.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
lemon-3.6.20-1.el6_7.2.i686.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.i686.rpm
sqlite-doc-3.6.20-1.el6_7.2.i686.rpm
sqlite-tcl-3.6.20-1.el6_7.2.i686.rpm
x86_64:
lemon-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-debuginfo-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-doc-3.6.20-1.el6_7.2.x86_64.rpm
sqlite-tcl-3.6.20-1.el6_7.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-3416
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFV0c3HXlSAg2UNWIIRAu48AJ9PTcmHen3c4J/aTY8nJ0xfCwg/SwCghsmy
FHgXkj385WyeTGXYB5ZMn04=
=R5+G
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153
iTunes
Available for: Windows 7 and later
Impact: Multiple issues in expat
Description: Multiple issues existed in expat. These issues were
addressed by updating expat to version 2.2.0.
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
https://bugzilla.redhat.com/show_bug.cgi?id=1212353
https://bugzilla.redhat.com/show_bug.cgi?id=1212356
https://bugzilla.redhat.com/show_bug.cgi?id=1212357
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
adb7e2731d814af7948c8a65662e7c71 mbs1/x86_64/lemon-3.8.9-1.mbs1.x86_64.rpm
8c9620460c62d0f7d07bd5fee68ac038 mbs1/x86_64/lib64sqlite3_0-3.8.9-1.mbs1.x86_64.rpm
f060fd3ca68302f59e47e9bc1b336d4b mbs1/x86_64/lib64sqlite3-devel-3.8.9-1.mbs1.x86_64.rpm
0fdd2e8a7456b51773b2a131534b9867 mbs1/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs1.x86_64.rpm
14682c0d09a3dc73f4405ee136c6115d mbs1/x86_64/sqlite3-tcl-3.8.9-1.mbs1.x86_64.rpm
c2fc81b9162865ecdcef85aaa805507f mbs1/x86_64/sqlite3-tools-3.8.9-1.mbs1.x86_64.rpm
474e6b9bc6a7299f8ab34a90893bbd96 mbs1/SRPMS/sqlite3-3.8.9-1.mbs1.src.rpm
Mandriva Business Server 2/X86_64:
44c4a002a3480388751603981327a21d mbs2/x86_64/lemon-3.8.9-1.mbs2.x86_64.rpm
9d2ded51447e5f133c37257635ef4f22 mbs2/x86_64/lib64sqlite3_0-3.8.9-1.mbs2.x86_64.rpm
42c8fce0126487fa0a72b4f5f1b5e852 mbs2/x86_64/lib64sqlite3-devel-3.8.9-1.mbs2.x86_64.rpm
a93c0f348006f6675779bf7cd5c9f547 mbs2/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs2.x86_64.rpm
792f42a7a38d7947e7b5d0ea67510de2 mbs2/x86_64/sqlite3-tcl-3.8.9-1.mbs2.x86_64.rpm
947e30fcb8c4f19b1398d6e29adc29ac mbs2/x86_64/sqlite3-tools-3.8.9-1.mbs2.x86_64.rpm
150cb2acc870d5ca8a343f21edef4248 mbs2/SRPMS/sqlite3-3.8.9-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. This could allow remote attackers to cause
a denial of service (crash) or possibly have unspecified other impact.
Note that this issue had already been fixed for the stable distribution
(jessie) as part of DSA 3252-1.
For the oldstable distribution (wheezy), this problem has been fixed
in version 3.7.13-1+deb7u2.
For the stable distribution (jessie), this problem has been fixed in
version 3.8.7.1-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed
in version 3.8.10.2-1.
For the unstable distribution (sid), this problem has been fixed in
version 3.8.10.2-1.
We recommend that you upgrade your sqlite3 packages.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
f34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz
Slackware 14.1 package:
6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz
Slackware -current package:
020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz
Slackware x86_64 -current package:
681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.43-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address
| VAR-201503-0170 | CVE-2015-0667 | Cisco Content Services Switch 11500 Vulnerability that bypasses restrictions on local network devices in device management interface |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855. Vendors have confirmed this vulnerability Bug ID CSCut14855 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlSkillfully crafted by a third party SSH Through packets, there are bypasses to local network devices. This may aid in further attacks
| VAR-201503-0199 | CVE-2015-2281 | Fortinet Single Sign On of collectoragent.exe Vulnerable to stack-based buffer overflow |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000. Multiple Fortinet products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. This may also lead to a full network compromise. Fortinet Single Sign On (FSSO) is a single sign-on solution from Fortinet. A stack-based buffer overflow vulnerability exists in the collectoragent.exe file of versions prior to FSSO build 164
| VAR-201503-0099 | CVE-2015-1075 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Apple Safari Used in etc. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in Apple Safari. The following versions are affected: Apple Safari prior to 6.2.4, 7.x prior to 7.1.4, and 8.x prior to 8.0.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4
Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and
address the following:
WebKit
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. This issue was addressed
through improved user interface consistency checks.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJVCHNfAAoJEBcWfLTuOo7twwcQAJw+o6wILW0ZLtMEV3DugttG
5agZqzvO1CdpmtqlUlyEJhQ1r9SrzBnqaTqgXUzMZv/ZFRR0FrgKnEcqJXH82K6y
wAVOIwDWKazKbzvYMOOREYQ1JCCRHJnA/I4+8/RGkZAqXhrWgIqbGikxDND3BGfP
RnM4ae9oQxGIbiZeyGCVWbGi/WEvsXY20tHZLelK0GzUZw+KaYQqPL8K681LOWaT
KB3l85vXl4a6rHFE9oz25dh5dlOUUVlUtXQAjffchS/hyBBCTIxBEpu2iACx6h8L
5UmSs7pilr3bmlA2FQakfHTMWgBfWIiwxYyNY5C/s0UnUx+uMuW9kR/NSjFyrQUB
wvlKPQ+oKM4m5WoorgM57XhSbcL/Rf6YVmN6sYf27TISLDHxvCAy5wK5xyyL8zTo
KWiMJCmDzlhRInlC2VfJNFZvdr/1xfogNXOQTWGsFXCbKAzs4HT5dPhg5QjyJ/fq
tJH5gtXo/MklMke9zJYhdLhdCGI26h2kmnV7ugelNxdxYS99UyKsS9vnIEkc4C4t
pAdB6PH1V0KMvXMoUerDWkJyPy4vvaAXPsaGVjbaNRfK+BwEDtjrsY7UbNsrPIrc
ef+hjfnkTEnFWnpBW4A+YVpLQz/uMLDcsePMkwR2tKq1LEBHyKhqbKiAXt1HVd6H
B5CGJrtHUaXWG0BwUmnn
=d/wD
-----END PGP SIGNATURE-----
| VAR-201503-0096 | CVE-2015-1072 | Apple Safari Used in etc. Webkit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Apple Safari Used in etc. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in Apple Safari. The following versions are affected: Apple Safari prior to 6.2.4, 7.x prior to 7.1.4, and 8.x prior to 8.0.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-04-08-3 iOS 8.3
iOS 8.3 is now available and addresses the following:
AppleKeyStore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to guess the user's
passcode
Description: iOS allowed access to an interface which allowed
attempts to confirm the user's passcode. This issue was addressed
with improved entitlement checking.
CVE-ID
CVE-2015-1085
Audio Drivers
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOKit objects used by an
audio driver. This issue was addressed through improved validation of
metadata.
CVE-ID
CVE-2015-1086
Backup
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to use the backup system to access
restricted areas of the file system
Description: An issue existed in the relative path evaluation logic
of the backup system. This issues was addressed through improved path
evaluation.
CVE-ID
CVE-2015-1087 : TaiG Jailbreak Team
Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT204132
CFNetwork
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Cookies belonging to one origin may be sent to another
origin
Description: A cross-domain cookie issue existed in redirect
handling. Cookies set in a redirect response could be passed on to a
redirect target belonging to another origin. The issue was address
through improved handling of redirects.
CVE-ID
CVE-2015-1089 : Niklas Keller
CFNetwork
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A user may be unable to fully delete browsing history
Description: Clearing Safari's history did not clear saved HTTP
Strict Transport Security state. The issue was addressed through
improved data deletion.
CVE-ID
CVE-2015-1090
CFNetwork Session
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Authentication credentials may be sent to a server on
another origin
Description: A cross-domain HTTP request headers issue existed in
redirect handling. HTTP request headers sent in a redirect response
could be passed on to another origin. The issue was addressed through
improved handling of redirects.
CVE-ID
CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-1088
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2015-1092 : Ikuya Fukumoto
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of font files. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2015-1093 : Marc Schoenefeld
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOAcceleratorFamily that led to the
disclosure of kernel memory content. This issue was addressed by
removing unneeded code.
CVE-ID
CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A memory corruption issue existed in an IOHIDFamily
API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1095 : Andrew Church
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOHIDFamily that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1096 : Ilja van Sprundel of IOActive
IOMobileFramebuffer
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in MobileFrameBuffer that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security
Research Team
iWork Viewer
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-1098 : Christopher Hickstein
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to cause a system denial
of service
Description: A race condition existed in the kernel's setreuid
system call. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may escalate privileges using a
compromised service intended to run with reduced privileges
Description: setreuid and setregid system calls failed to drop
privileges permanently. This issue was addressed by correctly
dropping privileges.
CVE-ID
CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to cause unexpected
system termination or read kernel memory
Description: A out of bounds memory access issue existed in the
kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to cause a denial of service
Description: A state inconsistency existed in the processing of TCP
headers. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to redirect user traffic to arbitrary hosts
Description: ICMP redirects were enabled by default on iOS. This
issue was addressed by disabling ICMP redirects.
CVE-ID
CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to bypass network filters
Description: The system would treat some IPv6 packets from remote
network interfaces as local packets. The issue was addressed by
rejecting these packets.
CVE-ID
CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to cause a denial of service
Description: A state inconsistency issue existed in the handling of
TCP out of band data. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1105 : Kenton Varda of Sandstorm.io
Keyboards
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: QuickType could learn users' passcodes
Description: When using Bluetooth keyboards, QuickType could learn
users' passcodes. This issue was addressed by preventing QuickType
from being displayed on the lockscreen.
CVE-ID
CVE-2015-1106 : Jarrod Dwenger, Steve Favorito, Paul Reedy of
ConocoPhillips, Pedro Tavares of Molecular Biophysics at
UCIBIO/FCT/UNL, De Paul Sunny, Christian Still of Evolve Media,
Canada
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted configuration profile may
lead to unexpected application termination
Description: A memory corruption issue existed in the handling of
configuration profiles. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of
FireEye, Inc.
Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in possession of a device may prevent erasing
the device after failed passcode attempts
Description: In some circumstances, a device might not erase itself
after failed passcode attempts. This issue was addressed through
additional enforcement of erasure.
CVE-ID
CVE-2015-1107 : Brent Erickson, Stuart Ryan of University of
Technology, Sydney
Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in possession of a device may exceed the maximum
number of failed passcode attempts
Description: In some circumstances, the failed passcode attempt
limit was not enforced. This issue was addressed through additional
enforcement of this limit.
CVE-ID
CVE-2015-1108
NetworkExtension
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in possession of a device may be able to recover
VPN credentials
Description: An issue existed in the handling of VPN configuration
logs. This issue was addressed by removing logging of credentials.
CVE-ID
CVE-2015-1109 : Josh Tway of IPVanish
Podcasts
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Unnecessary information may be sent to external servers when
downloading podcast assets
Description: When downloading assets for podcast a user was
subscribed to, unique identifiers were sent to external servers. This
issue was resolved by removing these identifiers.
CVE-ID
CVE-2015-1110 : Alex Selivanov
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A user may be unable to fully delete browsing history
Description: Clearing Safari's history did not clear "Recently
closed tabs". The issue was addressed through improved data deletion.
CVE-ID
CVE-2015-1111 : Frode Moe of LastFriday.no
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Users' browsing history may not be completely purged
Description: A state management issue existed in Safari that
resulted in users' browsing history not being purged from
history.plist. This issue was addressed by improved state management.
CVE-ID
CVE-2015-1112 : William Breuer, The Netherlands
Sandbox Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to access phone numbers
or email addresses of recent contacts
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the sandbox
profile.
CVE-ID
CVE-2015-1113 : Andreas Kurtz of NESO Security Labs, Markus TroBbach
of Heilbronn University
Sandbox Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Hardware identifiers may be accessible by third-party apps
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the sandbox
profile.
CVE-ID
CVE-2015-1114
Telephony
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to access restricted
telephony functions
Description: An access control issue existed in the telephony
subsystem. Sandboxed apps could access restricted telephony
functions. This issue was addressed with improved entitlement
checking.
CVE-ID
CVE-2015-1115 : Andreas Kurtz of NESO Security Labs, Markus TroBbach
of Heilbronn University
UIKit View
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Sensitive data may be exposed in application snapshots
presented in the Task Switcher
Description: An issue existed in UIKit, which did not blur
application snapshots containing sensitive data in the Task Switcher.
This issue was addressed by correctly blurring the snapshot.
CVE-ID
CVE-2015-1116 : The mobile app team at HP Security Voltage, Aaron
Rogers of Mint.com, David Edwards of Tech4Tomorrow, David Zhang of
Dropbox
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Inconsistent user interface may prevent users from
discerning a phishing attack
Description: A user interface inconsistency existed in Safari that
allowed an attacker to misrepresent the URL. This issue was addressed
through improved user interface consistency checks.
CVE-ID
CVE-2015-1084 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-2015-1124 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a user
invoking a click on another website
Description: An issue existed when handling touch events. A tap
could propagate to another website. The issue was addressed through
improved event handling.
CVE-ID
CVE-2015-1125 : Phillip Moon and Matt Weston of www.sandfield.co.nz
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to resources
of another origin being accessed
Description: An issue existed in WebKit when handling credentials in
FTP URLs. This issue was address through improved decoding.
CVE-ID
CVE-2015-1126 : Jouko Pynnonen of Klikki Oy
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKl9AAoJEBcWfLTuOo7tJSQQAISlSqHZbMZOKrc6qCQ3E+Yn
ROyg7duvjIiaOHEiromwOpXjINbRTlhV5I6cseJrZOa7oLhgtIFes7wCo2rj/IjK
pTv3GMc84r7gPY38JE6//rU6Ni9YCuSKt69iOpF2RmKCLrrhjyP/igY/IKro3ujS
YyDgEEtmBtekU/QbUcZb8qfQ+/E0O6ZwZqvmzlmbcmeqM0/xy/lb8MmPcPwSTCTc
oQUj3xF+2OBIyudzQX6PmTFIDQjKYUg2dXEapYhzUhVkaZkdhRsJDaNJR7rlOYhK
Zea99fN+wnRr6F6IklXRTUdf4Lwegjs+kBA0HqrsxTX/LORQu98LWWXJ5vcl7OvE
moZRu46Jw7+AEwC2V3t7Bl6HbeHf3/jtQTV8q7ALdRhOcwgJdQUubRyMl1ZIG0NE
N3M6lxSxlkn5CuPggQcONc1SwkCfplIntxJ8ECDTW/mVc/GrmSN5BH19Lzd3gWFR
vRD5soYzZrTfWaULp+VzepiWz0FpJsJPn/sDQxvZfOzSzIsFKCX3OO671lXC7fV+
Qgl5vPXleUGxgScn0jQEDPrXAj6U85xqfXc+aZn8jKpfMthfukKXM8Tazlz2Ywyj
g2EaerJBFCavTPpQpuq0MOL6RYo2PhlC6tkwT25NaG01v/wEfzs75Dgc2Z15QtaH
ceXrdFVQDQ9LSl38/qPo
=ifj1
-----END PGP SIGNATURE-----