VARIoT IoT vulnerabilities database

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. Apple iOS and TV are prone to a local code-execution vulnerability. Local attackers can exploit this issue to execute arbitrary code. This issue is fixed in: Apple iOS 8.1.1 Apple TV 7.0.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-2 iOS 8.1.3 iOS 8.1.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem Description: A vulnerability existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks. CVE-ID CVE-2014-4480 : TaiG Jailbreak Team CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the iSIGHT Partners GVP Program dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes. CVE-ID CVE-2014-4455 : TaiG Jailbreak Team FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4483 : Apple FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted .dfont file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .dfont files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative Foundation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the XML parser. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4485 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOAcceleratorFamily's handling of resource lists. This issue was addressed by removing unneeded code. CVE-ID CVE-2014-4486 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in IOHIDFamily. This issue was addressed through improved size validation. CVE-ID CVE-2014-4487 : TaiG Jailbreak Team IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOHIDFamily's handling of resource queue metadata. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4488 : Apple IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of event queues. This issue was addressed through improved validation. CVE-ID CVE-2014-4489 : @beist iTunes Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A website may be able to bypass sandbox restrictions using the iTunes Store Description: An issue existed in the handling of URLs redirected from Safari to the iTunes Store that could allow a malicious website to bypass Safari's sandbox restrictions. The issue was addressed with improved filtering of URLs opened by the iTunes Store. CVE-ID CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them. CVE-ID CVE-2014-4491 : @PanguTeam, Stefan Esser Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An issue existed in the kernel shared memory subsystem that allowed an attacker to write to memory that was intended to be read-only. This issue was addressed with stricter checking of shared memory permissions. CVE-ID CVE-2014-4495 : Ian Beer of Google Project Zero Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations. CVE-ID CVE-2014-4496 : TaiG Jailbreak Team libnetcore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious, sandboxed app can compromise the networkd daemon Description: Multiple type confusion issues existed in networkd's handling of interprocess communication. The issue is addressed through additional type checking. CVE-ID CVE-2014-4492 : Ian Beer of Google Project Zero MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise-signed application may be able to take control of the local container for applications already on a device Description: A vulnerability existed in the application installation process. This was addressed by preventing enterprise applications from overriding existing applications in specific scenarios. CVE-ID CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc. Springboard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Enterprise-signed applications may be launched without prompting for trust Description: An issue existed in determining when to prompt for trust when first opening an enterprise-signed application. This issue was addressed through improved code signature validation. CVE-ID CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc. WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A UI spoofing issue existed in the handling of scrollbar boundaries. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4467 : Jordan Milne WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Style sheets are loaded cross-origin which may allow for data exfiltration Description: An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs. CVE-ID CVE-2014-4465 : Rennie deGraaf of iSEC Partners WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "8.1.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb 8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8 tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY CfDJ+b9mxdd8GswiT3OO =j9pr -----END PGP SIGNATURE----- . This was addressed by changes to debugserver's sandbox

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. Apple iOS and Apple TV Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker may exploit this issue by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0002 ------------------------------------------------------------------------ Date reported : December 28, 2015 Advisory ID : WSA-2015-0002 Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192, CVE-2014-4409, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4452, CVE-2014-4459, CVE-2014-4465, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479, CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1084, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1124, CVE-2015-1126, CVE-2015-1127, CVE-2015-1152, CVE-2015-1153, CVE-2015-1154, CVE-2015-1155, CVE-2015-1156, CVE-2015-2330, CVE-2015-3658, CVE-2015-3659, CVE-2015-3660, CVE-2015-3727, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3754, CVE-2015-3755, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5797, CVE-2015-5798, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5822, CVE-2015-5823, CVE-2015-5825, CVE-2015-5826, CVE-2015-5827, CVE-2015-5828, CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-5931, CVE-2015-7002, CVE-2015-7012, CVE-2015-7013, CVE-2015-7014, CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104. Several vulnerabilities were discovered on WebKitGTK+. CVE-2013-6663 Versions affected: WebKitGTK+ before 2.4.0. Credit to Atte Kettunen of OUSPG. CVE-2014-1748 Versions affected: WebKitGTK+ before 2.6.0. Credit to Jordan Milne. The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. CVE-2014-3192 Versions affected: WebKitGTK+ before 2.6.3. Credit to cloudfuzzer. CVE-2014-4409 Versions affected: WebKitGTK+ before 2.6.0. Credit to Yosuke Hasegawa (NetAgent Co., Led.). CVE-2014-4410 Versions affected: WebKitGTK+ before 2.6.0. Credit to Eric Seidel of Google. CVE-2014-4411 Versions affected: WebKitGTK+ before 2.6.0. Credit to Google Chrome Security Team. CVE-2014-4412 Versions affected: WebKitGTK+ before 2.4.0. CVE-2014-4413 Versions affected: WebKitGTK+ before 2.4.0. CVE-2014-4414 Versions affected: WebKitGTK+ before 2.4.0. CVE-2014-4452 Versions affected: WebKitGTK+ before 2.6.0. Credit to unknown. CVE-2014-4459 Versions affected: WebKitGTK+ before 2.6.2. Credit to unknown. CVE-2014-4465 Versions affected: WebKitGTK+ before 2.6.2. Credit to Rennie deGraaf of iSEC Partners. WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. CVE-2014-4466 Versions affected: WebKitGTK+ before 2.6.2. CVE-2014-4468 Versions affected: WebKitGTK+ before 2.6.0. CVE-2014-4469 Versions affected: WebKitGTK+ before 2.6.4. CVE-2014-4470 Versions affected: WebKitGTK+ before 2.6.0. CVE-2014-4471 Versions affected: WebKitGTK+ before 2.6.0. CVE-2014-4472 Versions affected: WebKitGTK+ before 2.6.0. CVE-2014-4473 Versions affected: WebKitGTK+ before 2.6.0. CVE-2014-4474 Versions affected: WebKitGTK+ before 2.6.2. CVE-2014-4475 Versions affected: WebKitGTK+ before 2.6.0. CVE-2014-4476 Versions affected: WebKitGTK+ before 2.6.2. CVE-2014-4477 Versions affected: WebKitGTK+ before 2.6.4. Credit to lokihardt@ASRT working with HP’s Zero Day Initiative. CVE-2014-4479 Versions affected: WebKitGTK+ before 2.6.4. CVE-2015-1068 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1069 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1070 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1071 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1072 Versions affected: WebKitGTK+ before 2.8.0. Credit to unknown. CVE-2015-1073 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1074 Versions affected: WebKitGTK+ before 2.6.4. CVE-2015-1075 Versions affected: WebKitGTK+ before 2.8.0. Credit to Google Chrome Security Team. CVE-2015-1076 Versions affected: WebKitGTK+ before 2.8.0. Credit to unknown. CVE-2015-1077 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1080 Versions affected: WebKitGTK+ before 2.6.0. CVE-2015-1081 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1082 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1083 Versions affected: WebKitGTK+ before 2.6.4. CVE-2015-1084 Versions affected: WebKitGTK+ before 2.6.1. The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. CVE-2015-1119 Versions affected: WebKitGTK+ before 2.8.0. Credit to Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2015-1120 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1121 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1122 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-1124 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1126 Versions affected: WebKitGTK+ before 2.8.0. Credit to Jouko Pynnonen of Klikki Oy. CVE-2015-1127 Versions affected: WebKitGTK+ before 2.8.0. Credit to Tyler C (2.6.5). The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. CVE-2015-1152 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-1153 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1154 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-1155 Versions affected: WebKitGTK+ before 2.10.0. Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day Initiative. CVE-2015-1156 Versions affected: WebKitGTK+ before 2.8.0. Credit to Zachary Durber of Moodle. CVE-2015-2330 Versions affected: WebKitGTK+ before 2.6.6. Credit to Ross Lagerwall. Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. CVE-2015-3658 Versions affected: WebKitGTK+ before 2.8.1. Credit to Brad Hill of Facebook. CVE-2015-3659 Versions affected: WebKitGTK+ before 2.8.3. Credit to Peter Rutenbar working with HP's Zero Day Initiative. CVE-2015-3660 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-3727 Versions affected: WebKitGTK+ before 2.8.1. Credit to Peter Rutenbar working with HP's Zero Day Initiative. CVE-2015-3730 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-3731 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3732 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3733 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3734 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3735 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3736 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3737 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3738 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-3739 Versions affected: WebKitGTK+ before 2.8.1. CVE-2015-3740 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-3741 Versions affected: WebKitGTK+ before 2.8.1. CVE-2015-3742 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-3743 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3744 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-3745 Versions affected: WebKitGTK+ before 2.8.1. CVE-2015-3746 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-3747 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-3748 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3749 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-3750 Versions affected: WebKitGTK+ before 2.10.0. Credit to Muneaki Nishimura (nishimunea). WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client- server data stream. CVE-2015-3751 Versions affected: WebKitGTK+ before 2.10.0. Credit to Muneaki Nishimura (nishimunea). WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. CVE-2015-3752 Versions affected: WebKitGTK+ before 2.8.4. Credit to Muneaki Nishimura (nishimunea). The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross- origin request or (2) a private-browsing request. CVE-2015-3753 Versions affected: WebKitGTK+ before 2.8.3. Credit to Antonio Sanso and Damien Antipa of Adobe. WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. CVE-2015-3754 Versions affected: WebKitGTK+ before 2.10.0. Credit to Dongsung Kim (@kid1ng). CVE-2015-3755 Versions affected: WebKitGTK+ before 2.10.0. Credit to xisigr of Tencent's Xuanwu Lab. WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. CVE-2015-5788 Versions affected: WebKitGTK+ before 2.8.0. The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. CVE-2015-5789 Versions affected: WebKitGTK+ before 2.6.1. CVE-2015-5790 Versions affected: WebKitGTK+ before 2.6.2. CVE-2015-5791 Versions affected: WebKitGTK+ before 2.6.0. CVE-2015-5792 Versions affected: WebKitGTK+ before 2.4.0. CVE-2015-5793 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5794 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5795 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-5797 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5798 Versions affected: WebKitGTK+ before 2.6.0. CVE-2015-5799 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5800 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5801 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5802 Versions affected: WebKitGTK+ before 2.6.0. CVE-2015-5803 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5804 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5805 Versions affected: WebKitGTK+ before 2.10.0. Credit to unknown. CVE-2015-5806 Versions affected: WebKitGTK+ before 2.8.3. CVE-2015-5807 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5809 Versions affected: WebKitGTK+ before 2.8.4. CVE-2015-5810 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5811 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5812 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5813 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5814 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5815 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5816 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5817 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5818 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5819 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5822 Versions affected: WebKitGTK+ before 2.8.1. Credit to Mark S. Miller of Google. CVE-2015-5823 Versions affected: WebKitGTK+ before 2.8.0. CVE-2015-5825 Versions affected: WebKitGTK+ before 2.10.0. Credit to Yossi Oren et al. of Columbia University's Network Security Lab. CVE-2015-5826 Versions affected: WebKitGTK+ before 2.6.5. Credit to filedescriptior, Chris Evans. CVE-2015-5827 Versions affected: WebKitGTK+ before 2.10.0. Credit to Gildas. WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. CVE-2015-5828 Versions affected: WebKitGTK+ before 2.10.0. Credit to Lorenzo Fontana. CVE-2015-5928 Versions affected: WebKitGTK+ before 2.8.4. CVE-2015-5929 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5930 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-5931 Versions affected: WebKitGTK+ before 2.10.0. Credit to unknown. CVE-2015-7002 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-7012 Versions affected: WebKitGTK+ before 2.8.4. CVE-2015-7013 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-7014 Versions affected: WebKitGTK+ before 2.10.0. Credit to unknown. CVE-2015-7048 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-7095 Versions affected: WebKitGTK+ before 2.10.2. CVE-2015-7097 Versions affected: WebKitGTK+ before 2.10.3. CVE-2015-7099 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-7100 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-7102 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-7103 Versions affected: WebKitGTK+ before 2.10.0. CVE-2015-7104 Versions affected: WebKitGTK+ before 2.10.0. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, December 28, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-1 iOS 8.1.1 iOS 8.1.1 is now available and addresses the following: CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Website cache may not be fully cleared after leaving private browsing Description: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior. CVE-ID CVE-2014-4460 dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes. CVE-ID CVE-2014-4455 : @PanguTeam Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata. CVE-ID CVE-2014-4461 : @PanguTeam Lock Screen Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-4451 : Stuart Ryan of University of Technology, Sydney Lock Screen Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the phone may be able to access photos in the Photo Library Description: The Leave a Message option in FaceTime may have allowed viewing and sending photos from the device. This issue was addressed through improved state management. CVE-ID CVE-2014-4463 Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to launch arbitrary binaries on a trusted device Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver's sandbox. CVE-ID CVE-2014-4457 : @PanguTeam Spotlight Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unnecessary information is included as part of the initial connection between Spotlight or Safari and the Spotlight Suggestions servers Description: The initial connection made by Spotlight or Safari to the Spotlight Suggestions servers included a user's approximate location before a user entered a query. This issue was addressed by removing this information from the initial connection and only sending the user's approximate location as part of queries. These issues were addressed through improved memory handling. CVE-ID CVE-2014-4452 CVE-2014-4462 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUajYFAAoJEBcWfLTuOo7tGxsP/RccLDIt/LMluE7bcG9NSz4w tw8AHhkfiDZ+T/nnhqAiS2RQ2cgSfMg8KVzCtbrtXrEgebFTUVlos1vIjMSEkqgp GmSDFn64vZIExVo8w9iTLG/AdW0sERz3h2xVSEr/154AG2SHnL1+nY5abHHycTIG Uuo60+t2OVPtREIcrffmwj6hsYAX1dLAI0QV7PdvjpCc82Snf+yJZCFyjQ23AkQn P9NElRnK+pbhqqnfZXKO3Hbgf5IkuzeSl4Rwrj8nehu+hcEp32a8zH2wbbzDsFTO AyM02SAGLmBM30QcoJYK/s0lCGJBbr9rM5+9dUH6KXc8q/OTLJ0YETdHqwsO29cf XEl5uQT4IHGjlij2f/xYsa0OXbLfyXNeaT5YGlUSIUKNFXRhD6rPccL5V5Ktjnac JxOv0og5L4OBtPykc0XhmRqTIkEC4Cf3RmewA+b8ivsp/LuPjYsdfN1tZ8MXa1a8 C7hhUQSSSTtA3v7oO/LpU8Qw7kV79SkeQcYYTP07QI87cU2HHDejBHCfGjK9cz65 Uf4Sa/leCT0JyQYnx0XOafFTzxIJ2641HtTjuQ3sTKungkE5CR/KyVk2Wul3YqcA Meo//heYRLNa1XANfzV70TcsnQ2lcirzOqiufC+jljsfkQtlAXWim9H9BCc4102b ugp50lE7/p+CbwYvqaZg =x/RM -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and addresses the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 Impact: Style sheets are loaded cross-origin which may allow for data exfiltration Description: An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs. CVE-ID CVE-2014-4465 : Rennie deGraaf of iSEC Partners WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A UI spoofing issue existed in the handling of scrollbar boundaries

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Apple OS X Used in etc. Webkit Use freed memory (Use-after-free) May allow arbitrary code execution vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker may exploit this issue by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0002 ------------------------------------------------------------------------ Date reported : December 28, 2015 Advisory ID : WSA-2015-0002 Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192, CVE-2014-4409, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4452, CVE-2014-4459, CVE-2014-4465, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479, CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1084, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1124, CVE-2015-1126, CVE-2015-1127, CVE-2015-1152, CVE-2015-1153, CVE-2015-1154, CVE-2015-1155, CVE-2015-1156, CVE-2015-2330, CVE-2015-3658, CVE-2015-3659, CVE-2015-3660, CVE-2015-3727, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3754, CVE-2015-3755, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5797, CVE-2015-5798, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5822, CVE-2015-5823, CVE-2015-5825, CVE-2015-5826, CVE-2015-5827, CVE-2015-5828, CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-5931, CVE-2015-7002, CVE-2015-7012, CVE-2015-7013, CVE-2015-7014, CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104. Several vulnerabilities were discovered on WebKitGTK+. CVE-2013-6663 Versions affected: WebKitGTK+ before 2.4.0. Credit to Atte Kettunen of OUSPG. Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view. CVE-2014-1748 Versions affected: WebKitGTK+ before 2.6.0. Credit to Jordan Milne. The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. CVE-2014-3192 Versions affected: WebKitGTK+ before 2.6.3. Credit to cloudfuzzer. Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2014-4409 Versions affected: WebKitGTK+ before 2.6.0. Credit to Yosuke Hasegawa (NetAgent Co., Led.). WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. CVE-2014-4410 Versions affected: WebKitGTK+ before 2.6.0. Credit to Eric Seidel of Google. CVE-2014-4411 Versions affected: WebKitGTK+ before 2.6.0. Credit to Google Chrome Security Team. CVE-2014-4412 Versions affected: WebKitGTK+ before 2.4.0. Credit to Apple. CVE-2014-4413 Versions affected: WebKitGTK+ before 2.4.0. Credit to Apple. CVE-2014-4414 Versions affected: WebKitGTK+ before 2.4.0. Credit to Apple. CVE-2014-4452 Versions affected: WebKitGTK+ before 2.6.0. Credit to unknown. CVE-2014-4459 Versions affected: WebKitGTK+ before 2.6.2. Credit to unknown. CVE-2014-4465 Versions affected: WebKitGTK+ before 2.6.2. Credit to Rennie deGraaf of iSEC Partners. WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. CVE-2014-4466 Versions affected: WebKitGTK+ before 2.6.2. Credit to Apple. CVE-2014-4468 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2014-4469 Versions affected: WebKitGTK+ before 2.6.4. Credit to Apple. CVE-2014-4470 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2014-4471 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2014-4472 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2014-4473 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2014-4474 Versions affected: WebKitGTK+ before 2.6.2. Credit to Apple. CVE-2014-4475 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2014-4476 Versions affected: WebKitGTK+ before 2.6.2. Credit to Apple. CVE-2014-4477 Versions affected: WebKitGTK+ before 2.6.4. Credit to lokihardt@ASRT working with HP’s Zero Day Initiative. CVE-2014-4479 Versions affected: WebKitGTK+ before 2.6.4. Credit to Apple. CVE-2015-1068 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1069 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1070 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1071 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1072 Versions affected: WebKitGTK+ before 2.8.0. Credit to unknown. CVE-2015-1073 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1074 Versions affected: WebKitGTK+ before 2.6.4. Credit to Apple. CVE-2015-1075 Versions affected: WebKitGTK+ before 2.8.0. Credit to Google Chrome Security Team. CVE-2015-1076 Versions affected: WebKitGTK+ before 2.8.0. Credit to unknown. CVE-2015-1077 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1080 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2015-1081 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1082 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1083 Versions affected: WebKitGTK+ before 2.6.4. Credit to Apple. CVE-2015-1084 Versions affected: WebKitGTK+ before 2.6.1. Credit to Apple. The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. CVE-2015-1119 Versions affected: WebKitGTK+ before 2.8.0. Credit to Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2015-1120 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1121 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1122 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-1124 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-1126 Versions affected: WebKitGTK+ before 2.8.0. Credit to Jouko Pynnonen of Klikki Oy. WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. CVE-2015-1127 Versions affected: WebKitGTK+ before 2.8.0. Credit to Tyler C (2.6.5). The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. CVE-2015-1152 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-1153 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple (2.6.5). CVE-2015-1154 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple (2.6.5). CVE-2015-1155 Versions affected: WebKitGTK+ before 2.10.0. Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day Initiative. CVE-2015-1156 Versions affected: WebKitGTK+ before 2.8.0. Credit to Zachary Durber of Moodle. The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. CVE-2015-2330 Versions affected: WebKitGTK+ before 2.6.6. Credit to Ross Lagerwall. Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. CVE-2015-3658 Versions affected: WebKitGTK+ before 2.8.1. Credit to Brad Hill of Facebook. The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. CVE-2015-3659 Versions affected: WebKitGTK+ before 2.8.3. Credit to Peter Rutenbar working with HP's Zero Day Initiative. CVE-2015-3660 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-3727 Versions affected: WebKitGTK+ before 2.8.1. Credit to Peter Rutenbar working with HP's Zero Day Initiative. CVE-2015-3730 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-3731 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3732 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3733 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3734 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3735 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3736 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3737 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3738 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-3739 Versions affected: WebKitGTK+ before 2.8.1. Credit to Apple. CVE-2015-3740 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-3741 Versions affected: WebKitGTK+ before 2.8.1. Credit to Apple. CVE-2015-3742 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-3743 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3744 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-3745 Versions affected: WebKitGTK+ before 2.8.1. Credit to Apple. CVE-2015-3746 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-3747 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-3748 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3749 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-3750 Versions affected: WebKitGTK+ before 2.10.0. Credit to Muneaki Nishimura (nishimunea). WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client- server data stream. CVE-2015-3751 Versions affected: WebKitGTK+ before 2.10.0. Credit to Muneaki Nishimura (nishimunea). WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. CVE-2015-3752 Versions affected: WebKitGTK+ before 2.8.4. Credit to Muneaki Nishimura (nishimunea). The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross- origin request or (2) a private-browsing request. CVE-2015-3753 Versions affected: WebKitGTK+ before 2.8.3. Credit to Antonio Sanso and Damien Antipa of Adobe. WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. CVE-2015-3754 Versions affected: WebKitGTK+ before 2.10.0. Credit to Dongsung Kim (@kid1ng). The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site. CVE-2015-3755 Versions affected: WebKitGTK+ before 2.10.0. Credit to xisigr of Tencent's Xuanwu Lab. CVE-2015-5788 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. CVE-2015-5789 Versions affected: WebKitGTK+ before 2.6.1. Credit to Apple. CVE-2015-5790 Versions affected: WebKitGTK+ before 2.6.2. Credit to Apple. CVE-2015-5791 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2015-5792 Versions affected: WebKitGTK+ before 2.4.0. Credit to Apple. CVE-2015-5793 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5794 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5795 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-5797 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5798 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2015-5799 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple (2.6.5). CVE-2015-5800 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple (2.6.5). CVE-2015-5801 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5802 Versions affected: WebKitGTK+ before 2.6.0. Credit to Apple. CVE-2015-5803 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5804 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5805 Versions affected: WebKitGTK+ before 2.10.0. Credit to unknown. CVE-2015-5806 Versions affected: WebKitGTK+ before 2.8.3. Credit to Apple. CVE-2015-5807 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5809 Versions affected: WebKitGTK+ before 2.8.4. Credit to Apple. CVE-2015-5810 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5811 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5812 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5813 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5814 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5815 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5816 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5817 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5818 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5819 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5822 Versions affected: WebKitGTK+ before 2.8.1. Credit to Mark S. Miller of Google. CVE-2015-5823 Versions affected: WebKitGTK+ before 2.8.0. Credit to Apple. CVE-2015-5825 Versions affected: WebKitGTK+ before 2.10.0. Credit to Yossi Oren et al. of Columbia University's Network Security Lab. CVE-2015-5826 Versions affected: WebKitGTK+ before 2.6.5. Credit to filedescriptior, Chris Evans. CVE-2015-5827 Versions affected: WebKitGTK+ before 2.10.0. Credit to Gildas. WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. CVE-2015-5828 Versions affected: WebKitGTK+ before 2.10.0. Credit to Lorenzo Fontana. The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. CVE-2015-5928 Versions affected: WebKitGTK+ before 2.8.4. Credit to Apple. CVE-2015-5929 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5930 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-5931 Versions affected: WebKitGTK+ before 2.10.0. Credit to unknown. CVE-2015-7002 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-7012 Versions affected: WebKitGTK+ before 2.8.4. Credit to Apple. CVE-2015-7013 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-7014 Versions affected: WebKitGTK+ before 2.10.0. Credit to unknown. CVE-2015-7048 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-7095 Versions affected: WebKitGTK+ before 2.10.2. Credit to Apple. CVE-2015-7097 Versions affected: WebKitGTK+ before 2.10.3. Credit to Apple. CVE-2015-7099 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-7100 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-7102 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-7103 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. CVE-2015-7104 Versions affected: WebKitGTK+ before 2.10.0. Credit to Apple. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, December 28, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-2 iOS 8.1.3 iOS 8.1.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem Description: A vulnerability existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks. CVE-ID CVE-2014-4480 : TaiG Jailbreak Team CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the iSIGHT Partners GVP Program dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes. CVE-ID CVE-2014-4455 : TaiG Jailbreak Team FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4483 : Apple FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted .dfont file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .dfont files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative Foundation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the XML parser. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4485 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOAcceleratorFamily's handling of resource lists. This issue was addressed by removing unneeded code. CVE-ID CVE-2014-4486 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in IOHIDFamily. This issue was addressed through improved size validation. CVE-ID CVE-2014-4487 : TaiG Jailbreak Team IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOHIDFamily's handling of resource queue metadata. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4488 : Apple IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of event queues. This issue was addressed through improved validation. CVE-ID CVE-2014-4489 : @beist iTunes Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A website may be able to bypass sandbox restrictions using the iTunes Store Description: An issue existed in the handling of URLs redirected from Safari to the iTunes Store that could allow a malicious website to bypass Safari's sandbox restrictions. The issue was addressed with improved filtering of URLs opened by the iTunes Store. CVE-ID CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them. CVE-ID CVE-2014-4491 : @PanguTeam, Stefan Esser Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An issue existed in the kernel shared memory subsystem that allowed an attacker to write to memory that was intended to be read-only. This issue was addressed with stricter checking of shared memory permissions. CVE-ID CVE-2014-4495 : Ian Beer of Google Project Zero Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations. CVE-ID CVE-2014-4496 : TaiG Jailbreak Team libnetcore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious, sandboxed app can compromise the networkd daemon Description: Multiple type confusion issues existed in networkd's handling of interprocess communication. By sending a maliciously formatted message to networkd, it may have been possible to execute arbitrary code as the networkd process. The issue is addressed through additional type checking. CVE-ID CVE-2014-4492 : Ian Beer of Google Project Zero MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise-signed application may be able to take control of the local container for applications already on a device Description: A vulnerability existed in the application installation process. This was addressed by preventing enterprise applications from overriding existing applications in specific scenarios. CVE-ID CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc. Springboard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Enterprise-signed applications may be launched without prompting for trust Description: An issue existed in determining when to prompt for trust when first opening an enterprise-signed application. This issue was addressed through improved code signature validation. CVE-ID CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc. WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A UI spoofing issue existed in the handling of scrollbar boundaries. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4467 : Jordan Milne WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Style sheets are loaded cross-origin which may allow for data exfiltration Description: An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs. CVE-ID CVE-2014-4465 : Rennie deGraaf of iSEC Partners WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb 8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8 tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY CfDJ+b9mxdd8GswiT3OO =j9pr -----END PGP SIGNATURE----- . CVE-ID CVE-2014-4460 Spotlight Available for: OS X Yosemite v10.10 Impact: Unnecessary information is included as part of the initial connection between Spotlight or Safari and the Spotlight Suggestions servers Description: The initial connection made by Spotlight or Safari to the Spotlight Suggestions servers included a user's approximate location before a user entered a query. CVE-ID CVE-2014-4453 : Ashkan Soltani System Profiler About This Mac Available for: OS X Yosemite v10.10 Impact: Unnecessary information is included as part of a connection to Apple to determine the system model Description: The request made by About This Mac to determine the model of the system and direct users to the correct help resources included unnecessary cookies. CVE-ID CVE-2014-4459 OS X Yosemite 10.10.1 may be obtained from the Mac App Store

Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. D-link IP camera The DCS-2103 is a camera for IP surveillance solutions. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. This model with other firmware versions also must be vulnerable. I found these vulnerabilities at 11.07.2014 and later informed D-Link. But they haven't answered. It looks like they are busy with fixing vulnerabilities in DAP-1360, which I wrote about earlier. I found this and other web cameras during summer to watch terrorists activities in Donetsk and Lugansks regions of Ukraine (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2014-October/009056.html). You can watch my videos in the playlist Ukrainian Cyber Forces: video reconnaissance http://www.youtube.com/playlist?list=PLk7NS9SMadnj7fwAQJgkbKQdCGTKAFI9Q. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. The D-Link DCS-2103 is a wireless webcam device. D-Link DCS-2103 Firmware 1.0.0 The cgi-bin/sddownload.cgi script failed to properly filter the file parameter data, allowing an attacker to exploit the vulnerability to submit a directory traversal request for sensitive file information. D-Link DCS-2103 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information. Information harvested may aid in launching further attacks. D-Link DCS-2103 Firmware version 1.0.0 is vulnerable; other versions may also be affected. D-link IP camera DCS-2103 is a network camera product of D-Link. Hello list! There are Directory Traversal and Full path disclosure vulnerabilities in D-Link DCS-2103 (IP camera). I found these vulnerabilities at 11.07.2014 and later informed D-Link. But they haven't answered. It looks like they are busy with fixing vulnerabilities in DAP-1360, which I wrote about earlier. ---------- Details: ---------- Directory Traversal (Arbitrary File Download) (WASC-33): http://site/cgi-bin/sddownload.cgi?file=/../../etc/passwd Full path disclosure (WASC-13): http://site/cgi-bin/sddownload.cgi?file=/ ---------------- Disclosure: ---------------- I disclosed these vulnerabilities at my site (http://websecurity.com.ua/7250/). I found this and other web cameras during summer to watch terrorists activities in Donetsk and Lugansks regions of Ukraine (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2014-October/009056.html). You can watch my videos in the playlist Ukrainian Cyber Forces: video reconnaissance http://www.youtube.com/playlist?list=PLk7NS9SMadnj7fwAQJgkbKQdCGTKAFI9Q. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. ( Reboot device ) There are vulnerabilities that are put into a state. Cisco Aironet Access Points are Cisco's wireless access point and bridge devices. A denial of service vulnerability exists in Cisco Aironet Access Points, which can exploit a vulnerability to initiate a denial of service attack. An attacker can exploit this issue to restart the affected device, which leads to a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtn16281

Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. Vendors have confirmed this vulnerability Bug ID CSCul15509 It is released as.Malformed by a third party EAP Service disruption via packets (DoS) There is a possibility of being put into a state. Cisco Aironet Access Points are Cisco's wireless access point and bridge devices. A denial of service vulnerability exists in Cisco Aironet Access Points, which can exploit a vulnerability to initiate a denial of service attack. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCul15509

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. ( Dot dot ) including (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp Or (2) tmui/Control/form of name Arbitrary files may be enumerated and deleted via parameters. F5 Networks BIG-IP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. There is a directory traversal vulnerability in F5 BIG-IP 10.2.1 and earlier versions. The vulnerability is caused by the tmui/Control/jspmap/tmui/system/archive/properties.jsp script and tmui/Control/form URL not adequately filtering the 'name' parameter

Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the RA.ViewElements.Grid.1 ActiveXControl method. By providing a malicious value to the LeftXOffset property, an attacker can write a four byte null value to an arbitrary location. An attacker could use this to execute arbitrary code in the context of the browser. Rockwell Automation CCW is an HMI editor and component-level industrial product for designing and configuring applications and implementing microcontrollers. Failed exploit attempts will likely result in denial-of-service conditions. Rockwell Automation CCW 6.01.00 and prior are vulnerable. The software can be used for controller programming and device configuration, and is integrated with an HMI editor to further simplify stand-alone device programming. A security vulnerability exists in Rockwell Automation CCW versions prior to 7.00.00 due to the program using an older version of the compiler to create custom ActiveX components

The Apple iPhone is a popular smartphone device. The Apple iPhone has a sandbox security bypass vulnerability that an attacker can use to bypass the sandbox restrictions. This may aid in further attacks. Very limited information is currently available regarding this issue. We will update this BID as more information emerges

SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Google Doc Embedder Plugin 2.5.14 is vulnerable; other versions may also be affected. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Google Doc Embedder is one of the plugins that can embed MS Office, PDF and other file systems into web pages

JP1/NETM/DM and Job Management Partner 1/Software Distribution contain a vulnerability that prevents them from disabling writing to built-in USB storage devices.An attacker can exploit this vulnerability to prevent the affected products from disabling writing to built-in type USB storage devices.

The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability.". Microsoft Windows of Kerberos Key Distribution Center (KDC) Is Privilege Attribute Certificate (PAC) There is a vulnerability that fails to verify signatures. Microsoft Windows of Kerberos Key Distribution Center (KDC) Is Kerberos Included in ticket request Privilege Attribute Certificate (PAC) I have an issue where my signature is not properly verified (CWE-347) . PAC By crafting the information contained in, users with domain credentials may gain higher privileges. CWE-347: Improper Verification of Cryptographic Signature https://cwe.mitre.org/data/definitions/347.html According to the developer, we are confirming attack activity using this vulnerability. For more information on vulnerabilities, Microsoft Security Research and Defense Blog It is described in. Microsoft Security Research and Defense Blog: Additional information about CVE-2014-6324 http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspxUsers with domain credentials can gain domain administrator privileges and take over all computers in the domain, including domain controllers. Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the context of the application; this can result in the attacker gaining complete control of the affected system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04526330 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04526330 Version: 1 HPSBMU03224 rev.1 - HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows, Remote Elevation of Privilege NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-01-23 Last Updated: 2015-01-23 Potential Security Impact: Remote elevation of privilege Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows . The vulnerability in Windows running in virtual machine images provided with LoadRunner and Load Generator could be exploited remotely to allow elevation of privilege. References: CVE-2014-6324 MS14-068 SSRT101864 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Verison v12.01 of HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows Note: This vulnerability applies to HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows for version v12.01 only, and only for load generators that are currently deployed in the cloud using the Windows OS. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-6324 (AV:N/AC:L/Au:S/C:C/I:C/A:C) 9.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following instructions to resolve the vulnerability in HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea rch/document/KM01291238 Note: The issue is also resolved in HP LoadRunner and Performance Center, Load Generator Virtual Machine Images provided in v12.02 and subsequent versions. HISTORY Version:1 (rev.1) - 23 January 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlTCmtgACgkQ4B86/C0qfVmhxQCfWp4PL5wmXJOmTSBmACVXyLP6 7LUAnjXzF6Ir9P/Yreuv1PPOGdi2lKW6 =Lbqp -----END PGP SIGNATURE-----

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. Remote attackers can exploit this issue to execute arbitrary code with elevated privileges. Security flaws exist in several Adobe products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201411-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: November 21, 2014 Bugs: #525430, #529088 ID: 201411-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-plugins/adobe-flash < 11.2.202.418 >= 11.2.202.418 Description =========== Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440. This vulnerability CVE-2014-0576 , CVE-2014-0581 ,and CVE-2014-8440 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Security flaws exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1852-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1852.html Issue date: 2014-11-13 CVE Names: CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441) This update also fixes an information disclosure flaw in flash-plugin that could allow a remote attacker to obtain a victim's session cookie. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162911 - flash-plugin: multiple code execution flaws (APSB14-24) 1162912 - CVE-2014-8437 flash-plugin: information disclosure leading to session token leak (APSB14-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0573 https://access.redhat.com/security/cve/CVE-2014-0574 https://access.redhat.com/security/cve/CVE-2014-0576 https://access.redhat.com/security/cve/CVE-2014-0577 https://access.redhat.com/security/cve/CVE-2014-0581 https://access.redhat.com/security/cve/CVE-2014-0582 https://access.redhat.com/security/cve/CVE-2014-0584 https://access.redhat.com/security/cve/CVE-2014-0585 https://access.redhat.com/security/cve/CVE-2014-0586 https://access.redhat.com/security/cve/CVE-2014-0588 https://access.redhat.com/security/cve/CVE-2014-0589 https://access.redhat.com/security/cve/CVE-2014-0590 https://access.redhat.com/security/cve/CVE-2014-8437 https://access.redhat.com/security/cve/CVE-2014-8438 https://access.redhat.com/security/cve/CVE-2014-8440 https://access.redhat.com/security/cve/CVE-2014-8441 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-24.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUY/m4XlSAg2UNWIIRAnucAJ9FEEr9ZDeoe7/BF77dhXKgzSPf1wCgkdhn 8zFraVcUPA+vpzzYwVjX5LE= =L7wt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441. This vulnerability CVE-2014-0576 , CVE-2014-0581 ,and CVE-2014-8441 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Security flaws exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1852-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1852.html Issue date: 2014-11-13 CVE Names: CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441) This update also fixes an information disclosure flaw in flash-plugin that could allow a remote attacker to obtain a victim's session cookie. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162911 - flash-plugin: multiple code execution flaws (APSB14-24) 1162912 - CVE-2014-8437 flash-plugin: information disclosure leading to session token leak (APSB14-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0573 https://access.redhat.com/security/cve/CVE-2014-0574 https://access.redhat.com/security/cve/CVE-2014-0576 https://access.redhat.com/security/cve/CVE-2014-0577 https://access.redhat.com/security/cve/CVE-2014-0581 https://access.redhat.com/security/cve/CVE-2014-0582 https://access.redhat.com/security/cve/CVE-2014-0584 https://access.redhat.com/security/cve/CVE-2014-0585 https://access.redhat.com/security/cve/CVE-2014-0586 https://access.redhat.com/security/cve/CVE-2014-0588 https://access.redhat.com/security/cve/CVE-2014-0589 https://access.redhat.com/security/cve/CVE-2014-0590 https://access.redhat.com/security/cve/CVE-2014-8437 https://access.redhat.com/security/cve/CVE-2014-8438 https://access.redhat.com/security/cve/CVE-2014-8440 https://access.redhat.com/security/cve/CVE-2014-8441 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-24.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUY/m4XlSAg2UNWIIRAnucAJ9FEEr9ZDeoe7/BF77dhXKgzSPf1wCgkdhn 8zFraVcUPA+vpzzYwVjX5LE= =L7wt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588. This vulnerability CVE-2014-0573 and CVE-2014-0588 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. A use-after-free vulnerability exists in several Adobe products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1852-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1852.html Issue date: 2014-11-13 CVE Names: CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441) This update also fixes an information disclosure flaw in flash-plugin that could allow a remote attacker to obtain a victim's session cookie. (CVE-2014-8437) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.418. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162911 - flash-plugin: multiple code execution flaws (APSB14-24) 1162912 - CVE-2014-8437 flash-plugin: information disclosure leading to session token leak (APSB14-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0573 https://access.redhat.com/security/cve/CVE-2014-0574 https://access.redhat.com/security/cve/CVE-2014-0576 https://access.redhat.com/security/cve/CVE-2014-0577 https://access.redhat.com/security/cve/CVE-2014-0581 https://access.redhat.com/security/cve/CVE-2014-0582 https://access.redhat.com/security/cve/CVE-2014-0584 https://access.redhat.com/security/cve/CVE-2014-0585 https://access.redhat.com/security/cve/CVE-2014-0586 https://access.redhat.com/security/cve/CVE-2014-0588 https://access.redhat.com/security/cve/CVE-2014-0589 https://access.redhat.com/security/cve/CVE-2014-0590 https://access.redhat.com/security/cve/CVE-2014-8437 https://access.redhat.com/security/cve/CVE-2014-8438 https://access.redhat.com/security/cve/CVE-2014-8440 https://access.redhat.com/security/cve/CVE-2014-8441 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-24.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUY/m4XlSAg2UNWIIRAnucAJ9FEEr9ZDeoe7/BF77dhXKgzSPf1wCgkdhn 8zFraVcUPA+vpzzYwVjX5LE= =L7wt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Security flaws exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1852-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1852.html Issue date: 2014-11-13 CVE Names: CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441) This update also fixes an information disclosure flaw in flash-plugin that could allow a remote attacker to obtain a victim's session cookie. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162911 - flash-plugin: multiple code execution flaws (APSB14-24) 1162912 - CVE-2014-8437 flash-plugin: information disclosure leading to session token leak (APSB14-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0573 https://access.redhat.com/security/cve/CVE-2014-0574 https://access.redhat.com/security/cve/CVE-2014-0576 https://access.redhat.com/security/cve/CVE-2014-0577 https://access.redhat.com/security/cve/CVE-2014-0581 https://access.redhat.com/security/cve/CVE-2014-0582 https://access.redhat.com/security/cve/CVE-2014-0584 https://access.redhat.com/security/cve/CVE-2014-0585 https://access.redhat.com/security/cve/CVE-2014-0586 https://access.redhat.com/security/cve/CVE-2014-0588 https://access.redhat.com/security/cve/CVE-2014-0589 https://access.redhat.com/security/cve/CVE-2014-0590 https://access.redhat.com/security/cve/CVE-2014-8437 https://access.redhat.com/security/cve/CVE-2014-8438 https://access.redhat.com/security/cve/CVE-2014-8440 https://access.redhat.com/security/cve/CVE-2014-8441 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-24.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUY/m4XlSAg2UNWIIRAnucAJ9FEEr9ZDeoe7/BF77dhXKgzSPf1wCgkdhn 8zFraVcUPA+vpzzYwVjX5LE= =L7wt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. This vulnerability CVE-2014-0584 , CVE-2014-0585 , CVE-2014-0586 ,and CVE-2014-0590 Is a different vulnerability.Unspecified by attacker " Mixing of molds (type confusion)" May be used to execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. Security flaws exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1852-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1852.html Issue date: 2014-11-13 CVE Names: CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441) This update also fixes an information disclosure flaw in flash-plugin that could allow a remote attacker to obtain a victim's session cookie. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162911 - flash-plugin: multiple code execution flaws (APSB14-24) 1162912 - CVE-2014-8437 flash-plugin: information disclosure leading to session token leak (APSB14-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0573 https://access.redhat.com/security/cve/CVE-2014-0574 https://access.redhat.com/security/cve/CVE-2014-0576 https://access.redhat.com/security/cve/CVE-2014-0577 https://access.redhat.com/security/cve/CVE-2014-0581 https://access.redhat.com/security/cve/CVE-2014-0582 https://access.redhat.com/security/cve/CVE-2014-0584 https://access.redhat.com/security/cve/CVE-2014-0585 https://access.redhat.com/security/cve/CVE-2014-0586 https://access.redhat.com/security/cve/CVE-2014-0588 https://access.redhat.com/security/cve/CVE-2014-0589 https://access.redhat.com/security/cve/CVE-2014-0590 https://access.redhat.com/security/cve/CVE-2014-8437 https://access.redhat.com/security/cve/CVE-2014-8438 https://access.redhat.com/security/cve/CVE-2014-8440 https://access.redhat.com/security/cve/CVE-2014-8441 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-24.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUY/m4XlSAg2UNWIIRAnucAJ9FEEr9ZDeoe7/BF77dhXKgzSPf1wCgkdhn 8zFraVcUPA+vpzzYwVjX5LE= =L7wt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. A double free vulnerability exists in several Adobe products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1852-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1852.html Issue date: 2014-11-13 CVE Names: CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441) This update also fixes an information disclosure flaw in flash-plugin that could allow a remote attacker to obtain a victim's session cookie. (CVE-2014-8437) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.418. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162911 - flash-plugin: multiple code execution flaws (APSB14-24) 1162912 - CVE-2014-8437 flash-plugin: information disclosure leading to session token leak (APSB14-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0573 https://access.redhat.com/security/cve/CVE-2014-0574 https://access.redhat.com/security/cve/CVE-2014-0576 https://access.redhat.com/security/cve/CVE-2014-0577 https://access.redhat.com/security/cve/CVE-2014-0581 https://access.redhat.com/security/cve/CVE-2014-0582 https://access.redhat.com/security/cve/CVE-2014-0584 https://access.redhat.com/security/cve/CVE-2014-0585 https://access.redhat.com/security/cve/CVE-2014-0586 https://access.redhat.com/security/cve/CVE-2014-0588 https://access.redhat.com/security/cve/CVE-2014-0589 https://access.redhat.com/security/cve/CVE-2014-0590 https://access.redhat.com/security/cve/CVE-2014-8437 https://access.redhat.com/security/cve/CVE-2014-8438 https://access.redhat.com/security/cve/CVE-2014-8440 https://access.redhat.com/security/cve/CVE-2014-8441 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-24.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUY/m4XlSAg2UNWIIRAnucAJ9FEEr9ZDeoe7/BF77dhXKgzSPf1wCgkdhn 8zFraVcUPA+vpzzYwVjX5LE= =L7wt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5